fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge Mainline

Browse Source 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This commit is contained in:
Tianling Shen 2021-05-08 01:58:03 +08:00
commit 3deef966fc
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
20 changed files with 291 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/target.mk
View File

@ -11,7 +11,7 @@ DEVICE_TYPE?=router
# Default packages - the really basic set
DEFAULT_PACKAGES:=base-files libc libgcc dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd \
block-mount kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw wget libustream-openssl ca-certificates \
block-mount kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw wget-ssl libustream-openssl ca-certificates \
default-settings luci luci-app-ddns luci-app-upnp luci-app-adbyby-plus luci-app-autoreboot \
luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-unblockmusic \
luci-app-arpbind luci-app-vlmcsd luci-app-wol luci-app-ramfree \

4
package/lean/luci-app-kodexplorer/Makefile
View File

@ -6,10 +6,10 @@
include $(TOPDIR)/rules.mk
LUCI_TITLE:=LuCI support for KodExplorer
LUCI_DEPENDS:=+nginx-ssl +unzip +zoneinfo-asia +php7 +php7-fpm +php7-mod-curl +php7-mod-gd +php7-mod-iconv +php7-mod-json +php7-mod-mbstring +php7-mod-opcache +php7-mod-session +php7-mod-zip +php7-mod-sqlite3 +php7-mod-pdo +php7-mod-pdo-sqlite +php7-mod-pdo-mysql
LUCI_DEPENDS:=+nginx-ssl +unzip +zoneinfo-asia +php7 +php7-fpm +php7-mod-curl +php7-mod-gd +php7-mod-iconv +php7-mod-json +php7-mod-mbstring +php7-mod-opcache +php7-mod-session +php7-mod-zip +php7-mod-sqlite3 +php7-mod-pdo +php7-mod-pdo-sqlite +php7-mod-pdo-mysql +php7-cgi +php7-mod-dom
LUCI_PKGARCH:=all
PKG_VERSION:=13
PKG_DATE:=20200612
PKG_DATE:=20210505
include $(TOPDIR)/feeds/luci/luci.mk

18
package/lean/luci-app-ssr-plus/Makefile
View File

@ -1,15 +1,17 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-ssr-plus
PKG_VERSION:=183
PKG_RELEASE:=11
PKG_VERSION:=184
PKG_RELEASE:=2
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2 \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs \
@ -27,7 +29,9 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +dns2socks +dnsmasq-full +ipset +ip-f
+PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2:redsocks2 \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-local \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-redir \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server:shadowsocks-libev-ss-server \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust:shadowsocks-rust-sslocal \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server:shadowsocks-rust-ssserver \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-ssr-local \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-ssr-redir \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server:shadowsocksr-libev-ssr-server \
@ -55,18 +59,26 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks
bool "Include Shadowsocks Libev"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server
bool "Include Shadowsocks Server"
default y if i386||x86_64||arm
config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust
bool "Include Shadowsocks Rust (AEAD cipher only)"
depends on aarch64||arm||i386||mips||mipsel||x86_64
default y if aarch64
config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server
bool "Include Shadowsocks Rust Server"
default y if aarch64
config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR
bool "Include ShadowsocksR Libev"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server
bool "Include ShadowsocksR Server"
default y if aarch64||arm||i386||x86_64
default n
config PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs
bool "Include Shadowsocks Simple Obfs Plugin"

15
package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
View File

@ -45,8 +45,8 @@ local encrypt_methods_ss = {
"aes-192-gcm",
"aes-256-gcm",
"chacha20-ietf-poly1305",
"xchacha20-ietf-poly1305",
-- stream
"xchacha20-ietf-poly1305"
--[[ stream
"table",
"rc4",
"rc4-md5",
@ -62,17 +62,18 @@ local encrypt_methods_ss = {
"camellia-256-cfb",
"salsa20",
"chacha20",
"chacha20-ietf"
"chacha20-ietf" ]]
}
local encrypt_methods_v2ray_ss = {
-- xray_ss
"none",
"plain",
--[[ stream
"aes-128-cfb",
"aes-256-cfb",
"chacha20",
"chacha20-ietf",
"chacha20-ietf", ]]
-- aead
"aes-128-gcm",
"aes-256-gcm",
@ -331,6 +332,7 @@ o:value("kcp", "mKCP")
o:value("ws", "WebSocket")
o:value("h2", "HTTP/2")
o:value("quic", "QUIC")
o:value("grpc", "gRPC")
o.rmempty = true
o:depends("type", "v2ray")
@ -380,6 +382,11 @@ o = s:option(Value, "h2_path", translate("HTTP/2 Path"))
o:depends("transport", "h2")
o.rmempty = true
-- gRPC
o = s:option(Value, "serviceName", translate("serviceName"))
o:depends("transport", "grpc")
o.rmempty = true
-- [[ QUIC部分 ]]--
o = s:option(ListValue, "quic_security", translate("QUIC Security"))
o:depends("transport", "quic")

38
package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
View File

@ -32,6 +32,32 @@ local encrypt_methods = {
"chacha20-ietf"
}
local encrypt_methods_ss = {
-- aead
"aes-128-gcm",
"aes-192-gcm",
"aes-256-gcm",
"chacha20-ietf-poly1305",
"xchacha20-ietf-poly1305"
--[[ stream
"table",
"rc4",
"rc4-md5",
"aes-128-cfb",
"aes-192-cfb",
"aes-256-cfb",
"aes-128-ctr",
"aes-192-ctr",
"aes-256-ctr",
"bf-cfb",
"camellia-128-cfb",
"camellia-192-cfb",
"camellia-256-cfb",
"salsa20",
"chacha20",
"chacha20-ietf" ]]
}
local protocol = {"origin"}
obfs = {"plain", "http_simple", "http_post"}
@ -55,6 +81,9 @@ o.rmempty = false
o = s:option(ListValue, "type", translate("Server Type"))
o:value("socks5", translate("Socks5"))
if nixio.fs.access("/usr/bin/ssserver") or nixio.fs.access("/usr/bin/ss-server") then
o:value("ss", translate("Shadowsocks"))
end
if nixio.fs.access("/usr/bin/ssr-server") then
o:value("ssr", translate("ShadowsocksR"))
end
@ -71,6 +100,7 @@ o = s:option(Value, "timeout", translate("Connection Timeout"))
o.datatype = "uinteger"
o.default = 60
o.rmempty = false
o:depends("type", "ss")
o:depends("type", "ssr")
o = s:option(Value, "username", translate("Username"))
@ -88,6 +118,13 @@ end
o.rmempty = false
o:depends("type", "ssr")
o = s:option(ListValue, "encrypt_method_ss", translate("Encrypt Method"))
for _, v in ipairs(encrypt_methods_ss) do
o:value(v)
end
o.rmempty = false
o:depends("type", "ss")
o = s:option(ListValue, "protocol", translate("Protocol"))
for _, v in ipairs(protocol) do
o:value(v)
@ -107,6 +144,7 @@ o:depends("type", "ssr")
o = s:option(Flag, "fast_open", translate("TCP Fast Open"))
o.rmempty = false
o:depends("type", "ss")
o:depends("type", "ssr")
return m

34
package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
View File

@ -28,6 +28,32 @@ local encrypt_methods = {
"chacha20-ietf"
}
local encrypt_methods_ss = {
-- aead
"aes-128-gcm",
"aes-192-gcm",
"aes-256-gcm",
"chacha20-ietf-poly1305",
"xchacha20-ietf-poly1305"
--[[ stream
"table",
"rc4",
"rc4-md5",
"aes-128-cfb",
"aes-192-cfb",
"aes-256-cfb",
"aes-128-ctr",
"aes-192-ctr",
"aes-256-ctr",
"bf-cfb",
"camellia-128-cfb",
"camellia-192-cfb",
"camellia-256-cfb",
"salsa20",
"chacha20",
"chacha20-ietf" ]]
}
local protocol = {
"origin",
"verify_deflate",
@ -76,7 +102,7 @@ o.rmempty = false
o = sec:option(DummyValue, "type", translate("Server Type"))
function o.cfgvalue(...)
return Value.cfgvalue(...) or "ssr"
return Value.cfgvalue(...) or "ss"
end
o = sec:option(DummyValue, "server_port", translate("Server Port"))
@ -95,6 +121,12 @@ function o.cfgvalue(...)
return v and v:upper() or "-"
end
o = sec:option(DummyValue, "encrypt_method_ss", translate("Encrypt Method"))
function o.cfgvalue(...)
local v = Value.cfgvalue(...)
return v and v:upper() or "-"
end
o = sec:option(DummyValue, "protocol", translate("Protocol"))
function o.cfgvalue(...)
return Value.cfgvalue(...) or "-"

3
package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
View File

@ -338,6 +338,9 @@ function import_ssr_url(btn, urlname, sid) {
document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_security')[0].value = queryParam.quicSecurity || "none";
document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_key')[0].value = queryParam.key;
break;
case "grpc":
document.getElementsByName('cbid.shadowsocksr.' + sid + '.serviceName')[0].value = queryParam.serviceName;
break;
default:
if (queryParam.security == "xtls") {
document.getElementsByName('cbid.shadowsocksr.' + sid + '.xtls')[0].checked = true;

72
package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
View File

@ -22,7 +22,6 @@ tcp_config_file=
udp_config_file=
shunt_config_file=
local_config_file=
server_config_file=
shunt_dns_config_file=
tmp_local_port=
ARG_UDP=
@ -228,26 +227,43 @@ start_dns() {
}
gen_service_file() {
if [ $(uci_get_by_name $1 fast_open) == "1" ]; then
fastopen="true"
if [ $(uci_get_by_name $2 fast_open) == "1" ]; then
local fastopen="true"
else
fastopen="false"
local fastopen="false"
fi
if [ $1 == "ssr" ]; then
cat <<-EOF >$3
{
"server": "0.0.0.0",
"server_ipv6": "::",
"server_port": $(uci_get_by_name $2 server_port),
"mode": "tcp_and_udp",
"password": "$(uci_get_by_name $2 password)",
"timeout": $(uci_get_by_name $2 timeout 60),
"method": "$(uci_get_by_name $2 encrypt_method)",
"protocol": "$(uci_get_by_name $2 protocol)",
"protocol_param": "$(uci_get_by_name $2 protocol_param)",
"obfs": "$(uci_get_by_name $2 obfs)",
"obfs_param": "$(uci_get_by_name $2 obfs_param)",
"fast_open": $fastopen
}
EOF
else
cat <<-EOF >$3
{
"server": "0.0.0.0",
"server_ipv6": "::",
"server_port": $(uci_get_by_name $2 server_port),
"mode": "tcp_and_udp",
"password": "$(uci_get_by_name $2 password)",
"timeout": $(uci_get_by_name $2 timeout 60),
"method": "$(uci_get_by_name $2 encrypt_method_ss)",
"protocol": "socks",
"fast_open": $fastopen
}
EOF
fi
cat <<-EOF >$2
{
"server": "0.0.0.0",
"server_ipv6": "::",
"server_port": $(uci_get_by_name $1 server_port),
"password": "$(uci_get_by_name $1 password)",
"timeout": $(uci_get_by_name $1 timeout 60),
"method": "$(uci_get_by_name $1 encrypt_method)",
"protocol": "$(uci_get_by_name $1 protocol)",
"protocol_param": "$(uci_get_by_name $1 protocol_param)",
"obfs": "$(uci_get_by_name $1 obfs)",
"obfs_param": "$(uci_get_by_name $1 obfs_param)",
"fast_open": $fastopen
}
EOF
}
get_name() {
@ -674,15 +690,19 @@ start_server() {
iptables -N SSR-SERVER-RULE && iptables -t filter -I INPUT -j SSR-SERVER-RULE
fi
fi
if [ "$(uci_get_by_name $1 type ssr)" == "ssr" ]; then
gen_service_file $1 $server_config_file/ssr-server$server_count.json
ln_start_bin $(first_type ssr-server) ssr-server -c $server_config_file/ssr-server$server_count.json -u
echolog "Server:ShadowsocksR Server$server_count Started!"
else
local type=$(uci_get_by_name $1 type)
case "$type" in
ss | ssr)
gen_service_file ${type} $1 $TMP_PATH/ssr-server$server_count.json
ln_start_bin $(first_type ${type}server ${type}-server) ${type}-server -c $TMP_PATH/ssr-server$server_count.json
echolog "Server: $(get_name ${type}) Server$server_count Started!"
;;
socks5)
[ -e /proc/sys/net/ipv6 ] && local listenip='-i ::'
ln_start_bin $(first_type microsocks) microsocks $listenip -p $(uci_get_by_name $1 server_port) -1 -u $(uci_get_by_name $1 username) -P $(uci_get_by_name $1 password) ssr-server$server_count
echolog "Server:Socks5 Server$server_count Started!"
fi
;;
esac
iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT
iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT
return 0
@ -851,7 +871,7 @@ stop() {
killall -q -9 v2ray-plugin obfs-local xray-plugin
rm -f /var/lock/ssr-monitor.lock
if [ -f "/var/dnsmasq.d/dnsmasq-ssrplus.conf" ]; then
rm -rf /var/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json
rm -rf /var/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
del_cron

4
package/lean/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt
View File

@ -1712,7 +1712,6 @@
59.153.116.0/22
59.153.136.0/22
59.153.152.0/22
59.153.156.0/22
59.153.164.0/22
59.153.168.0/22
59.153.172.0/22
@ -4144,6 +4143,8 @@
103.166.50.0/23
103.166.52.0/23
103.166.54.0/23
103.166.84.0/23
103.166.138.0/23
103.192.0.0/22
103.192.4.0/22
103.192.8.0/22
@ -4215,7 +4216,6 @@
103.198.156.0/22
103.198.180.0/22
103.198.196.0/22
103.198.200.0/22
103.198.216.0/22
103.198.220.0/22
103.198.224.0/22

2
package/lean/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf
View File

@ -9440,6 +9440,8 @@ server=/hpto.net/127.0.0.1#5335
ipset=/hpto.net/gfwlist
server=/pricelesshonolulu.com/127.0.0.1#5335
ipset=/pricelesshonolulu.com/gfwlist
server=/facebook-hardware.com/127.0.0.1#5335
ipset=/facebook-hardware.com/gfwlist
server=/adblockplus.org/127.0.0.1#5335
ipset=/adblockplus.org/gfwlist
server=/shopee.co.id/127.0.0.1#5335

9
package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
View File

@ -117,7 +117,7 @@ local Xray = {
-- 底层传输配置
streamSettings = {
network = server.transport or "tcp",
security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or nil,
security = (server.xtls == '1') and "xtls" or (server.tls == '1'or server.transport == "grpc") and "tls" or nil,
tlsSettings = (server.tls == '1' and (server.insecure == "1" or server.tls_host or server.fingerprint)) and {
-- tls
fingerprint = server.fingerprint,
@ -169,9 +169,14 @@ local Xray = {
security = server.quic_security,
key = server.quic_key,
header = {type = server.quic_guise}
} or nil,
grpcSettings = (server.transport == "grpc") and {
-- grpc
serviceName = server.serviceName or "",
multiMode = (server.mux == "1") and true or false
} or nil
},
mux = (server.mux == "1" and server.xtls ~= "1") and {
mux = (server.mux == "1" and server.xtls ~= "1" and server.transport ~= "grpc") and {
-- mux
enabled = true,
concurrency = tonumber(server.concurrency)

46
package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
View File

@ -28,6 +28,31 @@ local v2_tj = luci.sys.exec('type -t -p trojan') ~= "" and "trojan" or "v2ray"
local log = function(...)
print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " "))
end
local encrypt_methods_ss = {
-- aead
"aes-128-gcm",
"aes-192-gcm",
"aes-256-gcm",
"chacha20-ietf-poly1305",
"xchacha20-ietf-poly1305"
--[[ stream
"table",
"rc4",
"rc4-md5",
"aes-128-cfb",
"aes-192-cfb",
"aes-256-cfb",
"aes-128-ctr",
"aes-192-ctr",
"aes-256-ctr",
"bf-cfb",
"camellia-128-cfb",
"camellia-192-cfb",
"camellia-256-cfb",
"salsa20",
"chacha20",
"chacha20-ietf" ]]
}
-- 分割字符串
local function split(full, sep)
full = full:gsub("%z", "") -- 这里不是很清楚 有时候结尾带个\0
@ -96,6 +121,15 @@ local function base64Decode(text)
return raw
end
end
-- 检查数组(table)中是否存在某个字符值
-- https://www.04007.cn/article/135.html
local function checkTabValue(tab)
local revtab = {}
for k,v in pairs(tab) do
revtab[v] = true
end
return revtab
end
-- 处理数据
local function processData(szType, content)
local result = {type = szType, local_port = 1234, kcp_param = '--nocomp'}
@ -209,8 +243,13 @@ local function processData(szType, content)
else
result.server_port = host[2]
end
result.encrypt_method_ss = method
result.password = password
if checkTabValue(encrypt_methods_ss)[method] then
result.encrypt_method_ss = method
result.password = password
else
-- 1202 年了还不支持 SS AEAD 的屑机场
result = nil
end
elseif szType == "ssd" then
result.type = "ss"
result.server = content.server
@ -313,6 +352,9 @@ local function processData(szType, content)
result.quic_key = params.key
result.quic_security = params.quicSecurity or "none"
end
if params.type == 'grpc' then
result.serviceName = params.serviceName
end
if params.security == "tls" then
result.tls = "1"
result.tls_host = params.sni or host[1]

4
package/lean/qt5/Makefile
View File

@ -15,7 +15,7 @@ QT5_VERSION_PATCH:=2
PKG_NAME:=qt5
PKG_VERSION:=$(QT5_VERSION_MAJOR_MINOR)$(if $(QT5_VERSION_PATCH),.$(QT5_VERSION_PATCH))
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=qt-everywhere-src-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://mirrors.tencent.com/qt/archive/qt/$(QT5_VERSION_MAJOR_MINOR)/$(PKG_VERSION)/single/ \
@ -60,7 +60,7 @@ endef
define Package/qt5-network
$(call Package/qt5/Default)
TITLE+=network
DEPENDS+=+qt5-core +libopenssl
DEPENDS+=+qt5-core +krb5-libs +libopenssl
endef
define Package/qt5-sql

4
package/network/services/dnsmasq/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_VERSION:=2.84
PKG_VERSION:=2.85
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
PKG_HASH:=603195c64b73137609b07e1024ae0b37f652b2f5fe467dce66985b3d1850050c
PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING

21
package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch
View File

@ -1,4 +1,4 @@
From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001
From 02fbe60e1c7e74d2ba57109575e7bfc238b1b5d4 Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Sun, 5 Apr 2020 17:18:23 +0100
Subject: [PATCH] drop runtime old kernel support
@ -8,9 +8,8 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
src/dnsmasq.c | 4 ----
src/dnsmasq.h | 5 +---
src/ipset.c | 64 ++++-----------------------------------------------
src/netlink.c | 3 +--
src/util.c | 19 ---------------
5 files changed, 6 insertions(+), 89 deletions(-)
4 files changed, 5 insertions(+), 87 deletions(-)
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@ -27,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1125,7 +1125,7 @@ extern struct daemon {
@@ -1144,7 +1144,7 @@ extern struct daemon {
int inotifyfd;
#endif
#if defined(HAVE_LINUX_NETWORK)
@ -36,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
#elif defined(HAVE_BSD_NETWORK)
int dhcp_raw_fd, dhcp_icmp_fd, routefd;
#endif
@@ -1306,9 +1306,6 @@ int read_write(int fd, unsigned char *pa
@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa
void close_fds(long max_fd, int spare1, int spare2, int spare3);
int wildcard_match(const char* wildcard, const char* match);
int wildcard_matchn(const char* wildcard, const char* match, int num);
@ -139,18 +138,6 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
if (ret == -1)
my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -92,8 +92,7 @@ char *netlink_init(void)
iov.iov_len = 100;
iov.iov_base = safe_malloc(iov.iov_len);
- if (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
- setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
+ if (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
return _("warning: failed to set NETLINK_NO_ENOBUFS on netlink socket");
return NULL;
--- a/src/util.c
+++ b/src/util.c
@@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard

18
package/network/services/dnsmasq/patches/910-mini-ttl.patch
View File

@ -1,6 +1,6 @@
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1042,7 +1042,7 @@ extern struct daemon {
@@ -1059,7 +1059,7 @@ extern struct daemon {
int max_logs; /* queue limit */
int cachesize, ftabsize;
int port, query_port, min_port, max_port;
@ -11,15 +11,15 @@
struct dhcp_context *dhcp, *dhcp6;
--- a/src/option.c
+++ b/src/option.c
@@ -168,6 +168,7 @@ struct myoption {
#define LOPT_SINGLE_PORT 359
#define LOPT_SCRIPT_TIME 360
@@ -170,6 +170,7 @@ struct myoption {
#define LOPT_PXE_VENDOR 361
+#define LOPT_MINTTL 362
#define LOPT_DYNHOST 362
#define LOPT_LOG_DEBUG 363
+#define LOPT_MINTTL 364
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -286,6 +287,7 @@ static const struct myoption opts[] =
@@ -288,6 +289,7 @@ static const struct myoption opts[] =
{ "dhcp-name-match", 1, 0, LOPT_NAME_MATCH },
{ "dhcp-broadcast", 2, 0, LOPT_BROADCAST },
{ "neg-ttl", 1, 0, LOPT_NEGTTL },
@ -27,7 +27,7 @@
{ "max-ttl", 1, 0, LOPT_MAXTTL },
{ "min-cache-ttl", 1, 0, LOPT_MINCTTL },
{ "max-cache-ttl", 1, 0, LOPT_MAXCTTL },
@@ -413,6 +415,7 @@ static struct {
@@ -417,6 +419,7 @@ static struct {
{ 't', ARG_ONE, "<host_name>", gettext_noop("Specify default target in an MX record."), NULL },
{ 'T', ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL },
{ LOPT_NEGTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL },
@ -35,7 +35,7 @@
{ LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
{ LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
{ LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
@@ -2823,6 +2826,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
@@ -2835,6 +2838,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
case 'T': /* --local-ttl */
case LOPT_NEGTTL: /* --neg-ttl */
@ -43,7 +43,7 @@
case LOPT_MAXTTL: /* --max-ttl */
case LOPT_MINCTTL: /* --min-cache-ttl */
case LOPT_MAXCTTL: /* --max-cache-ttl */
@@ -2834,6 +2838,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
@@ -2846,6 +2850,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
ret_err(gen_err);
else if (option == LOPT_NEGTTL)
daemon->neg_ttl = (unsigned long)ttl;

30
package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch
View File

@ -11,35 +11,35 @@ Subject: [PATCH] add filter-aaaa option
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -269,7 +269,8 @@
#define OPT_IGNORE_CLID 59
@@ -270,7 +270,8 @@ struct event_desc {
#define OPT_SINGLE_PORT 60
#define OPT_LEASE_RENEW 61
-#define OPT_LAST 62
+#define OPT_FILTER_AAAA 62
+#define OPT_LAST 63
#define OPT_LOG_DEBUG 62
-#define OPT_LAST 63
+#define OPT_FILTER_AAAA 63
+#define OPT_LAST 64
#define OPTION_BITS (sizeof(unsigned int)*8)
#define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
--- a/src/option.c
+++ b/src/option.c
@@ -169,6 +169,7 @@ struct myoption {
#define LOPT_SCRIPT_TIME 360
#define LOPT_PXE_VENDOR 361
#define LOPT_MINTTL 362
+#define LOPT_FILTER_AAAA 363
@@ -171,6 +171,7 @@ struct myoption {
#define LOPT_DYNHOST 362
#define LOPT_LOG_DEBUG 363
#define LOPT_MINTTL 364
+#define LOPT_FILTER_AAAA 365
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -343,6 +344,7 @@ static const struct myoption opts[] =
{ "dumpfile", 1, 0, LOPT_DUMPFILE },
{ "dumpmask", 1, 0, LOPT_DUMPMASK },
@@ -347,6 +348,7 @@ static const struct myoption opts[] =
{ "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID },
{ "dynamic-host", 1, 0, LOPT_DYNHOST },
{ "log-debug", 0, 0, LOPT_LOG_DEBUG },
+ { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA },
{ NULL, 0, 0, 0 }
};
@@ -524,6 +526,7 @@ static struct {
@@ -530,6 +532,7 @@ static struct {
{ LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
{ LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
@ -49,7 +49,7 @@ Subject: [PATCH] add filter-aaaa option
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1926,6 +1926,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
@@ -1913,6 +1913,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
}
}

2
package/network/utils/ltq-dsl-base/Makefile
View File

@ -10,6 +10,8 @@ PKG_RELEASE:=3
PKG_FLAGS:=nonshared
PKG_FLAGS:=nonshared
include $(INCLUDE_DIR)/package.mk
define Package/ltq-dsl-base

2
package/utils/busybox/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=busybox
PKG_VERSION:=1.33.0
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_FLAGS:=essential
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2

52
package/utils/busybox/patches/005-backport-CVE-2021-28831.patch Normal file
View File

@ -0,0 +1,52 @@
From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001
From: Samuel Sapalski <samuel.sapalski@nokia.com>
Date: Wed, 3 Mar 2021 16:31:22 +0100
Subject: decompress_gunzip: Fix DoS if gzip is corrupt
On certain corrupt gzip files, huft_build will set the error bit on
the result pointer. If afterwards abort_unzip is called huft_free
might run into a segmentation fault or an invalid pointer to
free(p).
In order to mitigate this, we check in huft_free if the error bit
is set and clear it before the linked list is freed.
Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
archival/libarchive/decompress_gunzip.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/archival/libarchive/decompress_gunzip.c
+++ b/archival/libarchive/decompress_gunzip.c
@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = {
* each table.
* t: table to free
*/
+#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
+#define ERR_RET ((huft_t*)(uintptr_t)1)
static void huft_free(huft_t *p)
{
huft_t *q;
+ /*
+ * If 'p' has the error bit set we have to clear it, otherwise we might run
+ * into a segmentation fault or an invalid pointer to free(p)
+ */
+ if (BAD_HUFT(p)) {
+ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
+ }
+
/* Go through linked list, freeing from the malloced (t[-1]) address. */
while (p) {
q = (--p)->v.t;
@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PAR
* or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
* is given: "fixed inflate" decoder feeds us such data.
*/
-#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
-#define ERR_RET ((huft_t*)(uintptr_t)1)
static huft_t* huft_build(const unsigned *b, const unsigned n,
const unsigned s, const struct cp_ext *cp_ext,
unsigned *m)