From 8068b0a4b23ac34bc625016c2753e1f3d0940f25 Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Wed, 21 Apr 2021 01:12:46 +0300 Subject: [PATCH 001/221] apparmor: add new package Patches allow lesser depencies, like bash and several python modules. Added functions script that suites nicely for OpenWRT, it's more clear than original and a lot shorter. Also information that is put to system log, is more informative now. I also added init script. Signed-off-by: Oskari Rauta --- utils/apparmor/Makefile | 206 +++++++++ utils/apparmor/files/apparmor.init | 22 + utils/apparmor/files/apparmor.sh | 380 ++++++++++++++++ .../patches/010-autoconf-libapparmor.patch | 10 + utils/apparmor/patches/020-fix-ss-path.patch | 11 + .../patches/030-remove-pynotify2-dep.patch | 416 ++++++++++++++++++ .../patches/040-remove-bash-dep.patch | 143 ++++++ 7 files changed, 1188 insertions(+) create mode 100644 utils/apparmor/Makefile create mode 100755 utils/apparmor/files/apparmor.init create mode 100755 utils/apparmor/files/apparmor.sh create mode 100644 utils/apparmor/patches/010-autoconf-libapparmor.patch create mode 100644 utils/apparmor/patches/020-fix-ss-path.patch create mode 100644 utils/apparmor/patches/030-remove-pynotify2-dep.patch create mode 100644 utils/apparmor/patches/040-remove-bash-dep.patch diff --git a/utils/apparmor/Makefile b/utils/apparmor/Makefile new file mode 100644 index 0000000000000..5edd78f09af3b --- /dev/null +++ b/utils/apparmor/Makefile @@ -0,0 +1,206 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=apparmor +PKG_VERSION:=3.0.0 +PKG_RELEASE:=$(AUTORELEASE) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://gitlab.com/apparmor/apparmor.git +PKG_SOURCE_VERSION:=eb1328f18a98d2b3cc6f9fb617294b6eeb18f365 +PKG_MIRROR_HASH:=d6c86e2927e7030936e556190ae426653d696d52480cfc2ca826cc05aa50574f + +PKG_LICENSE:=GPL-1.0-only +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Oskari Rauta +PKG_BUILD_DEPENDS:=python3 +BUILDONLY:=1 + +HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:=setuptools-scm + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/nls.mk +include ../../lang/python/python3-package.mk + +define Package/apparmor/Default + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=AppArmor + URL:=https://apparmor.net +endef + +define Package/libapparmor + TITLE:=AppArmor library + SECTION:=libs + CATEGORY:=Libraries + URL:=https://apparmor.net + DEPENDS:= +endef + +define Package/python3-apparmor + TITLE:=AppArmor python bindings + SECTION:=lang + CATEGORY:=Languages + SUBMENU:=Python + URL:=https://apparmor.net + DEPENDS:=+libapparmor +python3 +endef + +define Package/apparmor-utils + $(call Package/apparmor/Default) + TITLE:=AppArmor utils + DEPENDS:=$(INTL_DEPENDS) +libapparmor +python3-apparmor +python3 +python3-readline +python3-psutil +ss +findutils-xargs +endef + +define Package/apparmor-profiles + $(call Package/apparmor/Default) + TITLE:=AppArmor default profiles + DEPENDS:= +endef + +define Package/apparmor-utils/description + AppArmor userspace utilities +endef + +define Package/apparmor-profiles/description + AppArmor Extra Profiles +endef + +CONFIGURE_PATH=libraries/libapparmor + +CONFIGURE_VARS += \ + SHELL=$(bash) \ + PYTHON_VERSION=$(PYTHON3_VERSION) \ + PYTHON_VERSIONS=$(PYTHON3) \ + PYTHON=$(PYTHON3) \ + PYTHON_CPPFLAGS="-I$(STAGING_DIR)/usr/include/python$(PYTHON3_VERSION)" \ + PYTHON_LDFLAGS="-I$(PYTHON3_INC_DIR) -L$(STAGING_DIR)/usr/lib -L$(PYTHON3_LIB_DIR)" \ + PYTHON_EXTRA_LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(PYTHON3_LIB_DIR)/config-$(PYTHON3_VERSION) -lpthread -ldl -lm -lz -lpython$(PYTHON3_VERSION)" \ + ac_cv_path_PYTHON_CONFIG=$(STAGING_DIR_ROOT)/usr/bin/python$(PYTHON3_VERSION)-config + +CONFIGURE_ARGS += \ + --with-python \ + --without-perl \ + --without-ruby \ + --disable-man-pages + +ifeq ($(CONFIG_BUILD_NLS),y) + MAKE_VARS += WITH_LIBINTL=1 + MAKE_FLAGS += WITH_LIBINTL=1 +endif + +APPARMOR_CFLAGS = -I$(PKG_BUILD_DIR)/libraries/libapparmor/include +APPARMOR_LDFLAGS = -L$(PKG_BUILD_DIR)/libraries/libapparmor/src/.libs + +define Build/Configure + $(MAKE) -C $(PKG_BUILD_DIR)/libraries/libapparmor configure + $(RM) $(PKG_BUILD_DIR)/libraries/libapparmor/Makefile + $(SED) 's#ac_cv_path_PYTHON_CONFIG=#ac_cv_path_X_PYTHON_CONFIG=#g' $(PKG_BUILD_DIR)/libraries/libapparmor/configure + $(call Build/Configure/Default) +endef + +define Build/Compile + # Building libapparmor + +$(MAKE_VARS) \ + CFLAGS="$(TARGET_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/libraries/libapparmor \ + $(MAKE_FLAGS) + # Building parser + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \ + CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS) -lgcc_s" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/parser \ + $(MAKE_FLAGS) apparmor_parser + # Building binutils + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \ + CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS)" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/binutils \ + $(MAKE_FLAGS) + # Building utils + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \ + CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS)" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/utils \ + $(MAKE_FLAGS) + # Building profiles + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \ + CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS")" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS)" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/profiles \ + $(MAKE_FLAGS) +endef + +define Build/Install + # Make sure we have python's setup tools installed + $(if $(PYTHON3_PKG_HOST_PIP_INSTALL_ARGS), \ + $(call HostPython3/PipInstall,$(PYTHON3_PKG_HOST_PIP_INSTALL_ARGS)) \ + ) + $(INSTALL_DIR) $(PKG_INSTALL_DIR)-libapparmor $(PKG_INSTALL_DIR)-utils $(PKG_INSTALL_DIR)-profiles + # Installing libapparmor + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \ + CFLAGS="$(TARGET_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" \ + $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/libraries/libapparmor \ + $(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-libapparmor" install + # Installing parser + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \ + CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/parser \ + $(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-utils" install + # Installing binutils + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \ + CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/binutils \ + $(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-utils" install + # Installing utils + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \ + CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/utils \ + $(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-utils" install + # Installing profiles + +$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \ + CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/profiles \ + $(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-profiles" install +endef + +define Package/libapparmor/install + $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_BIN) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/libapparmor.so.1 $(1)/usr/lib/ + $(LN) libapparmor.so.1 $(1)/usr/lib/libapparmor.so +endef + +define Package/python3-apparmor/install + $(INSTALL_DIR) \ + $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages \ + $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/python$(PYTHON3_VERSION)/site-packages/*.egg-info \ + $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/*.py \ + $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor + $(INSTALL_BIN) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/*.so \ + $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/ + $(LN) -s _LibAppArmor.cpython-$(PYTHON3_VERSION_MAJOR)$(PYTHON3_VERSION_MINOR).so \ + $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/_LibAppArmor.so +endef + +define Package/apparmor-utils/install + $(INSTALL_DIR) $(1)/etc/apparmor $(1)/usr/sbin $(1)/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/sbin/apparmor_parser $(1)/sbin/ + $(INSTALL_CONF) $(PKG_INSTALL_DIR)-utils/etc/apparmor/*.conf $(1)/etc/apparmor/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/etc/apparmor/severity.db $(1)/etc/apparmor/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/sbin/apparmor_parser $(1)/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/usr/bin/{aa-exec,aa-easyprof,aa-enabled,aa-features-abi} $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/usr/sbin/{aa-audit,aa-autodep,aa-cleanprof,aa-complain,aa-decode,aa-disable,aa-enforce,aa-genprof,aa-logprof,aa-mergeprof,aa-notify,aa-remove-unknown,aa-status,aa-unconfined} $(1)/usr/sbin/ + $(LN) aa-status $(1)/usr/sbin/apparmor_status + $(INSTALL_DIR) $(1)/usr/share/apparmor/easyprof/templates $(1)/usr/share/apparmor/easyprof/policygroups + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/share/apparmor/easyprof/templates/* $(1)/usr/share/apparmor/easyprof/templates/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/share/apparmor/easyprof/policygroups/* $(1)/usr/share/apparmor/easyprof/policygroups/ + $(INSTALL_DIR) $(1)/usr/lib/python3.9/site-packages $(1)/usr/lib/python3.9/site-packages/apparmor $(1)/usr/lib/python3.9/site-packages/apparmor/rule + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/lib/python3.9/site-packages/*.egg-info \ + $(1)/usr/lib/python3.9/site-packages/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/lib/python3.9/site-packages/apparmor/*.py \ + $(1)/usr/lib/python3.9/site-packages/apparmor/ + $(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/lib/python3.9/site-packages/apparmor/rule/*.py \ + $(1)/usr/lib/python3.9/site-packages/apparmor/rule + $(INSTALL_DIR) $(1)/etc/init.d $(1)/lib/functions + $(INSTALL_BIN) ./files/apparmor.sh $(1)/lib/functions/ + $(INSTALL_BIN) ./files/apparmor.init $(1)/etc/init.d/apparmor +endef + +define Package/apparmor-profiles/install + $(INSTALL_DIR) $(1)/etc/apparmor.d $(1)/usr/share/apparmor/extra-profiles + $(CP) -aR $(PKG_INSTALL_DIR)-profiles/etc/apparmor.d/** $(1)/etc/apparmor.d/ + $(INSTALL_CONF) $(PKG_INSTALL_DIR)-profiles/usr/share/apparmor/extra-profiles/** $(1)/usr/share/apparmor/extra-profiles/ +endef + +$(eval $(call BuildPackage,libapparmor)) +$(eval $(call BuildPackage,python3-apparmor)) +$(eval $(call BuildPackage,apparmor-utils)) +$(eval $(call BuildPackage,apparmor-profiles)) diff --git a/utils/apparmor/files/apparmor.init b/utils/apparmor/files/apparmor.init new file mode 100755 index 0000000000000..576df39ace5c1 --- /dev/null +++ b/utils/apparmor/files/apparmor.init @@ -0,0 +1,22 @@ +#!/bin/sh /etc/rc.common + +START=75 +USE_PROCD=1 + +. /lib/functions/apparmor.sh + +restart() { + apparmor_restart +} + +start_service() { + apparmor_start +} + +stop_service() { + apparmor_stop +} + +reload_service() { + apparmor_reload +} diff --git a/utils/apparmor/files/apparmor.sh b/utils/apparmor/files/apparmor.sh new file mode 100755 index 0000000000000..5e9edb9dd5094 --- /dev/null +++ b/utils/apparmor/files/apparmor.sh @@ -0,0 +1,380 @@ +#!/bin/sh + +log_write() { + local facility=kern.$1 + logger -t AppArmor -p $facility "$2" +} + +AA_STATUS=/usr/sbin/aa-status +SECURITYFS=/sys/kernel/security +SFS_MOUNTPOINT="${SECURITYFS}/apparmor" +PARSER=/sbin/apparmor_parser +PARSER_OPTS= +ADDITIONAL_PROFILE_DIR= + +[ -d /etc/apparmor.d ] && PROFILE_DIRS=/etc/apparmor.d || + log_write warning "Unable to find profiles: /etc/apparmor.d" + +[ -n "$ADDITIONAL_PROFILE_DIR" ] && [ -d "$ADDITIONAL_PROFILE_DIR" ] && + PROFILE_DIRS="$PROFILE_DIRS $ADDITIONAL_PROFILE_DIR" + +dir_is_empty() { + [ "$(du -s $1 | cut -f 1)" -eq 0 ] && return 0 || return 1 +} + +profiles_loaded_count() { + + [ -f ${SFS_MOUNTPOINT}/profiles ] && + return $(cat "${SFS_MOUNTPOINT}/profiles" | wc -l) || return 0 +} + +is_profiles_loaded() { + + [ -f ${SFS_MOUNTPOINT}/profiles ] && { + rc=$(cat "${SFS_MOUNTPOINT}/profiles" | wc -l) + [ "$rc" -ne 0 ] && return 0 || return 1 + } + return 1 +} + +is_container_with_internal_policy() { + + local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked" + local ns_name_path="${SFS_MOUNTPOINT}/.ns_name" + local ns_stacked + local ns_name + + if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then + return 1 + fi + + read -r ns_stacked < "$ns_stacked_path" + if [ "$ns_stacked" != "yes" ]; then + return 1 + fi + + # LXD and LXC set up AppArmor namespaces starting with "lxd-" and + # "lxc-", respectively. Return non-zero for all other namespace + # identifiers. + + read -r ns_name < "$ns_name_path" + if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ + [ "${ns_name#lxc-*}" = "$ns_name" ]; then + return 1 + fi + + return 0 +} + +skip_profile() { + + local profile="$1" + + if [ "${profile%.rpmnew}" != "$profile" ] || \ + [ "${profile%.rpmsave}" != "$profile" ] || \ + [ "${profile%.orig}" != "$profile" ] || \ + [ "${profile%.rej}" != "$profile" ] || \ + [ "${profile%\~}" != "$profile" ] ; then + return 1 + fi + + # Silently ignore the dpkg, pacman, ipk and xbps files + + if [ "${profile%.dpkg-new}" != "$profile" ] || \ + [ "${profile%.dpkg-old}" != "$profile" ] || \ + [ "${profile%.dpkg-dist}" != "$profile" ] || \ + [ "${profile%.dpkg-bak}" != "$profile" ] || \ + [ "${profile%.dpkg-remove}" != "$profile" ] || \ + [ "${profile%.ipk}" != "$profile" ] || \ + [ "${profile%.ipk-new}" != "$profile" ] || \ + [ "${profile%.ipk-old}" != "$profile" ] || \ + [ "${profile%.ipk-dist}" != "$profile" ] || \ + [ "${profile%.ipk-bak}" != "$profile" ] || \ + [ "${profile%.ipk-remove}" != "$profile" ] || \ + [ "${profile%.pacsave}" != "$profile" ] || \ + [ "${profile%.pacnew}" != "$profile" ] ; then + return 2 + fi + + $(echo "$profile" | grep -E -q '^.+\.new-[0-9\.]+_[0-9]+$'); [ "$?" -eq 0 ] && return 2 + + return 0 +} + +__parse_profiles_dir() { + + local parser_cmd="$1" + local profile_dir="$2" + local status=0 + + [ -x "$PARSER" ] || { + log_write err "Unable to execute AppArmor parser" + return 1 + } + + [ -d "$profile_dir" ] || { + log_write warning "AppArmor profiles not found: $profile_dir" + return 1 + } + + dir_is_empty "$profile_dir"; [ "$?" -eq 0 ] && { + log_write err "No profiles found in $profile_dir" + return 1 + } + + local nprocs=$(cat /proc/cpuinfo |grep "processor\t:"|wc -l) + local rc=0 + local xargs_args="" + [ "$nprocs" -ge 2 ] && xargs_args="--max-procs=$nprocs" + + "$PARSER" $PARSER_OPTS "$parser_cmd" -- "$profile_dir" || { + + for profile in "$profile_dir"/*; do + skip_profile "$profile" + skip=$? + [ "$skip" -ne 0 ] && { + [ "$skip" -ne 2 ] && log_write info "Skipped loading profile $profile" + continue + } + [ -f "$profile" ] || continue + echo "$profile" + done | \ + + # Use xargs to parallelize calls to the parser over all CPUs + + /usr/libexec/xargs-findutils -n1 -d"\n" $xargs_args \ + "$PARSER" $PARSER_OPTS "$parser_cmd" -- + + [ "$?" -ne 0 ] && { + rc=1 + log_write err "At least one profile failed to load" + } + } + + return $rc +} + +parse_profiles() { + + case "$1" in + load) + PARSER_CMD="--add" + PARSER_MSG="Loading profiles" + ;; + reload) + PARSER_CMD="--replace" + PARSER_MSG="Reloading profiles" + ;; + *) + log_write err "Unknown parameter $1" + log_write info "parse_profiles parameter must be either 'load' or 'reload'" + return 1 + ;; + esac + + log_write info "$PARSER_MSG" + + [ -w "$SFS_MOUNTPOINT/.load" ] || { + log_write err "${SFS_MOUNTPOINT}/.load not writable" + return 1 + } + + [ -f "$PARSER" ] || { + log_write err "AppArmor parser not found" + return 1 + } + + # run parser on all profiles + local rc=0 + for profile_dir in $PROFILE_DIRS; do + __parse_profiles_dir "$PARSER_CMD" "$profile_dir" || rc=$? + done + + return $rc +} + +is_apparmor_loaded() { + + is_securityfs_mounted; [ "$?" -eq 0 ] || { + mount_securityfs + } + + [ -f "${SFS_MOUNTPOINT}/profiles" ] && return 0 + [ -d /sys/module/apparmor ] && return 0 || return 1 +} + +is_securityfs_mounted() { + + [ -d "$SECURITYFS" ] && { + grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts + return $? + } + return 1 +} + +mount_securityfs() { + + local rc=0 + + grep -q securityfs /proc/filesystems; [ "$?" -eq 0 ] && { + mount -t securityfs securityfs "$SECURITYFS" + rc=$? + [ "$rc" -eq 0 ] && log_write info "Mounting securityfs" || + log_write err "Failed to mount securityfs" + } + return $rc +} + +apparmor_start() { + + local announced=0 + is_securityfs_mounted; [ "$?" -ne 0 ] && { + log_write info "Starting AppArmor" + announced=1 + mount_securityfs; [ "$?" -eq 0 ] || return $? + } + + is_apparmor_loaded; [ "$?" -eq 0 ] || { + [ "$announced" -eq 0 ] && log_write info "Starting AppArmor" + announced=1 + log_write err "AppArmor kernel support is not present" + return 1 + } + + [ -d /var/lib/apparmor ] || mkdir -p /var/lib/apparmor > /dev/null + + is_profiles_loaded; [ "$?" -eq 0 ] || { + [ "$announced" -eq 0 ] && log_write info "Starting AppArmor" + announced=1 + parse_profiles load + return $? + } || { + parse_profiles reload + return $? + } +} + +remove_profiles() { + + log_write info "Unloading profiles" + + is_apparmor_loaded; [ "$?" -eq 0 ] || { + log_write err "AppArmor kernel support is not present" + return 1 + } + + [ -w "$SFS_MOUNTPOINT/.remove" ] || { + log_write err "${SFS_MOUNTPOINT}/.remove not writable" + return 1 + } + + [ -x "$PARSER" ] || { + log_write err "Unable to execute AppArmor parser" + return 1 + } + + local rc=0 + + sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | \ + LC_COLLATE=C sort | grep -v // | { + while read -r profile ; do + printf "%s" "$profile" > "$SFS_MOUNTPOINT/.remove" + result=$? + [ "$result" -eq 0 ] || rc=$result + done + } + return $rc +} + +apparmor_stop() { + + is_apparmor_loaded; [ "$?" -eq 0 ] || return 1 + is_profiles_loaded; [ "$?" -eq 0 ] && { + log_write info "Stopping AppArmor" + remove_profiles + return $? + } || return 0 +} + +apparmor_restart() { + + is_profiles_loaded; [ "$?" -eq 0 ] || { + apparmor_start + return $? + } + + is_apparmor_loaded; [ "$?" -eq 0 ] || { + apparmor_start + return $? + } + + log_write info "Restarting AppArmor" + parse_profiles reload + return $? +} + +apparmor_reload() { + + is_profiles_loaded; [ "$?" -eq 0 ] || { + apparmor_start + return $? + } + + is_apparmor_loaded; [ "$?" -eq 0 ] || { + apparmor_start + return $? + } + + log_write info "Reloading AppArmor" + parse_profiles reload + return $? +} + +apparmor_list_profiles() { + + is_apparmor_loaded; [ "$?" -eq 0 ] || { + echo "AppArmor kernel support is not present" + return 1 + } + + [ -x "$PARSER" ] || { + echo "Unable to execute AppArmor parser" + return 1 + } + + # run parser on all profiles + for profile_dir in $PROFILE_DIRS; do + [ -d "$profile_dir" ] || { + echo "AppArmor profiles not found: $profile_dir" + continue + } + + for profile in "$profile_dir"/*; do + if skip_profile "$profile" && [ -f "$profile" ] ; then + LIST_ADD=$("$PARSER" -N "$profile" ) + [ "$?" -eq 0 ] && echo "$LIST_ADD" + fi + done + done + return 0 +} + + +apparmor_status() { + + is_apparmor_loaded; [ "$?" -eq 0 ] || { + echo "AppArmor kernel support is not present" + return 1 + } + + [ -x "$AA_STATUS" ] && { + "$AA_STATUS" --verbose + return $? + } + + echo "AppArmor is enabled." + echo "Install apparmor-utils to receive more detailed status" + echo "information or examine $SFS_MOUNTPOINT directly." + + return 0 +} diff --git a/utils/apparmor/patches/010-autoconf-libapparmor.patch b/utils/apparmor/patches/010-autoconf-libapparmor.patch new file mode 100644 index 0000000000000..bcb47d0906fa8 --- /dev/null +++ b/utils/apparmor/patches/010-autoconf-libapparmor.patch @@ -0,0 +1,10 @@ +--- /dev/null ++++ b/libraries/libapparmor/Makefile +@@ -0,0 +1,7 @@ ++package=libapparmor ++ ++configure: ++ $(STAGING_DIR_HOST)/bin/aclocal ++ $(STAGING_DIR_HOST)/bin/autoconf --force ++ $(STAGING_DIR_HOST)/bin/libtoolize --automake -c --force ++ $(STAGING_DIR_HOST)/bin/automake -ac diff --git a/utils/apparmor/patches/020-fix-ss-path.patch b/utils/apparmor/patches/020-fix-ss-path.patch new file mode 100644 index 0000000000000..11e53b021942e --- /dev/null +++ b/utils/apparmor/patches/020-fix-ss-path.patch @@ -0,0 +1,11 @@ +--- a/utils/aa-unconfined ++++ b/utils/aa-unconfined +@@ -118,7 +118,7 @@ def read_proc_current(filename): + pids = set() + if paranoid: + pids = get_all_pids() +-elif args.with_ss or (not args.with_netstat and (os.path.exists('/bin/ss') or os.path.exists('/usr/bin/ss'))): ++elif args.with_ss or (not args.with_netstat and (os.path.exists('/usr/sbin/ss') or os.path.exists('/bin/ss') or os.path.exists('/usr/bin/ss') or os.path.exists('/sbin/ss'))): + pids = get_pids_ss() + else: + pids = get_pids_netstat() diff --git a/utils/apparmor/patches/030-remove-pynotify2-dep.patch b/utils/apparmor/patches/030-remove-pynotify2-dep.patch new file mode 100644 index 0000000000000..7de4ddc1e1ec7 --- /dev/null +++ b/utils/apparmor/patches/030-remove-pynotify2-dep.patch @@ -0,0 +1,416 @@ +--- a/utils/aa-notify ++++ b/utils/aa-notify +@@ -13,17 +13,6 @@ + # + # ---------------------------------------------------------------------- + # +-# /etc/apparmor/notify.conf: +-# # set to 'yes' to enable AppArmor DENIED notifications +-# show_notifications="yes" +-# +-# # only people in use_group can run this script +-# use_group="admin" +-# +-# $HOME/.apparmor/notify.conf can have: +-# # set to 'yes' to enable AppArmor DENIED notifications +-# show_notifications="yes" +-# + # In a typical desktop environment one would run as a service the + # command: + # /usr/bin/aa-notify -p -w 10 +@@ -35,7 +24,6 @@ import re + import sys + import time + import struct +-import notify2 + import psutil + import pwd + import grp +@@ -60,56 +48,9 @@ def get_user_login(): + username = os.getlogin() + return username + +- +-def get_last_login_timestamp(username): +- '''Directly read wtmp and get last login for user as epoch timestamp''' +- timestamp = 0 +- filename = '/var/log/wtmp' +- last_login = 0 +- +- debug_logger.debug('Username: {}'.format(username)) +- +- with open(filename, "rb") as wtmp_file: +- offset = 0 +- wtmp_filesize = os.path.getsize(filename) +- debug_logger.debug('WTMP filesize: {}'.format(wtmp_filesize)) +- while offset < wtmp_filesize: +- wtmp_file.seek(offset) +- offset += 384 # Increment for next entry +- +- type = struct.unpack(" + Decode a hex-encoded string to ASCII. It will also take an audit log on + standard input and convert any hex-encoded AppArmor log entries and display +@@ -36,63 +36,79 @@ $ cat /var/log/kern.log | aa-decode + EOM + } + +-decode() { +- if echo "$1" | egrep -q "^[0-9A-Fa-f]+$" ; then +- python3 -c "import binascii; print(bytes.decode(binascii.unhexlify('$1'), errors='strict'));" +- else +- echo "" +- fi ++match_re() { ++ local result=$(echo "$1" | grep -E "$2" ) ++ [ -z "$result" ] && return 1 || return 0 ++} ++ + ++decode() { ++ $(echo "$1" | egrep -q "^[0-9A-Fa-f]+$"); [ "$?" -eq 0 ] && ++ python3 -c "import binascii; print(bytes.decode(binascii.unhexlify('$1'), errors='strict'));" || echo "" + } + + if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then +- help +- exit ++ help ++ exit + fi + + # if have an argument, then use it, otherwise process stdin +-if [ -n "$1" ]; then +- e="$1" +- if ! echo "$e" | egrep -q "^[0-9A-Fa-f]+$" ; then +- echo "String should only contain hex characters (0-9, a-f, A-F)" +- exit 1 +- fi +- +- d=`decode $e` +- if [ -z "$d" ]; then +- echo "Could not decode string" +- exit 1 +- fi ++[ -n "$1" ] && { + +- echo "Decoded: $d" +- exit 0 +-fi ++ e="$1" + +-# For now just look at 'name=...' and 'profile=...', +-# so validate input against this and output based on it. +-# TODO: better handle other cases too +-while read line ; do ++ $(echo "$e" | egrep -q "^[0-9A-Fa-f]+$"); [ "$?" -ne 0 ] && { ++ echo "String should only contain hex characters (0-9, a-f, A-F)" ++ exit 1 ++ } + +- # check if line contains encoded name= or profile= +- if [[ "$line" =~ \ (name|profile|proctitle)=[0-9a-fA-F] ]]; then ++ d=$(decode $e) + +- # cut the encoded filename/profile name out of the line and decode it +- ne=`echo "$line" | sed 's/.* name=\([^ ]*\).*$/\\1/g'` +- nd="$(decode ${ne/\'/\\\'})" ++ [ -z "$d" ] && { ++ echo "Could not decode string" ++ exit 1 ++ } + +- pe=`echo "$line" | sed 's/.* profile=\([^ ]*\).*$/\\1/g'` +- pd="$(decode ${pe/\'/\\\'})" ++ echo "Decoded: $d" ++ exit 0 ++} + +- pce=`echo "$line" | sed 's/.* proctitle=\([^ ]*\).*$/\\1/g'` +- pcd="$(decode ${pce/\'/\\\'})" ++[ -t 0 ] && { ++ help ++ exit ++} ++ ++while read line ; do + +- # replace encoded name and profile with its decoded counterparts (only if it was encoded) +- test -n "$nd" && line="${line/name=$ne/name=\"$nd\"}" +- test -n "$pd" && line="${line/profile=$pe/profile=\"$pd\"}" +- test -n "$pcd" && line="${line/proctitle=$pce/proctitle=\"$pcd\"}" ++ # check if line contains encoded name= or profile= + +- fi ++ matches=0 ++ match_re "$line" "^[[:blank:]](name|profile|proctitle)=[0-9a-fA-F]+"; [ "$?" -eq 0 ] && matches=1 || { ++ match_re "$line" "^(name|profile|proctitle)=[0-9a-fA-F]+"; [ "$?" -eq 0 ] && matches=1 ++ } ++ ++ [ "$matches" -eq 0 ] || { ++ ++ # cut the encoded filename/profile name out of the line and decode it ++ ne=$(echo "$line" | sed 's/.* name=\([^ ]*\).*$/\\1/g') ++ [ "$line" = "$ne" ] && ne=$(echo "$line" | sed 's/.*name=\([^ ]*\).*$/\\1/g') ++ echo var: $ne ++ nd="$(decode ${ne/\'/\\\'})" ++ ++ pe=$(echo "$line" | sed 's/.* profile=\([^ ]*\).*$/\\1/g') ++ [ "$line" = "$pe" ] && pe=$(echo "$line" | sed 's/.*profile=\([^ ]*\).*$/\\1/g') ++ pd="$(decode ${pe/\'/\\\'})" ++ ++ pce=$(echo "$line" | sed 's/.* proctitle=\([^ ]*\).*$/\\1/g') ++ [ "$line" = "$pce" ] && pce=$(echo "$line" | sed 's/.*proctitle=\([^ ]*\).*$/\\1/g') ++ pcd="$(decode ${pce/\'/\\\'})" ++ ++ # replace encoded name and profile with its decoded counterparts (only if it was encoded) ++ test -n "$nd" && line="${line/name=$ne/name=\"$nd\"}" ++ test -n "$pd" && line="${line/profile=$pe/profile=\"$pd\"}" ++ test -n "$pcd" && line="${line/proctitle=$pce/proctitle=\"$pcd\"}" ++ } + +- echo "$line" ++ echo "$line" + + done From d82eabc511bda6387d6e04fa1f2364b78fb0dc5f Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 6 Apr 2021 21:48:16 -0700 Subject: [PATCH 002/221] ksmbd: update to 3.3.8 Major changes are: clean-up codes using checkpatch --strict option. fix several warning and build failure from linux-next. change the minimum supported kernel version to v5.4. use xarray for tree connect list. fix reviews from lkml. Signed-off-by: Rosen Penev --- kernel/ksmbd/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/ksmbd/Makefile b/kernel/ksmbd/Makefile index d360618934404..7b522f195ae34 100644 --- a/kernel/ksmbd/Makefile +++ b/kernel/ksmbd/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd -PKG_VERSION:=3.3.7 +PKG_VERSION:=3.3.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/cifsd/tar.gz/$(PKG_VERSION)? -PKG_HASH:=d92706e2dc00bd612698be2c39759ea6170a869e657bae4a80cf6424a333babe +PKG_HASH:=8c0d1beaa549053a476287972105f3cad53e9841983c54c2490f52a88e1a4828 PKG_MAINTAINER:=Andy Walsh PKG_LICENSE:=GPL-2.0-or-later From 6d4b3961e17a86eb6515ed35d8538e85660e08c6 Mon Sep 17 00:00:00 2001 From: Kirill Nikolaev Date: Tue, 6 Apr 2021 01:03:18 +0200 Subject: [PATCH 003/221] ksmbd-tools: Add a mDNS TXT record for the ksmbd service MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag. Symptoms of the problem (which are also debugging steps): * Finder refuses to open the OpenWRT "computer" in the Network list. * Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown. * `dns-sd -L OpenWrt _smb._tcp` doesn't return any address. Signed-off-by: Kirill Nikolaev --- net/ksmbd-tools/files/ksmbd.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ksmbd-tools/files/ksmbd.init b/net/ksmbd-tools/files/ksmbd.init index 996cb9bbc122e..00a842c1a2179 100644 --- a/net/ksmbd-tools/files/ksmbd.init +++ b/net/ksmbd-tools/files/ksmbd.init @@ -160,7 +160,7 @@ start_service() logger -p daemon.notice -t 'ksmbd' "Starting Ksmbd userspace service." procd_open_instance - procd_add_mdns "smb" "tcp" "445" + procd_add_mdns "smb" "tcp" "445" "daemon=ksmbd" procd_set_param command /usr/sbin/ksmbd.mountd --n procd_set_param file /etc/ksmbd/smb.conf procd_set_param limits nofile=16384 From 0d407fed4b82711bd05df934e34e37b72ee46700 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 6 Apr 2021 21:50:36 -0700 Subject: [PATCH 004/221] ksmbd-tools: update to 3.3.8 Major changes are: disable symlink by default. remove smack inherit leftovers. Enable guest access on IPC$ share by default. Signed-off-by: Rosen Penev --- net/ksmbd-tools/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile index c45e38b299b3f..bcbb5079e1251 100644 --- a/net/ksmbd-tools/Makefile +++ b/net/ksmbd-tools/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ksmbd-tools -PKG_VERSION:=3.3.7 +PKG_VERSION:=3.3.8 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/ksmbd-tools/tar.gz/$(PKG_VERSION)? -PKG_HASH:=0bc56272fee87579a552b4b749e8def31c875cf1770452e5bdb42b77c3f84876 +PKG_HASH:=fb8cef085c740c72700ccee324fb1510774602c43ed1d32a5453c05f5d117188 PKG_MAINTAINER:=Andy Walsh PKG_LICENSE:=GPL-2.0-or-later From a46deecdd750e5a9e32327559211ce0ec0b8dc3c Mon Sep 17 00:00:00 2001 From: Jan Pavlinec Date: Tue, 6 Apr 2021 12:41:02 +0200 Subject: [PATCH 005/221] knot-resolver: update to version 5.3.1 Signed-off-by: Jan Pavlinec --- net/knot-resolver/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/knot-resolver/Makefile b/net/knot-resolver/Makefile index ceec3d1d06c5b..081b076ebb28d 100644 --- a/net/knot-resolver/Makefile +++ b/net/knot-resolver/Makefile @@ -10,12 +10,12 @@ PKG_RELRO_FULL:=0 include $(TOPDIR)/rules.mk PKG_NAME:=knot-resolver -PKG_VERSION:=5.3.0 +PKG_VERSION:=5.3.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver -PKG_HASH:=fb6cb2c03f4fffbdd8a0098127383d03b14cf7d6abf3a0cd229fb13ff68ee33e +PKG_HASH:=9d4d6b7bcdf114acc948e5ee68c83fcbb3944f48a13b9751dbbbc190cdd729c9 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=GPL-3.0-later From ee91dee843ca07a31c47562b5c99472cb1ad7028 Mon Sep 17 00:00:00 2001 From: Derek Yerger Date: Mon, 5 Apr 2021 14:31:49 -0500 Subject: [PATCH 006/221] strongswan: add more crypto plugins Adds modules for BLISS signature scheme, NTRU and New Hope key exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD, ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE XOF, and the Number Theoretic Transform library. Signed-off-by: Derek Yerger --- net/strongswan/Makefile | 36 +++++++++++++++++++++ net/strongswan/patches/101-musl-fixes.patch | 11 +++++++ 2 files changed, 47 insertions(+) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 764f4f81649cc..f2a5dfdd443bf 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -25,8 +25,10 @@ PKG_MOD_AVAILABLE:= \ agent \ attr \ attr-sql \ + bliss \ blowfish \ ccm \ + chapoly \ cmac \ constraints \ connmark \ @@ -60,7 +62,10 @@ PKG_MOD_AVAILABLE:= \ nonce \ md4 \ md5 \ + mgf1 \ mysql \ + newhope \ + ntru \ openssl \ pem \ pgp \ @@ -76,6 +81,7 @@ PKG_MOD_AVAILABLE:= \ revocation \ sha1 \ sha2 \ + sha3 \ smp \ socket-default \ socket-dynamic \ @@ -144,14 +150,17 @@ $(call Package/strongswan/Default) +strongswan-charon \ +strongswan-charon-cmd \ +strongswan-ipsec \ + +strongswan-libnttfft \ +strongswan-mod-addrblock \ +strongswan-mod-aes \ +strongswan-mod-af-alg \ +strongswan-mod-agent \ +strongswan-mod-attr \ +strongswan-mod-attr-sql \ + +strongswan-mod-bliss \ +strongswan-mod-blowfish \ +strongswan-mod-ccm \ + +strongswan-mod-chapoly \ +strongswan-mod-cmac \ +strongswan-mod-constraints \ +strongswan-mod-connmark \ @@ -183,7 +192,10 @@ $(call Package/strongswan/Default) +strongswan-mod-nonce \ +strongswan-mod-md4 \ +strongswan-mod-md5 \ + +strongswan-mod-mgf1 \ +strongswan-mod-mysql \ + +strongswan-mod-newhope \ + +strongswan-mod-ntru \ +strongswan-mod-openssl \ +strongswan-mod-pem \ +strongswan-mod-pgp \ @@ -199,6 +211,7 @@ $(call Package/strongswan/Default) +strongswan-mod-revocation \ +strongswan-mod-sha1 \ +strongswan-mod-sha2 \ + +strongswan-mod-sha3 \ +strongswan-mod-smp \ +strongswan-mod-socket-default \ +strongswan-mod-sql \ @@ -361,6 +374,17 @@ $(call Package/strongswan/description/Default) This package contains the ipsec utility. endef +define Package/strongswan-libnttfft +$(call Package/strongswan/Default) + TITLE+= nttfft library + DEPENDS:= +strongswan +endef + +define Package/strongswan-libnttfft/description +$(call Package/strongswan/description/Default) + This package contains the Number Theoretic Transforms library. +endef + define Package/strongswan-pki $(call Package/strongswan/Default) TITLE+= PKI tool @@ -518,6 +542,11 @@ opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || { } endef +define Package/strongswan-libnttfft/install + $(INSTALL_DIR) $(1)/usr/lib/ipsec + $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libnttfft.so.* $(1)/usr/lib/ipsec/ +endef + define Package/strongswan-pki/install $(INSTALL_DIR) $(1)/etc/strongswan.d $(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/ @@ -618,6 +647,7 @@ $(eval $(call BuildPackage,strongswan-isakmp)) $(eval $(call BuildPackage,strongswan-charon)) $(eval $(call BuildPackage,strongswan-charon-cmd)) $(eval $(call BuildPackage,strongswan-ipsec)) +$(eval $(call BuildPackage,strongswan-libnttfft)) $(eval $(call BuildPackage,strongswan-pki)) $(eval $(call BuildPackage,strongswan-scepclient)) $(eval $(call BuildPackage,strongswan-swanctl)) @@ -628,8 +658,10 @@ $(eval $(call BuildPlugin,af-alg,AF_ALG crypto interface to Linux Crypto API,+km $(eval $(call BuildPlugin,agent,SSH agent signing,)) $(eval $(call BuildPlugin,attr,file based config,)) $(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon)) +$(eval $(call BuildPlugin,bliss,BLISS crypto,+strongswan-libnttfft +strongswan-mod-mgf1 +strongswan-mod-hmac)) $(eval $(call BuildPlugin,blowfish,Blowfish crypto,)) $(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,)) +$(eval $(call BuildPlugin,chapoly,ChaCha20-Poly1305 AEAD crypto,)) $(eval $(call BuildPlugin,cmac,CMAC crypto,)) $(eval $(call BuildPlugin,connmark,netfilter connection marking,)) $(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,)) @@ -663,7 +695,10 @@ $(eval $(call BuildPlugin,load-tester,load testing,)) $(eval $(call BuildPlugin,nonce,nonce genereation,)) $(eval $(call BuildPlugin,md4,MD4 crypto,)) $(eval $(call BuildPlugin,md5,MD5 crypto,)) +$(eval $(call BuildPlugin,mgf1,MGF1 crypto,)) $(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r)) +$(eval $(call BuildPlugin,newhope,New Hope crypto,+strongswan-libnttfft +strongswan-mod-chapoly +strongswan-mod-sha3)) +$(eval $(call BuildPlugin,ntru,NTRU crypto,+strongswan-mod-mgf1)) $(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl)) $(eval $(call BuildPlugin,pem,PEM decoding,)) $(eval $(call BuildPlugin,pgp,PGP key decoding,)) @@ -679,6 +714,7 @@ $(eval $(call BuildPlugin,resolve,DNS resolver,)) $(eval $(call BuildPlugin,revocation,X509 CRL/OCSP revocation,)) $(eval $(call BuildPlugin,sha1,SHA1 crypto,)) $(eval $(call BuildPlugin,sha2,SHA2 crypto,)) +$(eval $(call BuildPlugin,sha3,SHA3 and SHAKE crypto,)) $(eval $(call BuildPlugin,smp,SMP configuration and control interface,+PACKAGE_strongswan-mod-smp:libxml2)) $(eval $(call BuildPlugin,socket-default,default socket implementation for charon,)) $(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,)) diff --git a/net/strongswan/patches/101-musl-fixes.patch b/net/strongswan/patches/101-musl-fixes.patch index 488352b35cf8d..d17a3c6ceeee5 100644 --- a/net/strongswan/patches/101-musl-fixes.patch +++ b/net/strongswan/patches/101-musl-fixes.patch @@ -81,3 +81,14 @@ #include #include #include +--- a/src/libstrongswan/plugins/bliss/bliss_huffman.c ++++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c +@@ -17,6 +17,8 @@ + #include "bliss_param_set.h" + + #include ++#undef fprintf ++#undef printf + + #include + #include From ce8bbece60220a384472b4c241520c4715682acf Mon Sep 17 00:00:00 2001 From: Jianhui Zhao Date: Thu, 8 Apr 2021 14:58:57 +0800 Subject: [PATCH 007/221] libuhttpd: Update to 3.11.0 Signed-off-by: Jianhui Zhao --- libs/libuhttpd/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libuhttpd/Makefile b/libs/libuhttpd/Makefile index 5e10abbf40543..bdbb9c3d97d81 100644 --- a/libs/libuhttpd/Makefile +++ b/libs/libuhttpd/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libuhttpd -PKG_VERSION:=3.10.1 +PKG_VERSION:=3.11.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL=https://github.com/zhaojh329/libuhttpd/releases/download/v$(PKG_VERSION) -PKG_HASH:=6e7a9ad61e3d0ab5bd4d20b274b850542dff8057a8fcf6c36ce59eb34818f61f +PKG_HASH:=dcd95fac7b29d43f57e942db6e9fb4c8745d4284684cd627d60c8a7f8c76cd32 PKG_MAINTAINER:=Jianhui Zhao PKG_LICENSE:=MIT From 11c73a8c8143e0795668b0cb2bfe869161c82880 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Fri, 9 Apr 2021 17:33:21 +0100 Subject: [PATCH 008/221] autopart: use '-' to separate drive serial in volume name Instead of just appending the driver serial including the '0x' prefix, use '-' prefix instead to make it more readable. Signed-off-by: Daniel Golle --- utils/autopart/files/autopart | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autopart/files/autopart b/utils/autopart/files/autopart index 6d946c6995752..c35b238adc5d2 100644 --- a/utils/autopart/files/autopart +++ b/utils/autopart/files/autopart @@ -70,7 +70,7 @@ autopart_init() { lvmpart=$(get_partition_by_name $diskdev $OWRT_VOLUMES) [ "$lvmpart" ] || return - lvm_init /dev/$lvmpart "${OWRT_VOLUMES}${diskserial}" + lvm_init /dev/$lvmpart "${OWRT_VOLUMES}${diskserial:+-${diskserial:2}}" } autopart_init From 192511f027780260c89fb509e0b2916c3fce8168 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 9 Apr 2021 18:42:30 +0200 Subject: [PATCH 009/221] adblock: fix games_tracking source url Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 2 +- net/adblock/files/adblock.sources | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/adblock/Makefile b/net/adblock/Makefile index ff10162da5afd..24a8b157da1df 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock PKG_VERSION:=4.1.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/adblock.sources b/net/adblock/files/adblock.sources index 1b83ea6456820..259753bbf1b34 100644 --- a/net/adblock/files/adblock.sources +++ b/net/adblock/files/adblock.sources @@ -77,7 +77,7 @@ "descurl": "https://github.com/Perflyst/PiHoleBlocklist" }, "games_tracking": { - "url": "https://raw.githubusercontent.com/KodoPengin/GameIndustry-hosts-Template/master/Main%20template/hosts", + "url": "https://raw.githubusercontent.com/KodoPengin/GameIndustry-hosts-Template/master/Main-Template/hosts", "rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", "size": "S", "focus": "tracking", From 39c199262dbbf33726ae59c96edbd7c706d31b8c Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 10 Apr 2021 11:54:50 +0100 Subject: [PATCH 010/221] lvm2: don't use `-normal` suffix for non-SELinux variants This was probably a work-around for an issue with dependencies which was fixed by https://github.com/openwrt/openwrt/commit/988ed0080284903d1fe4851c5ae8f1238bc61da2 Remove it as all other packages with `-selinux` variants do provide a non-SELinux-variant without any suffix and that works now, see procd vs. procd-selinux busybox vs. busybox-selinux Signed-off-by: Daniel Golle --- utils/lvm2/Makefile | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/utils/lvm2/Makefile b/utils/lvm2/Makefile index 1ac865253e5fd..75111a2a2f1ee 100644 --- a/utils/lvm2/Makefile +++ b/utils/lvm2/Makefile @@ -35,10 +35,9 @@ define Package/libdevmapper/Default endef -define Package/libdevmapper-normal +define Package/libdevmapper $(call Package/libdevmapper/Default) VARIANT := normal - PROVIDES := libdevmapper endef define Package/libdevmapper-selinux @@ -48,13 +47,13 @@ define Package/libdevmapper-selinux PROVIDES := libdevmapper endef -define Package/libdevmapper-normal/description +define Package/libdevmapper/description The device-mapper is a component of the 2.6 linux kernel that supports logical volume management. It is required by LVM2 and EVMS. endef define Package/libdevmapper-selinux/description -$(call Package/libdevmapper-normal/description) +$(call Package/libdevmapper/description) This variant supports SELinux endef @@ -68,11 +67,10 @@ define Package/lvm2/default DEPENDS:=+libreadline +libncurses +libaio endef -define Package/lvm2-normal +define Package/lvm2 $(call Package/lvm2/default) VARIANT := normal - DEPENDS += +libdevmapper-normal - PROVIDES := lvm2 + DEPENDS += +libdevmapper endef define Package/lvm2-selinux @@ -82,14 +80,14 @@ define Package/lvm2-selinux PROVIDES := lvm2 endef -define Package/lvm2-normal/description +define Package/lvm2/description LVM2 refers to a new userspace toolset that provide logical volume management facilities on linux. It is reasonably backwards-compatible with the original LVM toolset. endef define Package/lvm2-selinux/description -$(call Package/lvm2-normal/description) +$(call Package/lvm2/description) This variant supports SELinux endef @@ -125,14 +123,14 @@ define Build/InstallDev $(CP) $(PKG_BUILD_DIR)/libdm/libdevmapper.pc $(1)/usr/lib/pkgconfig endef -define Package/libdevmapper-normal/install +define Package/libdevmapper/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libdevmapper.so.* $(1)/usr/lib endef -Package/libdevmapper-selinux/install = $(Package/libdevmapper-normal/install) +Package/libdevmapper-selinux/install = $(Package/libdevmapper/install) -define Package/lvm2-normal/install +define Package/lvm2/install $(INSTALL_DIR) $(1)/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lvm $(1)/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/dmsetup $(1)/sbin @@ -149,15 +147,15 @@ define Package/lvm2-normal/install $(FIND) $(PKG_INSTALL_DIR)/usr/sbin/ -type l -exec $(CP) -a {} $(1)/sbin/ \; endef -Package/lvm2-selinux/install = $(Package/lvm2-normal/install) +Package/lvm2-selinux/install = $(Package/lvm2/install) -define Package/lvm2-normal/conffiles +define Package/lvm2/conffiles /etc/lvm/lvm.conf endef Package/lvm2-selinux/conffiles = $(Package/lvm2/conffiles) -$(eval $(call BuildPackage,libdevmapper-normal)) +$(eval $(call BuildPackage,libdevmapper)) $(eval $(call BuildPackage,libdevmapper-selinux)) -$(eval $(call BuildPackage,lvm2-normal)) +$(eval $(call BuildPackage,lvm2)) $(eval $(call BuildPackage,lvm2-selinux)) From 67ec4b9ee11152547830d6cc387a9df8654ab16d Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 10 Apr 2021 04:04:09 +0100 Subject: [PATCH 011/221] uvol: add new package uvol is a wrapper-script which allows automated handling of storage volumes. uvol currently comes with backend support for LVM2 and UBI, covering practically all options for storage large enough to be managed (NAND, SPI-NAND, eMMC, SATA, NVME, virtio-blk, ...). Signed-off-by: Daniel Golle --- utils/ap_config/Makefile | 37 ++++ utils/ap_config/git-src | 1 + utils/autopart/Makefile | 40 ---- utils/modbus-utils/Makefile | 42 ++++ utils/uvol/Makefile | 73 +++++++ .../autopart => uvol/files/autopart.defaults} | 0 utils/uvol/files/lvm.sh | 195 ++++++++++++++++++ utils/uvol/files/ubi.sh | 160 ++++++++++++++ utils/uvol/files/uvol | 9 + 9 files changed, 517 insertions(+), 40 deletions(-) create mode 100644 utils/ap_config/Makefile create mode 120000 utils/ap_config/git-src delete mode 100644 utils/autopart/Makefile create mode 100644 utils/modbus-utils/Makefile create mode 100644 utils/uvol/Makefile rename utils/{autopart/files/autopart => uvol/files/autopart.defaults} (100%) create mode 100644 utils/uvol/files/lvm.sh create mode 100644 utils/uvol/files/ubi.sh create mode 100644 utils/uvol/files/uvol diff --git a/utils/ap_config/Makefile b/utils/ap_config/Makefile new file mode 100644 index 0000000000000..2d09dc90c54d7 --- /dev/null +++ b/utils/ap_config/Makefile @@ -0,0 +1,37 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ap_config +PKG_VERSION:=2021-03-21 +PKG_RELEASE:=1 + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/ac_server + SECTION:=utils + CATEGORY:=Utilities + TITLE:=ac_server + DEPENDS:=+libaxl +libopenssl +libmariadbclient +endef + +define Package/ac_client + SECTION:=utils + CATEGORY:=Utilities + TITLE:=ac_client + DEPENDS:=+libaxl +libopenssl +endef + +define Package/ac_server/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ac_server $(1)/usr/sbin +endef + +define Package/ap_client/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ac_client $(1)/usr/sbin +endef + +$(eval $(call BuildPackage,ac_server)) +$(eval $(call BuildPackage,ac_client)) diff --git a/utils/ap_config/git-src b/utils/ap_config/git-src new file mode 120000 index 0000000000000..c2296c4a5b438 --- /dev/null +++ b/utils/ap_config/git-src @@ -0,0 +1 @@ +/usr/src/ap_config/.git \ No newline at end of file diff --git a/utils/autopart/Makefile b/utils/autopart/Makefile deleted file mode 100644 index dcd211ba86b56..0000000000000 --- a/utils/autopart/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -include $(TOPDIR)/rules.mk - -PKG_NAME:=autopart -PKG_VERSION:=0.1 -PKG_RELEASE:=$(AUTORELEASE) - -PKG_MAINTAINER:=Daniel Golle -PKG_LICENSE:=GPL-2.0-or-later - -include $(INCLUDE_DIR)/package.mk - -define Package/autopart - SECTION:=utils - CATEGORY:=Utilities - SUBMENU:=Disc - TITLE:=Automatically initialize LVM partition - DEPENDS:=+lvm2 +partx-utils +sfdisk - PKGARCH=all -endef - -define Package/autopart/description - Automatically allocate the GPT partition for LVM and initialize it - on first boot. -endef - -define Build/Prepare -endef - -define Build/Configure -endef - -define Build/Compile -endef - -define Package/autopart/install - $(INSTALL_DIR) $(1)/etc/uci-defaults - $(INSTALL_BIN) ./files/autopart $(1)/etc/uci-defaults/30-autopart -endef - -$(eval $(call BuildPackage,autopart)) diff --git a/utils/modbus-utils/Makefile b/utils/modbus-utils/Makefile new file mode 100644 index 0000000000000..2894439fea612 --- /dev/null +++ b/utils/modbus-utils/Makefile @@ -0,0 +1,42 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=modbus-utils + +PKG_VERSION:=2013-07-31 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/Krzysztow/modbus-utils.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=c569dc0a11a1bedf3a8080fe4a1696de93e386ab +# PKG_MIRROR_HASH:=3aed4146e06bd9f9bcc271824c6b1d75d1fc2a0bd980f2b729c3b4755c6f70a8 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 + +PKG_FIXUP:=autoreconf +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +PKG_MAINTAINER:=Daniel Golle + +# supposed based on statement that source is based on libmodbus testcases +PKG_LICENSE:=GPL-3.0+ LGPL-2.1+ + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/nls.mk + +define Package/modbus-utils + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Modbus client/server utils + DEPENDS:=+libmodbus +endef + +define Package/modbus-utils/description +endef + +define Package/modbus-utils/install + $(INSTALL_DIR) $(1)/usr/bin +# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mbrecorder $(1)/usr/bin/ +endef + +$(eval $(call BuildPackage,modbus-utils)) diff --git a/utils/uvol/Makefile b/utils/uvol/Makefile new file mode 100644 index 0000000000000..64fb0238dadb9 --- /dev/null +++ b/utils/uvol/Makefile @@ -0,0 +1,73 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=uvol +PKG_VERSION:=0.2 +PKG_RELEASE:=$(AUTORELEASE) + +PKG_MAINTAINER:=Daniel Golle +PKG_LICENSE:=GPL-2.0-or-later + +include $(INCLUDE_DIR)/package.mk + +define Package/autopart + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=Disc + TITLE:=Automatically initialize LVM partition + DEPENDS:=+lvm2 +partx-utils +sfdisk + PKGARCH=all +endef + +define Package/autopart/description + Automatically allocate the GPT partition for LVM and initialize it + on first boot. +endef + +define Package/uvol + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=Disc + TITLE:=OpenWrt UBI/LVM volume abstraction + PKGARCH=all +endef + +define Package/uvol/description + 'uvol' is tool to automate storage volume handling on embedded + devices in a generic way. + Also install the 'autopart' package to easily make use of 'uvol' on + block-storage based devices. + + Examples: + uvol create example_volume_1 256MiB rw + uvol up example_volume_1 + uvol device example_volume_1 + + uvol create example_volume_2 9812733 ro + cat example_volume_2.squashfs | uvol write example_volume_2 9812733 + uvol up example_volume_2 + uvol device example_volume_2 +endef + +define Build/Prepare +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/autopart/install + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/autopart.defaults $(1)/etc/uci-defaults/30-autopart +endef + +define Package/uvol/install + $(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/libexec/uvol + $(INSTALL_BIN) ./files/uvol $(1)/usr/sbin + $(INSTALL_BIN) ./files/ubi.sh $(1)/usr/libexec/uvol/20-ubi.sh + $(INSTALL_BIN) ./files/lvm.sh $(1)/usr/libexec/uvol/50-lvm.sh +endef + +$(eval $(call BuildPackage,autopart)) +$(eval $(call BuildPackage,uvol)) diff --git a/utils/autopart/files/autopart b/utils/uvol/files/autopart.defaults similarity index 100% rename from utils/autopart/files/autopart rename to utils/uvol/files/autopart.defaults diff --git a/utils/uvol/files/lvm.sh b/utils/uvol/files/lvm.sh new file mode 100644 index 0000000000000..540fe39e92e5e --- /dev/null +++ b/utils/uvol/files/lvm.sh @@ -0,0 +1,195 @@ +#!/bin/sh + +command -v lvm || return 1 + +. /lib/functions.sh +. /lib/upgrade/common.sh + +export_bootdevice +[ "$BOOTDEV_MAJOR" ] || return 1 +export_partdevice rootdev 0 +[ "$rootdev" ] || return 1 +LVM_SUPPRESS_FD_WARNINGS=1 + +case "$rootdev" in + mtd*|\ + ram*|\ + ubi*) + return 1 +esac + +lvs() { + local cmd="$1" + local cb="$2" + local param="${3:+-S vg_name=${vgname} -S lv_name=~^r[ow]_$3\$}" + local oIFS="$IFS" + IFS=" " + set -- $(LVM_SUPPRESS_FD_WARNINGS=1 $cmd -c $param) + [ "$1" ] || { + IFS="$oIFS" + return 1 + } + IFS=":" + set -- $1 + IFS="$oIFS" + $cb "$@" +} + +pvvars() { + case "${1:5}" in + "$rootdev"*) + partdev="$1" + vgname="$2" + ;; + esac +} + +vgvars() { + [ "$1" = "$vgname" ] || return + vgbs="${13}" + vgts="${14}" + vgus="${15}" + vgfs="${16}" +} + +lvvars() { + lvpath="$1" + lvsize=$(( 512 * $7 )) +} + +freebytes() { + echo $((vgfs * vgbs * 1024)) +} + +totalbytes() { + echo $((vgts * vgbs * 1024)) +} + +existvol() { + [ "$1" ] || return 1 + test -e "/dev/$vgname/ro_$1" || test -e "/dev/$vgname/rw_$1" + return $? +} + +getlvname() { + lvs lvdisplay lvvars "$1" + + [ "$lvpath" ] && echo ${lvpath:5} +} + +getdev() { + existvol "$1" || return 1 + readlink /dev/$(getlvname "$1") +} + +getsize() { + lvs lvdisplay lvvars "$1" + [ "$lvsize" ] && echo $lvsize +} + +activatevol() { + LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a y "$(getlvname "$1")" +} + +disactivatevol() { + existvol "$1" || return 1 + LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a n "$(getlvname "$1")" +} + +getstatus() { + lvs lvdisplay lvvars "$1" + [ "$lvsize" ] || return 2 + existvol "$1" || return 1 + return 0 +} + +createvol() { + local mode ret lvname + case "$3" in + ro) + mode=r + ;; + rw) + mode=rw + ;; + *) + return 22 + ;; + esac + + LVM_SUPPRESS_FD_WARNINGS=1 lvcreate -p $mode -a n -y -W n -Z n -n "${3}_${1}" -L "$2" $vgname + ret=$? + if [ ! $ret -eq 0 ] || [ "$mode" = "r" ]; then + return $ret + fi + lvs lvdisplay lvvars "$1" + [ "$lvpath" ] || return 22 + lvname=${lvpath:5} + LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a y /dev/$lvname || return 1 + if [ $lvsize -gt $(( 100 * 1024 * 1024 )) ]; then + mkfs.f2fs -f -l "$1" $lvpath || return 1 + else + mke2fs -F -L "$1" $lvpath || return 1 + fi + return 0 +} + +removevol() { + local lvname="$(getlvname "$1")" + [ "$lvname" ] || return 2 + LVM_SUPPRESS_FD_WARNINGS=1 lvremove -y "$(getlvname "$1")" +} + +updatevol() { + lvs lvdisplay lvvars "$1" + [ "$lvpath" ] || return 2 + [ $lvsize -ge $2 ] || return 27 + LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a y -p rw ${lvpath:5} + dd of=$lvpath + case "$lvpath" in + /dev/*/ro_*) + LVM_SUPPRESS_FD_WARNINGS=1 lvchange -p r ${lvpath:5} + ;; + esac +} + +lvs pvdisplay pvvars +lvs vgdisplay vgvars +cmd="$1" +shift +case "$cmd" in + free) + freebytes + ;; + total) + totalbytes + ;; + create) + createvol "$@" + ;; + remove) + removevol "$@" + ;; + device) + getdev "$@" + ;; + size) + getsize "$@" + ;; + up) + activatevol "$@" + ;; + down) + disactivatevol "$@" + ;; + status) + getstatus "$@" + ;; + write) + updatevol "$@" + ;; + *) + echo "unknown command" + return 1 + ;; +esac diff --git a/utils/uvol/files/ubi.sh b/utils/uvol/files/ubi.sh new file mode 100644 index 0000000000000..f2f2ab2248bf2 --- /dev/null +++ b/utils/uvol/files/ubi.sh @@ -0,0 +1,160 @@ +#!/bin/sh + +test -e /sys/class/ubi/version || return 0 +read ubiver < /sys/class/ubi/version +[ "$ubiver" = "1" ] || return 1 +test -e /sys/devices/virtual/ubi || return 0 + +ubidev=$(ls -1 /sys/devices/virtual/ubi | head -n 1) + +read ebsize < "/sys/devices/virtual/ubi/${ubidev}/eraseblock_size" + +freebytes() { + read availeb < "/sys/devices/virtual/ubi/${ubidev}/avail_eraseblocks" + echo $((availeb * ebsize)) +} + +totalbytes() { + read totaleb < "/sys/devices/virtual/ubi/${ubidev}/total_eraseblocks" + echo $((totaleb * ebsize)) +} + +getdev() { + local voldir volname devname + for voldir in /sys/devices/virtual/ubi/${ubidev}/${ubidev}_*; do + read volname < "${voldir}/name" + [ "$volname" = "uvol-ro-$1" ] || [ "$volname" = "uvol-rw-$1" ] || continue + basename "$voldir" + done +} + +needs_ubiblock() { + local voldev="$1" + local volname + read volname < "/sys/devices/virtual/ubi/${ubidev}/${voldev}/name" + case "$volname" in + uvol-ro-*) + return 0 + ;; + esac + return 1 +} + +getstatus() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + needs_ubiblock $voldev && [ ! -e "/dev/ubiblock${voldev:3}" ] && return 1 + return 0 +} + +getsize() { + local voldev + voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + cat /sys/devices/virtual/ubi/${ubidev}/${voldev}/data_bytes +} + +getuserdev() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + if needs_ubiblock $voldev ; then + echo "/dev/ubiblock${voldev:3}" + else + echo "/dev/$voldev" + fi +} + +createvol() { + local mode + local existdev=$(getdev "$1") + [ "$existdev" ] && return 17 + case "$3" in + ro) + mode=ro + ;; + rw) + mode=rw + ;; + *) + return 22 + ;; + esac + ubimkvol /dev/$ubidev -N "uvol-$mode-$1" -s "$2" +} + +removevol() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + local volnum=${voldev#${ubidev}_} + ubirmvol /dev/$ubidev -n $volnum +} + +activatevol() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + needs_ubiblock $voldev || return 0 + [ -e "/dev/ubiblock${voldev:3}" ] && return 0 + ubiblock --create /dev/$voldev +} + +disactivatevol() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + needs_ubiblock $voldev || return 0 + [ -e "/dev/ubiblock${voldev:3}" ] || return 0 + ubiblock --remove /dev/$voldev +} + +updatevol() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + [ "$2" ] || return 22 + needs_ubiblock $voldev || return 22 + ubiupdatevol -s $2 /dev/$voldev - +} + +getstatus() { + local voldev=$(getdev "$@") + [ "$voldev" ] || return 2 + needs_ubiblock $voldev && [ ! -e "/dev/ubiblock${voldev:3}" ] && return 1 + return 0 +} + +cmd="$1" +shift +case "$cmd" in + free) + freebytes + ;; + total) + totalbytes + ;; + create) + createvol "$@" + ;; + remove) + removevol "$@" + ;; + device) + getuserdev "$@" + ;; + size) + getsize "$@" + ;; + up) + activatevol "$@" + ;; + down) + disactivatevol "$@" + ;; + status) + getstatus "$@" + ;; + write) + updatevol "$@" + ;; + *) + echo "unknown command" + return 1 + ;; +esac diff --git a/utils/uvol/files/uvol b/utils/uvol/files/uvol new file mode 100644 index 0000000000000..89c6518c86fd9 --- /dev/null +++ b/utils/uvol/files/uvol @@ -0,0 +1,9 @@ +#!/bin/sh + +uvol_backend= +for backend in /usr/libexec/uvol/*.sh; do + total=$($backend total) + [ "$total" ] && uvol_backend=$backend +done + +flock -x /tmp/run/uvol.lock $uvol_backend "$@" From 737c6c55e0d1d14cdbb053f6a3b04f175cf91045 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 10 Apr 2021 12:51:28 +0100 Subject: [PATCH 012/221] ap_config: remove accidentally added package Fixes: 312594f86 ("uvol: add new package") Signed-off-by: Daniel Golle --- utils/ap_config/Makefile | 37 ------------------------------------- utils/ap_config/git-src | 1 - 2 files changed, 38 deletions(-) delete mode 100644 utils/ap_config/Makefile delete mode 120000 utils/ap_config/git-src diff --git a/utils/ap_config/Makefile b/utils/ap_config/Makefile deleted file mode 100644 index 2d09dc90c54d7..0000000000000 --- a/utils/ap_config/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -include $(TOPDIR)/rules.mk - -PKG_NAME:=ap_config -PKG_VERSION:=2021-03-21 -PKG_RELEASE:=1 - -PKG_BUILD_PARALLEL:=1 -PKG_INSTALL:=1 - -include $(INCLUDE_DIR)/package.mk - -define Package/ac_server - SECTION:=utils - CATEGORY:=Utilities - TITLE:=ac_server - DEPENDS:=+libaxl +libopenssl +libmariadbclient -endef - -define Package/ac_client - SECTION:=utils - CATEGORY:=Utilities - TITLE:=ac_client - DEPENDS:=+libaxl +libopenssl -endef - -define Package/ac_server/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ac_server $(1)/usr/sbin -endef - -define Package/ap_client/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ac_client $(1)/usr/sbin -endef - -$(eval $(call BuildPackage,ac_server)) -$(eval $(call BuildPackage,ac_client)) diff --git a/utils/ap_config/git-src b/utils/ap_config/git-src deleted file mode 120000 index c2296c4a5b438..0000000000000 --- a/utils/ap_config/git-src +++ /dev/null @@ -1 +0,0 @@ -/usr/src/ap_config/.git \ No newline at end of file From 7fe4af0fea45ae233b1833cf521640c17707e8e5 Mon Sep 17 00:00:00 2001 From: "Gregory L. Dietsche" Date: Thu, 8 Apr 2021 20:14:45 -0500 Subject: [PATCH 013/221] safe-search: prevent duplicate cron job installation This patch prevents multiple cron jobs from being created to run the safe-search-maintenance script. To reproduce this bug, perform the following: - Install safe-search - Perform an OpenWRT firmware upgrade (choose to preserve user settings) - Install safe-search again Signed-off-by: Gregory L. Dietsche --- net/safe-search/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/safe-search/Makefile b/net/safe-search/Makefile index 9c0126287a165..b8afee5d772f9 100644 --- a/net/safe-search/Makefile +++ b/net/safe-search/Makefile @@ -6,8 +6,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=safe-search -PKG_VERSION:=2.0.0 -PKG_RELEASE:=3 +PKG_VERSION:=2.0.1 +PKG_RELEASE:=$(AUTORELEASE) PKG_LICENSE:=MIT PKG_MAINTAINER:=Gregory L. Dietsche @@ -54,6 +54,7 @@ endef define Package/safe-search/postinst #!/bin/sh if [ -z "$${IPKG_INSTROOT}" ]; then + crontab -l | grep -v "safe-search-maintenance" | sort | uniq | crontab - echo "1 1 * * 1 /bin/nice /usr/sbin/safe-search-maintenance>/dev/null 2>&1">>/etc/crontabs/root /etc/init.d/cron restart fi From c75663585c06ef0919a32ef933668be6544ff1bc Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 10 Apr 2021 13:30:55 +0100 Subject: [PATCH 014/221] modbus-utils: remove accidentally added package modbus-utils was not intended to be added at this stage. Remove it. Fixes: 312594f86 ("uvol: add new package") Signed-off-by: Daniel Golle --- utils/modbus-utils/Makefile | 42 ------------------------------------- 1 file changed, 42 deletions(-) delete mode 100644 utils/modbus-utils/Makefile diff --git a/utils/modbus-utils/Makefile b/utils/modbus-utils/Makefile deleted file mode 100644 index 2894439fea612..0000000000000 --- a/utils/modbus-utils/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -include $(TOPDIR)/rules.mk - -PKG_NAME:=modbus-utils - -PKG_VERSION:=2013-07-31 -PKG_RELEASE=$(PKG_SOURCE_VERSION) - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://github.com/Krzysztow/modbus-utils.git -PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=c569dc0a11a1bedf3a8080fe4a1696de93e386ab -# PKG_MIRROR_HASH:=3aed4146e06bd9f9bcc271824c6b1d75d1fc2a0bd980f2b729c3b4755c6f70a8 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 - -PKG_FIXUP:=autoreconf -PKG_BUILD_PARALLEL:=1 -PKG_INSTALL:=1 - -PKG_MAINTAINER:=Daniel Golle - -# supposed based on statement that source is based on libmodbus testcases -PKG_LICENSE:=GPL-3.0+ LGPL-2.1+ - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/nls.mk - -define Package/modbus-utils - SECTION:=utils - CATEGORY:=Utilities - TITLE:=Modbus client/server utils - DEPENDS:=+libmodbus -endef - -define Package/modbus-utils/description -endef - -define Package/modbus-utils/install - $(INSTALL_DIR) $(1)/usr/bin -# $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mbrecorder $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,modbus-utils)) From 62f639846d2642cc0d7b2151ac15e2d606ccb31a Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 10 Apr 2021 14:39:59 +0100 Subject: [PATCH 015/221] ovsd: improve package style and update source Fix post-merge comments in #15316 and update source. Signed-off-by: Daniel Golle --- net/ovsd/Makefile | 19 ++++++++----------- net/ovsd/files/etc/init.d/ovsd | 11 +++++------ 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/net/ovsd/Makefile b/net/ovsd/Makefile index 72c7e5d45711c..e4cf582edc05b 100644 --- a/net/ovsd/Makefile +++ b/net/ovsd/Makefile @@ -1,33 +1,30 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ovsd -PKG_VERSION:=2020-10-12 +PKG_SOURCE_DATE:=2020-12-08 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://gitlab.hhi.fraunhofer.de/wn-ina/ovsd.git -PKG_SOURCE_VERSION:=e6a07f27dd8a5893eb6110c69922077995b9b26a -PKG_MIRROR_HASH:=9d903b3fecd8a3e102e1477efe479fc3851b1814ea0852e1dae39065b88cd157 - -PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz +PKG_SOURCE_URL:=https://gitlab.hhi.fraunhofer.de/wn-ina/ovsd +PKG_SOURCE_VERSION:=3a03476e2fececed3752ba4e68c92e71160c7db1 +PKG_MIRROR_HASH:=306e0cfa675299260142831e7a16c77e6e9e52ad7067bf20362f06af4faad69c PKG_MAINTAINER:=Arne Kappen -PKG_LICENSE:=GPL-2.0 +PKG_LICENSE:=GPL-2.0-only +PKG_LICENSE_FILES:=LICENSE PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk - define Package/ovsd SECTION:=net SUBMENU:=Open vSwitch CATEGORY:=Network - DEPENDS:=+openvswitch +libubox +libubus +netifd TITLE:=Open vSwtich configuration daemon for netifd - MAINTAINER:=Arne Kappen + URL:=https://gitlab.hhi.fraunhofer.de/wn-ina/ovsd + DEPENDS:=+openvswitch +libubox +libubus +netifd endef define Package/ovsd/description diff --git a/net/ovsd/files/etc/init.d/ovsd b/net/ovsd/files/etc/init.d/ovsd index f273e4e7f2112..b9b5cd27598d2 100755 --- a/net/ovsd/files/etc/init.d/ovsd +++ b/net/ovsd/files/etc/init.d/ovsd @@ -4,10 +4,9 @@ START=19 USE_PROCD=1 start_service() { - procd_open_instance - procd_set_param command /sbin/ovsd - procd_set_param respawn + procd_open_instance + procd_set_param command /sbin/ovsd + procd_set_param respawn procd_set_param watch ovs - - procd_close_instance -} \ No newline at end of file + procd_close_instance +} From 7d57993d6526d186db3a9c1fd56a0e63cf4551fc Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Apr 2021 02:02:25 -0700 Subject: [PATCH 016/221] file: update to 5.40 Signed-off-by: Rosen Penev --- libs/file/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/file/Makefile b/libs/file/Makefile index 34d02743f02f3..2b0eac4075a26 100644 --- a/libs/file/Makefile +++ b/libs/file/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=file -PKG_VERSION:=5.39 -PKG_RELEASE:=1 +PKG_VERSION:=5.40 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://download.openpkg.org/components/cache/file/ \ ftp://ftp.astron.com/pub/file/ -PKG_HASH:=f05d286a76d9556243d0cb05814929c2ecf3a5ba07963f8f70bfaaa70517fad1 +PKG_HASH:=167321f43c148a553f68a0ea7f579821ef3b11c27b8cbe158e4df897e4a5dd57 PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=BSD-2-Clause From 8d1480b74a23e3cd25e88589f34c26762f4d3c7b Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Apr 2021 02:39:28 -0700 Subject: [PATCH 017/221] spdlog: update to 1.8.5 Signed-off-by: Rosen Penev --- libs/spdlog/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/spdlog/Makefile b/libs/spdlog/Makefile index f098d6f256a42..a4e6aef8fc79f 100644 --- a/libs/spdlog/Makefile +++ b/libs/spdlog/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=spdlog -PKG_VERSION:=1.8.3 +PKG_VERSION:=1.8.5 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/gabime/spdlog/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6f5b88ca4c9b96264e6c961716fec6f1a7b94c80a5edce667c3e42507caa8a82 +PKG_HASH:=944d0bd7c763ac721398dca2bb0f3b5ed16f67cef36810ede5061f35a543b4b8 PKG_MAINTAINER:= PKG_LICENSE:=MIT From 915865e1a34b2d3ac451be4527d21a8a7e44141c Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Apr 2021 02:40:13 -0700 Subject: [PATCH 018/221] libnpupnp: update to 4.1.3 Signed-off-by: Rosen Penev --- libs/libnpupnp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libnpupnp/Makefile b/libs/libnpupnp/Makefile index b7d4f46863025..7d97db2f89754 100644 --- a/libs/libnpupnp/Makefile +++ b/libs/libnpupnp/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libnpupnp -PKG_VERSION:=4.1.1 +PKG_VERSION:=4.1.3 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.lesbonscomptes.com/upmpdcli/downloads -PKG_HASH:=7e41d3933b956073b33c6ac6e61c81e83b428015ee871fd16d18b198bf3be960 +PKG_HASH:=74703d49be52d29b52f59342ec7359178b127568399551d9d3f56bb7950fcc02 PKG_MAINTAINER:= PKG_LICENSE:=LGPL-2.1-or-later From 1727bac837b492ed2953a2e141d3eb483ff6dae2 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Apr 2021 02:40:39 -0700 Subject: [PATCH 019/221] gerbera: update to 1.8.0 Signed-off-by: Rosen Penev --- multimedia/gerbera/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/multimedia/gerbera/Makefile b/multimedia/gerbera/Makefile index fdae648794973..c16a6d9c7e559 100644 --- a/multimedia/gerbera/Makefile +++ b/multimedia/gerbera/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gerbera -PKG_VERSION:=1.7.0 +PKG_VERSION:=1.8.0 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/gerbera/gerbera/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6d40b840d015ba5c512f41442957c1c0fdbba07c18724cf00a45e0a579ddeb7f +PKG_HASH:=02044abd1363c5f5604c5830e560b102ac456179afbf3be60e65847f47f4c599 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later From 9cd6537a6804286bc3935bd8bde908ac882a32d1 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 10 Apr 2021 03:30:50 -0700 Subject: [PATCH 020/221] taglib: fix config file paths Gerbera stupidly uses taglib-config to find the paths. Fix them to avoid adding /usr/lib Signed-off-by: Rosen Penev --- libs/taglib/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libs/taglib/Makefile b/libs/taglib/Makefile index 7fa78fc1a5c0d..11f21dc059607 100644 --- a/libs/taglib/Makefile +++ b/libs/taglib/Makefile @@ -48,6 +48,8 @@ TARGET_CXXFLAGS += -flto define Build/InstallDev $(call Build/InstallDev/cmake,$(1)) $(SED) '/^prefix=\|^exec_prefix=/s|/usr|$(STAGING_DIR)/usr|' $(1)/usr/bin/taglib-config + $(SED) '/^includedir=/s|/usr|$(STAGING_DIR)/usr|' $(1)/usr/bin/taglib-config + $(SED) '/^libdir=/s|/usr|$(STAGING_DIR)/usr|' $(1)/usr/bin/taglib-config $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/taglib.pc $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/taglib.pc $(INSTALL_DIR) $(2)/bin From 81c04ded5b398cb06d06488f25ccae720483a363 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Sat, 10 Apr 2021 18:54:41 +0000 Subject: [PATCH 021/221] simple-adblock: update to 1.8.7-3 Signed-off-by: Stan Grishin --- net/simple-adblock/Makefile | 6 +-- net/simple-adblock/files/simple-adblock.init | 57 ++++++++++---------- 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/net/simple-adblock/Makefile b/net/simple-adblock/Makefile index 8f3eb2369daa9..f9b4d235b4e2c 100644 --- a/net/simple-adblock/Makefile +++ b/net/simple-adblock/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=simple-adblock PKG_VERSION:=1.8.7 -PKG_RELEASE:=1 +PKG_RELEASE:=3 PKG_MAINTAINER:=Stan Grishin PKG_LICENSE:=GPL-3.0-or-later @@ -17,7 +17,7 @@ define Package/simple-adblock CATEGORY:=Network TITLE:=Simple AdBlock Service URL:=https://docs.openwrt.melmac.net/simple-adblock/ - DEPENDS:=+jshn + DEPENDS:=+jshn +wget PKGARCH:=all endef @@ -42,7 +42,7 @@ define Package/simple-adblock/install $(INSTALL_BIN) ./files/simple-adblock.init $(1)/etc/init.d/simple-adblock $(SED) "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/simple-adblock $(INSTALL_CONF) ./files/simple-adblock.conf $(1)/etc/config/simple-adblock - $(INSTALL_CONF) ./files/simple-adblock.conf.update $(1)/tmp/simple-adblock.conf.update + $(INSTALL_DATA) ./files/simple-adblock.conf.update $(1)/tmp/simple-adblock.conf.update endef define Package/simple-adblock/postinst diff --git a/net/simple-adblock/files/simple-adblock.init b/net/simple-adblock/files/simple-adblock.init index 1ded7a8849688..211412069ee32 100644 --- a/net/simple-adblock/files/simple-adblock.init +++ b/net/simple-adblock/files/simple-adblock.init @@ -247,6 +247,9 @@ load_package_config() { if is_present 'curl'; then dl_command="curl --insecure --retry $curlRetry --connect-timeout $dlTimeout --silent" dl_flag="-o" + elif is_present '/usr/libexec/wget-ssl'; then + dl_command="/usr/libexec/wget-ssl --no-check-certificate --timeout $dlTimeout -q" + dl_flag="-O" elif is_present wget && wget --version 2>/dev/null | grep -q "+https"; then dl_command="wget --no-check-certificate --timeout $dlTimeout -q" dl_flag="-O" @@ -882,41 +885,41 @@ start_service() { if [ "$forceDNS" -ne 0 ]; then for c in $forceDNSPorts; do if netstat -tuln | grep LISTEN | grep ":${c}" >/dev/null 2>&1; then - json_add_object '' - json_add_string type 'redirect' - json_add_string target 'DNAT' - json_add_string src 'lan' - json_add_string proto 'tcp udp' + json_add_object "" + json_add_string type redirect + json_add_string target DNAT + json_add_string src lan + json_add_string proto "tcp udp" json_add_string src_dport "$c" json_add_string dest_port "$c" - json_add_string reflection '0' + json_add_boolean reflection 0 json_close_object else - json_add_object '' - json_add_string type 'rule' - json_add_string src 'lan' - json_add_string dest '*' - json_add_string proto 'tcp udp' + json_add_object "" + json_add_string type rule + json_add_string src lan + json_add_string dest "*" + json_add_string proto "tcp udp" json_add_string dest_port "$c" - json_add_string target 'REJECT' + json_add_string target REJECT json_close_object fi done fi if [ "$targetDNS" = 'dnsmasq.ipset' ]; then - json_add_object '' - json_add_string type 'ipset' - json_add_string name 'adb' - json_add_string match 'dest_net' - json_add_string storage 'hash' + json_add_object "" + json_add_string type ipset + json_add_string name adb + json_add_string match dest_net + json_add_string storage hash json_close_object - json_add_object '' - json_add_string type 'rule' - json_add_string ipset 'adb' - json_add_string src 'lan' - json_add_string dest '*' - json_add_string proto 'tcp udp' - json_add_string target 'REJECT' + json_add_object "" + json_add_string type rule + json_add_string ipset adb + json_add_string src lan + json_add_string dest "*" + json_add_string proto "tcp udp" + json_add_string target REJECT json_close_object fi json_close_array @@ -994,11 +997,11 @@ start_service() { service_started() { procd_set_config_changed firewall; } service_stopped() { procd_set_config_changed firewall; } + restart_service() { rc_procd start_service 'restart'; } -reload_service() { restart_service; } -restart() { restart_service; } -reload() { restart_service; } +reload_service() { rc_procd start_service 'restart'; } dl() { rc_procd start_service 'download'; } + killcache() { rm -f "$addnhostsCache" "$addnhostsGzip" rm -f "$dnsmasqCache" "$dnsmasqGzip" From f12cf9734771ba672d224fbd75127290addb8e8b Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sun, 11 Apr 2021 01:41:05 +0100 Subject: [PATCH 022/221] uvol: some improvements * use lvm --reportformat json * add 'list' and 'align' commands * add help output Signed-off-by: Daniel Golle --- utils/uvol/files/lvm.sh | 243 ++++++++++++++++++++++++++++------------ utils/uvol/files/ubi.sh | 41 ++++++- utils/uvol/files/uvol | 43 +++++++ 3 files changed, 252 insertions(+), 75 deletions(-) diff --git a/utils/uvol/files/lvm.sh b/utils/uvol/files/lvm.sh index 540fe39e92e5e..35c2ae17e4714 100644 --- a/utils/uvol/files/lvm.sh +++ b/utils/uvol/files/lvm.sh @@ -1,15 +1,23 @@ #!/bin/sh -command -v lvm || return 1 +cmd="$1" +shift + +if [ "$cmd" = "name" ]; then + echo "LVM" + return 0 +fi + +command -v lvm >/dev/null || return 1 . /lib/functions.sh . /lib/upgrade/common.sh +. /usr/share/libubox/jshn.sh export_bootdevice [ "$BOOTDEV_MAJOR" ] || return 1 export_partdevice rootdev 0 [ "$rootdev" ] || return 1 -LVM_SUPPRESS_FD_WARNINGS=1 case "$rootdev" in mtd*|\ @@ -18,93 +26,157 @@ case "$rootdev" in return 1 esac -lvs() { +lvm_cmd() { local cmd="$1" - local cb="$2" - local param="${3:+-S vg_name=${vgname} -S lv_name=~^r[ow]_$3\$}" - local oIFS="$IFS" - IFS=" " - set -- $(LVM_SUPPRESS_FD_WARNINGS=1 $cmd -c $param) - [ "$1" ] || { - IFS="$oIFS" - return 1 - } - IFS=":" - set -- $1 - IFS="$oIFS" - $cb "$@" -} - -pvvars() { - case "${1:5}" in - "$rootdev"*) - partdev="$1" - vgname="$2" - ;; - esac + shift + LVM_SUPPRESS_FD_WARNINGS=1 lvm "$cmd" "$@" +} + +pvs() { + lvm_cmd pvs --reportformat json --units b "$@" } -vgvars() { - [ "$1" = "$vgname" ] || return - vgbs="${13}" - vgts="${14}" - vgus="${15}" - vgfs="${16}" +vgs() { + lvm_cmd vgs --reportformat json --units b "$@" } -lvvars() { - lvpath="$1" - lvsize=$(( 512 * $7 )) +lvs() { + lvm_cmd vgs --reportformat json --units b "$@" } freebytes() { - echo $((vgfs * vgbs * 1024)) + echo $(($vg_free_count * $vg_extent_size * 1024)) } totalbytes() { - echo $((vgts * vgbs * 1024)) + echo $(($vg_extent_count * $vg_extent_size * 1024)) } existvol() { [ "$1" ] || return 1 - test -e "/dev/$vgname/ro_$1" || test -e "/dev/$vgname/rw_$1" + test -e "/dev/$vg_name/ro_$1" || test -e "/dev/$vg_name/rw_$1" return $? } -getlvname() { - lvs lvdisplay lvvars "$1" +vg_name= +exportpv() { + local reports rep pv pvs + vg_name= + json_init + json_load "$(pvs -o vg_name -S "pv_name=~^/dev/$rootdev.*\$")" + json_select report + json_get_keys reports + for rep in $reports; do + json_select "$rep" + json_select pv + json_get_keys pvs + for pv in $pvs; do + json_select "$pv" + json_get_vars vg_name + json_select .. + break + done + json_select .. + break + done +} - [ "$lvpath" ] && echo ${lvpath:5} +vg_extent_size= +vg_extent_count= +vg_free_count= +exportvg() { + local reports rep vg vgs + vg_extent_size= + vg_extent_count= + vg_free_count= + json_init + json_load "$(vgs -o vg_extent_size,vg_extent_count,vg_free_count -S "vg_name=$vg_name")" + json_select report + json_get_keys reports + for rep in $reports; do + json_select "$rep" + json_select vg + json_get_keys vgs + for vg in $vgs; do + json_select "$vg" + json_get_vars vg_extent_size vg_extent_count vg_free_count + vg_extent_size=${vg_extent_size%B} + json_select .. + break + done + json_select .. + break + done +} + +lv_full_name= +lv_path= +lv_dm_path= +lv_size= +exportlv() { + local reports rep lv lvs + lv_full_name= + lv_path= + lv_dm_path= + lv_size= + json_init + + json_load "$(lvs -o lv_full_name,lv_size,lv_path,lv_dm_path -S "lv_name=~^r[ow]_$1\$ && vg_name=$vg_name")" + json_select report + json_get_keys reports + for rep in $reports; do + json_select "$rep" + json_select lv + json_get_keys lvs + for lv in $lvs; do + json_select "$lv" + json_get_vars lv_full_name lv_size lv_path lv_dm_path + lv_size=${lv_size%B} + json_select .. + break + done + json_select .. + break + done } getdev() { existvol "$1" || return 1 - readlink /dev/$(getlvname "$1") + exportlv "$1" + echo $lv_dm_path } getsize() { - lvs lvdisplay lvvars "$1" - [ "$lvsize" ] && echo $lvsize + exportlv "$1" + [ "$lv_size" ] && echo $lv_size } activatevol() { - LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a y "$(getlvname "$1")" + exportlv "$1" + lvm_cmd lvchange -a y "$lv_full_name" } disactivatevol() { - existvol "$1" || return 1 - LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a n "$(getlvname "$1")" + exportlv "$1" + lvm_cmd lvchange -a n "$lv_full_name" } getstatus() { - lvs lvdisplay lvvars "$1" - [ "$lvsize" ] || return 2 + exportlv "$1" + [ "$lv_full_name" ] || return 2 existvol "$1" || return 1 return 0 } createvol() { - local mode ret lvname + local mode ret + local volsize=$(($2)) + [ "$volsize" ] || return 22 + exportlv "$1" + [ "$lv_size" ] && return 17 + size_ext=$((volsize / vg_extent_size)) + [ $((size_ext * vg_extent_size)) -lt $volsize ] && size_ext=$((size_ext + 1)) + case "$3" in ro) mode=r @@ -117,53 +189,82 @@ createvol() { ;; esac - LVM_SUPPRESS_FD_WARNINGS=1 lvcreate -p $mode -a n -y -W n -Z n -n "${3}_${1}" -L "$2" $vgname + lvm_cmd lvcreate -p $mode -a n -y -W n -Z n -n "${3}_${1}" -l "$size_ext" $vg_name ret=$? if [ ! $ret -eq 0 ] || [ "$mode" = "r" ]; then return $ret fi - lvs lvdisplay lvvars "$1" - [ "$lvpath" ] || return 22 - lvname=${lvpath:5} - LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a y /dev/$lvname || return 1 - if [ $lvsize -gt $(( 100 * 1024 * 1024 )) ]; then - mkfs.f2fs -f -l "$1" $lvpath || return 1 + exportlv "$1" + [ "$lv_full_name" ] || return 22 + lvm_cmd lvchange -a y "$lv_full_name" || return 1 + if [ $lv_size -gt $(( 100 * 1024 * 1024 )) ]; then + mkfs.f2fs -f -l "$1" "$lv_path" || return 1 else - mke2fs -F -L "$1" $lvpath || return 1 + mke2fs -F -L "$1" "$lv_path" || return 1 fi return 0 } removevol() { - local lvname="$(getlvname "$1")" - [ "$lvname" ] || return 2 - LVM_SUPPRESS_FD_WARNINGS=1 lvremove -y "$(getlvname "$1")" + exportlv "$1" + [ "$lv_full_name" ] || return 2 + lvm_cmd lvremove -y "$lv_full_name" } updatevol() { - lvs lvdisplay lvvars "$1" - [ "$lvpath" ] || return 2 - [ $lvsize -ge $2 ] || return 27 - LVM_SUPPRESS_FD_WARNINGS=1 lvchange -a y -p rw ${lvpath:5} - dd of=$lvpath - case "$lvpath" in + exportlv "$1" + [ "$lv_full_name" ] || return 2 + [ $lv_size -ge $2 ] || return 27 + lvm_cmd lvchange -a y -p rw "$lv_full_name" + dd of=$lv_path + case "$lv_path" in /dev/*/ro_*) - LVM_SUPPRESS_FD_WARNINGS=1 lvchange -p r ${lvpath:5} + lvm_cmd lvchange -p r "$lv_full_name" ;; esac } -lvs pvdisplay pvvars -lvs vgdisplay vgvars -cmd="$1" -shift +listvols() { + local reports rep lv lvs lv_name lv_size lv_mode volname + volname=${1:-.*} + json_init + json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^r[ow]_$volname\$ && vg_name=$vg_name")" + json_select report + json_get_keys reports + for rep in $reports; do + json_select "$rep" + json_select lv + json_get_keys lvs + for lv in $lvs; do + json_select "$lv" + json_get_vars lv_name lv_size + lv_mode="${lv_name:0:2}" + lv_name="${lv_name:3}" + lv_size=${lv_size%B} + echo "$lv_name $lv_mode $lv_size" + json_select .. + done + json_select .. + break + done +} + +exportpv +exportvg + case "$cmd" in + align) + echo "$vg_extent_size" + ;; free) freebytes ;; total) totalbytes ;; + list) + listvols "$@" + ;; create) createvol "$@" ;; diff --git a/utils/uvol/files/ubi.sh b/utils/uvol/files/ubi.sh index f2f2ab2248bf2..28841ca0474ff 100644 --- a/utils/uvol/files/ubi.sh +++ b/utils/uvol/files/ubi.sh @@ -1,5 +1,13 @@ #!/bin/sh +cmd="$1" +shift + +if [ "$cmd" = "name" ]; then + echo "UBI" + return 0 +fi + test -e /sys/class/ubi/version || return 0 read ubiver < /sys/class/ubi/version [ "$ubiver" = "1" ] || return 1 @@ -65,8 +73,8 @@ getuserdev() { } createvol() { - local mode - local existdev=$(getdev "$1") + local mode ret + local existdev=$(getdev "$@") [ "$existdev" ] && return 17 case "$3" in ro) @@ -80,6 +88,9 @@ createvol() { ;; esac ubimkvol /dev/$ubidev -N "uvol-$mode-$1" -s "$2" + ret=$? + [ $ret -eq 0 ] || return $ret + ubiupdatevol -t /dev/$(getdev "$@") } removevol() { @@ -120,15 +131,37 @@ getstatus() { return 0 } -cmd="$1" -shift +listvols() { + local volname volmode volsize + for voldir in /sys/devices/virtual/ubi/${ubidev}/${ubidev}_*; do + read volname < $voldir/name + case "$volname" in + uvol-r[wo]*) + read volsize < $voldir/data_bytes + ;; + *) + continue + ;; + esac + volmode=${volname:5:2} + volname=${volname:8} + echo "$volname $volmode $volsize" + done +} + case "$cmd" in + align) + echo "$ebsize" + ;; free) freebytes ;; total) totalbytes ;; + list) + listvols "$@" + ;; create) createvol "$@" ;; diff --git a/utils/uvol/files/uvol b/utils/uvol/files/uvol index 89c6518c86fd9..58d08f07e10f9 100644 --- a/utils/uvol/files/uvol +++ b/utils/uvol/files/uvol @@ -1,9 +1,52 @@ #!/bin/sh +# uvol prototype +# future development roadmap (aka. to-do): +# * atomic create using temp volnames +# * create read-only volumes as 'write-once', introduce 'pending' state until written +# * re-implement in C (use libubox, execve lvm/ubi*) +# * add atomic batch processing for use by container/package manager + +if [ -z "$1" ]; then cat < Date: Sat, 5 Sep 2020 13:41:11 -1000 Subject: [PATCH 023/221] CI: remove leftover travis files THe current CI uses both CircleCI and GitHub Action CI, but not Travis. Signed-off-by: Paul Spooren --- .travis.yml | 16 ---- .travis_do.sh | 244 -------------------------------------------------- 2 files changed, 260 deletions(-) delete mode 100644 .travis.yml delete mode 100755 .travis_do.sh diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 5f03189e63556..0000000000000 --- a/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -git: - depth: 10 - quiet: true - -language: c -os: linux -dist: focal -cache: - directories: - - $HOME/sdk - -before_script: - - ./.travis_do.sh download_sdk - -script: - - ./.travis_do.sh test_packages diff --git a/.travis_do.sh b/.travis_do.sh deleted file mode 100755 index af37fc3c79cab..0000000000000 --- a/.travis_do.sh +++ /dev/null @@ -1,244 +0,0 @@ -#!/bin/bash -# -# MIT Alexander Couzens - -set -e - -SDK_HOME="$HOME/sdk" -SDK_PATH=https://downloads.openwrt.org/snapshots/targets/mpc85xx/p2020/ -SDK=-sdk-mpc85xx-p2020_ -PACKAGES_DIR="$PWD" - -echo_red() { printf "\033[1;31m$*\033[m\n"; } -echo_green() { printf "\033[1;32m$*\033[m\n"; } -echo_blue() { printf "\033[1;34m$*\033[m\n"; } - -exec_status() { - PATTERN="$1" - shift - while :;do sleep 590;echo "still running (please don't kill me Travis)";done & - ("$@" 2>&1) | tee logoutput - R=${PIPESTATUS[0]} - kill $! && wait $! 2>/dev/null - if [ $R -ne 0 ]; then - echo_red "=> '$*' failed (return code $R)" - return 1 - fi - if grep -qE "$PATTERN" logoutput; then - echo_red "=> '$*' failed (log matched '$PATTERN')" - return 1 - fi - - echo_green "=> '$*' successful" - return 0 -} - -get_sdk_file() { - if [ -e "$SDK_HOME/sha256sums" ] ; then - grep -- "$SDK" "$SDK_HOME/sha256sums" | awk '{print $2}' | sed 's/*//g' - else - false - fi -} - -# download will run on the `before_script` step -# The travis cache will be used (all files under $HOME/sdk/). Meaning -# We don't have to download the file again -download_sdk() { - mkdir -p "$SDK_HOME" - cd "$SDK_HOME" - - echo_blue "=== download SDK" - wget "$SDK_PATH/sha256sums" -O sha256sums - wget "$SDK_PATH/sha256sums.gpg" -O sha256sums.asc - - # LEDE Build System (LEDE GnuPG key for unattended build jobs) - gpg --import $PACKAGES_DIR/.keys/626471F1.asc - echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust - # LEDE Release Builder (17.01 "Reboot" Signing Key) - gpg --import $PACKAGES_DIR/.keys/D52BBB6B.asc - echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust - - echo_blue "=== Verifying sha256sums signature" - gpg --verify sha256sums.asc - echo_blue "=== Verified sha256sums signature." - if ! grep -- "$SDK" sha256sums > sha256sums.small ; then - echo_red "=== Can not find $SDK file in sha256sums." - echo_red "=== Is \$SDK out of date?" - false - fi - - # if missing, outdated or invalid, download again - if ! sha256sum -c ./sha256sums.small ; then - local sdk_file - sdk_file="$(get_sdk_file)" - echo_blue "=== sha256 doesn't match or SDK file wasn't downloaded yet." - echo_blue "=== Downloading a fresh version" - wget "$SDK_PATH/$sdk_file" -O "$sdk_file" - fi - - # check again and fail here if the file is still bad - echo_blue "Checking sha256sum a second time" - if ! sha256sum -c ./sha256sums.small ; then - echo_red "=== SDK can not be verified!" - false - fi - echo_blue "=== SDK is up-to-date" -} - -# test_package will run on the `script` step. -# test_package call make download check for very new/modified package -test_packages2() { - local commit_range=$TRAVIS_COMMIT_RANGE - if [ -z "$TRAVIS_PULL_REQUEST_SHA" ]; then - echo_blue "Using only the latest commit, since we're not in a Pull Request" - commit_range=HEAD~1 - fi - - # search for new or modified packages. PKGS will hold a list of package like 'admin/muninlite admin/monit ...' - PKGS=$(git diff --diff-filter=d --name-only "$commit_range" | grep 'Makefile$' | grep -v '/files/' | awk -F'/Makefile' '{ print $1 }') - - if [ -z "$PKGS" ] ; then - echo_blue "No new or modified packages found!" - return 0 - fi - - echo_blue "=== Found new/modified packages:" - for pkg in $PKGS ; do - echo "===+ $pkg" - done - - echo_blue "=== Setting up SDK" - tmp_path=$(mktemp -d) - cd "$tmp_path" - tar Jxf "$SDK_HOME/$(get_sdk_file)" --strip=1 - - # use github mirrors to spare lede servers - cat > feeds.conf < /dev/null - ./scripts/feeds install -a > /dev/null - make defconfig > /dev/null - echo_blue "=== Setting up SDK done" - - RET=0 - # E.g: pkg_dir => admin/muninlite - # pkg_name => muninlite - for pkg_dir in $PKGS ; do - pkg_name=$(echo "$pkg_dir" | awk -F/ '{ print $NF }') - echo_blue "=== $pkg_name: Starting quick tests" - - exec_status '^ERROR' make "package/$pkg_name/download" V=s || RET=1 - badhash_msg_regex="HASH does not match " - badhash_msg_regex="$badhash_msg_regex|HASH uses deprecated hash," - badhash_msg_regex="$badhash_msg_regex|HASH is missing," - exec_status '^ERROR'"|$badhash_msg_regex" make "package/$pkg_name/check" V=s || RET=1 - - echo_blue "=== $pkg_name: quick tests done" - done - - [ $RET -ne 0 ] && return $RET - - for pkg_dir in $PKGS ; do - pkg_name=$(echo "$pkg_dir" | awk -F/ '{ print $NF }') - echo_blue "=== $pkg_name: Starting compile test" - - # we can't enable verbose built else we often hit Travis limits - # on log size and the job get killed - exec_status '^ERROR' make "package/$pkg_name/compile" -j3 || RET=1 - - echo_blue "=== $pkg_name: compile test done" - - echo_blue "=== $pkg_name: begin compile logs" - for f in $(find logs/package/feeds/packages/$pkg_name/ -type f); do - echo_blue "Printing last 200 lines of $f" - tail -n200 "$f" - done - echo_blue "=== $pkg_name: end compile logs" - - echo_blue "=== $pkg_name: begin packages sizes" - du -ba bin/ - echo_blue "=== $pkg_name: end packages sizes" - done - - return $RET -} - -test_commits() { - RET=0 - if [ -z "$TRAVIS_PULL_REQUEST_SHA" ]; then - echo_blue "Skipping commits tests (not in a Pull Request)" - return 0 - fi - for commit in $(git rev-list ${TRAVIS_COMMIT_RANGE/.../..}); do - echo_blue "=== Checking commit '$commit'" - if git show --format='%P' -s $commit | grep -qF ' '; then - echo_red "Pull request should not include merge commits" - RET=1 - fi - - author="$(git show -s --format=%aN $commit)" - if echo $author | grep -q '\S\+\s\+\S\+'; then - echo_green "Author name ($author) seems ok" - else - echo_red "Author name ($author) need to be your real name 'firstname lastname'" - RET=1 - fi - - subject="$(git show -s --format=%s $commit)" - if echo "$subject" | grep -q -e '^[0-9A-Za-z,/_-]\+: ' -e '^Revert '; then - echo_green "Commit subject line seems ok ($subject)" - else - echo_red "Commit subject line MUST start with ': ' ($subject)" - RET=1 - fi - - body="$(git show -s --format=%b $commit)" - sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)" - if echo "$body" | grep -qF "$sob"; then - echo_green "Signed-off-by match author" - else - echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')" - RET=1 - fi - done - - return $RET -} - -test_packages() { - test_commits && test_packages2 || return 1 -} - -echo_blue "=== Travis ENV" -env -echo_blue "=== Travis ENV" - -if [ -n "$TRAVIS_PULL_REQUEST_SHA" ]; then - while true; do - # if clone depth is too small, git rev-list / diff return incorrect or empty results - C="$(git rev-list ${TRAVIS_COMMIT_RANGE/.../..} | tail -n1)" 2>/dev/null - [ -n "$C" -a "$C" != "a22de9b74cf9579d1ce7e6cf1845b4afa4277b00" ] && break - echo_blue "Fetching 50 commits more" - git fetch origin --deepen=50 - done -fi - -if [ $# -ne 1 ] ; then - cat < Date: Sun, 11 Apr 2021 01:29:59 +0000 Subject: [PATCH 024/221] https-dns-proxy: bugfix: race condition with dnsmasq Signed-off-by: Stan Grishin --- net/https-dns-proxy/Makefile | 2 +- net/https-dns-proxy/files/https-dns-proxy.init | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/https-dns-proxy/Makefile b/net/https-dns-proxy/Makefile index 7413a208d70bc..990c4958825c3 100644 --- a/net/https-dns-proxy/Makefile +++ b/net/https-dns-proxy/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=https-dns-proxy PKG_VERSION:=2021-01-17 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy diff --git a/net/https-dns-proxy/files/https-dns-proxy.init b/net/https-dns-proxy/files/https-dns-proxy.init index c26b33c70afa1..e83fafb49f434 100755 --- a/net/https-dns-proxy/files/https-dns-proxy.init +++ b/net/https-dns-proxy/files/https-dns-proxy.init @@ -110,7 +110,7 @@ start_service() { procd_open_data json_add_array firewall for c in $forceDNSPorts; do - if netstat -tuln | grep LISTEN | grep ":${c}" >/dev/null 2>&1; then + if netstat -tuln | grep 'LISTEN' | grep ":${c}" >/dev/null 2>&1 || [ "$c" = "53" ]; then json_add_object "" json_add_string type redirect json_add_string target DNAT From c338008b8c02246df676a2f550b51efdd53022b1 Mon Sep 17 00:00:00 2001 From: Tiago Gaspar Date: Sun, 11 Apr 2021 00:21:58 +0100 Subject: [PATCH 025/221] netdata: disable shared memory totals by default Fix log spam: daemon.err netdata[2090]: PROCFILE: Cannot open file '/proc/sysvipc/shm' This is caused by a non existant /proc/sysvipc/shm because of the CONFIG_PROC_STRIPPED option that is enabled by default in the kernel generic target config Signed-off-by: Tiago Gaspar --- admin/netdata/Makefile | 2 +- admin/netdata/files/netdata.conf | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/admin/netdata/Makefile b/admin/netdata/Makefile index 120757c349cc3..d2eb44538ff61 100644 --- a/admin/netdata/Makefile +++ b/admin/netdata/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netdata PKG_VERSION:=1.29.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_MAINTAINER:=Josef Schlehofer , Daniel Engberg PKG_LICENSE:=GPL-3.0-or-later diff --git a/admin/netdata/files/netdata.conf b/admin/netdata/files/netdata.conf index 46b87a8a72797..4a247daaede6f 100644 --- a/admin/netdata/files/netdata.conf +++ b/admin/netdata/files/netdata.conf @@ -27,3 +27,6 @@ [health] enabled = no + +[plugin:proc:ipc] + shared memory totals = no From e0ffcc770b888399ec849eaad49c5c8c14343058 Mon Sep 17 00:00:00 2001 From: Robin Rainton Date: Sun, 11 Apr 2021 12:32:37 +0200 Subject: [PATCH 026/221] node: #14983 NODEJS_ICU_SMALL is default Signed-off-by: Robin Rainton --- lang/node/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/node/Makefile b/lang/node/Makefile index b1e8d8b81c545..1de2b6214d342 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node PKG_VERSION:=v14.16.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) @@ -71,7 +71,7 @@ define Package/node/config if PACKAGE_node choice prompt "i18n features" - default NODEJS_ICU_NONE + default NODEJS_ICU_SMALL help Select i18n features From 49f684c14e7cdb33f4075425821c0a946c230178 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 9 Apr 2021 23:54:43 -0300 Subject: [PATCH 027/221] strongswan: libnttft must not select strongswan The strongswan-libnttfft package should not select the strongswan package, but should depend on it instead. Otherwise a circular dependency is created. Signed-off-by: Eneas U de Queiroz --- net/strongswan/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index f2a5dfdd443bf..25249c81e8199 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -377,7 +377,7 @@ endef define Package/strongswan-libnttfft $(call Package/strongswan/Default) TITLE+= nttfft library - DEPENDS:= +strongswan + DEPENDS:= strongswan endef define Package/strongswan-libnttfft/description From ffb5d977714d542cdd0cc9a32d11a6044daf2e21 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Sun, 11 Apr 2021 19:36:16 -0300 Subject: [PATCH 028/221] crun: Don't build on arc The package needs libseccomp, which does not currently support arc. In order to avoid a circular dependency, we must avoid arc here as well. Signed-off-by: Eneas U de Queiroz --- utils/crun/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/crun/Makefile b/utils/crun/Makefile index 4a6b75854a447..5ba58ec228ded 100644 --- a/utils/crun/Makefile +++ b/utils/crun/Makefile @@ -26,7 +26,7 @@ define Package/crun CATEGORY:=Utilities TITLE:=crun URL:=https://github.com/containers/crun - DEPENDS:=+libseccomp +libcap + DEPENDS:=@!arc +libseccomp +libcap endef define Package/crun/description From 3469d123bec672f43a1a81c3457b7926f27ad0c4 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Sun, 11 Apr 2021 19:38:50 -0300 Subject: [PATCH 029/221] Revert "libseccomp: don't build on ARC" This reverts commit b29e609701987072fbd991a9ffc203103f99b943. Adding DEPENDS+=@!arc will cause a circular dependency, because some packages select libseccomp based on a build option. Commit e29483d7e ("libseccomp: workaround a recursive dependency") added a workaround that was not properly documented, so I'll explain here. The problem arises when libseccomp is selected depending on some config option: define Pakcage/foo DEPENDS=+FOO_SECCOMP:libseccomp Even if the condition is correctly defined, excluding arc, such as: define Package/foo/config config FOO_SECCOMP depends on !arc the config generator will parse libseccomp's DEPENDS variable and generate menuconfig statements like these: config PACKAGE_foo select PACKAGE_libseccomp if FOO_SECCOMP depends on !FOO_SECCOMP || !arc The last condition is always true because FOO_SECCOMP will always be be false when arc is true. The config generator is not able to simplify/optimize the condition. The circular dependecy occurs because FOO_SECCOMP depends on PACKAGE_foo, and the redundant, always true line will make PACKAGE_foo depend on FOO_SECCOMP. As a workaround, we can add the 'depends on !arc' line to Package/libseccomp/config, outside of the DEPENDS variable, so that the redundant depends line line does not get generated. Signed-off-by: Eneas U de Queiroz Cc: Daniel Golle --- libs/libseccomp/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/libs/libseccomp/Makefile b/libs/libseccomp/Makefile index 355841df424ea..e82ec751b714a 100644 --- a/libs/libseccomp/Makefile +++ b/libs/libseccomp/Makefile @@ -56,7 +56,6 @@ endef define Package/libseccomp $(call Package/libseccomp/Default) TITLE+= (library) - DEPENDS+= @!arc endef define Package/scmp_sys_resolver From d08baf3f91053e774d39f6ee9c106a61adf30cbe Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Mon, 12 Apr 2021 10:47:17 +0900 Subject: [PATCH 030/221] node: bump to v14.16.1 April 2021 Security Releases - OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450) - OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449) - npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774) OpenSSL-related vulnerabilities do not affect the OpenWrt package. Because OpenWrt's OpenSSL shared library has been updated. Signed-off-by: Hirokazu MORIKAWA --- lang/node/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/node/Makefile b/lang/node/Makefile index 1de2b6214d342..126b796410b1d 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v14.16.0 -PKG_RELEASE:=2 +PKG_VERSION:=v14.16.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=4e7648a617f79b459d583f7dbdd31fbbac5b846d41598f3b54331a5b6115dfa6 +PKG_HASH:=e44adbbed6756c2c1a01258383e9f00df30c147b36e438f6369b5ef1069abac3 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT From 6eee3db13361b79f31b3216184b6cf229aadc953 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sun, 11 Apr 2021 06:05:36 +0000 Subject: [PATCH 031/221] docker-compose: Update to version 1.29.0 Features: - Add profile filter to docker-compose config - Add a depends_on condition to wait for successful service completion Miscellaneous: - Add image scan message on build - Update warning message for --no-ansi to mention --ansi never as alternative - Bump docker-py to 5.0.0 - Bump PyYAML to 5.4.1 - Bump python-dotenv to 0.17.0 Signed-off-by: Javier Marcet --- utils/docker-compose/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/docker-compose/Makefile b/utils/docker-compose/Makefile index 7aca1956e3671..7e2edb1ee52c9 100644 --- a/utils/docker-compose/Makefile +++ b/utils/docker-compose/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=docker-compose -PKG_VERSION:=1.28.6 +PKG_VERSION:=1.29.0 PKG_RELEASE:=1 PYPI_NAME:=docker-compose -PKG_HASH:=1d44906f7ab738ba2d1785130ed31b16111eee6dc5a1dbd7252091dae48c5281 +PKG_HASH:=7f3ac832111b55bf1385ccae8b136dc4cbec04a00cf3191b3d0517003324bfc1 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=Apache-2.0 From 88a0804063aff7aa20cfc21ca598a54a5e5730a6 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sun, 11 Apr 2021 06:03:55 +0000 Subject: [PATCH 032/221] python-docker: Update to 5.0.0 Breaking changes: - Remove support for Python 2.7 - Make Python 3.6 the minimum version supported Features: - Add limit parameter to image search endpoint Bugfixes: - Fix KeyError exception on secret create - Verify TLS keys loaded from docker contexts - Update PORT_SPEC regex to allow square brackets for IPv6 addresses - Fix containers and images documentation examples Signed-off-by: Javier Marcet --- lang/python/python-docker/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-docker/Makefile b/lang/python/python-docker/Makefile index eb8ce5c7194f2..dba601e500e42 100644 --- a/lang/python/python-docker/Makefile +++ b/lang/python/python-docker/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-docker -PKG_VERSION:=4.4.4 +PKG_VERSION:=5.0.0 PKG_RELEASE:=1 PYPI_NAME:=docker -PKG_HASH:=d3393c878f575d3a9ca3b94471a3c89a6d960b35feb92f033c0de36cc9d934db +PKG_HASH:=3e8bc47534e0ca9331d72c32f2881bb13b93ded0bcdeab3c833fb7cf61c0a9a5 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=Apache-2.0 From 80d2f7c42fb493f15efdc96c5eb1a1cd35ea8a47 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Mon, 12 Apr 2021 01:05:21 +0200 Subject: [PATCH 033/221] python-babel: update to version 2.9.0 Update copyright Signed-off-by: Josef Schlehofer --- lang/python/python-babel/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python-babel/Makefile b/lang/python/python-babel/Makefile index 559e65b83275d..42c0f484e6a36 100644 --- a/lang/python/python-babel/Makefile +++ b/lang/python/python-babel/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2019-2020 CZ.NIC, z. s. p. o. (https://www.nic.cz/) +# Copyright (C) 2019-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/) # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-babel -PKG_VERSION:=2.8.0 +PKG_VERSION:=2.9.0 PKG_RELEASE:=1 PYPI_NAME:=Babel -PKG_HASH:=1aac2ae2d0d8ea368fa90906567f5c08463d98ade155c0c4bfedd6a0f7160e38 +PKG_HASH:=da031ab54472314f210b0adcff1588ee5d1d1d0ba4dbd07b94dba82bde791e05 PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=BSD-3-Clause From d44a005402e6508ae3b0894356c003779ccb92f0 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Mon, 12 Apr 2021 00:47:47 +0200 Subject: [PATCH 034/221] python3-bottle: update to version 0.12.19 Signed-off-by: Josef Schlehofer --- lang/python/python3-bottle/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/python/python3-bottle/Makefile b/lang/python/python3-bottle/Makefile index 5caf251995b1d..55ce898b216f5 100644 --- a/lang/python/python3-bottle/Makefile +++ b/lang/python/python3-bottle/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python3-bottle -PKG_VERSION:=0.12.17 -PKG_RELEASE:=2 +PKG_VERSION:=0.12.19 +PKG_RELEASE:=1 PYPI_NAME:=bottle -PKG_HASH:=e9eaa412a60cc3d42ceb42f58d15864d9ed1b92e9d630b8130c871c5bb16107c +PKG_HASH:=a9d73ffcbc6a1345ca2d7949638db46349f5b2b77dac65d6494d45c23628da2c PKG_MAINTAINER:=Josef Schlehofer PKG_LICENSE:=MIT From 913fdb5bf14c23028e72bab36576230644fb5e9b Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Mon, 12 Apr 2021 10:13:43 +0300 Subject: [PATCH 035/221] django: bump to version 3.2 Signed-off-by: Alexandru Ardelean --- lang/python/django/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/django/Makefile b/lang/python/django/Makefile index 7470767504855..78e64d209b4fd 100644 --- a/lang/python/django/Makefile +++ b/lang/python/django/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=django -PKG_VERSION:=3.1.7 +PKG_VERSION:=3.2 PKG_RELEASE:=1 PYPI_NAME:=Django -PKG_HASH:=32ce792ee9b6a0cbbec340123e229ac9f765dff8c2a4ae9247a14b2ba3a365a7 +PKG_HASH:=21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d PKG_MAINTAINER:=Alexandru Ardelean , Peter Stadler PKG_LICENSE:=BSD-3-Clause From 5ebe784b03f2b2b7bf87d7f91a760cbc6ef42f67 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 12 Apr 2021 21:44:17 -0700 Subject: [PATCH 036/221] meson: update to 0.57.2 Remove upstream backport. Signed-off-by: Rosen Penev --- devel/meson/Makefile | 4 ++-- devel/meson/patches/010-options.patch | 31 --------------------------- 2 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 devel/meson/patches/010-options.patch diff --git a/devel/meson/Makefile b/devel/meson/Makefile index 9142b1f8793a2..64b31436bebf5 100644 --- a/devel/meson/Makefile +++ b/devel/meson/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=meson -PKG_VERSION:=0.57.1 +PKG_VERSION:=0.57.2 PKG_RELEASE:=$(AUTORELEASE) PYPI_NAME:=meson -PKG_HASH:=72e1c782ba9bda204f4a1ed57f98d027d7b6eb9414c723eebbd6ec7f1955c8a6 +PKG_HASH:=3a83e7b1c5de94fa991ec34d9b198d94f38ed699d3524cb0fdf3b99fd23d4cc5 PKG_MAINTAINER:=Andre Heider PKG_LICENSE:=Apache-2.0 diff --git a/devel/meson/patches/010-options.patch b/devel/meson/patches/010-options.patch deleted file mode 100644 index c96dabbcd304e..0000000000000 --- a/devel/meson/patches/010-options.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5277eb2232387312c64c79e5622a61cefc26dec0 Mon Sep 17 00:00:00 2001 -From: Dylan Baker -Date: Mon, 5 Apr 2021 13:05:45 -0700 -Subject: [PATCH] coredata: Check for built-in options as host options - -These options often don't exist for the build machine, as they're -generally invalid (ie, prefix, libdir, etc). So we should always check -for their existance as host optiuons, since all we want to know in this -case is if the option is yeilding (valid per-subproject), and build/vs -host doesn't matter in that cases: - -Fixes #8613 ---- - mesonbuild/coredata.py | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - ---- a/mesonbuild/coredata.py -+++ b/mesonbuild/coredata.py -@@ -754,7 +754,11 @@ class CoreData: - if k.subproject and k.subproject != subproject: - continue - # If the option is a builtin and is yielding then it's not allowed per subproject. -- if subproject and k.is_builtin() and self.options[k.as_root()].yielding: -+ # -+ # Always test this using the HOST machine, as many builtin options -+ # are not valid for the BUILD machine, but the yielding value does -+ # not differ between them even when they are valid for both. -+ if subproject and k.is_builtin() and self.options[k.evolve(subproject='', machine=MachineChoice.HOST)].yielding: - continue - # Skip base, compiler, and backend options, they are handled when - # adding languages and setting backend. From a29491505988ee45b00fb7615c242ef74720155d Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 11 Apr 2021 22:35:12 -0700 Subject: [PATCH 037/221] vala: update to 0.52.1 Signed-off-by: Rosen Penev --- lang/vala/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lang/vala/Makefile b/lang/vala/Makefile index 3d7d4776d6714..c71921a39f4f3 100644 --- a/lang/vala/Makefile +++ b/lang/vala/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vala -PKG_VERSION:=0.50.2 -PKG_RELEASE:=1 +PKG_VERSION:=0.52.1 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@GNOME/vala/0.50 -PKG_HASH:=2c0d5dc6d65d070f724063075424c403765ab7935c9e6fbcb84981b94d07ceda +PKG_SOURCE_URL:=@GNOME/vala/0.52 +PKG_HASH:=17a083ce2405f967efa7d92bce82c49e5f65af334513e3d087a6b4435ed6b9fa PKG_MAINTAINER:= PKG_LICENSE:=LGPL-2.1-or-later From 0f7dc62d8742fcb62b2a40abc15cbf65701b20d0 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 11 Apr 2021 22:48:55 -0700 Subject: [PATCH 038/221] squid: update to 4.14 Signed-off-by: Rosen Penev --- net/squid/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/squid/Makefile b/net/squid/Makefile index 661084024dee7..f28fe770c7737 100644 --- a/net/squid/Makefile +++ b/net/squid/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=squid -PKG_VERSION:=4.13 -PKG_RELEASE:=1 +PKG_VERSION:=4.14 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://www3.us.squid-cache.org/Versions/v4/ \ http://www2.pl.squid-cache.org/Versions/v4/ \ http://www.squid-cache.org/Versions/v4/ -PKG_HASH:=6891a0f540e60779b4f24f1802a302f813c6f473ec7336a474ed68c3e2e53ee0 +PKG_HASH:=f1097daa6434897c159bc100978b51347c0339041610845d0afa128151729ffc PKG_MAINTAINER:=Marko Ratkaj PKG_LICENSE:=GPL-2.0-or-later From acdc6988b1936666495f34f9b7df1d0c0072b095 Mon Sep 17 00:00:00 2001 From: Tomas Lara Date: Tue, 13 Apr 2021 01:37:18 -0400 Subject: [PATCH 039/221] collectd: enable cpufreq for rockchip target Enable collectd-mod-cpufreq for rockchip Signed-off-by: Tomas Lara --- utils/collectd/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/collectd/Makefile b/utils/collectd/Makefile index 52d523252e531..8d9f1c2850ce6 100644 --- a/utils/collectd/Makefile +++ b/utils/collectd/Makefile @@ -434,7 +434,7 @@ $(eval $(call BuildPlugin,chrony,chrony status input,chrony,)) $(eval $(call BuildPlugin,conntrack,connection tracking table size input,conntrack,)) $(eval $(call BuildPlugin,contextswitch,context switch input,contextswitch,)) $(eval $(call BuildPlugin,cpu,CPU input,cpu,)) -$(eval $(call BuildPlugin,cpufreq,CPU Freq input,cpufreq,@(TARGET_x86||TARGET_x86_64||TARGET_mvebu||TARGET_ipq806x||TARGET_armvirt||TARGET_ipq40xx||TARGET_bcm27xx_bcm2709))) # Only enable on targets with CPUs supporting frequency scaling +$(eval $(call BuildPlugin,cpufreq,CPU Freq input,cpufreq,@(TARGET_x86||TARGET_x86_64||TARGET_mvebu||TARGET_ipq806x||TARGET_armvirt||TARGET_ipq40xx||TARGET_bcm27xx_bcm2709||TARGET_rockchip))) # Only enable on targets with CPUs supporting frequency scaling $(eval $(call BuildPlugin,csv,CSV output,csv,)) $(eval $(call BuildPlugin,curl,cURL input,curl,+PACKAGE_collectd-mod-curl:libcurl)) #$(eval $(call BuildPlugin,dbi,relational database input,dbi,+PACKAGE_collectd-mod-dbi:libdbi)) From 994d73ecc8c43aebb58b2f762ae006eb4d4da04e Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 9 Apr 2021 18:52:15 +0200 Subject: [PATCH 040/221] bonding: accept list of slaves in uci list notation Rework the bonding.sh protocol handler to accept slave interface names encoded in uci list notation. Also replace ifconfig up/down with ip link calls while we're at it. Fixes: #11455 Fixes: https://github.com/openwrt/luci/issues/4473 Signed-off-by: Jo-Philipp Wich --- net/bonding/Makefile | 2 +- net/bonding/files/lib/netifd/proto/bonding.sh | 43 +++++++++++-------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/net/bonding/Makefile b/net/bonding/Makefile index 5c74d6b5ced06..d3c1855f0245a 100644 --- a/net/bonding/Makefile +++ b/net/bonding/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=proto-bonding -PKG_VERSION:=2020-03-30 +PKG_VERSION:=2021-04-09 PKG_RELEASE:=1 PKG_LICENSE:=GPL-2.0 diff --git a/net/bonding/files/lib/netifd/proto/bonding.sh b/net/bonding/files/lib/netifd/proto/bonding.sh index 556d7c824efde..ac65516371670 100755 --- a/net/bonding/files/lib/netifd/proto/bonding.sh +++ b/net/bonding/files/lib/netifd/proto/bonding.sh @@ -37,7 +37,7 @@ proto_bonding_init_config() { proto_config_add_string "bonding_policy" proto_config_add_string "link_monitoring" - proto_config_add_string "slaves" + proto_config_add_array "slaves" proto_config_add_string "all_slaves_active" proto_config_add_string "min_links" @@ -66,6 +66,28 @@ proto_bonding_init_config() { proto_config_add_string "use_carrier" } +proto_bonding_add_slave() { + local slave=$1 + local idx=$2 + local cfg=$3 + local link=$4 + + if [ ! -e "/sys/class/net/$slave" ]; then + echo "$cfg" "No slave device $slave found" + proto_notify_error "$cfg" NO_DEVICE + proto_block_restart "$cfg" + return + fi + + ip link set dev "$slave" down + + sleep 1 + + echo "+$slave" > /sys/class/net/"$link"/bonding/slaves + + ip link set dev "$slave" up +} + proto_bonding_setup() { local cfg="$1" local link="bonding-$cfg" @@ -157,24 +179,7 @@ proto_bonding_setup() { # Add slaves to bonding interface local slaves json_get_vars slaves - - for slave in $slaves; do - - if [ "$(cat /proc/net/dev |grep "$slave")" == "" ]; then - echo "$cfg" "No slave device $slave found" - proto_notify_error "$cfg" NO_DEVICE - proto_block_restart "$cfg" - return - fi - - ifconfig "$slave" down - - sleep 1 - - echo "+$slave" > /sys/class/net/"$link"/bonding/slaves - - ifconfig "$slave" up - done + json_for_each_item proto_bonding_add_slave slaves "$cfg" "$link" [ -n "$all_slaves_active" ] && echo "$all_slaves_active" > /sys/class/net/"$link"/bonding/all_slaves_active From 4b11b48ea955cf6bde3655b7c70cc83a24dd195f Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 11 Apr 2021 22:30:29 -0700 Subject: [PATCH 041/221] vips: update to 8.10.6 Switch to AUTORELEASE for simplicity. Signed-off-by: Rosen Penev --- libs/vips/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/vips/Makefile b/libs/vips/Makefile index e13a9b5032c34..a8eb4c7a49a41 100644 --- a/libs/vips/Makefile +++ b/libs/vips/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vips -PKG_VERSION:=8.10.5 -PKG_RELEASE:=2 +PKG_VERSION:=8.10.6 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/libvips/libvips/releases/download/v$(PKG_VERSION) -PKG_HASH:=a4eef2f5334ab6dbf133cd3c6d6394d5bdb3e76d5ea4d578b02e1bc3d9e1cfd8 +PKG_HASH:=2468088d958e0e2de1be2991ff8940bf45664a826c0dad12342e1804e2805a6e PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=LGPL-2.1-or-later From eee55e137d216fc6be5f195c2eb3398f8135daed Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Mon, 12 Apr 2021 18:19:00 -0300 Subject: [PATCH 042/221] ruby: update to 3.0.1 Fixes two CVEs: CVE-2021-28965: XML round-trip vulnerability in REXML CVE-2021-28966: Path traversal in Tempfile on Windows Signed-off-by: Luiz Angelo Daros de Luca --- lang/ruby/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index 937ff76a23e5e..47413eead152b 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ruby -PKG_VERSION:=3.0.0 +PKG_VERSION:=3.0.1 PKG_RELEASE:=1 # First two numbes @@ -19,7 +19,7 @@ PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/ -PKG_HASH:=68bfaeef027b6ccd0032504a68ae69721a70e97d921ff328c0c8836c798f6cb1 +PKG_HASH:=d06bccd382d03724b69f674bc46cd6957ba08ed07522694ce44b9e8ffc9c48e2 PKG_MAINTAINER:=Luiz Angelo Daros de Luca PKG_LICENSE:=BSD-2-Clause PKG_LICENSE_FILES:=COPYING From 7815e586eead54050a6854c34eb0ec7d8c7d6596 Mon Sep 17 00:00:00 2001 From: Jan Pavlinec Date: Tue, 13 Apr 2021 16:44:25 +0200 Subject: [PATCH 043/221] ooniprobe: update to version 3.9.2 Signed-off-by: Jan Pavlinec --- net/ooniprobe/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ooniprobe/Makefile b/net/ooniprobe/Makefile index e4f1e5668d457..b766983757f38 100644 --- a/net/ooniprobe/Makefile +++ b/net/ooniprobe/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ooniprobe -PKG_VERSION:=3.9.0 +PKG_VERSION:=3.9.2 PKG_RELEASE:=1 PKG_SOURCE:=probe-cli-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ooni/probe-cli/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=92dc714472c473352d750d558962734a42894d67407e755f94fed8d099cc8504 +PKG_HASH:=d34dc096dfdebceaa027716fdf675eb9ab7f0085defb4235f52685d064bd5afa PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=BSD-3-Clause From dc8feae01f79bc4f21de9f7e0a91cb4da244597e Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 12 Apr 2021 21:42:04 -0700 Subject: [PATCH 044/221] glib2: update to 2.68.1 Removed two now pointless patches as they were added as options. Switch to AUTORELEASE for simplicity. Update MESON_ARGS. Signed-off-by: Rosen Penev --- libs/glib2/Makefile | 14 +++++++++----- libs/glib2/patches/001-no-libelf.patch | 23 ----------------------- libs/glib2/patches/002-no-tests.patch | 11 ----------- libs/glib2/patches/004-no-distutils.patch | 4 ++-- libs/glib2/patches/005-uclibc.patch | 2 +- libs/glib2/patches/006-c99.patch | 2 +- 6 files changed, 13 insertions(+), 43 deletions(-) delete mode 100644 libs/glib2/patches/001-no-libelf.patch delete mode 100644 libs/glib2/patches/002-no-tests.patch diff --git a/libs/glib2/Makefile b/libs/glib2/Makefile index 3e46675ffc5d6..e5aee0feec7bb 100644 --- a/libs/glib2/Makefile +++ b/libs/glib2/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=glib2 -PKG_VERSION:=2.66.4 -PKG_RELEASE:=1 +PKG_VERSION:=2.68.1 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=glib-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@GNOME/glib/2.66 -PKG_HASH:=97df8670e32f9fd4f7392b0980e661dd625012015d58350da1e58e343f4af984 +PKG_SOURCE_URL:=@GNOME/glib/2.68 +PKG_HASH:=241654b96bd36b88aaa12814efc4843b578e55d47440103727959ac346944333 PKG_MAINTAINER:=Peter Wagner PKG_LICENSE:=LGPL-2.1-or-later @@ -57,15 +57,19 @@ COMP_ARGS= \ -Dman=false \ -Ddtrace=false \ -Dsystemtap=false \ + -Dsysprof=disabled \ -Dgtk_doc=false \ -Dbsymbolic_functions=true \ -Dforce_posix_threads=true \ -Dfam=false \ + -Dtests=false \ -Dinstalled_tests=false \ -Dnls=$(if $(CONFIG_BUILD_NLS),en,dis)abled \ -Doss_fuzz=disabled \ + -Dglib_debug=disabled \ -Dglib_assert=false \ - -Dglib_checks=false + -Dglib_checks=false \ + -Dlibelf=disabled MESON_HOST_ARGS += $(COMP_ARGS) -Dxattr=false MESON_ARGS += $(COMP_ARGS) -Dxattr=true -Db_lto=true diff --git a/libs/glib2/patches/001-no-libelf.patch b/libs/glib2/patches/001-no-libelf.patch deleted file mode 100644 index a1fe738dadc10..0000000000000 --- a/libs/glib2/patches/001-no-libelf.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- a/gio/meson.build -+++ b/gio/meson.build -@@ -874,20 +874,6 @@ endif - - # Dependencies used by executables below - have_libelf = false --libelf = dependency('libelf', version : '>= 0.8.12', required : false) --if libelf.found() -- have_libelf = true --else -- # This fallback is necessary on *BSD. elfutils isn't the only libelf -- # implementation, and *BSD usually includes their own libelf as a system -- # library which doesn't have a corresponding .pc file. -- libelf = cc.find_library('elf', required : false) -- have_libelf = libelf.found() -- have_libelf = have_libelf and cc.has_function('elf_begin', dependencies : libelf) -- have_libelf = have_libelf and cc.has_function('elf_getshdrstrndx', dependencies : libelf) -- have_libelf = have_libelf and cc.has_function('elf_getshdrnum', dependencies : libelf) -- have_libelf = have_libelf and cc.has_header('libelf.h') --endif - - if have_libelf - glib_conf.set('HAVE_LIBELF', 1) diff --git a/libs/glib2/patches/002-no-tests.patch b/libs/glib2/patches/002-no-tests.patch deleted file mode 100644 index fbd35b7762cb5..0000000000000 --- a/libs/glib2/patches/002-no-tests.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/meson.build -+++ b/meson.build -@@ -94,7 +94,7 @@ installed_tests_template = files('templa - installed_tests_template_tap = files('template-tap.test.in') - - # Don’t build the tests unless we can run them (either natively, in an exe wrapper, or by installing them for later use) --build_tests = not meson.is_cross_build() or (meson.is_cross_build() and meson.has_exe_wrapper()) or installed_tests_enabled -+build_tests = false - - add_project_arguments('-D_GNU_SOURCE', language: 'c') - diff --git a/libs/glib2/patches/004-no-distutils.patch b/libs/glib2/patches/004-no-distutils.patch index b8c35d9a01400..5dc541189d941 100644 --- a/libs/glib2/patches/004-no-distutils.patch +++ b/libs/glib2/patches/004-no-distutils.patch @@ -1,6 +1,6 @@ --- a/meson.build +++ b/meson.build -@@ -2185,16 +2185,10 @@ endif +@@ -2220,16 +2220,10 @@ endif glib_conf.set('HAVE_PROC_SELF_CMDLINE', have_proc_self_cmdline) @@ -17,4 +17,4 @@ - # Determine which user environment-dependent files that we want to install have_bash = find_program('bash', required : false).found() # For completion scripts - have_sh = find_program('sh', required : false).found() # For glib-gettextize + bash_comp_dep = dependency('bash-completion', version: '>=2.0', required: false) diff --git a/libs/glib2/patches/005-uclibc.patch b/libs/glib2/patches/005-uclibc.patch index 46fd16305d615..ab3ac4ba21e18 100644 --- a/libs/glib2/patches/005-uclibc.patch +++ b/libs/glib2/patches/005-uclibc.patch @@ -1,6 +1,6 @@ --- a/meson.build +++ b/meson.build -@@ -2003,8 +2003,8 @@ endif +@@ -2038,8 +2038,8 @@ endif # FIXME: glib-gettext.m4 has much more checks to detect broken/uncompatible # implementations. This could be extended if issues are found in some platforms. libintl_deps = [] diff --git a/libs/glib2/patches/006-c99.patch b/libs/glib2/patches/006-c99.patch index 60db223fd36a4..76180e2e8933d 100644 --- a/libs/glib2/patches/006-c99.patch +++ b/libs/glib2/patches/006-c99.patch @@ -1,6 +1,6 @@ --- a/meson.build +++ b/meson.build -@@ -923,7 +923,7 @@ if host_system == 'windows' and (cc.get_ +@@ -944,7 +944,7 @@ if host_system == 'windows' and (cc.get_ glib_conf.set('HAVE_C99_SNPRINTF', false) glib_conf.set('HAVE_C99_VSNPRINTF', false) glib_conf.set('HAVE_UNIX98_PRINTF', false) From 143096a53ea93662bf5f64084d281c1bb8cf93c0 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 11 Apr 2021 21:18:19 -0700 Subject: [PATCH 045/221] hcxtools: update to 6.1.6 Add patch fixing compilation without deprecated OpenSSL APIs. Fix installation. This never worked as the section was misnamed. Updated tool names. Signed-off-by: Rosen Penev --- net/hcxtools/Makefile | 34 ++++------- net/hcxtools/patches/010-openssl.patch | 85 ++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 21 deletions(-) create mode 100644 net/hcxtools/patches/010-openssl.patch diff --git a/net/hcxtools/Makefile b/net/hcxtools/Makefile index 143bc447f888c..4c555156801e0 100644 --- a/net/hcxtools/Makefile +++ b/net/hcxtools/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hcxtools -PKG_VERSION:=5.3.0 -PKG_RELEASE:=1 +PKG_VERSION:=6.1.6 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/zerbea/hcxtools/tar.gz/$(PKG_VERSION)? -PKG_HASH:=bc3465eb3b97c4db849af41ae3fa7c812d4683eb9e493f090ac82e922ba8a36d +PKG_HASH:=27b1b1ad722b9d82f8e92c6bec92d081159e5b8225bd2a477bf8d304ff4aeb03 PKG_MAINTAINER:=Andreas Nilsen PKG_LICENSE:=MIT @@ -41,29 +41,21 @@ define Build/Compile CFLAGS="$(TARGET_CFLAGS)" endef -define Package/hcxtools-custom/install +define Package/hcxtools/install $(INSTALL_DIR) $(1)/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpcapngtool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxeiutool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxessidtool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhash2cap $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhashcattool $(1)/sbin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhashtool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxmactool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpcapngtool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpmkidtool $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpmktool $(1)/sbin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpsktool $(1)/sbin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxwltool $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancap2wpasec $(1)/sbin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/whoismac $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpmkidtool $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcx2john $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxpcaptool $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhashcattool $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxmactool $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxessidtool $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/hcxhash2cap $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhc2hcx $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanwkp2hcx $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcxinfo $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcx2ssid $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanhcxcat $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanpmk2hcx $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlanjohn2hcx $(1)/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancow2hcxpmk $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/wlancap2wpasec $(1)/sbin/ endef $(eval $(call BuildPackage,hcxtools)) diff --git a/net/hcxtools/patches/010-openssl.patch b/net/hcxtools/patches/010-openssl.patch new file mode 100644 index 0000000000000..bae0027df132b --- /dev/null +++ b/net/hcxtools/patches/010-openssl.patch @@ -0,0 +1,85 @@ +--- a/hcxhashtool.c ++++ b/hcxhashtool.c +@@ -104,9 +104,6 @@ static void closelists() + { + if(hashlist != NULL) free(hashlist); + if(ouilist != NULL) free(ouilist); +-EVP_cleanup(); +-CRYPTO_cleanup_all_ex_data(); +-ERR_free_strings(); + return; + } + /*===========================================================================*/ +@@ -125,8 +122,6 @@ eapolwrittencount = 0; + essidwrittencount = 0; + hccapxwrittencount = 0; + hccapwrittencount = 0; +-ERR_load_crypto_strings(); +-OpenSSL_add_all_algorithms(); + if((hashlist = (hashlist_t*)calloc(hashlistcount, HASHLIST_SIZE)) == NULL) return false; + if((ouilist = (ouilist_t*)calloc(ouilistcount, OUILIST_SIZE)) == NULL) return false; + return true; +--- a/hcxpcapngtool.c ++++ b/hcxpcapngtool.c +@@ -358,9 +358,6 @@ if(eapmschapv2msglist != NULL) free(eapm + if(eapmschapv2hashlist != NULL) free(eapmschapv2hashlist); + if(tacacsplist != NULL) free(tacacsplist); + +-EVP_cleanup(); +-CRYPTO_cleanup_all_ex_data(); +-ERR_free_strings(); + return; + } + /*===========================================================================*/ +@@ -369,8 +366,6 @@ static bool initlists() + static unsigned long opensslversion; + static const char nastring[] = { "N/A" }; + +-ERR_load_crypto_strings(); +-OpenSSL_add_all_algorithms(); + opensslversion = OpenSSL_version_num(); + opensslversionmajor = (opensslversion & 0x10000000L) >> 28; + opensslversionminor = (opensslversion & 0x01100000L) >> 20; +--- a/hcxpmktool.c ++++ b/hcxpmktool.c +@@ -920,8 +920,6 @@ while((auswahl = getopt_long(argc, argv, + } + } + +-ERR_load_crypto_strings(); +-OpenSSL_add_all_algorithms(); + printf("\n"); + if((essidstring != NULL) && (pskstring != NULL) && (pmkstring == NULL) && (hashlinestring == NULL)) + { +@@ -953,9 +951,6 @@ else if((essidstring != NULL) && (pskstr + } + + printf("\n"); +-EVP_cleanup(); +-CRYPTO_cleanup_all_ex_data(); +-ERR_free_strings(); + return EXIT_SUCCESS; + } + /*===========================================================================*/ +--- a/hcxpsktool.c ++++ b/hcxpsktool.c +@@ -61,8 +61,6 @@ essidglen = 32; + t = time(NULL); + tm = localtime(&t); + thisyear = tm->tm_year +1900; +-ERR_load_crypto_strings(); +-OpenSSL_add_all_algorithms(); + return; + } + /*===========================================================================*/ +@@ -2770,10 +2768,6 @@ if(pskname != NULL) + fclose(fhpsk); + } + +-EVP_cleanup(); +-CRYPTO_cleanup_all_ex_data(); +-ERR_free_strings(); +- + return EXIT_SUCCESS; + } + /*===========================================================================*/ From f9087efa52130f327dc9d8163dda9cf85e85bb67 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 11 Apr 2021 21:24:18 -0700 Subject: [PATCH 046/221] hcxdumptool: update to 6.1.6 Fix compilation without deprecated OpenSSL APIs. Backport upstream patch to fix stdout. Signed-off-by: Rosen Penev --- net/hcxdumptool/Makefile | 6 ++-- net/hcxdumptool/patches/010-openssl.patch | 39 +++++++++++++++++++++++ net/hcxdumptool/patches/020-stdout.patch | 21 ++++++++++++ 3 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 net/hcxdumptool/patches/010-openssl.patch create mode 100644 net/hcxdumptool/patches/020-stdout.patch diff --git a/net/hcxdumptool/Makefile b/net/hcxdumptool/Makefile index 0f2cddf5d6a43..94c757fd4c1ea 100644 --- a/net/hcxdumptool/Makefile +++ b/net/hcxdumptool/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hcxdumptool -PKG_VERSION:=6.0.1 -PKG_RELEASE:=1 +PKG_VERSION:=6.1.6 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/zerbea/hcxdumptool/tar.gz/$(PKG_VERSION)? -PKG_HASH:=32bc07b692f5682792dcfd1d5dcae749e5fed4a65a2a05d815ed59adc9b64b02 +PKG_HASH:=e3212bd808e228c28ecfeeb4a9709480aa178b2e8b15c0a7d96733b648f8da85 PKG_MAINTAINER:=Andreas Nilsen PKG_LICENSE:=MIT diff --git a/net/hcxdumptool/patches/010-openssl.patch b/net/hcxdumptool/patches/010-openssl.patch new file mode 100644 index 0000000000000..a83773750becd --- /dev/null +++ b/net/hcxdumptool/patches/010-openssl.patch @@ -0,0 +1,39 @@ +--- a/hcxdumptool.c ++++ b/hcxdumptool.c +@@ -480,10 +480,6 @@ if(rebootflag == true) + } + } + +-EVP_cleanup(); +-CRYPTO_cleanup_all_ex_data(); +-ERR_free_strings(); +- + if(errorcount != 0) exit(EXIT_FAILURE); + if(totflag == true) exit(USER_EXIT_TOT); + exit(EXIT_SUCCESS); +@@ -7270,8 +7266,6 @@ return true; + /*===========================================================================*/ + static inline bool tlsinit() + { +-SSL_load_error_strings(); +-OpenSSL_add_ssl_algorithms(); + if((tlsctx = SSL_CTX_new(SSLv23_server_method())) == NULL) + { + fprintf(stderr, "OpenSSl can't create SSL context\n"); +@@ -7290,7 +7284,6 @@ if(SSL_CTX_use_PrivateKey_file(tlsctx, e + if((eaptlsctx = (eaptlsctx_t*)malloc(EAPTLSCTX_SIZE)) == NULL) return false; + memset(eaptlsctx, 0, EAPTLSCTX_SIZE); + SSL_CTX_set_session_cache_mode(tlsctx, SSL_SESS_CACHE_OFF); +-SSL_CTX_set_ecdh_auto(tlsctx, 1); + SSL_CTX_set_verify(tlsctx, (SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE), eap_tls_clientverify_cb); + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + SSL_CTX_set_min_proto_version(tlsctx, TLS1_VERSION); +@@ -7364,8 +7357,6 @@ if(gpiostatusled > 0) + } + + +-ERR_load_crypto_strings(); +-OpenSSL_add_all_algorithms(); + opensslversion = OpenSSL_version_num(); + opensslversionmajor = (opensslversion & 0x10000000L) >> 28; + opensslversionminor = (opensslversion & 0x01100000L) >> 20; diff --git a/net/hcxdumptool/patches/020-stdout.patch b/net/hcxdumptool/patches/020-stdout.patch new file mode 100644 index 0000000000000..53c6147cfa8c1 --- /dev/null +++ b/net/hcxdumptool/patches/020-stdout.patch @@ -0,0 +1,21 @@ +From 63012853a81aa623f09304baf1f5b0b69f1ebfbd Mon Sep 17 00:00:00 2001 +From: Tristian <2220506+Tristian@users.noreply.github.com> +Date: Tue, 16 Mar 2021 16:17:07 -0400 +Subject: [PATCH] fix assignment of read-only variable 'stdout' + +- stdout cannot be reassigned on some systems i.e OpenWRT on mipsel +--- + hcxdumptool.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/hcxdumptool.c ++++ b/hcxdumptool.c +@@ -7958,7 +7958,7 @@ while((auswahl = getopt_long(argc, argv, + else + { + fd_pcapng = fileno(stdout); +- stdout = fopen("/dev/null", "w"); ++ freopen("/dev/null", "w", stdout); + } + } + pcapngoutname = optarg; From 36c19f22169731036b89059b02a98e5fd8f3ec48 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Tue, 13 Apr 2021 12:32:57 -0600 Subject: [PATCH 047/221] strongswan: drop subshell when possible A subshell caused by $(...) can't persistently modify globals as a side-effect. Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 2 +- net/strongswan/files/swanctl.init | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index 25249c81e8199..d58afad99871d 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init index 21fc7e8ec5e06..344518e3c875d 100644 --- a/net/strongswan/files/swanctl.init +++ b/net/strongswan/files/swanctl.init @@ -160,11 +160,13 @@ add_esp_proposal() { parse_esp_proposal() { local conf="$1" + local var="$2" + local crypto="" config_list_foreach "$conf" crypto_proposal add_esp_proposal - echo "$crypto" + export -n "$var=$crypto" } add_ike_proposal() { @@ -190,11 +192,13 @@ add_ike_proposal() { parse_ike_proposal() { local conf="$1" + local var="$2" + local crypto="" config_list_foreach "$conf" crypto_proposal add_ike_proposal - echo "$crypto" + export -n "$var=$crypto" } config_conn() { @@ -228,7 +232,8 @@ config_conn() { config_get if_id "$1" if_id "" config_get rekeytime "$1" rekeytime "" - local esp_proposal="$(parse_esp_proposal "$1")" + local esp_proposal + parse_esp_proposal "$1" esp_proposal # translate from ipsec to swanctl case "$startaction" in @@ -387,7 +392,8 @@ config_remote() { local_gateway=`ip -o route get $ipdest | awk '/ src / { gsub(/^.* src /,""); gsub(/ .*$/, ""); print $0}'` } - local ike_proposal="$(parse_ike_proposal "$1")" + local ike_proposal + parse_ike_proposal "$1" ike_proposal [ -n "$firewall" ] && warning "Firewall not supported" From b18b3152cf265b8be97c2656da7acb17bb0531a1 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Mon, 12 Apr 2021 22:42:05 -0600 Subject: [PATCH 048/221] strongswan: fail on serious configuration errors Signed-off-by: Philip Prindeville --- net/strongswan/files/swanctl.init | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init index 344518e3c875d..692cc2bbe6749 100644 --- a/net/strongswan/files/swanctl.init +++ b/net/strongswan/files/swanctl.init @@ -17,6 +17,8 @@ SWANCTL_VAR_CONF_FILE=/var/swanctl/swanctl.conf WAIT_FOR_INTF=0 +CONFIG_FAIL=0 + time2seconds() { local timestring="$1" @@ -128,6 +130,11 @@ warning() { echo "WARNING: $@" >&2 } +fatal() { + echo "ERROR: $@" >&2 + CONFIG_FAIL=1 +} + is_aead() { local cipher="$1" @@ -150,7 +157,7 @@ add_esp_proposal() { # check for AEAD and clobber hash_algorithm if set if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then - warning "Can't have $hash_algorithm with $encryption_algorithm" + fatal "Can't have $hash_algorithm with $encryption_algorithm" hash_algorithm= fi @@ -182,7 +189,7 @@ add_ike_proposal() { # check for AEAD and clobber hash_algorithm if set if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then - warning "Can't have $hash_algorithm with $encryption_algorithm" + fatal "Can't have $hash_algorithm with $encryption_algorithm" hash_algorithm= fi @@ -245,7 +252,7 @@ config_conn() { # already using new syntax ;; *) - warning "Startaction $startaction unknown" + fatal "Startaction $startaction unknown" startaction= ;; esac @@ -261,7 +268,7 @@ config_conn() { # already using new syntax ;; *) - warning "Closeaction $closeaction unknown" + fatal "Closeaction $closeaction unknown" closeaction= ;; esac @@ -283,7 +290,7 @@ config_conn() { # already using new syntax ;; *) - warning "Dpdaction $dpdaction unknown" + fatal "Dpdaction $dpdaction unknown" dpdaction= ;; esac @@ -378,7 +385,7 @@ config_remote() { # already using new syntax ;; *) - warning "Fragmentation $fragmentation not supported" + fatal "Fragmentation $fragmentation not supported" fragmentation= ;; esac @@ -395,7 +402,7 @@ config_remote() { local ike_proposal parse_ike_proposal "$1" ike_proposal - [ -n "$firewall" ] && warning "Firewall not supported" + [ -n "$firewall" ] && fatal "Firewall not supported" swanctl_xappend0 "# config for $config_name" swanctl_xappend0 "connections {" @@ -434,7 +441,7 @@ config_remote() { ikev2) swanctl_xappend2 "version = 2" ;; *) - warning "Keyexchange $keyexchange not supported" + fatal "Keyexchange $keyexchange not supported" keyexchange= ;; esac @@ -489,7 +496,7 @@ config_remote() { fi fi else - warning "AuthenticationMode $auth_mode not supported" + fatal "AuthenticationMode $auth_mode not supported" fi swanctl_xappend0 "" @@ -593,6 +600,11 @@ start_service() { [ $WAIT_FOR_INTF -eq 1 ] && return + if [ $CONFIG_FAIL -ne 0 ]; then + procd_set_param error "Invalid configuration" + return + fi + procd_open_instance procd_set_param command $PROG --daemon charon --nofork From c6fad3c11f4f8047ebe51a280d9df9245f4ee907 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Mon, 12 Apr 2021 21:59:30 -0600 Subject: [PATCH 049/221] strongswan: handle chacha20poly1305 as AEAD chacha20policy1305 is also an AEAD cipher, and hence does not permit a hash algorithm. Fixes issue #15397. Signed-off-by: Philip Prindeville --- net/strongswan/files/swanctl.init | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init index 692cc2bbe6749..58f168dcf53b8 100644 --- a/net/strongswan/files/swanctl.init +++ b/net/strongswan/files/swanctl.init @@ -141,6 +141,8 @@ is_aead() { case "$cipher" in aes*gcm*|aes*ccm*|aes*gmac*) return 0 ;; + chacha20poly1305) + return 0 ;; esac return 1 From c5f1b0319efb62c9d287abc2a5c63ec674dfb241 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 13 Apr 2021 21:34:35 -0700 Subject: [PATCH 050/221] pulseaudio: fix compilation without doxygen Meson update makes this error now. Signed-off-by: Rosen Penev --- sound/pulseaudio/Makefile | 2 +- sound/pulseaudio/patches/020-doxygen.patch | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 sound/pulseaudio/patches/020-doxygen.patch diff --git a/sound/pulseaudio/Makefile b/sound/pulseaudio/Makefile index 7613193e0be5c..f16ab6d0827a0 100644 --- a/sound/pulseaudio/Makefile +++ b/sound/pulseaudio/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pulseaudio PKG_VERSION:=14.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://freedesktop.org/software/pulseaudio/releases diff --git a/sound/pulseaudio/patches/020-doxygen.patch b/sound/pulseaudio/patches/020-doxygen.patch new file mode 100644 index 0000000000000..1333943d3540d --- /dev/null +++ b/sound/pulseaudio/patches/020-doxygen.patch @@ -0,0 +1,10 @@ +--- a/meson.build ++++ b/meson.build +@@ -698,7 +698,6 @@ check_dep = dependency('check', version + + # Subdirs + +-subdir('doxygen') + subdir('po') + if get_option('man') + subdir('man') From 2ebcf74d7f7bda01bc6a92d5dd9fbcdf9e14764e Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 13 Apr 2021 20:21:45 -0700 Subject: [PATCH 051/221] libupnpp: update to 0.21.0 Signed-off-by: Rosen Penev --- libs/libupnpp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/libupnpp/Makefile b/libs/libupnpp/Makefile index c12870028719f..dbd066f3b5a09 100644 --- a/libs/libupnpp/Makefile +++ b/libs/libupnpp/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libupnpp -PKG_VERSION:=0.20.1 +PKG_VERSION:=0.21.0 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.lesbonscomptes.com/upmpdcli/downloads -PKG_HASH:=d4da986aeaa7124a1732ce3383b6ac8f28e20cab10f1916709f39e5499ae9c38 +PKG_HASH:=e43dbe5020ed25152aaec71b325dd80498e72038da5aeb50ed7dd51e213cd903 PKG_MAINTAINER:= PKG_LICENSE:=LGPL-2.1-or-later From 3a94c378ed2a2817d1f76fd91e5b3ac6c510b5ee Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 13 Apr 2021 20:25:48 -0700 Subject: [PATCH 052/221] umpdcli: update to 1.5.11 Signed-off-by: Rosen Penev --- sound/upmpdcli/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/upmpdcli/Makefile b/sound/upmpdcli/Makefile index 7eb7d43930b38..05612ff250b4f 100644 --- a/sound/upmpdcli/Makefile +++ b/sound/upmpdcli/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=upmpdcli -PKG_VERSION:=1.5.9 +PKG_VERSION:=1.5.11 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.lesbonscomptes.com/upmpdcli/downloads -PKG_HASH:=9fda0b59db8a8b4f283333a89dcca19d70fb8820286d3d071b7c80de38eb7116 +PKG_HASH:=7c8c6ab866114699405223c60457448dcce35fc13e1e374f68b60eefc55f4f04 PKG_MAINTAINER:= PKG_LICENSE:=LGPL-2.1-or-later From f63a867a20582f59e435dfca3212e614a679adc1 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 13 Apr 2021 19:57:44 -0700 Subject: [PATCH 053/221] libupnp: update to 1.14.5 Switch to compiling with CMake. Faster. Signed-off-by: Rosen Penev --- libs/libupnp/Makefile | 60 +++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/libs/libupnp/Makefile b/libs/libupnp/Makefile index 15c4974e0d5d3..52553f0d906ff 100644 --- a/libs/libupnp/Makefile +++ b/libs/libupnp/Makefile @@ -1,23 +1,24 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libupnp -PKG_VERSION:=1.14.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.14.5 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=@SF/pupnp -PKG_HASH:=ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb +PKG_HASH:=227ffa407be6b91d4e42abee1dd27e4b8d7e5ba8d3d45394cca4e1eadc65149a PKG_MAINTAINER:=Ted Hess PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=COPYING PKG_CPE_ID:=cpe:/a:libupnp_project:libupnp -PKG_FIXUP:=autoreconf -PKG_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 +PKG_CONFIG_DEPENDS:= \ + CONFIG_PACKAGE_libupnp-sample \ + CONFIG_IPV6 include $(INCLUDE_DIR)/package.mk +include ../../devel/ninja/ninja-cmake.mk define Package/libupnp/Default SECTION:=libs @@ -49,30 +50,33 @@ define Package/libupnp-sample/description TVcontrolpoint & tvdevice sample applications run inside /etc/upnp-tvdevice/ endef -CONFIGURE_ARGS += \ - --enable-client \ - --enable-device \ - --enable-gena \ - --enable-reuseaddr \ - --enable-gena \ - --enable-webserver \ - --enable-ssdp \ - --enable-soap \ - --enable-tools \ - --enable-blocking_tcp_connections \ - --enable-samples \ - --disable-debug \ - --disable-optssdp \ - --disable-unspecified_server \ - --disable-open_ssl \ - --disable-scriptsupport \ - --disable-postwrite +CMAKE_OPTIONS += \ + -DBUILD_TESTING=OFF \ + -Dclient=ON \ + -Ddevice=ON \ + -Dwebserver=OFF \ + -Dssdp=ON \ + -Doptssdp=OFF \ + -Dsoap=ON \ + -Dgena=ON \ + -Dtools=O$(if $(CONFIG_PACKAGE_libupnp-sample),N,FF) \ + -Dipv6=O$(if $(CONFIG_IPV6),N,FF) \ + -Dunspecified_server=OFF \ + -Dopen_ssl=OFF \ + -Dblocking_tcp_connections=ON \ + -Dscriptsupport=OFF \ + -Dpostwrite=OFF \ + -Dreuseaddr=ON \ + -Dsamples=O$(if $(CONFIG_PACKAGE_libupnp-sample),N,FF) \ + -DDOWNLOAD_AND_BUILD_DEPS=OFF define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/upnp $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{ixml,upnp}.{a,so*,la} $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{ixml,upnp}.{a,so*} $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/cmake + $(CP) $(PKG_INSTALL_DIR)/usr/lib/cmake/* $(1)/usr/lib/cmake $(INSTALL_DIR) $(1)/usr/lib/pkgconfig $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libupnp.pc $(1)/usr/lib/pkgconfig/ endef @@ -84,9 +88,9 @@ endef define Package/libupnp-sample/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/upnp/sample/.libs/* $(1)/usr/bin - $(INSTALL_DIR) $(1)/etc/upnp-tvdevice/web - $(INSTALL_DATA) $(PKG_BUILD_DIR)/upnp/sample/web/* $(1)/etc/upnp-tvdevice + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tv* $(1)/usr/bin + $(INSTALL_DIR) $(1)/usr/share/upnp + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/upnp/tv* $(1)/usr/share/upnp endef $(eval $(call BuildPackage,libupnp)) From c0ae2012cd2ed7c06c06ad5893aa0fc27c5aee54 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Mon, 12 Apr 2021 09:43:35 +0300 Subject: [PATCH 054/221] python-greenlet: support MIPS architecture Fixes: https://github.com/openwrt/packages/issues/15370 This is inspired from: https://github.com/wlanslovenija/firmware-packages-opkg/blob/330bc94dccd16a3e92ac2fdde08c81a598e12f94/lang/python-greenlet/Makefile The `PKG_USE_MIPS16:=0` is not taken into consideration when building Python modules. That's because the sysconfig is used. This is only an issue with greenlet (on MIPS) so far. One option is to do `PKG_USE_MIPS16:=0` in the core Python package. But, since we know that the `wlanslovenija` group has successfully used greenlet on MIPS with this construct, we might as well adopt it until GCC10 becomes the main compiler. As noted here: https://github.com/openwrt/packages/issues/15370#issuecomment-817015484 GCC10 doesn't have this problem. Signed-off-by: Alexandru Ardelean --- lang/python/python-greenlet/Makefile | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lang/python/python-greenlet/Makefile b/lang/python/python-greenlet/Makefile index 130037154d0b1..efcaf901ae3f9 100644 --- a/lang/python/python-greenlet/Makefile +++ b/lang/python/python-greenlet/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-greenlet PKG_VERSION:=1.0.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PYPI_NAME:=greenlet PKG_HASH:=719e169c79255816cdcf6dccd9ed2d089a72a9f6c42273aae12d55e8d35bdcf8 @@ -17,6 +17,8 @@ PKG_HASH:=719e169c79255816cdcf6dccd9ed2d089a72a9f6c42273aae12d55e8d35bdcf8 PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE +# FIXME: remove when GCC10 is the oldest supported compiler, or the issue goes away +PKG_USE_MIPS16:=0 include ../pypi.mk include $(INCLUDE_DIR)/package.mk @@ -31,7 +33,7 @@ define Package/python3-greenlet DEPENDS:= \ +python3-light \ +libstdcpp \ - @!(arc||mips) + @!arc endef define Package/python3-greenlet/description @@ -39,6 +41,13 @@ define Package/python3-greenlet/description a version of CPython that supports micro-threads called tasklets. endef +# FIXME: remove when GCC10 is the oldest supported compiler, or the issue goes away +# This is required in addition to PKG_USE_MIPS16:=0 because otherwise MIPS16 +# flags are inherited from the Python base package (via sysconfig module) +ifdef CONFIG_USE_MIPS16 +TARGET_CFLAGS += -mno-mips16 -mno-interlink-mips16 +endif + $(eval $(call Py3Package,python3-greenlet)) $(eval $(call BuildPackage,python3-greenlet)) $(eval $(call BuildPackage,python3-greenlet-src)) From 3558c6a8058e375bf97878aa033b18f5e699cf91 Mon Sep 17 00:00:00 2001 From: Alexander Ryzhov Date: Wed, 14 Apr 2021 10:45:13 +0300 Subject: [PATCH 055/221] fdm: don't use host headers Signed-off-by: Alexander Ryzhov --- mail/fdm/Makefile | 2 +- mail/fdm/patches/040-remove_host_includes.patch | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 mail/fdm/patches/040-remove_host_includes.patch diff --git a/mail/fdm/Makefile b/mail/fdm/Makefile index 02b5e7c476206..762fd933c45c0 100644 --- a/mail/fdm/Makefile +++ b/mail/fdm/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fdm PKG_VERSION:=2.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/nicm/fdm/releases/download/$(PKG_VERSION) diff --git a/mail/fdm/patches/040-remove_host_includes.patch b/mail/fdm/patches/040-remove_host_includes.patch new file mode 100644 index 0000000000000..4cfea4e898791 --- /dev/null +++ b/mail/fdm/patches/040-remove_host_includes.patch @@ -0,0 +1,12 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -11,9 +11,6 @@ AC_CANONICAL_HOST + + : ${CFLAGS=""} + +-CPPFLAGS="$CPPFLAGS -I/usr/local/include" +-LDFLAGS="$LDFLAGS -L/usr/local/lib" +- + AC_PROG_CC + AM_PROG_CC_C_O + AC_PROG_INSTALL From 9816bfc4ac429a72cbb670fff711c6a3ddcc820f Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 13 Apr 2021 20:13:47 -0700 Subject: [PATCH 056/221] luv: update to 1.40.0-0 Simplify CMake section. Fix pkgconfig paths. Signed-off-by: Rosen Penev --- lang/luv/Makefile | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/lang/luv/Makefile b/lang/luv/Makefile index d8be8a497b007..35cf2e850d9b4 100644 --- a/lang/luv/Makefile +++ b/lang/luv/Makefile @@ -1,19 +1,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luv -PKG_VERSION:=1.36.0-0 +PKG_VERSION:=1.40.0-0 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/luvit/luv/releases/download/$(PKG_VERSION) -PKG_HASH:=f2e7eb372574f25c6978c1dc74280d22efdcd7df2dda4a286c7fe7dceda26445 +PKG_HASH:=24473a081c3928eec2a352369cbafda97059574f4a4276861274473e7c7d17a0 PKG_MAINTAINER:=Morteza Milani PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE -CMAKE_INSTALL:=1 - include $(INCLUDE_DIR)/package.mk include ../../devel/ninja/ninja-cmake.mk @@ -34,20 +32,27 @@ define Package/luv/config source "$(SOURCE)/Config.in" endef -CMAKE_OPTIONS += -DLUA_BUILD_TYPE=System -CMAKE_OPTIONS += -DWITH_SHARED_LIBUV=ON -CMAKE_OPTIONS += -DBUILD_MODULE=OFF -CMAKE_OPTIONS += -DBUILD_SHARED_LIBS=ON +CMAKE_OPTIONS += \ + -DLUA_BUILD_TYPE=System \ + -DWITH_SHARED_LIBUV=ON \ + -DBUILD_MODULE=OFF \ + -DBUILD_SHARED_LIBS=ON \ + -DWITH_LUA_ENGINE=$(if $(CONFIG_LUV_USE_LUAJIT_ENGINE),Luajit,Lua) -ifeq ($(CONFIG_LUV_USE_LUAJIT_ENGINE),y) - CMAKE_OPTIONS += -DWITH_LUA_ENGINE=Luajit -else - CMAKE_OPTIONS += -DWITH_LUA_ENGINE=Lua -endif +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/luv + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/luv/*.h $(1)/usr/include/luv + $(INSTALL_DIR) $(1)/usr/lib/lua + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libluv.so* $(1)/usr/lib + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libluv.pc $(1)/usr/lib/pkgconfig + $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libluv.pc + $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libluv.pc +endef define Package/luv/install $(INSTALL_DIR) $(1)/usr/lib/lua - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libluv.so.1.36.0 $(1)/usr/lib/lua/luv.so + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libluv.so.1.40.0 $(1)/usr/lib/lua/luv.so endef From 7a7bc74181e58eca6e5e5b72d8d3f1ff5b523fe0 Mon Sep 17 00:00:00 2001 From: Alexander Egorenkov Date: Wed, 14 Apr 2021 19:15:35 +0200 Subject: [PATCH 057/221] libupnp: restore building tools This enables tools again which has been disabled in commit 498506af9 ("libupnp: update to 1.14.5"). Disabling tools leads to the header upnptools.h not being installed into /usr/include. But e.g. mpd-full depends on this header. Fixes: 498506af9 ("libupnp: update to 1.14.5") Signed-off-by: Alexander Egorenkov --- libs/libupnp/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/libupnp/Makefile b/libs/libupnp/Makefile index 52553f0d906ff..64c3e0a85ae66 100644 --- a/libs/libupnp/Makefile +++ b/libs/libupnp/Makefile @@ -59,7 +59,7 @@ CMAKE_OPTIONS += \ -Doptssdp=OFF \ -Dsoap=ON \ -Dgena=ON \ - -Dtools=O$(if $(CONFIG_PACKAGE_libupnp-sample),N,FF) \ + -Dtools=ON \ -Dipv6=O$(if $(CONFIG_IPV6),N,FF) \ -Dunspecified_server=OFF \ -Dopen_ssl=OFF \ From 64f1c04cc9eb7cba8b2c3b88a969320c76ac7e36 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Wed, 14 Apr 2021 18:06:40 +0000 Subject: [PATCH 058/221] docker-compose: Update to version 1.29.1 Bugs: - Fix for invalid handler warning on Windows builds - Fix config hash to trigger container recreation on IPC mode updates - Fix conversion map for placement.max_replicas_per_node - Remove extra scan suggestion on build Signed-off-by: Javier Marcet --- utils/docker-compose/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/docker-compose/Makefile b/utils/docker-compose/Makefile index 7e2edb1ee52c9..d20f1f3057588 100644 --- a/utils/docker-compose/Makefile +++ b/utils/docker-compose/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=docker-compose -PKG_VERSION:=1.29.0 +PKG_VERSION:=1.29.1 PKG_RELEASE:=1 PYPI_NAME:=docker-compose -PKG_HASH:=7f3ac832111b55bf1385ccae8b136dc4cbec04a00cf3191b3d0517003324bfc1 +PKG_HASH:=d2064934f5084db8a0c4805e226447bf1fd0c928419be95afb6bd1866838c1f1 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=Apache-2.0 From 6b64b387ffb4699dc4fd604f9a2ae2549ee3da22 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 13 Apr 2021 08:25:55 -0300 Subject: [PATCH 059/221] ocserv: don't build with libseccomp on ARC libseccomp can't be built on ARC, so we must disable the option here as well. A different fix was first proposed by @zxlhhyccc in #15377. Fixes: #15313 Signed-off-by: Eneas U de Queiroz --- net/ocserv/Config.in | 1 + net/ocserv/Makefile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ocserv/Config.in b/net/ocserv/Config.in index b6460cd8ee6b3..cf86bef172f90 100644 --- a/net/ocserv/Config.in +++ b/net/ocserv/Config.in @@ -9,6 +9,7 @@ config OCSERV_PAM config OCSERV_SECCOMP bool "enable seccomp" + depends on !arc default n config OCSERV_RADIUS diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile index ed05a3a554801..4431d9d3ca5d6 100644 --- a/net/ocserv/Makefile +++ b/net/ocserv/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ocserv PKG_VERSION:=1.1.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_USE_MIPS16:=0 PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) From 6e5ab185fc5008e90ef22e6fc727be7fb43296e1 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 15 Apr 2021 02:51:11 +0100 Subject: [PATCH 060/221] uvol: make volume creation atomic Make sure filesystem is ready when volume becomes available. Use 'write-once' as initial state for read-only volumes, only allow writing to volumes in that state and transision to 'read-only' once write has completed. Also fix a typo which prevented 'list' command from working with LVM. Signed-off-by: Daniel Golle --- utils/uvol/files/lvm.sh | 39 +++++++++++++++++++++++++++------------ utils/uvol/files/ubi.sh | 40 +++++++++++++++++++++------------------- utils/uvol/files/uvol | 2 -- 3 files changed, 48 insertions(+), 33 deletions(-) diff --git a/utils/uvol/files/lvm.sh b/utils/uvol/files/lvm.sh index 35c2ae17e4714..158ab1c83deac 100644 --- a/utils/uvol/files/lvm.sh +++ b/utils/uvol/files/lvm.sh @@ -41,7 +41,7 @@ vgs() { } lvs() { - lvm_cmd vgs --reportformat json --units b "$@" + lvm_cmd lvs --reportformat json --units b "$@" } freebytes() { @@ -121,7 +121,7 @@ exportlv() { lv_size= json_init - json_load "$(lvs -o lv_full_name,lv_size,lv_path,lv_dm_path -S "lv_name=~^r[ow]_$1\$ && vg_name=$vg_name")" + json_load "$(lvs -o lv_full_name,lv_size,lv_path,lv_dm_path -S "lv_name=~^[rw][ow]_$1\$ && vg_name=$vg_name")" json_select report json_get_keys reports for rep in $reports; do @@ -153,7 +153,15 @@ getsize() { activatevol() { exportlv "$1" - lvm_cmd lvchange -a y "$lv_full_name" + case "$lv_path" in + /dev/*/wo_*) + return 22 + ;; + *) + lvm_cmd lvchange -a y "$lv_full_name" + return 0 + ;; + esac } disactivatevol() { @@ -169,7 +177,7 @@ getstatus() { } createvol() { - local mode ret + local mode lvmode ret local volsize=$(($2)) [ "$volsize" ] || return 22 exportlv "$1" @@ -178,10 +186,12 @@ createvol() { [ $((size_ext * vg_extent_size)) -lt $volsize ] && size_ext=$((size_ext + 1)) case "$3" in - ro) - mode=r + ro|wo) + lvmode=r + mode=wo ;; rw) + lvmode=rw mode=rw ;; *) @@ -189,9 +199,9 @@ createvol() { ;; esac - lvm_cmd lvcreate -p $mode -a n -y -W n -Z n -n "${3}_${1}" -l "$size_ext" $vg_name + lvm_cmd lvcreate -p $lvmode -a n -y -W n -Z n -n "${mode}_${1}" -l "$size_ext" $vg_name ret=$? - if [ ! $ret -eq 0 ] || [ "$mode" = "r" ]; then + if [ ! $ret -eq 0 ] || [ "$lvmode" = "r" ]; then return $ret fi exportlv "$1" @@ -215,11 +225,16 @@ updatevol() { exportlv "$1" [ "$lv_full_name" ] || return 2 [ $lv_size -ge $2 ] || return 27 - lvm_cmd lvchange -a y -p rw "$lv_full_name" - dd of=$lv_path case "$lv_path" in - /dev/*/ro_*) + /dev/*/wo_*) + lvm_cmd lvchange -a y -p rw "$lv_full_name" + dd of=$lv_path lvm_cmd lvchange -p r "$lv_full_name" + lvm_cmd lvrename "$lv_full_name" "${lv_full_name%%/*}/ro_$1" + return 0 + ;; + default) + return 22 ;; esac } @@ -228,7 +243,7 @@ listvols() { local reports rep lv lvs lv_name lv_size lv_mode volname volname=${1:-.*} json_init - json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^r[ow]_$volname\$ && vg_name=$vg_name")" + json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^[rw][ow]_$volname\$ && vg_name=$vg_name")" json_select report json_get_keys reports for rep in $reports; do diff --git a/utils/uvol/files/ubi.sh b/utils/uvol/files/ubi.sh index 28841ca0474ff..7851a98df486d 100644 --- a/utils/uvol/files/ubi.sh +++ b/utils/uvol/files/ubi.sh @@ -31,17 +31,17 @@ getdev() { local voldir volname devname for voldir in /sys/devices/virtual/ubi/${ubidev}/${ubidev}_*; do read volname < "${voldir}/name" - [ "$volname" = "uvol-ro-$1" ] || [ "$volname" = "uvol-rw-$1" ] || continue + [ "$volname" = "uvol-ro-$1" ] || [ "$volname" = "uvol-wp-$1" ] || [ "$volname" = "uvol-rw-$1" ] || [ "$volname" = "uvol-wo-$1" ] || continue basename "$voldir" done } -needs_ubiblock() { +vol_is_mode() { local voldev="$1" local volname read volname < "/sys/devices/virtual/ubi/${ubidev}/${voldev}/name" case "$volname" in - uvol-ro-*) + uvol-$2-*) return 0 ;; esac @@ -51,7 +51,8 @@ needs_ubiblock() { getstatus() { local voldev=$(getdev "$@") [ "$voldev" ] || return 2 - needs_ubiblock $voldev && [ ! -e "/dev/ubiblock${voldev:3}" ] && return 1 + vol_is_mode $voldev wo && return 1 + vol_is_mode $voldev ro && [ ! -e "/dev/ubiblock${voldev:3}" ] && return 1 return 0 } @@ -65,9 +66,9 @@ getsize() { getuserdev() { local voldev=$(getdev "$@") [ "$voldev" ] || return 2 - if needs_ubiblock $voldev ; then + if vol_is_mode $voldev ro ; then echo "/dev/ubiblock${voldev:3}" - else + elif vol_is_mode $voldev rw ; then echo "/dev/$voldev" fi } @@ -77,11 +78,11 @@ createvol() { local existdev=$(getdev "$@") [ "$existdev" ] && return 17 case "$3" in - ro) - mode=ro + ro|wo) + mode=wo ;; rw) - mode=rw + mode=wp ;; *) return 22 @@ -91,6 +92,12 @@ createvol() { ret=$? [ $ret -eq 0 ] || return $ret ubiupdatevol -t /dev/$(getdev "$@") + [ "$mode" = "wp" ] || return 0 + local tmp_mp=$(mktemp -d) + mount -t ubifs /dev/$(getdev "$@") $tmp_mp + umount $tmp_mp + rmdir $tmp_mp + ubirename /dev/$ubidev uvol-wp-$1 uvol-rw-$1 } removevol() { @@ -103,7 +110,8 @@ removevol() { activatevol() { local voldev=$(getdev "$@") [ "$voldev" ] || return 2 - needs_ubiblock $voldev || return 0 + vol_is_mode $voldev wo || return 1 + vol_is_mode $voldev ro || return 0 [ -e "/dev/ubiblock${voldev:3}" ] && return 0 ubiblock --create /dev/$voldev } @@ -111,7 +119,7 @@ activatevol() { disactivatevol() { local voldev=$(getdev "$@") [ "$voldev" ] || return 2 - needs_ubiblock $voldev || return 0 + vol_is_mode $voldev ro || return 0 [ -e "/dev/ubiblock${voldev:3}" ] || return 0 ubiblock --remove /dev/$voldev } @@ -120,15 +128,9 @@ updatevol() { local voldev=$(getdev "$@") [ "$voldev" ] || return 2 [ "$2" ] || return 22 - needs_ubiblock $voldev || return 22 + vol_is_mode $voldev wo || return 22 ubiupdatevol -s $2 /dev/$voldev - -} - -getstatus() { - local voldev=$(getdev "$@") - [ "$voldev" ] || return 2 - needs_ubiblock $voldev && [ ! -e "/dev/ubiblock${voldev:3}" ] && return 1 - return 0 + ubirename /dev/$ubidev uvol-wo-$1 uvol-ro-$1 } listvols() { diff --git a/utils/uvol/files/uvol b/utils/uvol/files/uvol index 58d08f07e10f9..0fea88f38ce7d 100644 --- a/utils/uvol/files/uvol +++ b/utils/uvol/files/uvol @@ -2,8 +2,6 @@ # uvol prototype # future development roadmap (aka. to-do): -# * atomic create using temp volnames -# * create read-only volumes as 'write-once', introduce 'pending' state until written # * re-implement in C (use libubox, execve lvm/ubi*) # * add atomic batch processing for use by container/package manager From 25ef4d8a0b9e95254a4a18e963cd2dd8f5d2edca Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 12 Apr 2021 00:07:52 -0700 Subject: [PATCH 061/221] yubico-pam: update to 2.27 Switch to AUTORELEASE for simplicity. Signed-off-by: Rosen Penev --- libs/yubico-pam/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/yubico-pam/Makefile b/libs/yubico-pam/Makefile index fddf337d5b5c9..7c641f6701755 100644 --- a/libs/yubico-pam/Makefile +++ b/libs/yubico-pam/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yubico-pam -PKG_VERSION:=2.26 -PKG_RELEASE:=3 +PKG_VERSION:=2.27 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=pam_yubico-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://developers.yubico.com/yubico-pam/Releases -PKG_HASH:=2de96495963fefd72b98243952ca5d5ec513e702c596e54bc667ef6b5e252966 +PKG_HASH:=63d02788852644d871746e1a7a1d16c272c583c226f62576f5ad232a6a44e18c PKG_BUILD_DIR:=$(BUILD_DIR)/pam_yubico-$(PKG_VERSION) PKG_MAINTAINER:=Stuart B. Wilkins From b37d6d2a62e7da7d6f97c04651f4b180cbb81ff7 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sun, 11 Apr 2021 22:40:31 -0700 Subject: [PATCH 062/221] stm32flash: update to 0.6 Switch to AUTORELEASE for simplicity. Use autotools build. Remove upstream patch. Minor cleanups for consistency between packages. Signed-off-by: Rosen Penev --- utils/stm32flash/Makefile | 14 +++++++++----- .../patches/100-add_support_for_stm32g4.patch | 11 ----------- 2 files changed, 9 insertions(+), 16 deletions(-) delete mode 100644 utils/stm32flash/patches/100-add_support_for_stm32g4.patch diff --git a/utils/stm32flash/Makefile b/utils/stm32flash/Makefile index b6f73d9394bd8..b2cdbadf6bff2 100644 --- a/utils/stm32flash/Makefile +++ b/utils/stm32flash/Makefile @@ -8,16 +8,20 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stm32flash -PKG_VERSION:=0.5 -PKG_RELEASE:=3 +PKG_VERSION:=0.6 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=@SF/$(PKG_NAME) -PKG_HASH:=97aa9422ef02e82f7da9039329e21a437decf972cb3919ad817f70ac9a49e306 -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) +PKG_HASH:=ee9b40d4d3e5cd28b993e08ae2a2c3c559b6bea8730cd7e1d40727dedb1dda09 + PKG_MAINTAINER:=Christian Pointner PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt + +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + include $(INCLUDE_DIR)/package.mk define Package/stm32flash @@ -35,7 +39,7 @@ endef define Package/stm32flash/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/stm32flash $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stm32flash $(1)/usr/bin/ endef $(eval $(call BuildPackage,stm32flash)) diff --git a/utils/stm32flash/patches/100-add_support_for_stm32g4.patch b/utils/stm32flash/patches/100-add_support_for_stm32g4.patch deleted file mode 100644 index f4ec0dbb24100..0000000000000 --- a/utils/stm32flash/patches/100-add_support_for_stm32g4.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/dev_table.c -+++ b/dev_table.c -@@ -90,6 +90,8 @@ const stm32_dev_t devices[] = { - {0x434, "STM32F469xx" , 0x20003000, 0x20060000, 0x08000000, 0x08200000, 1, f4db , 0x1FFEC000, 0x1FFFC00F, 0x1FFF0000, 0x1FFF7800, 0}, - /* F7 */ - {0x449, "STM32F74xxx/75xxx" , 0x20004000, 0x20050000, 0x08000000, 0x08100000, 1, f7 , 0x1FFF0000, 0x1FFF001F, 0x1FF00000, 0x1FF0EDC0, 0}, -+ /* G4 */ -+ {0x468, "STM32G431xx/441xx" , 0x20000000, 0x20004000, 0x08000000, 0x08020000, 1, p_2k , 0x1FFF7800, 0x1FFF780F, 0x1FFF0000, 0x1FFF7000, 0}, - /* L0 */ - {0x425, "STM32L031xx/041xx" , 0x20001000, 0x20002000, 0x08000000, 0x08008000, 32, p_128 , 0x1FF80000, 0x1FF8001F, 0x1FF00000, 0x1FF01000, 0}, - {0x417, "STM32L05xxx/06xxx" , 0x20001000, 0x20002000, 0x08000000, 0x08010000, 32, p_128 , 0x1FF80000, 0x1FF8001F, 0x1FF00000, 0x1FF01000, 0}, From cab810a6c8f3080abe71ac86d1a4ed95b1de379e Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 13 Apr 2021 20:30:53 -0700 Subject: [PATCH 063/221] ngircd: update to 26.1 Switch to AUTORELEASE for simplicity. Signed-off-by: Rosen Penev --- net/ngircd/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/ngircd/Makefile b/net/ngircd/Makefile index 6d41984254634..d3943277ba761 100644 --- a/net/ngircd/Makefile +++ b/net/ngircd/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ngircd -PKG_VERSION:=26 -PKG_RELEASE:=1 +PKG_VERSION:=26.1 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://ngircd.barton.de/pub/ngircd -PKG_HASH:=56dcc6483058699fcdd8e54f5010eecee09824b93bad7ed5f18818e550d855c6 +PKG_HASH:=55c16fd26009f6fc6a007df4efac87a02e122f680612cda1ce26e17a18d86254 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0 From 967037f1722b304561199fdb673291b5a3907355 Mon Sep 17 00:00:00 2001 From: Jan Pavlinec Date: Wed, 7 Apr 2021 12:14:08 +0200 Subject: [PATCH 064/221] onionshare-cli: add new package Signed-off-by: Jan Pavlinec --- net/onionshare-cli/Makefile | 57 +++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 net/onionshare-cli/Makefile diff --git a/net/onionshare-cli/Makefile b/net/onionshare-cli/Makefile new file mode 100644 index 0000000000000..6ee595865b230 --- /dev/null +++ b/net/onionshare-cli/Makefile @@ -0,0 +1,57 @@ +# +# Copyright (C) 2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/) +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=onionshare-cli +PKG_VERSION:=2.3.1 +PKG_RELEASE:=1 + +PYPI_NAME:=onionshare-cli +PYPI_SOURCE_NAME:=onionshare_cli +PKG_HASH:=47320a5f270b3629586c249fb2ae1c2f67682cb53c5013a8af9702d0d6e50193 + +PKG_MAINTAINER:=Jan Pavlinec +PKG_LICENSE:=GPL-3.0-or-later +PKG_LICENSE_FILES:=LICENSE + +HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:=setuptools-scm toml + +include ../../lang/python/pypi.mk +include $(INCLUDE_DIR)/package.mk +include ../../lang/python/python3-package.mk + +define Package/onionshare-cli + SECTION:=net + CATEGORY:=Network + TITLE:=Secure chat, web and file sharing + URL:=https://onionshare.org/ + DEPENDS:= \ + +python3-light \ + +python3-psutil \ + +python3-click \ + +python3-flask \ + +python3-flask-httpauth \ + +python3-flask-socketio \ + +python3-pysocks \ + +python3-requests \ + +python3-stem \ + +python3-eventlet \ + +python3-unidecode \ + +python3-cryptodome \ + +python3-urllib3 \ + +tor +endef + +define Package/onionshare-cli/description + OnionShare is an open source tool that lets you securely and + anonymously share files, host websites, and chat with friends using the Tor network. +endef + +$(eval $(call Py3Package,onionshare-cli)) +$(eval $(call BuildPackage,onionshare-cli)) +$(eval $(call BuildPackage,onionshare-cli-src)) From 2deaa41a0190e5894fe1be22ffe8b31e77543be0 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Mon, 12 Apr 2021 18:09:52 -0300 Subject: [PATCH 065/221] openvpn-easy-rsa: add missing configfile /etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile and changes were lost during upgrades. Signed-off-by: Luiz Angelo Daros de Luca --- net/openvpn-easy-rsa/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/openvpn-easy-rsa/Makefile b/net/openvpn-easy-rsa/Makefile index 56d5b3382f3be..fca5e3a9eb9df 100644 --- a/net/openvpn-easy-rsa/Makefile +++ b/net/openvpn-easy-rsa/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn-easy-rsa PKG_VERSION:=3.0.8 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE_URL:=https://codeload.github.com/OpenVPN/easy-rsa/tar.gz/v$(PKG_VERSION)? PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_HASH:=fd6b67d867c3b8afd53efa2ca015477f6658a02323e1799432083472ac0dd200 @@ -43,6 +43,7 @@ define Package/openvpn-easy-rsa/conffiles /etc/easy-rsa/vars /etc/easy-rsa/openssl-1.0.cnf /etc/easy-rsa/openssl-easyrsa.cnf +/etc/profile.d/50-$(PKG_NAME).sh endef define Build/Configure From baa97bef6d57018cc7b4394b1230c946195001e8 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Wed, 14 Apr 2021 12:27:07 -0600 Subject: [PATCH 066/221] strongswan: add deprecation warning to ipsec script Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 2 +- net/strongswan/files/ipsec.init | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index d58afad99871d..ff7d5cefe6c91 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.2 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init index bbfa573d69a41..c5588e8cf3c6e 100644 --- a/net/strongswan/files/ipsec.init +++ b/net/strongswan/files/ipsec.init @@ -354,6 +354,8 @@ service_triggers() { start_service() { prepare_env + warning "Strongswan is deprecating the ipsec CLI; please migrate to swanctl." + [ $WAIT_FOR_INTF -eq 1 ] && return procd_open_instance From 69112dd526c606b28ef9f1abec2819ea3eb0540b Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 15 Apr 2021 01:02:34 +0200 Subject: [PATCH 067/221] clamav: add libiconv dependencies when build with NLS NLS means Native Language Support and when you have it enabled (it is not default), clamav can not be compiled as it shows following error: Package clamav is missing dependencies for the following libraries: libiconv.so.2 Also, it is required that package libiconv-full is compiled first/before than clamav and then try to compile clamav. Signed-off-by: Josef Schlehofer --- net/clamav/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/clamav/Makefile b/net/clamav/Makefile index abb59769a95f1..0e07870977143 100644 --- a/net/clamav/Makefile +++ b/net/clamav/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=clamav PKG_VERSION:=0.103.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/ @@ -29,7 +29,7 @@ include ../../devel/ninja/ninja-cmake.mk define Package/clamav/Default SECTION:=net - DEPENDS:=+libstdcpp +libpthread +zlib +libbz2 +libxml2 +libcurl +libjson-c +libmilter-sendmail +libopenssl +libltdl +libpcre2 + DEPENDS:=+libstdcpp +libpthread +zlib +libbz2 +libxml2 +libcurl +libjson-c +libmilter-sendmail +libopenssl +libltdl +libpcre2 $(ICONV_DEPENDS) CATEGORY:=Network SUBMENU:=Web Servers/Proxies TITLE:=ClamAV From a985507cf195eab775aef967df00d0dab6a62480 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Thu, 15 Apr 2021 00:39:03 +0200 Subject: [PATCH 068/221] netdata: update to version 1.30.1 Signed-off-by: Josef Schlehofer --- admin/netdata/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/admin/netdata/Makefile b/admin/netdata/Makefile index d2eb44538ff61..d9361529d74c1 100644 --- a/admin/netdata/Makefile +++ b/admin/netdata/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netdata -PKG_VERSION:=1.29.3 -PKG_RELEASE:=2 +PKG_VERSION:=1.30.1 +PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer , Daniel Engberg PKG_LICENSE:=GPL-3.0-or-later @@ -18,7 +18,7 @@ PKG_CPE_ID:=cpe:/a:my-netdata:netdata PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netdata/netdata/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=8e045ea153db99317a95232d1d7a76711bee46f4bc2666d22e268ff03011aa43 +PKG_HASH:=e05f8b59d283fb2844280455b9481a2f9104730fd77f535312ff2fec40a6bc11 PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 From 36601470a07a07b799bdea0d96a9be810bca4fe1 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Wed, 14 Apr 2021 18:16:25 -0600 Subject: [PATCH 069/221] strongswan: add certificate generation utility Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 19 +++- net/strongswan/files/gencerts.sh | 155 +++++++++++++++++++++++++++++++ 2 files changed, 173 insertions(+), 1 deletion(-) create mode 100755 net/strongswan/files/gencerts.sh diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index ff7d5cefe6c91..3b45a2222f886 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan PKG_VERSION:=5.9.2 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ @@ -418,6 +418,17 @@ $(call Package/strongswan/description/Default) This package contains the swanctl utility. endef +define Package/strongswan-gencerts +$(call Package/strongswan/Default) + TITLE+= X.509 certificate generation utility + DEPENDS:= strongswan +strongswan-pki bash +endef + +define Package/strongswan-gencerts/description +$(call Package/strongswan/description/Default) + This package contains the X.509 certificate generation utility. +endef + define Package/strongswan-libtls $(call Package/strongswan/Default) TITLE+= libtls @@ -576,6 +587,11 @@ define Package/strongswan-swanctl/install $(INSTALL_BIN) ./files/swanctl.init $(1)/etc/init.d/swanctl endef +define Package/strongswan-gencerts/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) ./files/gencerts.sh $(1)/usr/bin/gencerts +endef + define Package/strongswan-libtls/install $(INSTALL_DIR) $(1)/usr/lib/ipsec $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libtls.so.* $(1)/usr/lib/ipsec/ @@ -651,6 +667,7 @@ $(eval $(call BuildPackage,strongswan-libnttfft)) $(eval $(call BuildPackage,strongswan-pki)) $(eval $(call BuildPackage,strongswan-scepclient)) $(eval $(call BuildPackage,strongswan-swanctl)) +$(eval $(call BuildPackage,strongswan-gencerts)) $(eval $(call BuildPackage,strongswan-libtls)) $(eval $(call BuildPlugin,addrblock,RFC 3779 address block constraint support,)) $(eval $(call BuildPlugin,aes,AES crypto,)) diff --git a/net/strongswan/files/gencerts.sh b/net/strongswan/files/gencerts.sh new file mode 100755 index 0000000000000..57dc0df6d6e3b --- /dev/null +++ b/net/strongswan/files/gencerts.sh @@ -0,0 +1,155 @@ +#!/bin/sh + +# +# see: +# https://www.howtoforge.com/tutorial/strongswan-based-ipsec-vpn-using-certificates-and-pre-shared-key-on-ubuntu-16-04/ +# + +PROG=$(basename "$0") + +[ -z "$EUID" ] && EUID=$(id -u) + +if [ $# -lt 5 ]; then + echo "Usage: $PROG { -s | -c | -u } country domain organization identities [ ... ]" >&2 + exit 1 +fi + +case "$1" in +-s) + S_OPT=1 ;; +-c) + C_OPT=1 ;; +-u) + U_OPT=1 ;; +*) + echo "$PROG: require an option specifying server/client/user credential type" >&2 + exit 1 + ;; +esac +shift + +C="$1"; shift +DOMAIN="$1"; shift +SHORT_DOMAIN="${DOMAIN%%.*}" +ORG="$1"; shift + +# invariants... +STRONGSWANDIR=/etc +SWANCTL_DIR=$STRONGSWANDIR/swanctl +: ${KEYINFO:="rsa:4096"} +: ${CADAYS:=3650} +: ${CRTDAYS:=730} + +makeDN() +{ + printf "C=%s, O=%s, CN=%s" "$1" "$2" "$3" +} + +field() +{ + local arg="$1" + local nth="$2" + + echo "$arg" | cut -d ':' -f "$nth" +} + +genmasterkey() +{ + local keytype keybits + + keytype=$(field "$KEYINFO" 1) + keybits=$(field "$KEYINFO" 2) + + pki --gen --type "$keytype" --size "$keybits" --outform pem > "$SWANCTL_DIR/private/$SHORT_DOMAIN.key" + chmod 0400 "$SWANCTL_DIR/private/$SHORT_DOMAIN.key" +} + +genca() +{ + local keytype + + keytype=$(field "$KEYINFO" 1) + + pki --self --ca --lifetime "$CADAYS" --in "$SWANCTL_DIR/private/$SHORT_DOMAIN.key" --type "$keytype" \ + --dn "$ROOTDN" --outform pem > "$SWANCTL_DIR/x509ca/$SHORT_DOMAIN.crt" + chmod 0444 "$SWANCTL_DIR/cacerts/$SHORT_DOMAIN.crt" +} + +genclientkey() +{ + local name="$1" keytype keybits + + keytype=$(field "$KEYINFO" 1) + keybits=$(field "$KEYINFO" 2) + + pki --gen --type "$keytype" --size "$keybits" --outform pem > "$SWANCTL_DIR/private/$name.key" + chmod 0400 "$SWANCTL_DIR/private/$name.key" +} + +gendevcert() +{ + local dn="$1" + local san="$2" + local name="$3" + + # reads key from input + pki --issue --lifetime "$CRTDAYS" \ + --cacert "$SWANCTL_DIR/x509ca/$SHORT_DOMAIN.crt" \ + --cakey "$SWANCTL_DIR/private/$SHORT_DOMAIN.key" \ + --dn "$dn" --san "$san" \ + ${S_OPT:+--flag serverAuth} \ + ${S_OPT:---flag clientAuth} \ + --flag ikeIntermediate \ + --outform pem > "$SWANCTL_DIR/x509/$name.crt" + chmod 0444 "$SWANCTL_DIR/x509/$name.crt" +} + +gendev() +{ + local keytype + + keytype=$(field "$KEYINFO" 1) + + [ -f "$SWANCTL_DIR/private/$NAME.key" ] || genclientkey "$NAME" + + [ -f "$SWANCTL_DIR/x509/$NAME.crt" ] || \ + pki --pub --in "$SWANCTL_DIR/private/$NAME.key" --type "$keytype" \ + | gendevcert "$DEVDN" "$DEVSAN" "$NAME" +} + +setparams() +{ + NAME="$1" + + if [ -n "$U_OPT" ]; then + DEVSAN="$NAME@$DOMAIN" + DEVDN="$(makeDN "$C" "$ORG" "$DEVSAN")" + else + DEVSAN="$NAME.$DOMAIN" + DEVDN="$(makeDN "$C" "$ORG" "$NAME")" + fi +} + +umask 077 + +[ "$EUID" -eq 0 ] || { echo "Must run as root!" >&2 ; exit 1; } + +ROOTDN="$(makeDN "$C" "$ORG" "Root CA")" + +[ -f "$SWANCTL_DIR/private/$SHORT_DOMAIN.key" ] || genmasterkey + +[ -f "$SWANCTL_DIR/x509ca/$SHORT_DOMAIN.crt" ] || genca + +PARENT="$STRONGSWANDIR" +BASEDIR="${SWANCTL_DIR##$PARENT/}" + +for name in "$@"; do + setparams "$name" + gendev + + tar -zcf "$name-certs.tar.gz" -C "$PARENT" "$BASEDIR/x509ca/$SHORT_DOMAIN.crt" "$BASEDIR/x509/$name.crt" "$BASEDIR/private/$name.key" + chmod 600 "$name-certs.tar.gz" + echo "Generated as $name-certs.tar.gz" +done + +exit 0 From 19d0c49999997abd413c7ee698f72a1b5a6f080c Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Thu, 15 Apr 2021 17:03:35 -0300 Subject: [PATCH 070/221] atheepmgr: avoid libpciaccess dependency HAVE_LIBPCIACCESS that is currently passed through MAKE_VARS to disable building with libpciaccess can't be set through the environment. Instead, use CONFIG_CON_PCI, which can be passed through the environment and will disable libpciaccess. Signed-off-by: Eneas U de Queiroz --- utils/atheepmgr/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/atheepmgr/Makefile b/utils/atheepmgr/Makefile index fc0283ffa24bb..bb695668dfff7 100644 --- a/utils/atheepmgr/Makefile +++ b/utils/atheepmgr/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=atheepmgr PKG_VERSION:=2.1.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_VERSION:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_PROTO:=git @@ -60,7 +60,7 @@ endef MAKE_VARS += \ OS=Linux \ - HAVE_LIBPCIACCESS=n \ + CONFIG_CON_PCI=n \ CONFIG_I_KNOW_WHAT_I_AM_DOING=$(CONFIG_ATHEEPMGR_DANGEROUS_FUNCTIONS) \ define Package/atheepmgr/install From 26236ba434d7abaa931ff092b64573fdb9aab4cb Mon Sep 17 00:00:00 2001 From: Jan Pavlinec Date: Fri, 26 Mar 2021 12:58:59 +0100 Subject: [PATCH 071/221] atlas-probe: add new package Signed-off-by: Jan Pavlinec --- net/atlas-probe/Makefile | 70 +++++++ .../patches/001-fix-stime-glibc-remove.patch | 178 ++++++++++++++++++ 2 files changed, 248 insertions(+) create mode 100644 net/atlas-probe/Makefile create mode 100644 net/atlas-probe/patches/001-fix-stime-glibc-remove.patch diff --git a/net/atlas-probe/Makefile b/net/atlas-probe/Makefile new file mode 100644 index 0000000000000..eafebcde91a66 --- /dev/null +++ b/net/atlas-probe/Makefile @@ -0,0 +1,70 @@ +# +# Copyright (C) 2019-2021 CZ.NIC z.s.p.o. (https://www.nic.cz/) +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=atlas-probe +PKG_VERSION:=2.2.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=ripe-atlas-probe-busybox-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-probe-busybox/archive/v$(PKG_VERSION) +PKG_HASH:=c5a3aca026cd1a3b93a77b159b36cd7a1098eb6d90e9ae4a69872cd7a419a87b + +PKG_BUILD_DIR:=$(BUILD_DIR)/ripe-atlas-probe-busybox-$(PKG_VERSION) + +PKG_MAINTAINER:=Jan Pavlinec +PKG_LICENSE:=GPL-2.0-or-later +PKG_LICENSE_FILES:=LICENSE + +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk + +define Package/atlas-probe + SECTION:=net + CATEGORY:=Network + TITLE:=RIPE Atlas probe measurement + DEPENDS:=+librt +libopenssl +openssh-client +sudo + USERID:=atlas=444:atlas=444 + URL:=https://atlas.ripe.net/ +endef + +define Package/atlas-probe/description + RIPE Atlas is a global, open, distributed Internet measurement platform, + consisting of thousands of measurement devices that measure Internet + connectivity in real time. +endef + +TARGET_CFLAGS += $(FPIC) + +CONFIGURE_ARGS += \ + --disable-shared \ + --enable-static + +CONFIGURE_PATH = libevent-2.1.11-stable + +TARGET_LDFLAGS = -L$(PKG_BUILD_DIR)/$(CONFIGURE_PATH)/.libs + +define Build/Compile + +$(MAKE_VARS) \ + $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(CONFIGURE_PATH) \ + $(MAKE_FLAGS) + +$(MAKE_VARS) \ + $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ + $(MAKE_FLAGS) +endef + +define Package/atlas-probe/install + +$(MAKE_VARS) \ + $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ + $(MAKE_FLAGS) CONFIG_PREFIX=$(1)/usr/libexec/atlas-probe install + $(INSTALL_DIR) $(1)/usr/libexec/atlas-probe/state + echo $(PKG_VERSION) > $(1)/usr/libexec/atlas-probe/state/VERSION +endef + +$(eval $(call BuildPackage,atlas-probe)) diff --git a/net/atlas-probe/patches/001-fix-stime-glibc-remove.patch b/net/atlas-probe/patches/001-fix-stime-glibc-remove.patch new file mode 100644 index 0000000000000..8c410197c1e96 --- /dev/null +++ b/net/atlas-probe/patches/001-fix-stime-glibc-remove.patch @@ -0,0 +1,178 @@ +From 402150eed057fc9fa52c8471ae645e23913a2805 Mon Sep 17 00:00:00 2001 +From: Philip Homburg +Date: Tue, 23 Jun 2020 12:25:08 -0400 +Subject: [PATCH] replace stime with clock_settime + +--- + coreutils/date.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/coreutils/date.c ++++ b/coreutils/date.c +@@ -246,6 +246,9 @@ int date_main(int argc UNUSED_PARAM, cha + if (*argv) + bb_show_usage(); + ++ /* Clear ts.tv_nsec, in case we need to set the time later */ ++ ts.tv_nsec= 0; ++ + /* Now we have parsed all the information except the date format + * which depends on whether the clock is being set or read */ + +@@ -310,7 +313,7 @@ int date_main(int argc UNUSED_PARAM, cha + } + + /* if setting time, set it */ +- if ((opt & OPT_SET) && stime(&ts.tv_sec) < 0) { ++ if ((opt & OPT_SET) && clock_settime(CLOCK_REALTIME, &ts) < 0) { + bb_perror_msg("can't set date"); + } + } +--- a/util-linux/rdate.c ++++ b/util-linux/rdate.c +@@ -65,27 +65,27 @@ static time_t askremotedate(const char * + int rdate_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; + int rdate_main(int argc UNUSED_PARAM, char **argv) + { +- time_t remote_time; ++ struct timespec remote_time; + unsigned flags; + + opt_complementary = "-1"; + flags = getopt32(argv, "sp"); + +- remote_time = askremotedate(argv[optind]); ++ remote_time.tv_sec = askremotedate(argv[optind]); + + if (!(flags & 2)) { /* no -p (-s may be present) */ + time_t current_time; + + time(¤t_time); +- if (current_time == remote_time) ++ if (current_time == remote_time.tv_sec) + bb_error_msg("current time matches remote time"); + else +- if (stime(&remote_time) < 0) ++ if (clock_settime(CLOCK_REALTIME,&remote_time) < 0) + bb_perror_msg_and_die("can't set time of day"); + } + + if (flags != 1) /* not lone -s */ +- printf("%s", ctime(&remote_time)); ++ printf("%s", ctime(&remote_time.tv_sec)); + + return EXIT_SUCCESS; + } +--- a/networking/httpget.c ++++ b/networking/httpget.c +@@ -947,8 +947,9 @@ static int eat_headers(FILE *tcp_file, i + if (time_tolerance && strncmp(line, "Date: ", 6) == 0) + { + /* Try to set time from server */ +- time_t now, tim, tolerance; ++ time_t now, tolerance; + struct tm tm; ++ struct timespec tim; + + tolerance= strtoul(time_tolerance, &cp, 10); + if (cp[0] != '\0') +@@ -966,16 +967,16 @@ static int eat_headers(FILE *tcp_file, i + line+6); + } + } +- tim= timegm(&tm); ++ tim.tv_sec= timegm(&tm); + now= time(NULL); +- if (now < tim-tolerance || now > tim+tolerance) ++ if (now < tim.tv_sec-tolerance || now > tim.tv_sec+tolerance) + { + if (debug) + { fprintf(stderr, + "setting time, time difference is %d\n", +- (int)(tim-now)); ++ (int)(tim.tv_sec-now)); + } +- stime(&tim); ++ clock_settime(CLOCK_REALTIME,&tim); + } + } + +--- a/networking/httppost.c ++++ b/networking/httppost.c +@@ -92,13 +92,14 @@ int httppost_main(int argc, char *argv[] + char *time_tolerance, *rebased_fn= NULL; + char *fn_new, *fn; + FILE *tcp_file, *out_file, *fh; +- time_t server_time, tolerance; ++ time_t tolerance; ++ struct timespec server_time; + struct stat sbF, sbH, sbS; + off_t cLength, dir_length, maxpostsize; + struct sigaction sa; + +- post_dir= NULL; +- post_file= NULL; ++ post_dir= NULL; ++ post_file= NULL; + post_footer=NULL; + post_header=NULL; + atlas_id= NULL; +@@ -470,12 +471,12 @@ int httppost_main(int argc, char *argv[] + if (!check_result(tcp_file)) + goto err; + fprintf(stderr, "httppost: getting reply headers \n"); +- server_time= 0; ++ server_time.tv_sec = 0; + content_length= -1; +- if (!eat_headers(tcp_file, &chunked, &content_length, &server_time)) ++ if (!eat_headers(tcp_file, &chunked, &content_length, &server_time.tv_sec)) + goto err; + +- if (tolerance && server_time > 0) ++ if (tolerance && server_time.tv_sec > 0) + { + /* Try to set time from server */ + int need_set_time; +@@ -486,35 +487,35 @@ int httppost_main(int argc, char *argv[] + rtt= now.tv_sec-start_time.tv_sec; + rtt += (now.tv_usec-start_time.tv_usec)/1e6; + if (rtt < 0) rtt= 0; +- need_set_time= (now.tv_sec < server_time-tolerance-rtt || +- now.tv_sec > server_time+tolerance+rtt); ++ need_set_time= (now.tv_sec < server_time.tv_sec-tolerance-rtt || ++ now.tv_sec > server_time.tv_sec+tolerance+rtt); + if (need_set_time && getenv("HTTPPOST_ALLOW_STIME")) + { + fprintf(stderr, + "setting time, time difference is %ld\n", +- (long)server_time-now.tv_sec); +- stime(&server_time); ++ (long)server_time.tv_sec-now.tv_sec); ++ clock_settime(CLOCK_REALTIME,&server_time); + if (atlas_id) + { + printf( + "RESULT %s ongoing %ld httppost setting time, local %ld, remote %ld\n", + atlas_id, (long)time(NULL), + (long)now.tv_sec, +- (long)server_time); ++ (long)server_time.tv_sec); + } + } + else if (need_set_time) + { + fprintf(stderr, + "not setting time, time difference is %ld\n", +- (long)server_time-now.tv_sec); ++ (long)server_time.tv_sec-now.tv_sec); + if (atlas_id) + { + printf( + "RESULT %s ongoing %ld httppost not in sync, local %ld, remote %ld\n", + atlas_id, (long)time(NULL), + (long)now.tv_sec, +- (long)server_time); ++ (long)server_time.tv_sec); + } + } + else if (rtt <= 1) From e5bf53cc19d059ace2d5a061c917278e280b2b7d Mon Sep 17 00:00:00 2001 From: Jan Pavlinec Date: Fri, 26 Mar 2021 12:59:34 +0100 Subject: [PATCH 072/221] atlas-sw-probe: add new package Signed-off-by: Jan Pavlinec --- net/atlas-sw-probe/Makefile | 127 +++++++++++++ net/atlas-sw-probe/files/atlas.conf | 4 + net/atlas-sw-probe/files/atlas.init | 178 ++++++++++++++++++ net/atlas-sw-probe/files/atlas_rpcd.sh | 83 ++++++++ .../patches/001-fix-config-path.patch | 14 ++ 5 files changed, 406 insertions(+) create mode 100644 net/atlas-sw-probe/Makefile create mode 100644 net/atlas-sw-probe/files/atlas.conf create mode 100644 net/atlas-sw-probe/files/atlas.init create mode 100755 net/atlas-sw-probe/files/atlas_rpcd.sh create mode 100644 net/atlas-sw-probe/patches/001-fix-config-path.patch diff --git a/net/atlas-sw-probe/Makefile b/net/atlas-sw-probe/Makefile new file mode 100644 index 0000000000000..b4cc2f318380e --- /dev/null +++ b/net/atlas-sw-probe/Makefile @@ -0,0 +1,127 @@ +# +# Copyright (C) 2019-2021 CZ.NIC z.s.p.o. (https://www.nic.cz/) +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +include $(TOPDIR)/rules.mk + +PKG_NAME:=atlas-sw-probe +PKG_VERSION:=5020 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git +PKG_SOURCE:=ripe-atlas-software-probe-$(PKG_VERSION).tar.gz + +PKG_MIRROR_HASH:=846aa20ff4bc938c07526a9893dcae4ac7dfa41982a5b2bcfe2dd53c974ecdc9 +PKG_SOURCE_VERSION:=edee49c942b726a1d8865d91c8d7f32843bc8ad1 + +PKG_MAINTAINER:=Jan Pavlinec +PKG_LICENSE:=GPL-3.0-or-later +PKG_LICENSE_FILES:=LICENSE + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/atlas-sw-probe + SECTION:=net + CATEGORY:=Network + TITLE:=RIPE Atlas software probe + URL:=https://atlas.ripe.net/about/probes/ + DEPENDS:=+atlas-probe +endef + +define Package/atlas-sw-probe/description + RIPE Atlas SW probe is software variant of RIPE Atlas Probe. + It contains utilities which helps actively measure + Internet connectivity through ping, traceroute, DNS, SSL/TLS, NTP, and HTTP. + Data are then collected, aggregated and published by the RIPE NCC. +endef + +define Package/atlas-sw-probe-rpc + SECTION:=net + CATEGORY:=Network + TITLE:=RPC service + URL:=https://atlas.ripe.net/about/probes/ + DEPENDS:=+atlas-probe +bind-dig +rpcd +endef + +define Package/atlas-sw-probe-rpc/description + Provides ubus calls for probe. +endef + +Build/Compile:=: +Build/Install:=: + +define Package/atlas-sw-probe-rpc/postinst +#!/bin/sh +[ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/rpcd restart +exit 0 +endef + +define Package/atlas-sw-probe-rpc/postrm +#!/bin/sh +[ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/rpcd restart +exit 0 +endef + +define Package/atlas-sw-probe/conffiles +/etc/config/atlas +/usr/libexec/atlas-probe-scripts/state/config.txt +endef + +TMP_BASE_DIR:=/tmp/ripe_atlas_probe +SCRIPTS_DIR:=/usr/libexec/atlas-probe-scripts + +define Package/atlas-sw-probe/install + $(INSTALL_DIR) $(1)/$(SCRIPTS_DIR) + $(INSTALL_DIR) $(1)/$(SCRIPTS_DIR)/{etc,state,bin/arch,bin/bin} + + # Copy config + $(CP) $(PKG_BUILD_DIR)/atlas-config/etc/* $(1)/$(SCRIPTS_DIR)/etc/ + + # Copy firmware version + $(CP) $(PKG_BUILD_DIR)/atlas-config/state/FIRMWARE_APPS_VERSION $(1)/$(SCRIPTS_DIR)/state/ + + # Set probe mode + echo "prod" > $(1)/$(SCRIPTS_DIR)/state/mode + + # Copy scripts + $(CP) $(PKG_BUILD_DIR)/bin/{ATLAS,common-pre.sh,common.sh,reginit.sh,resolvconf} $(1)/$(SCRIPTS_DIR)/bin/ + $(CP) $(PKG_BUILD_DIR)/bin/arch/{linux,openwrt-sw-probe} $(1)/$(SCRIPTS_DIR)/bin/arch/ + + # Create config info + echo "DEVICE_NAME=openwrt-sw-probe" > $(1)/$(SCRIPTS_DIR)/bin/config.sh + echo "ATLAS_BASE=$(SCRIPTS_DIR)" >> $(1)/$(SCRIPTS_DIR)/bin/config.sh + echo "ATLAS_STATIC=$(SCRIPTS_DIR)" >> $(1)/$(SCRIPTS_DIR)/bin/config.sh + echo "SUB_ARCH=openwrt-$(ARCH)-$(PKG_VERSION)-$(PKG_RELEASE)" >> $(1)/$(SCRIPTS_DIR)/bin/bin/config.sh + + # Enable sending interface traffic statistics as Atlas measurement results + echo "RXTXRPT=yes" > $(1)/$(SCRIPTS_DIR)/state/config.txt + + # Fix permision + chmod 755 $(1)/$(SCRIPTS_DIR)/bin + + # Create softlinks for writable dirs + $(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons + $(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data + $(LN) $(TMP_BASE_DIR)/run $(1)/$(SCRIPTS_DIR)/run + $(LN) $(TMP_BASE_DIR)/status $(1)/$(SCRIPTS_DIR)/status + + # Copy init and config + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) ./files/atlas.init $(1)/etc/init.d/atlas + + $(INSTALL_DIR) $(1)/etc/config/ + $(INSTALL_CONF) ./files/atlas.conf $(1)/etc/config/atlas +endef + +define Package/atlas-sw-probe-rpc/install + $(INSTALL_DIR) $(1)/usr/libexec/rpcd + $(INSTALL_BIN) ./files/atlas_rpcd.sh $(1)/usr/libexec/rpcd/atlas +endef + +$(eval $(call BuildPackage,atlas-sw-probe)) +$(eval $(call BuildPackage,atlas-sw-probe-rpc)) diff --git a/net/atlas-sw-probe/files/atlas.conf b/net/atlas-sw-probe/files/atlas.conf new file mode 100644 index 0000000000000..d2a12a523f9f6 --- /dev/null +++ b/net/atlas-sw-probe/files/atlas.conf @@ -0,0 +1,4 @@ +config atlas 'common' + option log_stderr '1' + option log_stdout '0' + option rxtxrpt '1' diff --git a/net/atlas-sw-probe/files/atlas.init b/net/atlas-sw-probe/files/atlas.init new file mode 100644 index 0000000000000..c5495cd9a28b6 --- /dev/null +++ b/net/atlas-sw-probe/files/atlas.init @@ -0,0 +1,178 @@ +#!/bin/sh /etc/rc.common + +USE_PROCD=1 +START=30 +EXTRA_COMMANDS="get_key probeid log create_backup load_backup" +EXTRA_HELP=" get_key print probe public key (used for probe registration) + probeid print probe id + log print probe status log + create_backup backup ssh key to tar.gz + load_backup 'backup.tar.gz' load backup ssh key from tar.gz +" + +SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts" +TMP_BASE_DIR="/tmp/ripe_atlas_probe" +PUB_KEY_FILE="$SCRIPTS_DIR/etc/probe_key.pub" +PRIV_KEY_FILE="$SCRIPTS_DIR/etc/probe_key" +PROBE_ID_FILE="$TMP_BASE_DIR/status/reg_init_reply.txt" +LOG_FILE="/tmp/log/ripe_sw_probe" +STATE_CONFIG="$SCRIPTS_DIR/state/config.txt" + +load_backup() { + local backup_arch + local tmp_dir + + backup_arch="$1" + tmp_dir="$(mktemp -u -p /var/run/atlas)" + if [ -f "$backup_arch" ]; then + safe_mkdir "$tmp_dir" + tar -xzf "$backup_arch" -C "$tmp_dir/" + if [ -f "$tmp_dir/probe_key.pub" ] && [ -f "$tmp_dir/probe_key" ]; then + mv "$tmp_dir/probe_key.pub" "$PUB_KEY_FILE" + mv "$tmp_dir/probe_key" "$PRIV_KEY_FILE" + rm -rf "$tmp_dir" + print_msg "Info: public and private key loaded from backup" + else + print_msg "Error: Could not extract probe_key or probe_key form backup archive" + rm -rf "$tmp_dir" + exit 1 + fi + else + print_msg "Error: Provided backup file $backup_arch does not exists" + exit 1 + fi +} + +create_backup() { + local back_dir + + back_dir="$(pwd)" + + if [ -f "$PUB_KEY_FILE" -a -f "$PRIV_KEY_FILE" ]; then + print_msg "Info: Creating backup arch in $back_dir" + tar -czf "$back_dir/atlas-key-backup.tar.gz" -C "$SCRIPTS_DIR/etc" probe_key probe_key.pub + else + print_msg "Error: private or public key does not exists." + exit 1 + fi +} + +log() { + if [ -f "$LOG_FILE" ];then + tail "$LOG_FILE" + else + print_msg "Error. No log file found. Probe isn't probably running" + exit 1 + fi +} + +get_key() { + if [ -f "$PUB_KEY_FILE" ]; then + echo "Probe public key (use for registration)" + echo "URL with registration form https://atlas.ripe.net/apply/swprobe/" + echo "==========================================" + cat "$PUB_KEY_FILE" + else + print_msg "Error! Pub. key not found" + exit 1 + fi +} + +probeid() { + local probe_id + + if [ -f "$PROBE_ID_FILE" ]; then + probe_id="$(awk '/PROBE_ID/ {print $2}' "$PROBE_ID_FILE")" + if [ -z "$probe_id" ]; then + print_msg "Probe ID not found SW probe isn't probably registered yet" + exit 1 + else + print_msg "Probe ID is $probe_id" + fi + else + print_msg "Probe ID not found. SW probe is not running or probe_key isn't registered yet" + exit 1 + fi +} + +print_msg() { + echo "$1" >&2 + logger -t atlas-sw-probe "$1" +} + +stop_service() { + local atlas_pid + local tunnel_pid + local pid_file + + print_msg "Stopping atlas sw probe" + print_msg "Kill all atlas processes" + + for pid_file in "$SCRIPTS_DIR/run/"*.vol; do + [ -f "$pid_file" ] || continue + # test if proccess is still running + atlas_pid="$(cat "$pid_file")" + if kill -0 "$atlas_pid" 2>/dev/null; then + kill "$atlas_pid" + fi + done + + if [ -f "$SCRIPTS_DIR/status/con_keep_pid.vol" ]; then + print_msg "Kill ssh tunnel" + tunnel_pid="$(cat "$SCRIPTS_DIR/status/con_keep_pid.vol")" + if kill -0 "$tunnel_pid" 2>/dev/null; then + kill "$tunnel_pid" + fi + fi +} + +safe_mkdir() { + local dir="$1" + if [ -e "$dir" ] && [ ! -d "$dir" -o -L "$dir" ]; then + rm -rf "$dir" + fi + mkdir -p "$dir" + chmod 700 "$dir" + chown root:root "$dir" +} + +create_tmp_dirs() { + local dirs + + chown -R atlas:atlas "$SCRIPTS_DIR/bin" + chmod 755 "$SCRIPTS_DIR/bin" + dirs='crons data run status' + + safe_mkdir "$TMP_BASE_DIR" + for i in $dirs; do + safe_mkdir "$TMP_BASE_DIR/$i" + done +} + +start_service() { + local log_stderr + local log_stdout + local rxtxrpt + local test_setting + + create_tmp_dirs + + config_load atlas + config_get_bool log_stderr "common" log_stderr "0" + config_get_bool log_stdout "common" log_stdout "0" + config_get_bool rxtxrpt "common" rxtxrpt "1" + test_setting=$(grep "^[ ]*RXTXRPT=yes" "$STATE_CONFIG") + + # Decide if we should write to permanent storage + if [ "$rxtxrpt" == "1" ] && [ -z "$test_setting" ]; then + echo "RXTXRPT=yes">$STATE_CONFIG + elif [ "$rxtxrpt" == "0" ] && [ ! -z "$test_setting" ]; then + echo "RXTXRPT=no">$STATE_CONFIG + fi + + procd_open_instance + procd_set_param command "$SCRIPTS_DIR/bin/ATLAS" + procd_set_param stdout "$log_stdout" + procd_set_param stderr "$log_stderr" + procd_close_instance +} diff --git a/net/atlas-sw-probe/files/atlas_rpcd.sh b/net/atlas-sw-probe/files/atlas_rpcd.sh new file mode 100755 index 0000000000000..0fde836380b20 --- /dev/null +++ b/net/atlas-sw-probe/files/atlas_rpcd.sh @@ -0,0 +1,83 @@ +#!/bin/sh + +. /lib/functions.sh + +SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts" +TMP_BASE_DIR="/tmp/ripe_atlas_probe" +PUB_KEY_FILE="$SCRIPTS_DIR/etc/probe_key.pub" +PRIV_KEY_FILE="$SCRIPTS_DIR/etc/probe_key" +PROBE_ID_FILE="$TMP_BASE_DIR/status/reg_init_reply.txt" + +get_atlas_public_key() { + local pub_key + + if [ -f "$PUB_KEY_FILE" ]; then + pub_key=$(cat "$PUB_KEY_FILE") + fi + + echo "{" + echo \"pub-key\":\"$pub_key\" + echo "}" +} + +get_atlas_probeid() { + local probe_id + + if /etc/init.d/atlas probeid 2>/dev/null; then + probe_id="$(awk '/PROBE_ID/ {print $2}' "$PROBE_ID_FILE")" + fi + + echo "{" + echo \"probe-id\":\"$probe_id\" + echo "}" +} + +get_reg_info() { + local pub_ip + local asn + local asn_org + + if [ -z "$pub_ip" ]; then + pub_ip="$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com|tr -d '"')" + fi + + echo "{" + echo \"public-ipv4\":\"$pub_ip\" + echo "}" +} + +get_status() { + local status + + status="$(/etc/init.d/atlas status)" + echo "{" + echo \"status\":\"$status\" + echo "}" +} + +case "$1" in + list) + echo '{' + echo ' "pub-key": {},' + echo ' "probe-id": {},' + echo ' "reg-info": {}' + echo ' "status": {}' + echo '}' + ;; + call) + case "$2" in + pub-key) + get_atlas_public_key + ;; + probe-id) + get_atlas_probeid + ;; + reg-info) + get_reg_info + ;; + get-status) + get_status + ;; + esac + ;; +esac diff --git a/net/atlas-sw-probe/patches/001-fix-config-path.patch b/net/atlas-sw-probe/patches/001-fix-config-path.patch new file mode 100644 index 0000000000000..5a518199c3ae4 --- /dev/null +++ b/net/atlas-sw-probe/patches/001-fix-config-path.patch @@ -0,0 +1,14 @@ +--- a/bin/ATLAS ++++ b/bin/ATLAS +@@ -7,9 +7,9 @@ + #exec >/tmp/ATLAS.out 2>/tmp/ATLAS.err + #set -x + +-if [ -f bin/config.sh ] ++if [ -f /usr/libexec/atlas-probe-scripts/bin/config.sh ] + then +- . bin/config.sh ++ . /usr/libexec/atlas-probe-scripts/bin/config.sh + export DEVICE_NAME SUB_ARCH ATLAS_STATIC + else + echo no 'bin/config.sh' >&2 From f75b70100932ff5e57db7072650dfd3f68dac980 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Thu, 4 Feb 2021 19:16:44 +0200 Subject: [PATCH 073/221] miniupnpd: introduce IGDv1 variant Microsoft Windows, Xbox and possibly other operating systems do not support IGDv2. With IGDv2 enabled, they send a HTTP GET request for rootDesc.xml and WANIPCn.xml, and then nothing happens. The Microsoft implementation probably doesn't like the WANIPCn.xml response and decides UPnP is not available. When miniupnpd is built without IGDv2 support, after the 2 HTTP GET requests, there is a HTTP POST request to /ctl/IPConn, and miniupnpd configures the port forward as expected. The runtime option force_igd_desc_v1=yes (UCI: igvd1) does not solve this problem. It's possible this was enough in earlier miniupnpd versions, but it does not fix the problem the current version. Since we are a modern distro, we want to support the latest and greatest, so we should default to IGDv2 enabled. Introducing a menuconfig option to disable IGDv2 would only help people who build their own images, so offer a separate package variant for IGDv1. Signed-off-by: Stijn Tintel --- net/miniupnpd/Makefile | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index b597b596f96ce..84025e93a11ae 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -26,7 +26,7 @@ PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/version.mk -define Package/miniupnpd +define Package/miniupnpd/Default SECTION:=net CATEGORY:=Network DEPENDS:=+iptables +libip4tc +IPV6:libip6tc +IPV6:ip6tables +libuuid +libcap-ng @@ -35,10 +35,26 @@ define Package/miniupnpd URL:=https://miniupnp.tuxfamily.org/ endef +define Package/miniupnpd + $(call Package/miniupnpd/Default) + TITLE+= (IGDv2) + CONFLICTS:=miniupnpd-igdv1 + VARIANT:=igdv2 +endef + +define Package/miniupnpd-igdv1 + $(call Package/miniupnpd/Default) + TITLE+= (IGDv1) + PROVIDES:=miniupnpd + VARIANT:=igdv1 +endef + define Package/miniupnpd/conffiles /etc/config/upnpd endef +Package/miniupnpd-igdv1/conffiles = $(Package/miniupnpd/conffiles) + define Build/Prepare $(call Build/Prepare/Default) echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt @@ -46,12 +62,15 @@ endef CONFIGURE_ARGS = \ $(if $(CONFIG_IPV6),--ipv6) \ - --igd2 \ --leasefile \ --portinuse \ --firewall=iptables \ --disable-fork +ifeq ($(BUILD_VARIANT),igdv2) + CONFIGURE_ARGS += --igd2 +endif + TARGET_CFLAGS += $(FPIC) -flto TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed @@ -71,4 +90,7 @@ define Package/miniupnpd/install $(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include endef +Package/miniupnpd-igdv1/install = $(Package/miniupnpd/install) + $(eval $(call BuildPackage,miniupnpd)) +$(eval $(call BuildPackage,miniupnpd-igdv1)) From eff2dcdee3357d112575e087650ea2c1f38fce25 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sat, 17 Apr 2021 09:41:17 +0200 Subject: [PATCH 074/221] adblock: update to 4.1.1 * support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain clients based on their IP (currently only supported by bind!) * avoid promiscuous mode in tcpdump setup for adblock reporting * speed up dns report preparation * support dns report mailing (/etc/init.d/adblock report mail) * fix bind autodetection * update LuCI-frontend (separate PR) * update readme Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 4 +- net/adblock/files/README.md | 6 +- net/adblock/files/adblock.init | 6 +- net/adblock/files/adblock.mail | 17 +- net/adblock/files/adblock.sh | 462 +++++++++++++++++++-------------- 5 files changed, 286 insertions(+), 209 deletions(-) diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 24a8b157da1df..7e5bd50adb3f3 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -6,8 +6,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock -PKG_VERSION:=4.1.0 -PKG_RELEASE:=4 +PKG_VERSION:=4.1.1 +PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index 33b5ea00aa73d..183b3ecfac816 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -68,6 +68,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * Supports five different DNS backend formats: dnsmasq, unbound, named (bind), kresd or raw (e.g. used by dnscrypt-proxy) * Supports four different SSL-enabled download utilities: uclient-fetch, wget, curl or aria2c * Supports SafeSearch for google, bing, duckduckgo, yandex, youtube and pixabay +* Supports RPZ-trigger 'RPZ-CLIENT-IP' to always allow/deny certain DNS clients based on their IP address (currently only supported by bind dns backend) * Fast downloads & list processing as they are handled in parallel running background jobs with multicore support * Supports a wide range of router modes, even AP modes are supported * Full IPv4 and IPv6 support @@ -159,7 +160,7 @@ Available commands: | adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) | | adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing | | adb_dnsinotify | -, not set | set to 1 to prevent adblock triggered restarts for DNS backends with autoload functions | -| adb_dnsallow | -, not set | set to 1 to disable selective DNS whitelisting (RPZ pass through) | +| adb_dnsallow | -, not set | set to 1 to disable selective DNS whitelisting (RPZ-PASSTHRU) | | adb_lookupdomain | example.com | external domain to check for a successful DNS backend restart or 'false' to disable this check | | adb_portlist | 53 853 5353 | space separated list of firewall ports which should be redirected locally | | adb_report | 0, disabled | set to 1 to enable the background tcpdump gathering process for reporting | @@ -189,7 +190,6 @@ No further configuration is needed, adblock deposits the final blocklist 'adb_li **Change the DNS backend to 'named' (bind):** Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind'. -To preserve the DNS cache after adblock processing you need to install & configure 'bind-rdnc'. To use the blocklist please modify '/etc/bind/named.conf': 

 in the 'options' namespace add:
@@ -209,7 +209,7 @@ Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no furt
 Please note: The knot-resolver (kresd) is only available on Turris devices and does not support the SafeSearch functionality yet.
 
 **Use restrictive jail modes:**  
-You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrice jail mode (jail mode only).
+You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
 
 **Enable E-Mail notification via 'msmtp':**  
 To use the email notification you have to install & configure the package 'msmtp'.  
diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init
index 4efb7d46dc608..9ef6215df8958 100755
--- a/net/adblock/files/adblock.init
+++ b/net/adblock/files/adblock.init
@@ -13,7 +13,7 @@ then
 	extra_command "suspend" "Suspend adblock processing"
 	extra_command "resume" "Resume adblock processing"
 	extra_command "query" " Query active blocklists and backups for a specific domain"
-	extra_command "report" "[] Print DNS statistics with an optional search parameter"
+	extra_command "report" "[[|||] [] []] Print DNS statistics with an optional search parameter"
 	extra_command "list" "[|||||||||]  List/Edit available sources"
 	extra_command "timer" "[   [] []]|[ ] List/Edit cron update intervals"
 	extra_command "version" "Print version information"
@@ -23,7 +23,7 @@ else
 	suspend	Suspend adblock processing
 	resume	Resume adblock processing
 	query	 Query active blocklists and backups for a specific domain
-	report	[] Print DNS statistics with an optional search parameter
+	report	[[|||] [] []] Print DNS statistics with an optional search parameter
 	list	[|||||||||]  List/Edit available sources
 	timer	[   [] []]|[ ] List/Edit cron update intervals
 	version	Print version information"
@@ -105,7 +105,7 @@ query()
 
 report()
 {
-	rc_procd "${adb_script}" report "${1:-"+"}" "${2:-"50"}" "${3:-"true"}" "${4:-"cli"}"
+	rc_procd "${adb_script}" report "${1:-"cli"}" "${2}" "${3}"
 }
 
 list()
diff --git a/net/adblock/files/adblock.mail b/net/adblock/files/adblock.mail
index be5d260722ba6..010e45b2a25dd 100755
--- a/net/adblock/files/adblock.mail
+++ b/net/adblock/files/adblock.mail
@@ -34,7 +34,7 @@ f_log()
 	then
 		"${adb_logger}" -p "${class}" -t "adblock-${adb_ver}[${$}]" "${log_msg}"
 	else
-		printf "%s %s %s\\n" "${class}" "adblock-${adb_ver}[${$}]" "${log_msg}"
+		printf "%s %s %s\n" "${class}" "adblock-${adb_ver}[${$}]" "${log_msg}"
 	fi
 }
 
@@ -44,17 +44,18 @@ then
 	exit ${adb_rc}
 fi
 
-if [ "${adb_debug}" -eq 1 ]
+if [ "${adb_debug}" = "1" ]
 then
 	debug="--debug"
 fi
 
-adb_mailhead="From: ${adb_mailsender}\\nTo: ${adb_mailreceiver}\\nSubject: ${adb_mailtopic}\\nReply-to: ${adb_mailsender}\\nMime-Version: 1.0\\nContent-Type: text/html\\nContent-Disposition: inline\\n\\n"
+adb_mailhead="From: ${adb_mailsender}\nTo: ${adb_mailreceiver}\nSubject: ${adb_mailtopic}\nReply-to: ${adb_mailsender}\nMime-Version: 1.0\nContent-Type: text/html;charset=utf-8\nContent-Disposition: inline\n\n"
 
 # info preparation
 #
 sys_info="$(strings /etc/banner 2>/dev/null; ubus call system board | sed -e 's/\"release\": {//' | sed -e 's/^[ \t]*//' | sed -e 's/[{}\",]//g' | sed -e 's/[ ]/  \t/' | sed '/^$/d' 2>/dev/null)"
 adb_info="$(/etc/init.d/adblock status 2>/dev/null)"
+rep_info="${2}"
 if [ -x "${adb_logread}" ]
 then
 	log_info="$("${adb_logread}" -l 100 -e "adblock-" | awk '{NR=1;max=120;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
@@ -63,9 +64,13 @@ fi
 # mail body
 #
 adb_mailtext="
"
-adb_mailtext="${adb_mailtext}\\n++\\n++ System Information ++\\n++\\n${sys_info}"
-adb_mailtext="${adb_mailtext}\\n\\n++\\n++ Adblock Information ++\\n++\\n${adb_info}"
-adb_mailtext="${adb_mailtext}\\n\\n++\\n++ Logfile Information ++\\n++\\n${log_info}"
+adb_mailtext="${adb_mailtext}\n++\n++ System Information ++\n++\n${sys_info}"
+adb_mailtext="${adb_mailtext}\n\n++\n++ Adblock Information ++\n++\n${adb_info}"
+if [ -n "${rep_info}" ]
+then
+	adb_mailtext="${adb_mailtext}\n\n++\n++ Report Information ++\n++\n${rep_info}"
+fi
+adb_mailtext="${adb_mailtext}\n\n++\n++ Logfile Information ++\n++\n${log_info}"
 adb_mailtext="${adb_mailtext}
"
 
 # send mail
diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh
index 731310e99a322..d87cf70a39bb2 100755
--- a/net/adblock/files/adblock.sh
+++ b/net/adblock/files/adblock.sh
@@ -11,7 +11,7 @@
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail
-adb_ver="4.1.0"
+adb_ver="4.1.1"
 adb_enabled=0
 adb_debug=0
 adb_forcedns=0
@@ -30,7 +30,7 @@ adb_mailcnt=0
 adb_jail=0
 adb_dns=""
 adb_dnsprefix="adb_list"
-adb_locallist="blacklist whitelist"
+adb_locallist="blacklist whitelist iplist"
 adb_tmpbase="/tmp"
 adb_backupdir="${adb_tmpbase}/adblock-Backup"
 adb_reportdir="${adb_tmpbase}/adblock-Report"
@@ -64,6 +64,8 @@ adb_cnt=""
 #
 f_load()
 {
+	local bg_pid iface port ports
+
 	adb_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | \
 		"${adb_awk}" 'BEGIN{ORS=", "}{print $0}' | "${adb_awk}" '{print substr($0,1,length($0)-2)}')"
 	f_conf
@@ -82,6 +84,73 @@ f_load()
 		f_log "info" "adblock is currently disabled, please set the config option 'adb_enabled' to '1' to use this service"
 		exit 0
 	fi
+
+	if [ "${adb_report}" = "1" ] && [ ! -x "${adb_dumpcmd}" ]
+	then
+		f_log "info" "Please install the package 'tcpdump' or 'tcpdump-mini' to use the reporting feature"
+	elif [ "${adb_report}" = "0" ] && [ "${adb_action}" = "report" ]
+	then
+		f_log "info" "Please enable the 'DNS Report' option to use the reporting feature"
+		exit 0
+	fi
+
+	bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
+	if [ -x "${adb_dumpcmd}" ] && { [ "${adb_report}" = "0" ] || { [ -n "${bg_pid}" ] && { [ "${adb_action}" = "stop" ] || [ "${adb_action}" = "restart" ]; }; }; }
+	then
+		if [ -n "${bg_pid}" ]
+		then
+			kill -HUP "${bg_pid}" 2>/dev/null
+			while $(kill -0 "${bg_pid}" 2>/dev/null)
+			do
+				sleep 1
+			done
+			unset bg_pid
+		fi
+	fi
+
+	if [ -x "${adb_dumpcmd}" ] && [ "${adb_report}" = "1" ] && [ -z "${bg_pid}" ] && [ "${adb_action}" != "report" ] && [ "${adb_action}" != "stop" ]
+	then
+		for port in ${adb_replisten}
+		do
+			if [ -z "${ports}" ]
+			then
+				ports="port ${port}"
+			else
+				ports="${ports} or port ${port}"
+			fi
+		done
+		if [ -z "${adb_repiface}" ]
+		then
+			network_get_device iface "lan"
+			if [ -n "${iface}" ]
+			then
+				adb_repiface="${iface}"
+			else
+				network_get_physdev iface "lan"
+				if [ -n "${iface}" ]
+				then
+					adb_repiface="${iface}"
+				fi
+			fi
+			if [ -n "${adb_repiface}" ]
+			then
+				uci_set adblock global adb_repiface "${adb_repiface}"
+				f_uci "adblock"
+			fi
+		fi
+		if [ -n "${adb_reportdir}" ] && [ ! -d "${adb_reportdir}" ]
+		then
+			mkdir -p "${adb_reportdir}"
+			f_log "info" "report directory '${adb_reportdir}' created"
+		fi
+		if [ -n "${adb_repiface}" ] && [ -d "${adb_reportdir}" ]
+		then
+			( "${adb_dumpcmd}" -nn -p -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 & )
+			bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
+		else
+			f_log "info" "Please set the name of the reporting network device 'adb_repiface' manually"
+		fi
+	fi
 }
 
 # check & set environment
@@ -109,8 +178,9 @@ f_env()
 			f_log "err" "adblock source archive not found"
 		fi
 	fi
-	if [ -r "${adb_srcfile}" ]
+	if [ -r "${adb_srcfile}" ] && [ "${adb_action}" != "report" ]
 	then
+		json_init
 		json_load_file "${adb_srcfile}"
 	else
 		f_log "err" "adblock source file not found"
@@ -155,6 +225,12 @@ f_conf()
 			elif [ "${option}" = "adb_utc_sources" ]
 			then
 				eval "${option}=\"$(printf "%s" "${adb_utc_sources}") ${value}\""
+			elif [ "${option}" = "adb_denyip" ]
+			then
+				eval "${option}=\"$(printf "%s" "${adb_denyip}") ${value}\""
+			elif [ "${option}" = "adb_allowip" ]
+			then
+				eval "${option}=\"$(printf "%s" "${adb_allowip}") ${value}\""
 			elif [ "${option}" = "adb_safesearchlist" ]
 			then
 				eval "${option}=\"$(printf "%s" "${adb_safesearchlist}") ${value}\""
@@ -192,7 +268,7 @@ f_dns()
 
 	if [ -z "${adb_dns}" ]
 	then
-		utils="knot-resolver named unbound dnsmasq raw"
+		utils="knot-resolver bind unbound dnsmasq raw"
 		for util in ${utils}
 		do
 			if [ "${util}" = "raw" ] || [ -n "$(printf "%s" "${adb_packages}" | grep "^${util}")" ]
@@ -200,6 +276,9 @@ f_dns()
 				if [ "${util}" = "knot-resolver" ]
 				then
 					util="kresd"
+				elif [ "${util}" = "bind" ]
+				then
+					util="named"
 				fi
 				if [ "${util}" = "raw" ] || [ -x "$(command -v "${util}")" ]
 				then
@@ -248,6 +327,8 @@ f_dns()
 				adb_dnsheader="${adb_dnsheader:-"\$TTL 2h\n@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)\n  IN NS  localhost.\n"}"
 				adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}"
 				adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}"
+				adb_dnsdenyip="${adb_dnsdenyip:-"${adb_awk} '{print \"\"\$0\".rpz-client-ip CNAME .\"}'"}"
+				adb_dnsallowip="${adb_dnsallowip:-"${adb_awk} '{print \"\"\$0\".rpz-client-ip CNAME rpz-passthru.\"}'"}"
 				adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"\"\$0\" CNAME \"item\".\\n*.\"\$0\" CNAME \"item\".\"}'"}"
 				adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
 			;;
@@ -509,6 +590,12 @@ f_count()
 
 	adb_cnt=0
 	case "${mode}" in
+		"iplist")
+			if [ -s "${adb_tmpdir}/tmp.add.${name}" ]
+			then
+				adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.add.${name}")"
+			fi
+		;;
 		"blacklist")
 			if [ -s "${adb_tmpfile}.${name}" ]
 			then
@@ -680,9 +767,37 @@ f_dnsup()
 #
 f_list()
 {
-	local hold file rset item array safe_url safe_ips safe_cname safe_domains out_rc mode="${1}" src_name="${2:-"${src_name}"}" in_rc="${src_rc:-0}" cnt=1 ffiles="-maxdepth 1 -name ${adb_dnsprefix}.*.gz"
+	local hold file rset item array safe_url safe_ips safe_cname safe_domains ip out_rc mode="${1}" src_name="${2:-"${src_name}"}" in_rc="${src_rc:-0}" cnt="1" ffiles="-maxdepth 1 -name ${adb_dnsprefix}.*.gz"
 
 	case "${mode}" in
+		"iplist")
+			src_name="${mode}"
+			if [ "${adb_dns}" = "named" ]
+			then
+				rset="BEGIN{FS=\"[.:]\";pfx=\"32\"}{if(match(\$0,/:/))pfx=\"128\"}{printf \"%s.\",pfx;for(seg=NF;seg>=1;seg--)if(seg==1)printf \"%s\n\",\$seg;else if(\$seg>=0)printf \"%s.\",\$seg; else printf \"%s.\",\"zz\"}"
+				if [ -n "${adb_allowip}" ]
+				then
+					> "${adb_tmpdir}/tmp.raw.${src_name}"
+					for ip in ${adb_allowip}
+					do
+						printf "%s" "${ip}" | "${adb_awk}" "${rset}" >> "${adb_tmpdir}/tmp.raw.${src_name}"
+					done
+					eval "${adb_dnsallowip}" "${adb_tmpdir}/tmp.raw.${src_name}" > "${adb_tmpdir}/tmp.add.${src_name}"
+					out_rc="${?}"
+				fi
+				if [ -n "${adb_denyip}" ] && { [ -z "${out_rc}" ] || [ "${out_rc}" = "0" ]; }
+				then
+					> "${adb_tmpdir}/tmp.raw.${src_name}"
+					for ip in ${adb_denyip}
+					do
+						printf "%s" "${ip}" | "${adb_awk}" "${rset}" >> "${adb_tmpdir}/tmp.raw.${src_name}"
+					done
+					eval "${adb_dnsdenyip}" "${adb_tmpdir}/tmp.raw.${src_name}" >> "${adb_tmpdir}/tmp.add.${src_name}"
+					out_rc="${?}"
+				fi
+				rm -f "${adb_tmpdir}/tmp.raw.${src_name}"
+			fi
+		;;
 		"blacklist"|"whitelist")
 			src_name="${mode}"
 			if [ "${src_name}" = "blacklist" ] && [ -f "${adb_blacklist}" ]
@@ -918,6 +1033,10 @@ f_list()
 			else
 				> "${adb_dnsdir}/${adb_dnsfile}"
 			fi
+			if [ -s "${adb_tmpdir}/tmp.add.iplist" ]
+			then
+				cat "${adb_tmpdir}/tmp.add.iplist" >> "${adb_dnsdir}/${adb_dnsfile}"
+			fi
 			if [ -s "${adb_tmpdir}/tmp.add.whitelist" ]
 			then
 				cat "${adb_tmpdir}/tmp.add.whitelist" >> "${adb_dnsdir}/${adb_dnsfile}"
@@ -968,6 +1087,7 @@ f_switch()
 {
 	local status entry done="false" mode="${1}"
 
+	json_init
 	json_load_file "${adb_rtfile}" >/dev/null 2>&1
 	json_select "data" >/dev/null 2>&1
 	json_get_var status "adblock_status"
@@ -1112,6 +1232,7 @@ f_jsnup()
 			status=""
 		;;
 	esac
+	json_init
 	json_load_file "${adb_rtfile}" >/dev/null 2>&1
 	if [ "${?}" = "0" ]
 	then
@@ -1140,6 +1261,7 @@ f_jsnup()
 	fi
 
 	> "${adb_rtfile}"
+	json_init
 	json_load_file "${adb_rtfile}" >/dev/null 2>&1
 	json_init
 	json_add_string "adblock_status" "${status:-"enabled"}"
@@ -1198,7 +1320,7 @@ f_log()
 #
 f_main()
 {
-	local src_tmpload src_tmpfile src_name src_rset src_url src_log src_arc src_cat src_item src_list src_entries src_suffix src_rc entry keylist memory cnt=1
+	local src_tmpload src_tmpfile src_name src_rset src_url src_log src_arc src_cat src_item src_list src_entries src_suffix src_rc entry memory cnt=1
 
 	memory="$("${adb_awk}" '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null | "${adb_awk}" '{print substr($0,1,length($0)-1)}')"
 	f_log "debug" "f_main   ::: memory: ${memory:-0}, max_queue: ${adb_maxqueue}, safe_search: ${adb_safesearch}, force_dns: ${adb_forcedns}, awk: ${adb_awk}"
@@ -1460,211 +1582,164 @@ f_main()
 #
 f_report()
 {
-	local iface bg_pid status total start end blocked percent top_list top array item index hold ports cnt=0 search="${1}" count="${2}" process="${3}" print="${4}"
+	local report_raw report_json report_txt content status total start end blocked percent top_list top array item index hold ports value key key_list cnt=0 action="${1}" count="${2:-"50"}" search="${3:-"+"}"
 
-	if [ "${adb_report}" = "1" ] && [ ! -x "${adb_dumpcmd}" ]
-	then
-		f_log "info" "Please install the package 'tcpdump' or 'tcpdump-mini' to use the reporting feature"
-	elif [ "${adb_report}" = "0" ] && [ "${adb_action}" = "report" ]
-	then
-		f_log "info" "Please enable the 'DNS Report' option to use the reporting feature"
-	fi
+	report_raw="${adb_reportdir}/adb_report.raw"
+	report_srt="${adb_reportdir}/adb_report.srt"
+	report_jsn="${adb_reportdir}/adb_report.json"
+	report_txt="${adb_reportdir}/adb_mailreport.txt"
 
-	if [ -x "${adb_dumpcmd}" ]
+	# build json file
+	#
+	if [ "${action}" != "json" ]
 	then
-		bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
-		if [ "${adb_report}" = "0" ] || { [ -n "${bg_pid}" ] && { [ "${adb_action}" = "stop" ] || [ "${adb_action}" = "restart" ]; } }
-		then
-			if [ -n "${bg_pid}" ]
+		> "${report_raw}"
+		> "${report_srt}"
+		> "${report_txt}"
+		> "${report_jsn}"
+		for file in "${adb_reportdir}/adb_report.pcap"*
+		do
+			(
+				"${adb_dumpcmd}" -nn -tttt -r "${file}" 2>/dev/null | \
+					"${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);gsub(/[^[:alnum:]\.:-]/,"",c);d=cnt $7;sub(/\*$/,"",d);
+					e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);gsub(/[^[:alnum:]\.-]/,"",e);if(e==""){e="err"};printf "%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >> "${report_raw}"
+			)&
+			hold=$((cnt%adb_maxqueue))
+			if [ "${hold}" = "0" ]
 			then
-				kill -HUP "${bg_pid}" 2>/dev/null
-				while $(kill -0 "${bg_pid}" 2>/dev/null)
-				do
-					sleep 1
-				done
-				unset bg_pid
+				wait
 			fi
-		fi
-	fi
-
-	if [ -x "${adb_dumpcmd}" ] && [ "${adb_report}" = "1" ]
-	then
-		if [ -z "${bg_pid}" ] && [ "${adb_action}" != "report" ] && [ "${adb_action}" != "stop" ]
+			cnt=$((cnt+1))
+		done
+		wait
+		if [ -s "${report_raw}" ]
 		then
-			for port in ${adb_replisten}
-			do
-				if [ -z "${ports}" ]
-				then
-					ports="port ${port}"
-				else
-					ports="${ports} or port ${port}"
-				fi
-			done
-			if [ -z "${adb_repiface}" ]
-			then
-				network_get_device iface "lan"
-				if [ -n "${iface}" ]
-				then
-					adb_repiface="${iface}"
-				else
-					network_get_physdev iface "lan"
-					if [ -n "${iface}" ]
-					then
-						adb_repiface="${iface}"
-					fi
-				fi
-				if [ -n "${adb_repiface}" ]
-				then
-					uci_set adblock global adb_repiface "${adb_repiface}"
-					f_uci "adblock"
-				fi
-			fi
-			if [ -n "${adb_reportdir}" ] && [ ! -d "${adb_reportdir}" ]
-			then
-				mkdir -p "${adb_reportdir}"
-				f_log "info" "report directory '${adb_reportdir}' created"
-			fi
-			if [ -n "${adb_repiface}" ] && [ -d "${adb_reportdir}" ]
-			then
-				( "${adb_dumpcmd}" -nn -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 & )
-				bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
-			else
-				f_log "info" "Please set the name of the reporting network device 'adb_repiface' manually"
-			fi
+			"${adb_sort}" ${adb_srtopts} -k1 -k3 -k4 -k5 -k1 -ur "${report_raw}" | \
+				"${adb_awk}" '{currA=($1+0);currB=$1;currC=substr($1,length($1),1);if(reqA==currB){reqA=0;printf "%s\t%s\n",d,$2}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' | \
+				"${adb_sort}" ${adb_srtopts} -k1 -k2 -k3 -k4 -ur > "${report_srt}"
+			rm -f "${report_raw}"
 		fi
 
-		if [ "${adb_action}" = "report" ] && [ "${process}" = "true" ]
+		if [ -s "${report_srt}" ]
 		then
-			> "${adb_reportdir}/adb_report.raw"
-			for file in "${adb_reportdir}/adb_report.pcap"*
+			start="$("${adb_awk}" 'END{printf "%s_%s",$1,$2}' "${report_srt}")"
+			end="$("${adb_awk}" 'NR==1{printf "%s_%s",$1,$2}' "${report_srt}")"
+			total="$(wc -l < "${report_srt}")"
+			blocked="$("${adb_awk}" '{if($5=="NX")cnt++}END{printf "%s",cnt}' "${report_srt}")"
+			percent="$("${adb_awk}" -v t="${total}" -v b="${blocked}" 'BEGIN{printf "%.2f%s",b/t*100,"%"}')"
+			> "${report_jsn}"
+			printf "%s\n" "{ " >> "${report_jsn}"
+			printf "\t%s\n" "\"start_date\": \"${start%_*}\", " >> "${report_jsn}"
+			printf "\t%s\n" "\"start_time\": \"${start#*_}\", " >> "${report_jsn}"
+			printf "\t%s\n" "\"end_date\": \"${end%_*}\", " >> "${report_jsn}"
+			printf "\t%s\n" "\"end_time\": \"${end#*_}\", " >> "${report_jsn}"
+			printf "\t%s\n" "\"total\": \"${total}\", " >> "${report_jsn}"
+			printf "\t%s\n" "\"blocked\": \"${blocked}\", " >> "${report_jsn}"
+			printf "\t%s\n" "\"percent\": \"${percent}\", " >> "${report_jsn}"
+			top_list="top_clients top_domains top_blocked"
+			for top in ${top_list}
 			do
-				(
-					"${adb_dumpcmd}" -tttt -r "${file}" 2>/dev/null | \
-						"${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);gsub(/[^[:alnum:]\.:-]/,"",c);d=cnt $7;sub(/\*$/,"",d);
-						e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);gsub(/[^[:alnum:]\.-]/,"",e);if(e==""){e="err"};printf "%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >> "${adb_reportdir}/adb_report.raw"
-				)&
-				hold=$((cnt%adb_maxqueue))
-				if [ "${hold}" = "0" ]
-				then
-					wait
-				fi
-				cnt=$((cnt+1))
+				printf "\t%s" "\"${top}\": [ " >> "${report_jsn}"
+				case "${top}" in
+					"top_clients")
+						"${adb_awk}" '{print $3}' "${report_srt}" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
+							"${adb_sort}" ${adb_srtopts} -nr | \
+							"${adb_awk}" '{ORS=" ";if(NR==1)printf "\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2; else if(NR<10)printf ",\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2}' >> "${report_jsn}"
+					;;
+					"top_domains")
+						"${adb_awk}" '{if($5!="NX")print $4}' "${report_srt}" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
+							"${adb_sort}" ${adb_srtopts} -nr | \
+							"${adb_awk}" '{ORS=" ";if(NR==1)printf "\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2; else if(NR<10)printf ",\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2}' >> "${report_jsn}"
+					;;
+					"top_blocked")
+						"${adb_awk}" '{if($5=="NX")print $4}' "${report_srt}" | \
+							"${adb_sort}" ${adb_srtopts} | uniq -c | "${adb_sort}" ${adb_srtopts} -nr | \
+							"${adb_awk}" '{ORS=" ";if(NR==1)printf "\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2; else if(NR<10)printf ",\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2}' >> "${report_jsn}"
+					;;
+				esac
+				printf "\n\t%s\n" "]," >> "${report_jsn}"
 			done
-			wait
-			if [ -s "${adb_reportdir}/adb_report.raw" ]
-			then
-				"${adb_sort}" ${adb_srtopts} -k1 -k3 -k4 -k5 -k1 -ur "${adb_reportdir}/adb_report.raw" | \
-					"${adb_awk}" '{currA=($1+0);currB=$1;currC=substr($1,length($1),1);if(reqA==currB){reqA=0;printf "%s\t%s\n",d,$2}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' | \
-					"${adb_sort}" ${adb_srtopts} -k1 -k2 -k3 -k4 -ur > "${adb_reportdir}/adb_report.srt"
-				rm -f "${adb_reportdir}/adb_report.raw"
-			fi
-
-			if [ -s "${adb_reportdir}/adb_report.srt" ]
-			then
-				start="$("${adb_awk}" 'END{printf "%s_%s",$1,$2}' "${adb_reportdir}/adb_report.srt")"
-				end="$("${adb_awk}" 'NR==1{printf "%s_%s",$1,$2}' "${adb_reportdir}/adb_report.srt")"
-				total="$(wc -l < "${adb_reportdir}/adb_report.srt")"
-				blocked="$("${adb_awk}" '{if($5=="NX")cnt++}END{printf "%s",cnt}' "${adb_reportdir}/adb_report.srt")"
-				percent="$("${adb_awk}" -v t="${total}" -v b="${blocked}" 'BEGIN{printf "%.2f%s",b/t*100,"%"}')"
-				> "${adb_reportdir}/adb_report.json"
-				printf "%s\n" "{ " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"start_date\": \"${start%_*}\", " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"start_time\": \"${start#*_}\", " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"end_date\": \"${end%_*}\", " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"end_time\": \"${end#*_}\", " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"total\": \"${total}\", " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"blocked\": \"${blocked}\", " >> "${adb_reportdir}/adb_report.json"
-				printf "\t%s\n" "\"percent\": \"${percent}\", " >> "${adb_reportdir}/adb_report.json"
-
-				top_list="top_clients top_domains top_blocked"
-				for top in ${top_list}
-				do
-					printf "\t%s" "\"${top}\": [ " >> "${adb_reportdir}/adb_report.json"
-					case "${top}" in
-						"top_clients")
-							"${adb_awk}" '{print $3}' "${adb_reportdir}/adb_report.srt" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
-								"${adb_sort}" ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2; else if(NR<10)printf ",\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2}' >> "${adb_reportdir}/adb_report.json"
-						;;
-						"top_domains")
-							"${adb_awk}" '{if($5!="NX")print $4}' "${adb_reportdir}/adb_report.srt" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
-								"${adb_sort}" ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2; else if(NR<10)printf ",\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2}' >> "${adb_reportdir}/adb_report.json"
-						;;
-						"top_blocked")
-							"${adb_awk}" '{if($5=="NX")print $4}' "${adb_reportdir}/adb_report.srt" | "${adb_sort}" ${adb_srtopts} | uniq -c | \
-								"${adb_sort}" ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2; else if(NR<10)printf ",\n\t\t{\n\t\t\t\"count\": \"%s\",\n\t\t\t\"address\": \"%s\"\n\t\t}",$1,$2}' >> "${adb_reportdir}/adb_report.json"
-						;;
-					esac
-					printf "\n\t%s\n" "]," >> "${adb_reportdir}/adb_report.json"
-				done
-				search="${search//./\\.}"
-				search="${search//[+*~%\$&\"\' ]/}"
-				"${adb_awk}" "BEGIN{i=0;printf \"\t\\\"requests\\\": [\n\"}/(${search})/{i++;if(i==1)printf \"\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5;else if(i<=${count})printf \",\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5}END{printf \"\n\t]\n}\n\"}" "${adb_reportdir}/adb_report.srt" >> "${adb_reportdir}/adb_report.json"
-				rm -f "${adb_reportdir}/adb_report.srt"
-			fi
+			search="${search//./\\.}"
+			search="${search//[+*~%\$&\"\' ]/}"
+			"${adb_awk}" "BEGIN{i=0;printf \"\t\\\"requests\\\": [\n\"}/(${search})/{i++;if(i==1)printf \"\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5;else if(i<=${count})printf \",\n\t\t{\n\t\t\t\\\"date\\\": \\\"%s\\\",\n\t\t\t\\\"time\\\": \\\"%s\\\",\n\t\t\t\\\"client\\\": \\\"%s\\\",\n\t\t\t\\\"domain\\\": \\\"%s\\\",\n\t\t\t\\\"rc\\\": \\\"%s\\\"\n\t\t}\",\$1,\$2,\$3,\$4,\$5}END{printf \"\n\t]\n}\n\"}" "${adb_reportdir}/adb_report.srt" >> "${report_jsn}"
+			rm -f "${report_srt}"
 		fi
+	fi
 
-		if [ -s "${adb_reportdir}/adb_report.json" ]
-		then
-			if [ "${print}" = "cli" ]
+	# output preparation
+	#
+	if [ -s "${report_jsn}" ] && { [ "${action}" = "cli" ] || [ "${action}" = "mail" ]; }
+	then
+		printf "%s\n%s\n%s\n" ":::" "::: Adblock DNS-Query Report" ":::" >> "${report_txt}"
+		json_init
+		json_load_file "${report_jsn}"
+		json_get_keys key_list
+		for key in ${key_list}
+		do
+			json_get_var value "${key}"
+			eval "${key}=\"${value}\""
+		done
+		printf "  + %s\n  + %s\n" "Start    ::: ${start_date}, ${start_time}" "End      ::: ${end_date}, ${end_time}" >> "${report_txt}"
+		printf "  + %s\n  + %s %s\n" "Total    ::: ${total}" "Blocked  ::: ${blocked}" "(${percent})" >> "${report_txt}"
+		top_list="top_clients top_domains top_blocked requests"
+		for top in ${top_list}
+		do
+			case "${top}" in
+				"top_clients")
+					item="::: Top 10 Clients"
+				;;
+				"top_domains")
+					item="::: Top 10 Domains"
+				;;
+				"top_blocked")
+					item="::: Top 10 Blocked Domains"
+				;;
+			esac
+			if json_get_type status "${top}" && [ "${top}" != "requests" ] && [ "${status}" = "array" ]
 			then
-				printf "%s\n%s\n%s\n" ":::" "::: Adblock DNS-Query Report" ":::"
-				json_load_file "${adb_reportdir}/adb_report.json"
-				json_get_keys keylist
-				for key in ${keylist}
+				printf "%s\n%s\n%s\n" ":::" "${item}" ":::" >> "${report_txt}"
+				json_select "${top}"
+				index=1
+				item=""
+				while json_get_type status "${index}" && [ "${status}" = "object" ]
 				do
-					json_get_var value "${key}"
-					eval "${key}=\"${value}\""
+					json_get_values item "${index}"
+					printf "  + %-9s::: %s\n" ${item} >> "${report_txt}"
+					index=$((index+1))
 				done
-				printf "  + %s\n  + %s\n" "Start    ::: ${start_date}, ${start_time}" "End      ::: ${end_date}, ${end_time}"
-				printf "  + %s\n  + %s %s\n" "Total    ::: ${total}" "Blocked  ::: ${blocked}" "(${percent})"
-
-				top_list="top_clients top_domains top_blocked requests"
-				for top in ${top_list}
+			elif json_get_type status "${top}" && [ "${top}" = "requests" ] && [ "${status}" = "array" ]
+			then
+				printf "%s\n%s\n%s\n" ":::" "::: Latest DNS Queries" ":::" >> "${report_txt}"
+				printf "%-15s%-15s%-45s%-80s%s\n" "Date" "Time" "Client" "Domain" "Answer" >> "${report_txt}"
+				json_select "${top}"
+				index=1
+				while json_get_type status "${index}" && [ "${status}" = "object" ]
 				do
-					case "${top}" in
-						"top_clients")
-							item="::: Top 10 Clients"
-						;;
-						"top_domains")
-							item="::: Top 10 Domains"
-						;;
-						"top_blocked")
-							item="::: Top 10 Blocked Domains"
-						;;
-					esac
-					if json_get_type status "${top}" && [ "${top}" != "requests" ] && [ "${status}" = "array" ]
-					then
-						printf "%s\n%s\n%s\n" ":::" "${item}" ":::"
-						json_select "${top}"
-						index=1
-						while json_get_type status "${index}" && [ "${status}" = "object" ]
-						do
-							json_get_values item "${index}"
-							printf "  + %-9s::: %s\n" ${item}
-							index=$((index+1))
-						done
-					elif json_get_type status "${top}" && [ "${top}" = "requests" ] && [ "${status}" = "array" ]
-					then
-						printf "%s\n%s\n%s\n" ":::" "::: Latest DNS Queries" ":::"
-						printf "%-15s%-15s%-45s%-80s%s\n" "Date" "Time" "Client" "Domain" "Answer"
-						json_select "${top}"
-						index=1
-						while json_get_type status "${index}" && [ "${status}" = "object" ]
-						do
-							json_get_values item "${index}"
-							printf "%-15s%-15s%-45s%-80s%s\n" ${item}
-							index=$((index+1))
-						done
-					fi
-					json_select ".."
+					json_get_values item "${index}"
+					printf "%-15s%-15s%-45s%-80s%s\n" ${item} >> "${report_txt}"
+					index=$((index+1))
 				done
-			elif [ "${print}" = "json" ]
-			then
-				cat "${adb_reportdir}/adb_report.json"
 			fi
-		fi
+			json_select ".."
+		done
+		content="$(cat "${report_txt}" 2>/dev/null)"
+		rm -f "${report_txt}"
+	fi
+
+	# report output
+	#
+	if [ "${action}" = "cli" ]
+	then
+		printf "%s\n" "${content}"
+	elif [ "${action}" = "json" ]
+	then
+		cat "${report_jsn}"
+	elif [ "${action}" = "mail" ] && [ "${adb_mail}" = "1" ] && [ -x "${adb_mailservice}" ]
+	then
+		( "${adb_mailservice}" "${adb_ver}" "${content}" >/dev/null 2>&1 )&
+		bg_pid="${!}"
 	fi
-	f_log "debug" "f_report ::: action: ${adb_action}, report: ${adb_report}, search: ${1}, count: ${2}, process: ${3}, print: ${4}, dump_util: ${adb_dumpcmd}, repdir: ${adb_reportdir}, repiface: ${adb_repiface:-"-"}, replisten: ${adb_replisten}, repchunksize: ${adb_repchunksize}, repchunkcnt: ${adb_repchunkcnt}, bg_pid: ${bg_pid}"
+	f_log "debug" "f_report ::: action: ${action}, count: ${count}, search: ${search}, dump_util: ${adb_dumpcmd}, rep_dir: ${adb_reportdir}, rep_iface: ${adb_repiface:-"-"}, rep_listen: ${adb_replisten}, rep_chunksize: ${adb_repchunksize}, rep_chunkcnt: ${adb_repchunkcnt}"
 }
 
 # source required system libraries
@@ -1715,11 +1790,9 @@ fi
 f_load
 case "${adb_action}" in
 	"stop")
-		f_report "+" "50" "false" "false"
 		f_rmdns
 	;;
 	"restart")
-		f_report "+" "50" "false" "false"
 		f_rmdns
 		f_env
 		f_main
@@ -1737,13 +1810,12 @@ case "${adb_action}" in
 		fi
 	;;
 	"report")
-		f_report "${2}" "${3}" "${4}" "${5}"
+		f_report "${2}" "${3}" "${4}"
 	;;
 	"query")
 		f_query "${2}"
 	;;
 	"start"|"reload")
-		f_report "+" "50" "false" "false"
 		f_env
 		f_main
 	;;

From d2febbe420b6e6f82763725b00ddf64b7d5945d7 Mon Sep 17 00:00:00 2001
From: Tianling Shen 
Date: Sun, 18 Apr 2021 03:17:10 +0800
Subject: [PATCH 075/221] yq: Update to 4.7.0

Signed-off-by: Tianling Shen 
---
 utils/yq/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/yq/Makefile b/utils/yq/Makefile
index 5cd6cee5ecdfd..50f4ae55ffbad 100644
--- a/utils/yq/Makefile
+++ b/utils/yq/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=yq
-PKG_VERSION:=4.6.3
+PKG_VERSION:=4.7.0
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=85d7e0cbc12ac690fd86e77bef7a7ce27e0969191a9b6d3bb491ec690659d681
+PKG_HASH:=d4984f8f8ac5151797c8cf9c6ab8b705958802721c4405ef8a99206dcd00dcb5
 
 PKG_MAINTAINER:=Tianling Shen 
 PKG_LICENSE:=MIT

From d4e151a5c7533c02c1b34180a835951a16db2eb3 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Sat, 17 Apr 2021 19:16:18 +0100
Subject: [PATCH 076/221] uvol: emmit ubus events and bring up volumes on boot

Emmit ubus events when volumes come up/down.
Make sure volume state is always well defined by introducing
additional state 'write-prepare' (wp) during mkfs.
Add init scripts to bring up volumes at boot.

Signed-off-by: Daniel Golle 
---
 utils/uvol/Makefile        |   5 +-
 utils/uvol/files/lvm.sh    |  68 ++++++++++++++++++++---
 utils/uvol/files/ubi.sh    | 108 ++++++++++++++++++++++++++++++-------
 utils/uvol/files/uvol      |   1 +
 utils/uvol/files/uvol.init |  18 +++++++
 5 files changed, 172 insertions(+), 28 deletions(-)
 create mode 100644 utils/uvol/files/uvol.init

diff --git a/utils/uvol/Makefile b/utils/uvol/Makefile
index 64fb0238dadb9..f470e51431f30 100644
--- a/utils/uvol/Makefile
+++ b/utils/uvol/Makefile
@@ -63,10 +63,11 @@ define Package/autopart/install
 endef
 
 define Package/uvol/install
-	$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/libexec/uvol
-	$(INSTALL_BIN) ./files/uvol $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/libexec/uvol $(1)/usr/sbin
+	$(INSTALL_BIN) ./files/uvol.init $(1)/etc/init.d/uvol
 	$(INSTALL_BIN) ./files/ubi.sh $(1)/usr/libexec/uvol/20-ubi.sh
 	$(INSTALL_BIN) ./files/lvm.sh $(1)/usr/libexec/uvol/50-lvm.sh
+	$(INSTALL_BIN) ./files/uvol $(1)/usr/sbin
 endef
 
 $(eval $(call BuildPackage,autopart))
diff --git a/utils/uvol/files/lvm.sh b/utils/uvol/files/lvm.sh
index 158ab1c83deac..4a20f628d19ca 100644
--- a/utils/uvol/files/lvm.sh
+++ b/utils/uvol/files/lvm.sh
@@ -30,6 +30,7 @@ lvm_cmd() {
 	local cmd="$1"
 	shift
 	LVM_SUPPRESS_FD_WARNINGS=1 lvm "$cmd" "$@"
+	return $?
 }
 
 pvs() {
@@ -109,19 +110,23 @@ exportvg() {
 	done
 }
 
+lv_active=
+lv_name=
 lv_full_name=
 lv_path=
 lv_dm_path=
 lv_size=
 exportlv() {
 	local reports rep lv lvs
+	lv_active=
+	lv_name=
 	lv_full_name=
 	lv_path=
 	lv_dm_path=
 	lv_size=
 	json_init
 
-	json_load "$(lvs -o lv_full_name,lv_size,lv_path,lv_dm_path -S "lv_name=~^[rw][ow]_$1\$ && vg_name=$vg_name")"
+	json_load "$(lvs -o lv_active,lv_name,lv_full_name,lv_size,lv_path,lv_dm_path -S "lv_name=~^[rw][owp]_$1\$ && vg_name=$vg_name")"
 	json_select report
 	json_get_keys reports
 	for rep in $reports; do
@@ -130,7 +135,7 @@ exportlv() {
 		json_get_keys lvs
 		for lv in $lvs; do
 			json_select "$lv"
-			json_get_vars lv_full_name lv_size lv_path lv_dm_path
+			json_get_vars lv_active lv_name lv_full_name lv_size lv_path lv_dm_path
 			lv_size=${lv_size%B}
 			json_select ..
 			break
@@ -153,12 +158,17 @@ getsize() {
 
 activatevol() {
 	exportlv "$1"
+	[ "$lv_path" ] || return 2
 	case "$lv_path" in
-		/dev/*/wo_*)
+		/dev/*/wo_*|\
+		/dev/*/wp_*)
 			return 22
 			;;
 		*)
-			lvm_cmd lvchange -a y "$lv_full_name"
+			[ "$lv_active" = "active" ] && return 0
+			lvm_cmd lvchange -a y "$lv_full_name" || return $?
+			lvm_cmd lvchange -k n "$lv_full_name" || return $?
+			ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"${lv_name:0:2}\", \"device\": \"$lv_dm_path\"}"
 			return 0
 			;;
 	esac
@@ -166,7 +176,20 @@ activatevol() {
 
 disactivatevol() {
 	exportlv "$1"
-	lvm_cmd lvchange -a n "$lv_full_name"
+	[ "$lv_path" ] || return 2
+	case "$lv_path" in
+		/dev/*/wo_*|\
+		/dev/*/wp_*)
+			return 22
+			;;
+		*)
+			[ "$lv_active" = "active" ] || return 0
+			lvm_cmd lvchange -a n "$lv_full_name" || return $?
+			lvm_cmd lvchange -k y "$lv_full_name" || return $?
+			ubus send block.volume "{\"name\": \"$1\", \"action\": \"down\", \"mode\": \"${lv_name:0:2}\", \"device\": \"$lv_dm_path\"}"
+			return 0
+			;;
+	esac
 }
 
 getstatus() {
@@ -192,14 +215,14 @@ createvol() {
 			;;
 		rw)
 			lvmode=rw
-			mode=rw
+			mode=wp
 			;;
 		*)
 			return 22
 			;;
 	esac
 
-	lvm_cmd lvcreate -p $lvmode -a n -y -W n -Z n -n "${mode}_${1}" -l "$size_ext" $vg_name
+	lvm_cmd lvcreate -p $lvmode -a n -y -W n -Z n -n "${mode}_$1" -l "$size_ext" $vg_name
 	ret=$?
 	if [ ! $ret -eq 0 ] || [ "$lvmode" = "r" ]; then
 		return $ret
@@ -212,6 +235,9 @@ createvol() {
 	else
 		mke2fs -F -L "$1" "$lv_path" || return 1
 	fi
+	lvm_cmd lvrename "$vg_name" "wp_$1" "rw_$1"
+	exportlv "$1"
+	ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"${lv_name:0:2}\", \"device\": \"$lv_dm_path\"}"
 	return 0
 }
 
@@ -219,6 +245,7 @@ removevol() {
 	exportlv "$1"
 	[ "$lv_full_name" ] || return 2
 	lvm_cmd lvremove -y "$lv_full_name"
+	ubus send block.volume "{\"name\": \"$1\", \"action\": \"down\", \"mode\": \"${lv_name:0:2}\", \"device\": \"$lv_dm_path\"}"
 }
 
 updatevol() {
@@ -231,6 +258,7 @@ updatevol() {
 			dd of=$lv_path
 			lvm_cmd lvchange -p r "$lv_full_name"
 			lvm_cmd lvrename "$lv_full_name" "${lv_full_name%%/*}/ro_$1"
+			ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"ro\", \"device\": \"$(getdev "$@")\"}"
 			return 0
 			;;
 		default)
@@ -264,6 +292,29 @@ listvols() {
 	done
 }
 
+boot() {
+	local reports rep lv lvs lv_name lv_dm_path lv_mode volname
+	json_init
+	json_load "$(lvs -o lv_name,lv_dm_path -S "lv_name=~^[rw][ow]_.*\$ && vg_name=$vg_name && lv_active=active")"
+	json_select report
+	json_get_keys reports
+	for rep in $reports; do
+		json_select "$rep"
+		json_select lv
+		json_get_keys lvs
+		for lv in $lvs; do
+			json_select "$lv"
+			json_get_vars lv_name lv_dm_path
+			lv_mode="${lv_name:0:2}"
+			lv_name="${lv_name:3}"
+			ubus send block.volume "{\"name\": \"$lv_name\", \"action\": \"up\", \"mode\": \"$lv_mode\", \"device\": \"$lv_dm_path\"}"
+			json_select ..
+		done
+		json_select ..
+		break
+	done
+}
+
 exportpv
 exportvg
 
@@ -277,6 +328,9 @@ case "$cmd" in
 	total)
 		totalbytes
 		;;
+	boot)
+		boot
+		;;
 	list)
 		listvols "$@"
 		;;
diff --git a/utils/uvol/files/ubi.sh b/utils/uvol/files/ubi.sh
index 7851a98df486d..0a1b73093cb43 100644
--- a/utils/uvol/files/ubi.sh
+++ b/utils/uvol/files/ubi.sh
@@ -31,8 +31,15 @@ getdev() {
 	local voldir volname devname
 	for voldir in /sys/devices/virtual/ubi/${ubidev}/${ubidev}_*; do
 		read volname < "${voldir}/name"
-		[ "$volname" = "uvol-ro-$1" ] || [ "$volname" = "uvol-wp-$1" ] || [ "$volname" = "uvol-rw-$1" ] || [ "$volname" = "uvol-wo-$1" ] || continue
-		basename "$voldir"
+		case "$volname" in
+			uvol-[rw][owpd]-$1)
+				basename "$voldir"
+				break
+				;;
+			*)
+				continue
+				;;
+		esac
 	done
 }
 
@@ -51,7 +58,9 @@ vol_is_mode() {
 getstatus() {
 	local voldev=$(getdev "$@")
 	[ "$voldev" ] || return 2
-	vol_is_mode $voldev wo && return 1
+	vol_is_mode $voldev wo && return 22
+	vol_is_mode $voldev wp && return 16
+	vol_is_mode $voldev wd && return 1
 	vol_is_mode $voldev ro && [ ! -e "/dev/ubiblock${voldev:3}" ] && return 1
 	return 0
 }
@@ -73,10 +82,17 @@ getuserdev() {
 	fi
 }
 
+mkubifs() {
+	local tmp_mp=$(mktemp -d)
+	mount -t ubifs $1 $tmp_mp
+	umount $tmp_mp
+	rmdir $tmp_mp
+}
+
 createvol() {
 	local mode ret
-	local existdev=$(getdev "$@")
-	[ "$existdev" ] && return 17
+	local voldev=$(getdev "$@")
+	[ "$voldev" ] && return 17
 	case "$3" in
 		ro|wo)
 			mode=wo
@@ -91,37 +107,61 @@ createvol() {
 	ubimkvol /dev/$ubidev -N "uvol-$mode-$1" -s "$2"
 	ret=$?
 	[ $ret -eq 0 ] || return $ret
-	ubiupdatevol -t /dev/$(getdev "$@")
+	voldev=$(getdev "$@")
+	ubiupdatevol -t /dev/$voldev
 	[ "$mode" = "wp" ] || return 0
-	local tmp_mp=$(mktemp -d)
-	mount -t ubifs /dev/$(getdev "$@") $tmp_mp
-	umount $tmp_mp
-	rmdir $tmp_mp
+	mkubifs /dev/$voldev
 	ubirename /dev/$ubidev uvol-wp-$1 uvol-rw-$1
+	ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"rw\", \"fstype\": \"ubifs\", \"device\": \"/dev/$voldev\"}"
 }
 
 removevol() {
 	local voldev=$(getdev "$@")
+	local evdata
 	[ "$voldev" ] || return 2
 	local volnum=${voldev#${ubidev}_}
-	ubirmvol /dev/$ubidev -n $volnum
+	if vol_is_mode $voldev rw ; then
+		evdata="{\"name\": \"$1\", \"action\": \"down\", \"device\": \"/dev/$voldev\"}"
+	elif vol_is_mode $voldev ro ; then
+		evdata="{\"name\": \"$1\", \"action\": \"down\", \"device\": \"/dev/ubiblock${voldev:3}\"}"
+	fi
+	ubirmvol /dev/$ubidev -n $volnum || return $?
+	ubus send block.volume "$evdata"
 }
 
 activatevol() {
 	local voldev=$(getdev "$@")
 	[ "$voldev" ] || return 2
-	vol_is_mode $voldev wo || return 1
-	vol_is_mode $voldev ro || return 0
-	[ -e "/dev/ubiblock${voldev:3}" ] && return 0
-	ubiblock --create /dev/$voldev
+	vol_is_mode $voldev rw && return 0
+	vol_is_mode $voldev wo && return 22
+	vol_is_mode $voldev wp && return 16
+	if vol_is_mode $voldev ro; then
+		[ -e "/dev/ubiblock${voldev:3}" ] && return 0
+		ubiblock --create /dev/$voldev
+		ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"ro\", \"device\": \"/dev/ubiblock${voldev:3}\"}"
+		return 0
+	elif vol_is_mode $voldev wd; then
+		ubirename /dev/$ubidev uvol-wd-$1 uvol-rw-$1
+		ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"rw\", \"fstype\": \"ubifs\", \"device\": \"/dev/$voldev\"}"
+		return 0
+	fi
 }
 
 disactivatevol() {
 	local voldev=$(getdev "$@")
 	[ "$voldev" ] || return 2
-	vol_is_mode $voldev ro || return 0
-	[ -e "/dev/ubiblock${voldev:3}" ] || return 0
-	ubiblock --remove /dev/$voldev
+	vol_is_mode $voldev wo && return 22
+	vol_is_mode $voldev wp && return 16
+	if vol_is_mode $voldev ro; then
+		[ -e "/dev/ubiblock${voldev:3}" ] || return 0
+		ubiblock --remove /dev/$voldev || return $?
+		ubus send block.volume "{\"name\": \"$1\", \"action\": \"down\", \"mode\": \"ro\", \"device\": \"/dev/ubiblock${voldev:3}\"}"
+		return 0
+	elif vol_is_mode $voldev rw; then
+		ubirename /dev/$ubidev uvol-rw-$1 uvol-wd-$1 || return $?
+		ubus send block.volume "{\"name\": \"$1\", \"action\": \"down\", \"mode\": \"rw\", \"device\": \"/dev/$voldev\"}"
+		return 0
+	fi
 }
 
 updatevol() {
@@ -131,6 +171,8 @@ updatevol() {
 	vol_is_mode $voldev wo || return 22
 	ubiupdatevol -s $2 /dev/$voldev -
 	ubirename /dev/$ubidev uvol-wo-$1 uvol-ro-$1
+	ubiblock --create /dev/$voldev
+	ubus send block.volume "{\"name\": \"$1\", \"action\": \"up\", \"mode\": \"ro\", \"device\": \"/dev/ubiblock${voldev:3}\"}"
 }
 
 listvols() {
@@ -138,7 +180,7 @@ listvols() {
 	for voldir in /sys/devices/virtual/ubi/${ubidev}/${ubidev}_*; do
 		read volname < $voldir/name
 		case "$volname" in
-			uvol-r[wo]*)
+			uvol-[rw][wod]*)
 				read volsize < $voldir/data_bytes
 				;;
 			*)
@@ -151,6 +193,31 @@ listvols() {
 	done
 }
 
+bootvols() {
+	local volname volmode volsize voldev fstype
+	for voldir in /sys/devices/virtual/ubi/${ubidev}/${ubidev}_*; do
+		read volname < $voldir/name
+		voldev=$(basename $voldir)
+		fstype=
+		case "$volname" in
+			uvol-ro-*)
+				voldev="/dev/ubiblock${voldev:3}"
+				ubiblock --create /dev/$voldev
+				;;
+			uvol-rw-*)
+				voldev="/dev/$voldev"
+				fstype="ubifs"
+				;;
+			*)
+				continue
+				;;
+		esac
+		volmode=${volname:5:2}
+		volname=${volname:8}
+		ubus send block.volume "{\"name\": \"$volname\", \"action\": \"up\", \"mode\": \"$volmode\",${fstype:+ \"fstype\": \"$fstype\", }\"device\": \"$voldev\"}"
+	done
+}
+
 case "$cmd" in
 	align)
 		echo "$ebsize"
@@ -161,6 +228,9 @@ case "$cmd" in
 	total)
 		totalbytes
 		;;
+	boot)
+		bootvols
+		;;
 	list)
 		listvols "$@"
 		;;
diff --git a/utils/uvol/files/uvol b/utils/uvol/files/uvol
index 0fea88f38ce7d..a095b3efff386 100644
--- a/utils/uvol/files/uvol
+++ b/utils/uvol/files/uvol
@@ -11,6 +11,7 @@ uvol storage volume manager
 syntax: uvol command ...
 
 commands:
+  boot				get active volumes ready (called on boot)
   free				show number of bytes available
   total				show total number of bytes
   align				show sector size in bytes
diff --git a/utils/uvol/files/uvol.init b/utils/uvol/files/uvol.init
new file mode 100644
index 0000000000000..7c290d732396c
--- /dev/null
+++ b/utils/uvol/files/uvol.init
@@ -0,0 +1,18 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+NAME=uvol
+PROG=/usr/sbin/uvol
+
+start_service() {
+	[ "${__BOOT_UVOL}" = "1" ] || return 0
+	procd_open_instance "$NAME"
+	procd_set_param command "$PROG" boot
+	procd_close_instance
+}
+
+boot() {
+	__BOOT_UVOL=1
+	start
+}

From 2633ad8eaff60aa0d7e3119cfbd1923baaa8179e Mon Sep 17 00:00:00 2001
From: Hannu Nyman 
Date: Sun, 18 Apr 2021 18:26:43 +0300
Subject: [PATCH 077/221] irqbalance: upgrade to version 1.8.0

Upgrade irqbalance to version 1.8.0

Signed-off-by: Hannu Nyman 
---
 utils/irqbalance/Makefile                                   | 6 +++---
 .../patches/110-fix-runtime-socket-directory.patch          | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/irqbalance/Makefile b/utils/irqbalance/Makefile
index 68196b657b1ac..2b00fe73edf44 100644
--- a/utils/irqbalance/Makefile
+++ b/utils/irqbalance/Makefile
@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=irqbalance
-PKG_VERSION:=1.7.0
+PKG_VERSION:=1.8.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/Irqbalance/irqbalance.git
-PKG_SOURCE_VERSION:=641edc6f5d56f1b3eb8be0fa8a8e9b6a22e53218
-PKG_MIRROR_HASH:=c5453159f4863f7a37a1afa170a5db475c866a5a34975bcc427a22a8b3b97701
+PKG_SOURCE_VERSION:=99ae256d02b35778b406e598beedc8d827cdac18
+PKG_MIRROR_HASH:=35a9607ccc7827209cbe5cfeb5d5354ad3c1f95ffdefa866a016758680a40b4e
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPLv2
 
diff --git a/utils/irqbalance/patches/110-fix-runtime-socket-directory.patch b/utils/irqbalance/patches/110-fix-runtime-socket-directory.patch
index fa54c46f2975e..036c7a476d00e 100644
--- a/utils/irqbalance/patches/110-fix-runtime-socket-directory.patch
+++ b/utils/irqbalance/patches/110-fix-runtime-socket-directory.patch
@@ -1,6 +1,6 @@
 --- a/irqbalance.h
 +++ b/irqbalance.h
-@@ -162,7 +162,7 @@ extern unsigned int log_mask;
+@@ -165,7 +165,7 @@ extern unsigned int log_mask;
  #endif /* HAVE_LIBSYSTEMD */
  
  #define SOCKET_PATH "irqbalance"

From 5641d4e56c7dad4fdb74cd7f105ca20b14d38e8f Mon Sep 17 00:00:00 2001
From: Josef Schlehofer 
Date: Sun, 18 Apr 2021 13:59:30 +0200
Subject: [PATCH 078/221] psmisc: move killall to /usr/libexec and add
 ALTERNATIVES
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently, this package can not be installed while using standard path
of busybox, because binary killall wants to be installed on the same
location as busybox.

Collision:
• /usr/bin/killall: busybox (new-file), psmisc (existing-file)

Many of these binaries, which provides alternatives were moved to
folder /usr/libexec like wget, sed, findutils, less.
So I moved killall to /usr/libexec and others leave in touch and added
ALTERNATIVES for it, because preinstall script is no longer necessary.

Signed-off-by: Josef Schlehofer 
---
 utils/psmisc/Makefile | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/utils/psmisc/Makefile b/utils/psmisc/Makefile
index df15609d56686..126edf4d40af1 100644
--- a/utils/psmisc/Makefile
+++ b/utils/psmisc/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=psmisc
 PKG_VERSION:=23.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@SF/psmisc
@@ -23,6 +23,7 @@ define Package/psmisc
   TITLE:=proc utilities
   URL:=https://gitlab.com/psmisc/psmisc/
   DEPENDS:=+libncurses
+  ALTERNATIVES:=300:/usr/bin/killall:/usr/libexec/killall
 endef
 
 define Package/psmisc/description
@@ -38,16 +39,11 @@ MAKE_FLAGS += \
 	CPPFLAGS="$(TARGET_CPPFLAGS)" \
 	LDFLAGS="$(TARGET_LDFLAGS)"
 
-define Package/psmisc/preinst
-#!/bin/sh
-if [ -e $${IPKG_INSTROOT}/usr/bin/killall ]; then
-  rm $${IPKG_INSTROOT}/usr/bin/killall;
-fi
-endef
-
 define Package/psmisc/install
 	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{fuser,killall,prtstat,pstree} $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{fuser,prtstat,pstree} $(1)/usr/bin
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/killall $(1)/usr/libexec
 endef
 
 $(eval $(call BuildPackage,psmisc))

From 760e9f2a22c5e9273688a723bb346017f2291a6e Mon Sep 17 00:00:00 2001
From: Philip Prindeville 
Date: Thu, 15 Apr 2021 17:55:55 -0600
Subject: [PATCH 079/221] strongswan: change name of config base directory

Signed-off-by: Philip Prindeville 
---
 net/strongswan/Makefile          | 2 +-
 net/strongswan/files/gencerts.sh | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index 3b45a2222f886..a66645a70027a 100644
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=5.9.2
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
diff --git a/net/strongswan/files/gencerts.sh b/net/strongswan/files/gencerts.sh
index 57dc0df6d6e3b..abd167b39d334 100755
--- a/net/strongswan/files/gencerts.sh
+++ b/net/strongswan/files/gencerts.sh
@@ -34,8 +34,8 @@ SHORT_DOMAIN="${DOMAIN%%.*}"
 ORG="$1"; shift
 
 # invariants...
-STRONGSWANDIR=/etc
-SWANCTL_DIR=$STRONGSWANDIR/swanctl
+SYSCONFDIR=/etc
+SWANCTL_DIR="$SYSCONFDIR/swanctl"
 : ${KEYINFO:="rsa:4096"}
 : ${CADAYS:=3650}
 : ${CRTDAYS:=730}
@@ -140,7 +140,7 @@ ROOTDN="$(makeDN "$C" "$ORG" "Root CA")"
 
 [ -f "$SWANCTL_DIR/x509ca/$SHORT_DOMAIN.crt" ] || genca
 
-PARENT="$STRONGSWANDIR"
+PARENT="$SYSCONFDIR"
 BASEDIR="${SWANCTL_DIR##$PARENT/}"
 
 for name in "$@"; do

From 44e5d03da587ed92ff9d012f34c5a6b2cf7014a4 Mon Sep 17 00:00:00 2001
From: Olivier Poitrey 
Date: Mon, 19 Apr 2021 22:50:28 +0000
Subject: [PATCH 080/221] nextdns: Update to version 1.31.3

Signed-off-by: Olivier Poitrey 
---
 net/nextdns/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile
index 4a2c22d6a68bd..0f5695a56641a 100644
--- a/net/nextdns/Makefile
+++ b/net/nextdns/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nextdns
-PKG_VERSION:=1.11.0
+PKG_VERSION:=1.31.3
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=3653c320504d20032dd844bd20a7629a3e6eba589bac552218ddfe826f3ce481
+PKG_MIRROR_HASH:=ecce225ef5d303965f654990840e5f8c7b7a94eb434597f23abb6a5229dd9cd4
 
 PKG_MAINTAINER:=Olivier Poitrey 
 PKG_LICENSE:=MIT

From f98aa2468bcc3412faa819967f545e370dc88d3b Mon Sep 17 00:00:00 2001
From: Olivier Poitrey 
Date: Mon, 19 Apr 2021 23:23:41 +0000
Subject: [PATCH 081/221] nextdns: Update to version 1.12.3

Signed-off-by: Olivier Poitrey 
---
 net/nextdns/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile
index 0f5695a56641a..b29a8653cf08f 100644
--- a/net/nextdns/Makefile
+++ b/net/nextdns/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nextdns
-PKG_VERSION:=1.31.3
+PKG_VERSION:=1.12.3
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=ecce225ef5d303965f654990840e5f8c7b7a94eb434597f23abb6a5229dd9cd4
+PKG_MIRROR_HASH:=a8aab394d717a838345413323341767650d3171c0336e14ddf90f3ec826ba7e2
 
 PKG_MAINTAINER:=Olivier Poitrey 
 PKG_LICENSE:=MIT

From ffbdb09eb8ebfa83bf57321174c806095d221394 Mon Sep 17 00:00:00 2001
From: Olivier Poitrey 
Date: Tue, 20 Apr 2021 01:38:39 +0000
Subject: [PATCH 082/221] nextdns: Update to version 1.12.5

Signed-off-by: Olivier Poitrey 
---
 net/nextdns/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile
index b29a8653cf08f..6026d50707073 100644
--- a/net/nextdns/Makefile
+++ b/net/nextdns/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nextdns
-PKG_VERSION:=1.12.3
+PKG_VERSION:=1.12.5
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=a8aab394d717a838345413323341767650d3171c0336e14ddf90f3ec826ba7e2
+PKG_MIRROR_HASH:=5fd274c7b26e1d9c8fbb20802cd186fa40c35e832fddc8ea8960139f82c21743
 
 PKG_MAINTAINER:=Olivier Poitrey 
 PKG_LICENSE:=MIT

From dae43a3128be9c8a14db41e037dbd89507320134 Mon Sep 17 00:00:00 2001
From: Alexander Ryzhov 
Date: Sun, 18 Apr 2021 13:57:14 +0300
Subject: [PATCH 083/221] libtalloc: add Python3/host dependency Otherwise,
 Package/Configure won't find distutils module from python3/host

Signed-off-by: Alexander Ryzhov 
---
 libs/libtalloc/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libs/libtalloc/Makefile b/libs/libtalloc/Makefile
index 6f3bc133b1f06..a1209784fc99c 100644
--- a/libs/libtalloc/Makefile
+++ b/libs/libtalloc/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=talloc
 PKG_VERSION:=2.3.1
 MAJOR_VERSION:=2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.samba.org/ftp/talloc
@@ -18,6 +18,7 @@ PKG_MAINTAINER:=Ted Hess 
 PKG_LICENSE:=LGPL-3.0-or-later
 
 PKG_BUILD_PARALLEL:=0
+PKG_BUILD_DEPENDS:=python3/host
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/kernel.mk

From 4adfbe001e6fc2dd3f029064e1087897e8b33667 Mon Sep 17 00:00:00 2001
From: Aaron Curley 
Date: Sun, 4 Apr 2021 12:24:07 -0700
Subject: [PATCH 084/221] udp-broadcast-relay-redux: Add package

This commit is largely based on the work from Daniel Dickinson in
PR #2096 which was never merged. I tweaked it in a number of ways.
All bugs with this package are mine, not his.

Signed-off-by: Aaron Curley 
---
 .../Makefile                                  | 49 ++++++++++++
 .../files/udp-broadcast-relay-redux.init      | 76 +++++++++++++++++++
 .../files/udp_broadcast_relay_redux.config    |  6 ++
 3 files changed, 131 insertions(+)
 create mode 100644 net/udp-broadcast-relay-redux-openwrt/Makefile
 create mode 100644 net/udp-broadcast-relay-redux-openwrt/files/udp-broadcast-relay-redux.init
 create mode 100644 net/udp-broadcast-relay-redux-openwrt/files/udp_broadcast_relay_redux.config

diff --git a/net/udp-broadcast-relay-redux-openwrt/Makefile b/net/udp-broadcast-relay-redux-openwrt/Makefile
new file mode 100644
index 0000000000000..f3854fb809ffe
--- /dev/null
+++ b/net/udp-broadcast-relay-redux-openwrt/Makefile
@@ -0,0 +1,49 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=udp-broadcast-relay-redux
+PKG_RELEASE:=$(AUTORELEASE)
+PKG_LICENSE:=GPL-2.0
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/udp-redux/udp-broadcast-relay-redux
+PKG_SOURCE_DATE:=2021-04-05
+PKG_SOURCE_VERSION:=671372938b55a186625a80516f86e8b9948c977a
+PKG_MIRROR_HASH:=11cf8728f2b8e966f4f57032d817a889f680ed8e61afff35b52ca9c6789a03c6
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/udp-broadcast-relay-redux
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Routing and Redirection
+  TITLE:=listens for packets on a specified UDP broadcast port and replays them
+  URL:=https://github.com/udp-redux/udp-broadcast-relay-redux
+endef
+
+define Package/udp-broadcast-relay-redux/description
+	This program listens for packets on a specified UDP broadcast port.
+	When a packet is received, it sends that packet to all specified interfaces but
+	the one it came from as though it originated from the original sender.
+	The primary purpose of this is to allow games on machines on separated
+	local networks (Ethernet, WLAN) that use udp broadcasts to find each other to do so.
+	It also works on ppp links, so you can log in from windows boxes (e.g. using pptp)
+	and play LAN-based games together. Currently, you have to care about upcoming or
+	downgoing interfaces yourself.
+endef
+
+define Package/udp-broadcast-relay-redux/conffiles
+/etc/config/udp_broadcast_relay_redux
+endef
+
+define Build/Compile
+	$(TARGET_CC) $(TARGET_CFLAGS) $(PKG_BUILD_DIR)/main.c -o $(PKG_BUILD_DIR)/$(PKG_NAME)
+endef
+
+define Package/udp-broadcast-relay-redux/install
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/config $(1)/etc/init.d
+	$(CP) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/usr/sbin/
+	$(INSTALL_CONF) ./files/udp_broadcast_relay_redux.config $(1)/etc/config/udp_broadcast_relay_redux
+	$(INSTALL_BIN) ./files/udp-broadcast-relay-redux.init $(1)/etc/init.d/udp-broadcast-relay-redux
+endef
+
+$(eval $(call BuildPackage,udp-broadcast-relay-redux))
diff --git a/net/udp-broadcast-relay-redux-openwrt/files/udp-broadcast-relay-redux.init b/net/udp-broadcast-relay-redux-openwrt/files/udp-broadcast-relay-redux.init
new file mode 100644
index 0000000000000..aa35f55462287
--- /dev/null
+++ b/net/udp-broadcast-relay-redux-openwrt/files/udp-broadcast-relay-redux.init
@@ -0,0 +1,76 @@
+#!/bin/sh /etc/rc.common
+
+START=90
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/udp-broadcast-relay-redux
+NAME=udp-broadcast-relay-redux
+PIDCOUNT=0
+
+validate_section_udp_broadcast_relay_redux()
+{
+    uci_validate_section udp_broadcast_relay_redux udp_broadcast_relay_redux "${1}" \
+	'id:uinteger' \
+	'port:port' \
+	'network:list(string)' \
+	'src_override:ip4addr' \
+	'dest_override:ip4addr'
+
+    [ -z "$id" ] && return 1
+
+    [ -z "$network" ] && return 1
+
+    [ -z "$port" ] && return 1
+
+    return 0
+}
+
+udp_broadcast_relay_redux_instance() {
+    local net network ifname id port src_override dest_override
+
+    validate_section_udp_broadcast_relay_redux "${1}" || {
+	echo "Validation failed"
+	return 1
+    }
+
+    PIDCOUNT="$((PIDCOUNT + 1))"
+
+    procd_open_instance
+    procd_set_param command "$PROG" "--id" "${id}" "--port" "${port}"
+
+    for net in $network; do
+	network_get_device ifname "$net"
+	if [ -z "$ifname" ]; then
+	    network_get_physdev ifname "$net"
+	fi
+	if [ -n "$ifname" ]; then
+	    procd_append_param command "--dev" "$ifname"
+	    procd_append_param netdev "$ifname"
+	fi
+    done
+
+    if [ -n "$src_override" ] ; then
+        procd_append_param command "-s" "$src_override"
+    fi
+
+    if [ -n "$dest_override" ] ; then
+        procd_append_param command "-t" "$dest_override"
+    fi
+
+    procd_add_jail ubr-${PIDCOUNT}
+    procd_close_instance
+}
+
+start_service() {
+    . /lib/functions.sh
+    . /lib/functions/network.sh
+
+    config_load udp_broadcast_relay_redux
+    config_foreach udp_broadcast_relay_redux_instance udp_broadcast_relay_redux
+}
+
+service_triggers() {
+    procd_add_reload_trigger "udp_broadcast_relay_redux"
+    procd_add_validation validate_section_udp_broadcast_relay_redux
+}
diff --git a/net/udp-broadcast-relay-redux-openwrt/files/udp_broadcast_relay_redux.config b/net/udp-broadcast-relay-redux-openwrt/files/udp_broadcast_relay_redux.config
new file mode 100644
index 0000000000000..f7164bd680942
--- /dev/null
+++ b/net/udp-broadcast-relay-redux-openwrt/files/udp_broadcast_relay_redux.config
@@ -0,0 +1,6 @@
+#config udp_broadcast_relay_redux
+#       option id 1
+#       option port 47624
+#       list network lan
+#       list network vpnsrv
+#       option dest_override 10.66.2.13

From 57858baa152adecea49be6b1e4ac377f61ef291a Mon Sep 17 00:00:00 2001
From: Jakov Petrina 
Date: Tue, 20 Apr 2021 10:08:19 +0200
Subject: [PATCH 085/221] uci2: update revision

Signed-off-by: Jakov Petrina 
---
 libs/uci2/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/uci2/Makefile b/libs/uci2/Makefile
index 3f1b5f0a3a14a..6c1dbf23d5523 100644
--- a/libs/uci2/Makefile
+++ b/libs/uci2/Makefile
@@ -6,8 +6,8 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://github.com/sartura/uci2.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=89056741c0c4048dafa822fef228c555fc41deff
-PKG_MIRROR_HASH:=e376e8aec6054405a2e9616a1dc51b86d68d6cfac87d84e8a98ea1714883dfaf
+PKG_SOURCE_VERSION:=24b7471a0aead99115c189f04236f5fe52492579
+PKG_MIRROR_HASH:=ea8f4627163ce40f62393a87a0155869f034bb78c9f7fb644f18461cbdaf5333
 
 PKG_MAINTAINER:=Jakov Petrina 
 PKG_LICENSE:=BSD-3-Clause

From 3c9c59b957dee96802433cf52c8f27f9a3da1c3c Mon Sep 17 00:00:00 2001
From: Rosen Penev 
Date: Mon, 19 Apr 2021 18:28:14 -0700
Subject: [PATCH 086/221] generate-ipv6-address: fix PIC compilation

This is a single C file. Don't bother using the Makefile.

Signed-off-by: Rosen Penev 
---
 ipv6/generate-ipv6-address/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ipv6/generate-ipv6-address/Makefile b/ipv6/generate-ipv6-address/Makefile
index 0d696d1ad7964..701b3c78d15db 100644
--- a/ipv6/generate-ipv6-address/Makefile
+++ b/ipv6/generate-ipv6-address/Makefile
@@ -7,7 +7,6 @@ PKG_RELEASE:=$(AUTORELEASE)
 PKG_SOURCE:=generate-ipv6-address-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.irif.fr/~jch/software/files/
 PKG_HASH:=e1356d245d5f891fa39b796a8a2deefdaa89f08130dc97a378738ca5ed9a20fa
-PKG_INSTALL:=1
 
 PKG_MAINTAINER:=Nick Hainke 
 PKG_LICENSE:=MIT
@@ -27,12 +26,13 @@ define Package/generate-ipv6-address/description
  address (an Ethernet hardware address) or a randomly drawn host number.
 endef
 
-MAKE_FLAGS += \
-	PREFIX="$(PKG_INSTALL_DIR)/usr"
+define Build/Compile
+	$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) $(PKG_BUILD_DIR)/generate-ipv6-address.c -o $(PKG_BUILD_DIR)/generate-ipv6-address
+endef
 
 define Package/generate-ipv6-address/install
 	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/generate-ipv6-address $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/generate-ipv6-address $(1)/usr/bin/
 endef
 
 $(eval $(call BuildPackage,generate-ipv6-address))

From dda4d538bacbfad0eecf80c072fab236b74dbd05 Mon Sep 17 00:00:00 2001
From: Oskari Rauta 
Date: Wed, 21 Apr 2021 02:26:53 +0300
Subject: [PATCH 087/221] cni-plugins-nft: add new package

Signed-off-by: Oskari Rauta 
---
 utils/cni-plugins-nft/Makefile | 50 ++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 utils/cni-plugins-nft/Makefile

diff --git a/utils/cni-plugins-nft/Makefile b/utils/cni-plugins-nft/Makefile
new file mode 100644
index 0000000000000..f00b0e1609fb4
--- /dev/null
+++ b/utils/cni-plugins-nft/Makefile
@@ -0,0 +1,50 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=cni-plugins-nft
+PKG_VERSION:=1.0.5
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/greenpau/cni-plugins/archive/v$(PKG_VERSION)
+PKG_HASH:=c8cbdfe43c144cf0df834555698312e8fd3daf6f2c5ac35e7959b90b91b154ad
+
+PKG_MAINTAINER:=Oskari Rauta 
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/greenpau/cni-plugins/
+GO_PKG_BUILD_PKG:=github.com/greenpau/cni-plugins/cmd/cni-nftables-portmap \
+		github.com/greenpau/cni-plugins/cmd/cni-nftables-firewall
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)"
+
+define Package/cni-plugins-nft
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=CNI Plugins compatible with nftables
+  URL:=https://github.com/greenpau/cni-plugins/
+  DEPENDS:=$(GO_ARCH_DEPENDS) +nftables
+endef
+
+define Package/cni-plugins-nft/description
+  CNI Plugins maintained by the CNI team do not support nftables, except when used with systemd.
+  These plugins do.
+    - cni-nftables-portmap
+    - cni-nftables-firewall
+endef
+
+define Package/cni-plugins-nft/install
+	$(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
+	$(INSTALL_DIR) $(1)/usr/lib/cni
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/lib/cni
+endef
+
+$(eval $(call GoBinPackage,cni-plugins-nft))
+$(eval $(call BuildPackage,cni-plugins-nft))

From b87bc3811bb7848c5f3d3a35f0064ca530ee3582 Mon Sep 17 00:00:00 2001
From: Carlos Miguel Ferreira 
Date: Tue, 20 Apr 2021 13:55:57 +0100
Subject: [PATCH 088/221] boost: Bump to version 1.76.0

This commit updates boost to version 1.76.0

There are no new libraries in this version

More info about Boost 1.76.0 can be found at the usual place [1].

Note: This package update includes a fix merged to Boost.Fiber in [2]
which did not make into this version but it will be present in the next
one. For now, the patch is needed, but it will be removed in version
1.77.0

[1]: https://www.boost.org/users/history/version_1_76_0.html
[2]: https://github.com/boostorg/fiber/pull/276

Signed-off-by: Carlos Miguel Ferreira 
---
 libs/boost/Makefile                           | 12 ++--
 ...s64-fiber.patch => 010-mips64-fiber.patch} |  2 +-
 libs/boost/patches/010-mips64.patch           | 70 -------------------
 3 files changed, 7 insertions(+), 77 deletions(-)
 rename libs/boost/patches/{020-mips64-fiber.patch => 010-mips64-fiber.patch} (85%)
 delete mode 100644 libs/boost/patches/010-mips64.patch

diff --git a/libs/boost/Makefile b/libs/boost/Makefile
index 04052dcbbfcb4..16b06ac0c8c48 100644
--- a/libs/boost/Makefile
+++ b/libs/boost/Makefile
@@ -11,13 +11,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=boost
-PKG_VERSION:=1.75.0
-PKG_SOURCE_VERSION:=1_75_0
-PKG_RELEASE:=3
+PKG_VERSION:=1.76.0
+PKG_SOURCE_VERSION:=1_76_0
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)_$(PKG_SOURCE_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/$(PKG_NAME)/$(PKG_NAME)/$(PKG_VERSION) https://dl.bintray.com/boostorg/release/$(PKG_VERSION)/source/
-PKG_HASH:=953db31e016db7bb207f11432bef7df100516eeb746843fa0486a222e3fd49cb
+PKG_HASH:=f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41
 
 PKG_MAINTAINER:=Carlos M. Ferreira 
 PKG_LICENSE:=BSL-1.0
@@ -42,7 +42,7 @@ define Package/boost/Default
 endef
 
 define Package/boost/description
-This package provides the Boost v1.75.0 libraries.
+This package provides the Boost v1.76.0 libraries.
 Boost is a set of free, peer-reviewed, portable C++ source libraries.
 
 This package provides the following run-time libraries:
@@ -77,7 +77,7 @@ This package provides the following run-time libraries:
  - wave
 
 There are many more header-only libraries supported by Boost.
-See more at http://www.boost.org/doc/libs/1_75_0/
+See more at http://www.boost.org/doc/libs/1_76_0/
 endef
 
 PKG_BUILD_DEPENDS:=boost/host
diff --git a/libs/boost/patches/020-mips64-fiber.patch b/libs/boost/patches/010-mips64-fiber.patch
similarity index 85%
rename from libs/boost/patches/020-mips64-fiber.patch
rename to libs/boost/patches/010-mips64-fiber.patch
index 10d46d88b25a0..768c4b21b3752 100644
--- a/libs/boost/patches/020-mips64-fiber.patch
+++ b/libs/boost/patches/010-mips64-fiber.patch
@@ -4,7 +4,7 @@
  # else
  #  define cpu_relax() asm volatile ("nop" ::: "memory");
  # endif
--#elif BOOST_ARCH_MIPS && (__mips_isa_rev > 1)
+-#elif BOOST_ARCH_MIPS && (__mips_isa_rev > 1) && !defined(_MIPS_ARCH_OCTEONP)
 +#elif BOOST_ARCH_MIPS && (((__mips_isa_rev > 1) && defined(__mips32)) || ((__mips_isa_rev > 2)  && defined(__mips64)))
  # define cpu_relax() asm volatile ("pause" ::: "memory");
  #elif BOOST_ARCH_PPC
diff --git a/libs/boost/patches/010-mips64.patch b/libs/boost/patches/010-mips64.patch
deleted file mode 100644
index 513e206b4d6b4..0000000000000
--- a/libs/boost/patches/010-mips64.patch
+++ /dev/null
@@ -1,70 +0,0 @@
---- a/libs/context/src/asm/jump_mips64_n64_elf_gas.S
-+++ b/libs/context/src/asm/jump_mips64_n64_elf_gas.S
-@@ -67,7 +67,7 @@ jump_fcontext:
-     sd  $ra, 144($sp) # save RA
-     sd  $ra, 152($sp) # save RA as PC
- 
--
-+#if defined(__mips_hard_float)
-     s.d  $f24, 0($sp)   # save F24
-     s.d  $f25, 8($sp)   # save F25
-     s.d  $f26, 16($sp)  # save F26
-@@ -76,6 +76,7 @@ jump_fcontext:
-     s.d  $f29, 40($sp)  # save F29
-     s.d  $f30, 48($sp)  # save F30
-     s.d  $f31, 56($sp)  # save F31
-+#endif
- 
-     # store SP (pointing to old context-data) in v0 as return
-     move  $v0, $sp
-@@ -83,6 +84,7 @@ jump_fcontext:
-     # get SP (pointing to new context-data) from a0 param
-     move  $sp, $a0
- 
-+#if defined(__mips_hard_float)
-     l.d  $f24, 0($sp)   # restore F24
-     l.d  $f25, 8($sp)   # restore F25
-     l.d  $f26, 16($sp)  # restore F26
-@@ -91,6 +93,7 @@ jump_fcontext:
-     l.d  $f29, 40($sp)  # restore F29
-     l.d  $f30, 48($sp)  # restore F30
-     l.d  $f31, 56($sp)  # restore F31
-+#endif
- 
-     ld  $s0, 64($sp)  # restore S0
-     ld  $s1, 72($sp)  # restore S1
---- a/libs/context/src/asm/ontop_mips64_n64_elf_gas.S
-+++ b/libs/context/src/asm/ontop_mips64_n64_elf_gas.S
-@@ -67,7 +67,7 @@ ontop_fcontext:
-     sd  $ra, 144($sp) # save RA
-     sd  $ra, 152($sp) # save RA as PC
- 
--
-+#if defined(__mips_hard_float)
-     s.d  $f24, 0($sp)   # save F24
-     s.d  $f25, 8($sp)   # save F25
-     s.d  $f26, 16($sp)  # save F26
-@@ -76,6 +76,7 @@ ontop_fcontext:
-     s.d  $f29, 40($sp)  # save F29
-     s.d  $f30, 48($sp)  # save F30
-     s.d  $f31, 56($sp)  # save F31
-+#endif
- 
-     # store SP (pointing to context-data) in t0
-     move  $t0, $sp
-@@ -83,6 +84,7 @@ ontop_fcontext:
-     # restore SP (pointing to context-data) from a0
-     move  $sp, $a0
- 
-+#if defined(__mips_hard_float)
-     l.d  $f24, 0($sp)   # restore F24
-     l.d  $f25, 8($sp)   # restore F25
-     l.d  $f26, 16($sp)  # restore F26
-@@ -91,6 +93,7 @@ ontop_fcontext:
-     l.d  $f29, 40($sp)  # restore F29
-     l.d  $f30, 48($sp)  # restore F30
-     l.d  $f31, 56($sp)  # restore F31
-+#endif
- 
-     ld  $s0, 64($sp)  # restore S0
-     ld  $s1, 72($sp)  # restore S1

From 15a5fc92f9b59fa555690b9e83f33693320bdfb6 Mon Sep 17 00:00:00 2001
From: Oskari Rauta 
Date: Wed, 21 Apr 2021 00:18:27 +0300
Subject: [PATCH 089/221] podman: update to 3.1.1

 - Add support for AppArmor
 - Gracefully stop containers and pods on shutdown

I found out that If you change location of containers to persistent storage instead of tmpfs, starting them will fail unless they have been stopped. If this is the case that reboot has occurred before pods and containers have been stopped, they cannot be started, they have to be removed and re-created. Change in initscript tries to avoid that. Even if containers are running at tmpfs, this won't hurt. Still, if something happens and system hangs/reboots/etc, script won't save you from that. It's just a attempt to make things better.
I also enabled AppArmor support for future possibilities.

Signed-off-by: Oskari Rauta 
---
 utils/podman/Makefile          | 10 +++++-----
 utils/podman/files/podman.init |  6 ++++++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/utils/podman/Makefile b/utils/podman/Makefile
index 5c9744a444971..c97ba3e229338 100644
--- a/utils/podman/Makefile
+++ b/utils/podman/Makefile
@@ -1,9 +1,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podman
-PKG_VERSION:=3.0.1
+PKG_VERSION:=3.1.1
 PKG_RELEASE:=$(AUTORELEASE)
-PKG_HASH:=259e682d6e90595573fe8880e0252cc8b08c813e19408b911c43383a6edd6852
+PKG_HASH:=4e6fb106c6363566b6edc4ac6caee0bdf6b788e01255c3b3bfcb64f4b6842229
 
 PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -17,7 +17,7 @@ PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 
 GO_PKG:=github.com/containers/podman/
-GO_PKG_BUILD_PKG:=github.com/containers/podman/v2/cmd/podman/
+GO_PKG_BUILD_PKG:=github.com/containers/podman/v3/cmd/podman/
 
 include $(INCLUDE_DIR)/package.mk
 include ../../lang/golang/golang-package.mk
@@ -79,9 +79,9 @@ endef
 Package/podman-selinux/conffiles = $(Package/podman/conffiles)
 
 ifeq ($(BUILD_VARIANT),selinux)
-  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,selinux
+  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,selinux,apparmor
 else
-  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper
+  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,apparmor
 endif
 
 define Build/Prepare
diff --git a/utils/podman/files/podman.init b/utils/podman/files/podman.init
index 1df70407f9a69..fe85646e77a18 100755
--- a/utils/podman/files/podman.init
+++ b/utils/podman/files/podman.init
@@ -1,6 +1,7 @@
 #!/bin/sh /etc/rc.common
 
 START=99
+STOP=10
 USE_PROCD=1
 NAME=podman
 PROG=/usr/bin/podman
@@ -12,3 +13,8 @@ start_service() {
 	procd_append_param command $command
 	procd_close_instance
 }
+
+shutdown() {
+	${PROG} pod stop -a
+	${PROG} container stop -a
+}

From a5580919ea787b9fc2cd4b00cfa54f8d2c92edc1 Mon Sep 17 00:00:00 2001
From: Olivier Poitrey 
Date: Tue, 20 Apr 2021 15:08:38 +0000
Subject: [PATCH 090/221] nextdns: Update to version 1.32.0

Signed-off-by: Olivier Poitrey 
---
 net/nextdns/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile
index 6026d50707073..08ca986e94538 100644
--- a/net/nextdns/Makefile
+++ b/net/nextdns/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nextdns
-PKG_VERSION:=1.12.5
+PKG_VERSION:=1.32.0
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=5fd274c7b26e1d9c8fbb20802cd186fa40c35e832fddc8ea8960139f82c21743
+PKG_MIRROR_HASH:=b48a8be602025d3cbcd087717065e1fd2b37040fab6e769c40e658a647b3657b
 
 PKG_MAINTAINER:=Olivier Poitrey 
 PKG_LICENSE:=MIT

From ef23f50c973cdfc21ca4392341e3b27bbd8dbec9 Mon Sep 17 00:00:00 2001
From: Sibren Vasse 
Date: Mon, 19 Apr 2021 15:35:48 +0200
Subject: [PATCH 091/221] openssh: update to 8.6p1

Signed-off-by: Sibren Vasse 
---
 net/openssh/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index 94ab2c3113daa..d6c649a388708 100644
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
-PKG_VERSION:=8.5p1
+PKG_VERSION:=8.6p1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		https://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/
-PKG_HASH:=f52f3f41d429aa9918e38cf200af225ccdd8e66f052da572870c89737646ec25
+PKG_HASH:=c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae
 
 PKG_LICENSE:=BSD ISC
 PKG_LICENSE_FILES:=LICENCE

From fb4ee87e45a8a532784b11ced039a606a9d97141 Mon Sep 17 00:00:00 2001
From: Oskari Rauta 
Date: Wed, 21 Apr 2021 03:19:14 +0300
Subject: [PATCH 092/221] mtools: add new package

Signed-off-by: Oskari Rauta 
---
 utils/mtools/Makefile | 70 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 utils/mtools/Makefile

diff --git a/utils/mtools/Makefile b/utils/mtools/Makefile
new file mode 100644
index 0000000000000..66400e5b5b088
--- /dev/null
+++ b/utils/mtools/Makefile
@@ -0,0 +1,70 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=mtools
+PKG_VERSION:=4.0.26
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=@GNU/mtools
+PKG_HASH:=539f1c8b476a16e198d8bcb10a5799e22e69de49d854f7dbd85b64c2a45dea1a
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_MAINTAINER:=Oskari Rauta 
+PKG_LICENSE:=GPL-3.0-only
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/mtools
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=Disc
+  TITLE:=Collection of utilities to access MS-DOS disks
+  URL:=https://www.gnu.org/software/mtools
+  DEPENDS:=+libbsd
+endef
+
+define Package/mtools/description
+  Mtools is a collection of utilities to access MS-DOS disks from GNU and Unix without mounting them.
+endef
+
+define Package/mtools/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/amuFormat.sh $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mcheck $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mcomp $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mkmanifest $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mtools $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mxtar $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tgz $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/uz $(1)/usr/bin/
+	$(LN) uz $(1)/usr/bin/lz
+	$(LN) mtools $(1)/usr/bin/mattrib
+	$(LN) mtools $(1)/usr/bin/mbadblock
+	$(LN) mtools $(1)/usr/bin/mcat
+	$(LN) mtools $(1)/usr/bin/mcd
+	$(LN) mtools $(1)/usr/bin/mclasserase
+	$(LN) mtools $(1)/usr/bin/mcopy
+	$(LN) mtools $(1)/usr/bin/mdel
+	$(LN) mtools $(1)/usr/bin/mdeltree
+	$(LN) mtools $(1)/usr/bin/mdir
+	$(LN) mtools $(1)/usr/bin/mdu
+	$(LN) mtools $(1)/usr/bin/mformat
+	$(LN) mtools $(1)/usr/bin/minfo
+	$(LN) mtools $(1)/usr/bin/mlabel
+	$(LN) mtools $(1)/usr/bin/mmd
+	$(LN) mtools $(1)/usr/bin/mmount
+	$(LN) mtools $(1)/usr/bin/mmove
+	$(LN) mtools $(1)/usr/bin/mpartition
+	$(LN) mtools $(1)/usr/bin/mrd
+	$(LN) mtools $(1)/usr/bin/mren
+	$(LN) mtools $(1)/usr/bin/mshortname
+	$(LN) mtools $(1)/usr/bin/mshowfat
+	$(LN) mtools $(1)/usr/bin/mtoolstest
+	$(LN) mtools $(1)/usr/bin/mtype
+	$(LN) mtools $(1)/usr/bin/mzip
+endef
+
+$(eval $(call BuildPackage,mtools))

From 6fb4209a9bce9dde509cacc0496410882d1b2333 Mon Sep 17 00:00:00 2001
From: Florian Eckert 
Date: Mon, 19 Apr 2021 16:45:19 +0200
Subject: [PATCH 093/221] stunnel: update to 5.59

Signed-off-by: Florian Eckert 
---
 net/stunnel/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/stunnel/Makefile b/net/stunnel/Makefile
index 987b5c76c170d..7c21f5ae4b770 100644
--- a/net/stunnel/Makefile
+++ b/net/stunnel/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stunnel
-PKG_VERSION:=5.58
+PKG_VERSION:=5.59
 PKG_RELEASE:=1
 
 PKG_LICENSE:=GPL-2.0-or-later
@@ -23,7 +23,7 @@ PKG_SOURCE_URL:= \
 	https://www.usenix.org.uk/mirrors/stunnel/archive/$(word 1, $(subst .,$(space),$(PKG_VERSION))).x/
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=d4c14cc096577edca3f6a2a59c2f51869e35350b3988018ddf808c88e5973b79
+PKG_HASH:=137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f
 
 PKG_FIXUP:=autoreconf
 PKG_FIXUP:=patch-libtool

From 49f6eaa162c657f5ba97bcee06a0052fc15f56cf Mon Sep 17 00:00:00 2001
From: Gerard Ryan 
Date: Wed, 21 Apr 2021 21:00:07 +1000
Subject: [PATCH 094/221] containerd: Updated to 1.4.4 for docker 20.10.6

Signed-off-by: Gerard Ryan 
---
 utils/containerd/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/containerd/Makefile b/utils/containerd/Makefile
index 3ab6499941b1d..60f5f09e715cd 100644
--- a/utils/containerd/Makefile
+++ b/utils/containerd/Makefile
@@ -1,15 +1,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=containerd
-PKG_VERSION:=1.4.3
-PKG_RELEASE:=4
+PKG_VERSION:=1.4.4
+PKG_RELEASE:=1
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/containerd/containerd/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018
-PKG_SOURCE_VERSION:=269548fa27e0089a8b8278fc4fc781d7f65a939b
+PKG_HASH:=ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1
+PKG_SOURCE_VERSION:=05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 
 PKG_MAINTAINER:=Gerard Ryan 
 

From 6dd14fd36526f04c473fe087207098a2e38cf21e Mon Sep 17 00:00:00 2001
From: Gerard Ryan 
Date: Wed, 21 Apr 2021 21:01:36 +1000
Subject: [PATCH 095/221] libnetwork: Updated to 2021-01-26 for docker 20.10.6

Signed-off-by: Gerard Ryan 
---
 utils/libnetwork/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/libnetwork/Makefile b/utils/libnetwork/Makefile
index cc445df1a8aa1..07206d9c2e9d9 100644
--- a/utils/libnetwork/Makefile
+++ b/utils/libnetwork/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libnetwork
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 
@@ -12,9 +12,9 @@ GO_PKG_BUILD_PKG:= \
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://$(GO_PKG)
-PKG_SOURCE_VERSION:=fa125a3512ee0f6187721c88582bf8c4378bd4d7
-PKG_SOURCE_DATE:=2020-12-15
-PKG_MIRROR_HASH:=f6fcc6c900c1d542dfede0f53691108f12b63ff20ecf870eebc0aa2df1848b24
+PKG_SOURCE_VERSION:=b3507428be5b458cb0e2b4086b13531fb0706e46
+PKG_SOURCE_DATE:=2021-01-26
+PKG_MIRROR_HASH:=421d1b7cd95d0d0ec2801ebb0b360416cd2382e1ef9e70f4ca5cb63fb6a4ee8c
 
 PKG_MAINTAINER:=Gerard Ryan 
 

From 4aaeecc1d1f7debb57e8bafbcbeddb486bcca6c2 Mon Sep 17 00:00:00 2001
From: Gerard Ryan 
Date: Wed, 21 Apr 2021 21:04:21 +1000
Subject: [PATCH 096/221] docker: Updated to 20.10.6

Signed-off-by: Gerard Ryan 
---
 utils/docker/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/utils/docker/Makefile b/utils/docker/Makefile
index cad6bc77599b3..1bf432675db18 100644
--- a/utils/docker/Makefile
+++ b/utils/docker/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=docker
-PKG_VERSION:=20.10.5
+PKG_VERSION:=20.10.6
 PKG_RELEASE:=1
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
@@ -10,8 +10,8 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_GIT_URL:=github.com/docker/cli
 PKG_GIT_REF:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)?
-PKG_HASH:=4ba845f8c7e2e0a2ca1ec6589847159ca8d0d37b609f0e6f78def7a893b9b342
-PKG_GIT_SHORT_COMMIT:=55c4c88 # SHA1 used within the docker executables
+PKG_HASH:=eda53b96ab83a59502df2e5e00ab7ee867243259407ef454be55e695303c1113
+PKG_GIT_SHORT_COMMIT:=370c289 # SHA1 used within the docker executables
 
 PKG_MAINTAINER:=Gerard Ryan 
 

From 6f349d39fadf225a43a48f5961ac1536841c7f2b Mon Sep 17 00:00:00 2001
From: Gerard Ryan 
Date: Wed, 21 Apr 2021 21:04:48 +1000
Subject: [PATCH 097/221] dockerd: Updated to 20.10.6

Signed-off-by: Gerard Ryan 
---
 utils/dockerd/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/utils/dockerd/Makefile b/utils/dockerd/Makefile
index cf0d51b6bc4ee..4b1488328f6f1 100644
--- a/utils/dockerd/Makefile
+++ b/utils/dockerd/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dockerd
-PKG_VERSION:=20.10.5
+PKG_VERSION:=20.10.6
 PKG_RELEASE:=1
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
@@ -10,8 +10,8 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_GIT_URL:=github.com/moby/moby
 PKG_GIT_REF:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)?
-PKG_HASH:=bcf651d75e5c80421e8cd3b0d47f3425e01047cf67aef0eda83b68776905a583
-PKG_GIT_SHORT_COMMIT:=363e9a8 # SHA1 used within the docker executables
+PKG_HASH:=fd7f5571b1f64f26b5ca520a3e1fefb33c190f3732b931051c23a76bdba5000e
+PKG_GIT_SHORT_COMMIT:=8728dd2 # SHA1 used within the docker executables
 
 PKG_MAINTAINER:=Gerard Ryan 
 

From 3f365dd6f744396f4a27496178b5646c262df60e Mon Sep 17 00:00:00 2001
From: Hirokazu MORIKAWA 
Date: Wed, 21 Apr 2021 11:24:44 +0900
Subject: [PATCH 098/221] node: Resolve ICU conflict

Resolve conflicts between OpenWrt's ICU package and the ICU shipped with node.js.

https://github.com/openwrt/packages/issues/15437

Signed-off-by: Hirokazu MORIKAWA 
---
 lang/node/Makefile                           |  2 +-
 lang/node/patches/999-fix_icu_conflict.patch | 74 ++++++++++++++++++++
 2 files changed, 75 insertions(+), 1 deletion(-)
 create mode 100644 lang/node/patches/999-fix_icu_conflict.patch

diff --git a/lang/node/Makefile b/lang/node/Makefile
index 126b796410b1d..65e9bbdc3d3d6 100644
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=node
 PKG_VERSION:=v14.16.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
diff --git a/lang/node/patches/999-fix_icu_conflict.patch b/lang/node/patches/999-fix_icu_conflict.patch
new file mode 100644
index 0000000000000..0a4170a9eaf73
--- /dev/null
+++ b/lang/node/patches/999-fix_icu_conflict.patch
@@ -0,0 +1,74 @@
+--- a/tools/icu/icu-generic.gyp
++++ b/tools/icu/icu-generic.gyp
+@@ -181,6 +181,7 @@
+               '<(icu_path)/source/i18n/uspoof_wsconf.h',
+             ]}],
+             ],
++          'include_dirs!': [ '
Date: Wed, 21 Apr 2021 17:08:17 +0100
Subject: [PATCH 099/221] uvol: improve autopart and lvm scripts, fix F2FS
 volumes

Use sfdisk to get GPT partition by name as partition names are not
known by the kernel if added via partx.
Make sure physical volume names are unique, if possible correlate
with the disks serial number and/or card's cid.
mkf2fs apparently returns 134 even in case format succeeded, so don't
fail in that case (this fixes rw volumes large enough for F2FS to be
selected by the lvm scripts of uvol).

Signed-off-by: Daniel Golle 
---
 utils/uvol/files/autopart.defaults | 32 +++++++++++++++++++++++++-----
 utils/uvol/files/lvm.sh            |  6 ++++--
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/utils/uvol/files/autopart.defaults b/utils/uvol/files/autopart.defaults
index c35b238adc5d2..b6a3cdd603078 100644
--- a/utils/uvol/files/autopart.defaults
+++ b/utils/uvol/files/autopart.defaults
@@ -2,9 +2,29 @@
 
 . /lib/functions.sh
 . /lib/upgrade/common.sh
+. /usr/share/libubox/jshn.sh
 
 OWRT_VOLUMES=owrt-volumes
 
+
+get_partition_by_name_gpt() {
+	local dev="$1"
+	local part parts node name
+	json_load "$(sfdisk -J "/dev/$dev" 2>/dev/null)"
+	json_select "partitiontable" || return
+	json_select "partitions" || return
+	json_get_keys parts
+	for part in $parts; do
+		json_select "$part"
+		json_get_vars node name
+		if [ "$2" = "$name" ]; then
+			echo "$node"
+			break
+		fi
+		json_select ..
+	done
+}
+
 part_fixup() {
 	echo "write" | sfdisk --force -q -w never $1
 }
@@ -57,20 +77,22 @@ lvm_init() {
 autopart_init() {
 	local diskdev
 	local lvmpart
-	local diskserial
+	local diskserial diskhash
 
 	export_bootdevice && export_partdevice diskdev 0
 
 	[ "$diskdev" ] || return
 
-	[ -e "/sys/class/block/$diskdev/device/serial" ] && diskserial=$(cat /sys/class/block/$diskdev/device/serial)
-
+	[ -e "/sys/class/block/$diskdev/device/serial" ] && diskserial="$(cat /sys/class/block/$diskdev/device/serial)"
+	[ -e "/sys/class/block/$diskdev/device/cid" ] && diskserial="$diskserial$(cat /sys/class/block/$diskdev/device/cid)"
+	[ "$diskserial" ] || diskserial="$(cat /proc/sys/kernel/random/uuid)"
+	diskhash="$(echo $diskserial | sha256sum | cut -d' ' -f1)"
 	part_fixup /dev/$diskdev
 	create_lvm_part /dev/$diskdev || return
-	lvmpart=$(get_partition_by_name $diskdev $OWRT_VOLUMES)
+	lvmpart=$(get_partition_by_name_gpt $diskdev $OWRT_VOLUMES)
 
 	[ "$lvmpart" ] || return
-	lvm_init /dev/$lvmpart "${OWRT_VOLUMES}${diskserial:+-${diskserial:2}}"
+	lvm_init $lvmpart "${OWRT_VOLUMES}-${diskhash:0:16}"
 }
 
 autopart_init
diff --git a/utils/uvol/files/lvm.sh b/utils/uvol/files/lvm.sh
index 4a20f628d19ca..c250be534bcb7 100644
--- a/utils/uvol/files/lvm.sh
+++ b/utils/uvol/files/lvm.sh
@@ -231,7 +231,9 @@ createvol() {
 	[ "$lv_full_name" ] || return 22
 	lvm_cmd lvchange -a y "$lv_full_name" || return 1
 	if [ $lv_size -gt $(( 100 * 1024 * 1024 )) ]; then
-		mkfs.f2fs -f -l "$1" "$lv_path" || return 1
+		mkfs.f2fs -f -l "$1" "$lv_path"
+		ret=$?
+		[ $ret != 0 ] && [ $ret != 134 ] && return 1
 	else
 		mke2fs -F -L "$1" "$lv_path" || return 1
 	fi
@@ -271,7 +273,7 @@ listvols() {
 	local reports rep lv lvs lv_name lv_size lv_mode volname
 	volname=${1:-.*}
 	json_init
-	json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^[rw][ow]_$volname\$ && vg_name=$vg_name")"
+	json_load "$(lvs -o lv_name,lv_size -S "lv_name=~^[rw][owp]_$volname\$ && vg_name=$vg_name")"
 	json_select report
 	json_get_keys reports
 	for rep in $reports; do

From 5c01e74751f502c4b2c54d9b5ae494d35ce8acc2 Mon Sep 17 00:00:00 2001
From: Magnus Kroken 
Date: Wed, 21 Apr 2021 22:45:03 +0200
Subject: [PATCH 100/221] openvpn: update to 2.5.2

Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.

OpenVPN 2.5.2 also includes other bug fixes and improvements.

Add CI build test script.

Signed-off-by: Magnus Kroken 
---
 net/openvpn/Makefile                          |  6 +--
 ...bedtls-disable-runtime-version-check.patch |  2 +-
 ...15-fix-mbedtls-without-renegotiation.patch | 42 +++++++++++++++++++
 net/openvpn/test.sh                           | 10 +++++
 4 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch
 create mode 100755 net/openvpn/test.sh

diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile
index 3b3adce42714c..d46b7bb73b84e 100644
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.5.1
-PKG_RELEASE:=3
+PKG_VERSION:=2.5.2
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \
 	https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=40930489c837c05f6153f38e1ebaec244431ef1a034e4846ff732d71d59ff194
+PKG_HASH:=b12743836901f365efaf82ab2493967e1b21c21eb43ce9a8da1002a17c9c1dc8
 
 PKG_MAINTAINER:=Magnus Kroken 
 
diff --git a/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
index 4141c2863cf85..c54277006d067 100644
--- a/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
+++ b/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1520,7 +1520,7 @@ const char *
+@@ -1535,7 +1535,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];
diff --git a/net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch b/net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch
new file mode 100644
index 0000000000000..532d64f601cdb
--- /dev/null
+++ b/net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch
@@ -0,0 +1,42 @@
+From e4bd17c86e01aaf6f809d9ea355419c86c4defdc Mon Sep 17 00:00:00 2001
+From: Max Fillinger 
+Date: Mon, 12 Apr 2021 19:46:17 +0200
+Subject: [PATCH] Fix build with mbedtls w/o SSL renegotiation support
+
+In mbedtls, support for SSL renegotiation can be disabled at
+compile-time. However, OpenVPN cannot be built with such a library
+because it calls mbedtls_ssl_conf_renegotiation() to disable this
+feature at runtime. This function doesn't exist when mbedtls was built
+without support for SSL renegotiation.
+
+This commit fixes the build by ifdef'ing out the function call when
+mbedtls was built without support for SSL renegotiation.
+
+Signed-off-by: Max Fillinger 
+Acked-by: Antonio Quartulli 
+Message-Id: 
+URL: https://www.mail-archive.com/search?l=mid&q=E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com
+Signed-off-by: Gert Doering 
+---
+ src/openvpn/ssl_mbedtls.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/src/openvpn/ssl_mbedtls.c
++++ b/src/openvpn/ssl_mbedtls.c
+@@ -1098,10 +1098,13 @@ key_state_ssl_init(struct key_state_ssl
+     {
+         mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups);
+     }
+-    /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
+-     * session and does not depend on this feature. And TLS renegotiations have
+-     * been problematic in the past */
++
++    /* Disable TLS renegotiations if the mbedtls library supports that feature.
++     * OpenVPN's renegotiation creates new SSL sessions and does not depend on
++     * this feature and TLS renegotiations have been problematic in the past. */
++#if defined(MBEDTLS_SSL_RENEGOTIATION)
+     mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
++#endif /* MBEDTLS_SSL_RENEGOTIATION */
+ 
+     /* Disable record splitting (for now).  OpenVPN assumes records are sent
+      * unfragmented, and changing that will require thorough review and
diff --git a/net/openvpn/test.sh b/net/openvpn/test.sh
new file mode 100755
index 0000000000000..b51ccd6a1c4e8
--- /dev/null
+++ b/net/openvpn/test.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case "$1" in
+	"openvpn-mbedtls")
+		openvpn --version | grep "$2.*SSL (mbed TLS)"
+		;;
+	"openvpn-openssl")
+		openvpn --version | grep "$2.*SSL (OpenSSL)"
+		;;
+esac

From 089334c196975d90867050883177ac771eca211e Mon Sep 17 00:00:00 2001
From: Maxim Storchak 
Date: Thu, 22 Apr 2021 00:05:36 +0300
Subject: [PATCH 101/221] tmux: update to 3.2

- switch to $(AUTORELEASE)
- change dependency from libevent2 to libevent2-core

Signed-off-by: Maxim Storchak 
---
 utils/tmux/Makefile                           |  8 +++----
 .../100-add-crosscompiling-fallbacks.patch    | 24 +++++++++++++++++++
 2 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 utils/tmux/patches/100-add-crosscompiling-fallbacks.patch

diff --git a/utils/tmux/Makefile b/utils/tmux/Makefile
index d180cad3811ec..f7f835faa6f2d 100644
--- a/utils/tmux/Makefile
+++ b/utils/tmux/Makefile
@@ -2,12 +2,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tmux
-PKG_VERSION:=3.1c
-PKG_RELEASE:=1
+PKG_VERSION:=3.2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tmux/tmux/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=b9617dd4d1c541ebc21b6b5760d58102fc039a593786aab273b5dd95dd514bea
+PKG_HASH:=290a2f25a2f26c649f7ec7f2880586b8d3f43e24d7cb42c691f430941edb4fcf
 PKG_MAINTAINER:=Maxim Storchak 
 
 PKG_LICENSE:=ISC
@@ -25,7 +25,7 @@ define Package/tmux
   CATEGORY:=Utilities
   SUBMENU:=Terminal
   TITLE:=Terminal multiplexer
-  DEPENDS:=+libncurses +libevent2 +libpthread +librt
+  DEPENDS:=+libncurses +libevent2-core +libpthread +librt
   URL:=http://tmux.github.io/
 endef
 
diff --git a/utils/tmux/patches/100-add-crosscompiling-fallbacks.patch b/utils/tmux/patches/100-add-crosscompiling-fallbacks.patch
new file mode 100644
index 0000000000000..83762df7c1d33
--- /dev/null
+++ b/utils/tmux/patches/100-add-crosscompiling-fallbacks.patch
@@ -0,0 +1,24 @@
+commit bb6242675ad0c7447daef148fffced882e5b4a61
+Author: Nicholas Marriott 
+Date:   Thu Apr 15 06:45:19 2021 +0100
+
+    Add crosscompiling fallbacks, from Hasso Tepper.
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -163,6 +163,7 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM(
+ 		[return (reallocarray(NULL, 1, 1) == NULL);]
+ 	)],
+ 	AC_MSG_RESULT(yes),
++	[AC_LIBOBJ(reallocarray) AC_MSG_RESULT([no])],
+ 	[AC_LIBOBJ(reallocarray) AC_MSG_RESULT([no])]
+ )
+ AC_MSG_CHECKING([for working recallocarray])
+@@ -171,6 +172,7 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM(
+ 		[return (recallocarray(NULL, 1, 1, 1) == NULL);]
+ 	)],
+ 	AC_MSG_RESULT(yes),
++	[AC_LIBOBJ(recallocarray) AC_MSG_RESULT([no])],
+ 	[AC_LIBOBJ(recallocarray) AC_MSG_RESULT([no])]
+ )
+ 

From de4b95709c28755531c22753d555f5ec2fd36539 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Thu, 22 Apr 2021 00:00:08 +0100
Subject: [PATCH 102/221] gnunet: update to v0.14.1

 * lots of fixes for many subsystems
 * new messenger group chat service
 * 'abd' temporarily removed due to upstream issue

Signed-off-by: Daniel Golle 
---
 net/gnunet/Makefile | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/net/gnunet/Makefile b/net/gnunet/Makefile
index 72647b8f3d05d..51fb6e45813fb 100644
--- a/net/gnunet/Makefile
+++ b/net/gnunet/Makefile
@@ -2,11 +2,11 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gnunet
 
-PKG_VERSION:=0.13.3
-PKG_RELEASE:=4
+PKG_VERSION:=0.14.1
+PKG_RELEASE:=$(AUTORELEASE)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=318e06c4134d1a8ce3b4385d82b11316eaaeb9a4dbc5d4b646453dfc53199296
+PKG_HASH:=4a3205c570c30756f1a8b1ad0f1a63d078a92f0fac8e543471d54f4552da18c2
 
 PKG_LICENSE:=AGPL-3.0
 PKG_LICENSE_FILES:=COPYING
@@ -147,7 +147,7 @@ define Package/gnunet/install
 	    core datacache dht dns fragmentation friends hello \
 	    identity natauto natnew nse nt peerinfo peerstore regexblock regex revocation \
 	    scalarproduct set seti setu statistics transport transportapplication \
-	    transportcommunicator transportcore transportmonitor util; do \
+	    transportcore transportmonitor util; do \
 		$(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnunet$$$$lib.so* $(1)/usr/lib/ ; \
 	done )
 
@@ -166,7 +166,7 @@ define Package/gnunet/install
 		$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/gnunet/libexec/gnunet-$$$$lex $(1)/usr/lib/gnunet/libexec ; \
 	done )
 
-	( for conf in arm ats cadet communicator-unix core datacache dht identity \
+	( for conf in arm ats cadet core datacache dht identity \
 	    nat nat-auto nse peerinfo peerstore regex revocation \
 	    scalarproduct set seti setu statistics topology transport util; do \
 		$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/gnunet/config.d/$$$$conf.conf $(1)/usr/share/gnunet/config.d ; \
@@ -272,6 +272,10 @@ LIB_datastore:=datastore
 LIBEXEC_datastore:=service-datastore
 CONF_datastore:=datastore
 
+BIN_messenger:=messenger
+LIB_messenger:=messenger
+LIBEXEC_messenger:=service-messenger
+CONF_messenger:=messenger
 
 DEPENDS_reclaim:=+gnunet-gns +gnunet-sqlite +libpbc +libgabe +jansson
 BIN_reclaim:=reclaim
@@ -281,7 +285,7 @@ CONF_reclaim:=consensus reclaim secretsharing
 PLUGIN_reclaim:=block_consensus gnsrecord_reclaim reclaim_credential_jwt reclaim_attribute_basic
 
 DEPENDS_rest:=+gnunet-gns +gnunet-reclaim +libmicrohttpd-ssl +jansson
-LIB_rest:=rest json
+LIB_rest:=rest json gnsrecordjson
 PLUGIN_rest:=rest_config rest_copying rest_gns rest_identity rest_namestore rest_peerinfo rest_openid_connect rest_reclaim
 LIBEXEC_rest:=rest-server
 CONF_rest:=rest
@@ -326,7 +330,6 @@ DEPENDS_gns-pgsql:=+gnunet-pgsql +gnunet-gns
 PLUGIN_gns-pgsql:=namecache_postgres namestore_postgres
 CONFLICTS_gns-pgsql:=gnunet-gns-sqlite gnunet-gns-flat
 
-
 DEPENDS_sqlite:=+libsqlite3
 LIB_sqlite:=sq
 
@@ -399,7 +402,7 @@ $(eval $(call PostInstFixSUIDPerms,gnunet-transport-wlan))
 $(eval $(call PostInstFixSUIDPerms,gnunet-vpn))
 
 $(eval $(call BuildPackage,gnunet))
-$(eval $(call BuildComponent,abd,credential service components,))
+#$(eval $(call BuildComponent,abd,credential service components,))
 $(eval $(call BuildComponent,auction,auction components,))
 $(eval $(call BuildComponent,conversation,conversation component,))
 $(eval $(call BuildComponent,curl,cURL wrapper component,))
@@ -410,6 +413,7 @@ $(eval $(call BuildComponent,fs,file-sharing components,))
 $(eval $(call BuildComponent,gns,name resolution components,y))
 $(eval $(call BuildComponent,gns-proxy,gns-proxy component,))
 $(eval $(call BuildComponent,hostlist,HTTP bootstrap hostlist client and server,y))
+$(eval $(call BuildComponent,messenger,group chat messenger,))
 $(eval $(call BuildComponent,reclaim,reclaim identity-provider subsystem,))
 $(eval $(call BuildComponent,rest,REST interface,))
 $(eval $(call BuildComponent,rps,RPS routing component,y))

From 7baecf963823313636b8f24a0c146614b78d6b25 Mon Sep 17 00:00:00 2001
From: Dirk Brenken 
Date: Wed, 21 Apr 2021 21:00:52 +0200
Subject: [PATCH 103/221] banip: update to 0.7.7

* add a "whitelist only" mode, this option allows to restrict Internet
  access from/to a small number of secure websites/IPs, and block access
  from/to the rest of the Internet.

Signed-off-by: Dirk Brenken 
---
 net/banip/Makefile        |   4 +-
 net/banip/files/README.md |  28 +++++----
 net/banip/files/banip.sh  | 125 ++++++++++++++++++++++----------------
 3 files changed, 91 insertions(+), 66 deletions(-)

diff --git a/net/banip/Makefile b/net/banip/Makefile
index 9f0a86540b1f4..b7fc044c89924 100644
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
-PKG_VERSION:=0.7.6
-PKG_RELEASE:=2
+PKG_VERSION:=0.7.7
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken 
 
diff --git a/net/banip/files/README.md b/net/banip/files/README.md
index c9aadb32f77a4..df956383563f1 100644
--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@@ -50,6 +50,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 * auto-add unsuccessful LuCI, nginx or ssh login attempts via 'dropbear'/'sshd' to local blacklist
 * auto-add the uplink subnet to local whitelist
 * black- and whitelist also accept domain names as input to allow IP filtering based on these names
+* supports a 'whitelist only' mode, this option allows to restrict Internet access from/to a small number of secure websites/IPs
 * provides a small background log monitor to ban unsuccessful login attempts in real-time
 * per source configuration of SRC (incoming) and DST (outgoing)
 * integrated IPSet-Lookup
@@ -122,6 +123,7 @@ Available commands:
 | ban_logdst_enabled      | option | 0                             | enable the dst-related logchain                                                       |
 | ban_autoblacklist       | option | 1                             | add suspicious IPs automatically to the local blacklist                               |
 | ban_autowhitelist       | option | 1                             | add wan IPs/subnets automatically to the local whitelist                              |
+| ban_whitelistonly       | option | 0                             | allow to restrict Internet access from/to a small number of secure websites/IPs       |
 | ban_maxqueue            | option | 4                             | size of the download queue to handle downloads and processing in parallel             |
 | ban_reportdir           | option | /tmp/banIP-Report             | directory where banIP stores the report files                                         |
 | ban_backupdir           | option | /tmp/banIP-Backup             | directory where banIP stores the compressed backup files                              |
@@ -206,18 +208,17 @@ Available commands:
 ~# /etc/init.d/banip status
 ::: banIP runtime information
   + status          : enabled
-  + version         : 0.7.5
-  + ipset_info      : 27 IPSets with 280704 IPs/Prefixes
-  + active_sources  : blacklist, country, darklist, debl, doh, drop, dshield, feodo, firehol1, greensnow, iblockspy, nix
-                      spam, sslbl, talos, threat, tor, uceprotect1, voip, whitelist, yoyo
-  + active_devs     : eth3
-  + active_ifaces   : wan, wan6
-  + active_logterms : dropbear, luci
-  + active_subnets  : xxx.xxx.x.xxx/24, xxxx:xxxx:xxxx:0:xxxx:xxxx:xxxx:xxxx/64
-  + run_infos       : settype: src+dst, backup_dir: /mnt/data/banIP/backup, report_dir: /mnt/data/banIP/report
-  + run_flags       : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✔
-  + last_run        : refresh, 0m 15s, 4019/3743/3784, 15.03.2021 09:28:01
-  + system          : PC Engines apu4, OpenWrt SNAPSHOT r16186-bf4aa0c6a2
+  + version         : 0.7.7
+  + ipset_info      : 2 IPSets with 30 IPs/Prefixes
+  + active_sources  : whitelist
+  + active_devs     : wlan0
+  + active_ifaces   : trm_wwan, trm_wwan6
+  + active_logterms : dropbear, sshd, luci, nginx
+  + active_subnets  : xxx.xxx.xxx.xxx/24, xxxx:xxxx:xxxx:xx::xxx/128
+  + run_infos       : settype: src+dst, backup_dir: /tmp/banIP-Backup, report_dir: /tmp/banIP-Report
+  + run_flags       : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✘, whitelist only: ✔
+  + last_run        : restart, 0m 3s, 122/30/14, 21.04.2021 20:14:36
+  + system          : TP-Link RE650 v1, OpenWrt SNAPSHOT r16574-f7e00d81bc
**black-/whitelist handling:** @@ -225,6 +226,9 @@ banIP supports a local black & whitelist (IPv4, IPv6, CIDR notation or domain na Unsuccessful LuCI logins, suspicious nginx request or ssh login attempts via 'dropbear'/'sshd' could be tracked and automatically added to the local blacklist (see the 'ban_autoblacklist' option). Furthermore the uplink subnet could be automatically added to local whitelist (see 'ban_autowhitelist' option). The list behaviour could be further tweaked with different timeout and counter options (see the config options section above). Last but not least, both lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets. The detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. +**whitelist-only mode:** +banIP supports a "whitelist only" mode. This option allows to restrict the internet access from/to a small number of secure websites/IPs, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the whitelist are blocked. Please note: suspend/resume does not work in this mode. + **generate an IPSet report:** 

 ~# /etc/init.d/banip report
diff --git a/net/banip/files/banip.sh b/net/banip/files/banip.sh
index 5e80ee291ff8c..ed808529dbbf1 100755
--- a/net/banip/files/banip.sh
+++ b/net/banip/files/banip.sh
@@ -12,7 +12,7 @@
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail
-ban_ver="0.7.6"
+ban_ver="0.7.7"
 ban_enabled="0"
 ban_mail_enabled="0"
 ban_proto4_enabled="0"
@@ -23,6 +23,7 @@ ban_monitor_enabled="0"
 ban_autodetect="1"
 ban_autoblacklist="1"
 ban_autowhitelist="1"
+ban_whitelistonly="0"
 ban_logterms=""
 ban_loglimit="100"
 ban_ssh_logcount="3"
@@ -240,7 +241,7 @@ f_conf()
 	fi
 	ban_localsources="${ban_localsources:-"maclist whitelist blacklist"}"
 	ban_logterms="${ban_logterms:-"dropbear sshd luci nginx"}"
-	f_log "debug" "f_conf  ::: ifaces: ${ban_ifaces:-"-"}, chain: ${ban_chain}, set_type: ${ban_global_settype}, log_chains (src/dst): ${ban_logchain_src}/${ban_logchain_dst}, targets (src/dst): ${ban_target_src}/${ban_target_dst}"
+	f_log "debug" "f_conf  ::: ifaces: ${ban_ifaces:-"-"}, chain: ${ban_chain}, set_type: ${ban_global_settype}, log_chains (src/dst): ${ban_logchain_src}/${ban_logchain_dst}, targets (src/dst): ${ban_target_src}/${ban_target_dst}, whitelist_only: ${ban_whitelistonly}"
 	f_log "debug" "f_conf  ::: lan_inputs (4/6): ${ban_lan_inputchains_4}/${ban_lan_inputchains_6}, lan_forwards (4/6): ${ban_lan_forwardchains_4}/${ban_lan_forwardchains_6}, wan_inputs (4/6): ${ban_wan_inputchains_4}/${ban_wan_inputchains_6}, wan_forwards (4/6): ${ban_wan_forwardchains_4}/${ban_wan_forwardchains_6}"
 	f_log "debug" "f_conf  ::: local_sources: ${ban_localsources:-"-"}, extra_sources: ${ban_extrasources:-"-"}, log_terms: ${ban_logterms:-"-"}, log_prefixes (src/dst): ${ban_logprefix_src}/${ban_logprefix_dst}, log_options (src/dst): ${ban_logopts_src}/${ban_logopts_dst}"
 }
@@ -547,8 +548,14 @@ f_iptables()
 				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} src -j RETURN"
 			elif [ "${src_name%_*}" = "whitelist" ]
 			then
-				f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN"
-				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN"
+				if [ "${ban_whitelistonly}" = "1" ]
+				then
+					f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_logtarget_src}"
+					f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_logtarget_dst}"
+				else
+					f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN"
+					f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN"
+				fi
 			else
 				f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j ${ban_logtarget_src}"
 				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j ${ban_logtarget_dst}"
@@ -599,7 +606,12 @@ f_iptables()
 				elif [ "${src_name%_*}" = "whitelist" ]
 				then
 					pos="$(( $("${ipt_cmd}" "${timeout}" -vnL "${ban_chain}" --line-numbers | grep -cF "RETURN")+1))"
-					f_iptrule "-I" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN" "${pos}"
+					if [ "${ban_whitelistonly}" = "1" ]
+					then
+						f_iptrule "-I" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_target_src}" "${pos}"
+					else
+						f_iptrule "-I" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN" "${pos}"
+					fi
 				else
 					f_iptrule "${action:-"-A"}" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j ${ban_target_src}"
 				fi
@@ -612,7 +624,12 @@ f_iptables()
 				if [ "${src_name%_*}" = "whitelist" ]
 				then
 					pos="$(( $("${ipt_cmd}" "${timeout}" -vnL "${ban_chain}" --line-numbers | grep -cF "RETURN")+1))"
-					f_iptrule "-I" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN" "${pos}"
+					if [ "${ban_whitelistonly}" = "1" ]
+					then
+						f_iptrule "-I" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_target_dst}" "${pos}"
+					else
+						f_iptrule "-I" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN" "${pos}"
+					fi
 				elif [ "${src_name}" != "maclist" ]
 				then
 					f_iptrule "${action:-"-A"}" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j ${ban_target_dst}"
@@ -913,7 +930,7 @@ f_bgsrv()
 	local bg_pid action="${1}"
 
 	bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}|${ban_logread_cmd}|^grep -qE Exit before auth|^grep -qE error: maximum|^grep -qE luci: failed|^grep -qE nginx" | awk '{ORS=" "; print $1}')"
-	if [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ]
+	if [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ] && [ "${ban_whitelistonly}" = "0" ]
 	then
 		if [ -n "${bg_pid}" ]
 		then
@@ -1269,7 +1286,7 @@ f_main()
 		fi
 		if [ "${ban_proto4_enabled}" = "1" ]
 		then
-			if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ]
+			if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ] && [ "${ban_whitelistonly}" = "0" ]
 			then
 				(
 					src_rule_4="/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add ${src_name}_4 \"\$1}"
@@ -1290,7 +1307,7 @@ f_main()
 		fi
 		if [ "${ban_proto6_enabled}" = "1" ]
 		then
-			if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ]
+			if [ "${src_name}" = "blacklist" ] && [ -s "${ban_blacklist}" ] && [ "${ban_whitelistonly}" = "0" ]
 			then
 				(
 					src_rule_6="/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add ${src_name}_6 \"\$1}"
@@ -1314,50 +1331,53 @@ f_main()
 
 	# loop over all external sources
 	#
-	for src_name in ${ban_sources}
-	do
-		# get source data from JSON file
-		#
-		json_select "${src_name}" >/dev/null 2>&1
-		if [ "${?}" != "0" ]
-		then
-			continue
-		fi
-		json_objects="url_4 rule_4 url_6 rule_6 comp"
-		for object in ${json_objects}
+	if [ "${ban_whitelistonly}" = "0" ]
+	then
+		for src_name in ${ban_sources}
 		do
-			eval json_get_var src_${object} "\${object}" >/dev/null 2>&1
-		done
-		json_select ..
+			# get source data from JSON file
+			#
+			json_select "${src_name}" >/dev/null 2>&1
+			if [ "${?}" != "0" ]
+			then
+				continue
+			fi
+			json_objects="url_4 rule_4 url_6 rule_6 comp"
+			for object in ${json_objects}
+			do
+				eval json_get_var src_${object} "\${object}" >/dev/null 2>&1
+			done
+			json_select ..
 
-		# handle external IPv4 source downloads in a subshell
-		#
-		if [ "${ban_proto4_enabled}" = "1" ] && [ -n "${src_url_4}" ] && [ -n "${src_rule_4}" ]
-		then
-			(
-				f_down "${src_name}" "4" "inet" "${src_url_4}" "${src_rule_4}" "${src_comp}"
-			)&
-		fi
+			# handle external IPv4 source downloads in a subshell
+			#
+			if [ "${ban_proto4_enabled}" = "1" ] && [ -n "${src_url_4}" ] && [ -n "${src_rule_4}" ]
+			then
+				(
+					f_down "${src_name}" "4" "inet" "${src_url_4}" "${src_rule_4}" "${src_comp}"
+				)&
+			fi
 
-		# handle external IPv6 source downloads in a subshell
-		#
-		if [ "${ban_proto6_enabled}" = "1" ] && [ -n "${src_url_6}" ] && [ -n "${src_rule_6}" ]
-		then
-			(
-				f_down "${src_name}" "6" "inet6" "${src_url_6}" "${src_rule_6}" "${src_comp}"
-			)&
-		fi
+			# handle external IPv6 source downloads in a subshell
+			#
+			if [ "${ban_proto6_enabled}" = "1" ] && [ -n "${src_url_6}" ] && [ -n "${src_rule_6}" ]
+			then
+				(
+					f_down "${src_name}" "6" "inet6" "${src_url_6}" "${src_rule_6}" "${src_comp}"
+				)&
+			fi
 
-		# control/limit download queues
-		#
-		hold=$((cnt%ban_maxqueue))
-		if [ "${hold}" = "0" ]
-		then
-			wait
-		fi
-		cnt=$((cnt+1))
-	done
-	wait
+			# control/limit download queues
+			#
+			hold=$((cnt%ban_maxqueue))
+			if [ "${hold}" = "0" ]
+			then
+				wait
+			fi
+			cnt=$((cnt+1))
+		done
+		wait
+	fi
 
 	# error out
 	#
@@ -1635,6 +1655,7 @@ f_report()
 			json_select ".."
 		done
 		content="$(cat "${report_txt}" 2>/dev/null)"
+		rm -f "${report_txt}"
 	fi
 
 	# report output
@@ -1726,7 +1747,7 @@ f_jsnup()
 	done
 	json_close_array
 	json_add_string "run_infos" "settype: ${ban_global_settype}, backup_dir: ${ban_backupdir}, report_dir: ${ban_reportdir}"
-	json_add_string "run_flags" "protocols (4/6): $(f_char ${ban_proto4_enabled})/$(f_char ${ban_proto6_enabled}), log (src/dst): $(f_char ${ban_logsrc_enabled})/$(f_char ${ban_logdst_enabled}), monitor: $(f_char ${ban_monitor_enabled}), mail: $(f_char ${ban_mail_enabled})"
+	json_add_string "run_flags" "protocols (4/6): $(f_char ${ban_proto4_enabled})/$(f_char ${ban_proto6_enabled}), log (src/dst): $(f_char ${ban_logsrc_enabled})/$(f_char ${ban_logdst_enabled}), monitor: $(f_char ${ban_monitor_enabled}), mail: $(f_char ${ban_mail_enabled}), whitelist only: $(f_char ${ban_whitelistonly})"
 	json_add_string "last_run" "${runtime:-"-"}"
 	json_add_string "system" "${ban_sysver}"
 	json_dump > "${ban_rtfile}"
@@ -1783,7 +1804,7 @@ case "${ban_action}" in
 		f_main
 	;;
 	"suspend")
-		if [ "${ban_status}" = "enabled" ]
+		if [ "${ban_status}" = "enabled" ] && [ "${ban_whitelistonly}" = "0" ]
 		then
 			f_bgsrv "stop"
 			f_jsnup "running"
@@ -1793,7 +1814,7 @@ case "${ban_action}" in
 		f_rmtmp
 	;;
 	"resume")
-		if [ "${ban_status}" = "paused" ]
+		if [ "${ban_status}" = "paused" ] && [ "${ban_whitelistonly}" = "0" ]
 		then
 			f_env
 			f_main

From 52a0389f9ee44dd7baa97fda886c1393734710d8 Mon Sep 17 00:00:00 2001
From: Ansuel Smith 
Date: Fri, 23 Apr 2021 01:58:41 +0200
Subject: [PATCH 104/221] atlas-sw-probe: improve key creation

- Exit start if a probe_key is not present
- Add create_key command to generate a private_key based on the provided username in the atlas config.
- Add registration instruction in /etc/atlas
- Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir)

Signed-off-by: Ansuel Smith 
---
 net/atlas-sw-probe/Makefile           |  9 +++-
 net/atlas-sw-probe/files/atlas.conf   |  1 +
 net/atlas-sw-probe/files/atlas.init   | 61 ++++++++++++++++++++++++++-
 net/atlas-sw-probe/files/atlas.readme | 12 ++++++
 4 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 net/atlas-sw-probe/files/atlas.readme

diff --git a/net/atlas-sw-probe/Makefile b/net/atlas-sw-probe/Makefile
index b4cc2f318380e..41043749c5f28 100644
--- a/net/atlas-sw-probe/Makefile
+++ b/net/atlas-sw-probe/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=atlas-sw-probe
 PKG_VERSION:=5020
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
@@ -30,7 +30,7 @@ define Package/atlas-sw-probe
   CATEGORY:=Network
   TITLE:=RIPE Atlas software probe
   URL:=https://atlas.ripe.net/about/probes/
-  DEPENDS:=+atlas-probe
+  DEPENDS:=+atlas-probe +PACKAGE_dropbear:dropbearconvert
 endef
 
 define Package/atlas-sw-probe/description
@@ -68,6 +68,7 @@ exit 0
 endef
 
 define Package/atlas-sw-probe/conffiles
+/etc/atlas/
 /etc/config/atlas
 /usr/libexec/atlas-probe-scripts/state/config.txt
 endef
@@ -104,6 +105,10 @@ define Package/atlas-sw-probe/install
 	# Fix permision
 	chmod 755 $(1)/$(SCRIPTS_DIR)/bin
 
+	# Add registration instruction
+	$(INSTALL_DIR) $(1)/etc/atlas/
+	$(CP) ./files/atlas.readme $(1)/etc/atlas/
+
 	# Create softlinks for writable dirs
 	$(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons
 	$(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data
diff --git a/net/atlas-sw-probe/files/atlas.conf b/net/atlas-sw-probe/files/atlas.conf
index d2a12a523f9f6..77a47c0af9967 100644
--- a/net/atlas-sw-probe/files/atlas.conf
+++ b/net/atlas-sw-probe/files/atlas.conf
@@ -2,3 +2,4 @@ config atlas 'common'
 	option log_stderr '1'
 	option log_stdout '0'
 	option rxtxrpt '1'
+	option username ''
diff --git a/net/atlas-sw-probe/files/atlas.init b/net/atlas-sw-probe/files/atlas.init
index c5495cd9a28b6..bc826c00290ab 100644
--- a/net/atlas-sw-probe/files/atlas.init
+++ b/net/atlas-sw-probe/files/atlas.init
@@ -2,12 +2,13 @@
 
 USE_PROCD=1
 START=30
-EXTRA_COMMANDS="get_key probeid log create_backup load_backup"
+EXTRA_COMMANDS="get_key probeid log create_backup load_backup create_key"
 EXTRA_HELP="	get_key	print probe public key (used for probe registration)
 	probeid	print probe id
 	log	print probe status log
 	create_backup 	backup ssh key to tar.gz
 	load_backup 'backup.tar.gz' 	load backup ssh key from tar.gz
+	create_key create probe priv/pub key 
 "
 
 SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts"
@@ -57,6 +58,58 @@ create_backup() {
 	fi
 }
 
+create_key() {
+	local username
+	local probe_key=/etc/atlas/probe_key
+	local probe_pub_key=/etc/atlas/probe_key.pub
+
+	config_load atlas
+
+	config_get username "common" username
+
+	if [ -f "$PRIV_KEY_FILE" ]; then
+		if [ ! -f $probe_key ]; then
+			print_msg "Missing probe_key in /etc/atlas"
+			print_msg "The key will be lost on sysupgrade. Cosider moving the keys in /etc/atlas and create a link in the $SCRIPTS_DIR/etc/ dir."
+		fi
+
+		print_msg "probe_key already present. Exiting..."
+		exit 1
+	fi
+
+	if [ -z "$username" ]; then
+		print_msg "Username not set in atlas config file. Enter your ripe-atlas username."
+		exit 1
+	fi
+
+	if [ -n "$(which ssh-keygen)" ]; then
+		ssh-keygen -t rsa -b 2048 -f $probe_key -N ""
+		sed -i "s/ \S*$/ "$username"/" $probe_pub_key
+	elif [ -n "$(which dropbearkey)" ] && [ -n "$(which dropbearconvert)" ]; then
+		local public_key
+
+		public_key="$(dropbearkey -t rsa -f /etc/atlas/probe_key_dropbear -s 2048 | sed -n 2p)"
+		public_key="$(echo "$public_key" | sed "s/ \S*$/ "$username"/")"
+		echo $public_key > $probe_pub_key
+		dropbearconvert dropbear openssh /etc/atlas/probe_key_dropbear $probe_key
+		rm /etc/atlas/probe_key_dropbear
+	else
+		print_msg "Can't find a way to generate key."
+		exit 1
+	fi
+
+	#Link priv/pub key
+	[ -f $PRIV_KEY_FILE ] || ln -s $probe_key $PRIV_KEY_FILE
+	[ -f $PRIV_KEY_FILE ] || ln -s $probe_pub_key $PUB_KEY_FILE
+
+	#Fix permission
+	chown atlas $probe_key $probe_pub_key
+	chgrp atlas $probe_key $probe_pub_key
+	chmod 644 $probe_key $probe_pub_key
+
+	print_msg "Key generated successfully. Use the get_key command to show the public key and get instruction on how to register your probe."
+}
+
 log() {
 	if [ -f "$LOG_FILE" ];then
 		tail "$LOG_FILE"
@@ -155,6 +208,12 @@ start_service() {
 	local rxtxrpt
 	local test_setting
 
+	if [ ! -f $PRIV_KEY_FILE ]; then
+		print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme"
+		print_msg "Assuming atlas-sw-probe not init. Exiting..."
+		exit 1
+	fi
+
 	create_tmp_dirs
 
 	config_load atlas
diff --git a/net/atlas-sw-probe/files/atlas.readme b/net/atlas-sw-probe/files/atlas.readme
new file mode 100644
index 0000000000000..ec446210f7ab5
--- /dev/null
+++ b/net/atlas-sw-probe/files/atlas.readme
@@ -0,0 +1,12 @@
+# Atlas probe setup instruction
+
+The atlas probe software requires a rsa 2048-4096 key for registration.
+
+Follow these steps to register your probe on the ripe-atlas systems.
+1. Insert your username in the atlas config file (/etc/config/atlas)
+2. Use the command '/etc/init.d/atlas create_key' to create a priv/pub key.
+3. The priv/pub key will be stored on the directory /etc/atlas/
+4. Use the command '/etc/init.d/atlas get_key' to get the public key used for probe registration.
+   Make sure to copy the entire key and that the last value is the correct username
+5. Follow the instruction from the past command or go to 'https://atlas.ripe.net/apply/swprobe/'
+   and register your probe.

From 8d470e0b0c34698c3709e1845facc45938d46aed Mon Sep 17 00:00:00 2001
From: Dirk Brenken 
Date: Fri, 23 Apr 2021 15:03:53 +0200
Subject: [PATCH 105/221] banip: fix housekeeping

* fix whitelist housekeeping if you switch between normal- and
  'whitelist only' mode

Signed-off-by: Dirk Brenken 
---
 net/banip/Makefile       |  2 +-
 net/banip/files/banip.sh | 14 ++++++--------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/net/banip/Makefile b/net/banip/Makefile
index b7fc044c89924..4ae1b2339546d 100644
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
 PKG_VERSION:=0.7.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken 
 
diff --git a/net/banip/files/banip.sh b/net/banip/files/banip.sh
index ed808529dbbf1..816f2c3487812 100755
--- a/net/banip/files/banip.sh
+++ b/net/banip/files/banip.sh
@@ -548,14 +548,12 @@ f_iptables()
 				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} src -j RETURN"
 			elif [ "${src_name%_*}" = "whitelist" ]
 			then
-				if [ "${ban_whitelistonly}" = "1" ]
-				then
-					f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_logtarget_src}"
-					f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_logtarget_dst}"
-				else
-					f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN"
-					f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN"
-				fi
+				f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_logtarget_src}"
+				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_logtarget_dst}"
+				f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set ! --match-set ${src_name} src -j ${ban_logchain_src}"
+				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set ! --match-set ${src_name} dst -j ${ban_logchain_dst}"
+				f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j RETURN"
+				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j RETURN"
 			else
 				f_iptrule "-D" "${ban_chain}" "-i ${dev} -m set --match-set ${src_name} src -j ${ban_logtarget_src}"
 				f_iptrule "-D" "${ban_chain}" "-o ${dev} -m set --match-set ${src_name} dst -j ${ban_logtarget_dst}"

From 80c5de715671c5b5bfdc60df7d6bcd06cb10774d Mon Sep 17 00:00:00 2001
From: Glenn Strauss 
Date: Fri, 23 Apr 2021 19:06:27 -0400
Subject: [PATCH 106/221] lighttpd: patches from upstream

- ignore Content-Length from backend if 101 Switching Protocols
- close HTTP/2 connection after bad password
- skip cert chain build for self-issued certs
- meson zstd fix
- ls-hpack upstream update
- discard some HTTP/2 DATA frames received after response

Signed-off-by: Glenn Strauss 
---
 net/lighttpd/Makefile                         |   2 +-
 net/lighttpd/files/lighttpd.conf              |   2 -
 .../030-101-upgrade-w-content-length.patch    |  31 ++++
 ...-mod_auth-close-http2-after-bad-pass.patch | 143 +++++++++++++++++
 ...openssl-skip-chain-build-self-issued.patch |  45 ++++++
 net/lighttpd/patches/060-meson-zstd.patch     |  27 ++++
 .../patches/070-ls-hpack-update.patch         |  56 +++++++
 .../080-http2-data-after-response.patch       | 145 ++++++++++++++++++
 8 files changed, 448 insertions(+), 3 deletions(-)
 create mode 100644 net/lighttpd/patches/030-101-upgrade-w-content-length.patch
 create mode 100644 net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch
 create mode 100644 net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch
 create mode 100644 net/lighttpd/patches/060-meson-zstd.patch
 create mode 100644 net/lighttpd/patches/070-ls-hpack-update.patch
 create mode 100644 net/lighttpd/patches/080-http2-data-after-response.patch

diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile
index 75947fb9500a7..56e7b8161034c 100644
--- a/net/lighttpd/Makefile
+++ b/net/lighttpd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lighttpd
 PKG_VERSION:=1.4.59
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 # release candidate ~rcX testing; remove for release
 #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.59
 
diff --git a/net/lighttpd/files/lighttpd.conf b/net/lighttpd/files/lighttpd.conf
index 3846acf748aef..079d2a6884cf7 100644
--- a/net/lighttpd/files/lighttpd.conf
+++ b/net/lighttpd/files/lighttpd.conf
@@ -13,8 +13,6 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
 ### Features
 #https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
-server.feature-flags       += ("server.h2proto" => "enable")
-server.feature-flags       += ("server.h2c"     => "enable")
 server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
 #server.feature-flags       += ("server.graceful-restart-bg" => "enable")
 
diff --git a/net/lighttpd/patches/030-101-upgrade-w-content-length.patch b/net/lighttpd/patches/030-101-upgrade-w-content-length.patch
new file mode 100644
index 0000000000000..d4619325a9829
--- /dev/null
+++ b/net/lighttpd/patches/030-101-upgrade-w-content-length.patch
@@ -0,0 +1,31 @@
+From 1ca25d4e2cfeb83c844ad52b9c94eac218c71379 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Thu, 4 Feb 2021 00:22:12 -0500
+Subject: [PATCH] [core] 101 upgrade fails if Content-Length incl (fixes #3063)
+
+(thx daimh)
+
+commit 903024d7 in lighttpd 1.4.57 fixed issue #3046 but in the process
+broke HTTP/1.1 101 Switching Protocols which included Content-Length: 0
+in the response headers.  Content-Length response header is permitted
+by the RFCs, but not necessary with HTTP status 101 Switching Protocols.
+
+x-ref:
+  "websocket proxy fails if 101 Switching Protocols from backend includes Content-Length"
+  https://redmine.lighttpd.net/issues/3063
+
+Signed-off-by: Glenn Strauss 
+---
+ src/http-header-glue.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/http-header-glue.c
++++ b/src/http-header-glue.c
+@@ -961,6 +961,7 @@ void http_response_upgrade_read_body_unk
+           (FDEVENT_STREAM_RESPONSE_BUFMIN | FDEVENT_STREAM_RESPONSE);
+     r->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
+     r->reqbody_length = -2;
++    r->resp_body_scratchpad = -1;
+     r->keep_alive = 0;
+ }
+ 
diff --git a/net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch b/net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch
new file mode 100644
index 0000000000000..69c98f70e888a
--- /dev/null
+++ b/net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch
@@ -0,0 +1,143 @@
+From 4a600dabd5e2799bf0c3048859ee4f00808b7d89 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Sat, 6 Feb 2021 08:29:41 -0500
+Subject: [PATCH] [mod_auth] close HTTP/2 connection after bad pass
+
+mitigation slows down brute force password attacks
+
+x-ref:
+  "Possible feature: authentication brute force hardening"
+  https://redmine.lighttpd.net/boards/3/topics/8885
+
+Signed-off-by: Glenn Strauss 
+---
+ src/connections.c   | 22 +++++++++++++++++++++-
+ src/mod_accesslog.c |  2 +-
+ src/mod_auth.c      |  6 +++---
+ src/reqpool.c       |  1 +
+ src/request.h       |  2 +-
+ src/response.c      |  4 ++--
+ 6 files changed, 29 insertions(+), 8 deletions(-)
+
+--- a/src/connections.c
++++ b/src/connections.c
+@@ -228,7 +228,7 @@ static void connection_handle_response_e
+ 		}
+ 	}
+ 
+-        if (r->keep_alive) {
++        if (r->keep_alive > 0) {
+ 		request_reset(r);
+ 		config_reset_config(r);
+ 		con->is_readable = 1; /* potentially trigger optimistic read */
+@@ -1265,6 +1265,19 @@ connection_set_fdevent_interest (request
+ }
+ 
+ 
++__attribute_cold__
++static void
++connection_request_end_h2 (request_st * const h2r, connection * const con)
++{
++    if (h2r->keep_alive >= 0) {
++        h2r->keep_alive = -1;
++        h2_send_goaway(con, H2_E_NO_ERROR);
++    }
++    else /*(abort connection upon second request to close h2 connection)*/
++        h2_send_goaway(con, H2_E_ENHANCE_YOUR_CALM);
++}
++
++
+ static void
+ connection_state_machine_h2 (request_st * const h2r, connection * const con)
+ {
+@@ -1359,8 +1372,15 @@ connection_state_machine_h2 (request_st
+                     && !chunkqueue_is_empty(con->read_queue))
+                     resched |= 1;
+                 h2_send_end_stream(r, con);
++                const int alive = r->keep_alive;
+                 h2_retire_stream(r, con);/*r invalidated;removed from h2c->r[]*/
+                 --i;/* adjust loop i; h2c->rused was modified to retire r */
++                /*(special-case: allow *stream* to set r->keep_alive = -1 to
++                 * trigger goaway on h2 connection, e.g. after mod_auth failure
++                 * in attempt to mitigate brute force attacks by forcing a
++                 * reconnect and (somewhat) slowing down retries)*/
++                if (alive < 0)
++                    connection_request_end_h2(h2r, con);
+             }
+         }
+     }
+--- a/src/mod_accesslog.c
++++ b/src/mod_accesslog.c
+@@ -1108,7 +1108,7 @@ static int log_access_record (const requ
+ 				break;
+ 			case FORMAT_CONNECTION_STATUS:
+ 				if (r->state == CON_STATE_RESPONSE_END) {
+-					if (0 == r->keep_alive) {
++					if (r->keep_alive <= 0) {
+ 						buffer_append_string_len(b, CONST_STR_LEN("-"));
+ 					} else {
+ 						buffer_append_string_len(b, CONST_STR_LEN("+"));
+--- a/src/mod_auth.c
++++ b/src/mod_auth.c
+@@ -828,7 +828,7 @@ static handler_t mod_auth_check_basic(re
+ 		log_error(r->conf.errh, __FILE__, __LINE__,
+ 		  "password doesn't match for %s username: %s IP: %s",
+ 		  r->uri.path.ptr, username->ptr, r->con->dst_addr_buf->ptr);
+-		r->keep_alive = 0; /*(disable keep-alive if bad password)*/
++		r->keep_alive = -1; /*(disable keep-alive if bad password)*/
+ 		rc = HANDLER_UNSET;
+ 		break;
+ 	}
+@@ -1461,7 +1461,7 @@ static handler_t mod_auth_check_digest(r
+ 		return HANDLER_FINISHED;
+ 	case HANDLER_ERROR:
+ 	default:
+-		r->keep_alive = 0; /*(disable keep-alive if unknown user)*/
++		r->keep_alive = -1; /*(disable keep-alive if unknown user)*/
+ 		buffer_free(b);
+ 		return mod_auth_send_401_unauthorized_digest(r, require, 0);
+ 	}
+@@ -1482,7 +1482,7 @@ static handler_t mod_auth_check_digest(r
+ 		log_error(r->conf.errh, __FILE__, __LINE__,
+ 		  "digest: auth failed for %s: wrong password, IP: %s",
+ 		  username, r->con->dst_addr_buf->ptr);
+-		r->keep_alive = 0; /*(disable keep-alive if bad password)*/
++		r->keep_alive = -1; /*(disable keep-alive if bad password)*/
+ 
+ 		buffer_free(b);
+ 		return mod_auth_send_401_unauthorized_digest(r, require, 0);
+--- a/src/reqpool.c
++++ b/src/reqpool.c
+@@ -58,6 +58,7 @@ request_reset (request_st * const r)
+     http_response_reset(r);
+ 
+     r->loops_per_request = 0;
++    r->keep_alive = 0;
+ 
+     r->h2state = 0; /* H2_STATE_IDLE */
+     r->h2id = 0;
+--- a/src/request.h
++++ b/src/request.h
+@@ -175,7 +175,7 @@ struct request_st {
+     char resp_header_repeated;
+ 
+     char loops_per_request;  /* catch endless loops in a single request */
+-    char keep_alive; /* only request.c can enable it, all other just disable */
++    int8_t keep_alive; /* only request.c can enable it, all other just disable */
+     char async_callback;
+ 
+     buffer *tmp_buf;                    /* shared; same as srv->tmp_buf */
+--- a/src/response.c
++++ b/src/response.c
+@@ -103,9 +103,9 @@ http_response_write_header (request_st *
+ 	if (light_btst(r->resp_htags, HTTP_HEADER_UPGRADE)
+ 	    && r->http_version == HTTP_VERSION_1_1) {
+ 		http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("upgrade"));
+-	} else if (0 == r->keep_alive) {
++	} else if (r->keep_alive <= 0) {
+ 		http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("close"));
+-	} else if (r->http_version == HTTP_VERSION_1_0) {/*(&& r->keep_alive != 0)*/
++	} else if (r->http_version == HTTP_VERSION_1_0) {/*(&& r->keep_alive > 0)*/
+ 		http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("keep-alive"));
+ 	}
+ 
diff --git a/net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch b/net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch
new file mode 100644
index 0000000000000..9577858c91df6
--- /dev/null
+++ b/net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch
@@ -0,0 +1,45 @@
+From aa81834bc3ff47aa5cc66b6763678d3cf47a3d54 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Fri, 12 Mar 2021 20:03:38 -0500
+Subject: [PATCH] [mod_openssl] skip cert chain build if self-issued
+
+If cert is self-issued, then do not attempt to build certificate chain.
+
+(Attempting to build certificate chain when chain is not provided, but
+ ssl.ca-file is specified, is provided as backward compatible behavior
+ from lighttpd versions prior to lighttpd 1.4.56)
+
+Signed-off-by: Glenn Strauss 
+---
+ src/mod_openssl.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/src/mod_openssl.c
++++ b/src/mod_openssl.c
+@@ -103,6 +103,7 @@ typedef struct {
+     time_t ssl_stapling_loadts;
+     time_t ssl_stapling_nextts;
+     char must_staple;
++    char self_issued;
+ } plugin_cert;
+ 
+ typedef struct {
+@@ -1081,7 +1082,7 @@ mod_openssl_cert_cb (SSL *ssl, void *arg
+    #if !defined(BORINGSSL_API_VERSION) \
+     && !defined(LIBRESSL_VERSION_NUMBER)
+     /* (missing SSL_set1_chain_cert_store() and SSL_build_cert_chain()) */
+-    else if (hctx->conf.ssl_ca_file) {
++    else if (hctx->conf.ssl_ca_file && !pc->self_issued) {
+         /* preserve legacy behavior whereby openssl will reuse CAs trusted for
+          * certificate verification (set by SSL_CTX_load_verify_locations() in
+          * SSL_CTX) in order to build certificate chain for server certificate
+@@ -1671,6 +1672,9 @@ network_openssl_load_pemfile (server *sr
+   #else
+     pc->must_staple = 0;
+   #endif
++    pc->self_issued =
++      (0 == X509_NAME_cmp(X509_get_subject_name(ssl_pemfile_x509),
++                          X509_get_issuer_name(ssl_pemfile_x509)));
+ 
+     if (!buffer_string_is_empty(pc->ssl_stapling_file)) {
+       #ifndef OPENSSL_NO_OCSP
diff --git a/net/lighttpd/patches/060-meson-zstd.patch b/net/lighttpd/patches/060-meson-zstd.patch
new file mode 100644
index 0000000000000..138b44351931a
--- /dev/null
+++ b/net/lighttpd/patches/060-meson-zstd.patch
@@ -0,0 +1,27 @@
+From c41ebea4bb220c8fe252f472eec836c691734690 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Fri, 2 Apr 2021 01:01:02 -0400
+Subject: [PATCH] [build] fix zstd option in meson (fixes #3076)
+
+(thx KimonHoffmann)
+
+x-ref:
+  "Fix zstd dependency handling in meson build"
+  https://redmine.lighttpd.net/issues/3076
+
+Signed-off-by: Glenn Strauss 
+---
+ src/meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -685,7 +685,7 @@ endif
+ 
+ libzstd = []
+ if get_option('with_zstd')
+-	libz = dependency('zstd', required: false)
++	libzstd = dependency('zstd', required: false)
+ 	if libzstd.found()
+ 		libzstd = [ libzstd ]
+ 	else
diff --git a/net/lighttpd/patches/070-ls-hpack-update.patch b/net/lighttpd/patches/070-ls-hpack-update.patch
new file mode 100644
index 0000000000000..1267fa9967f4b
--- /dev/null
+++ b/net/lighttpd/patches/070-ls-hpack-update.patch
@@ -0,0 +1,56 @@
+From 3392e8fb11de35778cad1fb112e6eb5916aa7de0 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Tue, 20 Apr 2021 22:04:56 -0400
+Subject: [PATCH] [core] update ls-hpack
+
+LiteSpeed ls-hpack v2.3.0
+
+Signed-off-by: Glenn Strauss 
+---
+ src/ls-hpack/README.md | 2 +-
+ src/ls-hpack/lshpack.c | 4 +++-
+ src/ls-hpack/lshpack.h | 6 +++---
+ 3 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/src/ls-hpack/lshpack.c
++++ b/src/ls-hpack/lshpack.c
+@@ -1,7 +1,7 @@
+ /*
+ MIT License
+ 
+-Copyright (c) 2018 LiteSpeed Technologies Inc
++Copyright (c) 2018 - 2021 LiteSpeed Technologies Inc
+ 
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+@@ -1549,6 +1549,8 @@ lshpack_dec_push_entry (struct lshpack_d
+ #endif
+     memcpy(DTE_NAME(entry), lsxpack_header_get_name(xhdr), name_len);
+     memcpy(DTE_VALUE(entry), lsxpack_header_get_value(xhdr), val_len);
++
++    hdec_remove_overflow_entries(dec);
+     return 0;
+ }
+ 
+--- a/src/ls-hpack/lshpack.h
++++ b/src/ls-hpack/lshpack.h
+@@ -1,7 +1,7 @@
+ /*
+ MIT License
+ 
+-Copyright (c) 2018 - 2020 LiteSpeed Technologies Inc
++Copyright (c) 2018 - 2021 LiteSpeed Technologies Inc
+ 
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+@@ -34,8 +34,8 @@ extern "C" {
+ #include "lsxpack_header.h"
+ 
+ #define LSHPACK_MAJOR_VERSION 2
+-#define LSHPACK_MINOR_VERSION 2
+-#define LSHPACK_PATCH_VERSION 1
++#define LSHPACK_MINOR_VERSION 3
++#define LSHPACK_PATCH_VERSION 0
+ 
+ #define lshpack_strlen_t lsxpack_strlen_t
+ #define LSHPACK_MAX_STRLEN LSXPACK_MAX_STRLEN
diff --git a/net/lighttpd/patches/080-http2-data-after-response.patch b/net/lighttpd/patches/080-http2-data-after-response.patch
new file mode 100644
index 0000000000000..397aa27a4a7e9
--- /dev/null
+++ b/net/lighttpd/patches/080-http2-data-after-response.patch
@@ -0,0 +1,145 @@
+From 81d18a8e359685c169cfd30e6a1574b98aedbaeb Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Thu, 22 Apr 2021 01:11:47 -0400
+Subject: [PATCH] [core] discard some HTTP/2 DATA after response (fixes #3078)
+
+(thx oldium)
+    
+improve handling of HTTP/2 DATA frames received
+a short time after sending response
+
+x-ref:
+  "POST request DATA part for non-existing URI closes HTTP/2 connection prematurely"
+  https://redmine.lighttpd.net/issues/3078
+
+Signed-off-by: Glenn Strauss 
+---
+ src/h2.c | 64 ++++++++++++++++++++++++++++++++++++++++++--------------
+ src/h2.h |  1 +
+ 2 files changed, 49 insertions(+), 16 deletions(-)
+
+--- a/src/h2.c
++++ b/src/h2.c
+@@ -272,10 +272,23 @@ h2_send_rst_stream_id (uint32_t h2id, co
+ 
+ __attribute_cold__
+ static void
+-h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e)
++h2_send_rst_stream_state (request_st * const r, h2con * const h2c)
+ {
++    if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE
++        && r->h2state != H2_STATE_CLOSED) {
++        /* set timestamp for comparison; not tracking individual stream ids */
++        h2c->half_closed_ts = log_epoch_secs;
++    }
+     r->state = CON_STATE_ERROR;
+     r->h2state = H2_STATE_CLOSED;
++}
++
++
++__attribute_cold__
++static void
++h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e)
++{
++    h2_send_rst_stream_state(r, con->h2);/*(sets r->h2state = H2_STATE_CLOSED)*/
+     h2_send_rst_stream_id(r->h2id, con, e);
+ }
+ 
+@@ -289,13 +302,10 @@ h2_send_goaway_rst_stream (connection *
+     for (uint32_t i = 0, rused = h2c->rused; i < rused; ++i) {
+         request_st * const r = h2c->r[i];
+         if (r->h2state == H2_STATE_CLOSED) continue;
++        h2_send_rst_stream_state(r, h2c);/*(sets r->h2state = H2_STATE_CLOSED)*/
+         /*(XXX: might consider always sending RST_STREAM)*/
+-        if (!sent_goaway) {
+-            r->state = CON_STATE_ERROR;
+-            r->h2state = H2_STATE_CLOSED;
+-        }
+-        else /*(also sets r->h2state = H2_STATE_CLOSED)*/
+-            h2_send_rst_stream(r, con, H2_E_PROTOCOL_ERROR);
++        if (sent_goaway)
++            h2_send_rst_stream_id(r->h2id, con, H2_E_PROTOCOL_ERROR);
+     }
+ }
+ 
+@@ -780,14 +790,27 @@ h2_recv_data (connection * const con, co
+     }
+     chunkqueue * const cq = con->read_queue;
+     if (NULL == r) {
+-        /* XXX: TODO: might need to keep a list of recently retired streams
+-         * for a few seconds so that if we send RST_STREAM, then we ignore
+-         * further DATA and do not send connection error, though recv windows
+-         * still must be updated. */
+-        if (h2c->h2_cid < id || (!h2c->sent_goaway && 0 != alen))
+-            h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
++        /* simplistic heuristic to discard additional DATA from recently-closed
++         * streams (or half-closed (local)), where recently-closed here is
++         * within 2-3 seconds of any (other) stream being half-closed (local)
++         * or reset before that (other) stream received END_STREAM from peer.
++         * (e.g. clients might fire off POST request followed by DATA,
++         *  and a response might be sent before processing DATA frames)
++         * (id <= h2c->h2_cid) already checked above, else H2_E_PROTOCOL_ERROR
++         * If the above conditions do not hold, then send GOAWAY to attempt to
++         * reduce the chance of becoming an infinite data sink for misbehaving
++         * clients, though remaining streams are still handled before the
++         * connection is closed. */
+         chunkqueue_mark_written(cq, 9+len);
+-        return 0;
++        if (h2c->half_closed_ts + 2 >= log_epoch_secs) {
++            h2_send_window_update(con, 0, len); /*(h2r->h2_rwin)*/
++            return 1;
++        }
++        else {
++            if (!h2c->sent_goaway && 0 != alen)
++                h2_send_goaway_e(con, H2_E_NO_ERROR);
++            return 0;
++        }
+     }
+ 
+     if (r->h2state == H2_STATE_CLOSED
+@@ -808,7 +831,7 @@ h2_recv_data (connection * const con, co
+         }
+     }
+     /*(allow h2r->h2_rwin to dip below 0 so that entire frame is processed)*/
+-    /*(undeflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used)
++    /*(underflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used)
+      * since windows updated elsewhere and data is streamed to temp files if
+      * not FDEVENT_STREAM_REQUEST_BUFMIN)*/
+     /*r->h2_rwin -= (int32_t)len;*/
+@@ -2347,16 +2370,25 @@ h2_send_end_stream_data (request_st * co
+     } };
+ 
+     dataframe.u[2] = htonl(r->h2id);
+-    r->h2state = H2_STATE_CLOSED;
+     /*(ignore window updates when sending 0-length DATA frame with END_STREAM)*/
+     chunkqueue_append_mem(con->write_queue,  /*(+3 to skip over align pad)*/
+                           (const char *)dataframe.c+3, sizeof(dataframe)-3);
++
++    if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE) {
++        /* set timestamp for comparison; not tracking individual stream ids */
++        h2con * const h2c = con->h2;
++        h2c->half_closed_ts = log_epoch_secs;
++        /* indicate to peer that no more DATA should be sent from peer */
++        h2_send_rst_stream_id(r->h2id, con, H2_E_NO_ERROR);
++    }
++    r->h2state = H2_STATE_CLOSED;
+ }
+ 
+ 
+ void
+ h2_send_end_stream (request_st * const r, connection * const con)
+ {
++    if (r->h2state == H2_STATE_CLOSED) return;
+     if (r->state != CON_STATE_ERROR && r->resp_body_finished) {
+         /* CON_STATE_RESPONSE_END */
+         if (r->gw_dechunk && r->gw_dechunk->done
+--- a/src/h2.h
++++ b/src/h2.h
+@@ -92,6 +92,7 @@ struct h2con {
+     uint32_t s_max_header_list_size;   /* SETTINGS_MAX_HEADER_LIST_SIZE   */
+     struct lshpack_dec decoder;
+     struct lshpack_enc encoder;
++      time_t half_closed_ts;
+ };
+ 
+ void h2_send_goaway (connection *con, request_h2error_t e);

From 0b48d9bd9a19bd2c8a6885b8d59c28cb27064782 Mon Sep 17 00:00:00 2001
From: Oskari Rauta 
Date: Wed, 21 Apr 2021 03:54:18 +0300
Subject: [PATCH 107/221] gnu-efi: add new package

Signed-off-by: Oskari Rauta 
---
 libs/gnu-efi/Makefile | 56 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 libs/gnu-efi/Makefile

diff --git a/libs/gnu-efi/Makefile b/libs/gnu-efi/Makefile
new file mode 100644
index 0000000000000..58660c9adefba
--- /dev/null
+++ b/libs/gnu-efi/Makefile
@@ -0,0 +1,56 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gnu-efi
+PKG_VERSION:=3.0.9
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/vathpela/gnu-efi.git
+PKG_SOURCE_DATE:=2021-04-11
+PKG_SOURCE_VERSION:=3e4d5c79905afcd815b0beb3dcfe2dfae5b3e6dd
+PKG_MIRROR_HASH:=7660d2259c1d5208bcabee5a0ffb6dc61f41363a79ba9158f3dd413a8af8e238
+PKG_BUILD_PARALLEL:=1
+
+PKG_MAINTAINER:=Oskari Rauta 
+PKG_LICENSE_FILES:=README.efilib
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/gnu-efi
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=GNU's EFI library
+  URL:=https://github.com/vathpela/gnu-efi
+  HIDDEN:=1
+  DEPENDS:=@TARGET_x86_64
+endef
+
+define Package/gnu-efi/description
+  GNU's EFI library
+endef
+
+define Build/Install
+	$(MAKE_VARS) \
+	$(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
+		$(MAKE_INSTALL_FLAGS) \
+		INSTALLROOT=$(PKG_INSTALL_DIR) \
+		install
+endef
+
+define Package/gnu-efi/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/local/lib/** $(1)/usr/lib/
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/lib $(1)/usr/include/efi
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/local/lib/** $(1)/usr/lib/
+	cp -aR $(PKG_INSTALL_DIR)/usr/local/include/efi/** $(1)/usr/include/efi/
+endef
+
+$(eval $(call BuildPackage,gnu-efi))

From 31b350bbdd39515737327821c9b69bb5440ff613 Mon Sep 17 00:00:00 2001
From: Oskari Rauta 
Date: Wed, 21 Apr 2021 03:58:42 +0300
Subject: [PATCH 108/221] gummiboot: add new package

Signed-off-by: Oskari Rauta 
---
 utils/gummiboot/Makefile                      | 66 +++++++++++++++++++
 .../patches/010-fix-missing-includes.patch    | 10 +++
 .../patches/020-fix-dev-mapping.patch         | 54 +++++++++++++++
 3 files changed, 130 insertions(+)
 create mode 100644 utils/gummiboot/Makefile
 create mode 100644 utils/gummiboot/patches/010-fix-missing-includes.patch
 create mode 100644 utils/gummiboot/patches/020-fix-dev-mapping.patch

diff --git a/utils/gummiboot/Makefile b/utils/gummiboot/Makefile
new file mode 100644
index 0000000000000..01db866109785
--- /dev/null
+++ b/utils/gummiboot/Makefile
@@ -0,0 +1,66 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gummiboot
+PKG_VERSION:=45
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/rzr/gummiboot.git
+PKG_SOURCE_DATE:=2021-04-11
+PKG_SOURCE_VERSION:=eb3daf2ca4cb1657cf1f780957485d690a552bf6
+PKG_MIRROR_HASH:=4c57791693b57bbe36e85b49d70310728b8008c4c545006a71c5a5f71b8df501
+
+PKG_LICENSE:=LGPL-2.1-or-later
+PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_DEPENDS:=gnu-efi
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/gummiboot
+  SECTION:=boot
+  CATEGORY:=Boot Loaders
+  TITLE:=Simple UEFI boot manager
+  DEPENDS:=@TARGET_X86_64 +libblkid
+  URL:=https://github.com/rzr/gummiboot
+endef
+
+define Package/gummiboot/description
+  gummiboot Simple UEFI boot manager
+
+  gummiboot executes EFI images. The default entry is selected by a configured
+  pattern (glob) or an on-screen menu.
+endef
+
+CONFIGURE_ARGS += \
+	--with-efi-libdir=$(STAGING_DIR)/usr/lib \
+	--with-efi-ldsdir=$(STAGING_DIR)/usr/lib \
+	--with-efi-includedir=$(STAGING_DIR)/usr/include
+
+define Build/Compile
+	+$(MAKE_VARS) EFI_CFLAGS="-I$(TOOLCHAIN_DIR)/include $(TARGET_CFLAGS)" \
+	$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
+		$(MAKE_FLAGS) \
+		$(1);
+endef
+
+define Build/Install
+	$(MAKE_VARS) EFI_CFLAGS="-I$(TOOLCHAIN_DIR)/include $(TARGET_CFLAGS)" \
+	$(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) \
+		$(MAKE_INSTALL_FLAGS) install
+endef
+
+define Package/gummiboot/install
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/lib/gummiboot
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/gummiboot/gummibootx64.efi $(1)/usr/lib/gummiboot/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gummiboot $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,gummiboot))
diff --git a/utils/gummiboot/patches/010-fix-missing-includes.patch b/utils/gummiboot/patches/010-fix-missing-includes.patch
new file mode 100644
index 0000000000000..60365997d92b8
--- /dev/null
+++ b/utils/gummiboot/patches/010-fix-missing-includes.patch
@@ -0,0 +1,10 @@
+--- a/src/setup/setup.c
++++ b/src/setup/setup.c
+@@ -37,6 +37,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ #include "efivars.h"
+ 
diff --git a/utils/gummiboot/patches/020-fix-dev-mapping.patch b/utils/gummiboot/patches/020-fix-dev-mapping.patch
new file mode 100644
index 0000000000000..0446aa2d07d4f
--- /dev/null
+++ b/utils/gummiboot/patches/020-fix-dev-mapping.patch
@@ -0,0 +1,54 @@
+--- a/src/setup/setup.c
++++ b/src/setup/setup.c
+@@ -83,6 +83,9 @@ static int verify_esp(const char *p, uin
+         blkid_probe b = NULL;
+         int r;
+         const char *v;
++        char buf[1024];
++
++	memset(buf, 0, sizeof(buf));
+ 
+         if (statfs(p, &sfs) < 0) {
+                 fprintf(stderr, "Failed to check file system type of %s: %m\n", p);
+@@ -122,24 +125,38 @@ static int verify_esp(const char *p, uin
+                 return -ENODEV;
+         }
+ 
+-        r = asprintf(&t, "/dev/block/%u:%u", major(st.st_dev), minor(st.st_dev));
++        r = asprintf(&t, "/sys/dev/block/%u:%u", major(st.st_dev), minor(st.st_dev));
+         if (r < 0) {
+                 fprintf(stderr, "Out of memory.\n");
+                 return -ENOMEM;
+         }
+ 
++	r = readlink(t, buf, sizeof(buf) - 1);
++	if (r < 0) {
++		fprintf(stderr, "Failed to identify device node for block device %u:%u\n", major(st.st_dev), minor(st.st_dev));
++		return -ENOMEM;
++	}
++
++	r = asprintf(&t, "/dev/%s", basename(buf));
++	if (r < 0) {
++		fprintf(stderr, "Out of memory.\n");
++		return -ENOMEM;
++	}
++
+         errno = 0;
+         b = blkid_new_probe_from_filename(t);
+-        free(t);
+         if (!b) {
+                 if (errno != 0) {
+-                        fprintf(stderr, "Failed to open file system %s: %m\n", p);
++                        fprintf(stderr, "Failed to open file system %s on %s: %m\n", p, t);
++			free(t);
+                         return -errno;
+                 }
+ 
++		free(t);
+                 fprintf(stderr, "Out of memory.\n");
+                 return -ENOMEM;
+         }
++	free(t);
+ 
+         blkid_probe_enable_superblocks(b, 1);
+         blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);

From 10ce3f874edcf2249ed88fa819a3e05f2ba44750 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Old=C5=99ich=20Jedli=C4=8Dka?= 
Date: Sat, 9 Jan 2021 21:41:40 +0100
Subject: [PATCH 109/221] fwknop: Remove unnecessary get_bool() function.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The get_bool() functionality was already merged to lib/functions.sh, so
it is redundant in the init script. Remove it.

Signed-off-by: Oldřich Jedlička 
---
 net/fwknop/Makefile           |  2 +-
 net/fwknop/files/fwknopd.init | 11 -----------
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/net/fwknop/Makefile b/net/fwknop/Makefile
index cfcf8a27fb158..f594def4cb707 100644
--- a/net/fwknop/Makefile
+++ b/net/fwknop/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fwknop
 PKG_VERSION:=2.6.10
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.cipherdyne.org/fwknop/download
diff --git a/net/fwknop/files/fwknopd.init b/net/fwknop/files/fwknopd.init
index 4c07d15d8c598..de3cd38e02c7b 100644
--- a/net/fwknop/files/fwknopd.init
+++ b/net/fwknop/files/fwknopd.init
@@ -44,17 +44,6 @@ service_triggers()
 	fi
 }
 
-get_bool()
-{
-	local _tmp="${1}"
-	case "${_tmp}" in
-		1|on|true|yes|enabled) _tmp=1;;
-		0|off|false|no|disabled) _tmp=0;;
-		*) _tmp="${2}";;
-	esac
-	echo -n "${_tmp}"
-}
-
 generate_configuration()
 {
 	[ -f /tmp/access.conf.tmp ] && rm /tmp/access.conf.tmp

From faff84c25a14b0b5c41e5bbacd3d0710a753a610 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz 
Date: Mon, 19 Apr 2021 18:28:58 -0300
Subject: [PATCH 110/221] mutt: don't use host mailpath definition

Use configure --with-mailpath=/var/mail instead of letting it guess the
value base on the host path.  If configure can't find it, the package
will fail to build.  The path was taken from the current bot build.

Signed-off-by: Eneas U de Queiroz 
---
 mail/mutt/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mail/mutt/Makefile b/mail/mutt/Makefile
index 14214d9d96eba..38da53cb8dbd0 100644
--- a/mail/mutt/Makefile
+++ b/mail/mutt/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mutt
 PKG_VERSION:=1.14.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=https://bitbucket.org/mutt/mutt/downloads/ \
 		http://ftp.mutt.org/pub/mutt/
@@ -45,6 +45,7 @@ CONFIGURE_ARGS += \
 	--oldincludedir=$(PKG_BUILD_DIR)/. \
 	--enable-pop \
 	--enable-imap \
+	--with-mailpath=/var/mail \
 	--with-ssl \
 	--without-idn \
 	--disable-doc

From 948b790ca42329460b162172fab74d6252c6c87b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20M=C3=B6rlein?= 
Date: Mon, 12 Apr 2021 01:30:39 +0200
Subject: [PATCH 111/221] uacme: do not override production state dir variable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

With this commit, issue_cert() can be called multiple times alternating
between staging and production certificates within a script.

Before this commit, the production state dir was stored in $STATE_DIR.
But in the case of $use_staging=1, this variable was overwritten in
issue_cert() with $STAGING_STATE_DIR. This made it impossible to call
issue_cert() with $use_staging=0 afterwards. Now the production state
dir is stored in $PRODUCTION_STATE_DIR. This way it is not overridden
anymore and issue_cert() can be called multiple times alternating with
production and staging.

Signed-off-by: Leonardo Mörlein 
---
 net/uacme/files/run.sh | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/net/uacme/files/run.sh b/net/uacme/files/run.sh
index e6a1461d5ffb3..247e563bcd2e1 100644
--- a/net/uacme/files/run.sh
+++ b/net/uacme/files/run.sh
@@ -28,7 +28,7 @@ export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 export NO_TIMESTAMP=1
 
 UHTTPD_LISTEN_HTTP=
-STATE_DIR='/etc/acme'
+PRODUCTION_STATE_DIR='/etc/acme'
 STAGING_STATE_DIR='/etc/acme/staging'
 
 ACCOUNT_EMAIL=
@@ -219,6 +219,8 @@ issue_cert()
     local staging=
     local HOOK=
 
+    # reload uci values, as the value of use_staging may have changed
+    config_load acme
     config_get_bool enabled "$section" enabled 0
     config_get_bool use_staging "$section" use_staging
     config_get_bool update_uhttpd "$section" update_uhttpd
@@ -243,7 +245,13 @@ issue_cert()
     elif [ "$APP" = "acme" ]; then
 	[ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug"
     fi
-    [ "$use_staging" -eq "1" ] && STATE_DIR="$STAGING_STATE_DIR" && staging="--staging"
+    if [ "$use_staging" -eq "1" ]; then
+	STATE_DIR="$STAGING_STATE_DIR";
+	staging="--staging";
+    else
+	STATE_DIR="$PRODUCTION_STATE_DIR";
+	staging="";
+    fi
 
     set -- $domains
     main_domain=$1
@@ -443,8 +451,8 @@ load_vars()
 {
     local section="$1"
 
-    STATE_DIR=$(config_get "$section" state_dir)
-    STAGING_STATE_DIR=$STATE_DIR/staging
+    PRODUCTION_STATE_DIR=$(config_get "$section" state_dir)
+    STAGING_STATE_DIR=$PRODUCTION_STATE_DIR/staging
     ACCOUNT_EMAIL=$(config_get "$section" account_email)
     DEBUG=$(config_get "$section" debug)
 }
@@ -458,12 +466,12 @@ fi
 config_load acme
 config_foreach load_vars acme
 
-if [ -z "$STATE_DIR" ] || [ -z "$ACCOUNT_EMAIL" ]; then
+if [ -z "$PRODUCTION_STATE_DIR" ] || [ -z "$ACCOUNT_EMAIL" ]; then
     err "state_dir and account_email must be set"
     exit 1
 fi
 
-[ -d "$STATE_DIR" ] || mkdir -p "$STATE_DIR"
+[ -d "$PRODUCTION_STATE_DIR" ] || mkdir -p "$PRODUCTION_STATE_DIR"
 [ -d "$STAGING_STATE_DIR" ] || mkdir -p "$STAGING_STATE_DIR"
 
 trap err_out HUP TERM

From b337a7b1c2fdc75d268f218e44ab8f36ae74cb4b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20M=C3=B6rlein?= 
Date: Mon, 12 Apr 2021 01:30:48 +0200
Subject: [PATCH 112/221] uacme: add use_auto_staging
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Staging certificates have the advantage that their retry limits are loose.
Therefore they can be obtained quickly when automatic retries are used.
Unfortunately they can not be used for deployments because their CA is not
accepted by clients. Production certificates do not have this limitation, but
their retry limits are strict. For production certificates, automatic retries
can only be performed a few times per hour. This makes automatic obtainment of
certificates tenacious.

With use_auto_staging=1, the advantages of the two certificate types are
combined. Uacme will first obtain a staging certificate. When the staging
certificate is successfully obtained, uacme will switch and obtain a production
certificate. Since the staging certificate has already been successfully
obtained, we can ensure that the production certificate is successfully
obtained in the first attempt. This means that "retries" are performed on the
staging certificate and the production certificate is obtained in the first
attempt.

In summary, this feature enables fast obtaining of production certificates when
automatic retries are used.

By default, this feature is set to use_auto_staging=0, which means that
uacme will behave as before by default.

Signed-off-by: Leonardo Mörlein 
---
 net/uacme/files/run.sh | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/net/uacme/files/run.sh b/net/uacme/files/run.sh
index 247e563bcd2e1..556bcc2f9f8c3 100644
--- a/net/uacme/files/run.sh
+++ b/net/uacme/files/run.sh
@@ -407,12 +407,17 @@ issue_cert_with_retries() {
 	local section="$1"
 	local use_staging
 	local retries
+	local use_auto_staging
 	local infinite_retries
 	config_get_bool use_staging "$section" use_staging
+	config_get_bool use_auto_staging "$section" use_auto_staging
+	config_get_bool enabled "$section" enabled
 	config_get retries "$section" retries
 
 	[ -z "$retries" ] && retries=1
+	[ -z "$use_auto_staging" ] && use_auto_staging=0
 	[ "$retries" -eq "0" ] && infinite_retries=1
+	[ "$enabled" -eq "1" ] || return 0
 
 	while true; do
 		issue_cert "$1"; ret=$?
@@ -421,6 +426,13 @@ issue_cert_with_retries() {
 			# An error occurred while retrieving the certificate.
 			retries="$((retries-1))"
 
+			if [ "$use_auto_staging" -eq "1" ] && [ "$use_staging" -eq "0" ]; then
+				log "Production certificate could not be obtained. Switching to staging server."
+				use_staging=1
+				uci set "acme.$1.use_staging=1"
+				uci commit acme
+			fi
+
 			if [ -z "$infinite_retries" ] && [ "$retries" -lt "1" ]; then
 				log "An error occurred while retrieving the certificate. Retries exceeded."
 				return "$ret"
@@ -442,7 +454,19 @@ issue_cert_with_retries() {
 			sleep "$sleeptime"
 			continue
 		else
-			return "$ret";
+			if [ "$use_auto_staging" -eq "1" ]; then
+				if [ "$use_staging" -eq "0" ]; then
+					log "Production certificate obtained. Exiting."
+				else
+					log "Staging certificate obtained. Continuing with production server."
+					use_staging=0
+					uci set "acme.$1.use_staging=0"
+					uci commit acme
+					continue
+				fi
+			fi
+
+			return "$ret"
 		fi
 	done
 }

From d4f8ddfa2929d36909e35ea53d730eff39eccf12 Mon Sep 17 00:00:00 2001
From: Rosen Penev 
Date: Sat, 24 Apr 2021 02:18:40 -0700
Subject: [PATCH 113/221] ksmbd-tools: update to 3.3.9

Signed-off-by: Rosen Penev 
---
 net/ksmbd-tools/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ksmbd-tools/Makefile b/net/ksmbd-tools/Makefile
index bcbb5079e1251..fa366fe1d818f 100644
--- a/net/ksmbd-tools/Makefile
+++ b/net/ksmbd-tools/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ksmbd-tools
-PKG_VERSION:=3.3.8
+PKG_VERSION:=3.3.9
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/ksmbd-tools/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=fb8cef085c740c72700ccee324fb1510774602c43ed1d32a5453c05f5d117188
+PKG_HASH:=7c2c86130912d780df69f26d797d4bd88cf31876a86fdad17032ab684bfe7d8a
 
 PKG_MAINTAINER:=Andy Walsh 
 PKG_LICENSE:=GPL-2.0-or-later

From 922fc71358f2589924d930395d451c86777b3f22 Mon Sep 17 00:00:00 2001
From: Rosen Penev 
Date: Sat, 24 Apr 2021 01:27:35 -0700
Subject: [PATCH 114/221] ksmbd: update to 3.3.9

Signed-off-by: Rosen Penev 
---
 kernel/ksmbd/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/ksmbd/Makefile b/kernel/ksmbd/Makefile
index 7b522f195ae34..19c32b37f729d 100644
--- a/kernel/ksmbd/Makefile
+++ b/kernel/ksmbd/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ksmbd
-PKG_VERSION:=3.3.8
+PKG_VERSION:=3.3.9
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/cifsd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=8c0d1beaa549053a476287972105f3cad53e9841983c54c2490f52a88e1a4828
+PKG_HASH:=c196d1773b9f89221133780fd189b550acbc56ac93c2e79260a70eab9853b3e1
 
 PKG_MAINTAINER:=Andy Walsh 
 PKG_LICENSE:=GPL-2.0-or-later

From 9593e2eba5304ff5e835047660b6866b4e4a55e7 Mon Sep 17 00:00:00 2001
From: Aleksander Jan Bajkowski 
Date: Sun, 4 Apr 2021 22:16:03 +0200
Subject: [PATCH 115/221] coremark: bump to 2021-03-12

Signed-off-by: Aleksander Jan Bajkowski 
---
 utils/coremark/Makefile | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/utils/coremark/Makefile b/utils/coremark/Makefile
index bf7394f10cee8..2358f1568dd74 100644
--- a/utils/coremark/Makefile
+++ b/utils/coremark/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=coremark
-PKG_SOURCE_DATE:=2020-12-17
-PKG_SOURCE_VERSION:=5e0f662ce709f1af8d272bd8d3960034603d3850
+PKG_SOURCE_DATE:=2021-03-12
+PKG_SOURCE_VERSION:=1541482bf3e6ef7f5c69f5be76b14537b60833d0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_DATE).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/eembc/coremark/tar.gz/$(PKG_SOURCE_VERSION)?
-PKG_HASH:=fb0a2ee2113322eb976fa521d0ac033a997e0097185c2c2325d84ca94a7f5a6d
+PKG_HASH:=ad32cb10ba491f5c897f1022e97bca691cc88fdbb02ded48a0766c10344abc4f
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 
 PKG_MAINTAINER:=Lim Guo Wei 
@@ -36,8 +36,6 @@ define Package/coremark/description
   Embedded Microprocessor Benchmark
 endef
 
-DIR_ARCH:=linux$(if $(CONFIG_ARCH_64BIT),64)
-
 define Package/coremark/config
 	config COREMARK_OPTIMIZE_O3
 		bool "Use all optimizations (-O3)"
@@ -72,9 +70,9 @@ ifeq ($(CONFIG_COREMARK_ENABLE_MULTITHREADING),y)
 endif
 
 define Build/Compile
-	$(SED) 's|EXE = .exe|EXE =|' $(PKG_BUILD_DIR)/$(DIR_ARCH)/core_portme.mak
+	$(SED) 's|EXE = .exe|EXE =|' $(PKG_BUILD_DIR)/posix/core_portme.mak
 	mkdir $(PKG_BUILD_DIR)/$(ARCH)
-	$(CP) -r $(PKG_BUILD_DIR)/$(DIR_ARCH)/* $(PKG_BUILD_DIR)/$(ARCH)
+	$(CP) -r $(PKG_BUILD_DIR)/linux/* $(PKG_BUILD_DIR)/$(ARCH)
 	$(MAKE) -C $(PKG_BUILD_DIR) PORT_DIR=$(ARCH) $(MAKE_FLAGS) \
 		PORT_CFLAGS="$(TARGET_CFLAGS)" XCFLAGS="$(EXTRA_CFLAGS)" compile
 endef

From 4175b9f8c936300d15891f6fb51573e7548076bb Mon Sep 17 00:00:00 2001
From: Tao Gong 
Date: Tue, 20 Apr 2021 22:46:28 +0000
Subject: [PATCH 116/221] conntrack-tools: add a patch to fix endianness issue

Signed-off-by: Tao Gong 
---
 net/conntrack-tools/Makefile                  |   2 +-
 .../patches/001-endianness_fix.patch          | 101 ++++++++++++++++++
 2 files changed, 102 insertions(+), 1 deletion(-)
 create mode 100644 net/conntrack-tools/patches/001-endianness_fix.patch

diff --git a/net/conntrack-tools/Makefile b/net/conntrack-tools/Makefile
index c97c46fab0a7d..172c6a674b497 100644
--- a/net/conntrack-tools/Makefile
+++ b/net/conntrack-tools/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=conntrack-tools
 PKG_VERSION:=1.4.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.netfilter.org/projects/conntrack-tools/files
diff --git a/net/conntrack-tools/patches/001-endianness_fix.patch b/net/conntrack-tools/patches/001-endianness_fix.patch
new file mode 100644
index 0000000000000..1dcb00a846b2f
--- /dev/null
+++ b/net/conntrack-tools/patches/001-endianness_fix.patch
@@ -0,0 +1,101 @@
+--- a/src/build.c
++++ b/src/build.c
+@@ -66,7 +66,14 @@ ct_build_u32(const struct nf_conntrack *
+ }
+ 
+ static inline void
+-ct_build_u128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
++ct_build_be32(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
++{
++	uint32_t data = nfct_get_attr_u32(ct, a);
++	addattr(n, b, &data, sizeof(uint32_t));
++}
++
++static inline void
++ct_build_be128(const struct nf_conntrack *ct, int a, struct nethdr *n, int b)
+ {
+ 	const char *data = nfct_get_attr(ct, a);
+ 	addattr(n, b, data, sizeof(uint32_t) * 4);
+@@ -279,18 +286,18 @@ void ct2msg(const struct nf_conntrack *c
+ 	switch (nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO)) {
+ 	case AF_INET:
+ 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
+-			ct_build_u32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
++			ct_build_be32(ct, ATTR_REPL_IPV4_DST, n, NTA_SNAT_IPV4);
+ 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
+-			ct_build_u32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
++			ct_build_be32(ct, ATTR_REPL_IPV4_SRC, n, NTA_DNAT_IPV4);
+ 		break;
+ 	case AF_INET6:
+ 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
+-			ct_build_u128(ct, ATTR_REPL_IPV6_DST, n,
+-				      NTA_SNAT_IPV6);
++			ct_build_be128(ct, ATTR_REPL_IPV6_DST, n,
++				       NTA_SNAT_IPV6);
+ 		}
+ 		if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
+-			ct_build_u128(ct, ATTR_REPL_IPV6_SRC, n,
+-				      NTA_DNAT_IPV6);
++			ct_build_be128(ct, ATTR_REPL_IPV6_SRC, n,
++				       NTA_DNAT_IPV6);
+ 		}
+ 		break;
+ 	default:
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -29,7 +29,8 @@
+ static void ct_parse_u8(struct nf_conntrack *ct, int attr, void *data);
+ static void ct_parse_u16(struct nf_conntrack *ct, int attr, void *data);
+ static void ct_parse_u32(struct nf_conntrack *ct, int attr, void *data);
+-static void ct_parse_u128(struct nf_conntrack *ct, int attr, void *data);
++static void ct_parse_be32(struct nf_conntrack *ct, int attr, void *data);
++static void ct_parse_be128(struct nf_conntrack *ct, int attr, void *data);
+ static void ct_parse_str(struct nf_conntrack *ct,
+ 			 const struct netattr *, void *data);
+ static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data);
+@@ -108,12 +109,12 @@ static struct ct_parser h[NTA_MAX] = {
+ 		.size	= NTA_SIZE(sizeof(struct nfct_attr_grp_port)),
+ 	},
+ 	[NTA_SNAT_IPV4]	= {
+-		.parse	= ct_parse_u32,
++		.parse	= ct_parse_be32,
+ 		.attr	= ATTR_SNAT_IPV4,
+ 		.size	= NTA_SIZE(sizeof(uint32_t)),
+ 	},
+ 	[NTA_DNAT_IPV4] = {
+-		.parse	= ct_parse_u32,
++		.parse	= ct_parse_be32,
+ 		.attr	= ATTR_DNAT_IPV4,
+ 		.size	= NTA_SIZE(sizeof(uint32_t)),
+ 	},
+@@ -192,12 +193,12 @@ static struct ct_parser h[NTA_MAX] = {
+ 		.max_size = NTA_SIZE(NTA_LABELS_MAX_SIZE),
+ 	},
+ 	[NTA_SNAT_IPV6]	= {
+-		.parse	= ct_parse_u128,
++		.parse	= ct_parse_be128,
+ 		.attr	= ATTR_SNAT_IPV6,
+ 		.size	= NTA_SIZE(sizeof(uint32_t) * 4),
+ 	},
+ 	[NTA_DNAT_IPV6] = {
+-		.parse	= ct_parse_u128,
++		.parse	= ct_parse_be128,
+ 		.attr	= ATTR_DNAT_IPV6,
+ 		.size	= NTA_SIZE(sizeof(uint32_t) * 4),
+ 	},
+@@ -229,7 +230,14 @@ ct_parse_u32(struct nf_conntrack *ct, in
+ }
+ 
+ static void
+-ct_parse_u128(struct nf_conntrack *ct, int attr, void *data)
++ct_parse_be32(struct nf_conntrack *ct, int attr, void *data)
++{
++	uint32_t *value = (uint32_t *) data;
++	nfct_set_attr_u32(ct, h[attr].attr, *value);
++}
++
++static void
++ct_parse_be128(struct nf_conntrack *ct, int attr, void *data)
+ {
+ 	nfct_set_attr(ct, h[attr].attr, data);
+ }

From 36e9019d285ef7f11948cbd807c1907afc9cfcc3 Mon Sep 17 00:00:00 2001
From: Wong Hoi Sing Edison 
Date: Sun, 25 Apr 2021 10:38:14 +0800
Subject: [PATCH 117/221] squid: Enable dynamic SSL certificate generation

Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07

Description:

Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    ssl_bump splice all

In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
    ssl_bump stare all
    ssl_bump bump all

This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.

Signed-off-by: Wong Hoi Sing Edison 
---
 net/squid/Config.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/squid/Config.in b/net/squid/Config.in
index bcc072f18ea2d..eeeb856aba1f2 100644
--- a/net/squid/Config.in
+++ b/net/squid/Config.in
@@ -25,7 +25,7 @@ if PACKAGE_squid
 	config SQUID_enable-ssl-crtd
 		bool "Enable dynamic SSL certificate generation "
 		depends on !SQUID_use-gnutls
-		default n
+		default y
 
 	config SQUID_auth-basic
 		bool "Enable the Basic authentication scheme"

From 63efc9f4a78ef93750be493fd437c1e18ea3ba47 Mon Sep 17 00:00:00 2001
From: Peter van Dijk 
Date: Sun, 25 Apr 2021 16:16:23 +0200
Subject: [PATCH 118/221] unbound: fix typo in assist name of https-dns-proxy

I left the old version in, in case users have configs that already correct for this error.

Signed-off-by: Peter van Dijk 
---
 net/unbound/files/unbound.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index c8460c07c7e7d..c6e891f4952bd 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -473,7 +473,7 @@ unbound_zone() {
     fi
     ;;
 
-  htpps-dns-proxy)
+  htpps-dns-proxy | https-dns-proxy)
     if [ -x /usr/sbin/https-dns-proxy ] \
     && [ -x /etc/init.d/https-dns-proxy ] ; then
       if /etc/init.d/https-dns-proxy ; then

From 52532f701a0a5add68dcbf6b2cdc64368fd66d28 Mon Sep 17 00:00:00 2001
From: Peter van Dijk 
Date: Sun, 25 Apr 2021 15:00:39 +0200
Subject: [PATCH 119/221] h2o: remove useless ruby dependency

h2o is the library dnsdist uses to offer DNS over HTTPS to clients. dnsdist is the only user of h2o in this tree.

While h2o can depend on Ruby (to build mruby support), this is disabled in the OpenWRT build of h2o. Hence, the Ruby dependency is unnecessary, and removing it saves a few megabytes of disk space.

Signed-off-by: Peter van Dijk 
---
 libs/h2o/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libs/h2o/Makefile b/libs/h2o/Makefile
index 0f15aeee6ceaa..18aef9b0100bc 100644
--- a/libs/h2o/Makefile
+++ b/libs/h2o/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=h2o
 PKG_VERSION:=2.2.6
-PKG_RELEASE:=7
+PKG_RELEASE:=8
 
 PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}?
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -15,7 +15,7 @@ PKG_LICENSE_FILES:=LICENSE
 include $(INCLUDE_DIR)/package.mk
 include ../../devel/ninja/ninja-cmake.mk
 
-PKG_BUILD_DEPENDS:=ruby/host libwslay
+PKG_BUILD_DEPENDS:=libwslay
 
 CMAKE_OPTIONS += \
 	-DBUILD_SHARED_LIBS=ON \
@@ -26,7 +26,7 @@ define Package/libh2o-evloop
   CATEGORY:=Libraries
   TITLE:=H2O Library compiled with its own event loop
   URL:=https://h2o.examp1e.net/
-  DEPENDS:=+libopenssl +zlib +libyaml +ruby
+  DEPENDS:=+libopenssl +zlib +libyaml
 endef
 
 define Package/libh2o
@@ -34,7 +34,7 @@ define Package/libh2o
   CATEGORY:=Libraries
   TITLE:=H2O Library compiled with libuv
   URL:=https://h2o.examp1e.net/
-  DEPENDS:=+libuv +libopenssl +zlib +libyaml +ruby
+  DEPENDS:=+libuv +libopenssl +zlib +libyaml
 endef
 
 define Build/InstallDev

From 1cab806464ccad39413d0aa69d7b063c01ef5c03 Mon Sep 17 00:00:00 2001
From: Peter van Dijk 
Date: Sun, 25 Apr 2021 15:00:48 +0200
Subject: [PATCH 120/221] h2o: only install one copy of the .so

I noticed that the package contained 3 identical copies of the lib:

root@52170cbc2408:/# ls -ali /usr/lib/libh2o*
 162653 -rwxr-xr-x    1 root     root        348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so
 162660 -rwxr-xr-x    1 root     root        348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so.0.13
 162661 -rwxr-xr-x    1 root     root        348857 Apr 25 11:50 /usr/lib/libh2o-evloop.so.0.13.6

so this commit fixes that:

root@472ad3a8404e:/# ls -ali /usr/lib/libh2o*
 289858 lrwxrwxrwx    1 root     root            21 Apr 25 12:43 /usr/lib/libh2o-evloop.so -> libh2o-evloop.so.0.13
 289859 lrwxrwxrwx    1 root     root            23 Apr 25 12:43 /usr/lib/libh2o-evloop.so.0.13 -> libh2o-evloop.so.0.13.6
 289860 -rw-r--r--    1 root     root        348857 Apr 25 12:41 /usr/lib/libh2o-evloop.so.0.1

Signed-off-by: Peter van Dijk 
---
 libs/h2o/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/h2o/Makefile b/libs/h2o/Makefile
index 18aef9b0100bc..b9d964875b71c 100644
--- a/libs/h2o/Makefile
+++ b/libs/h2o/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=h2o
 PKG_VERSION:=2.2.6
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 
 PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}?
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -47,12 +47,12 @@ endef
 
 define Package/libh2o-evloop/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libh2o-evloop.so* $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libh2o-evloop.so* $(1)/usr/lib/
 endef
 
 define Package/libh2o/install
 	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libh2o.so* $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libh2o.so* $(1)/usr/lib/
 endef
 
 $(eval $(call BuildPackage,libh2o-evloop))

From 8923f8fbb502700d47796da348601703bfca181d Mon Sep 17 00:00:00 2001
From: Rosen Penev 
Date: Sat, 17 Apr 2021 20:09:37 -0700
Subject: [PATCH 121/221] dbus: fix new cmake build

CMake was using the wrong paths. Fix them up.

Signed-off-by: Rosen Penev 
---
 utils/dbus/Makefile                      |  5 +++++
 utils/dbus/patches/010-cmake-paths.patch | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 utils/dbus/patches/010-cmake-paths.patch

diff --git a/utils/dbus/Makefile b/utils/dbus/Makefile
index 94bfa2e94f1c1..5fc4da22c63f4 100644
--- a/utils/dbus/Makefile
+++ b/utils/dbus/Makefile
@@ -72,6 +72,9 @@ $(call Package/dbus/Default/description)
 endef
 
 CMAKE_OPTIONS += \
+	-DDBUS_SYSTEM_SOCKET=/var/run/dbus/system_bus_socket \
+	-DDBUS_SESSION_SOCKET_DIR=/tmp \
+	-DDBUS_SYSTEM_PID_FILE=/var/run/dbus.pid \
 	-DDBUS_BUILD_TESTS=OFF \
 	-DDBUS_LINUX=ON \
 	-DDBUS_DISABLE_ASSERT=ON \
@@ -84,6 +87,8 @@ CMAKE_OPTIONS += \
 	-DDBUS_ENABLE_VERBOSE_MODE=OFF \
 	-DDBUS_DISABLE_CHECKS=ON \
 	-DDBUS_BUILD_X11=OFF \
+	-DDBUS_ENABLE_DOXYGEN_DOCS=OFF \
+	-DENABLE_QT_HELP=OFF
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include
diff --git a/utils/dbus/patches/010-cmake-paths.patch b/utils/dbus/patches/010-cmake-paths.patch
new file mode 100644
index 0000000000000..36431eb0a8336
--- /dev/null
+++ b/utils/dbus/patches/010-cmake-paths.patch
@@ -0,0 +1,16 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -510,11 +510,11 @@ if(WIN32)
+ else(WIN32)
+     set(DBUS_SESSION_BUS_LISTEN_ADDRESS "unix:tmpdir=${DBUS_SESSION_SOCKET_DIR}" CACHE STRING "session bus default listening address")
+     set(DBUS_SESSION_BUS_CONNECT_ADDRESS "autolaunch:" CACHE STRING "session bus fallback address for clients")
+-    set(sysconfdir "")
++    set(sysconfdir "/usr/share")
+     set(configdir ${sysconfdir}/dbus-1 )
+     set(DBUS_SYSTEM_CONFIG_FILE  ${configdir}/system.conf)
+     set(DBUS_SESSION_CONFIG_FILE ${configdir}/session.conf)
+-    set(DBUS_USER "messagebus")
++    set(DBUS_USER "root")
+     set(DBUS_TEST_USER "nobody")
+   # For best security, assume that all non-Windows platforms can do
+   # credentials-passing.

From 84063db569c8d3b9057eba233ee731af48912139 Mon Sep 17 00:00:00 2001
From: Karl Palsson 
Date: Mon, 26 Apr 2021 09:34:52 +0000
Subject: [PATCH 122/221] net/mosquitto: fix log_type conversion in config

As reported in: https://github.com/openwrt/packages/issues/15506

Signed-off-by: Karl Palsson 
---
 net/mosquitto/files/etc/init.d/mosquitto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mosquitto/files/etc/init.d/mosquitto b/net/mosquitto/files/etc/init.d/mosquitto
index b42fa8866c39d..d6f2a44954e4c 100755
--- a/net/mosquitto/files/etc/init.d/mosquitto
+++ b/net/mosquitto/files/etc/init.d/mosquitto
@@ -75,7 +75,7 @@ convert_mosq_general() {
 	append_optional_bool "$1" log_timestamp
 	config_get log_types "$1" log_types
 	for log_type in $log_types; do
-		echo "log_dest $log_type" >> $TCONF
+		echo "log_type $log_type" >> $TCONF
 	done
 	append_if "$1" max_inflight_bytes
 	append_if "$1" max_inflight_messages

From d9b3d2811d9a16c7e3af5f704703740ffb185f86 Mon Sep 17 00:00:00 2001
From: Karl Palsson 
Date: Mon, 26 Apr 2021 09:36:49 +0000
Subject: [PATCH 123/221] net/mosquitto: port is optional in root config

From mosquitto 2.x, port became optional and deprecated in the config,
and it was recommended that listeners be used instead.  Drop the hard
requirement in our config conversion script.

Reported in: https://github.com/openwrt/packages/issues/15506
Signed-off-by: 
---
 net/mosquitto/files/etc/init.d/mosquitto | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/mosquitto/files/etc/init.d/mosquitto b/net/mosquitto/files/etc/init.d/mosquitto
index d6f2a44954e4c..603b988eb9e98 100755
--- a/net/mosquitto/files/etc/init.d/mosquitto
+++ b/net/mosquitto/files/etc/init.d/mosquitto
@@ -63,8 +63,7 @@ convert_mosq_general() {
 		echo "bind_address localhost" >> $TCONF
 	fi
 
-	config_get port "$1" port 1883
-	echo "port $port" >> $TCONF
+	append_if "$1" port
 	append_if "$1" acl_file
 	append_optional_bool "$1" allow_anonymous
 	append_optional_bool "$1" allow_duplicate_messages

From eca915920e3ba5b8fb754f8756df4a819f39b390 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Mon, 26 Apr 2021 19:16:19 +0100
Subject: [PATCH 124/221] auc: compare versions using dpkg/opkg's verrevcmp

Using strcmp() to compare a version string doesn't work well.
Use verrevcmp() function from opkg instead.

Signed-off-by: Daniel Golle 
---
 utils/auc/src/CMakeLists.txt |  2 +-
 utils/auc/src/auc.c          | 55 +++++++++++++++++++++++++++++++++++-
 2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/utils/auc/src/CMakeLists.txt b/utils/auc/src/CMakeLists.txt
index de6cee8334060..14cc199ce2197 100644
--- a/utils/auc/src/CMakeLists.txt
+++ b/utils/auc/src/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 2.6...3.12)
 
 PROJECT(auc C)
 ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations)
diff --git a/utils/auc/src/auc.c b/utils/auc/src/auc.c
index d3162066a8b02..5836875a3d8be 100644
--- a/utils/auc/src/auc.c
+++ b/utils/auc/src/auc.c
@@ -17,6 +17,7 @@
 #define AUC_VERSION "unknown"
 #endif
 
+#include 
 #include 
 #include 
 #include 
@@ -359,6 +360,58 @@ static int load_config() {
 	return 0;
 }
 
+/*
+ * libdpkg - Debian packaging suite library routines
+ * vercmp.c - comparison of version numbers
+ *
+ * Copyright (C) 1995 Ian Jackson 
+ */
+
+/* assume ascii; warning: evaluates x multiple times! */
+#define order(x) ((x) == '~' ? -1 \
+		: isdigit((x)) ? 0 \
+		: !(x) ? 0 \
+		: isalpha((x)) ? (x) \
+		: (x) + 256)
+
+static int verrevcmp(const char *val, const char *ref)
+{
+	if (!val)
+		val = "";
+	if (!ref)
+		ref = "";
+
+	while (*val || *ref) {
+		int first_diff = 0;
+
+		while ((*val && !isdigit(*val)) || (*ref && !isdigit(*ref))) {
+			int vc = order(*val), rc = order(*ref);
+			if (vc != rc)
+				return vc - rc;
+			val++;
+			ref++;
+		}
+
+		while (*val == '0')
+			val++;
+		while (*ref == '0')
+			ref++;
+		while (isdigit(*val) && isdigit(*ref)) {
+			if (!first_diff)
+				first_diff = *val - *ref;
+			val++;
+			ref++;
+		}
+		if (isdigit(*val))
+			return 1;
+		if (isdigit(*ref))
+			return -1;
+		if (first_diff)
+			return first_diff;
+	}
+	return 0;
+}
+
 
 /**
  * UBUS response callbacks
@@ -409,7 +462,7 @@ static void pkglist_check_cb(struct ubus_request *req, int type, struct blob_att
 			continue;
 		}
 
-		cmpres = strcmp(blobmsg_get_string(cur), pkg->version);
+		cmpres = verrevcmp(blobmsg_get_string(cur), pkg->version);
 		if (cmpres < 0)
 			*status |= PKG_UPGRADE;
 

From d07e3c9f1f22daf74850cb0b47076e364ae55142 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Mon, 26 Apr 2021 19:19:10 +0100
Subject: [PATCH 125/221] uvol: fix emmitting ubus event when removing UBI
 volume

In case a volume which is down is removed, no ubus event needs to be
fired. Don't try.

Signed-off-by: Daniel Golle 
---
 utils/uvol/files/ubi.sh | 6 +++---
 utils/uvol/files/uvol   | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/utils/uvol/files/ubi.sh b/utils/uvol/files/ubi.sh
index 0a1b73093cb43..2da7e309b8c88 100644
--- a/utils/uvol/files/ubi.sh
+++ b/utils/uvol/files/ubi.sh
@@ -119,14 +119,14 @@ removevol() {
 	local voldev=$(getdev "$@")
 	local evdata
 	[ "$voldev" ] || return 2
-	local volnum=${voldev#${ubidev}_}
 	if vol_is_mode $voldev rw ; then
 		evdata="{\"name\": \"$1\", \"action\": \"down\", \"device\": \"/dev/$voldev\"}"
-	elif vol_is_mode $voldev ro ; then
+	elif vol_is_mode $voldev ro && [ -e "/dev/ubiblock${voldev:3}" ]; then
 		evdata="{\"name\": \"$1\", \"action\": \"down\", \"device\": \"/dev/ubiblock${voldev:3}\"}"
 	fi
+	local volnum=${voldev#${ubidev}_}
 	ubirmvol /dev/$ubidev -n $volnum || return $?
-	ubus send block.volume "$evdata"
+	[ "$evdata" ] && ubus send block.volume "$evdata"
 }
 
 activatevol() {
diff --git a/utils/uvol/files/uvol b/utils/uvol/files/uvol
index a095b3efff386..4958d31ff4810 100644
--- a/utils/uvol/files/uvol
+++ b/utils/uvol/files/uvol
@@ -3,6 +3,7 @@
 # uvol prototype
 # future development roadmap (aka. to-do):
 # * re-implement in C (use libubox, execve lvm/ubi*)
+# * hash to validate volume while writing
 # * add atomic batch processing for use by container/package manager
 
 if [ -z "$1" ]; then cat <
Date: Mon, 26 Apr 2021 11:49:33 +0200
Subject: [PATCH 126/221] redis: update to version 6.2.2

Signed-off-by: Jan Pavlinec 
---
 libs/redis/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/redis/Makefile b/libs/redis/Makefile
index 4ed494c4481e8..5f0fdcd8f3d48 100644
--- a/libs/redis/Makefile
+++ b/libs/redis/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=redis
-PKG_VERSION:=6.2.1
+PKG_VERSION:=6.2.2
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://download.redis.io/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=cd222505012cce20b25682fca931ec93bd21ae92cb4abfe742cf7b76aa907520
+PKG_HASH:=7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=BSD-3-Clause

From 94009fd45e98f227cb34085c2869475c025f88e0 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Mon, 26 Apr 2021 12:13:30 +0200
Subject: [PATCH 127/221] gitlab-runner: update to version 13.11.0

Signed-off-by: Jan Pavlinec 
---
 devel/gitlab-runner/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/devel/gitlab-runner/Makefile b/devel/gitlab-runner/Makefile
index 8488ec15caa9d..a7a501a87d88f 100644
--- a/devel/gitlab-runner/Makefile
+++ b/devel/gitlab-runner/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gitlab-runner
-PKG_VERSION:=13.10.0
+PKG_VERSION:=13.11.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://gitlab.com/gitlab-org/gitlab-runner/-/archive/v$(PKG_VERSION)
-PKG_HASH:=f179d6c51867c2a7dcda4a537d152214b25734f78dcfb7bb05fe07b67c1a9b17
+PKG_HASH:=7bc15d89f7b0551c4dd236d3ef846cf7840175fa1638fa58d0ccd12f3c04a56b
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=MIT

From c954ad954d2922ca1a788d24823b003092570b33 Mon Sep 17 00:00:00 2001
From: Tianling Shen 
Date: Mon, 26 Apr 2021 19:18:02 +0800
Subject: [PATCH 128/221] yq: Update to 4.7.1

Signed-off-by: Tianling Shen 
---
 utils/yq/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/yq/Makefile b/utils/yq/Makefile
index 50f4ae55ffbad..1880342a5dbe0 100644
--- a/utils/yq/Makefile
+++ b/utils/yq/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=yq
-PKG_VERSION:=4.7.0
+PKG_VERSION:=4.7.1
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d4984f8f8ac5151797c8cf9c6ab8b705958802721c4405ef8a99206dcd00dcb5
+PKG_HASH:=19a7c43aaac678065f436ddfdf8b0a75dd3883984f4b9548cabdf53eb09932f9
 
 PKG_MAINTAINER:=Tianling Shen 
 PKG_LICENSE:=MIT

From 6c09ddc3dbf962815e02e60984108e022994b6f0 Mon Sep 17 00:00:00 2001
From: Moritz Warning 
Date: Tue, 27 Apr 2021 17:13:27 +0200
Subject: [PATCH 129/221] zerotier: update to 1.6.5

Minor ZeroTier update. Refreshed patches.

Signed-off-by: Moritz Warning 
---
 net/zerotier/Makefile                                         | 4 ++--
 net/zerotier/patches/0002-remove-pie.patch                    | 2 +-
 .../patches/0003-remove-arm32-conservative-CFLAGS.patch       | 2 +-
 net/zerotier/patches/0004-accept-external-linker-flags.patch  | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/zerotier/Makefile b/net/zerotier/Makefile
index 6c27f78deb8b1..8cb139c4ba7aa 100644
--- a/net/zerotier/Makefile
+++ b/net/zerotier/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zerotier
-PKG_VERSION:=1.6.4
+PKG_VERSION:=1.6.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=0f45a4050cdfea1018634c88b6c302cbbfcc3f7f93cb94bed840a15e3ffa55ba
+PKG_HASH:=a437ec9e8a4987ed48c0e5af3895a057dcc0307ab38af90dd7729a131097f222
 PKG_BUILD_DIR:=$(BUILD_DIR)/ZeroTierOne-$(PKG_VERSION)
 
 PKG_MAINTAINER:=Moritz Warning 
diff --git a/net/zerotier/patches/0002-remove-pie.patch b/net/zerotier/patches/0002-remove-pie.patch
index aa297f85d4228..a5d0f8f4db13b 100644
--- a/net/zerotier/patches/0002-remove-pie.patch
+++ b/net/zerotier/patches/0002-remove-pie.patch
@@ -11,7 +11,7 @@ when making a shared object; recompile with -fPIC" error
 
 --- a/make-linux.mk
 +++ b/make-linux.mk
-@@ -73,11 +73,11 @@ ifeq ($(ZT_DEBUG),1)
+@@ -69,11 +69,11 @@ ifeq ($(ZT_DEBUG),1)
  	# C25519 in particular is almost UNUSABLE in -O0 even on a 3ghz box!
  node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CXXFLAGS=-Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
  else
diff --git a/net/zerotier/patches/0003-remove-arm32-conservative-CFLAGS.patch b/net/zerotier/patches/0003-remove-arm32-conservative-CFLAGS.patch
index f0ffacf0e7015..9d13a786ac4b7 100644
--- a/net/zerotier/patches/0003-remove-arm32-conservative-CFLAGS.patch
+++ b/net/zerotier/patches/0003-remove-arm32-conservative-CFLAGS.patch
@@ -9,7 +9,7 @@ Subject: [PATCH 3/8] remove arm32 conservative CFLAGS
 
 --- a/make-linux.mk
 +++ b/make-linux.mk
-@@ -276,7 +276,7 @@ ifeq ($(ZT_CONTROLLER),1)
+@@ -272,7 +272,7 @@ ifeq ($(ZT_CONTROLLER),1)
  endif
  
  # ARM32 hell -- use conservative CFLAGS
diff --git a/net/zerotier/patches/0004-accept-external-linker-flags.patch b/net/zerotier/patches/0004-accept-external-linker-flags.patch
index de144d25c7004..2900a7edb8176 100644
--- a/net/zerotier/patches/0004-accept-external-linker-flags.patch
+++ b/net/zerotier/patches/0004-accept-external-linker-flags.patch
@@ -9,7 +9,7 @@ Subject: [PATCH 4/8] accept external linker flags
 
 --- a/make-linux.mk
 +++ b/make-linux.mk
-@@ -77,7 +77,7 @@ else
+@@ -73,7 +73,7 @@ else
  	override CFLAGS+=-Wall -Wno-deprecated -pthread $(INCLUDES) -DNDEBUG $(DEFS)
  	CXXFLAGS?=-O3 -fstack-protector
  	override CXXFLAGS+=-Wall -Wno-deprecated -std=c++11 -pthread $(INCLUDES) -DNDEBUG $(DEFS)

From 3471c1bba29cc0c12319cff3fb428b707b7784ba Mon Sep 17 00:00:00 2001
From: Jan Hak 
Date: Tue, 27 Apr 2021 13:08:21 +0200
Subject: [PATCH 130/221] libedit: update to version 20210419-3.1

Signed-off-by: Jan Hak 
---
 libs/libedit/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/libedit/Makefile b/libs/libedit/Makefile
index e18699fb911f9..c8aa4890b1fe4 100644
--- a/libs/libedit/Makefile
+++ b/libs/libedit/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libedit
-PKG_VERSION:=20210216-3.1
+PKG_VERSION:=20210419-3.1
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Daniel Salzman 
@@ -16,7 +16,7 @@ PKG_LICENSE:=BSD-3-Clause
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://thrysoee.dk/editline/
-PKG_HASH:=2283f741d2aab935c8c52c04b57bf952d02c2c02e651172f8ac811f77b1fc77a
+PKG_HASH:=571ebe44b74860823e24a08cf04086ff104fd7dfa1020abf26c52543134f5602
 
 PKG_INSTALL:=1
 

From 956efd1193203e4667cb926c725fc8f06da286fa Mon Sep 17 00:00:00 2001
From: Tianling Shen 
Date: Tue, 27 Apr 2021 19:42:41 +0800
Subject: [PATCH 131/221] xray-core: remove PROVIDES

Xray now is no longer planning to keep compatibility with original
v2ray. Remove PROVIDES before it is totally broken.

Signed-off-by: Tianling Shen 
---
 net/xray-core/Makefile                  | 4 +---
 net/xray-core/files/config.json.example | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/xray-core/Makefile b/net/xray-core/Makefile
index 1264dc9a7f521..0db91efa3df98 100644
--- a/net/xray-core/Makefile
+++ b/net/xray-core/Makefile
@@ -37,7 +37,6 @@ endef
 define Package/xray-core
   $(call Package/xray/template)
   DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle
-  PROVIDES:=v2ray-core
 endef
 
 define Package/xray-example
@@ -55,7 +54,7 @@ define Package/xray-geodata
 endef
 
 define Package/xray/description
-  Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
+  Xray, Penetrates Everything. It helps you to build your own computer network.
   It secures your network connections and thus protects your privacy.
 endef
 
@@ -112,7 +111,6 @@ define Package/xray-core/install
 	$(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
 	$(INSTALL_DIR) $(1)/usr/bin/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/main $(1)/usr/bin/xray
-	$(LN) xray $(1)/usr/bin/v2ray
 
 	$(INSTALL_DIR) $(1)/etc/xray/
 	$(INSTALL_CONF) $(CURDIR)/files/config.json.example $(1)/etc/xray/
diff --git a/net/xray-core/files/config.json.example b/net/xray-core/files/config.json.example
index 52597f5878381..710bb1bec260d 100644
--- a/net/xray-core/files/config.json.example
+++ b/net/xray-core/files/config.json.example
@@ -1,6 +1,6 @@
 // Config file of Xray. This file follows standard JSON format, with comments support.
 // Uncomment entries below to satisfy your needs. Also read our manual for more detail at
-// https://www.v2fly.org/en_US/config/overview.html and https://xray.sh/en/config/
+// https://xtls.github.io/en/config/
 {
   "log": {
     // By default, Xray writes access log to stdout.

From bb57528a5f3e89deb4afaffebff4f8d4b7e0d642 Mon Sep 17 00:00:00 2001
From: Tianling Shen 
Date: Tue, 27 Apr 2021 19:51:57 +0800
Subject: [PATCH 132/221] xray-core: use `$(INSTALL_DATA)` to install
 configuration files

Using `$(INSTALL_CONF)` will cause the program has no access to
configurations file when someone enabled the selinux support.

Signed-off-by: Tianling Shen 
---
 net/xray-core/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/xray-core/Makefile b/net/xray-core/Makefile
index 0db91efa3df98..1fac4a3126fd7 100644
--- a/net/xray-core/Makefile
+++ b/net/xray-core/Makefile
@@ -113,7 +113,7 @@ define Package/xray-core/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/main $(1)/usr/bin/xray
 
 	$(INSTALL_DIR) $(1)/etc/xray/
-	$(INSTALL_CONF) $(CURDIR)/files/config.json.example $(1)/etc/xray/
+	$(INSTALL_DATA) $(CURDIR)/files/config.json.example $(1)/etc/xray/
 
 	$(INSTALL_DIR) $(1)/etc/config/
 	$(INSTALL_CONF) $(CURDIR)/files/xray.conf $(1)/etc/config/xray
@@ -126,8 +126,8 @@ endef
 
 define Package/xray-example/install
 	$(INSTALL_DIR) $(1)/etc/xray/
-	$(INSTALL_CONF) $(CURDIR)/files/vpoint_socks_vmess.json $(1)/etc/xray/
-	$(INSTALL_CONF) $(CURDIR)/files/vpoint_vmess_freedom.json $(1)/etc/xray/
+	$(INSTALL_DATA) $(CURDIR)/files/vpoint_socks_vmess.json $(1)/etc/xray/
+	$(INSTALL_DATA) $(CURDIR)/files/vpoint_vmess_freedom.json $(1)/etc/xray/
 endef
 
 define Package/xray-geodata/install

From 4b923962b9bef7477656710789e52639c4de6553 Mon Sep 17 00:00:00 2001
From: Hirokazu MORIKAWA 
Date: Tue, 27 Apr 2021 11:07:04 +0900
Subject: [PATCH 133/221] libmraa: Disable node.js support

Library for node.js will be disabled temporarily due to difficulty in supporting the latest node.js.

Signed-off-by: Hirokazu MORIKAWA 
---
 libs/libmraa/Makefile | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

diff --git a/libs/libmraa/Makefile b/libs/libmraa/Makefile
index 54b5b33bb526c..766135386f825 100644
--- a/libs/libmraa/Makefile
+++ b/libs/libmraa/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libmraa
 PKG_VERSION:=2.2.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/eclipse/mraa/tar.gz/v$(PKG_VERSION)?
@@ -20,7 +20,7 @@ PKG_MAINTAINER:=John Crispin , Hirokazu MORIKAWA 
Date: Thu, 22 Apr 2021 13:20:46 +0200
Subject: [PATCH 134/221] net-tools: bump to 2.10

Signed-off-by: Aleksander Jan Bajkowski 
---
 net/net-tools/Makefile | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/net/net-tools/Makefile b/net/net-tools/Makefile
index 529045130ca9f..e620d4e2acd75 100644
--- a/net/net-tools/Makefile
+++ b/net/net-tools/Makefile
@@ -9,13 +9,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=net-tools
-PKG_SOURCE_DATE:=2018-11-03
-PKG_SOURCE_VERSION:=0eebece8c964e3cfa8a018f42b2e7e751a7009a0
+PKG_VERSION:=2.10
 PKG_RELEASE:=1
 
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.code.sf.net/p/net-tools/code
-PKG_MIRROR_HASH:=9d978b9f8ccae4af623a299155c62d9b3d31213182c785f925bf8704d48a04c9
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://sourceforge.net/projects/net-tools/files/
+PKG_HASH:=b262435a5241e89bfa51c3cabd5133753952f7a7b7b93f32e08cb9d96f580d69
 
 PKG_MAINTAINER:=Stijn Segers 
 PKG_LICENSE:=GPL-2.0-or-later

From 1e5d9c5d1efb09aa6444bd446fed07c0386e4ac5 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Mon, 26 Apr 2021 12:37:31 +0200
Subject: [PATCH 135/221] python-engineio: update to version 4.1.0

Signed-off-by: Jan Pavlinec 
---
 lang/python/python-engineio/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/python/python-engineio/Makefile b/lang/python/python-engineio/Makefile
index ad3196ac0ef3c..d819dc585b8ab 100644
--- a/lang/python/python-engineio/Makefile
+++ b/lang/python/python-engineio/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-engineio
-PKG_VERSION:=4.0.1
+PKG_VERSION:=4.1.0
 PKG_RELEASE:=1
 
 PYPI_NAME:=python-engineio
-PKG_HASH:=bb575c1a3512b4b5d4706f3071d5cc36e592459e99a47d9a4b7faabeba941377
+PKG_HASH:=21e1bcc62f5573a4bb1c805e69915c5a4c5aa953005dde6c2f707c24554c1020
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=MIT

From ec0d82c8d5c52f8797d7b3fab6ef62a494322516 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Mon, 26 Apr 2021 12:38:11 +0200
Subject: [PATCH 136/221] python-socketio: update to version 5.2.1

Signed-off-by: Jan Pavlinec 
---
 lang/python/python-socketio/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/python/python-socketio/Makefile b/lang/python/python-socketio/Makefile
index b80eaaaaec8c1..8e19f41ecbdb9 100644
--- a/lang/python/python-socketio/Makefile
+++ b/lang/python/python-socketio/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-socketio
-PKG_VERSION:=5.1.0
+PKG_VERSION:=5.2.1
 PKG_RELEASE:=1
 
 PYPI_NAME:=python-socketio
-PKG_HASH:=338cc29abb6f3ca14c88f1f8d05ed27c690df4648f62062b299f92625bbf7093
+PKG_HASH:=356a8a480fa316295b439d63a5f35a7a59fe65cee1ae35dee28e87d00e5aead6
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=MIT

From 9581708610cbf15e77beca2e27bee286658c980c Mon Sep 17 00:00:00 2001
From: Hirokazu MORIKAWA 
Date: Tue, 27 Apr 2021 11:05:12 +0900
Subject: [PATCH 137/221] libupm: Disable node.js support

Library for node.js will be disabled temporarily due to difficulty in supporting the latest node.js.

Signed-off-by: Hirokazu MORIKAWA 
---
 libs/libupm/Makefile | 28 ++--------------------------
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/libs/libupm/Makefile b/libs/libupm/Makefile
index 16988533aee59..b211209178f13 100644
--- a/libs/libupm/Makefile
+++ b/libs/libupm/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libupm
 PKG_VERSION:=2.0.0
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/intel-iot-devkit/upm/tar.gz/v$(PKG_VERSION)?
@@ -53,7 +53,7 @@ UPM_MODULES:= \
 # (require libtinyb) 2jciebu01_ble 2jciebu01_usb
 
 CMAKE_OPTIONS += \
-	-DBUILDSWIGNODE=$(if $(CONFIG_PACKAGE_libmraa-node),ON,OFF) \
+	-DBUILDSWIGNODE=OFF \
 	-DPYTHON2LIBS_FOUND=FALSE \
 	-DPYTHON2INTERP_FOUND=FALSE \
 
@@ -78,7 +78,6 @@ define Package/libupm
   TITLE:=Intel IoT sensor library - Full
   DEPENDS+=+libjpeg +libmodbus +openzwave
   DEPENDS+= $(foreach module, $(UPM_MODULES), +libupm-$(module))
-  DEPENDS+= $(foreach module, $(UPM_MODULES), +libupm-$(module)-node)
   DEPENDS+= $(foreach module, $(UPM_MODULES), +libupm-$(module)-python3)
 endef
 
@@ -93,11 +92,6 @@ define Package/libupm/install/Default
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libupm*-$(2).so* $(1)/usr/lib/ ;
 endef
 
-define Package/libupm/install/Default-node
-	$(INSTALL_DIR) $(1)/usr/lib/node/
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/node_modules/jsupm_$(2) $(1)/usr/lib/node/ ;
-endef
-
 define Package/libupm/install/Default-python3
 	$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/upm
 	$(CP) $(CMAKE_BINARY_DIR)/$(if $(filter interfaces, $(2)),,src/)$(2)/python$(PYTHON3_VERSION)/pyupm_$(2).py \
@@ -109,7 +103,6 @@ endef
 define Package/libupm/install
 	$(foreach module, $(UPM_MODULES), \
 		$(call Package/libupm/install/Default,$(1),$(module)) \
-		$(call Package/libupm/install/Default-node,$(1),$(module)) \
 		$(call Package/libupm/install/Default-python3,$(1),$(module)))
 endef
 
@@ -345,19 +338,6 @@ $(call Package/libupm/Default/description)
 This package contains $(1) sensor C/C++ library
 endef
 
-define Package/libupm-$(1)-node
-  $(call Package/libupm/Default)
-  $(call UpmPackage/depends,$(1))
-  TITLE:=$(1) Node.js library
-  DEPENDS+=+libupm-$(1) +libmraa-node
-endef
-
-define Package/libupm-$(1)-node/description
-$(call Package/libupm/Default/description)
-
-This package contains $(1) sensor Node.js library
-endef
-
 define Package/libupm-$(1)-python3
   $(call Package/libupm/Default)
   $(call UpmPackage/depends,$(1))
@@ -374,9 +354,6 @@ endef
 define Package/libupm-$(1)/install
 	$(call Package/libupm/install/Default,$$(1),$(1))
 endef
-define Package/libupm-$(1)-node/install
-	$(call Package/libupm/install/Default-node,$$(1),$(1))
-endef
 define Package/libupm-$(1)-python3/install
 	$(call Package/libupm/install/Default-python3,$$(1),$(1))
 endef
@@ -386,5 +363,4 @@ $(eval $(call BuildPackage,libupm))
 $(foreach module, $(UPM_MODULES), \
 	$(eval $(call UpmPackage,$(module))) \
 	$(eval $(call BuildPackage,libupm-$(module))) \
-	$(eval $(call BuildPackage,libupm-$(module)-node)) \
 	$(eval $(call BuildPackage,libupm-$(module)-python3)))

From 649b23c50387df52385b70522d0d0f36545bfc4a Mon Sep 17 00:00:00 2001
From: Dobroslaw Kijowski 
Date: Wed, 28 Apr 2021 21:14:20 +0200
Subject: [PATCH 138/221] adguardhome: bump to 0.106.0

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.0
* Add build time LDFLAG introduced in commit [1].

[1]: https://github.com/AdguardTeam/AdGuardHome/commit/1d07afb30ee9ff00de72182200b7e1c6d1606d77#diff-82ef468ec5547f1ed424776755a7f87dfec4eba9838d2c2ac02c9881bb67d737R67

Signed-off-by: Dobroslaw Kijowski 
---
 net/adguardhome/Makefile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/adguardhome/Makefile b/net/adguardhome/Makefile
index e938e63b6c544..1f5bd06a0b5af 100644
--- a/net/adguardhome/Makefile
+++ b/net/adguardhome/Makefile
@@ -6,13 +6,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=adguardhome
-PKG_VERSION:=0.105.2
+PKG_VERSION:=0.106.0
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
-PKG_MIRROR_HASH:=c2ca02ef4d91250772567994e4a59962dc4ec559f44771cefba2b0663668fba1
+PKG_MIRROR_HASH:=5e3fb3bb93ad8d7ac3351503e7b01353dc409bc30a719a6ed7b967e8a462434c
 
 PKG_LICENSE:=GPL-3.0-only
 PKG_LICENSE_FILES:=LICENSE.txt
@@ -25,9 +25,11 @@ PKG_USE_MIPS16:=0
 GO_PKG:=github.com/AdguardTeam/AdGuardHome
 GO_PKG_BUILD_PKG:=github.com/AdguardTeam/AdGuardHome
 
+AGH_BUILD_TIME:=$(shell date -d @$(SOURCE_DATE_EPOCH) +%FT%TZ%z)
 AGH_VERSION_PKG:=github.com/AdguardTeam/AdGuardHome/internal/version
 GO_PKG_LDFLAGS_X:=$(AGH_VERSION_PKG).channel=release \
 	$(AGH_VERSION_PKG).version=$(PKG_SOURCE_VERSION) \
+	$(AGH_VERSION_PKG).buildtime=$(AGH_BUILD_TIME) \
 	$(AGH_VERSION_PKG).goarm=$(GO_ARM) \
 	$(AGH_VERSION_PKG).gomips=$(GO_MIPS)
 

From d025960bfa3c4da276701c4dcccb75d3cc97beb6 Mon Sep 17 00:00:00 2001
From: Othmar Truniger 
Date: Thu, 29 Apr 2021 07:29:56 +0200
Subject: [PATCH 139/221] knxd: pumb to upstream version 0.14.51

Signed-off-by: Othmar Truniger 
---
 net/knxd/Makefile                   | 4 ++--
 net/knxd/patches/0100-version.patch | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/net/knxd/Makefile b/net/knxd/Makefile
index 9bb1cf068d93e..e66c2f829369b 100644
--- a/net/knxd/Makefile
+++ b/net/knxd/Makefile
@@ -11,12 +11,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=knxd
-PKG_VERSION:=0.14.50
+PKG_VERSION:=0.14.51
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/knxd/knxd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=c9189dc0b05b208b06be311d2792ce11092aee8d51d04083568ae49bd10b7cd8
+PKG_HASH:=c8378bc6f671a5ab75edb51b23e839ee1adcdd00b372314ca9d2bdcd37fb70fb
 
 PKG_MAINTAINER:=Othmar Truniger 
 PKG_LICENSE:=GPL-2.0-or-later
diff --git a/net/knxd/patches/0100-version.patch b/net/knxd/patches/0100-version.patch
index 9800a66dcc5c0..419e15440eccf 100644
--- a/net/knxd/patches/0100-version.patch
+++ b/net/knxd/patches/0100-version.patch
@@ -1,9 +1,10 @@
 --- a/tools/version.sh
 +++ b/tools/version.sh
-@@ -1,5 +1,3 @@
- #!/bin/sh
+@@ -7,6 +7,4 @@ if test -s debian/changelog ; then
+     exit
+ fi
  
 -test -d .git || exit
 -# git describe --tags
 -git log --format=format:%D | perl -ne 'next unless s#.*tag: ##; s#,.*##; next if m#/#; print; exit;'
-+echo -n "0.14.50"
++echo -n "0.14.51"

From 35da7adf6ea2f990b31369799839fea0c1c9a601 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans 
Date: Thu, 29 Apr 2021 09:05:26 -0700
Subject: [PATCH 140/221] bind: bump to 9.17.12

Fixes the following security issues:

* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
                   section during DNAME chasing turned out to be the final
                   answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
                   zone without an SOA record at the apex, leading to a
                   RUNTIME_CHECK assertion failure when the zone was
                   subsequently refreshed. This has been fixed by adding an
                   owner name check for all SOA records which are included
                   in a zone transfer.

Signed-off-by: Noah Meyerhans 
---
 net/bind/Makefile                             |  4 +-
 net/bind/patches/010-openssl-deprecated.patch | 45 -------------------
 2 files changed, 2 insertions(+), 47 deletions(-)
 delete mode 100644 net/bind/patches/010-openssl-deprecated.patch

diff --git a/net/bind/Makefile b/net/bind/Makefile
index f29ac6d6fee48..b487da3db019e 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.17.11
+PKG_VERSION:=9.17.12
 PKG_RELEASE:=$(AUTORELEASE)
 USERID:=bind=57:bind=57
 
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
 	https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=00de7bad9291121f3b93e70a6959b540b002f742774823c358c7a416c2e2ed4b
+PKG_HASH:=e77951eaa4aaa92b30e6f3ff6c915081a21c8cc70000e7f25a7a285eed0acbe7
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
diff --git a/net/bind/patches/010-openssl-deprecated.patch b/net/bind/patches/010-openssl-deprecated.patch
deleted file mode 100644
index 2b88bd5d0f001..0000000000000
--- a/net/bind/patches/010-openssl-deprecated.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From a9f883cbc28b865d312918368772627cf9610a2f Mon Sep 17 00:00:00 2001
-From: Mark Andrews 
-Date: Tue, 16 Mar 2021 21:58:55 +0000
-Subject: [PATCH] Stop using deprecated calls in lib/isc/tls.c
-
-from Rosen Penev @neheb
----
- lib/isc/tls.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
---- a/lib/isc/tls.c
-+++ b/lib/isc/tls.c
-@@ -12,10 +12,12 @@
- #include 
- #include 
- 
-+#include 
- #include 
- #include 
- #include 
- #include 
-+#include 
- 
- #include 
- #include 
-@@ -274,11 +276,19 @@ isc_tlsctx_createserver(const char *keyf
- 		rsa = NULL;
- 		ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10101000L
- 		X509_gmtime_adj(X509_get_notBefore(cert), 0);
-+#else
-+		X509_gmtime_adj(X509_getm_notBefore(cert), 0);
-+#endif
- 		/*
- 		 * We set the vailidy for 10 years.
- 		 */
-+#if OPENSSL_VERSION_NUMBER < 0x10101000L
- 		X509_gmtime_adj(X509_get_notAfter(cert), 3650 * 24 * 3600);
-+#else
-+		X509_gmtime_adj(X509_getm_notAfter(cert), 3650 * 24 * 3600);
-+#endif
- 
- 		X509_set_pubkey(cert, pkey);
- 

From 3deb2f2e9a15d97387a4f7bee94eb5c42f409262 Mon Sep 17 00:00:00 2001
From: Michael Heimpold 
Date: Thu, 29 Apr 2021 21:07:13 +0200
Subject: [PATCH 141/221] php8: update to 8.0.5

Also update opcache makefile patch.

Signed-off-by: Michael Heimpold 
---
 lang/php8/Makefile                                            | 4 ++--
 .../patches/1001-ext-opcache-fix-detection-of-shm-mmap.patch  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lang/php8/Makefile b/lang/php8/Makefile
index e9637cd23302a..429a0e564e966 100644
--- a/lang/php8/Makefile
+++ b/lang/php8/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=8.0.3
+PKG_VERSION:=8.0.5
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold 
@@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=c9816aa9745a9695672951eaff3a35ca5eddcb9cacf87a4f04b9fb1169010251
+PKG_HASH:=5dd358b35ecd5890a4f09fb68035a72fe6b45d3ead6999ea95981a107fd1f2ab
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
diff --git a/lang/php8/patches/1001-ext-opcache-fix-detection-of-shm-mmap.patch b/lang/php8/patches/1001-ext-opcache-fix-detection-of-shm-mmap.patch
index 969664a20120b..9fb7cf73801e2 100644
--- a/lang/php8/patches/1001-ext-opcache-fix-detection-of-shm-mmap.patch
+++ b/lang/php8/patches/1001-ext-opcache-fix-detection-of-shm-mmap.patch
@@ -41,7 +41,7 @@ Signed-off-by: Michael Heimpold 
 +    AC_CHECK_FUNC(mmap,[dnl
 +        AC_DEFINE(HAVE_SHM_MMAP_ANON, 1, [Define if you have mmap(MAP_ANON) SHM support])
 +        have_shm_mmap_anon=yes],[have_shm_mmap_anon=no])])
-   AC_MSG_RESULT([$have_shm_mmap_anon=yes])
+   AC_MSG_RESULT([$have_shm_mmap_anon])
  
    PHP_CHECK_FUNC_LIB(shm_open, rt, root)
 @@ -294,8 +300,11 @@ int main() {

From 3d4e9161d53b78c26c4c76dc53f01530a2091ea4 Mon Sep 17 00:00:00 2001
From: Paul Spooren 
Date: Thu, 29 Apr 2021 23:09:22 +0200
Subject: [PATCH 142/221] attendedsysupgrade-common: update to 2021

* Use $(COMMITCOUNT)
* Use SPDX
* Use CA (ucert) public key
* Update repo link
* Update maintainer email
* Format description

Signed-off-by: Paul Spooren 
---
 utils/attendedsysupgrade-common/Makefile      | 32 +++++++++----------
 .../files/86241a707a30cb7f                    |  2 ++
 .../files/c06d891233ba699                     |  2 --
 3 files changed, 17 insertions(+), 19 deletions(-)
 create mode 100644 utils/attendedsysupgrade-common/files/86241a707a30cb7f
 delete mode 100644 utils/attendedsysupgrade-common/files/c06d891233ba699

diff --git a/utils/attendedsysupgrade-common/Makefile b/utils/attendedsysupgrade-common/Makefile
index 1af7779fc0d47..4408b81d4ca0a 100644
--- a/utils/attendedsysupgrade-common/Makefile
+++ b/utils/attendedsysupgrade-common/Makefile
@@ -1,12 +1,9 @@
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# SPDX-License-Identifier: GPL-2.0
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=attendedsysupgrade-common
-PKG_VERSION:=0.2
-PKG_RELEASE:=1
+PKG_VERSION:=$(COMMITCOUNT)
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
@@ -15,7 +12,7 @@ define Package/attendedsysupgrade-common
   SECTION:=utils
   CATEGORY:=Base system
   TITLE:=Common files neede by attendedsysupgrade packages
-  MAINTAINER:=Paul Spooren 
+  MAINTAINER:=Paul Spooren 
   DEPENDS:=+rpcd +rpcd-mod-rpcsys
   PKGARCH:=all
 endef
@@ -27,20 +24,21 @@ define Package/attendedsysupgrade-common/description
 
 	UCI options:
 
-	attendedsysupgrade.server.url
-	URL of compatible upgrade server [1]
+	* attendedsysupgrade.server.url
+	  URL of compatible upgrade server [1]
 
-	attendedsysupgrade.client.upgrade_packages
-	Client should request image also if no new release but new packages upgrade are available.
+	* attendedsysupgrade.client.upgrade_packages
+	  Client should request image also if no new release but new packages
+	  upgrade are available.
 
-	attendedsysupgrade.client.advanced_mode
-	Offer advanced options like editing packages before request and show additional information.
+	* attendedsysupgrade.client.advanced_mode
+	  Offer advanced options like editing packages before request and show
+	  additional information.
 
-	attendedsysupgrade.client.auto_search
-	Tells the client to automattically search for upgrades
-	This can be done when opening luci or login in to console - depends on client.
+	* attendedsysupgrade.client.auto_search
+	  Tells the client to automattically search for upgrades
 
-	[1]: https://github.com/aparcar/gsoc17-attended-sysupgrade
+	[1]: https://github.com/aparcar/asu
 endef
 
 define Build/Compile
@@ -54,7 +52,7 @@ define Package/attendedsysupgrade-common/install
 	$(INSTALL_BIN) ./files/attendedsysupgrade.defaults $(1)/etc/uci-defaults/attendedsysupgrade
 
 	$(INSTALL_DIR) $(1)/etc/opkg/keys/
-	$(INSTALL_BIN) ./files/c06d891233ba699 $(1)/etc/opkg/keys/c06d891233ba699
+	$(INSTALL_BIN) ./files/86241a707a30cb7f $(1)/etc/opkg/keys/86241a707a30cb7f
 endef
 
 $(eval $(call BuildPackage,attendedsysupgrade-common))
diff --git a/utils/attendedsysupgrade-common/files/86241a707a30cb7f b/utils/attendedsysupgrade-common/files/86241a707a30cb7f
new file mode 100644
index 0000000000000..800732714162d
--- /dev/null
+++ b/utils/attendedsysupgrade-common/files/86241a707a30cb7f
@@ -0,0 +1,2 @@
+untrusted comment: ASU CA pubkey
+RWSGJBpwejDLf4OApA5SOavh0GBlBFY9FhqxnivUQHpi0/t0QRI98LPW
diff --git a/utils/attendedsysupgrade-common/files/c06d891233ba699 b/utils/attendedsysupgrade-common/files/c06d891233ba699
deleted file mode 100644
index 94edfd8e12882..0000000000000
--- a/utils/attendedsysupgrade-common/files/c06d891233ba699
+++ /dev/null
@@ -1,2 +0,0 @@
-untrusted comment: public key c06d891233ba699
-RWQMBtiRIzummeTc81jtKdJ3XwnaZGtHLRwjls0ovGsKoTnTmS7fj4Na

From bfdae3703c268cb51f9462dea125f5d0880fea58 Mon Sep 17 00:00:00 2001
From: Hirokazu MORIKAWA 
Date: Fri, 30 Apr 2021 12:48:52 +0900
Subject: [PATCH 143/221] icu: add ABI_VERSION

To prevent inconsistencies in the coming version (69.1).

Signed-off-by: Hirokazu MORIKAWA 
---
 libs/icu/Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libs/icu/Makefile b/libs/icu/Makefile
index fb4bd80464cb3..cfaffded26812 100644
--- a/libs/icu/Makefile
+++ b/libs/icu/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=icu4c
 MAJOR_VERSION:=68
 MINOR_VERSION:=2
 PKG_VERSION:=$(MAJOR_VERSION).$(MINOR_VERSION)
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(MAJOR_VERSION)_$(MINOR_VERSION)-src.tgz
 PKG_SOURCE_URL:=https://github.com/unicode-org/icu/releases/download/release-$(MAJOR_VERSION)-$(MINOR_VERSION)
@@ -41,6 +41,7 @@ define Package/icu
   TITLE:=International Components for Unicode
   URL:=http://icu-project.org
   DEPENDS:=+libstdcpp +libpthread
+  ABI_VERSION:=$(MAJOR_VERSION)
 endef
 
 define Package/icu/description
@@ -54,6 +55,7 @@ define Package/icu-full-data
   TITLE:=Full ICU Data
   URL:=http://icu-project.org
   DEPENDS:=+icu
+  ABI_VERSION:=$(MAJOR_VERSION)
 endef
 
 define Package/icu-full-data/description

From d1069044bf893e4ee68610aa6b586fe7ea5d1f2c Mon Sep 17 00:00:00 2001
From: Dirk Brenken 
Date: Fri, 30 Apr 2021 12:02:21 +0200
Subject: [PATCH 144/221] adblock: update to 4.1.2

* preserve DNS cache after adblock processing (unbound & bind)
* fix redirect issue with oisd basic url
* cosmetics

Signed-off-by: Dirk Brenken 
---
 net/adblock/Makefile              |   2 +-
 net/adblock/files/README.md       |   8 ++-
 net/adblock/files/adblock.sh      | 111 ++++++++++++++++++++++--------
 net/adblock/files/adblock.sources |   4 +-
 4 files changed, 89 insertions(+), 36 deletions(-)

diff --git a/net/adblock/Makefile b/net/adblock/Makefile
index 7e5bd50adb3f3..ad77e3d63a611 100644
--- a/net/adblock/Makefile
+++ b/net/adblock/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=adblock
-PKG_VERSION:=4.1.1
+PKG_VERSION:=4.1.2
 PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken 
diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md
index 183b3ecfac816..76b92dc81ea8a 100644
--- a/net/adblock/files/README.md
+++ b/net/adblock/files/README.md
@@ -186,10 +186,12 @@ Available commands:
 
 ## Examples
 **Change the DNS backend to 'unbound':**  
-No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.
+No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.  
+To preserve the DNS cache after adblock processing please install the additional package 'unbound-control'.
 
-**Change the DNS backend to 'named' (bind):**  
-Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind'.  
+**Change the DNS backend to 'bind':**  
+Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind' by default.  
+To preserve the DNS cache after adblock processing please install the additional package 'bind-rdnc'.
 To use the blocklist please modify '/etc/bind/named.conf':
 

 in the 'options' namespace add:
diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh
index d87cf70a39bb2..051aace3e37de 100755
--- a/net/adblock/files/adblock.sh
+++ b/net/adblock/files/adblock.sh
@@ -11,7 +11,7 @@
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail
-adb_ver="4.1.1"
+adb_ver="4.1.2"
 adb_enabled=0
 adb_debug=0
 adb_forcedns=0
@@ -260,6 +260,21 @@ f_conf()
 	fi
 }
 
+# status helper function
+#
+f_char()
+{
+	local result input="${1}"
+
+	if [ "${input}" = "1" ]
+	then
+		result="✔"
+	else
+		result="✘"
+	fi
+	printf "%s" "${result}"
+}
+
 # load dns backend config
 #
 f_dns()
@@ -298,6 +313,7 @@ f_dns()
 	then
 		case "${adb_dns}" in
 			"dnsmasq")
+				adb_dnscachecmd="-"
 				adb_dnsinotify="${adb_dnsinotify:-"0"}"
 				adb_dnsinstance="${adb_dnsinstance:-"0"}"
 				adb_dnsuser="${adb_dnsuser:-"dnsmasq"}"
@@ -309,6 +325,7 @@ f_dns()
 				adb_dnsstop="${adb_dnsstop:-"address=/#/"}"
 			;;
 			"unbound")
+				adb_dnscachecmd="$(command -v unbound-control || printf "%s" "-")"
 				adb_dnsinotify="${adb_dnsinotify:-"0"}"
 				adb_dnsinstance="${adb_dnsinstance:-"0"}"
 				adb_dnsuser="${adb_dnsuser:-"unbound"}"
@@ -320,6 +337,7 @@ f_dns()
 				adb_dnsstop="${adb_dnsstop:-"local-zone: \".\" static"}"
 			;;
 			"named")
+				adb_dnscachecmd="$(command -v rndc || printf "%s" "-")"
 				adb_dnsinotify="${adb_dnsinotify:-"0"}"
 				adb_dnsinstance="${adb_dnsinstance:-"0"}"
 				adb_dnsuser="${adb_dnsuser:-"bind"}"
@@ -333,6 +351,7 @@ f_dns()
 				adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
 			;;
 			"kresd")
+				adb_dnscachecmd="-"
 				adb_dnsinotify="${adb_dnsinotify:-"0"}"
 				adb_dnsinstance="${adb_dnsinstance:-"0"}"
 				adb_dnsuser="${adb_dnsuser:-"root"}"
@@ -344,6 +363,7 @@ f_dns()
 				adb_dnsstop="${adb_dnsstop:-"* CNAME ."}"
 			;;
 			"raw")
+				adb_dnscachecmd="-"
 				adb_dnsinotify="${adb_dnsinotify:-"0"}"
 				adb_dnsinstance="${adb_dnsinstance:-"0"}"
 				adb_dnsuser="${adb_dnsuser:-"root"}"
@@ -727,8 +747,40 @@ f_dnsup()
 	then
 		out_rc=0
 	else
-		"/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
-		restart_rc="${?}"
+		if [ "${in_rc}" = "0" ] && [ "${adb_dnsflush}" = "0" ]
+		then
+			case "${adb_dns}" in
+				"unbound")
+					if [ -x "${adb_dnscachecmd}" ] && [ -d "${adb_tmpdir}" ] && [ -f "${adb_dnsdir}/unbound.conf" ]
+					then
+						"${adb_dnscachecmd}" -c "${adb_dnsdir}/unbound.conf" dump_cache > "${adb_tmpdir}/adb_cache.dump" 2>/dev/null
+					fi
+					"/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+					restart_rc="${?}"
+				;;
+				"named")
+					if [ -x "${adb_dnscachecmd}" ] && [ -f "/etc/bind/rndc.conf" ]
+					then
+						"${adb_dnscachecmd}" -c "/etc/bind/rndc.conf" reload >/dev/null 2>&1
+						restart_rc="${?}"
+					fi
+					if [ -z "${restart_rc}" ] || { [ -n "${restart_rc}" ] && [ "${restart_rc}" != "0" ]; }
+					then
+						"/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+						restart_rc="${?}"
+					fi
+				;;
+				*)
+					"/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+					restart_rc="${?}"
+				;;
+			esac
+		fi
+		if [ -z "${restart_rc}" ]
+		then
+			"/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
+			restart_rc="${?}"
+		fi
 	fi
 	if [ "${restart_rc}" = "0" ]
 	then
@@ -758,8 +810,16 @@ f_dnsup()
 			cnt=$((cnt+1))
 			sleep 1
 		done
+		if [ "${out_rc}" = "0" ] && [ "${adb_dns}" = "unbound" ]
+		then
+			if [ -x "${adb_dnscachecmd}" ] && [ -d "${adb_tmpdir}" ] && [ -s "${adb_tmpdir}/adb_cache.dump" ]
+			then
+				"${adb_dnscachecmd}" -c "${adb_dnsdir}/unbound.conf" load_cache < "${adb_tmpdir}/adb_cache.dump" >/dev/null 2>&1
+				restart_rc="${?}"
+			fi
+		fi
 	fi
-	f_log "debug" "f_dnsup  ::: lookup_util: ${adb_lookupcmd:-"-"}, lookup_domain: ${adb_lookupdomain:-"-"}, restart_rc: ${restart_rc:-"-"}, dns_timeout: ${adb_dnstimeout}, dns_cnt: ${cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}"
+	f_log "debug" "f_dnsup  ::: dns: ${adb_dns}, cache_cmd: ${adb_dnscachecmd:-"-"}, lookup_cmd: ${adb_lookupcmd:-"-"}, lookup_domain: ${adb_lookupdomain:-"-"}, restart_rc: ${restart_rc:-"-"}, dns_flush: ${adb_dnsflush}, dns_inotify: ${adb_dnsinotify}, dns_timeout: ${adb_dnstimeout}, dns_cnt: ${cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}"
 	return "${out_rc}"
 }
 
@@ -1236,12 +1296,7 @@ f_jsnup()
 	json_load_file "${adb_rtfile}" >/dev/null 2>&1
 	if [ "${?}" = "0" ]
 	then
-		if [ -z "${adb_fetchutil}" ] || [ -z "${adb_awk}" ]
-		then
-			json_get_var utils "utilities"
-		else
-			utils="${adb_fetchutil}, ${adb_awk}"
-		fi
+		utils="download: $(readlink -fn "${adb_fetchutil}"), sort: $(readlink -fn "${adb_sort}"), awk: $(readlink -fn "${adb_awk}")"
 		if [ -z "${adb_cnt}" ]
 		then
 			json_get_var adb_cnt "blocked_domains"
@@ -1275,11 +1330,11 @@ f_jsnup()
 		json_close_object
 	done
 	json_close_array
-	json_add_string "dns_backend" "${adb_dns:-"-"}, ${adb_dnsdir:-"-"}"
+	json_add_string "dns_backend" "${adb_dns:-"-"} (${adb_dnscachecmd##*/}), ${adb_dnsdir:-"-"}"
 	json_add_string "run_utils" "${utils:-"-"}"
 	json_add_string "run_ifaces" "trigger: ${adb_trigger:-"-"}, report: ${adb_repiface:-"-"}"	
 	json_add_string "run_directories" "base: ${adb_tmpbase}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir}"
-	json_add_string "run_flags" "backup: ${adb_backup}, flush: ${adb_dnsflush}, force: ${adb_forcedns}, search: ${adb_safesearch}, report: ${adb_report}, mail: ${adb_mail}, jail: ${adb_jail}"
+	json_add_string "run_flags" "backup: $(f_char ${adb_backup}), flush: $(f_char ${adb_dnsflush}), force: $(f_char ${adb_forcedns}), search: $(f_char ${adb_safesearch}), report: $(f_char ${adb_report}), mail: $(f_char ${adb_mail}), jail: $(f_char ${adb_jail})"
 	json_add_string "last_run" "${runtime:-"-"}"
 	json_add_string "system" "${adb_sysver}"
 	json_dump > "${adb_rtfile}"
@@ -1753,36 +1808,32 @@ else
 	f_log "err" "system libraries not found"
 fi
 
-# awk selection
+# version information
 #
-adb_awk="$(command -v gawk)"
-if [ -z "${adb_awk}" ]
+if [ "${adb_action}" = "version" ]
 then
-	adb_awk="$(command -v awk)"
-	if [ -z "${adb_awk}" ]
-	then
-		f_log "err" "awk not found"
-	fi
+	printf "%s\n" "${adb_ver}"
+	exit 0
 fi
 
-# sort selection
+# awk check
 #
-adb_sort="$(command -v /usr/libexec/sort-coreutils)"
-if [ -z "${adb_sort}" ]
+adb_awk="$(command -v gawk)"
+if [ ! -x "${adb_awk}" ]
 then
-	adb_sort="$(command -v sort)"
-	if [ -z "$("${adb_sort}" --help 2>/dev/null | grep -Fo -m1 "coreutils")" ]
+	adb_awk="$(command -v awk)"
+	if [ ! -x "${adb_awk}" ]
 	then
-		f_log "err" "coreutils sort not found"
+		f_log "err" "awk not found or not executable"
 	fi
 fi
 
-# version information
+# sort check
 #
-if [ "${adb_action}" = "version" ]
+adb_sort="$(command -v sort)"
+if [ ! -x "${adb_sort}" ] || [ "$("${adb_sort}" --version 2>/dev/null | grep -c "coreutils")" = "0" ]
 then
-	printf "%s\n" "${adb_ver}"
-	exit 0
+	f_log "err" "coreutils sort not found or not executable"
 fi
 
 # handle different adblock actions
diff --git a/net/adblock/files/adblock.sources b/net/adblock/files/adblock.sources
index 259753bbf1b34..6f8463b432502 100644
--- a/net/adblock/files/adblock.sources
+++ b/net/adblock/files/adblock.sources
@@ -98,7 +98,7 @@
 		"descurl": "https://github.com/notracking/hosts-blocklists"
 	},
 	"oisd_basic": {
-		"url": "https://dbl.oisd.nl/basic",
+		"url": "https://dbl.oisd.nl/basic/",
 		"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
 		"size": "L",
 		"focus": "general",
@@ -312,6 +312,6 @@
 		"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
 		"size": "S",
 		"focus": "general",
-		"descurl": "https://pgl.yoyo.org"
+		"descurl": "https://pgl.yoyo.org/as"
 	}
 }

From ee77c55d5db7aec8b21a974f2ce679b3c9f3270d Mon Sep 17 00:00:00 2001
From: Olivier Poitrey 
Date: Fri, 30 Apr 2021 15:51:07 +0000
Subject: [PATCH 145/221] nextdns: Update to version 1.32.1

Signed-off-by: Olivier Poitrey 
---
 net/nextdns/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile
index 08ca986e94538..520c51f604b93 100644
--- a/net/nextdns/Makefile
+++ b/net/nextdns/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nextdns
-PKG_VERSION:=1.32.0
+PKG_VERSION:=1.32.1
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/nextdns/nextdns.git
-PKG_MIRROR_HASH:=b48a8be602025d3cbcd087717065e1fd2b37040fab6e769c40e658a647b3657b
+PKG_MIRROR_HASH:=dc8f4f4f8b252f797a3321051dd8a3b7d34031ad09ea221736e99a37e672d324
 
 PKG_MAINTAINER:=Olivier Poitrey 
 PKG_LICENSE:=MIT

From 953362d45cca0e5facad24694fbb2bc2d45985a1 Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean 
Date: Tue, 15 Dec 2020 11:07:21 +0200
Subject: [PATCH 146/221] python3: introduce libpython3 with ABI_VERSION flag

Related to discussion:
  https://github.com/openwrt/packages/pull/14060

Every once in a while a version bump will occur that requires an ABI
change. Example: Python 3.8 to 3.9. When this happens some Python packages
would need to be rebuilt. In setups where everything gets rebuilt, this
isn't a problem.

It's usually a bigger problem when needing to upgrade something via
opkg.
To accommodate for this, we add a libpython with it's own ABI_VERSION
flag. If this ABI_VERSION changes, then this should propagate forward.

Signed-off-by: Alexandru Ardelean 
---
 lang/python/python3/Makefile | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile
index 6405376aaf8c3..0975b86c7dbc5 100644
--- a/lang/python/python3/Makefile
+++ b/lang/python/python3/Makefile
@@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
 include ../python3-version.mk
 
 PKG_NAME:=python3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
 
 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
@@ -66,10 +66,21 @@ define Package/python3/Default/description
  the development of higher quality, more maintainable code.
 endef
 
+define Package/libpython3
+$(call Package/python3/Default)
+  TITLE:=Python $(PYTHON3_VERSION) core library
+  DEPENDS:=+libpthread +zlib
+  ABI_VERSION:=$(PYTHON3_VERSION)
+endef
+
+define Package/libpython3/description
+  This package contains only core Python library.
+endef
+
 define Package/python3-base
 $(call Package/python3/Default)
   TITLE:=Python $(PYTHON3_VERSION) interpreter
-  DEPENDS:=+libpthread +zlib
+  DEPENDS:=+libpthread +zlib +libpython3
 endef
 
 define Package/python3-base/description
@@ -269,13 +280,16 @@ define Py3Package/python3-light/filespec
 $(subst $(space),$(newline),$(foreach lib_file,$(PYTHON3_LIB_FILES_DEL),-|$(lib_file)))
 endef
 
-define Py3Package/python3-base/install
+define Package/libpython3/install
 	# Adding the lib-dynload folder (even just empty) suppresses 2 warnings when starting Python
 	$(INSTALL_DIR) $(1)/usr/lib/python$(PYTHON3_VERSION)/lib-dynload/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpython$(PYTHON3_VERSION).so* $(1)/usr/lib/
+endef
+
+define Py3Package/python3-base/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(LN) python$(PYTHON3_VERSION) $(1)/usr/bin/python3
 	$(LN) python$(PYTHON3_VERSION) $(1)/usr/bin/python
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpython$(PYTHON3_VERSION).so* $(1)/usr/lib/
   # This depends on being called before filespec is processed
 	$(SED) 's|$(TARGET_AR)|ar|g;s|$(TARGET_CROSS)readelf|readelf|g;s|$(TARGET_CC)|gcc|g;s|$(TARGET_CXX)|g++|g' \
 		$(PKG_INSTALL_DIR)/usr/lib/python$(PYTHON3_VERSION)/_sysconfigdata.py
@@ -357,6 +371,8 @@ $(foreach package, $(PYTHON3_PACKAGES),  \
 	$(eval $(call BuildPackage,$(package)-src)) \
 )
 
+$(eval $(call BuildPackage,libpython3))
+
 $(eval $(call Py3Package,python3-base))
 $(eval $(call Py3Package,python3-light))
 $(eval $(call Py3Package,python3))

From 7a40051dbe59cdc0f52b5339b87c1cd03c95e912 Mon Sep 17 00:00:00 2001
From: Christian Lachner 
Date: Sat, 1 May 2021 11:06:22 +0200
Subject: [PATCH 147/221] haproxy: Update HAProxy to v2.2.14

- Update haproxy download URL and hash

Signed-off-by: Christian Lachner 
---
 net/haproxy/Makefile              | 4 ++--
 net/haproxy/get-latest-patches.sh | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index 069ee334a38ca..f1919810e9d7e 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -10,12 +10,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
-PKG_VERSION:=2.2.13
+PKG_VERSION:=2.2.14
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/2.2/src
-PKG_HASH:=9e3e51441c70bedfb494fc9d4b4d3389a71be9a3c915ba3d6f7e8fd9a57ce160
+PKG_HASH:=6a9b702f04b07786f3e5878de8172a727acfdfdbc1cefe1c7a438df372f2fb61
 
 PKG_MAINTAINER:=Thomas Heil , \
 		Christian Lachner 
diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh
index e112a0e7301ee..9553746a2d8ac 100755
--- a/net/haproxy/get-latest-patches.sh
+++ b/net/haproxy/get-latest-patches.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 CLONEURL=https://git.haproxy.org/git/haproxy-2.2.git
-BASE_TAG=v2.2.13
+BASE_TAG=v2.2.14
 TMP_REPODIR=tmprepo
 PATCHESDIR=patches
 

From 885194721c100d6ff3cdf5016b76436ed74d1c5d Mon Sep 17 00:00:00 2001
From: Hannu Nyman 
Date: Sat, 1 May 2021 23:50:21 +0300
Subject: [PATCH 148/221] nano: update version to 5.7

Upgrade nano editor to version 5.7.

Signed-off-by: Hannu Nyman 
---
 utils/nano/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/nano/Makefile b/utils/nano/Makefile
index 52fe31aa3b976..bd98bbf524553 100644
--- a/utils/nano/Makefile
+++ b/utils/nano/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nano
-PKG_VERSION:=5.6.1
+PKG_VERSION:=5.7
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/nano
-PKG_HASH:=760d7059e0881ca0ee7e2a33b09d999ec456ff7204df86bee58eb6f523ee8b09
+PKG_HASH:=d4b181cc2ec11def3711b4649e34f2be7a668e70ab506860514031d069cccafa
 
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=COPYING

From 50fc7a3bca1b76dc837741c5c01375717e389575 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 17:54:49 +0100
Subject: [PATCH 149/221] exfatprogs: update to version 1.1.1

Signed-off-by: Daniel Golle 
---
 utils/exfatprogs/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/exfatprogs/Makefile b/utils/exfatprogs/Makefile
index 7db829e4e3e25..a0b3d8bbe3f6a 100644
--- a/utils/exfatprogs/Makefile
+++ b/utils/exfatprogs/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=exfatprogs
-PKG_VERSION:=1.1.0
+PKG_VERSION:=1.1.1
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=88c12a2f9cbe4f12129f3b7fa2cd42f24dbed3f579e61bac2ca699ca79fad4e0
+PKG_HASH:=7984d93731066841a93fb3b7397083bffb5a52c5e44165b5caf449954ee984ae
 
 PKG_MAINTAINER:=Daniel Golle 
 PKG_LICENSE:=GPL-2.0-only

From 2c19a348c0a3936654306f17045cf07a849ba06c Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 17:57:17 +0100
Subject: [PATCH 150/221] debian-archive-keyring: update to 2021.1.1

Signed-off-by: Daniel Golle 
---
 admin/debian-archive-keyring/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/admin/debian-archive-keyring/Makefile b/admin/debian-archive-keyring/Makefile
index 7b5eca5afacd6..21c906afeebd8 100644
--- a/admin/debian-archive-keyring/Makefile
+++ b/admin/debian-archive-keyring/Makefile
@@ -2,12 +2,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=debian-archive-keyring
-PKG_VERSION:=2019.1
-PKG_RELEASE:=2
+PKG_VERSION:=2021.1.1
+PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE:=debian-archive-keyring_2019.1_all.deb
+PKG_SOURCE:=debian-archive-keyring_2021.1.1_all.deb
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/
-PKG_HASH:=9cefd8917f3d97a999c136aa87f04a3024408b5bc1de470de7d6dfa5e4bd4361
+PKG_HASH:=56beca470dcd9b6d7e6c3c9e9d702101e01e9467e62810a8c357bd7b9c26251d
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_MAINTAINER:=Daniel Golle 

From e819514ae3b2033c0d8f7b0b443f40a93ef25839 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:19:25 +0100
Subject: [PATCH 151/221] gnunet-fuse: update to version 0.14.0

Signed-off-by: Daniel Golle 
---
 net/gnunet-fuse/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/gnunet-fuse/Makefile b/net/gnunet-fuse/Makefile
index e3e3fdb4f0fc5..63451943e6206 100644
--- a/net/gnunet-fuse/Makefile
+++ b/net/gnunet-fuse/Makefile
@@ -2,11 +2,11 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gnunet-fuse
 
-PKG_VERSION:=0.13.0
-PKG_RELEASE:=1
+PKG_VERSION:=0.14.0
+PKG_RELEASE:=$(AUTORELEASE)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/gnunet
-PKG_HASH:=3c176dcf0bd1950edd00aebf207c4f0d1d2e8a5cb5099dbf193398aa5c6f3421
+PKG_HASH:=4e7d470e2a119e13e4fa8ca9d2b7db58a90bf415dde099499f9e189b4319d774
 
 PKG_LICENSE:=GPL-3.0
 PKG_LICENSE_FILES:=COPYING

From b3cad1d76b8ead0dc7c3d10385530a458d453d96 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:38:31 +0100
Subject: [PATCH 152/221] Jinja2: update to version 2.11.3

Signed-off-by: Daniel Golle 
---
 lang/python/Jinja2/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lang/python/Jinja2/Makefile b/lang/python/Jinja2/Makefile
index ad727d06ec423..a3bc52c83be09 100644
--- a/lang/python/Jinja2/Makefile
+++ b/lang/python/Jinja2/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=Jinja2
-PKG_VERSION:=2.11.2
-PKG_RELEASE:=1
+PKG_VERSION:=2.11.3
+PKG_RELEASE:=$(AUTORELEASE)
 
 PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0
+PKG_HASH:=a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6
 
 PKG_MAINTAINER:=Daniel Golle 
 PKG_LICENSE:=BSD-3-Clause

From d6c371da809d9f23472a37f32cf55878ada0015b Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:40:23 +0100
Subject: [PATCH 153/221] libassuan: update to version 2.5.5

Signed-off-by: Daniel Golle 
---
 libs/libassuan/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libassuan/Makefile b/libs/libassuan/Makefile
index 85812ab22a946..5e1437f373f98 100644
--- a/libs/libassuan/Makefile
+++ b/libs/libassuan/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libassuan
-PKG_VERSION:=2.5.4
-PKG_RELEASE:=1
+PKG_VERSION:=2.5.5
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://gnupg.org/ftp/gcrypt/$(PKG_NAME)
-PKG_HASH:=c080ee96b3bd519edd696cfcebdecf19a3952189178db9887be713ccbcb5fbf0
+PKG_HASH:=8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4
 
 PKG_MAINTAINER:=Daniel Golle 
 PKG_LICENSE:=GPL-3.0-or-later

From 1c224f334ed2f992314c57dad103834b76d3b345 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:42:56 +0100
Subject: [PATCH 154/221] libextractor: update to version 1.11

Signed-off-by: Daniel Golle 
---
 libs/libextractor/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libextractor/Makefile b/libs/libextractor/Makefile
index d41c111b1e856..fa2ca5d4999d8 100644
--- a/libs/libextractor/Makefile
+++ b/libs/libextractor/Makefile
@@ -6,15 +6,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libextractor
-PKG_VERSION:=1.10
-PKG_RELEASE:=3
+PKG_VERSION:=1.11
+PKG_RELEASE:=$(AUTORELEASE)
 
 # ToDo:
 # - package missing optional dependencies: libexiv2, gsf, librpm, smf, tidy
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
-PKG_HASH:=9eed11b5ddc7c929ba112c50de8cfaa379f1d99a0c8e064101775837cf432357
+PKG_HASH:=16f633ab8746a38547c4a1da3f4591192b0825ad83c4336f0575b85843d8bd8f
 
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=COPYING

From f570504d69049ab220a06f40d655652f4ec2fbcc Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:45:06 +0100
Subject: [PATCH 155/221] libinput: update to version 1.17.1

Signed-off-by: Daniel Golle 
---
 libs/libinput/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libinput/Makefile b/libs/libinput/Makefile
index c77058abce920..0b47b6c4aafc9 100644
--- a/libs/libinput/Makefile
+++ b/libs/libinput/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libinput
-PKG_VERSION:=1.16.4
-PKG_RELEASE:=1
+PKG_VERSION:=1.17.1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.freedesktop.org/software/libinput
-PKG_HASH:=65923a06d5a8970e4a999c4668797b9b689614b62b1d44432ab1c87b65e39e29
+PKG_HASH:=e51c50f3ce253961bed452d9f93102cc26128406975ab88ff9ec9e6c3b875137
 
 PKG_MAINTAINER:=Daniel Golle 
 PKG_LICENSE:=MIT

From a9287331dbbe0eb7881db89aed573b1788e3bd2d Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:46:03 +0100
Subject: [PATCH 156/221] libksba: update to version 1.5.1

Signed-off-by: Daniel Golle 
---
 libs/libksba/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libksba/Makefile b/libs/libksba/Makefile
index e528ade83b643..56dc53706a3ba 100644
--- a/libs/libksba/Makefile
+++ b/libs/libksba/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libksba
-PKG_VERSION:=1.5.0
-PKG_RELEASE:=1
+PKG_VERSION:=1.5.1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://gnupg.org/ftp/gcrypt/$(PKG_NAME)
-PKG_HASH:=ae4af129216b2d7fdea0b5bf2a788cd458a79c983bb09a43f4d525cc87aba0ba
+PKG_HASH:=b0f4c65e4e447d9a2349f6b8c0e77a28be9531e4548ba02c545d1f46dc7bf921
 
 PKG_MAINTAINER:=Daniel Golle 
 PKG_LICENSE:=LGPL-3.0-or-later GPL-2.0-or-later

From ebd69fbcc8d4072af76ffddf793c05c0554f3189 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 18:51:43 +0100
Subject: [PATCH 157/221] opentracker: update to git HEAD

Signed-off-by: Daniel Golle 
---
 net/opentracker/Makefile                   | 8 ++++----
 net/opentracker/patches/100-makefile.patch | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/opentracker/Makefile b/net/opentracker/Makefile
index c4de76a669941..26faa0ac29c43 100644
--- a/net/opentracker/Makefile
+++ b/net/opentracker/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=opentracker
-PKG_VERSION:=20180526
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://erdgeist.org/gitweb/opentracker
-PKG_SOURCE_VERSION:=6411f1567f64248b0d145493c2e61004d2822623
-PKG_MIRROR_HASH:=064ffaa69b188f4db5626d5ec57249d921c32dd244dd00bb49b31ad841e35018
+PKG_SOURCE_DATE:=2021-04-25
+PKG_SOURCE_VERSION:=0178c27662bd70640ee17f4659f1f6c482d465be
+PKG_MIRROR_HASH:=2fefe5704a66fba2bd6e33d88e9c66b800e0b45038d97cd82ff84f0ac94473b1
 
 PKG_MAINTAINER:=Daniel Golle 
 PKG_LICENSE:=Beerware
diff --git a/net/opentracker/patches/100-makefile.patch b/net/opentracker/patches/100-makefile.patch
index bbaf8d99e6045..c48320224a113 100644
--- a/net/opentracker/patches/100-makefile.patch
+++ b/net/opentracker/patches/100-makefile.patch
@@ -19,7 +19,7 @@
  
  BINDIR?=$(PREFIX)/bin
  
-@@ -66,7 +66,7 @@ CFLAGS_debug = $(CFLAGS) $(OPTS_debug) $
+@@ -71,7 +71,7 @@ CFLAGS_debug = $(CFLAGS) $(OPTS_debug) $
  
  $(BINARY): $(OBJECTS) $(HEADERS)
  	$(CC) -o $@ $(OBJECTS) $(LDFLAGS)

From 3dad6ab364ca0fde66f8f2fbec927cc14ef64510 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 19:01:01 +0100
Subject: [PATCH 158/221] perl-net-dns: update to version 1.30

Signed-off-by: Daniel Golle 
---
 lang/perl-net-dns/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lang/perl-net-dns/Makefile b/lang/perl-net-dns/Makefile
index 46a92c73d2da3..a91db7322bb86 100644
--- a/lang/perl-net-dns/Makefile
+++ b/lang/perl-net-dns/Makefile
@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=perl-net-dns
-PKG_VERSION:=1.29
-PKG_RELEASE:=1
+PKG_VERSION:=1.30
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_NAME:=Net-DNS
 PKG_SOURCE:=$(PKG_SOURCE_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.net-dns.org/download
-PKG_HASH:=852d6ee87e8f0d014223026581cbb56924ba8cddd3ceb29c6191dbb6122d43c5
+PKG_HASH:=055e70b67255615724d91ec41788f75af317561c519971f6e6e384273b30a5da
 PKG_BUILD_DIR:=$(BUILD_DIR)/perl/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/$(PKG_SOURCE_NAME)-$(PKG_VERSION)
 

From bd798d249f88fa08790e686cbf582f84ff4f2814 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 19:01:36 +0100
Subject: [PATCH 159/221] perl-mail-spamassassin: update to version 3.4.6

Fixes CVE-2020-1946

Signed-off-by: Daniel Golle 
---
 lang/perl-mail-spamassassin/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lang/perl-mail-spamassassin/Makefile b/lang/perl-mail-spamassassin/Makefile
index 8daa20e8083d6..4771d054492b1 100644
--- a/lang/perl-mail-spamassassin/Makefile
+++ b/lang/perl-mail-spamassassin/Makefile
@@ -1,9 +1,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=perl-mail-spamassassin
-PKG_RELEASE:=4
-PKG_VERSION:=3.4.4
-PKG_HASH:=8ea27a165b81e3ce8c84ae85c3ecba1f2edfa04ef4a86f07fe28ab612fc8ff60
+PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=3.4.6
+PKG_HASH:=500c7e2a7cdf3aa4dd822d97aaff2ab22235a60cf17a68ab817861d215a4e568
 
 PKG_SOURCE_NAME:=Mail-SpamAssassin
 PKG_SOURCE_URL:=@APACHE/spamassassin/source

From 61ed7c36bb525f22d4d4fe7a6efcc4a0563262fc Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 28 Apr 2021 19:06:38 +0100
Subject: [PATCH 160/221] python-gnupg: update to version 0.4.7

Signed-off-by: Daniel Golle 
---
 lang/python/python-gnupg/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lang/python/python-gnupg/Makefile b/lang/python/python-gnupg/Makefile
index 6a4f99b2c93ff..acd4f44527fb5 100644
--- a/lang/python/python-gnupg/Makefile
+++ b/lang/python/python-gnupg/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-gnupg
-PKG_VERSION:=0.4.6
-PKG_RELEASE:=1
+PKG_VERSION:=0.4.7
+PKG_RELEASE:=$(AUTORELEASE)
 
 PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=3aa0884b3bd414652c2385b9df39e7b87272c2eca1b8fcc3089bc9e58652019a
+PKG_HASH:=2061f56b1942c29b92727bf9aecbd3cea3893acc9cccbdc7eb4604285efe4ac7
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE.txt

From 69396b6a38efa287e2036ce10b777c700fe0437b Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Mon, 3 May 2021 13:23:11 +0200
Subject: [PATCH 161/221] python-typing-extensions: update to version 3.10.0.0

Signed-off-by: Jan Pavlinec 
---
 lang/python/python-typing-extensions/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/python/python-typing-extensions/Makefile b/lang/python/python-typing-extensions/Makefile
index ce1cb68b04628..498ef32106cda 100644
--- a/lang/python/python-typing-extensions/Makefile
+++ b/lang/python/python-typing-extensions/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-typing-extensions
-PKG_VERSION:=3.7.4.3
+PKG_VERSION:=3.10.0.0
 PKG_RELEASE:=1
 
 PYPI_NAME:=typing-extensions
 PYPI_SOURCE_NAME:=typing_extensions
-PKG_HASH:=99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c
+PKG_HASH:=50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=PSF-2.0

From d5bf97837237eefc3301b4be96d5b505302df92a Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Mon, 3 May 2021 13:38:44 +0200
Subject: [PATCH 162/221] libmaxminddb: update to version 1.6.0

Signed-off-by: Jan Pavlinec 
---
 libs/libmaxminddb/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libmaxminddb/Makefile b/libs/libmaxminddb/Makefile
index 675bfec13798c..e81ecb62f599e 100644
--- a/libs/libmaxminddb/Makefile
+++ b/libs/libmaxminddb/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libmaxminddb
-PKG_VERSION:=1.5.2
-PKG_RELEASE=2
+PKG_VERSION:=1.6.0
+PKG_RELEASE=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/maxmind/libmaxminddb/releases/download/$(PKG_VERSION)/
-PKG_HASH:=5237076d250a5f7c297e331c35a433eeaaf0dc205e070e4db353c9ba10f340a2
+PKG_HASH:=7620ac187c591ce21bcd7bf352376a3c56a933e684558a1f6bef4bd4f3f98267
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=Apache-2.0

From 7ae45823770334272143539f381ee25bb4ded459 Mon Sep 17 00:00:00 2001
From: Dirk Brenken 
Date: Tue, 4 May 2021 16:32:35 +0200
Subject: [PATCH 163/221] banip: update to 0.7.8

* fix pid file processing of the background monitor plus child
  processes (bug reported in the forum)
* made the enabled/disabled switch of the background monitor functional

Signed-off-by: Dirk Brenken 
---
 net/banip/Makefile       |  4 ++--
 net/banip/files/banip.sh | 29 ++++++++++++++++++++++-------
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/net/banip/Makefile b/net/banip/Makefile
index 4ae1b2339546d..29613b5943c63 100644
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
-PKG_VERSION:=0.7.7
-PKG_RELEASE:=2
+PKG_VERSION:=0.7.8
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken 
 
diff --git a/net/banip/files/banip.sh b/net/banip/files/banip.sh
index 816f2c3487812..833a3764cf8fb 100755
--- a/net/banip/files/banip.sh
+++ b/net/banip/files/banip.sh
@@ -12,7 +12,7 @@
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail
-ban_ver="0.7.7"
+ban_ver="0.7.8"
 ban_enabled="0"
 ban_mail_enabled="0"
 ban_proto4_enabled="0"
@@ -63,6 +63,7 @@ ban_wan_forwardchains_4=""
 ban_wan_forwardchains_6=""
 ban_action="${1:-"start"}"
 ban_pidfile="/var/run/banip.pid"
+ban_bgpidfile="/var/run/banip_bg.pid"
 ban_tmpbase="/tmp"
 ban_rtfile="${ban_tmpbase}/ban_runtime.json"
 ban_srcfile="${ban_tmpbase}/ban_sources.json"
@@ -921,18 +922,29 @@ f_log()
 	fi
 }
 
+# kill all relevant background processes
+#
+f_pidx()
+{
+	local pids ppid="${1}"
+
+	pids="$(pgrep -P "${ppid}" 2>/dev/null | awk '{ORS=" ";print $0}')"
+	kill -HUP "${ppid}" "${pids}" 2>/dev/null
+	> "${ban_bgpidfile}"
+}
+
 # start log service to trace failed ssh/luci logins
 #
 f_bgsrv()
 {
 	local bg_pid action="${1}"
 
-	bg_pid="$(pgrep -f "^/bin/sh ${ban_logservice}|${ban_logread_cmd}|^grep -qE Exit before auth|^grep -qE error: maximum|^grep -qE luci: failed|^grep -qE nginx" | awk '{ORS=" "; print $1}')"
+	bg_pid="$(cat "${ban_bgpidfile}" 2>/dev/null)"
 	if [ "${action}" = "start" ] && [ -x "${ban_logservice}" ] && [ "${ban_monitor_enabled}" = "1" ] && [ "${ban_whitelistonly}" = "0" ]
 	then
 		if [ -n "${bg_pid}" ]
 		then
-			kill -HUP "${bg_pid}" 2>/dev/null
+			f_pidx "${bg_pid}"
 		fi
 		if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "dropbear")" ]
 		then
@@ -950,12 +962,15 @@ f_bgsrv()
 		then
 			ban_search="${ban_search}nginx\[[0-9]+\]:.*\[error\].*open().*client: [[:alnum:].:]+|"
 		fi
-		( "${ban_logservice}" "${ban_ver}" "${ban_search%?}" & )
-	elif [ "${action}" = "stop" ] && [ -n "${bg_pid}" ]
+		(
+			"${ban_logservice}" "${ban_ver}" "${ban_search%?}" &
+			printf "%s" "${!}" > "${ban_bgpidfile}"
+		)
+	elif { [ "${action}" = "stop" ] || [ "${ban_monitor_enabled}" = "0" ]; } && [ -n "${bg_pid}" ]
 	then
-		kill -HUP "${bg_pid}" 2>/dev/null
+		f_pidx "${bg_pid}"
 	fi
-	f_log "debug" "f_bgsrv ::: action: ${action:-"-"}, bg_pid: ${bg_pid:-"-"}, monitor_enabled: ${ban_monitor_enabled:-"-"}, log_service: ${ban_logservice:-"-"}"
+	f_log "debug" "f_bgsrv ::: action: ${action:-"-"}, bg_pid (old/new): ${bg_pid}/$(cat "${ban_bgpidfile}" 2>/dev/null), monitor_enabled: ${ban_monitor_enabled:-"-"}, log_service: ${ban_logservice:-"-"}"
 }
 
 # download controller

From 241e3de2e7621a93ce6a0386940acc4bcfd16f30 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer 
Date: Mon, 3 May 2021 20:00:46 +0200
Subject: [PATCH 164/221] hwdata: update to version 0.347

Signed-off-by: Josef Schlehofer 
---
 utils/hwdata/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/hwdata/Makefile b/utils/hwdata/Makefile
index e46a9102205b0..98c6bc982fe0b 100644
--- a/utils/hwdata/Makefile
+++ b/utils/hwdata/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hwdata
-PKG_VERSION:=0.345
+PKG_VERSION:=0.347
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/vcrhonek/hwdata/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=fafcc97421ba766e08a2714ccc3eebb0daabc99e67d53c2d682721dd01ccf7a7
+PKG_HASH:=1574e39b5ebd0763beb1fe986cd1a2d17ec81ba0a2f1a61cf27d9b3c62a5a8fa
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0-or-later  XFree86-1.0

From 87b60cf1ffd9cf18f040db6222ef9380bdfd7015 Mon Sep 17 00:00:00 2001
From: Javier Marcet 
Date: Tue, 4 May 2021 07:57:38 +0000
Subject: [PATCH 165/221] python-dotenv: update to v0.17.1

Signed-off-by: Javier Marcet 
---
 lang/python/python-dotenv/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/python/python-dotenv/Makefile b/lang/python/python-dotenv/Makefile
index 0d4a09f483d62..7ccb6dc3c3c2d 100644
--- a/lang/python/python-dotenv/Makefile
+++ b/lang/python/python-dotenv/Makefile
@@ -1,11 +1,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-dotenv
-PKG_VERSION:=0.17.0
+PKG_VERSION:=0.17.1
 PKG_RELEASE:=1
 
 PYPI_NAME:=python-dotenv
-PKG_HASH:=471b782da0af10da1a80341e8438fca5fadeba2881c54360d5fd8d03d03a4f4a
+PKG_HASH:=b1ae5e9643d5ed987fc57cc2583021e38db531946518130777734f9589b3141f
 
 PKG_MAINTAINER:=Javier Marcet 
 PKG_LICENSE:=BSD-3-Clause

From ae14b5b5b369960b8929bf685b1550f00a056185 Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean 
Date: Wed, 28 Apr 2021 10:39:11 +0300
Subject: [PATCH 166/221] stress-ng: bump to version 0.12.07

Refreshed patch.

Signed-off-by: Alexandru Ardelean 
---
 utils/stress-ng/Makefile                     | 4 ++--
 utils/stress-ng/patches/010-soft-float.patch | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/stress-ng/Makefile b/utils/stress-ng/Makefile
index 134cd5b901bf7..fff45a7f164d3 100644
--- a/utils/stress-ng/Makefile
+++ b/utils/stress-ng/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stress-ng
-PKG_VERSION:=0.12.06
+PKG_VERSION:=0.12.07
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://kernel.ubuntu.com/~cking/tarballs/stress-ng
-PKG_HASH:=75eb340266b1bbae944d8f9281af978bd5bc2c8085df97a098d5500d6f177296
+PKG_HASH:=cf73e3a4c7d95afa46aa27fb9283a8a988f3971de4ce6ffe9f651ca341731ead
 
 PKG_MAINTAINER:=Alexandru Ardelean 
 PKG_LICENSE:=GPL-2.0-only
diff --git a/utils/stress-ng/patches/010-soft-float.patch b/utils/stress-ng/patches/010-soft-float.patch
index b9c1b77a0fe31..dd2dbec2c88bb 100644
--- a/utils/stress-ng/patches/010-soft-float.patch
+++ b/utils/stress-ng/patches/010-soft-float.patch
@@ -1,6 +1,6 @@
 --- a/stress-fp-error.c
 +++ b/stress-fp-error.c
-@@ -117,42 +117,43 @@ static int stress_fp_error(const stress_
+@@ -119,42 +119,43 @@ static int stress_fp_error(const stress_
  	do {
  		volatile double d1, d2;
  
@@ -50,7 +50,7 @@
  		/*
  		 * Use volatiles to force compiler to generate code
  		 * to perform run time computation of 1.0 / M_PI
-@@ -173,14 +174,15 @@ static int stress_fp_error(const stress_
+@@ -175,14 +176,15 @@ static int stress_fp_error(const stress_
  		stress_fp_check(args, "DBL_MAX + DBL_MAX / 2.0",
  			DBL_MAX + DBL_MAX / 2.0, INFINITY,
  			false, true, 0, FE_OVERFLOW | FE_INEXACT);

From c8cd45c1035a0424ca32f4ed7b9e4ff9b5631b6c Mon Sep 17 00:00:00 2001
From: Dobroslaw Kijowski 
Date: Tue, 4 May 2021 09:36:33 +0200
Subject: [PATCH 167/221] adguardhome: bump to 0.106.1

* Create working directory when it is not present. Apparently
  some recent change made adguardhome fail to start when working
  directory is missing.
* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.1

Signed-off-by: Dobroslaw Kijowski 
---
 net/adguardhome/Makefile               | 4 ++--
 net/adguardhome/files/adguardhome.init | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/net/adguardhome/Makefile b/net/adguardhome/Makefile
index 1f5bd06a0b5af..a780868996979 100644
--- a/net/adguardhome/Makefile
+++ b/net/adguardhome/Makefile
@@ -6,13 +6,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=adguardhome
-PKG_VERSION:=0.106.0
+PKG_VERSION:=0.106.1
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
-PKG_MIRROR_HASH:=5e3fb3bb93ad8d7ac3351503e7b01353dc409bc30a719a6ed7b967e8a462434c
+PKG_MIRROR_HASH:=631ed8d671827e78dffaec94d21a69ec9dcda80ef843057592167b8be6edd780
 
 PKG_LICENSE:=GPL-3.0-only
 PKG_LICENSE_FILES:=LICENSE.txt
diff --git a/net/adguardhome/files/adguardhome.init b/net/adguardhome/files/adguardhome.init
index f2c7335342079..d9854f8bc1c3f 100644
--- a/net/adguardhome/files/adguardhome.init
+++ b/net/adguardhome/files/adguardhome.init
@@ -1,6 +1,8 @@
 #!/bin/sh /etc/rc.common
 
 PROG=/usr/bin/AdGuardHome
+WORK_DIR=/tmp/adguardhome
+
 USE_PROCD=1
 
 # starts after network starts
@@ -9,8 +11,10 @@ START=21
 STOP=89
 
 start_service() {
+  [ -d "$WORK_DIR" ] || mkdir -m 0755 -p "$WORK_DIR"
+
   procd_open_instance
-  procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w /tmp/adguardhome --no-check-update
+  procd_set_param command "$PROG" -c /etc/adguardhome.yaml -w "$WORK_DIR" --no-check-update
   procd_set_param stdout 1
   procd_set_param stderr 1
   procd_close_instance

From 5ecef802baf9a11f65f5ec571a26e0e1c3f79a7b Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean 
Date: Tue, 4 May 2021 15:20:29 +0300
Subject: [PATCH 168/221] tcpreplay: bump to version 4.3.4

Signed-off-by: Alexandru Ardelean 
---
 net/tcpreplay/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/tcpreplay/Makefile b/net/tcpreplay/Makefile
index 05bc52ccbf616..9726af2f1879a 100644
--- a/net/tcpreplay/Makefile
+++ b/net/tcpreplay/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tcpreplay
-PKG_VERSION:=4.3.3
-PKG_RELEASE:=3
+PKG_VERSION:=4.3.4
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/appneta/tcpreplay/releases/download/v$(PKG_VERSION)
-PKG_HASH:=5e960e2a4432f583adbd11fa0855d17b73d9e0f2d6453b749f27aacaee53bab5
+PKG_HASH:=42c055106e55852c29d94bb6e1b9e001a0723349f2985eb893a47d384c85002b
 
 PKG_LICENSE:=GPL-3.0
 PKG_LICENSE_FILES:=docs/LICENSE

From 5b4a7defd8e11faa933743254550992aec1674d9 Mon Sep 17 00:00:00 2001
From: Philip Prindeville 
Date: Fri, 30 Apr 2021 20:39:10 -0600
Subject: [PATCH 169/221] isc-dhcpd: handle extra spaces in routes

Signed-off-by: Philip Prindeville 
---
 net/isc-dhcp/Makefile         |  2 +-
 net/isc-dhcp/files/dhcpd.init | 17 +++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/net/isc-dhcp/Makefile b/net/isc-dhcp/Makefile
index 8a2056ca6f59d..46921ba3f329e 100644
--- a/net/isc-dhcp/Makefile
+++ b/net/isc-dhcp/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=isc-dhcp
 UPSTREAM_NAME:=dhcp
 PKG_VERSION:=4.4.1
-PKG_RELEASE:=17
+PKG_RELEASE:=18
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init
index 06415729e751f..680c112d13244 100755
--- a/net/isc-dhcp/files/dhcpd.init
+++ b/net/isc-dhcp/files/dhcpd.init
@@ -48,6 +48,13 @@ time2seconds() {
 	echo $(( number * multiplier ))
 }
 
+trim()
+{
+	local arg="$1"
+
+	echo "$arg" | sed -e 's/^ *//' -e 's/ *$//'
+}
+
 # duplicated from dnsmasq init script
 hex_to_hostid() {
 	local var="$1"
@@ -122,12 +129,14 @@ append_routes() {
 	for tuple in $tuples; do
 		local network prefix router save octets compacted
 
+		tuple="$(trim "$tuple")"
+
 		save="${tuple% *}"
-		router="${tuple#${save} }"
+		router="$(trim "${tuple#${save} }")"
+
+		network="$(trim "${save%/[0-9]*}")"
 
-		network="${save%/[0-9]*}"
-		prefix="${save##${network}}"
-		prefix="${prefix:1}"
+		prefix="$(trim "${save##${network}/}")"
 
 		octets=$((($prefix + 7) / 8))
 		compacted="$(echo "$network" | cut -d. -f1-$octets)"

From c6877d4bdfc4c61cec0bad65239351e94bdfb0c0 Mon Sep 17 00:00:00 2001
From: Florian Eckert 
Date: Mon, 3 May 2021 10:51:44 +0200
Subject: [PATCH 170/221] mwna3: fix whitespace

Signed-off-by: Florian Eckert 
---
 net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
index e00cbfa5ca3a8..c56f73a5743a9 100644
--- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
+++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
@@ -66,7 +66,7 @@ case "$ACTION" in
 		mwan3_set_iface_hotplug_state $INTERFACE "$status"
 		if [ "$MWAN3_STARTUP" != "init" ]; then
 			mwan3_create_iface_route $INTERFACE $DEVICE
-	                mwan3_set_general_rules
+			mwan3_set_general_rules
 			[ "$status" = "online" ] && mwan3_set_policies_iptables
 		fi
 		[ "$ACTION" = ifup ] && procd_running mwan3 "track_$INTERFACE" && procd_send_signal mwan3 "track_$INTERFACE" USR2

From 881c2399dbe64f89dd6992e0cadbf6b8b69e50de Mon Sep 17 00:00:00 2001
From: Florian Eckert 
Date: Mon, 3 May 2021 10:52:26 +0200
Subject: [PATCH 171/221] mwan3: update ubus status for not tracked interfaces

Signed-off-by: Florian Eckert 
---
 net/mwan3/files/usr/libexec/rpcd/mwan3 | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/net/mwan3/files/usr/libexec/rpcd/mwan3 b/net/mwan3/files/usr/libexec/rpcd/mwan3
index d4e7adb6f2aa3..4c71fa18f46f1 100755
--- a/net/mwan3/files/usr/libexec/rpcd/mwan3
+++ b/net/mwan3/files/usr/libexec/rpcd/mwan3
@@ -96,8 +96,7 @@ get_mwan3_status() {
 	local age=0
 	local online=0
 	local offline=0
-	local up="0"
-	local enabled time_p time_n time_u time_d status track_status
+	local enabled time_p time_n time_u time_d status track_status up uptime
 
 	if [ "${iface}" != "${iface_select}" ] && [ "${iface_select}" != "" ]; then
 		return
@@ -109,15 +108,19 @@ get_mwan3_status() {
 	online=$(get_online_time "$iface")
 	offline=$(get_offline_time "$iface")
 
-	local uptime="0"
-
 	config_get enabled "$iface" enabled 0
-	network_get_uptime uptime "$iface"
-	network_is_up "$iface" && up="1"
 
-	if [ -f "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS" ]; then
-		status="$(cat "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS")"
+	if [ -d "${MWAN3_STATUS_DIR}" ]; then
+		network_get_uptime uptime "$iface"
+		network_is_up "$iface" && up="1"
+		if [ -f "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS" ]; then
+			status="$(cat "$MWAN3TRACK_STATUS_DIR/${iface}/STATUS")"
+		else
+			status="notracking"
+		fi
 	else
+		uptime=0
+		up=0
 		status="unknown"
 	fi
 

From f66c573e666afab99c731e5f70b4150aca3d87e7 Mon Sep 17 00:00:00 2001
From: Aaron Goodman 
Date: Wed, 28 Apr 2021 19:42:38 -0400
Subject: [PATCH 172/221] mwan3: allow interfaces with no tracking IPs

In the procd refactor, support for interfaces with no tracking IPs was
inadvertentiy removed. This commit restores the previous behavior

Signed-off-by: Aaron Goodman 
---
 net/mwan3/Makefile               | 2 +-
 net/mwan3/files/etc/init.d/mwan3 | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile
index 6909505f7f8da..e4c3aea85fc2e 100644
--- a/net/mwan3/Makefile
+++ b/net/mwan3/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mwan3
-PKG_VERSION:=2.10.8
+PKG_VERSION:=2.10.9
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Florian Eckert , \
 		Aaron Goodman 
diff --git a/net/mwan3/files/etc/init.d/mwan3 b/net/mwan3/files/etc/init.d/mwan3
index 2d5b53d2338c5..560621516657d 100755
--- a/net/mwan3/files/etc/init.d/mwan3
+++ b/net/mwan3/files/etc/init.d/mwan3
@@ -17,6 +17,7 @@ start_tracker() {
 	interface=$1
 	config_get_bool enabled $interface 'enabled' '0'
 	[ $enabled -eq 0 ] && return
+	[ -z "$(config_get $interface track_ip)" ] && return
 
 	procd_open_instance "track_${1}"
 	procd_set_param command /usr/sbin/mwan3track $interface

From 7b468964055149aacab0739d5721343182a17508 Mon Sep 17 00:00:00 2001
From: Andy Walsh 
Date: Thu, 6 May 2021 11:03:26 +0200
Subject: [PATCH 173/221] samba4: update to 4.13.8

* update to 4.13.8
* remove faulty io_uring kernel detection
* fixes CVE's: CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2020-27840, CVE-2021-20277, CVE-2021-20254
* resolves #15512

Signed-off-by: Andy Walsh 
---
 net/samba4/Makefile         | 4 ++--
 net/samba4/files/samba.init | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/samba4/Makefile b/net/samba4/Makefile
index 2cf76932520e9..b4756ca3ed9fe 100644
--- a/net/samba4/Makefile
+++ b/net/samba4/Makefile
@@ -2,7 +2,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=samba
-PKG_VERSION:=4.13.4
+PKG_VERSION:=4.13.8
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -13,7 +13,7 @@ PKG_SOURCE_URL:= \
 		http://www.nic.funet.fi/index/samba/pub/samba/stable/ \
 		http://samba.mirror.bit.nl/samba/ftp/stable/ \
 		https://download.samba.org/pub/samba/stable/
-PKG_HASH:=a1b34c63f7100cc8626902d80f335c7cb0b45d4707dd3c4b010f7a28ed615c78
+PKG_HASH:=3347c0c62cc5b1df1fc92d802282e809c354bfb4941a33c91a7fda3795efbf7f
 
 PKG_MAINTAINER:=Andy Walsh 
 PKG_LICENSE:=GPL-3.0-only
diff --git a/net/samba4/files/samba.init b/net/samba4/files/samba.init
index 3fd48d8cbc03d..8e51476592b1e 100644
--- a/net/samba4/files/samba.init
+++ b/net/samba4/files/samba.init
@@ -143,9 +143,9 @@ smb_add_share() {
 			fi
 		fi
 		
-		# always enable io_uring if we can
-		if [ "$DISABLE_ASYNC_IO" -ne 1 ] && [ -e /usr/lib/samba/vfs/io_uring.so ] && grep "io_uring_setup" /proc/kallsyms >>2 ; then
-			logger -p daemon.info -t 'samba4-server' "io_uring support found in kernel, enabling VFS io_uring."
+		# always enable io_uring if we can ("should" fail silently via samba module load if no kernel support)
+		if [ "$DISABLE_ASYNC_IO" -ne 1 ] && [ -e /usr/lib/samba/vfs/io_uring.so ] ; then
+			logger -p daemon.info -t 'samba4-server' "io_uring module found, enabling VFS io_uring. (also needs Kernel 5.4+ Support)"
 			# make sure its last in list
 			if [ -n "$vfs_objects" ]; then
 				vfs_objects="$vfs_objects io_uring"

From e7bd247a3a5a85464797cba877889314565458d3 Mon Sep 17 00:00:00 2001
From: "Sergio E. Nemirowski" 
Date: Wed, 5 May 2021 21:39:56 +0300
Subject: [PATCH 174/221] vim: install vimdiff symlink for vim-full

vim-full comes with diff feature

Signed-off-by: Sergio E. Nemirowski 
---
 utils/vim/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/utils/vim/Makefile b/utils/vim/Makefile
index da2e376304a8c..bf41826870943 100644
--- a/utils/vim/Makefile
+++ b/utils/vim/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vim
 PKG_VERSION:=8.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 VIMVER:=82
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@@ -221,6 +221,7 @@ define Package/vim-full/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/vim_normal $(1)/usr/bin/vim
 	$(INSTALL_DIR) $(1)/usr/share/vim
+	$(LN) vim $(1)/usr/bin/vimdiff
 	$(INSTALL_CONF) ./files/vimrc.full $(1)/usr/share/vim/vimrc
 endef
 

From aaa0d34d4cbdba80dc7ae1cb1cd776b826355557 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Wed, 28 Apr 2021 14:13:06 +0200
Subject: [PATCH 175/221] tailscale: add new package

Signed-off-by: Jan Pavlinec 
---
 net/tailscale/Makefile             | 77 ++++++++++++++++++++++++++++++
 net/tailscale/files/tailscale.conf |  5 ++
 net/tailscale/files/tailscale.init | 42 ++++++++++++++++
 3 files changed, 124 insertions(+)
 create mode 100644 net/tailscale/Makefile
 create mode 100644 net/tailscale/files/tailscale.conf
 create mode 100644 net/tailscale/files/tailscale.init

diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile
new file mode 100644
index 0000000000000..b5d353aea614f
--- /dev/null
+++ b/net/tailscale/Makefile
@@ -0,0 +1,77 @@
+#
+# Copyright (C) 2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tailscale
+PKG_VERSION:=1.6.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=4591c6f6d3d1f9d5aecaa63dd580c389067edeb7287cd587b108ea6a0aa811e7
+
+PKG_MAINTAINER:=Jan Pavlinec 
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/tailscale-$(PKG_VERSION)
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=\
+	tailscale.com/cmd/tailscale \
+	tailscale.com/cmd/tailscaled
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/tailscale/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=VPN
+  TITLE:=Zero config VPN
+  URL:=https://tailscale.com
+  DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/tailscaled
+  $(call Package/tailscale/Default)
+  TITLE+= (daemon)
+  DEPENDS+= +ca-bundle +kmod-tun
+endef
+
+define Package/tailscale
+  $(call Package/tailscale/Default)
+  TITLE+= (utility)
+  DEPENDS+= +tailscaled
+endef
+
+define Package/tailscale/description
+  It creates a secure network between your servers, computers,
+  and cloud instances. Even when separated by firewalls or subnets.
+endef
+
+Package/tailscaled/description:=$(Package/tailscale/description)
+
+define Package/tailscale/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscale $(1)/usr/sbin
+endef
+
+define Package/tailscaled/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscaled $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) ./files//tailscale.init $(1)/etc/init.d/tailscale
+	$(INSTALL_DIR) $(1)/etc/config/
+	$(INSTALL_DATA) ./files//tailscale.conf $(1)/etc/config/tailscale
+endef
+
+$(eval $(call BuildPackage,tailscale))
+$(eval $(call BuildPackage,tailscaled))
diff --git a/net/tailscale/files/tailscale.conf b/net/tailscale/files/tailscale.conf
new file mode 100644
index 0000000000000..194d8df4fbd5e
--- /dev/null
+++ b/net/tailscale/files/tailscale.conf
@@ -0,0 +1,5 @@
+config settings 'settings'
+	option log_stderr '1'
+	option log_stdout '1'
+	option port '41641'
+	option state_file '/etc/tailscale/tailscaled.state'
diff --git a/net/tailscale/files/tailscale.init b/net/tailscale/files/tailscale.init
new file mode 100644
index 0000000000000..6548fa220018d
--- /dev/null
+++ b/net/tailscale/files/tailscale.init
@@ -0,0 +1,42 @@
+#!/bin/sh /etc/rc.common
+
+# Copyright 2020 Google LLC.
+# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)
+# SPDX-License-Identifier: Apache-2.0
+
+USE_PROCD=1
+START=80
+
+start_service() {
+  local state_file
+  local port
+  local std_err std_out
+
+  config_load tailscale
+  config_get_bool std_out "settings" log_stdout 1
+  config_get_bool std_err "settings" log_stderr 1
+  config_get port "settings" port 41641
+  config_get state_file "settings" state_file /etc/tailscale/tailscaled.state
+
+  /usr/sbin/tailscaled --cleanup
+
+  procd_open_instance
+  procd_set_param command /usr/sbin/tailscaled
+
+  # Set the port to listen on for incoming VPN packets.
+  # Remote nodes will automatically be informed about the new port number,
+  # but you might want to configure this in order to set external firewall
+  # settings.
+  procd_append_param command --port "$port"
+  procd_append_param command --state "$state_file"
+
+  procd_set_param respawn
+  procd_set_param stdout "$std_out"
+  procd_set_param stderr "$std_err"
+
+  procd_close_instance
+}
+
+stop_service() {
+  /usr/sbin/tailscaled --cleanup
+}

From 74401c3073da8222e7fab79bf1501b89624807d9 Mon Sep 17 00:00:00 2001
From: Nick Hainke 
Date: Fri, 30 Apr 2021 23:57:09 +0200
Subject: [PATCH 176/221] samplicator: add samplicator

Samplicator receives UDP datagrams on a given port and resends those
datagrams to a specified set of receivers.

Use Cases:
- replicate Flow Samples to multiple receivers
- use with conntrackd to synchronize via unicast to multiple targets

Signed-off-by: Nick Hainke 
---
 net/samplicator/Makefile               | 42 ++++++++++++++++++++++++++
 net/samplicator/files/samplicator.conf | 18 +++++++++++
 net/samplicator/files/samplicator.init | 18 +++++++++++
 3 files changed, 78 insertions(+)
 create mode 100644 net/samplicator/Makefile
 create mode 100644 net/samplicator/files/samplicator.conf
 create mode 100644 net/samplicator/files/samplicator.init

diff --git a/net/samplicator/Makefile b/net/samplicator/Makefile
new file mode 100644
index 0000000000000..882e2733bcb9c
--- /dev/null
+++ b/net/samplicator/Makefile
@@ -0,0 +1,42 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=samplicator
+PKG_VERSION:=1.3.6
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/sleinen/samplicator/releases/download/v$(PKG_VERSION)
+PKG_HASH:=3c4358b4b0992a77251f2b9e2221d4ae945781160732c73504eb126e69d72d40
+
+PKG_MAINTAINER:=Nick Hainke 
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/samplicator
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=UDP Samplicator
+  URL:=https://github.com/sleinen/samplicator
+endef
+
+define Package/samplicator/description
+  Send copies of (UDP) datagrams to multiple receivers,
+  with optional sampling and spoofing.
+endef
+
+define Package/samplicator/conffiles
+/etc/samplicator.conf
+endef
+
+define Package/samplicator/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/samplicate $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/samplicator.init $(1)/etc/init.d/samplicator
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DATA) ./files/samplicator.conf $(1)/etc/
+endef
+
+$(eval $(call BuildPackage,samplicator))
diff --git a/net/samplicator/files/samplicator.conf b/net/samplicator/files/samplicator.conf
new file mode 100644
index 0000000000000..56864fd7a9629
--- /dev/null
+++ b/net/samplicator/files/samplicator.conf
@@ -0,0 +1,18 @@
+# Samplicator Config File
+#
+# Format:
+# a.b.c.d[/e.f.g.h]: destination
+# a.b.c.d   is the sender's IP address
+# e.f.g.h   is a mask to apply to the sender (default 255.255.255.255)
+# 
+# Destination Format:
+# [/[/[,ttl]]]
+#     IP address of the receiver
+#     port UDP number of the receiver (default 2000)
+#     number of received datagrams between successive
+#           copied datagrams for this receiver.
+#      The TTL (IPv4) or hop-limit (IPv6) for
+#           outgoing datagrams.
+#
+# Example:
+# 10.0.0.1/255.255.255.0: 10.0.0.42/1025
diff --git a/net/samplicator/files/samplicator.init b/net/samplicator/files/samplicator.init
new file mode 100644
index 0000000000000..f0e8f42780b60
--- /dev/null
+++ b/net/samplicator/files/samplicator.init
@@ -0,0 +1,18 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=70
+
+SAMPLICATOR_BIN="/usr/sbin/samplicate"
+SAMPLICATOR_CONF="/etc/samplicator.conf"
+
+start_service() {
+    mkdir -p /var/run
+    procd_open_instance
+    procd_set_param command $SAMPLICATOR_BIN -c $SAMPLICATOR_CONF
+    procd_set_param file "$SAMPLICATOR_CONF"
+    procd_set_param stdout 1
+    procd_set_param stderr 1
+    procd_set_param respawn
+    procd_close_instance
+}

From 66663e7b91f5701ed074849b7bdcbdcc436067f6 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Tue, 13 Apr 2021 14:25:43 +0200
Subject: [PATCH 177/221] unbound: add cache-max-negative-ttl config option

Signed-off-by: Jan Pavlinec 
---
 net/unbound/files/unbound.sh  | 2 ++
 net/unbound/files/unbound.uci | 1 +
 2 files changed, 3 insertions(+)

diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index c6e891f4952bd..419248f7ed4ef 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -990,6 +990,7 @@ unbound_conf() {
     # Adaptive infrastructure info kept for 15 minutes
     echo "  cache-min-ttl: $UB_TTL_MIN"
     echo "  cache-max-ttl: 72000"
+    echo "  cache-max-negative-ttl: $UB_NEG_TTL_MAX"
     echo "  val-bogus-ttl: 300"
     echo "  infra-host-ttl: 900"
     echo
@@ -1364,6 +1365,7 @@ unbound_uci() {
 
   config_get UB_TTL_MIN     "$cfg" ttl_min 120
   config_get UB_TXT_DOMAIN  "$cfg" domain lan
+  config_get UB_NEG_TTL_MAX "$cfg" ttl_neg_max 1000
 
   config_list_foreach "$cfg" domain_insecure bundle_domain_insecure
   config_list_foreach "$cfg" iface_lan bundle_lan_networks
diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci
index 432332e6ed772..d921e3cd0ed7c 100644
--- a/net/unbound/files/unbound.uci
+++ b/net/unbound/files/unbound.uci
@@ -26,6 +26,7 @@ config unbound 'ub_main'
 	option resource 'default'
 	option root_age '9'
 	option ttl_min '120'
+	option ttl_neg_max '1000'
 	option unbound_control '0'
 	option validator '0'
 	option validator_ntp '1'

From 55b5fa35c35df2098ccb8dcb99cc3ef206f4ab2b Mon Sep 17 00:00:00 2001
From: Philip Prindeville 
Date: Wed, 5 May 2021 11:40:19 -0600
Subject: [PATCH 178/221] strongswan: swanctl init script doesn't load
 connections

Fixes issue #15446

Signed-off-by: Philip Prindeville 
---
 net/strongswan/Makefile           |  2 +-
 net/strongswan/files/swanctl.init | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index a66645a70027a..3ec33c6f54302 100644
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=5.9.2
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init
index 58f168dcf53b8..a1fb7c31131c8 100644
--- a/net/strongswan/files/swanctl.init
+++ b/net/strongswan/files/swanctl.init
@@ -517,10 +517,6 @@ config_ipsec() {
 	local interface
 	local device_list
 
-	swan_reset
-	swanctl_reset
-	do_preamble
-
 	config_get debug "$1" debug 0
 	config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
 	[ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
@@ -546,7 +542,9 @@ config_ipsec() {
 		done
 		[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
 	fi
+}
 
+do_postamble() {
 	swan_xappend0 "# generated by /etc/init.d/swanctl"
 	swan_xappend0 "charon {"
 	swan_xappend1 "install_routes = $install_routes"
@@ -566,9 +564,16 @@ config_ipsec() {
 
 prepare_env() {
 	mkdir -p /var/ipsec /var/swanctl
+
+	swan_reset
+	swanctl_reset
+	do_preamble
+
 	config_load ipsec
 	config_foreach config_ipsec ipsec
 	config_foreach config_remote remote
+
+	do_postamble
 }
 
 service_running() {

From 4fa628232ca52a57d5496994397e75c63f525ac2 Mon Sep 17 00:00:00 2001
From: Michael Heimpold 
Date: Fri, 30 Apr 2021 21:39:13 +0200
Subject: [PATCH 179/221] php7: update to 7.4.18

Signed-off-by: Michael Heimpold 
---
 lang/php7/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/php7/Makefile b/lang/php7/Makefile
index 7d431287a07cf..e7a75b701b15f 100644
--- a/lang/php7/Makefile
+++ b/lang/php7/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=7.4.16
+PKG_VERSION:=7.4.18
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold 
@@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=1c16cefaf88ded4c92eed6a8a41eb682bb2ef42429deb55f1c4ba159053fb98b
+PKG_HASH:=ab97f22b128d21dcbc009b50a37aaea0051b2721cbcd122d9e00e6ffc3c4b7e1
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0

From d018e587878a7a3994e909dc263ceda5c9d65220 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Wed, 17 Mar 2021 21:09:50 +0000
Subject: [PATCH 180/221] auc: support queue_position status from server

Display position in queue while waiting for build.

Signed-off-by: Daniel Golle 
---
 utils/auc/src/auc.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/utils/auc/src/auc.c b/utils/auc/src/auc.c
index 5836875a3d8be..ba3fdfa5f32e8 100644
--- a/utils/auc/src/auc.c
+++ b/utils/auc/src/auc.c
@@ -238,6 +238,7 @@ enum {
 	TARGET_METADATA_VERSION,
 	TARGET_REQUEST_HASH,
 	TARGET_SOURCE_DATE_EPOCH,
+	TARGET_QUEUE_POSITION,
 	TARGET_STATUS,
 	TARGET_STDERR,
 	TARGET_STDOUT,
@@ -263,6 +264,7 @@ static const struct blobmsg_policy target_policy[__TARGET_MAX] = {
 	[TARGET_METADATA_VERSION] = { .name = "metadata_version", .type = BLOBMSG_TYPE_INT32 },
 	[TARGET_REQUEST_HASH] = { .name = "request_hash", .type = BLOBMSG_TYPE_STRING },
 	[TARGET_SOURCE_DATE_EPOCH] = { .name = "source_date_epoch", .type = BLOBMSG_TYPE_STRING },
+	[TARGET_QUEUE_POSITION] = { .name = "queue_position", .type = BLOBMSG_TYPE_INT32 },
 	[TARGET_STATUS] = { .name = "status", .type = BLOBMSG_TYPE_STRING },
 	[TARGET_STDERR] = { .name = "stderr", .type = BLOBMSG_TYPE_STRING },
 	[TARGET_STDOUT] = { .name = "stdout", .type = BLOBMSG_TYPE_STRING },
@@ -424,6 +426,9 @@ static int verrevcmp(const char *val, const char *ref)
 #define ANSI_COLOR_RESET ANSI_ESC "[0m"
 #define ANSI_COLOR_RED ANSI_ESC "[1;31m"
 #define ANSI_COLOR_GREEN ANSI_ESC "[1;32m"
+#define ANSI_CURSOR_SAFE "[s"
+#define ANSI_CURSOR_RESTORE "[u"
+#define ANSI_ERASE_LINE "[K"
 
 #define PKG_UPGRADE 0x1
 #define PKG_DOWNGRADE 0x2
@@ -1395,7 +1400,7 @@ int main(int args, char *argv[]) {
 	int upg_check = 0;
 	int revcmp;
 	unsigned char argc = 1;
-	bool force = false, use_get = false;
+	bool force = false, use_get = false, in_queue = false;
 
 	snprintf(user_agent, sizeof(user_agent), "%s (%s)", argv[0], AUC_VERSION);
 	fprintf(stdout, "%s\n", user_agent);
@@ -1559,7 +1564,19 @@ int main(int args, char *argv[]) {
 					fputs("Requesting build", stderr);
 
 				retry_delay = 2;
-				fputc('.', stderr);
+				if (tb[TARGET_QUEUE_POSITION]) {
+					fprintf(stderr, "%s%s (position in queue: %d)",
+						ANSI_ESC, in_queue?ANSI_CURSOR_RESTORE:ANSI_CURSOR_SAFE,
+						blobmsg_get_u32(tb[TARGET_QUEUE_POSITION]));
+					in_queue = true;
+				} else {
+					if (in_queue)
+						fprintf(stderr, "%s%s%s%s",
+							ANSI_ESC, ANSI_CURSOR_RESTORE,
+							ANSI_ESC, ANSI_ERASE_LINE);
+					fputc('.', stderr);
+					in_queue = false;
+				}
 			} else {
 				retry_delay = 0;
 			}

From 71f50a86fa41791b1cc1578d461dc705ccac9a2f Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Mon, 10 May 2021 03:17:25 +0100
Subject: [PATCH 181/221] exim: update to version 4.94.2

Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.

Signed-off-by: Daniel Golle 
---
 mail/exim/Makefile                            |  6 ++---
 ...use-correct-printf-format-for-size-t.patch | 22 -------------------
 .../exim/patches/030-openssl-deprecated.patch |  4 ++--
 3 files changed, 5 insertions(+), 27 deletions(-)
 delete mode 100644 mail/exim/patches/020-use-correct-printf-format-for-size-t.patch

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index c66d7d5c9f085..013d8a1401396 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=exim
-PKG_VERSION:=4.94
-PKG_RELEASE:=2
+PKG_VERSION:=4.94.2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/
-PKG_HASH:=f77ee8faf04f5db793243c3ae81c1f4e452cd6ad7dd515a80edf755c4b144bdb
+PKG_HASH:=051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274
 PKG_MAINTAINER:=Daniel Golle 
 
 PKG_LICENSE:=GPL-2.0-or-later
diff --git a/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch b/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch
deleted file mode 100644
index 6dc3c1bf787e4..0000000000000
--- a/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From: Daniel Golle 
-Date: Sun, 27 Dec 2020 15:03:22 +0000
-Subject: [PATCH] use correct printf format for size_t
-
-pdkim.c: In function 'check_bare_ed25519_pubkey':
-pdkim.c:1355:60: warning: format '%lu' expects argument of type 'long unsigned int', but argument 2 has type 'size_t' {aka 'unsigned int'} [-Wformat=]
-   DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len);
-                                                             ~~^     ~~~~~~~~~~
-                                                                                                                       %u
-Signed-off-by: Daniel Golle 
----
---- a/src/pdkim/pdkim.c
-+++ b/src/pdkim/pdkim.c
-@@ -1352,7 +1352,7 @@ check_bare_ed25519_pubkey(pdkim_pubkey *
- int excess = p->key.len - 32;
- if (excess > 0)
-   {
--  DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len);
-+  DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %zu\n", p->key.len);
-   p->key.data += excess; p->key.len = 32;
-   }
- }
diff --git a/mail/exim/patches/030-openssl-deprecated.patch b/mail/exim/patches/030-openssl-deprecated.patch
index 38d2b0dd0ede8..e890af2db1d7f 100644
--- a/mail/exim/patches/030-openssl-deprecated.patch
+++ b/mail/exim/patches/030-openssl-deprecated.patch
@@ -45,7 +45,7 @@
  X509_set_pubkey(x509, pkey);
  
  name = X509_get_subject_name(x509);
-@@ -3900,8 +3903,8 @@ fprintf(f, "Library version: OpenSSL: Co
+@@ -3897,8 +3900,8 @@ fprintf(f, "Library version: OpenSSL: Co
             "                          Runtime: %s\n"
             "                                 : %s\n",
             OPENSSL_VERSION_TEXT,
@@ -56,7 +56,7 @@
  /* third line is 38 characters for the %s and the line is 73 chars long;
  the OpenSSL output includes a "built on: " prefix already. */
  }
-@@ -3943,8 +3946,6 @@ if (pidnow != pidlast)
+@@ -3940,8 +3943,6 @@ if (pidnow != pidlast)
    is unique for each thread", this doesn't apparently apply across processes,
    so our own warning from vaguely_random_number_fallback() applies here too.
    Fix per PostgreSQL. */

From 0abf0b75ef7cce7cf38860e667764e7e9ad0fcb8 Mon Sep 17 00:00:00 2001
From: Daniel Golle 
Date: Mon, 10 May 2021 03:42:01 +0100
Subject: [PATCH 182/221] lvm2: update to version 2.03.12

Two notable changes are devices file and metadata based autoactivation.

Signed-off-by: Daniel Golle 
---
 utils/lvm2/Makefile                           |  6 +++---
 utils/lvm2/patches/002-const-stdio.patch      |  8 ++++----
 ...04-device-include-goto-lable-as-well.patch |  2 +-
 .../005-missing-include-sys-file.patch        | 20 +++++++++++++++++++
 4 files changed, 28 insertions(+), 8 deletions(-)
 create mode 100644 utils/lvm2/patches/005-missing-include-sys-file.patch

diff --git a/utils/lvm2/Makefile b/utils/lvm2/Makefile
index 75111a2a2f1ee..3ec9c42e6a251 100644
--- a/utils/lvm2/Makefile
+++ b/utils/lvm2/Makefile
@@ -9,12 +9,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=LVM2
-PKG_VERSION:=2.03.11
-PKG_RELEASE:=1
+PKG_VERSION:=2.03.12
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME).$(PKG_VERSION).tgz
 PKG_SOURCE_URL:=https://sourceware.org/pub/lvm2
-PKG_HASH:=842c4510d4653990927d4518a5bf2743126a37531671a05842cdaf8d54bb9dd4
+PKG_HASH:=76075cf2a2dd12ef526a583f0b3c72a6deaa10691fab28216b0821d01cff0cea
 PKG_BUILD_DIR:=$(BUILD_DIR)/lvm2-$(BUILD_VARIANT)/$(PKG_NAME).$(PKG_VERSION)
 
 PKG_MAINTAINER:=Daniel Golle 
diff --git a/utils/lvm2/patches/002-const-stdio.patch b/utils/lvm2/patches/002-const-stdio.patch
index ec1e2f90d79a7..8828fb24cfd3a 100644
--- a/utils/lvm2/patches/002-const-stdio.patch
+++ b/utils/lvm2/patches/002-const-stdio.patch
@@ -1,6 +1,6 @@
 --- a/lib/commands/toolcontext.c
 +++ b/lib/commands/toolcontext.c
-@@ -1605,7 +1605,7 @@ struct cmd_context *create_toolcontext(u
+@@ -1619,7 +1619,7 @@ struct cmd_context *create_toolcontext(u
  	/* FIXME Make this configurable? */
  	reset_lvm_errno(1);
  
@@ -9,7 +9,7 @@
  	/* Set in/out stream buffering before glibc */
  	if (set_buffering
  #ifdef SYS_gettid
-@@ -1986,7 +1986,7 @@ void destroy_toolcontext(struct cmd_cont
+@@ -2006,7 +2006,7 @@ void destroy_toolcontext(struct cmd_cont
  
  	if (cmd->pending_delete_mem)
  		dm_pool_destroy(cmd->pending_delete_mem);
@@ -20,7 +20,7 @@
  		if (is_valid_fd(STDIN_FILENO) &&
 --- a/tools/lvmcmdline.c
 +++ b/tools/lvmcmdline.c
-@@ -3235,6 +3235,7 @@ int lvm_split(char *str, int *argc, char
+@@ -3339,6 +3339,7 @@ int lvm_split(char *str, int *argc, char
  /* Make sure we have always valid filedescriptors 0,1,2 */
  static int _check_standard_fds(void)
  {
@@ -28,7 +28,7 @@
  	int err = is_valid_fd(STDERR_FILENO);
  
  	if (!is_valid_fd(STDIN_FILENO) &&
-@@ -3261,6 +3262,12 @@ static int _check_standard_fds(void)
+@@ -3365,6 +3366,12 @@ static int _check_standard_fds(void)
  		       strerror(errno));
  		return 0;
  	}
diff --git a/utils/lvm2/patches/004-device-include-goto-lable-as-well.patch b/utils/lvm2/patches/004-device-include-goto-lable-as-well.patch
index a45f5bda2b0aa..684a48989f8cf 100644
--- a/utils/lvm2/patches/004-device-include-goto-lable-as-well.patch
+++ b/utils/lvm2/patches/004-device-include-goto-lable-as-well.patch
@@ -15,7 +15,7 @@ on standard C libraries without O_DIRECT_SUPPORT.
 
 --- a/lib/device/dev-io.c
 +++ b/lib/device/dev-io.c
-@@ -379,7 +379,7 @@ int dev_open_flags(struct device *dev, i
+@@ -380,7 +380,7 @@ int dev_open_flags(struct device *dev, i
  		return 0;
  	}
  
diff --git a/utils/lvm2/patches/005-missing-include-sys-file.patch b/utils/lvm2/patches/005-missing-include-sys-file.patch
new file mode 100644
index 0000000000000..862a8e6cbbc79
--- /dev/null
+++ b/utils/lvm2/patches/005-missing-include-sys-file.patch
@@ -0,0 +1,20 @@
+--- a/lib/device/dev-cache.c
++++ b/lib/device/dev-cache.c
+@@ -29,6 +29,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ struct dev_iter {
+ 	struct btree_iter *current;
+--- a/tools/lvmdevices.c
++++ b/tools/lvmdevices.c
+@@ -15,6 +15,7 @@
+ #include "tools.h"
+ #include "lib/cache/lvmcache.h"
+ #include "lib/device/device_id.h"
++#include 
+ 
+ static void _search_devs_for_pvids(struct cmd_context *cmd, struct dm_list *search_pvids, struct dm_list *found_devs)
+ {

From d13c7ba881ee28f16c2e6a5d79617fcc610256c0 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 11:52:32 -0500
Subject: [PATCH 183/221] libgee: update to 0.20.4

Signed-off-by: W. Michael Petullo 
---
 libs/libgee/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libgee/Makefile b/libs/libgee/Makefile
index 7797592a63770..592131ecbf776 100644
--- a/libs/libgee/Makefile
+++ b/libs/libgee/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libgee
-PKG_VERSION:=0.20.3
-PKG_RELEASE:=1
+PKG_VERSION:=0.20.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNOME/libgee/0.20
-PKG_HASH:=d0b5edefc88cbca5f1709d19fa62aef490922c6577a14ac4e7b085507911a5de
+PKG_HASH:=524c1bf390f9cdda4fbd9a47b269980dc64ab5280f0801b53bc69d782c72de0e
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_LICENSE:=LGPL-2.1-or-later

From 5a30bc87911ba495f39558b022db2d25f0c86ac1 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Fri, 7 May 2021 18:53:58 +0200
Subject: [PATCH 184/221] tailscale: update to version 1.8.1

Add readme with simple tailscale howto.

Signed-off-by: Jan Pavlinec 
---
 net/tailscale/Makefile  |  4 ++--
 net/tailscale/README.md | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 net/tailscale/README.md

diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile
index b5d353aea614f..c737ca2c40996 100644
--- a/net/tailscale/Makefile
+++ b/net/tailscale/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tailscale
-PKG_VERSION:=1.6.0
+PKG_VERSION:=1.8.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=4591c6f6d3d1f9d5aecaa63dd580c389067edeb7287cd587b108ea6a0aa811e7
+PKG_HASH:=5d08e9c4cbb51da94951281003f3911933962dad0a85003e4b1852ac7b023bcd
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=BSD-3-Clause
diff --git a/net/tailscale/README.md b/net/tailscale/README.md
new file mode 100644
index 0000000000000..d3b58e7cea943
--- /dev/null
+++ b/net/tailscale/README.md
@@ -0,0 +1,28 @@
+# Tailscale
+This readme should help you with tailscale client setup.
+
+## Install
+There are two packages related to tailscale. Tailscaled (daemon which has to run every time you want to be connected to VPN) and tailscale (package with a utility which is necessary for registering device).
+
+To install them run
+```
+opkg install tailscale tailscaled
+```
+
+## First setup
+
+First, enable and run daemon
+
+```
+/etc/init.d/tailscale enable
+/etc/init.d/tailscale start
+```
+
+Then you should use tailscale utility to get a login link for your device.
+
+Run command and finish device registration with the given URL.
+```
+tailscale up
+```
+
+After that, you should see your router in tailscale admin page.

From ec8def7c23644ebf9b1799169c48c39bf1ea30c8 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 11:54:30 -0500
Subject: [PATCH 185/221] nfdump: update to 1.6.23

Signed-off-by: W. Michael Petullo 
---
 net/nfdump/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/nfdump/Makefile b/net/nfdump/Makefile
index da420777ebdc6..59b45df31cc11 100644
--- a/net/nfdump/Makefile
+++ b/net/nfdump/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nfdump
-PKG_VERSION:=1.6.22
-PKG_RELEASE:=1
+PKG_VERSION:=1.6.23
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/phaag/nfdump/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=437536acb02258f8e2cd1e63c801428c65e1c33100e349acbf718c5b04734bd0
+PKG_HASH:=8c5a7959e66bb90fcbd8ad508933a14ebde4ccf7f4ae638d8f18c9473c63af33
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_LICENSE:=BSD-3-Clause

From da2f686768464d8f35595515f5b3734c76057dd9 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 12:57:47 -0500
Subject: [PATCH 186/221] scapy: update to 2.4.5

Signed-off-by: W. Michael Petullo 
---
 net/scapy/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/scapy/Makefile b/net/scapy/Makefile
index 1d1c098c0edfd..6cf711bd840aa 100644
--- a/net/scapy/Makefile
+++ b/net/scapy/Makefile
@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=scapy
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=1
+PKG_VERSION:=2.4.5
+PKG_RELEASE:=$(AUTORELEASE)
 
 PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=ecfd7a14cd9c3ef0eb08d28d5bb71d97219edff1454ccbdff229f676b27900ee
+PKG_HASH:=bc707e3604784496b6665a9e5b2a69c36cc9fb032af4864b29051531b24c8593
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_LICENSE:=GPL-2.0-only

From f9b87706e43415d027b9f7cd597c78fb2282d113 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 12:56:18 -0500
Subject: [PATCH 187/221] openldap: update to 2.4.58

Signed-off-by: W. Michael Petullo 
---
 libs/openldap/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/openldap/Makefile b/libs/openldap/Makefile
index d21e51ab74d07..426693c8f9b22 100644
--- a/libs/openldap/Makefile
+++ b/libs/openldap/Makefile
@@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openldap
-PKG_VERSION:=2.4.57
-PKG_RELEASE:=1
+PKG_VERSION:=2.4.58
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
 PKG_SOURCE_URL:=https://gpl.savoirfairelinux.net/pub/mirrors/openldap/openldap-release/ \
 	http://mirror.eu.oneandone.net/software/openldap/openldap-release/ \
 	http://mirror.switch.ch/ftp/software/mirror/OpenLDAP/openldap-release/ \
 	https://www.openldap.org/software/download/OpenLDAP/openldap-release/
-PKG_HASH:=c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a
+PKG_HASH:=57b59254be15d0bf6a9ab3d514c1c05777b02123291533134a87c94468f8f47b
 PKG_LICENSE:=OLDAP-2.8
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:openldap:openldap

From 9af45a757fc32382696445499703402c94c0f58a Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 13:19:34 -0500
Subject: [PATCH 188/221] libgpg-error: update to 1.42

Signed-off-by: W. Michael Petullo 
---
 libs/libgpg-error/Makefile                    |  6 ++---
 .../patches/011-macos-compile-fix.patch       | 24 -------------------
 2 files changed, 3 insertions(+), 27 deletions(-)
 delete mode 100644 libs/libgpg-error/patches/011-macos-compile-fix.patch

diff --git a/libs/libgpg-error/Makefile b/libs/libgpg-error/Makefile
index 69e6bad4f104b..00f8c6eb208c4 100644
--- a/libs/libgpg-error/Makefile
+++ b/libs/libgpg-error/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libgpg-error
-PKG_VERSION:=1.39
-PKG_RELEASE:=2
+PKG_VERSION:=1.42
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://mirrors.dotsrc.org/gcrypt/libgpg-error \
 		http://ring.ksc.gr.jp/archives/net/gnupg/libgpg-error \
 		https://www.gnupg.org/ftp/gcrypt/libgpg-error
-PKG_HASH:=4a836edcae592094ef1c5a4834908f44986ab2b82e0824a0344b49df8cdb298f
+PKG_HASH:=fc07e70f6c615f8c4f590a8e37a9b8dd2e2ca1e9408f8e60459c67452b925e23
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_LICENSE:=LGPL-2.1-or-later
diff --git a/libs/libgpg-error/patches/011-macos-compile-fix.patch b/libs/libgpg-error/patches/011-macos-compile-fix.patch
deleted file mode 100644
index c615ad1700d2d..0000000000000
--- a/libs/libgpg-error/patches/011-macos-compile-fix.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- a/src/gen-lock-obj.sh
-+++ b/src/gen-lock-obj.sh
-@@ -84,17 +84,16 @@ EOF
- #     USE_LONG_DOUBLE_FOR_ALIGNMENT
- #
- 
--echo -n "#define GPGRT_LOCK_INITIALIZER {$LOCK_ABI_VERSION,{{"
-+printf "#define GPGRT_LOCK_INITIALIZER {$LOCK_ABI_VERSION,{{"
- 
- i=0
- while test "$i" -lt $ac_mtx_size; do
-     if test "$i" -ne 0 -a "$(( $i % 8 ))" -eq 0; then
--        echo ' \'
--        echo -n "                                    "
-+        printf " %s\n                                    " "\\"
-     fi
--    echo -n '0'
-+    printf '0'
-     if test "$i" -lt $(($ac_mtx_size - 1)); then
--        echo -n ','
-+        printf ','
-     fi
-     i=$(( i + 1 ))
- done

From d82d237bb063298950d5c9886ee32f7398d02b2b Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 13:19:47 -0500
Subject: [PATCH 189/221] libgcrypt: update to 1.9.3

Signed-off-by: W. Michael Petullo 
---
 libs/libgcrypt/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/libgcrypt/Makefile b/libs/libgcrypt/Makefile
index e07b9e70140d5..3fa05758b6b94 100644
--- a/libs/libgcrypt/Makefile
+++ b/libs/libgcrypt/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libgcrypt
-PKG_VERSION:=1.8.7
-PKG_RELEASE:=2
+PKG_VERSION:=1.9.3
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/libgcrypt/
-PKG_HASH:=03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748
+PKG_HASH:=97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_CPE_ID:=cpe:/a:gnupg:libgcrypt

From ceaab33abfbc49190196b7885fd58d174cd7c6fc Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 11:58:11 -0500
Subject: [PATCH 190/221] krb5: update to 1.19.1

Signed-off-by: W. Michael Petullo 
---
 net/krb5/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/krb5/Makefile b/net/krb5/Makefile
index 6ea88b0ddec9c..2bba5fc6439b2 100644
--- a/net/krb5/Makefile
+++ b/net/krb5/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=krb5
-PKG_VERSION:=1.18.3
-PKG_RELEASE:=2
+PKG_VERSION:=1.19.1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_MAINTAINER:=W. Michael Petullo 
 
@@ -18,8 +18,8 @@ PKG_LICENSE_FILES:=NOTICE
 PKG_CPE_ID:=cpe:/a:mit:kerberos
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://web.mit.edu/kerberos/dist/krb5/1.18
-PKG_HASH:=e61783c292b5efd9afb45c555a80dd267ac67eebabca42185362bee6c4fbd719
+PKG_SOURCE_URL:=https://web.mit.edu/kerberos/dist/krb5/1.19
+PKG_HASH:=fa16f87eb7e3ec3586143c800d7eaff98b5e0dcdf0772af7d98612e49dbeb20b
 
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1

From 628989b8cdf355884d12f52450afbdd8a1ee8e32 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 12:50:01 -0500
Subject: [PATCH 191/221] snort: update 2.9.17.1

Signed-off-by: W. Michael Petullo 
---
 net/snort/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/snort/Makefile b/net/snort/Makefile
index b5eeccc7450b8..62fdafe4b7654 100644
--- a/net/snort/Makefile
+++ b/net/snort/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=snort
-PKG_VERSION:=2.9.17
-PKG_RELEASE:=2
+PKG_VERSION:=2.9.17.1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=W. Michael Petullo 
@@ -18,7 +18,7 @@ PKG_CPE_ID:=cpe:/a:snort:snort
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.snort.org/downloads/archive/snort/ \
 	@SF/$(PKG_NAME)
-PKG_HASH:=c3b234c3922a09b0368b847ddb8d1fa371b741f032f42aa9ab53d67b428dc648
+PKG_HASH:=303d3d5dc5affecfeaad3a331d3163f901d48d960fdd6598cb55c6d1591eed82
 
 PKG_BUILD_DEPENDS:=libtirpc
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)

From 7ae423ea66f352e64daa546d06fd2a3ba0251665 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 12:59:28 -0500
Subject: [PATCH 192/221] syslog-ng: update to 3.32.1

Signed-off-by: W. Michael Petullo 
---
 admin/syslog-ng/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile
index e55c9b2d95720..29692f606725b 100644
--- a/admin/syslog-ng/Makefile
+++ b/admin/syslog-ng/Makefile
@@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=syslog-ng
-PKG_VERSION:=3.31.2
-PKG_RELEASE:=1
+PKG_VERSION:=3.32.1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_MAINTAINER:=Josef Schlehofer 
 PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
@@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
-PKG_HASH:=2eeb8e0dbbcb556fdd4e50bc9f29bc8c66c9b153026f87caa7567bd3139c186a
+PKG_HASH:=19e3b76552d82c71c04230526925402c9f05fa5e6ea19b912b061850929b712d
 
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1

From bdfd236cd6864f19fb488333dba6b3af426a54e2 Mon Sep 17 00:00:00 2001
From: Michael Heimpold 
Date: Mon, 10 May 2021 22:37:12 +0200
Subject: [PATCH 193/221] php7: update to 7.4.19

Signed-off-by: Michael Heimpold 
---
 lang/php7/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/php7/Makefile b/lang/php7/Makefile
index e7a75b701b15f..15cf9fa894df8 100644
--- a/lang/php7/Makefile
+++ b/lang/php7/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=7.4.18
+PKG_VERSION:=7.4.19
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold 
@@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=ab97f22b128d21dcbc009b50a37aaea0051b2721cbcd122d9e00e6ffc3c4b7e1
+PKG_HASH:=6c17172c4a411ccb694d9752de899bb63c72a0a3ebe5089116bc13658a1467b2
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0

From 4d9ace41247470e15b507d87e5003b44efefa836 Mon Sep 17 00:00:00 2001
From: Michael Heimpold 
Date: Mon, 10 May 2021 21:24:53 +0200
Subject: [PATCH 194/221] php8: update to 8.0.6

Signed-off-by: Michael Heimpold 
---
 lang/php8/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lang/php8/Makefile b/lang/php8/Makefile
index 429a0e564e966..8bc524b2e819b 100644
--- a/lang/php8/Makefile
+++ b/lang/php8/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=8.0.5
+PKG_VERSION:=8.0.6
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold 
@@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=5dd358b35ecd5890a4f09fb68035a72fe6b45d3ead6999ea95981a107fd1f2ab
+PKG_HASH:=e9871d3b6c391fe9e89f86f6334852dcc10eeaaa8d5565beb8436e7f0cf30e20
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0

From 3346ad890ff61f01d213c61bd6d01dd49c6e5bb2 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Tue, 11 May 2021 10:14:43 +0200
Subject: [PATCH 195/221] lmbd: update to version 0.9.29

Signed-off-by: Jan Pavlinec 
---
 libs/lmdb/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/lmdb/Makefile b/libs/lmdb/Makefile
index 1bf3683b7072c..c888338d749f6 100644
--- a/libs/lmdb/Makefile
+++ b/libs/lmdb/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lmdb
-PKG_VERSION:=0.9.28
+PKG_VERSION:=0.9.29
 PKG_RELEASE:=1
 
 PKG_SOURCE:=LMDB_$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/LMDB/lmdb/tar.gz/LMDB_$(PKG_VERSION)?
-PKG_HASH:=47457d3d3ae2c489b52078a07e9f55ec6e094b48c2204029c7754e2972fe1882
+PKG_HASH:=22054926b426c66d8f2bc22071365df6e35f3aacf19ad943bc6167d4cae3bebb
 PKG_BUILD_DIR:=$(BUILD_DIR)/lmdb-LMDB_$(PKG_VERSION)
 
 PKG_MAINTAINER:=Jan Pavlinec 

From 2edb43b6fa869cff5187fc65ba16159f6199f988 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Tue, 11 May 2021 09:58:54 +0200
Subject: [PATCH 196/221] redis: update to version 6.2.3

Fixes CVE-2021-29477

Signed-off-by: Jan Pavlinec 
---
 libs/redis/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/redis/Makefile b/libs/redis/Makefile
index 5f0fdcd8f3d48..4878f36719dbf 100644
--- a/libs/redis/Makefile
+++ b/libs/redis/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=redis
-PKG_VERSION:=6.2.2
+PKG_VERSION:=6.2.3
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://download.redis.io/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535
+PKG_HASH:=98ed7d532b5e9671f5df0825bb71f0f37483a16546364049384c63db8764512b
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=BSD-3-Clause

From 7324845b2a407193af1b838d0bb441d5b519ade9 Mon Sep 17 00:00:00 2001
From: Alexander Egorenkov 
Date: Sat, 8 May 2021 12:44:45 +0200
Subject: [PATCH 197/221] libassuan: fix linking of host's libgpg-error

gpgrt-config is trying to use the host's /usr/lib path when looking for
libgpg-error. Therefore, disable it and gpg-error-config will be used
as a fallback.

Signed-off-by: Alexander Egorenkov 
---
 libs/libassuan/Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libs/libassuan/Makefile b/libs/libassuan/Makefile
index 5e1437f373f98..901f478575b42 100644
--- a/libs/libassuan/Makefile
+++ b/libs/libassuan/Makefile
@@ -32,6 +32,9 @@ protocol. This protocol is used for IPC between most newer GnuPG
 components. Both, server and client side functions are provided. 
 endef
 
+CONFIGURE_VARS += \
+		ac_cv_path_GPGRT_CONFIG="no"
+
 define Build/InstallDev
 	$(INSTALL_DIR) $(2)/bin $(1)/usr/bin
 	$(INSTALL_BIN) \

From e55fb37821af553a3ab97042448fe53bdc451899 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 12:39:39 -0500
Subject: [PATCH 198/221] grilo-plugins: update to 0.3.13

Signed-off-by: W. Michael Petullo 
---
 multimedia/grilo-plugins/Makefile                  |  9 ++++-----
 .../patches/001-no-help-po-tests.patch             | 14 --------------
 2 files changed, 4 insertions(+), 19 deletions(-)
 delete mode 100644 multimedia/grilo-plugins/patches/001-no-help-po-tests.patch

diff --git a/multimedia/grilo-plugins/Makefile b/multimedia/grilo-plugins/Makefile
index ebc8342f5f50a..3a769afb87c18 100644
--- a/multimedia/grilo-plugins/Makefile
+++ b/multimedia/grilo-plugins/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=grilo-plugins
-PKG_VERSION:=0.3.12
-PKG_RELEASE:=2
+PKG_VERSION:=0.3.13
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_LICENSE:=LGPLv2.1
@@ -15,7 +15,7 @@ PKG_LICENSE_FILES:=COPYING
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNOME/grilo-plugins/0.3/
-PKG_HASH:=c6b6df086a164d65c206d70139ce80591f8feca3545612e45b823fb4fe4b2577
+PKG_HASH:=1c4305d67364a930543836cc1982f30e946973b8ff6af3efe31d87709ab520f8
 
 PKG_INSTALL:=1
 PKG_BUILD_DEPENDS:=meson/host
@@ -53,7 +53,7 @@ MESON_ARGS += \
 	-Denable-flickr=no \
 	-Denable-freebox=no \
 	-Denable_gravatar=$(if $(CONFIG_PACKAGE_grilo-plugins-gravatar),yes,no) \
-	-Denable_jamendo=$(if $(CONFIG_PACKAGE_grilo-plugins-jamendo),yes,no) \
+	-Dhelp=no \
 	-Denable-local-metadata=no \
 	-Denable-lua-factory=no \
 	-Denable-magnatune=$(if $(CONFIG_PACKAGE_grilo-plugins-magnatune),yes,no) \
@@ -101,7 +101,6 @@ $(eval $(call BuildPlugin,chromaprint,Chromaprint,chromaprint,+libgstreamer1,30)
 $(eval $(call BuildPlugin,dleyna,DLNA sharing,dleyna,,30))
 $(eval $(call BuildPlugin,dmap,DAAP and DPAP sharing,daap dpap,libdmapsharing,30))
 $(eval $(call BuildPlugin,gravatar,Gravatar provider,gravatar,,30))
-$(eval $(call BuildPlugin,jamendo,Jamendo sharing,jamendo,,30))
 $(eval $(call BuildPlugin,magnatune,Magnatune sharing,magnatune,,30))
 $(eval $(call BuildPlugin,metadata-store,Metadata Store,metadatastore,,30))
 $(eval $(call BuildPlugin,opensubtitles,Open subtitles provider,opensubtitles,,30))
diff --git a/multimedia/grilo-plugins/patches/001-no-help-po-tests.patch b/multimedia/grilo-plugins/patches/001-no-help-po-tests.patch
deleted file mode 100644
index 9d069b8f10bd3..0000000000000
--- a/multimedia/grilo-plugins/patches/001-no-help-po-tests.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Fix build error on OpenWrt build servers. See:
-
-	https://github.com/openwrt/packages/pull/10433#issuecomment-549242840
-	https://github.com/mesonbuild/meson/issues/821
-
---- a/meson.build
-+++ b/meson.build
-@@ -192,6 +192,3 @@ gnome = import('gnome')
- rootdir = include_directories('.')
- 
- subdir('src')
--subdir('help')
--subdir('po')
--subdir('tests')

From 433cdff58ea0c8407b2b608785860a3ae6bc0498 Mon Sep 17 00:00:00 2001
From: Alexandru Ardelean 
Date: Mon, 10 May 2021 10:10:17 +0300
Subject: [PATCH 199/221] python3: bump version to 3.9.5

Refreshed Python patches.
Updated pip & setuptools version.

For pip, patch '001-pep517-pyc-fix.patch' was reworked.

Also, the current version of the bundled pip (21.1.1) no longer supports
Python2, so the 'py2.py3' suffix gets replaced with just py3.

For setuptools, there is no longer a script/module:
  https://github.com/pypa/setuptools/pull/2544

Signed-off-by: Alexandru Ardelean 
---
 lang/python/python3-version.mk                       |  6 +++---
 lang/python/python3/Makefile                         |  7 +++----
 .../python3/files/python3-package-setuptools.mk      |  4 ----
 .../python3/patches-pip/001-pep517-pyc-fix.patch     | 12 +++++-------
 .../patches/003-do-not-run-distutils-tests.patch     |  4 ++--
 ...13-getbuildinfo-date-time-source-date-epoch.patch |  4 ++--
 .../patches/014-remove-platform-so-suffix.patch      |  4 ++--
 .../python3/patches/016-adjust-config-paths.patch    | 10 +++++-----
 .../patches/025-choose-python-config-version.patch   |  2 +-
 9 files changed, 23 insertions(+), 30 deletions(-)

diff --git a/lang/python/python3-version.mk b/lang/python/python3-version.mk
index c2a645fda40c0..9cf078dfcb932 100644
--- a/lang/python/python3-version.mk
+++ b/lang/python/python3-version.mk
@@ -8,12 +8,12 @@
 # Note: keep in sync with setuptools & pip
 PYTHON3_VERSION_MAJOR:=3
 PYTHON3_VERSION_MINOR:=9
-PYTHON3_VERSION_MICRO:=4
+PYTHON3_VERSION_MICRO:=5
 
 PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR)
 
 PYTHON3_SETUPTOOLS_PKG_RELEASE:=1
 PYTHON3_PIP_PKG_RELEASE:=1
 
-PYTHON3_SETUPTOOLS_VERSION:=49.2.1
-PYTHON3_PIP_VERSION:=20.2.3
+PYTHON3_SETUPTOOLS_VERSION:=56.0.0
+PYTHON3_PIP_VERSION:=21.1.1
diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile
index 0975b86c7dbc5..ba1b6df5a5363 100644
--- a/lang/python/python3/Makefile
+++ b/lang/python/python3/Makefile
@@ -11,12 +11,12 @@ include $(TOPDIR)/rules.mk
 include ../python3-version.mk
 
 PKG_NAME:=python3
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
 
 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.python.org/ftp/python/$(PKG_VERSION)
-PKG_HASH:=4b0e6644a76f8df864ae24ac500a51bbf68bd098f6a173e27d3b61cdca9aa134
+PKG_HASH:=0c5a140665436ec3dbfbb79e2dfb6d192655f26ef4a29aeffcb6d1820d716d83
 
 PKG_MAINTAINER:=Alexandru Ardelean , Jeffery To 
 PKG_LICENSE:=Python/2.0
@@ -201,7 +201,7 @@ define Build/Compile/python3-pip
 		--ignore-installed \
 		--root=$(PKG_BUILD_DIR)/install-pip \
 		--prefix=/usr \
-		$(PKG_BUILD_DIR)/Lib/ensurepip/_bundled/pip-$(PYTHON3_PIP_VERSION)-py2.py3-none-any.whl
+		$(PKG_BUILD_DIR)/Lib/ensurepip/_bundled/pip-$(PYTHON3_PIP_VERSION)-py3-none-any.whl
 	$(call PatchDir,$(PKG_BUILD_DIR)/install-pip/usr/lib/python$(PYTHON3_VERSION)/site-packages,./patches-pip,)
 endef
 endif # CONFIG_PACKAGE_python3-pip
@@ -338,7 +338,6 @@ endef
 define Host/Install
 	$(if $(wildcard $(HOST_PYTHON3_PKG_DIR)/.setuptools_installed_$(PYTHON3_SETUPTOOLS_VERSION)-$(PYTHON3_SETUPTOOLS_PKG_RELEASE)),,
 		rm -rf \
-			$(HOST_PYTHON3_PKG_DIR)/easy_install.py \
 			$(HOST_PYTHON3_PKG_DIR)/pkg_resources \
 			$(HOST_PYTHON3_PKG_DIR)/setuptools \
 			$(HOST_PYTHON3_PKG_DIR)/setuptools-* \
diff --git a/lang/python/python3/files/python3-package-setuptools.mk b/lang/python/python3/files/python3-package-setuptools.mk
index 39d71c1c0fa64..33cf46a19768e 100644
--- a/lang/python/python3/files/python3-package-setuptools.mk
+++ b/lang/python/python3/files/python3-package-setuptools.mk
@@ -17,13 +17,9 @@ endef
 
 define Py3Package/python3-setuptools/install
 	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages
-	$(CP) $(PKG_BUILD_DIR)/install-setuptools/usr/bin/easy_install-* $(1)/usr/bin
-	$(LN) easy_install-$(PYTHON3_VERSION) $(1)/usr/bin/easy_install-3
-	$(LN) easy_install-$(PYTHON3_VERSION) $(1)/usr/bin/easy_install
 	$(CP) \
 		$(PKG_BUILD_DIR)/install-setuptools/usr/lib/python$(PYTHON3_VERSION)/site-packages/setuptools \
 		$(PKG_BUILD_DIR)/install-setuptools/usr/lib/python$(PYTHON3_VERSION)/site-packages/setuptools-$(PYTHON3_SETUPTOOLS_VERSION).dist-info \
-		$(PKG_BUILD_DIR)/install-setuptools/usr/lib/python$(PYTHON3_VERSION)/site-packages/easy_install.py \
 		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages
 	find $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/ -path '*/__pycache__/*' -delete
 	find $(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/ -type d -name __pycache__ -delete
diff --git a/lang/python/python3/patches-pip/001-pep517-pyc-fix.patch b/lang/python/python3/patches-pip/001-pep517-pyc-fix.patch
index b07cdd19ec033..e600b0a30e4b3 100644
--- a/lang/python/python3/patches-pip/001-pep517-pyc-fix.patch
+++ b/lang/python/python3/patches-pip/001-pep517-pyc-fix.patch
@@ -1,7 +1,8 @@
-diff -Nurp a/pip/_vendor/pep517/wrappers.py b/pip/_vendor/pep517/wrappers.py
---- a/pip/_vendor/pep517/wrappers.py	2020-05-19 10:39:38.000000000 +0800
-+++ b/pip/_vendor/pep517/wrappers.py	2020-06-30 20:19:05.495033208 +0800
-@@ -14,11 +14,16 @@ try:
+diff --git a/pip/_vendor/pep517/in_process/__init__.py b/pip/_vendor/pep517/in_process/__init__.py
+index c932313..a01143b 100644
+--- a/pip/_vendor/pep517/in_process/__init__.py
++++ b/pip/_vendor/pep517/in_process/__init__.py
+@@ -10,8 +10,13 @@ try:
      import importlib.resources as resources
  
      def _in_proc_script_path():
@@ -17,6 +18,3 @@ diff -Nurp a/pip/_vendor/pep517/wrappers.py b/pip/_vendor/pep517/wrappers.py
 +        if not os.path.isfile(_in_proc_script):
 +            _in_proc_script = pjoin(dirname(abspath(__file__)), '_in_process.pyc')
 +        yield _in_proc_script
- 
- 
- @contextmanager
diff --git a/lang/python/python3/patches/003-do-not-run-distutils-tests.patch b/lang/python/python3/patches/003-do-not-run-distutils-tests.patch
index a1a7a23c6e900..544fdbed8a4c3 100644
--- a/lang/python/python3/patches/003-do-not-run-distutils-tests.patch
+++ b/lang/python/python3/patches/003-do-not-run-distutils-tests.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1526,6 +1526,7 @@ libinstall:	build_all $(srcdir)/Modules/
+@@ -1546,6 +1546,7 @@ libinstall:	build_all $(srcdir)/Modules/
  	$(INSTALL_DATA) `cat pybuilddir.txt`/_sysconfigdata_$(ABIFLAGS)_$(MACHDEP)_$(MULTIARCH).py \
  		$(DESTDIR)$(LIBDEST); \
  	$(INSTALL_DATA) $(srcdir)/LICENSE $(DESTDIR)$(LIBDEST)/LICENSE.txt
@@ -8,7 +8,7 @@
  	if test -d $(DESTDIR)$(LIBDEST)/distutils/tests; then \
  		$(INSTALL_DATA) $(srcdir)/Modules/xxmodule.c \
  			$(DESTDIR)$(LIBDEST)/distutils/tests ; \
-@@ -1561,6 +1562,7 @@ libinstall:	build_all $(srcdir)/Modules/
+@@ -1581,6 +1582,7 @@ libinstall:	build_all $(srcdir)/Modules/
  		$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/Grammar.txt
  	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
  		$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/PatternGrammar.txt
diff --git a/lang/python/python3/patches/013-getbuildinfo-date-time-source-date-epoch.patch b/lang/python/python3/patches/013-getbuildinfo-date-time-source-date-epoch.patch
index 535c73673a316..0a987d6b4d89e 100644
--- a/lang/python/python3/patches/013-getbuildinfo-date-time-source-date-epoch.patch
+++ b/lang/python/python3/patches/013-getbuildinfo-date-time-source-date-epoch.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -764,6 +764,16 @@ regen-all: regen-opcode regen-opcode-tar
+@@ -774,6 +774,16 @@ regen-all: regen-opcode regen-opcode-tar
  ############################################################################
  # Special rules for object files
  
@@ -17,7 +17,7 @@
  Modules/getbuildinfo.o: $(PARSER_OBJS) \
  		$(OBJECT_OBJS) \
  		$(PYTHON_OBJS) \
-@@ -772,6 +782,8 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
+@@ -782,6 +792,8 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
  		$(DTRACE_OBJS) \
  		$(srcdir)/Modules/getbuildinfo.c
  	$(CC) -c $(PY_CORE_CFLAGS) \
diff --git a/lang/python/python3/patches/014-remove-platform-so-suffix.patch b/lang/python/python3/patches/014-remove-platform-so-suffix.patch
index 8a03d4f104661..74b68b5ec528d 100644
--- a/lang/python/python3/patches/014-remove-platform-so-suffix.patch
+++ b/lang/python/python3/patches/014-remove-platform-so-suffix.patch
@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -15366,7 +15366,7 @@ $as_echo_n "checking ABIFLAGS... " >&6;
+@@ -15371,7 +15371,7 @@ $as_echo_n "checking ABIFLAGS... " >&6;
  $as_echo "$ABIFLAGS" >&6; }
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking SOABI" >&5
  $as_echo_n "checking SOABI... " >&6; }
@@ -11,7 +11,7 @@
  
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4777,7 +4777,7 @@ AC_SUBST(SOABI)
+@@ -4781,7 +4781,7 @@ AC_SUBST(SOABI)
  AC_MSG_CHECKING(ABIFLAGS)
  AC_MSG_RESULT($ABIFLAGS)
  AC_MSG_CHECKING(SOABI)
diff --git a/lang/python/python3/patches/016-adjust-config-paths.patch b/lang/python/python3/patches/016-adjust-config-paths.patch
index be11085dac6d9..a1f60e879a4cc 100644
--- a/lang/python/python3/patches/016-adjust-config-paths.patch
+++ b/lang/python/python3/patches/016-adjust-config-paths.patch
@@ -20,7 +20,7 @@
          abi=sys.abiflags,
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1535,7 +1535,7 @@ libinstall:	build_all $(srcdir)/Modules/
+@@ -1555,7 +1555,7 @@ libinstall:	build_all $(srcdir)/Modules/
  			esac; \
  		done; \
  	done
@@ -29,7 +29,7 @@
  		$(DESTDIR)$(LIBDEST); \
  	$(INSTALL_DATA) $(srcdir)/LICENSE $(DESTDIR)$(LIBDEST)/LICENSE.txt
  ifeq (@COMPILE_ALL_TESTS@,yes)
-@@ -1693,7 +1693,7 @@ sharedinstall: sharedmods
+@@ -1713,7 +1713,7 @@ sharedinstall: sharedmods
  		--install-scripts=$(BINDIR) \
  		--install-platlib=$(DESTSHARED) \
  		--root=$(DESTDIR)/
@@ -40,7 +40,7 @@
  # Here are a couple of targets for MacOSX again, to install a full
 --- a/configure
 +++ b/configure
-@@ -2977,7 +2977,7 @@ $as_echo_n "checking for python interpre
+@@ -2979,7 +2979,7 @@ $as_echo_n "checking for python interpre
  	fi
          { $as_echo "$as_me:${as_lineno-$LINENO}: result: $interp" >&5
  $as_echo "$interp" >&6; }
@@ -49,7 +49,7 @@
      fi
  elif test "$cross_compiling" = maybe; then
      as_fn_error $? "Cross compiling required --host=HOST-TUPLE and --build=ARCH" "$LINENO" 5
-@@ -15436,7 +15436,7 @@ fi
+@@ -15441,7 +15441,7 @@ fi
  
  
  
@@ -69,7 +69,7 @@
      fi
  elif test "$cross_compiling" = maybe; then
      AC_MSG_ERROR([Cross compiling required --host=HOST-TUPLE and --build=ARCH])
-@@ -4835,7 +4835,7 @@ fi],
+@@ -4839,7 +4839,7 @@ fi],
  
  dnl define LIBPL after ABIFLAGS and LDVERSION is defined.
  AC_SUBST(PY_ENABLE_SHARED)
diff --git a/lang/python/python3/patches/025-choose-python-config-version.patch b/lang/python/python3/patches/025-choose-python-config-version.patch
index 684c839c86db7..cfca3236f2df5 100644
--- a/lang/python/python3/patches/025-choose-python-config-version.patch
+++ b/lang/python/python3/patches/025-choose-python-config-version.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1587,7 +1587,7 @@ python-config: $(srcdir)/Misc/python-con
+@@ -1607,7 +1607,7 @@ python-config: $(srcdir)/Misc/python-con
  	@ # On Darwin, always use the python version of the script, the shell
  	@ # version doesn't use the compiler customizations that are provided
  	@ # in python (_osx_support.py).

From 33d3b234cf18f93a80803637087f325c4ee0e692 Mon Sep 17 00:00:00 2001
From: Tianling Shen 
Date: Tue, 11 May 2021 21:38:31 +0800
Subject: [PATCH 200/221] yq: Update to 4.8.0

Signed-off-by: Tianling Shen 
---
 utils/yq/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/yq/Makefile b/utils/yq/Makefile
index 1880342a5dbe0..1e871120c792d 100644
--- a/utils/yq/Makefile
+++ b/utils/yq/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=yq
-PKG_VERSION:=4.7.1
+PKG_VERSION:=4.8.0
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=19a7c43aaac678065f436ddfdf8b0a75dd3883984f4b9548cabdf53eb09932f9
+PKG_HASH:=bc95ceacb4857890363d83c234ed6ca225cec385500f09783de6f91a2ca08ea4
 
 PKG_MAINTAINER:=Tianling Shen 
 PKG_LICENSE:=MIT

From 4ae8683e03a50bdcbd5dfc7d875a188a903315d4 Mon Sep 17 00:00:00 2001
From: Jan Pavlinec 
Date: Tue, 11 May 2021 10:28:09 +0200
Subject: [PATCH 201/221] knot-resolver: update to version 5.3.2

Signed-off-by: Jan Pavlinec 
---
 net/knot-resolver/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/knot-resolver/Makefile b/net/knot-resolver/Makefile
index 081b076ebb28d..89db36fb011d7 100644
--- a/net/knot-resolver/Makefile
+++ b/net/knot-resolver/Makefile
@@ -10,12 +10,12 @@ PKG_RELRO_FULL:=0
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=knot-resolver
-PKG_VERSION:=5.3.1
+PKG_VERSION:=5.3.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver
-PKG_HASH:=9d4d6b7bcdf114acc948e5ee68c83fcbb3944f48a13b9751dbbbc190cdd729c9
+PKG_HASH:=8b6f447d5fe93422d4c129a2d4004a977369c3aa6e55258ead1cbd488bc01436
 
 PKG_MAINTAINER:=Jan Pavlinec 
 PKG_LICENSE:=GPL-3.0-later

From d65c7a4b72a78ecc273b091c0ca0d5c048f779e8 Mon Sep 17 00:00:00 2001
From: Dobroslaw Kijowski 
Date: Mon, 10 May 2021 12:41:39 +0200
Subject: [PATCH 202/221] adguardhome: bump to 0.106.2

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.2

Signed-off-by: Dobroslaw Kijowski 
---
 net/adguardhome/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/adguardhome/Makefile b/net/adguardhome/Makefile
index a780868996979..5eb6e37fd1f58 100644
--- a/net/adguardhome/Makefile
+++ b/net/adguardhome/Makefile
@@ -6,13 +6,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=adguardhome
-PKG_VERSION:=0.106.1
+PKG_VERSION:=0.106.2
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
-PKG_MIRROR_HASH:=631ed8d671827e78dffaec94d21a69ec9dcda80ef843057592167b8be6edd780
+PKG_MIRROR_HASH:=14bc92941fa72a7d65dd6e561dc153cbbe06d2b95de4b5266671b65d464da7e7
 
 PKG_LICENSE:=GPL-3.0-only
 PKG_LICENSE_FILES:=LICENSE.txt

From 63cda93f70cfa60b53b80b26f345aaec4216b58d Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Tue, 11 May 2021 10:16:18 -0500
Subject: [PATCH 203/221] gstreamer1: update to 1.18.4

Signed-off-by: W. Michael Petullo 
---
 multimedia/gstreamer1/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/multimedia/gstreamer1/Makefile b/multimedia/gstreamer1/Makefile
index f119cf2e8ccf5..4439e3e81292a 100644
--- a/multimedia/gstreamer1/Makefile
+++ b/multimedia/gstreamer1/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gstreamer1
-PKG_VERSION:=1.18.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.18.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=gstreamer-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gstreamer
-PKG_HASH:=79df8de21f284a105a5c1568527f8c559c583c85c0f2bd7bdb5b0372b8beecba
+PKG_HASH:=9aeec99b38e310817012aa2d1d76573b787af47f8a725a65b833880a094dfbc5
 PKG_BUILD_DIR:=$(BUILD_DIR)/gstreamer-$(PKG_VERSION)
 
 PKG_MAINTAINER:=W. Michael Petullo  \

From 5e52676b15e98755fcae14c7b46d533c74bc942d Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Tue, 11 May 2021 10:16:32 -0500
Subject: [PATCH 204/221] gst1-plugins-base: update to 1.18.4

Signed-off-by: W. Michael Petullo 
---
 multimedia/gst1-plugins-base/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/multimedia/gst1-plugins-base/Makefile b/multimedia/gst1-plugins-base/Makefile
index acdcdb57591cd..3954576a639c9 100644
--- a/multimedia/gst1-plugins-base/Makefile
+++ b/multimedia/gst1-plugins-base/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gst1-plugins-base
-PKG_VERSION:=1.18.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.18.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=gst-plugins-base-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-plugins-base
-PKG_HASH:=1ba654d7de30f7284b4c7071b32f881b609733ce02ab6d9d9ea29386a036c641
+PKG_HASH:=29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323
 PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-base-$(PKG_VERSION)
 
 PKG_MAINTAINER:=W. Michael Petullo  \

From e336203577cefcbc8e6778538d68ba2c72c7d678 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Tue, 11 May 2021 10:16:51 -0500
Subject: [PATCH 205/221] gst1-plugins-good: update to 1.18.4

Signed-off-by: W. Michael Petullo 
---
 multimedia/gst1-plugins-good/Makefile                    | 6 +++---
 multimedia/gst1-plugins-good/patches/010-distutils.patch | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/multimedia/gst1-plugins-good/Makefile b/multimedia/gst1-plugins-good/Makefile
index 31c267b707699..bace18d3bdea6 100644
--- a/multimedia/gst1-plugins-good/Makefile
+++ b/multimedia/gst1-plugins-good/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gst1-plugins-good
-PKG_VERSION:=1.18.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.18.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=gst-plugins-good-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-plugins-good/
-PKG_HASH:=e210e91a5590ecb6accc9d06c949a58ca6897d8edb3b3d55828e424c624f626c
+PKG_HASH:=b6e50e3a9bbcd56ee6ec71c33aa8332cc9c926b0c1fae995aac8b3040ebe39b0
 PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-good-$(PKG_VERSION)
 
 PKG_MAINTAINER:=W. Michael Petullo  \
diff --git a/multimedia/gst1-plugins-good/patches/010-distutils.patch b/multimedia/gst1-plugins-good/patches/010-distutils.patch
index ae39b912ecdff..3fa41d6b775ef 100644
--- a/multimedia/gst1-plugins-good/patches/010-distutils.patch
+++ b/multimedia/gst1-plugins-good/patches/010-distutils.patch
@@ -1,6 +1,6 @@
 --- a/meson.build
 +++ b/meson.build
-@@ -424,7 +424,7 @@ endif
+@@ -422,7 +422,7 @@ endif
  
  presetdir = join_paths(get_option('datadir'), 'gstreamer-' + api_version, 'presets')
  

From 93cc9ba69811a4b3fcf111702dbcb653a401e431 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Tue, 11 May 2021 10:17:00 -0500
Subject: [PATCH 206/221] gst1-plugins-bad: update to 1.18.4

Signed-off-by: W. Michael Petullo 
---
 multimedia/gst1-plugins-bad/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/multimedia/gst1-plugins-bad/Makefile b/multimedia/gst1-plugins-bad/Makefile
index b51b544848c74..27efc41c3dc0e 100644
--- a/multimedia/gst1-plugins-bad/Makefile
+++ b/multimedia/gst1-plugins-bad/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gst1-plugins-bad
-PKG_VERSION:=1.18.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.18.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=gst-plugins-bad-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://gstreamer.freedesktop.org/src/gst-plugins-bad/
-PKG_HASH:=c195978c85d97406c05eb9d43ac54b9ab35eda6ffdae32b3ed597b8f1743c1b2
+PKG_HASH:=74e806bc5595b18c70e9ca93571e27e79dfb808e5d2e7967afa952b52e99c85f
 PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-bad-$(PKG_VERSION)
 
 PKG_MAINTAINER:=W. Michael Petullo  \

From 51f5a99c84836964daeb58421a4957f0ae209fef Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Tue, 11 May 2021 10:17:09 -0500
Subject: [PATCH 207/221] gst1-plugins-ugly: update to 1.18.4

Signed-off-by: W. Michael Petullo 
---
 multimedia/gst1-plugins-ugly/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/multimedia/gst1-plugins-ugly/Makefile b/multimedia/gst1-plugins-ugly/Makefile
index 569118932d893..c32dec8703027 100644
--- a/multimedia/gst1-plugins-ugly/Makefile
+++ b/multimedia/gst1-plugins-ugly/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gst1-plugins-ugly
-PKG_VERSION:=1.18.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.18.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=gst-plugins-ugly-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-plugins-ugly
-PKG_HASH:=18cd6cb829eb9611ca63cbcbf46aca0f0de1dd28b2df18caa2834326a75ff725
+PKG_HASH:=218df0ce0d31e8ca9cdeb01a3b0c573172cc9c21bb3d41811c7820145623d13c
 PKG_BUILD_DIR:=$(BUILD_DIR)/gst-plugins-ugly-$(PKG_VERSION)
 
 PKG_MAINTAINER:=W. Michael Petullo  \

From 33059b39e555c83e16cb8df9113e005f7fe9610e Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Tue, 11 May 2021 10:17:20 -0500
Subject: [PATCH 208/221] gst1-libav: update to 1.18.4

Signed-off-by: W. Michael Petullo 
---
 multimedia/gst1-libav/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/multimedia/gst1-libav/Makefile b/multimedia/gst1-libav/Makefile
index 9d65a7de3ccf4..419026d95b53f 100644
--- a/multimedia/gst1-libav/Makefile
+++ b/multimedia/gst1-libav/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gst1-libav
-PKG_VERSION:=1.18.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.18.4
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=gst-libav-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://gstreamer.freedesktop.org/src/gst-libav
-PKG_HASH:=39a717bc2613efbbba19df3cf5cacff0987471fc8281ba2c5dcdeaded79c2ed8
+PKG_HASH:=344a463badca216c2cef6ee36f9510c190862bdee48dc4591c0a430df7e8c396
 PKG_BUILD_DIR:=$(BUILD_DIR)/gst-libav-$(PKG_VERSION)
 
 PKG_MAINTAINER:=W. Michael Petullo  \

From 3a893af7168cc3a6d063c8d9b14ab47724988190 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 21:44:23 -0500
Subject: [PATCH 209/221] libdaq3: update to 3.0.3

Signed-off-by: W. Michael Petullo 
---
 libs/libdaq3/Makefile | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/libs/libdaq3/Makefile b/libs/libdaq3/Makefile
index 5cfef76ab9777..5cfc855ee8a07 100644
--- a/libs/libdaq3/Makefile
+++ b/libs/libdaq3/Makefile
@@ -8,16 +8,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libdaq3
-PKG_VERSION:=3.0.0
-PKG_RELEASE:=2
+PKG_VERSION:=3.0.3
+PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.snort.org/downloads/snortplus/
-PKG_HASH:=4de807ab8c622e9ef8e0cfaa8dbd9231ece17d14dc9ebaa63add800475347b99
-PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION)
+PKG_MAINTAINER:=W. Michael Petullo 
 
 PKG_LICENSE:=GPL-2.0-only
-PKG_MAINTAINER:=W. Michael Petullo 
+
+PKG_SOURCE:=libdaq-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/snort3/libdaq/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=920344f5c98ac68b401d1bc92ebaed78b0d15779b0480c213db279d0a60acc32
+PKG_BUILD_DIR:=$(BUILD_DIR)/libdaq-$(PKG_VERSION)
 
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1

From 144c9ba9be8595e5a33418794af4e1f950f6a33c Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Mon, 10 May 2021 22:22:23 -0500
Subject: [PATCH 210/221] snort3: update to 3.1.4.0

Signed-off-by: W. Michael Petullo 
---
 net/snort3/Makefile                         | 12 ++++++------
 net/snort3/patches/010-update-openssl.patch | 21 +++++++++++++++++++++
 2 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 net/snort3/patches/010-update-openssl.patch

diff --git a/net/snort3/Makefile b/net/snort3/Makefile
index 24e1ead5012a5..8ccb3f5e754d7 100644
--- a/net/snort3/Makefile
+++ b/net/snort3/Makefile
@@ -6,13 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=snort3
-PKG_VERSION:=3.1.0.0
-PKG_RELEASE:=2
+PKG_VERSION:=3.1.4.0
+PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.snort.org/downloads/snortplus/
-PKG_HASH:=c4e2e78e3afa879d7e35e482afe42a6c4b96ed26198a9979edf7953b5151ccbf
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
+PKG_HASH:=a68af8ea46a038dfb0ad489e8d11dee62a3e63cb4a639f6bb4fac4ded955fe11
 
 PKG_MAINTAINER:=W. Michael Petullo 
 PKG_LICENSE:=GPL-2.0-only
@@ -45,6 +44,7 @@ CMAKE_OPTIONS += \
 	-DENABLE_STATIC_DAQ:BOOL=NO \
 	-DDAQ_INCLUDE_DIR=$(STAGING_DIR)/usr/include/daq3 \
 	-DDAQ_LIBRARIES_DIR_HINT:PATH=$(STAGING_DIR)/usr/lib/daq3 \
+	-DFLEX_INCLUDES:PATH=$(STAGING_DIR_HOST)/include \
 	-DENABLE_COREFILES:BOOL=NO \
 	-DENABLE_GDB:BOOL=NO \
 	-DMAKE_DOC:BOOL=NO \
diff --git a/net/snort3/patches/010-update-openssl.patch b/net/snort3/patches/010-update-openssl.patch
new file mode 100644
index 0000000000000..9c18d349bc4a2
--- /dev/null
+++ b/net/snort3/patches/010-update-openssl.patch
@@ -0,0 +1,21 @@
+--- a/src/network_inspectors/appid/appid_inspector.cc
++++ b/src/network_inspectors/appid/appid_inspector.cc
+@@ -64,7 +64,6 @@ static THREAD_LOCAL PacketTracer::Tracer
+ //           should probably be done outside of appid
+ static void openssl_cleanup()
+ {
+-    CRYPTO_cleanup_all_ex_data();
+ }
+ 
+ static void populate_trace_data(Flow& flow, const OdpContext& odp_context)
+--- a/src/utils/util.cc
++++ b/src/utils/util.cc
+@@ -111,7 +111,7 @@ int DisplayBanner()
+     LogMessage("           Copyright (C) 1998-2013 Sourcefire, Inc., et al.\n");
+     LogMessage("           Using DAQ version %s\n", daq_version_string());
+     LogMessage("           Using LuaJIT version %s\n", ljv);
+-    LogMessage("           Using %s\n", SSLeay_version(SSLEAY_VERSION));
++    LogMessage("           Using %s\n", OpenSSL_version(SSLEAY_VERSION));
+     LogMessage("           Using %s\n", pcap_lib_version());
+     LogMessage("           Using PCRE version %s\n", pcre_version());
+     LogMessage("           Using ZLIB version %s\n", zlib_version);

From 9ff0b2be96242cb3de45a6fcc0e88b10b6af9d2e Mon Sep 17 00:00:00 2001
From: Javier Marcet 
Date: Tue, 11 May 2021 12:20:26 +0000
Subject: [PATCH 211/221] docker-compose: Update to version 1.29.2

Miscellaneous:

- Remove prompt to use docker compose in the up command

- Bump py to 1.10.0 in requirements-indirect.txt

Signed-off-by: Javier Marcet 
---
 utils/docker-compose/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/docker-compose/Makefile b/utils/docker-compose/Makefile
index d20f1f3057588..82bdbe9394a70 100644
--- a/utils/docker-compose/Makefile
+++ b/utils/docker-compose/Makefile
@@ -1,11 +1,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=docker-compose
-PKG_VERSION:=1.29.1
+PKG_VERSION:=1.29.2
 PKG_RELEASE:=1
 
 PYPI_NAME:=docker-compose
-PKG_HASH:=d2064934f5084db8a0c4805e226447bf1fd0c928419be95afb6bd1866838c1f1
+PKG_HASH:=4c8cd9d21d237412793d18bd33110049ee9af8dab3fe2c213bbd0733959b09b7
 
 PKG_MAINTAINER:=Javier Marcet 
 PKG_LICENSE:=Apache-2.0

From f19d4569f02fb7268692253f2f0a46d19ef19229 Mon Sep 17 00:00:00 2001
From: "W. Michael Petullo" 
Date: Wed, 12 May 2021 22:15:50 -0500
Subject: [PATCH 212/221] libgpg-error: patch to fix cross-compile

Paul Blazejowski discovered that the recent update to this package broke
cross-compiling for some OpenWrt platforms. This backports commit 33593864
(March 26, 2021) from the upstream libgpg-error project to fix this
problem.

Signed-off-by: W. Michael Petullo 
---
 .../patches/020-build-fix-generation.patch    | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 libs/libgpg-error/patches/020-build-fix-generation.patch

diff --git a/libs/libgpg-error/patches/020-build-fix-generation.patch b/libs/libgpg-error/patches/020-build-fix-generation.patch
new file mode 100644
index 0000000000000..ddbf02ca267d9
--- /dev/null
+++ b/libs/libgpg-error/patches/020-build-fix-generation.patch
@@ -0,0 +1,27 @@
+From 33593864cd54143db594c4237bba41e14179061c Mon Sep 17 00:00:00 2001
+From: David Michael 
+Date: Fri, 26 Mar 2021 16:06:50 +0900
+Subject: [PATCH 1/2] build: Fix generation of lock-obj-pub.native.h for cross
+ build.
+
+* src/gen-lock-obj.sh: Capture echo output with quotes.
+
+--
+
+Fixes-commit: 99ae862a96a569724f49a604ebb7d3f6d2c2d374
+Signed-off-by: David Michael 
+---
+ src/gen-lock-obj.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/gen-lock-obj.sh
++++ b/src/gen-lock-obj.sh
+@@ -38,7 +38,7 @@
+ #     AWK=gawk ./gen-lock-obj.sh
+ #
+ 
+-if test -n `echo -n`; then
++if test -n "`echo -n`"; then
+     ECHO_C='\c'
+     ECHO_N=''
+ else

From e9a9a9fd657077b55fc580fbbc280f2abb1d5768 Mon Sep 17 00:00:00 2001
From: Jan Hak 
Date: Thu, 13 May 2021 09:32:01 +0200
Subject: [PATCH 213/221] knot: update to version 3.0.6

Signed-off-by: Jan Hak 
---
 net/knot/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/knot/Makefile b/net/knot/Makefile
index c00f6b85c5900..5183ba17eb2e9 100644
--- a/net/knot/Makefile
+++ b/net/knot/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=knot
-PKG_VERSION:=3.0.5
+PKG_VERSION:=3.0.6
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
-PKG_HASH:=695e7d7a0abefc5a8fd01f3b3080f030f33b0948215f84cd4892c6d904390802
+PKG_HASH:=63756ac5a00c3e4a066ed231a287faef5963a9183d77326e30bf0644cdf74f86
 
 PKG_MAINTAINER:=Daniel Salzman 
 PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8

From 18bc24c7689d763f5faceb8f11ffce59a05096e1 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar 
Date: Thu, 13 May 2021 17:54:32 +0200
Subject: [PATCH 214/221] chrony: update to 4.1

Signed-off-by: Miroslav Lichvar 
---
 net/chrony/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/chrony/Makefile b/net/chrony/Makefile
index 41837a051cc15..f2f01fef49b2d 100644
--- a/net/chrony/Makefile
+++ b/net/chrony/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=chrony
-PKG_VERSION:=4.0
-PKG_RELEASE:=3
+PKG_VERSION:=4.1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://download.tuxfamily.org/chrony/
-PKG_HASH:=be27ea14c55e7a4434b2fa51d53018c7051c42fa6a3198c9aa6a1658bae0c625
+PKG_HASH:=ed76f2d3f9347ac6221a91ad4bd553dd0565ac188cd7490d0801d08f7171164c
 
 PKG_MAINTAINER:=Miroslav Lichvar 
 PKG_LICENSE:=GPL-2.0

From a30c6020b3641d568bf9664eeaf347d39d36b14a Mon Sep 17 00:00:00 2001
From: Ansuel Smith 
Date: Wed, 12 May 2021 00:27:31 +0200
Subject: [PATCH 215/221] atlas-sw-probe: fix missing link on sysupgrade

Recreate symbolic link if it's missing after a sysupgrade with a private and public key present in /etc/atlas/

Signed-off-by: Ansuel Smith 
---
 net/atlas-sw-probe/Makefile         | 2 +-
 net/atlas-sw-probe/files/atlas.init | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/net/atlas-sw-probe/Makefile b/net/atlas-sw-probe/Makefile
index 41043749c5f28..13f224a4f78ff 100644
--- a/net/atlas-sw-probe/Makefile
+++ b/net/atlas-sw-probe/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=atlas-sw-probe
 PKG_VERSION:=5020
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
diff --git a/net/atlas-sw-probe/files/atlas.init b/net/atlas-sw-probe/files/atlas.init
index bc826c00290ab..a833a9510cbe4 100644
--- a/net/atlas-sw-probe/files/atlas.init
+++ b/net/atlas-sw-probe/files/atlas.init
@@ -207,7 +207,16 @@ start_service() {
 	local log_stdout
 	local rxtxrpt
 	local test_setting
+	local probe_key=/etc/atlas/probe_key
+	local probe_pub_key=/etc/atlas/probe_key.pub
+
+	# The link is not saved across sysupgrade, recreate if missing
+	if [ ! -f $PRIV_KEY_FILE ]; then
+		[ -f $probe_key ] && ln -s $probe_key $PRIV_KEY_FILE
+		[ -f $probe_pub_key ] && ln -s $probe_pub_key $PUB_KEY_FILE
+	fi
 
+	# With the precheck done, check if the priv key is actually present
 	if [ ! -f $PRIV_KEY_FILE ]; then
 		print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme"
 		print_msg "Assuming atlas-sw-probe not init. Exiting..."

From 165b1b83198609bdc7fbf1261dd1e6c891911e59 Mon Sep 17 00:00:00 2001
From: Igor Bezzubchenko 
Date: Thu, 13 May 2021 08:52:40 +0300
Subject: [PATCH 216/221] libpqxx: update to version 7.5.2

Signed-off-by: Igor Bezzubchenko 
---
 libs/libpqxx/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/libpqxx/Makefile b/libs/libpqxx/Makefile
index e85c29021751e..cb197e48229df 100644
--- a/libs/libpqxx/Makefile
+++ b/libs/libpqxx/Makefile
@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libpqxx
-PKG_VERSION:=7.4.1
+PKG_VERSION:=7.5.2
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/jtv/libpqxx
 PKG_SOURCE_VERSION:=$(PKG_VERSION)
-PKG_MIRROR_HASH:=fa7528342ac9bd9c9aacc5888362860efeacf7e866699f38afdd178fa41c2e23
+PKG_MIRROR_HASH:=9f7fc055f16289e871f8ff59b7fe085f5eab34264503671f357ef71d5f1bbc02
 
 CMAKE_INSTALL:=1
 

From d8faffb9e6168691f4f8c97997575ca3fb669388 Mon Sep 17 00:00:00 2001
From: Matt Reeve 
Date: Wed, 12 May 2021 14:28:22 +0100
Subject: [PATCH 217/221] rsync: Add rrsync script

Rrsync is a perl script that is supplied as an extra with the rsync program.
It must be used in conjunction with openssh-server or openssh-server-pam
as it requires ~/.ssh/authorized_keys which is not supported by dropbear.

Rrsync allows selective access to subdirectories in either read-only, write-only or read-write,
depending on settings in authorized_keys. This allows for safe, restrictive access.
It's particularly useful for automated backup purposes.

An example usage would be this entry:

command="/usr/bin/rrsync -ro /home" 

This would allow a system connecting with this public key to be able to rsync FROM the
/home directory tree only. It could not write to this directory, nor read from any other directory.

Signed-off-by: Matt Reeve 
---
 net/rsync/Makefile | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/net/rsync/Makefile b/net/rsync/Makefile
index 5d3235a69338f..ca5257d036a6c 100644
--- a/net/rsync/Makefile
+++ b/net/rsync/Makefile
@@ -69,6 +69,15 @@ define Package/rsyncd
   URL:=https://rsync.samba.org/
 endef
 
+define Package/rrsync
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=File Transfer
+  TITLE:=Restricted rsync script
+  DEPENDS:=+rsync +perlbase-file +perl @(PACKAGE_openssh-server||PACKAGE_openssh-server-pam)
+  URL:=https://www.samba.org/ftp/unpacked/rsync/support/rrsync
+endef
+
 define Package/rsync/description
  rsync is a program that allows files to be copied to and from remote machines
  in much the same way as rcp. It has many more options than rcp, and uses the
@@ -100,5 +109,17 @@ define Package/rsyncd/install
 	$(INSTALL_BIN) ./files/rsyncd.init $(1)/etc/init.d/rsyncd
 endef
 
+define Package/rrsync/description
+  rrsync is a script which wraps around rsync to restrict its permission to a
+  particular subdirectory via ~/.ssh/authorized_keys and/or to read-only
+  or write-only mode
+endef
+
+define Package/rrsync/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/support/rrsync $(1)/usr/bin
+endef
+
 $(eval $(call BuildPackage,rsync))
 $(eval $(call BuildPackage,rsyncd))
+$(eval $(call BuildPackage,rrsync))

From 177bbf751a49853d39994845aeb4b52d028c07e8 Mon Sep 17 00:00:00 2001
From: Philip Prindeville 
Date: Mon, 10 May 2021 22:04:01 -0600
Subject: [PATCH 218/221] strongswan: make default bundle use swanctl

Signed-off-by: Philip Prindeville 
---
 net/strongswan/Makefile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index 3ec33c6f54302..f68bf1b98d71d 100644
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -248,7 +248,6 @@ $(call Package/strongswan/Default)
   TITLE+= (default)
   DEPENDS:= strongswan \
 	+strongswan-charon \
-	+strongswan-ipsec \
 	+strongswan-mod-aes \
 	+strongswan-mod-attr \
 	+strongswan-mod-connmark \
@@ -273,11 +272,11 @@ $(call Package/strongswan/Default)
 	+strongswan-mod-sha2 \
 	+strongswan-mod-socket-default \
 	+strongswan-mod-sshkey \
-	+strongswan-mod-stroke \
 	+strongswan-mod-updown \
 	+strongswan-mod-x509 \
 	+strongswan-mod-xauth-generic \
-	+strongswan-mod-xcbc
+	+strongswan-mod-xcbc \
+	+strongswan-swanctl
 endef
 
 define Package/strongswan-default/description

From 3c470036aaf31b93d592976231375d847d5472e8 Mon Sep 17 00:00:00 2001
From: Hirokazu MORIKAWA 
Date: Thu, 13 May 2021 13:19:24 +0900
Subject: [PATCH 219/221] node: bump to v14.17.0

Notable Changes:
Diagnostics channel (experimental module)
UUID support in the crypto module
Experimental support for AbortController and AbortSignal

Signed-off-by: Hirokazu MORIKAWA 
---
 lang/node/Makefile                            |  6 ++---
 lang/node/patches/003-path.patch              |  2 +-
 lang/node/patches/004-musl_support.patch      |  2 +-
 ...necessary_libraries_for_host_execute.patch |  8 +++----
 lang/node/patches/999-fix_icu_conflict.patch  | 24 +++++++++----------
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/lang/node/Makefile b/lang/node/Makefile
index 65e9bbdc3d3d6..9b1a67d95a126 100644
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=node
-PKG_VERSION:=v14.16.1
-PKG_RELEASE:=2
+PKG_VERSION:=v14.17.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=e44adbbed6756c2c1a01258383e9f00df30c147b36e438f6369b5ef1069abac3
+PKG_HASH:=56e05bff9331039317db417f772e635e0cd1c55f733f7b1b079d71ab5842c9ed
 
 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella 
 PKG_LICENSE:=MIT
diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch
index 0c4cfa9087493..8675e3420b67d 100644
--- a/lang/node/patches/003-path.patch
+++ b/lang/node/patches/003-path.patch
@@ -1,6 +1,6 @@
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -1179,7 +1179,8 @@ Module._initPaths = function() {
+@@ -1184,7 +1184,8 @@ Module._initPaths = function() {
      path.resolve(process.execPath, '..') :
      path.resolve(process.execPath, '..', '..');
  
diff --git a/lang/node/patches/004-musl_support.patch b/lang/node/patches/004-musl_support.patch
index 200e2ca48491d..cefe846d382da 100644
--- a/lang/node/patches/004-musl_support.patch
+++ b/lang/node/patches/004-musl_support.patch
@@ -20,7 +20,7 @@
    result = clock_gettime(CLOCK_MONOTONIC, &ts);
 --- a/deps/v8/src/base/platform/platform-posix.cc
 +++ b/deps/v8/src/base/platform/platform-posix.cc
-@@ -823,7 +823,7 @@ bool Thread::Start() {
+@@ -839,7 +839,7 @@ bool Thread::Start() {
  #if V8_OS_MACOSX
      // Default on Mac OS X is 512kB -- bump up to 1MB
      stack_size = 1 * 1024 * 1024;
diff --git a/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch b/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch
index e81478d7be8c5..6de249eaefe20 100644
--- a/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch
+++ b/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch
@@ -1,6 +1,6 @@
 --- a/tools/icu/icu-generic.gyp
 +++ b/tools/icu/icu-generic.gyp
-@@ -522,6 +522,7 @@
+@@ -419,6 +419,7 @@
        'target_name': 'genrb',
        'type': 'executable',
        'toolsets': [ 'host' ],
@@ -8,7 +8,7 @@
        'dependencies': [ 'icutools' ],
        'sources': [
          '<@(icu_src_genrb)'
-@@ -538,6 +539,7 @@
+@@ -435,6 +436,7 @@
        'target_name': 'iculslocs',
        'toolsets': [ 'host' ],
        'type': 'executable',
@@ -16,7 +16,7 @@
        'dependencies': [ 'icutools' ],
        'sources': [
          'iculslocs.cc',
-@@ -550,6 +552,7 @@
+@@ -447,6 +449,7 @@
        'target_name': 'icupkg',
        'toolsets': [ 'host' ],
        'type': 'executable',
@@ -24,7 +24,7 @@
        'dependencies': [ 'icutools' ],
        'sources': [
          '<@(icu_src_icupkg)',
-@@ -561,6 +564,7 @@
+@@ -458,6 +461,7 @@
        'target_name': 'genccode',
        'toolsets': [ 'host' ],
        'type': 'executable',
diff --git a/lang/node/patches/999-fix_icu_conflict.patch b/lang/node/patches/999-fix_icu_conflict.patch
index 0a4170a9eaf73..489bca47cb291 100644
--- a/lang/node/patches/999-fix_icu_conflict.patch
+++ b/lang/node/patches/999-fix_icu_conflict.patch
@@ -1,14 +1,14 @@
 --- a/tools/icu/icu-generic.gyp
 +++ b/tools/icu/icu-generic.gyp
-@@ -181,6 +181,7 @@
-               '<(icu_path)/source/i18n/uspoof_wsconf.h',
-             ]}],
-             ],
+@@ -107,6 +107,7 @@
+           'sources': [
+             '<@(icu_src_i18n)'
+           ],
 +          'include_dirs!': [ '
Date: Tue, 18 May 2021 04:03:42 +0300
Subject: [PATCH 220/221] Revert "node: bump to v14.17.0"

This reverts commit 3c470036aaf31b93d592976231375d847d5472e8.
---
 lang/node/Makefile                            |  6 ++---
 lang/node/patches/003-path.patch              |  2 +-
 lang/node/patches/004-musl_support.patch      |  2 +-
 ...necessary_libraries_for_host_execute.patch |  8 +++----
 lang/node/patches/999-fix_icu_conflict.patch  | 24 +++++++++----------
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/lang/node/Makefile b/lang/node/Makefile
index 9b1a67d95a126..65e9bbdc3d3d6 100644
--- a/lang/node/Makefile
+++ b/lang/node/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=node
-PKG_VERSION:=v14.17.0
-PKG_RELEASE:=1
+PKG_VERSION:=v14.16.1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
-PKG_HASH:=56e05bff9331039317db417f772e635e0cd1c55f733f7b1b079d71ab5842c9ed
+PKG_HASH:=e44adbbed6756c2c1a01258383e9f00df30c147b36e438f6369b5ef1069abac3
 
 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella 
 PKG_LICENSE:=MIT
diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch
index 8675e3420b67d..0c4cfa9087493 100644
--- a/lang/node/patches/003-path.patch
+++ b/lang/node/patches/003-path.patch
@@ -1,6 +1,6 @@
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
-@@ -1184,7 +1184,8 @@ Module._initPaths = function() {
+@@ -1179,7 +1179,8 @@ Module._initPaths = function() {
      path.resolve(process.execPath, '..') :
      path.resolve(process.execPath, '..', '..');
  
diff --git a/lang/node/patches/004-musl_support.patch b/lang/node/patches/004-musl_support.patch
index cefe846d382da..200e2ca48491d 100644
--- a/lang/node/patches/004-musl_support.patch
+++ b/lang/node/patches/004-musl_support.patch
@@ -20,7 +20,7 @@
    result = clock_gettime(CLOCK_MONOTONIC, &ts);
 --- a/deps/v8/src/base/platform/platform-posix.cc
 +++ b/deps/v8/src/base/platform/platform-posix.cc
-@@ -839,7 +839,7 @@ bool Thread::Start() {
+@@ -823,7 +823,7 @@ bool Thread::Start() {
  #if V8_OS_MACOSX
      // Default on Mac OS X is 512kB -- bump up to 1MB
      stack_size = 1 * 1024 * 1024;
diff --git a/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch b/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch
index 6de249eaefe20..e81478d7be8c5 100644
--- a/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch
+++ b/lang/node/patches/999-delete_unnecessary_libraries_for_host_execute.patch
@@ -1,6 +1,6 @@
 --- a/tools/icu/icu-generic.gyp
 +++ b/tools/icu/icu-generic.gyp
-@@ -419,6 +419,7 @@
+@@ -522,6 +522,7 @@
        'target_name': 'genrb',
        'type': 'executable',
        'toolsets': [ 'host' ],
@@ -8,7 +8,7 @@
        'dependencies': [ 'icutools' ],
        'sources': [
          '<@(icu_src_genrb)'
-@@ -435,6 +436,7 @@
+@@ -538,6 +539,7 @@
        'target_name': 'iculslocs',
        'toolsets': [ 'host' ],
        'type': 'executable',
@@ -16,7 +16,7 @@
        'dependencies': [ 'icutools' ],
        'sources': [
          'iculslocs.cc',
-@@ -447,6 +449,7 @@
+@@ -550,6 +552,7 @@
        'target_name': 'icupkg',
        'toolsets': [ 'host' ],
        'type': 'executable',
@@ -24,7 +24,7 @@
        'dependencies': [ 'icutools' ],
        'sources': [
          '<@(icu_src_icupkg)',
-@@ -458,6 +461,7 @@
+@@ -561,6 +564,7 @@
        'target_name': 'genccode',
        'toolsets': [ 'host' ],
        'type': 'executable',
diff --git a/lang/node/patches/999-fix_icu_conflict.patch b/lang/node/patches/999-fix_icu_conflict.patch
index 489bca47cb291..0a4170a9eaf73 100644
--- a/lang/node/patches/999-fix_icu_conflict.patch
+++ b/lang/node/patches/999-fix_icu_conflict.patch
@@ -1,14 +1,14 @@
 --- a/tools/icu/icu-generic.gyp
 +++ b/tools/icu/icu-generic.gyp
-@@ -107,6 +107,7 @@
-           'sources': [
-             '<@(icu_src_i18n)'
-           ],
+@@ -181,6 +181,7 @@
+               '<(icu_path)/source/i18n/uspoof_wsconf.h',
+             ]}],
+             ],
 +          'include_dirs!': [ '
Date: Tue, 18 May 2021 04:17:52 +0300
Subject: [PATCH 221/221] Revert "apparmor: add new package"

This reverts commit 8068b0a4b23ac34bc625016c2753e1f3d0940f25.
---
 utils/apparmor/Makefile                       | 206 ---------
 utils/apparmor/files/apparmor.init            |  22 -
 utils/apparmor/files/apparmor.sh              | 380 ----------------
 .../patches/010-autoconf-libapparmor.patch    |  10 -
 utils/apparmor/patches/020-fix-ss-path.patch  |  11 -
 .../patches/030-remove-pynotify2-dep.patch    | 416 ------------------
 .../patches/040-remove-bash-dep.patch         | 143 ------
 7 files changed, 1188 deletions(-)
 delete mode 100644 utils/apparmor/Makefile
 delete mode 100755 utils/apparmor/files/apparmor.init
 delete mode 100755 utils/apparmor/files/apparmor.sh
 delete mode 100644 utils/apparmor/patches/010-autoconf-libapparmor.patch
 delete mode 100644 utils/apparmor/patches/020-fix-ss-path.patch
 delete mode 100644 utils/apparmor/patches/030-remove-pynotify2-dep.patch
 delete mode 100644 utils/apparmor/patches/040-remove-bash-dep.patch

diff --git a/utils/apparmor/Makefile b/utils/apparmor/Makefile
deleted file mode 100644
index 5edd78f09af3b..0000000000000
--- a/utils/apparmor/Makefile
+++ /dev/null
@@ -1,206 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=apparmor
-PKG_VERSION:=3.0.0
-PKG_RELEASE:=$(AUTORELEASE)
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://gitlab.com/apparmor/apparmor.git
-PKG_SOURCE_VERSION:=eb1328f18a98d2b3cc6f9fb617294b6eeb18f365
-PKG_MIRROR_HASH:=d6c86e2927e7030936e556190ae426653d696d52480cfc2ca826cc05aa50574f
-
-PKG_LICENSE:=GPL-1.0-only
-PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Oskari Rauta 
-PKG_BUILD_DEPENDS:=python3
-BUILDONLY:=1
-
-HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:=setuptools-scm
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/nls.mk
-include ../../lang/python/python3-package.mk
-
-define Package/apparmor/Default
-  SECTION:=utils
-  CATEGORY:=Utilities
-  SUBMENU:=AppArmor
-  URL:=https://apparmor.net
-endef
-
-define Package/libapparmor
-  TITLE:=AppArmor library
-  SECTION:=libs
-  CATEGORY:=Libraries
-  URL:=https://apparmor.net
-  DEPENDS:=
-endef
-
-define Package/python3-apparmor
-  TITLE:=AppArmor python bindings
-  SECTION:=lang
-  CATEGORY:=Languages
-  SUBMENU:=Python
-  URL:=https://apparmor.net
-  DEPENDS:=+libapparmor +python3
-endef
-
-define Package/apparmor-utils
-  $(call Package/apparmor/Default)
-  TITLE:=AppArmor utils
-  DEPENDS:=$(INTL_DEPENDS) +libapparmor +python3-apparmor +python3 +python3-readline +python3-psutil +ss +findutils-xargs
-endef
-
-define Package/apparmor-profiles
-  $(call Package/apparmor/Default)
-  TITLE:=AppArmor default profiles
-  DEPENDS:=
-endef
-
-define Package/apparmor-utils/description
-  AppArmor userspace utilities
-endef
-
-define Package/apparmor-profiles/description
-  AppArmor Extra Profiles
-endef
-
-CONFIGURE_PATH=libraries/libapparmor
-
-CONFIGURE_VARS += \
-		SHELL=$(bash) \
-		PYTHON_VERSION=$(PYTHON3_VERSION) \
-		PYTHON_VERSIONS=$(PYTHON3) \
-		PYTHON=$(PYTHON3) \
-		PYTHON_CPPFLAGS="-I$(STAGING_DIR)/usr/include/python$(PYTHON3_VERSION)" \
-		PYTHON_LDFLAGS="-I$(PYTHON3_INC_DIR) -L$(STAGING_DIR)/usr/lib -L$(PYTHON3_LIB_DIR)" \
-		PYTHON_EXTRA_LDFLAGS="-L$(STAGING_DIR)/usr/lib -L$(PYTHON3_LIB_DIR)/config-$(PYTHON3_VERSION) -lpthread -ldl -lm -lz -lpython$(PYTHON3_VERSION)" \
-		ac_cv_path_PYTHON_CONFIG=$(STAGING_DIR_ROOT)/usr/bin/python$(PYTHON3_VERSION)-config 
-
-CONFIGURE_ARGS += \
-                --with-python \
-                --without-perl \
-		--without-ruby \
-                --disable-man-pages
-
-ifeq ($(CONFIG_BUILD_NLS),y)
-	MAKE_VARS += WITH_LIBINTL=1
-	MAKE_FLAGS += WITH_LIBINTL=1
-endif
-
-APPARMOR_CFLAGS = -I$(PKG_BUILD_DIR)/libraries/libapparmor/include
-APPARMOR_LDFLAGS = -L$(PKG_BUILD_DIR)/libraries/libapparmor/src/.libs
-
-define Build/Configure
-	$(MAKE) -C $(PKG_BUILD_DIR)/libraries/libapparmor configure
-	$(RM) $(PKG_BUILD_DIR)/libraries/libapparmor/Makefile
-	$(SED) 's#ac_cv_path_PYTHON_CONFIG=#ac_cv_path_X_PYTHON_CONFIG=#g' $(PKG_BUILD_DIR)/libraries/libapparmor/configure
-	$(call Build/Configure/Default)
-endef
-
-define Build/Compile
-	# Building libapparmor
-	+$(MAKE_VARS) \
-		CFLAGS="$(TARGET_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/libraries/libapparmor \
-		$(MAKE_FLAGS)
-	# Building parser
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \
-		CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS) -lgcc_s" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/parser \
-		$(MAKE_FLAGS) apparmor_parser
-	# Building binutils
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \
-		CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS)" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/binutils \
-		$(MAKE_FLAGS)
-	# Building utils
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \
-		CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS)" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/utils \
-		$(MAKE_FLAGS)
-	# Building profiles
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) \
-		CFLAGS="$(TARGET_CFLAGS) $(APPARMOR_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS) $(APPARMOR_CFLAGS")" LDFLAGS="$(TARGET_LDFLAGS) $(APPARMOR_LDFLAGS)" USE_SYSTEM=0 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/profiles \
-		$(MAKE_FLAGS)
-endef
-
-define Build/Install
-	# Make sure we have python's setup tools installed
-	$(if $(PYTHON3_PKG_HOST_PIP_INSTALL_ARGS), \
-		$(call HostPython3/PipInstall,$(PYTHON3_PKG_HOST_PIP_INSTALL_ARGS)) \
-	)
-	$(INSTALL_DIR) $(PKG_INSTALL_DIR)-libapparmor $(PKG_INSTALL_DIR)-utils $(PKG_INSTALL_DIR)-profiles
-	# Installing libapparmor
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \
-		CFLAGS="$(TARGET_CFLAGS)" CPPFLAGS="$(TARGET_CPPFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" \
-		$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/libraries/libapparmor \
-		$(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-libapparmor" install
-	# Installing parser
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \
-		CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/parser \
-		$(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-utils" install
-	# Installing binutils
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \
-		CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/binutils \
-		$(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-utils" install
-	# Installing utils
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \
-		CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/utils \
-		$(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-utils" install
-	# Installing profiles
-	+$(MAKE_VARS) PYTHON=$(HOST_PYTHON) VERSION=$(PYTHON3_VERSION) \
-		CFLAGS="$(TARGET_CFLAGS)" LDFLAGS="$(TARGET_LDFLAGS)" USE_SYSTEM=1 $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/profiles \
-		$(MAKE_FLAGS) DESTDIR="$(PKG_INSTALL_DIR)-profiles" install
-endef
-
-define Package/libapparmor/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/libapparmor.so.1 $(1)/usr/lib/
-	$(LN) libapparmor.so.1 $(1)/usr/lib/libapparmor.so
-endef
-
-define Package/python3-apparmor/install
-	$(INSTALL_DIR) \
-		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages \
-		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/python$(PYTHON3_VERSION)/site-packages/*.egg-info \
-		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/*.py \
-		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)-libapparmor/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/*.so \
-		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/
-	$(LN) -s _LibAppArmor.cpython-$(PYTHON3_VERSION_MAJOR)$(PYTHON3_VERSION_MINOR).so \
-		$(1)/usr/lib/python$(PYTHON3_VERSION)/site-packages/LibAppArmor/_LibAppArmor.so
-endef
-
-define Package/apparmor-utils/install
-	$(INSTALL_DIR) $(1)/etc/apparmor $(1)/usr/sbin $(1)/sbin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/sbin/apparmor_parser $(1)/sbin/
-	$(INSTALL_CONF) $(PKG_INSTALL_DIR)-utils/etc/apparmor/*.conf $(1)/etc/apparmor/
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/etc/apparmor/severity.db $(1)/etc/apparmor/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/sbin/apparmor_parser $(1)/sbin/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/usr/bin/{aa-exec,aa-easyprof,aa-enabled,aa-features-abi} $(1)/usr/sbin/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)-utils/usr/sbin/{aa-audit,aa-autodep,aa-cleanprof,aa-complain,aa-decode,aa-disable,aa-enforce,aa-genprof,aa-logprof,aa-mergeprof,aa-notify,aa-remove-unknown,aa-status,aa-unconfined} $(1)/usr/sbin/
-	$(LN) aa-status $(1)/usr/sbin/apparmor_status
-	$(INSTALL_DIR) $(1)/usr/share/apparmor/easyprof/templates $(1)/usr/share/apparmor/easyprof/policygroups
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/share/apparmor/easyprof/templates/* $(1)/usr/share/apparmor/easyprof/templates/
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/share/apparmor/easyprof/policygroups/* $(1)/usr/share/apparmor/easyprof/policygroups/
-	$(INSTALL_DIR) $(1)/usr/lib/python3.9/site-packages $(1)/usr/lib/python3.9/site-packages/apparmor $(1)/usr/lib/python3.9/site-packages/apparmor/rule
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/lib/python3.9/site-packages/*.egg-info \
-		$(1)/usr/lib/python3.9/site-packages/
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/lib/python3.9/site-packages/apparmor/*.py \
-		$(1)/usr/lib/python3.9/site-packages/apparmor/
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)-utils/usr/lib/python3.9/site-packages/apparmor/rule/*.py \
-		$(1)/usr/lib/python3.9/site-packages/apparmor/rule
-	$(INSTALL_DIR) $(1)/etc/init.d $(1)/lib/functions
-	$(INSTALL_BIN) ./files/apparmor.sh $(1)/lib/functions/
-	$(INSTALL_BIN) ./files/apparmor.init $(1)/etc/init.d/apparmor
-endef
-
-define Package/apparmor-profiles/install
-	$(INSTALL_DIR) $(1)/etc/apparmor.d $(1)/usr/share/apparmor/extra-profiles
-	$(CP) -aR $(PKG_INSTALL_DIR)-profiles/etc/apparmor.d/** $(1)/etc/apparmor.d/
-	$(INSTALL_CONF) $(PKG_INSTALL_DIR)-profiles/usr/share/apparmor/extra-profiles/** $(1)/usr/share/apparmor/extra-profiles/
-endef
-
-$(eval $(call BuildPackage,libapparmor))
-$(eval $(call BuildPackage,python3-apparmor))
-$(eval $(call BuildPackage,apparmor-utils))
-$(eval $(call BuildPackage,apparmor-profiles))
diff --git a/utils/apparmor/files/apparmor.init b/utils/apparmor/files/apparmor.init
deleted file mode 100755
index 576df39ace5c1..0000000000000
--- a/utils/apparmor/files/apparmor.init
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=75
-USE_PROCD=1
-
-. /lib/functions/apparmor.sh
-
-restart() {
-	apparmor_restart
-}
-
-start_service() {
-	apparmor_start
-}
-
-stop_service() {
-	apparmor_stop
-}
-
-reload_service() {
-	apparmor_reload
-}
diff --git a/utils/apparmor/files/apparmor.sh b/utils/apparmor/files/apparmor.sh
deleted file mode 100755
index 5e9edb9dd5094..0000000000000
--- a/utils/apparmor/files/apparmor.sh
+++ /dev/null
@@ -1,380 +0,0 @@
-#!/bin/sh
-
-log_write() {
-	local facility=kern.$1
-	logger -t AppArmor -p $facility "$2"
-}
-
-AA_STATUS=/usr/sbin/aa-status
-SECURITYFS=/sys/kernel/security
-SFS_MOUNTPOINT="${SECURITYFS}/apparmor"
-PARSER=/sbin/apparmor_parser
-PARSER_OPTS=
-ADDITIONAL_PROFILE_DIR=
-
-[ -d /etc/apparmor.d ] && PROFILE_DIRS=/etc/apparmor.d ||
-	log_write warning "Unable to find profiles: /etc/apparmor.d"
-
-[ -n "$ADDITIONAL_PROFILE_DIR" ] && [ -d "$ADDITIONAL_PROFILE_DIR" ] &&
-	PROFILE_DIRS="$PROFILE_DIRS $ADDITIONAL_PROFILE_DIR"
-
-dir_is_empty() {
-	[ "$(du -s $1 | cut -f 1)" -eq 0 ] && return 0 || return 1
-}
-
-profiles_loaded_count() {
-
-	[ -f ${SFS_MOUNTPOINT}/profiles ] &&
-		return $(cat "${SFS_MOUNTPOINT}/profiles" | wc -l) || return 0
-}
-
-is_profiles_loaded() {
-
-	[ -f ${SFS_MOUNTPOINT}/profiles ] && {
-		rc=$(cat "${SFS_MOUNTPOINT}/profiles" | wc -l)
-		[ "$rc" -ne 0 ] && return 0 || return 1
-	}
-	return 1
-}
-
-is_container_with_internal_policy() {
-
-	local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
-	local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
-	local ns_stacked
-	local ns_name
-
-	if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
-		return 1
-	fi
-
-	read -r ns_stacked < "$ns_stacked_path"
-	if [ "$ns_stacked" != "yes" ]; then
-		return 1
-	fi
-
-	# LXD and LXC set up AppArmor namespaces starting with "lxd-" and
-	# "lxc-", respectively. Return non-zero for all other namespace
-	# identifiers.
-
-	read -r ns_name < "$ns_name_path"
-	if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
-	   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
-		return 1
-	fi
-
-	return 0
-}
-
-skip_profile() {
-
-	local profile="$1"
-
-	if [ "${profile%.rpmnew}"   != "$profile" ] || \
-	   [ "${profile%.rpmsave}"  != "$profile" ] || \
-	   [ "${profile%.orig}"     != "$profile" ] || \
-	   [ "${profile%.rej}"      != "$profile" ] || \
-	   [ "${profile%\~}"        != "$profile" ] ; then
-		return 1
-	fi
-
-	# Silently ignore the dpkg, pacman, ipk and xbps files
-
-	if [ "${profile%.dpkg-new}"     != "$profile" ] || \
-	   [ "${profile%.dpkg-old}"     != "$profile" ] || \
-	   [ "${profile%.dpkg-dist}"    != "$profile" ] || \
-	   [ "${profile%.dpkg-bak}"     != "$profile" ] || \
-	   [ "${profile%.dpkg-remove}"  != "$profile" ] || \
-	   [ "${profile%.ipk}"          != "$profile" ] || \
-	   [ "${profile%.ipk-new}"      != "$profile" ] || \
-	   [ "${profile%.ipk-old}"      != "$profile" ] || \
-	   [ "${profile%.ipk-dist}"     != "$profile" ] || \
-	   [ "${profile%.ipk-bak}"      != "$profile" ] || \
-	   [ "${profile%.ipk-remove}"   != "$profile" ] || \
-	   [ "${profile%.pacsave}"      != "$profile" ] || \
-	   [ "${profile%.pacnew}"       != "$profile" ] ; then
-		return 2
-	fi
-
-	$(echo "$profile" | grep -E -q '^.+\.new-[0-9\.]+_[0-9]+$'); [ "$?" -eq 0 ] && return 2
-
-	return 0
-}
-
-__parse_profiles_dir() {
-
-	local parser_cmd="$1"
-	local profile_dir="$2"
-	local status=0
-
-	[ -x "$PARSER" ] || {
-		log_write err "Unable to execute AppArmor parser"
-		return 1
-	}
-
-	[ -d "$profile_dir" ] || {
-		log_write warning "AppArmor profiles not found: $profile_dir"
-		return 1
-	}
-
-	dir_is_empty "$profile_dir"; [ "$?" -eq 0 ] && {
-		log_write err "No profiles found in $profile_dir"
-		return 1
-	}
-
-	local nprocs=$(cat /proc/cpuinfo |grep "processor\t:"|wc -l)
-	local rc=0
-	local xargs_args=""
-	[ "$nprocs" -ge 2 ] && xargs_args="--max-procs=$nprocs"
-
-	"$PARSER" $PARSER_OPTS "$parser_cmd" -- "$profile_dir" || {
-
-		for profile in "$profile_dir"/*; do
-			skip_profile "$profile"
-			skip=$?
-			[ "$skip" -ne 0 ] && {
-				[ "$skip" -ne 2 ] && log_write info "Skipped loading profile $profile"
-				continue
-			}
-			[ -f "$profile" ] || continue
-			echo "$profile"
-		done | \
-
-		# Use xargs to parallelize calls to the parser over all CPUs
-
-		/usr/libexec/xargs-findutils -n1 -d"\n" $xargs_args \
-			"$PARSER" $PARSER_OPTS "$parser_cmd" --
-
-		[ "$?" -ne 0 ] && {
-			rc=1
-			log_write err "At least one profile failed to load"
-		}
-	}
-
-	return $rc
-}
-
-parse_profiles() {
-
-	case "$1" in
-		load)
-			PARSER_CMD="--add"
-			PARSER_MSG="Loading profiles"
-			;;
-		reload)
-			PARSER_CMD="--replace"
-			PARSER_MSG="Reloading profiles"
-			;;
-		*)
-			log_write err "Unknown parameter $1"
-			log_write info "parse_profiles parameter must be either 'load' or 'reload'"
-			return 1
-			;;
-	esac
-
-	log_write info "$PARSER_MSG"
-
-	[ -w "$SFS_MOUNTPOINT/.load" ] || {
-		log_write err "${SFS_MOUNTPOINT}/.load not writable"
-		return 1
-	}
-
-	[ -f "$PARSER" ] || {
-		log_write err "AppArmor parser not found"
-		return 1
-	}
-
-	# run parser on all profiles
-	local rc=0
-	for profile_dir in $PROFILE_DIRS; do
-		__parse_profiles_dir "$PARSER_CMD" "$profile_dir" || rc=$?
-	done
-
-	return $rc
-}
-
-is_apparmor_loaded() {
-
-	is_securityfs_mounted; [ "$?" -eq 0 ] || {
-		mount_securityfs
-	}
-
-	[ -f "${SFS_MOUNTPOINT}/profiles" ] && return 0
-	[ -d /sys/module/apparmor ] && return 0 || return 1
-}
-
-is_securityfs_mounted() {
-
-	[ -d "$SECURITYFS" ] && {
-		grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts
-		return $?
-	}
-	return 1
-}
-
-mount_securityfs() {
-
-	local rc=0
-
-	grep -q securityfs /proc/filesystems; [ "$?" -eq 0 ] && {
-		mount -t securityfs securityfs "$SECURITYFS"
-		rc=$?
-		[ "$rc" -eq 0 ] && log_write info "Mounting securityfs" ||
-			log_write err "Failed to mount securityfs"
-	}
-	return $rc
-}
-
-apparmor_start() {
-
-	local announced=0
-	is_securityfs_mounted; [ "$?" -ne 0 ] && {
-		log_write info "Starting AppArmor"
-		announced=1
-		mount_securityfs; [ "$?" -eq 0 ] || return $?
-	}
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || {
-		[ "$announced" -eq 0 ] && log_write info "Starting AppArmor"
-		announced=1
-		log_write err "AppArmor kernel support is not present"
-		return 1
-	}
-
-	[ -d /var/lib/apparmor ] || mkdir -p /var/lib/apparmor > /dev/null
-
-	is_profiles_loaded; [ "$?" -eq 0 ] || {
-		[ "$announced" -eq 0 ] && log_write info "Starting AppArmor"
-		announced=1
-		parse_profiles load
-		return $?
-	} || {
-		parse_profiles reload
-		return $?
-	}
-}
-
-remove_profiles() {
-
-	log_write info "Unloading profiles"
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || {
-		log_write err "AppArmor kernel support is not present"
-		return 1
-	}
-
-	[ -w "$SFS_MOUNTPOINT/.remove" ] || {
-		log_write err "${SFS_MOUNTPOINT}/.remove not writable"
-		return 1
-	}
-
-	[ -x "$PARSER" ] || {
-		log_write err "Unable to execute AppArmor parser"
-		return 1
-	}
-
-	local rc=0
-
-	sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | \
-	LC_COLLATE=C sort | grep -v // | {
-		while read -r profile ; do
-			printf "%s" "$profile" > "$SFS_MOUNTPOINT/.remove"
-			result=$?
-			[ "$result" -eq 0 ] || rc=$result
-		done
-	}
-	return $rc
-}
-
-apparmor_stop() {
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || return 1
-	is_profiles_loaded; [ "$?" -eq 0 ] && {
-		log_write info "Stopping AppArmor"
-		remove_profiles
-		return $?
-	} || return 0
-}
-
-apparmor_restart() {
-
-	is_profiles_loaded; [ "$?" -eq 0 ] || {
-		apparmor_start
-		return $?
-	}
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || {
-		apparmor_start
-		return $?
-	}
-
-	log_write info "Restarting AppArmor"
-	parse_profiles reload
-	return $?
-}
-
-apparmor_reload() {
-
-	is_profiles_loaded; [ "$?" -eq 0 ] || {
-		apparmor_start
-		return $?
-	}
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || {
-		apparmor_start
-		return $?
-	}
-
-	log_write info "Reloading AppArmor"
-	parse_profiles reload
-	return $?
-}
-
-apparmor_list_profiles() {
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || {
-		echo "AppArmor kernel support is not present"
-		return 1
-	}
-
-        [ -x "$PARSER" ] || {
-                echo "Unable to execute AppArmor parser"
-		return 1
-	}
-
-	# run parser on all profiles
-	for profile_dir in $PROFILE_DIRS; do
-		[ -d "$profile_dir" ] || {
-			echo "AppArmor profiles not found: $profile_dir"
-			continue
-		}
-
-		for profile in "$profile_dir"/*; do
-			if skip_profile "$profile" && [ -f "$profile" ] ; then
-				LIST_ADD=$("$PARSER" -N "$profile" )
-				[ "$?" -eq 0 ] && echo "$LIST_ADD"
-			fi
-		done
-	done
-	return 0
-}
-
-
-apparmor_status() {
-
-	is_apparmor_loaded; [ "$?" -eq 0 ] || {
-		echo "AppArmor kernel support is not present"
-		return 1
-	}
-
-	[ -x "$AA_STATUS" ] && {
-		"$AA_STATUS" --verbose
-		return $?
-	}
-
-	echo "AppArmor is enabled."
-	echo "Install apparmor-utils to receive more detailed status"
-	echo "information or examine $SFS_MOUNTPOINT directly."
-
-	return 0
-}
diff --git a/utils/apparmor/patches/010-autoconf-libapparmor.patch b/utils/apparmor/patches/010-autoconf-libapparmor.patch
deleted file mode 100644
index bcb47d0906fa8..0000000000000
--- a/utils/apparmor/patches/010-autoconf-libapparmor.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- /dev/null
-+++ b/libraries/libapparmor/Makefile
-@@ -0,0 +1,7 @@
-+package=libapparmor
-+
-+configure:
-+	$(STAGING_DIR_HOST)/bin/aclocal
-+	$(STAGING_DIR_HOST)/bin/autoconf --force
-+	$(STAGING_DIR_HOST)/bin/libtoolize --automake -c --force
-+	$(STAGING_DIR_HOST)/bin/automake -ac
diff --git a/utils/apparmor/patches/020-fix-ss-path.patch b/utils/apparmor/patches/020-fix-ss-path.patch
deleted file mode 100644
index 11e53b021942e..0000000000000
--- a/utils/apparmor/patches/020-fix-ss-path.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/utils/aa-unconfined
-+++ b/utils/aa-unconfined
-@@ -118,7 +118,7 @@ def read_proc_current(filename):
- pids = set()
- if paranoid:
-     pids = get_all_pids()
--elif args.with_ss or (not args.with_netstat and (os.path.exists('/bin/ss') or os.path.exists('/usr/bin/ss'))):
-+elif args.with_ss or (not args.with_netstat and (os.path.exists('/usr/sbin/ss') or os.path.exists('/bin/ss') or os.path.exists('/usr/bin/ss') or os.path.exists('/sbin/ss'))):
-     pids = get_pids_ss()
- else:
-     pids = get_pids_netstat()
diff --git a/utils/apparmor/patches/030-remove-pynotify2-dep.patch b/utils/apparmor/patches/030-remove-pynotify2-dep.patch
deleted file mode 100644
index 7de4ddc1e1ec7..0000000000000
--- a/utils/apparmor/patches/030-remove-pynotify2-dep.patch
+++ /dev/null
@@ -1,416 +0,0 @@
---- a/utils/aa-notify
-+++ b/utils/aa-notify
-@@ -13,17 +13,6 @@
- #
- # ----------------------------------------------------------------------
- #
--# /etc/apparmor/notify.conf:
--# # set to 'yes' to enable AppArmor DENIED notifications
--# show_notifications="yes"
--#
--# # only people in use_group can run this script
--# use_group="admin"
--#
--# $HOME/.apparmor/notify.conf can have:
--# # set to 'yes' to enable AppArmor DENIED notifications
--# show_notifications="yes"
--#
- # In a typical desktop environment one would run as a service the
- # command:
- #   /usr/bin/aa-notify -p -w 10
-@@ -35,7 +24,6 @@ import re
- import sys
- import time
- import struct
--import notify2
- import psutil
- import pwd
- import grp
-@@ -60,56 +48,9 @@ def get_user_login():
-             username = os.getlogin()
-     return username
- 
--
--def get_last_login_timestamp(username):
--    '''Directly read wtmp and get last login for user as epoch timestamp'''
--    timestamp = 0
--    filename = '/var/log/wtmp'
--    last_login = 0
--
--    debug_logger.debug('Username: {}'.format(username))
--
--    with open(filename, "rb") as wtmp_file:
--        offset = 0
--        wtmp_filesize = os.path.getsize(filename)
--        debug_logger.debug('WTMP filesize: {}'.format(wtmp_filesize))
--        while offset < wtmp_filesize:
--            wtmp_file.seek(offset)
--            offset += 384  # Increment for next entry
--
--            type = struct.unpack("
- Decode a hex-encoded string to ASCII. It will also take an audit log on
- standard input and convert any hex-encoded AppArmor log entries and display
-@@ -36,63 +36,79 @@ $ cat /var/log/kern.log | aa-decode
- EOM
- }
- 
--decode() {
--    if echo "$1" | egrep -q "^[0-9A-Fa-f]+$" ; then
--      python3 -c "import binascii; print(bytes.decode(binascii.unhexlify('$1'), errors='strict'));"
--    else
--      echo ""
--    fi
-+match_re() {
-+	local result=$(echo "$1" | grep -E "$2" )
-+	[ -z "$result" ] && return 1 || return 0
-+}
-+
- 
-+decode() {
-+	$(echo "$1" | egrep -q "^[0-9A-Fa-f]+$"); [ "$?" -eq 0 ] &&
-+		python3 -c "import binascii; print(bytes.decode(binascii.unhexlify('$1'), errors='strict'));" || echo ""
- }
- 
- if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
--    help
--    exit
-+	help
-+	exit
- fi
- 
- # if have an argument, then use it, otherwise process stdin
--if [ -n "$1" ]; then
--    e="$1"
--    if ! echo "$e" | egrep -q "^[0-9A-Fa-f]+$" ; then
--        echo "String should only contain hex characters (0-9, a-f, A-F)"
--        exit 1
--    fi
--
--    d=`decode $e`
--    if [ -z "$d" ]; then
--        echo "Could not decode string"
--        exit 1
--    fi
-+[ -n "$1" ] && {
- 
--    echo "Decoded: $d"
--    exit 0
--fi
-+	e="$1"
- 
--# For now just look at 'name=...' and 'profile=...',
--# so validate input against this and output based on it.
--# TODO: better handle other cases too
--while read line ; do
-+	$(echo "$e" | egrep -q "^[0-9A-Fa-f]+$"); [ "$?" -ne 0 ] && {
-+		echo "String should only contain hex characters (0-9, a-f, A-F)"
-+		exit 1
-+	}
- 
--    # check if line contains encoded name= or profile=
--    if [[ "$line" =~ \ (name|profile|proctitle)=[0-9a-fA-F] ]]; then
-+	d=$(decode $e)
- 
--        # cut the encoded filename/profile name out of the line and decode it
--        ne=`echo "$line" | sed 's/.* name=\([^ ]*\).*$/\\1/g'`
--        nd="$(decode ${ne/\'/\\\'})"
-+	[ -z "$d" ] && {
-+		echo "Could not decode string"
-+		exit 1
-+	}
- 
--        pe=`echo "$line" | sed 's/.* profile=\([^ ]*\).*$/\\1/g'`
--        pd="$(decode ${pe/\'/\\\'})"
-+	echo "Decoded: $d"
-+	exit 0
-+}
- 
--        pce=`echo "$line" | sed 's/.* proctitle=\([^ ]*\).*$/\\1/g'`
--        pcd="$(decode ${pce/\'/\\\'})"
-+[ -t 0 ] && {
-+	help
-+	exit
-+}
-+
-+while read line ; do
- 
--        # replace encoded name and profile with its decoded counterparts (only if it was encoded)
--        test -n "$nd" && line="${line/name=$ne/name=\"$nd\"}"
--        test -n "$pd" && line="${line/profile=$pe/profile=\"$pd\"}"
--        test -n "$pcd" && line="${line/proctitle=$pce/proctitle=\"$pcd\"}"
-+	# check if line contains encoded name= or profile=
- 
--    fi
-+	matches=0
-+	match_re "$line" "^[[:blank:]](name|profile|proctitle)=[0-9a-fA-F]+"; [ "$?" -eq 0 ] && matches=1 || {
-+		 match_re "$line" "^(name|profile|proctitle)=[0-9a-fA-F]+"; [ "$?" -eq 0 ] && matches=1
-+	}
-+
-+	[ "$matches" -eq 0 ] || {
-+
-+		# cut the encoded filename/profile name out of the line and decode it
-+		ne=$(echo "$line" | sed 's/.* name=\([^ ]*\).*$/\\1/g')
-+		[ "$line" = "$ne" ] && ne=$(echo "$line" | sed 's/.*name=\([^ ]*\).*$/\\1/g')
-+		echo var: $ne
-+		nd="$(decode ${ne/\'/\\\'})"
-+
-+		pe=$(echo "$line" | sed 's/.* profile=\([^ ]*\).*$/\\1/g')
-+		[ "$line" = "$pe" ] && pe=$(echo "$line" | sed 's/.*profile=\([^ ]*\).*$/\\1/g')
-+		pd="$(decode ${pe/\'/\\\'})"
-+
-+		pce=$(echo "$line" | sed 's/.* proctitle=\([^ ]*\).*$/\\1/g')
-+		[ "$line" = "$pce" ] && pce=$(echo "$line" | sed 's/.*proctitle=\([^ ]*\).*$/\\1/g')
-+		pcd="$(decode ${pce/\'/\\\'})"
-+
-+		# replace encoded name and profile with its decoded counterparts (only if it was encoded)
-+		test -n "$nd" && line="${line/name=$ne/name=\"$nd\"}"
-+		test -n "$pd" && line="${line/profile=$pe/profile=\"$pd\"}"
-+		test -n "$pcd" && line="${line/proctitle=$pce/proctitle=\"$pcd\"}"
-+	}
- 
--    echo "$line"
-+	echo "$line"
- 
- done