diff --git a/include/target.mk b/include/target.mk index 530e711fa5..c1dbd58687 100644 --- a/include/target.mk +++ b/include/target.mk @@ -11,7 +11,7 @@ DEVICE_TYPE?=router # Default packages - the really basic set DEFAULT_PACKAGES:=base-files libc libgcc dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd \ -block-mount kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw wget libustream-openssl ca-certificates \ +block-mount kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw wget-ssl libustream-openssl ca-certificates \ default-settings luci luci-app-ddns luci-app-upnp luci-app-adbyby-plus luci-app-autoreboot \ luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-unblockmusic \ luci-app-arpbind luci-app-vlmcsd luci-app-wol luci-app-ramfree \ diff --git a/package/lean/luci-app-kodexplorer/Makefile b/package/lean/luci-app-kodexplorer/Makefile index c5b535955b..50e3a675dd 100644 --- a/package/lean/luci-app-kodexplorer/Makefile +++ b/package/lean/luci-app-kodexplorer/Makefile @@ -6,10 +6,10 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=LuCI support for KodExplorer -LUCI_DEPENDS:=+nginx-ssl +unzip +zoneinfo-asia +php7 +php7-fpm +php7-mod-curl +php7-mod-gd +php7-mod-iconv +php7-mod-json +php7-mod-mbstring +php7-mod-opcache +php7-mod-session +php7-mod-zip +php7-mod-sqlite3 +php7-mod-pdo +php7-mod-pdo-sqlite +php7-mod-pdo-mysql +LUCI_DEPENDS:=+nginx-ssl +unzip +zoneinfo-asia +php7 +php7-fpm +php7-mod-curl +php7-mod-gd +php7-mod-iconv +php7-mod-json +php7-mod-mbstring +php7-mod-opcache +php7-mod-session +php7-mod-zip +php7-mod-sqlite3 +php7-mod-pdo +php7-mod-pdo-sqlite +php7-mod-pdo-mysql +php7-cgi +php7-mod-dom LUCI_PKGARCH:=all PKG_VERSION:=13 -PKG_DATE:=20200612 +PKG_DATE:=20210505 include $(TOPDIR)/feeds/luci/luci.mk diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile index 6d9a21fba1..92d09a5efd 100644 --- a/package/lean/luci-app-ssr-plus/Makefile +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -1,15 +1,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ssr-plus -PKG_VERSION:=183 -PKG_RELEASE:=11 +PKG_VERSION:=184 +PKG_RELEASE:=2 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2 \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks \ + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust \ + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs \ @@ -27,7 +29,9 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +dns2socks +dnsmasq-full +ipset +ip-f +PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2:redsocks2 \ +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-local \ +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-redir \ + +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server:shadowsocks-libev-ss-server \ +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust:shadowsocks-rust-sslocal \ + +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server:shadowsocks-rust-ssserver \ +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-ssr-local \ +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-ssr-redir \ +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server:shadowsocksr-libev-ssr-server \ @@ -55,18 +59,26 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks bool "Include Shadowsocks Libev" default y +config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server + bool "Include Shadowsocks Server" + default y if i386||x86_64||arm + config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust bool "Include Shadowsocks Rust (AEAD cipher only)" depends on aarch64||arm||i386||mips||mipsel||x86_64 default y if aarch64 +config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server + bool "Include Shadowsocks Rust Server" + default y if aarch64 + config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR bool "Include ShadowsocksR Libev" default y config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server bool "Include ShadowsocksR Server" - default y if aarch64||arm||i386||x86_64 + default n config PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs bool "Include Shadowsocks Simple Obfs Plugin" diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua index 36ce13a50c..90abeb591b 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua @@ -45,8 +45,8 @@ local encrypt_methods_ss = { "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305", - -- stream + "xchacha20-ietf-poly1305" + --[[ stream "table", "rc4", "rc4-md5", @@ -62,17 +62,18 @@ local encrypt_methods_ss = { "camellia-256-cfb", "salsa20", "chacha20", - "chacha20-ietf" + "chacha20-ietf" ]] } local encrypt_methods_v2ray_ss = { -- xray_ss "none", "plain", + --[[ stream "aes-128-cfb", "aes-256-cfb", "chacha20", - "chacha20-ietf", + "chacha20-ietf", ]] -- aead "aes-128-gcm", "aes-256-gcm", @@ -331,6 +332,7 @@ o:value("kcp", "mKCP") o:value("ws", "WebSocket") o:value("h2", "HTTP/2") o:value("quic", "QUIC") +o:value("grpc", "gRPC") o.rmempty = true o:depends("type", "v2ray") @@ -380,6 +382,11 @@ o = s:option(Value, "h2_path", translate("HTTP/2 Path")) o:depends("transport", "h2") o.rmempty = true +-- gRPC +o = s:option(Value, "serviceName", translate("serviceName")) +o:depends("transport", "grpc") +o.rmempty = true + -- [[ QUIC部分 ]]-- o = s:option(ListValue, "quic_security", translate("QUIC Security")) o:depends("transport", "quic") diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua index 1fe01f5182..fe3fc4b22e 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua @@ -32,6 +32,32 @@ local encrypt_methods = { "chacha20-ietf" } +local encrypt_methods_ss = { + -- aead + "aes-128-gcm", + "aes-192-gcm", + "aes-256-gcm", + "chacha20-ietf-poly1305", + "xchacha20-ietf-poly1305" + --[[ stream + "table", + "rc4", + "rc4-md5", + "aes-128-cfb", + "aes-192-cfb", + "aes-256-cfb", + "aes-128-ctr", + "aes-192-ctr", + "aes-256-ctr", + "bf-cfb", + "camellia-128-cfb", + "camellia-192-cfb", + "camellia-256-cfb", + "salsa20", + "chacha20", + "chacha20-ietf" ]] +} + local protocol = {"origin"} obfs = {"plain", "http_simple", "http_post"} @@ -55,6 +81,9 @@ o.rmempty = false o = s:option(ListValue, "type", translate("Server Type")) o:value("socks5", translate("Socks5")) +if nixio.fs.access("/usr/bin/ssserver") or nixio.fs.access("/usr/bin/ss-server") then + o:value("ss", translate("Shadowsocks")) +end if nixio.fs.access("/usr/bin/ssr-server") then o:value("ssr", translate("ShadowsocksR")) end @@ -71,6 +100,7 @@ o = s:option(Value, "timeout", translate("Connection Timeout")) o.datatype = "uinteger" o.default = 60 o.rmempty = false +o:depends("type", "ss") o:depends("type", "ssr") o = s:option(Value, "username", translate("Username")) @@ -88,6 +118,13 @@ end o.rmempty = false o:depends("type", "ssr") +o = s:option(ListValue, "encrypt_method_ss", translate("Encrypt Method")) +for _, v in ipairs(encrypt_methods_ss) do + o:value(v) +end +o.rmempty = false +o:depends("type", "ss") + o = s:option(ListValue, "protocol", translate("Protocol")) for _, v in ipairs(protocol) do o:value(v) @@ -107,6 +144,7 @@ o:depends("type", "ssr") o = s:option(Flag, "fast_open", translate("TCP Fast Open")) o.rmempty = false +o:depends("type", "ss") o:depends("type", "ssr") return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua index d8c3565d33..9af220c5e0 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua @@ -28,6 +28,32 @@ local encrypt_methods = { "chacha20-ietf" } +local encrypt_methods_ss = { + -- aead + "aes-128-gcm", + "aes-192-gcm", + "aes-256-gcm", + "chacha20-ietf-poly1305", + "xchacha20-ietf-poly1305" + --[[ stream + "table", + "rc4", + "rc4-md5", + "aes-128-cfb", + "aes-192-cfb", + "aes-256-cfb", + "aes-128-ctr", + "aes-192-ctr", + "aes-256-ctr", + "bf-cfb", + "camellia-128-cfb", + "camellia-192-cfb", + "camellia-256-cfb", + "salsa20", + "chacha20", + "chacha20-ietf" ]] +} + local protocol = { "origin", "verify_deflate", @@ -76,7 +102,7 @@ o.rmempty = false o = sec:option(DummyValue, "type", translate("Server Type")) function o.cfgvalue(...) - return Value.cfgvalue(...) or "ssr" + return Value.cfgvalue(...) or "ss" end o = sec:option(DummyValue, "server_port", translate("Server Port")) @@ -95,6 +121,12 @@ function o.cfgvalue(...) return v and v:upper() or "-" end +o = sec:option(DummyValue, "encrypt_method_ss", translate("Encrypt Method")) +function o.cfgvalue(...) + local v = Value.cfgvalue(...) + return v and v:upper() or "-" +end + o = sec:option(DummyValue, "protocol", translate("Protocol")) function o.cfgvalue(...) return Value.cfgvalue(...) or "-" diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm index 106312812b..87f9211ee7 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm @@ -338,6 +338,9 @@ function import_ssr_url(btn, urlname, sid) { document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_security')[0].value = queryParam.quicSecurity || "none"; document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_key')[0].value = queryParam.key; break; + case "grpc": + document.getElementsByName('cbid.shadowsocksr.' + sid + '.serviceName')[0].value = queryParam.serviceName; + break; default: if (queryParam.security == "xtls") { document.getElementsByName('cbid.shadowsocksr.' + sid + '.xtls')[0].checked = true; diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index a690454727..90a2109eb1 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -22,7 +22,6 @@ tcp_config_file= udp_config_file= shunt_config_file= local_config_file= -server_config_file= shunt_dns_config_file= tmp_local_port= ARG_UDP= @@ -228,26 +227,43 @@ start_dns() { } gen_service_file() { - if [ $(uci_get_by_name $1 fast_open) == "1" ]; then - fastopen="true" + if [ $(uci_get_by_name $2 fast_open) == "1" ]; then + local fastopen="true" else - fastopen="false" + local fastopen="false" + fi + if [ $1 == "ssr" ]; then + cat <<-EOF >$3 + { + "server": "0.0.0.0", + "server_ipv6": "::", + "server_port": $(uci_get_by_name $2 server_port), + "mode": "tcp_and_udp", + "password": "$(uci_get_by_name $2 password)", + "timeout": $(uci_get_by_name $2 timeout 60), + "method": "$(uci_get_by_name $2 encrypt_method)", + "protocol": "$(uci_get_by_name $2 protocol)", + "protocol_param": "$(uci_get_by_name $2 protocol_param)", + "obfs": "$(uci_get_by_name $2 obfs)", + "obfs_param": "$(uci_get_by_name $2 obfs_param)", + "fast_open": $fastopen + } + EOF + else + cat <<-EOF >$3 + { + "server": "0.0.0.0", + "server_ipv6": "::", + "server_port": $(uci_get_by_name $2 server_port), + "mode": "tcp_and_udp", + "password": "$(uci_get_by_name $2 password)", + "timeout": $(uci_get_by_name $2 timeout 60), + "method": "$(uci_get_by_name $2 encrypt_method_ss)", + "protocol": "socks", + "fast_open": $fastopen + } + EOF fi - cat <<-EOF >$2 - { - "server": "0.0.0.0", - "server_ipv6": "::", - "server_port": $(uci_get_by_name $1 server_port), - "password": "$(uci_get_by_name $1 password)", - "timeout": $(uci_get_by_name $1 timeout 60), - "method": "$(uci_get_by_name $1 encrypt_method)", - "protocol": "$(uci_get_by_name $1 protocol)", - "protocol_param": "$(uci_get_by_name $1 protocol_param)", - "obfs": "$(uci_get_by_name $1 obfs)", - "obfs_param": "$(uci_get_by_name $1 obfs_param)", - "fast_open": $fastopen - } - EOF } get_name() { @@ -674,15 +690,19 @@ start_server() { iptables -N SSR-SERVER-RULE && iptables -t filter -I INPUT -j SSR-SERVER-RULE fi fi - if [ "$(uci_get_by_name $1 type ssr)" == "ssr" ]; then - gen_service_file $1 $server_config_file/ssr-server$server_count.json - ln_start_bin $(first_type ssr-server) ssr-server -c $server_config_file/ssr-server$server_count.json -u - echolog "Server:ShadowsocksR Server$server_count Started!" - else + local type=$(uci_get_by_name $1 type) + case "$type" in + ss | ssr) + gen_service_file ${type} $1 $TMP_PATH/ssr-server$server_count.json + ln_start_bin $(first_type ${type}server ${type}-server) ${type}-server -c $TMP_PATH/ssr-server$server_count.json + echolog "Server: $(get_name ${type}) Server$server_count Started!" + ;; + socks5) [ -e /proc/sys/net/ipv6 ] && local listenip='-i ::' ln_start_bin $(first_type microsocks) microsocks $listenip -p $(uci_get_by_name $1 server_port) -1 -u $(uci_get_by_name $1 username) -P $(uci_get_by_name $1 password) ssr-server$server_count echolog "Server:Socks5 Server$server_count Started!" - fi + ;; + esac iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT return 0 @@ -851,7 +871,7 @@ stop() { killall -q -9 v2ray-plugin obfs-local xray-plugin rm -f /var/lock/ssr-monitor.lock if [ -f "/var/dnsmasq.d/dnsmasq-ssrplus.conf" ]; then - rm -rf /var/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json + rm -rf /var/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi del_cron diff --git a/package/lean/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt b/package/lean/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt index a050aec670..6ab0c9fb16 100644 --- a/package/lean/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt +++ b/package/lean/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt @@ -1712,7 +1712,6 @@ 59.153.116.0/22 59.153.136.0/22 59.153.152.0/22 -59.153.156.0/22 59.153.164.0/22 59.153.168.0/22 59.153.172.0/22 @@ -4144,6 +4143,8 @@ 103.166.50.0/23 103.166.52.0/23 103.166.54.0/23 +103.166.84.0/23 +103.166.138.0/23 103.192.0.0/22 103.192.4.0/22 103.192.8.0/22 @@ -4215,7 +4216,6 @@ 103.198.156.0/22 103.198.180.0/22 103.198.196.0/22 -103.198.200.0/22 103.198.216.0/22 103.198.220.0/22 103.198.224.0/22 diff --git a/package/lean/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf b/package/lean/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf index a03e3979b4..d4f8e80651 100644 --- a/package/lean/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf +++ b/package/lean/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf @@ -9440,6 +9440,8 @@ server=/hpto.net/127.0.0.1#5335 ipset=/hpto.net/gfwlist server=/pricelesshonolulu.com/127.0.0.1#5335 ipset=/pricelesshonolulu.com/gfwlist +server=/facebook-hardware.com/127.0.0.1#5335 +ipset=/facebook-hardware.com/gfwlist server=/adblockplus.org/127.0.0.1#5335 ipset=/adblockplus.org/gfwlist server=/shopee.co.id/127.0.0.1#5335 diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua index 4ab0dd4df9..e60b69c37b 100644 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua @@ -117,7 +117,7 @@ local Xray = { -- 底层传输配置 streamSettings = { network = server.transport or "tcp", - security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or nil, + security = (server.xtls == '1') and "xtls" or (server.tls == '1'or server.transport == "grpc") and "tls" or nil, tlsSettings = (server.tls == '1' and (server.insecure == "1" or server.tls_host or server.fingerprint)) and { -- tls fingerprint = server.fingerprint, @@ -169,9 +169,14 @@ local Xray = { security = server.quic_security, key = server.quic_key, header = {type = server.quic_guise} + } or nil, + grpcSettings = (server.transport == "grpc") and { + -- grpc + serviceName = server.serviceName or "", + multiMode = (server.mux == "1") and true or false } or nil }, - mux = (server.mux == "1" and server.xtls ~= "1") and { + mux = (server.mux == "1" and server.xtls ~= "1" and server.transport ~= "grpc") and { -- mux enabled = true, concurrency = tonumber(server.concurrency) diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua index bdafd05d36..5bd2871c89 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua @@ -28,6 +28,31 @@ local v2_tj = luci.sys.exec('type -t -p trojan') ~= "" and "trojan" or "v2ray" local log = function(...) print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " ")) end +local encrypt_methods_ss = { + -- aead + "aes-128-gcm", + "aes-192-gcm", + "aes-256-gcm", + "chacha20-ietf-poly1305", + "xchacha20-ietf-poly1305" + --[[ stream + "table", + "rc4", + "rc4-md5", + "aes-128-cfb", + "aes-192-cfb", + "aes-256-cfb", + "aes-128-ctr", + "aes-192-ctr", + "aes-256-ctr", + "bf-cfb", + "camellia-128-cfb", + "camellia-192-cfb", + "camellia-256-cfb", + "salsa20", + "chacha20", + "chacha20-ietf" ]] +} -- 分割字符串 local function split(full, sep) full = full:gsub("%z", "") -- 这里不是很清楚 有时候结尾带个\0 @@ -96,6 +121,15 @@ local function base64Decode(text) return raw end end +-- 检查数组(table)中是否存在某个字符值 +-- https://www.04007.cn/article/135.html +local function checkTabValue(tab) + local revtab = {} + for k,v in pairs(tab) do + revtab[v] = true + end + return revtab +end -- 处理数据 local function processData(szType, content) local result = {type = szType, local_port = 1234, kcp_param = '--nocomp'} @@ -209,8 +243,13 @@ local function processData(szType, content) else result.server_port = host[2] end - result.encrypt_method_ss = method - result.password = password + if checkTabValue(encrypt_methods_ss)[method] then + result.encrypt_method_ss = method + result.password = password + else + -- 1202 年了还不支持 SS AEAD 的屑机场 + result = nil + end elseif szType == "ssd" then result.type = "ss" result.server = content.server @@ -313,6 +352,9 @@ local function processData(szType, content) result.quic_key = params.key result.quic_security = params.quicSecurity or "none" end + if params.type == 'grpc' then + result.serviceName = params.serviceName + end if params.security == "tls" then result.tls = "1" result.tls_host = params.sni or host[1] diff --git a/package/lean/qt5/Makefile b/package/lean/qt5/Makefile index ee3794ffb9..595bc2e587 100644 --- a/package/lean/qt5/Makefile +++ b/package/lean/qt5/Makefile @@ -15,7 +15,7 @@ QT5_VERSION_PATCH:=2 PKG_NAME:=qt5 PKG_VERSION:=$(QT5_VERSION_MAJOR_MINOR)$(if $(QT5_VERSION_PATCH),.$(QT5_VERSION_PATCH)) -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=qt-everywhere-src-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://mirrors.tencent.com/qt/archive/qt/$(QT5_VERSION_MAJOR_MINOR)/$(PKG_VERSION)/single/ \ @@ -60,7 +60,7 @@ endef define Package/qt5-network $(call Package/qt5/Default) TITLE+=network - DEPENDS+=+qt5-core +libopenssl + DEPENDS+=+qt5-core +krb5-libs +libopenssl endef define Package/qt5-sql diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index fcba34c7fe..b1d41fe86a 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.84 +PKG_VERSION:=2.85 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq -PKG_HASH:=603195c64b73137609b07e1024ae0b37f652b2f5fe467dce66985b3d1850050c +PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch index bd11806ae0..b601bce1a9 100644 --- a/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch +++ b/package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch @@ -1,4 +1,4 @@ -From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001 +From 02fbe60e1c7e74d2ba57109575e7bfc238b1b5d4 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sun, 5 Apr 2020 17:18:23 +0100 Subject: [PATCH] drop runtime old kernel support @@ -8,9 +8,8 @@ Signed-off-by: Kevin Darbyshire-Bryant src/dnsmasq.c | 4 ---- src/dnsmasq.h | 5 +--- src/ipset.c | 64 ++++----------------------------------------------- - src/netlink.c | 3 +-- src/util.c | 19 --------------- - 5 files changed, 6 insertions(+), 89 deletions(-) + 4 files changed, 5 insertions(+), 87 deletions(-) --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -27,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1125,7 +1125,7 @@ extern struct daemon { +@@ -1144,7 +1144,7 @@ extern struct daemon { int inotifyfd; #endif #if defined(HAVE_LINUX_NETWORK) @@ -36,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant #elif defined(HAVE_BSD_NETWORK) int dhcp_raw_fd, dhcp_icmp_fd, routefd; #endif -@@ -1306,9 +1306,6 @@ int read_write(int fd, unsigned char *pa +@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa void close_fds(long max_fd, int spare1, int spare2, int spare3); int wildcard_match(const char* wildcard, const char* match); int wildcard_matchn(const char* wildcard, const char* match, int num); @@ -139,18 +138,6 @@ Signed-off-by: Kevin Darbyshire-Bryant if (ret == -1) my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno)); ---- a/src/netlink.c -+++ b/src/netlink.c -@@ -92,8 +92,7 @@ char *netlink_init(void) - iov.iov_len = 100; - iov.iov_base = safe_malloc(iov.iov_len); - -- if (daemon->kernel_version >= KERNEL_VERSION(2,6,30) && -- setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) -+ if (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1) - return _("warning: failed to set NETLINK_NO_ENOBUFS on netlink socket"); - - return NULL; --- a/src/util.c +++ b/src/util.c @@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard diff --git a/package/network/services/dnsmasq/patches/910-mini-ttl.patch b/package/network/services/dnsmasq/patches/910-mini-ttl.patch index f6988f4f5c..88e7bbe383 100644 --- a/package/network/services/dnsmasq/patches/910-mini-ttl.patch +++ b/package/network/services/dnsmasq/patches/910-mini-ttl.patch @@ -1,6 +1,6 @@ --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -1042,7 +1042,7 @@ extern struct daemon { +@@ -1059,7 +1059,7 @@ extern struct daemon { int max_logs; /* queue limit */ int cachesize, ftabsize; int port, query_port, min_port, max_port; @@ -11,15 +11,15 @@ struct dhcp_context *dhcp, *dhcp6; --- a/src/option.c +++ b/src/option.c -@@ -168,6 +168,7 @@ struct myoption { - #define LOPT_SINGLE_PORT 359 - #define LOPT_SCRIPT_TIME 360 +@@ -170,6 +170,7 @@ struct myoption { #define LOPT_PXE_VENDOR 361 -+#define LOPT_MINTTL 362 + #define LOPT_DYNHOST 362 + #define LOPT_LOG_DEBUG 363 ++#define LOPT_MINTTL 364 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -286,6 +287,7 @@ static const struct myoption opts[] = +@@ -288,6 +289,7 @@ static const struct myoption opts[] = { "dhcp-name-match", 1, 0, LOPT_NAME_MATCH }, { "dhcp-broadcast", 2, 0, LOPT_BROADCAST }, { "neg-ttl", 1, 0, LOPT_NEGTTL }, @@ -27,7 +27,7 @@ { "max-ttl", 1, 0, LOPT_MAXTTL }, { "min-cache-ttl", 1, 0, LOPT_MINCTTL }, { "max-cache-ttl", 1, 0, LOPT_MAXCTTL }, -@@ -413,6 +415,7 @@ static struct { +@@ -417,6 +419,7 @@ static struct { { 't', ARG_ONE, "", gettext_noop("Specify default target in an MX record."), NULL }, { 'T', ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL }, @@ -35,7 +35,7 @@ { LOPT_MAXTTL, ARG_ONE, "", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL }, { LOPT_MAXCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live ceiling for cache."), NULL }, { LOPT_MINCTTL, ARG_ONE, "", gettext_noop("Specify time-to-live floor for cache."), NULL }, -@@ -2823,6 +2826,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -2835,6 +2838,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma case 'T': /* --local-ttl */ case LOPT_NEGTTL: /* --neg-ttl */ @@ -43,7 +43,7 @@ case LOPT_MAXTTL: /* --max-ttl */ case LOPT_MINCTTL: /* --min-cache-ttl */ case LOPT_MAXCTTL: /* --max-cache-ttl */ -@@ -2834,6 +2838,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma +@@ -2846,6 +2850,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma ret_err(gen_err); else if (option == LOPT_NEGTTL) daemon->neg_ttl = (unsigned long)ttl; diff --git a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch index 8e8af93820..42f69957bb 100644 --- a/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch +++ b/package/network/services/dnsmasq/patches/911-dnsmasq-filter-aaaa.patch @@ -11,35 +11,35 @@ Subject: [PATCH] add filter-aaaa option --- a/src/dnsmasq.h +++ b/src/dnsmasq.h -@@ -269,7 +269,8 @@ - #define OPT_IGNORE_CLID 59 +@@ -270,7 +270,8 @@ struct event_desc { #define OPT_SINGLE_PORT 60 #define OPT_LEASE_RENEW 61 --#define OPT_LAST 62 -+#define OPT_FILTER_AAAA 62 -+#define OPT_LAST 63 + #define OPT_LOG_DEBUG 62 +-#define OPT_LAST 63 ++#define OPT_FILTER_AAAA 63 ++#define OPT_LAST 64 #define OPTION_BITS (sizeof(unsigned int)*8) #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) ) --- a/src/option.c +++ b/src/option.c -@@ -169,6 +169,7 @@ struct myoption { - #define LOPT_SCRIPT_TIME 360 - #define LOPT_PXE_VENDOR 361 - #define LOPT_MINTTL 362 -+#define LOPT_FILTER_AAAA 363 +@@ -171,6 +171,7 @@ struct myoption { + #define LOPT_DYNHOST 362 + #define LOPT_LOG_DEBUG 363 + #define LOPT_MINTTL 364 ++#define LOPT_FILTER_AAAA 365 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = -@@ -343,6 +344,7 @@ static const struct myoption opts[] = - { "dumpfile", 1, 0, LOPT_DUMPFILE }, - { "dumpmask", 1, 0, LOPT_DUMPMASK }, +@@ -347,6 +348,7 @@ static const struct myoption opts[] = { "dhcp-ignore-clid", 0, 0, LOPT_IGNORE_CLID }, + { "dynamic-host", 1, 0, LOPT_DYNHOST }, + { "log-debug", 0, 0, LOPT_LOG_DEBUG }, + { "filter-aaaa", 0, 0, LOPT_FILTER_AAAA }, { NULL, 0, 0, 0 } }; -@@ -524,6 +526,7 @@ static struct { +@@ -530,6 +532,7 @@ static struct { { LOPT_DUMPFILE, ARG_ONE, "", gettext_noop("Path to debug packet dump file"), NULL }, { LOPT_DUMPMASK, ARG_ONE, "", gettext_noop("Mask which packets to dump"), NULL }, { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL }, @@ -49,7 +49,7 @@ Subject: [PATCH] add filter-aaaa option --- a/src/rfc1035.c +++ b/src/rfc1035.c -@@ -1926,6 +1926,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, +@@ -1913,6 +1913,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, } } diff --git a/package/network/utils/ltq-dsl-base/Makefile b/package/network/utils/ltq-dsl-base/Makefile index 2ff069ca4d..0868370f47 100644 --- a/package/network/utils/ltq-dsl-base/Makefile +++ b/package/network/utils/ltq-dsl-base/Makefile @@ -10,6 +10,8 @@ PKG_RELEASE:=3 PKG_FLAGS:=nonshared +PKG_FLAGS:=nonshared + include $(INCLUDE_DIR)/package.mk define Package/ltq-dsl-base diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index d14ada98dc..362ae942d8 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.33.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/utils/busybox/patches/005-backport-CVE-2021-28831.patch b/package/utils/busybox/patches/005-backport-CVE-2021-28831.patch new file mode 100644 index 0000000000..7637679a69 --- /dev/null +++ b/package/utils/busybox/patches/005-backport-CVE-2021-28831.patch @@ -0,0 +1,52 @@ +From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001 +From: Samuel Sapalski +Date: Wed, 3 Mar 2021 16:31:22 +0100 +Subject: decompress_gunzip: Fix DoS if gzip is corrupt + +On certain corrupt gzip files, huft_build will set the error bit on +the result pointer. If afterwards abort_unzip is called huft_free +might run into a segmentation fault or an invalid pointer to +free(p). + +In order to mitigate this, we check in huft_free if the error bit +is set and clear it before the linked list is freed. + +Signed-off-by: Samuel Sapalski +Signed-off-by: Peter Kaestle +Signed-off-by: Denys Vlasenko +--- + archival/libarchive/decompress_gunzip.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/archival/libarchive/decompress_gunzip.c ++++ b/archival/libarchive/decompress_gunzip.c +@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = { + * each table. + * t: table to free + */ ++#define BAD_HUFT(p) ((uintptr_t)(p) & 1) ++#define ERR_RET ((huft_t*)(uintptr_t)1) + static void huft_free(huft_t *p) + { + huft_t *q; + ++ /* ++ * If 'p' has the error bit set we have to clear it, otherwise we might run ++ * into a segmentation fault or an invalid pointer to free(p) ++ */ ++ if (BAD_HUFT(p)) { ++ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); ++ } ++ + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + while (p) { + q = (--p)->v.t; +@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PAR + * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table + * is given: "fixed inflate" decoder feeds us such data. + */ +-#define BAD_HUFT(p) ((uintptr_t)(p) & 1) +-#define ERR_RET ((huft_t*)(uintptr_t)1) + static huft_t* huft_build(const unsigned *b, const unsigned n, + const unsigned s, const struct cp_ext *cp_ext, + unsigned *m)