diff --git a/net/knot-resolver/Makefile b/net/knot-resolver/Makefile index 89db36fb..8e79db2a 100644 --- a/net/knot-resolver/Makefile +++ b/net/knot-resolver/Makefile @@ -10,22 +10,21 @@ PKG_RELRO_FULL:=0 include $(TOPDIR)/rules.mk PKG_NAME:=knot-resolver -PKG_VERSION:=5.3.2 +PKG_VERSION:=5.4.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-resolver -PKG_HASH:=8b6f447d5fe93422d4c129a2d4004a977369c3aa6e55258ead1cbd488bc01436 +PKG_HASH:=488729eb93190336b6bca10de0d78ecb7919f77fcab105debc0a644aa7d0a506 -PKG_MAINTAINER:=Jan Pavlinec +PKG_MAINTAINER:=Jan Pavlinec PKG_LICENSE:=GPL-3.0-later PKG_LICENSE_FILES:=COPYING -PKG_BUILD_DEPENDS:=meson/host PKG_INSTALL:=1 include $(INCLUDE_DIR)/package.mk -include ../../devel/meson/meson.mk +include $(INCLUDE_DIR)/meson.mk define Package/knot-resolver SECTION:=net diff --git a/net/knot-resolver/files/kresd.init b/net/knot-resolver/files/kresd.init index 18f09e18..9642c9d7 100755 --- a/net/knot-resolver/files/kresd.init +++ b/net/knot-resolver/files/kresd.init @@ -65,6 +65,7 @@ start_service() { procd_append_param command -c "$CONFIGFILE" procd_append_param command -a "0.0.0.0#53" procd_append_param command -a "::0#53" + procd_set_param nice '-5' procd_close_instance } diff --git a/net/knot-resolver/patches/030-fix-policy-hack.patch b/net/knot-resolver/patches/030-fix-policy-hack.patch index a4eac6c8..991dddd9 100644 --- a/net/knot-resolver/patches/030-fix-policy-hack.patch +++ b/net/knot-resolver/patches/030-fix-policy-hack.patch @@ -2,7 +2,7 @@ This patch fixes the problem with forwarding in knot-resolver v4.3.0. It reintroduces a fix which enables policy related hack (knot/knot-resolver#205 (comment 94566) ) --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua -@@ -982,7 +982,7 @@ policy.layer = { +@@ -1047,7 +1047,7 @@ policy.layer = { if bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0 then return state end local qry = req:initial() -- same as :current() but more descriptive return policy.evaluate(policy.rules, req, qry, state) diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile index 56e7b816..e645577c 100644 --- a/net/lighttpd/Makefile +++ b/net/lighttpd/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lighttpd -PKG_VERSION:=1.4.59 -PKG_RELEASE:=2 +PKG_VERSION:=1.4.63 +PKG_RELEASE:=1 # release candidate ~rcX testing; remove for release -#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.59 +#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.4.63 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x -PKG_HASH:=fb953db273daef08edb6e202556cae8a3d07eed6081c96bd9903db957d1084d5 +PKG_HASH:=2aef7f0102ebf54a1241a1c3ea8976892f8684bfb21697c9fffb8de0e2d6eab9 PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=BSD-3-Clause @@ -23,13 +23,12 @@ PKG_LICENSE_FILES:=COPYING PKG_CPE_ID:=cpe:/a:lighttpd:lighttpd PKG_INSTALL:=1 -PKG_BUILD_DEPENDS:=meson/host PKG_CONFIG_DEPENDS:=CONFIG_LIGHTTPD_SSL $(patsubst %,CONFIG_PACKAGE_lighttpd-mod-%,$(REBUILD_MODULES)) REBUILD_MODULES=authn_gssapi authn_ldap authn_mysql cml magnet mysql_vhost trigger_b4_dl webdav include $(INCLUDE_DIR)/package.mk -include ../../devel/meson/meson.mk +include $(INCLUDE_DIR)/meson.mk define Package/lighttpd/Default SECTION:=net @@ -41,7 +40,7 @@ endef define Package/lighttpd $(call Package/lighttpd/Default) MENU:=1 - DEPENDS:=+libnettle +libpcre +libpthread +LIGHTTPD_LOGROTATE:logrotate + DEPENDS:=+libnettle +libpcre2 +libpthread +LIGHTTPD_LOGROTATE:logrotate TITLE:=A flexible and lightweight web server endef @@ -97,7 +96,7 @@ MESON_ARGS += \ -Dwith_nss=$(if $(CONFIG_PACKAGE_lighttpd-mod-nss),true,false) \ -Dwith_openssl=$(if $(CONFIG_PACKAGE_lighttpd-mod-openssl),true,false) \ -Dwith_pam=$(if $(CONFIG_PACKAGE_lighttpd-mod-authn_pam),true,false) \ - -Dwith_pcre=true \ + -Dwith_pcre2=true \ -Dwith_pgsql=$(if $(CONFIG_PACKAGE_lighttpd-mod-vhostdb_pgsql),true,false) \ -Dwith_sasl=$(if $(CONFIG_PACKAGE_lighttpd-mod-authn_sasl),true,false) \ -Dwith_webdav_locks=$(if $(CONFIG_PACKAGE_lighttpd-mod-webdav),true,false) \ @@ -170,7 +169,7 @@ endef $(eval $(call BuildPackage,lighttpd)) # First, permit redirect from HTTP to HTTPS. -$(eval $(call BuildPlugin,redirect,URL redirection,+PACKAGE_lighttpd-mod-redirect:libpcre,10)) +$(eval $(call BuildPlugin,redirect,URL redirection,+PACKAGE_lighttpd-mod-redirect:libpcre2,10)) # Next, permit authentication. $(eval $(call BuildPlugin,auth,Authentication,+PACKAGE_lighttpd-mod-auth:libnettle,20)) @@ -203,17 +202,17 @@ $(eval $(call BuildPlugin,mbedtls,TLS using mbedtls,@LIGHTTPD_SSL +PACKAGE_light $(eval $(call BuildPlugin,nss,TLS using nss,@LIGHTTPD_SSL +PACKAGE_lighttpd-mod-nss:libnss,30)) $(eval $(call BuildPlugin,openssl,TLS using openssl,@LIGHTTPD_SSL +PACKAGE_lighttpd-mod-openssl:libopenssl,30)) $(eval $(call BuildPlugin,proxy,Proxy,,30)) -$(eval $(call BuildPlugin,rewrite,URL rewriting,+PACKAGE_lighttpd-mod-rewrite:libpcre,30)) +$(eval $(call BuildPlugin,rewrite,URL rewriting,+PACKAGE_lighttpd-mod-rewrite:libpcre2,30)) $(eval $(call BuildPlugin,rrdtool,RRDtool,,30)) $(eval $(call BuildPlugin,scgi,SCGI,,30)) $(eval $(call BuildPlugin,secdownload,Secure and fast download,+PACKAGE_lighttpd-mod-secdownload:libnettle,30)) $(eval $(call BuildPlugin,setenv,Environment variable setting,,30)) $(eval $(call BuildPlugin,simple_vhost,Simple virtual hosting,,30)) $(eval $(call BuildPlugin,sockproxy,sockproxy,,30)) -$(eval $(call BuildPlugin,ssi,SSI,+PACKAGE_lighttpd-mod-ssi:libpcre,30)) +$(eval $(call BuildPlugin,ssi,SSI,,30)) $(eval $(call BuildPlugin,staticfile,staticfile,,30)) $(eval $(call BuildPlugin,status,Server status display,,30)) -$(eval $(call BuildPlugin,trigger_b4_dl,Trigger before download,+PACKAGE_lighttpd-mod-trigger_b4_dl:libpcre +PACKAGE_lighttpd-mod-trigger_b4_dl:libgdbm,30)) +$(eval $(call BuildPlugin,trigger_b4_dl,Trigger before download,+PACKAGE_lighttpd-mod-trigger_b4_dl:libpcre2 +PACKAGE_lighttpd-mod-trigger_b4_dl:libgdbm,30)) $(eval $(call BuildPlugin,uploadprogress,Upload Progress,,30)) $(eval $(call BuildPlugin,userdir,User directory,,30)) $(eval $(call BuildPlugin,usertrack,User tracking,+PACKAGE_lighttpd-mod-usertrack:libnettle,30)) diff --git a/net/lighttpd/files/lighttpd.conf b/net/lighttpd/files/lighttpd.conf index 079d2a68..64640779 100644 --- a/net/lighttpd/files/lighttpd.conf +++ b/net/lighttpd/files/lighttpd.conf @@ -28,7 +28,7 @@ server.feature-flags += ("server.graceful-shutdown-timeout" => 5) #include_shell "/usr/share/lighttpd/use-ipv6.pl" #dir-listing.encoding = "utf-8" -#server.dir-listing = "enable" +#dir-listing.activate = "enable" include "/etc/lighttpd/mime.conf" include "/etc/lighttpd/conf.d/*.conf" diff --git a/net/lighttpd/patches/010-meson-lua.patch b/net/lighttpd/patches/010-meson-lua.patch index e75250b8..b67795ea 100644 --- a/net/lighttpd/patches/010-meson-lua.patch +++ b/net/lighttpd/patches/010-meson-lua.patch @@ -14,7 +14,7 @@ Signed-off-by: Glenn Strauss --- a/src/meson.build +++ b/src/meson.build -@@ -377,7 +377,7 @@ endif +@@ -390,7 +390,7 @@ endif liblua = [] if get_option('with_lua') found_lua = false diff --git a/net/lighttpd/patches/020-meson-zstd.patch b/net/lighttpd/patches/020-meson-zstd.patch deleted file mode 100644 index 184d6b19..00000000 --- a/net/lighttpd/patches/020-meson-zstd.patch +++ /dev/null @@ -1,24 +0,0 @@ -From a737572aa4b7a50fd9ac3f54245e40fd5cd2609d Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Wed, 3 Feb 2021 00:35:34 -0500 -Subject: [PATCH] [meson] add with_zstd to meson_options.txt - -Signed-off-by: Glenn Strauss ---- - meson_options.txt | 5 +++++ - 1 file changed, 5 insertions(+) - ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -148,6 +148,11 @@ option('with_zlib', - value: true, - description: 'with deflate-support for mod_deflate [default: on]', - ) -+option('with_zstd', -+ type: 'boolean', -+ value: false, -+ description: 'with zstd-support for mod_deflate [default: off]', -+) - - option('build_extra_warnings', - type: 'boolean', diff --git a/net/lighttpd/patches/030-101-upgrade-w-content-length.patch b/net/lighttpd/patches/030-101-upgrade-w-content-length.patch deleted file mode 100644 index d4619325..00000000 --- a/net/lighttpd/patches/030-101-upgrade-w-content-length.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 1ca25d4e2cfeb83c844ad52b9c94eac218c71379 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Thu, 4 Feb 2021 00:22:12 -0500 -Subject: [PATCH] [core] 101 upgrade fails if Content-Length incl (fixes #3063) - -(thx daimh) - -commit 903024d7 in lighttpd 1.4.57 fixed issue #3046 but in the process -broke HTTP/1.1 101 Switching Protocols which included Content-Length: 0 -in the response headers. Content-Length response header is permitted -by the RFCs, but not necessary with HTTP status 101 Switching Protocols. - -x-ref: - "websocket proxy fails if 101 Switching Protocols from backend includes Content-Length" - https://redmine.lighttpd.net/issues/3063 - -Signed-off-by: Glenn Strauss ---- - src/http-header-glue.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/src/http-header-glue.c -+++ b/src/http-header-glue.c -@@ -961,6 +961,7 @@ void http_response_upgrade_read_body_unk - (FDEVENT_STREAM_RESPONSE_BUFMIN | FDEVENT_STREAM_RESPONSE); - r->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN; - r->reqbody_length = -2; -+ r->resp_body_scratchpad = -1; - r->keep_alive = 0; - } - diff --git a/net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch b/net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch deleted file mode 100644 index 69c98f70..00000000 --- a/net/lighttpd/patches/040-mod_auth-close-http2-after-bad-pass.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 4a600dabd5e2799bf0c3048859ee4f00808b7d89 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Sat, 6 Feb 2021 08:29:41 -0500 -Subject: [PATCH] [mod_auth] close HTTP/2 connection after bad pass - -mitigation slows down brute force password attacks - -x-ref: - "Possible feature: authentication brute force hardening" - https://redmine.lighttpd.net/boards/3/topics/8885 - -Signed-off-by: Glenn Strauss ---- - src/connections.c | 22 +++++++++++++++++++++- - src/mod_accesslog.c | 2 +- - src/mod_auth.c | 6 +++--- - src/reqpool.c | 1 + - src/request.h | 2 +- - src/response.c | 4 ++-- - 6 files changed, 29 insertions(+), 8 deletions(-) - ---- a/src/connections.c -+++ b/src/connections.c -@@ -228,7 +228,7 @@ static void connection_handle_response_e - } - } - -- if (r->keep_alive) { -+ if (r->keep_alive > 0) { - request_reset(r); - config_reset_config(r); - con->is_readable = 1; /* potentially trigger optimistic read */ -@@ -1265,6 +1265,19 @@ connection_set_fdevent_interest (request - } - - -+__attribute_cold__ -+static void -+connection_request_end_h2 (request_st * const h2r, connection * const con) -+{ -+ if (h2r->keep_alive >= 0) { -+ h2r->keep_alive = -1; -+ h2_send_goaway(con, H2_E_NO_ERROR); -+ } -+ else /*(abort connection upon second request to close h2 connection)*/ -+ h2_send_goaway(con, H2_E_ENHANCE_YOUR_CALM); -+} -+ -+ - static void - connection_state_machine_h2 (request_st * const h2r, connection * const con) - { -@@ -1359,8 +1372,15 @@ connection_state_machine_h2 (request_st - && !chunkqueue_is_empty(con->read_queue)) - resched |= 1; - h2_send_end_stream(r, con); -+ const int alive = r->keep_alive; - h2_retire_stream(r, con);/*r invalidated;removed from h2c->r[]*/ - --i;/* adjust loop i; h2c->rused was modified to retire r */ -+ /*(special-case: allow *stream* to set r->keep_alive = -1 to -+ * trigger goaway on h2 connection, e.g. after mod_auth failure -+ * in attempt to mitigate brute force attacks by forcing a -+ * reconnect and (somewhat) slowing down retries)*/ -+ if (alive < 0) -+ connection_request_end_h2(h2r, con); - } - } - } ---- a/src/mod_accesslog.c -+++ b/src/mod_accesslog.c -@@ -1108,7 +1108,7 @@ static int log_access_record (const requ - break; - case FORMAT_CONNECTION_STATUS: - if (r->state == CON_STATE_RESPONSE_END) { -- if (0 == r->keep_alive) { -+ if (r->keep_alive <= 0) { - buffer_append_string_len(b, CONST_STR_LEN("-")); - } else { - buffer_append_string_len(b, CONST_STR_LEN("+")); ---- a/src/mod_auth.c -+++ b/src/mod_auth.c -@@ -828,7 +828,7 @@ static handler_t mod_auth_check_basic(re - log_error(r->conf.errh, __FILE__, __LINE__, - "password doesn't match for %s username: %s IP: %s", - r->uri.path.ptr, username->ptr, r->con->dst_addr_buf->ptr); -- r->keep_alive = 0; /*(disable keep-alive if bad password)*/ -+ r->keep_alive = -1; /*(disable keep-alive if bad password)*/ - rc = HANDLER_UNSET; - break; - } -@@ -1461,7 +1461,7 @@ static handler_t mod_auth_check_digest(r - return HANDLER_FINISHED; - case HANDLER_ERROR: - default: -- r->keep_alive = 0; /*(disable keep-alive if unknown user)*/ -+ r->keep_alive = -1; /*(disable keep-alive if unknown user)*/ - buffer_free(b); - return mod_auth_send_401_unauthorized_digest(r, require, 0); - } -@@ -1482,7 +1482,7 @@ static handler_t mod_auth_check_digest(r - log_error(r->conf.errh, __FILE__, __LINE__, - "digest: auth failed for %s: wrong password, IP: %s", - username, r->con->dst_addr_buf->ptr); -- r->keep_alive = 0; /*(disable keep-alive if bad password)*/ -+ r->keep_alive = -1; /*(disable keep-alive if bad password)*/ - - buffer_free(b); - return mod_auth_send_401_unauthorized_digest(r, require, 0); ---- a/src/reqpool.c -+++ b/src/reqpool.c -@@ -58,6 +58,7 @@ request_reset (request_st * const r) - http_response_reset(r); - - r->loops_per_request = 0; -+ r->keep_alive = 0; - - r->h2state = 0; /* H2_STATE_IDLE */ - r->h2id = 0; ---- a/src/request.h -+++ b/src/request.h -@@ -175,7 +175,7 @@ struct request_st { - char resp_header_repeated; - - char loops_per_request; /* catch endless loops in a single request */ -- char keep_alive; /* only request.c can enable it, all other just disable */ -+ int8_t keep_alive; /* only request.c can enable it, all other just disable */ - char async_callback; - - buffer *tmp_buf; /* shared; same as srv->tmp_buf */ ---- a/src/response.c -+++ b/src/response.c -@@ -103,9 +103,9 @@ http_response_write_header (request_st * - if (light_btst(r->resp_htags, HTTP_HEADER_UPGRADE) - && r->http_version == HTTP_VERSION_1_1) { - http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("upgrade")); -- } else if (0 == r->keep_alive) { -+ } else if (r->keep_alive <= 0) { - http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("close")); -- } else if (r->http_version == HTTP_VERSION_1_0) {/*(&& r->keep_alive != 0)*/ -+ } else if (r->http_version == HTTP_VERSION_1_0) {/*(&& r->keep_alive > 0)*/ - http_header_response_set(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"), CONST_STR_LEN("keep-alive")); - } - diff --git a/net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch b/net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch deleted file mode 100644 index 9577858c..00000000 --- a/net/lighttpd/patches/050-openssl-skip-chain-build-self-issued.patch +++ /dev/null @@ -1,45 +0,0 @@ -From aa81834bc3ff47aa5cc66b6763678d3cf47a3d54 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Fri, 12 Mar 2021 20:03:38 -0500 -Subject: [PATCH] [mod_openssl] skip cert chain build if self-issued - -If cert is self-issued, then do not attempt to build certificate chain. - -(Attempting to build certificate chain when chain is not provided, but - ssl.ca-file is specified, is provided as backward compatible behavior - from lighttpd versions prior to lighttpd 1.4.56) - -Signed-off-by: Glenn Strauss ---- - src/mod_openssl.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - ---- a/src/mod_openssl.c -+++ b/src/mod_openssl.c -@@ -103,6 +103,7 @@ typedef struct { - time_t ssl_stapling_loadts; - time_t ssl_stapling_nextts; - char must_staple; -+ char self_issued; - } plugin_cert; - - typedef struct { -@@ -1081,7 +1082,7 @@ mod_openssl_cert_cb (SSL *ssl, void *arg - #if !defined(BORINGSSL_API_VERSION) \ - && !defined(LIBRESSL_VERSION_NUMBER) - /* (missing SSL_set1_chain_cert_store() and SSL_build_cert_chain()) */ -- else if (hctx->conf.ssl_ca_file) { -+ else if (hctx->conf.ssl_ca_file && !pc->self_issued) { - /* preserve legacy behavior whereby openssl will reuse CAs trusted for - * certificate verification (set by SSL_CTX_load_verify_locations() in - * SSL_CTX) in order to build certificate chain for server certificate -@@ -1671,6 +1672,9 @@ network_openssl_load_pemfile (server *sr - #else - pc->must_staple = 0; - #endif -+ pc->self_issued = -+ (0 == X509_NAME_cmp(X509_get_subject_name(ssl_pemfile_x509), -+ X509_get_issuer_name(ssl_pemfile_x509))); - - if (!buffer_string_is_empty(pc->ssl_stapling_file)) { - #ifndef OPENSSL_NO_OCSP diff --git a/net/lighttpd/patches/060-meson-zstd.patch b/net/lighttpd/patches/060-meson-zstd.patch deleted file mode 100644 index 138b4435..00000000 --- a/net/lighttpd/patches/060-meson-zstd.patch +++ /dev/null @@ -1,27 +0,0 @@ -From c41ebea4bb220c8fe252f472eec836c691734690 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Fri, 2 Apr 2021 01:01:02 -0400 -Subject: [PATCH] [build] fix zstd option in meson (fixes #3076) - -(thx KimonHoffmann) - -x-ref: - "Fix zstd dependency handling in meson build" - https://redmine.lighttpd.net/issues/3076 - -Signed-off-by: Glenn Strauss ---- - src/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/src/meson.build -+++ b/src/meson.build -@@ -685,7 +685,7 @@ endif - - libzstd = [] - if get_option('with_zstd') -- libz = dependency('zstd', required: false) -+ libzstd = dependency('zstd', required: false) - if libzstd.found() - libzstd = [ libzstd ] - else diff --git a/net/lighttpd/patches/070-ls-hpack-update.patch b/net/lighttpd/patches/070-ls-hpack-update.patch deleted file mode 100644 index 1267fa99..00000000 --- a/net/lighttpd/patches/070-ls-hpack-update.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 3392e8fb11de35778cad1fb112e6eb5916aa7de0 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Tue, 20 Apr 2021 22:04:56 -0400 -Subject: [PATCH] [core] update ls-hpack - -LiteSpeed ls-hpack v2.3.0 - -Signed-off-by: Glenn Strauss ---- - src/ls-hpack/README.md | 2 +- - src/ls-hpack/lshpack.c | 4 +++- - src/ls-hpack/lshpack.h | 6 +++--- - 3 files changed, 7 insertions(+), 5 deletions(-) - ---- a/src/ls-hpack/lshpack.c -+++ b/src/ls-hpack/lshpack.c -@@ -1,7 +1,7 @@ - /* - MIT License - --Copyright (c) 2018 LiteSpeed Technologies Inc -+Copyright (c) 2018 - 2021 LiteSpeed Technologies Inc - - Permission is hereby granted, free of charge, to any person obtaining a copy - of this software and associated documentation files (the "Software"), to deal -@@ -1549,6 +1549,8 @@ lshpack_dec_push_entry (struct lshpack_d - #endif - memcpy(DTE_NAME(entry), lsxpack_header_get_name(xhdr), name_len); - memcpy(DTE_VALUE(entry), lsxpack_header_get_value(xhdr), val_len); -+ -+ hdec_remove_overflow_entries(dec); - return 0; - } - ---- a/src/ls-hpack/lshpack.h -+++ b/src/ls-hpack/lshpack.h -@@ -1,7 +1,7 @@ - /* - MIT License - --Copyright (c) 2018 - 2020 LiteSpeed Technologies Inc -+Copyright (c) 2018 - 2021 LiteSpeed Technologies Inc - - Permission is hereby granted, free of charge, to any person obtaining a copy - of this software and associated documentation files (the "Software"), to deal -@@ -34,8 +34,8 @@ extern "C" { - #include "lsxpack_header.h" - - #define LSHPACK_MAJOR_VERSION 2 --#define LSHPACK_MINOR_VERSION 2 --#define LSHPACK_PATCH_VERSION 1 -+#define LSHPACK_MINOR_VERSION 3 -+#define LSHPACK_PATCH_VERSION 0 - - #define lshpack_strlen_t lsxpack_strlen_t - #define LSHPACK_MAX_STRLEN LSXPACK_MAX_STRLEN diff --git a/net/lighttpd/patches/080-http2-data-after-response.patch b/net/lighttpd/patches/080-http2-data-after-response.patch deleted file mode 100644 index 397aa27a..00000000 --- a/net/lighttpd/patches/080-http2-data-after-response.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 81d18a8e359685c169cfd30e6a1574b98aedbaeb Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Thu, 22 Apr 2021 01:11:47 -0400 -Subject: [PATCH] [core] discard some HTTP/2 DATA after response (fixes #3078) - -(thx oldium) - -improve handling of HTTP/2 DATA frames received -a short time after sending response - -x-ref: - "POST request DATA part for non-existing URI closes HTTP/2 connection prematurely" - https://redmine.lighttpd.net/issues/3078 - -Signed-off-by: Glenn Strauss ---- - src/h2.c | 64 ++++++++++++++++++++++++++++++++++++++++++-------------- - src/h2.h | 1 + - 2 files changed, 49 insertions(+), 16 deletions(-) - ---- a/src/h2.c -+++ b/src/h2.c -@@ -272,10 +272,23 @@ h2_send_rst_stream_id (uint32_t h2id, co - - __attribute_cold__ - static void --h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e) -+h2_send_rst_stream_state (request_st * const r, h2con * const h2c) - { -+ if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE -+ && r->h2state != H2_STATE_CLOSED) { -+ /* set timestamp for comparison; not tracking individual stream ids */ -+ h2c->half_closed_ts = log_epoch_secs; -+ } - r->state = CON_STATE_ERROR; - r->h2state = H2_STATE_CLOSED; -+} -+ -+ -+__attribute_cold__ -+static void -+h2_send_rst_stream (request_st * const r, connection * const con, const request_h2error_t e) -+{ -+ h2_send_rst_stream_state(r, con->h2);/*(sets r->h2state = H2_STATE_CLOSED)*/ - h2_send_rst_stream_id(r->h2id, con, e); - } - -@@ -289,13 +302,10 @@ h2_send_goaway_rst_stream (connection * - for (uint32_t i = 0, rused = h2c->rused; i < rused; ++i) { - request_st * const r = h2c->r[i]; - if (r->h2state == H2_STATE_CLOSED) continue; -+ h2_send_rst_stream_state(r, h2c);/*(sets r->h2state = H2_STATE_CLOSED)*/ - /*(XXX: might consider always sending RST_STREAM)*/ -- if (!sent_goaway) { -- r->state = CON_STATE_ERROR; -- r->h2state = H2_STATE_CLOSED; -- } -- else /*(also sets r->h2state = H2_STATE_CLOSED)*/ -- h2_send_rst_stream(r, con, H2_E_PROTOCOL_ERROR); -+ if (sent_goaway) -+ h2_send_rst_stream_id(r->h2id, con, H2_E_PROTOCOL_ERROR); - } - } - -@@ -780,14 +790,27 @@ h2_recv_data (connection * const con, co - } - chunkqueue * const cq = con->read_queue; - if (NULL == r) { -- /* XXX: TODO: might need to keep a list of recently retired streams -- * for a few seconds so that if we send RST_STREAM, then we ignore -- * further DATA and do not send connection error, though recv windows -- * still must be updated. */ -- if (h2c->h2_cid < id || (!h2c->sent_goaway && 0 != alen)) -- h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR); -+ /* simplistic heuristic to discard additional DATA from recently-closed -+ * streams (or half-closed (local)), where recently-closed here is -+ * within 2-3 seconds of any (other) stream being half-closed (local) -+ * or reset before that (other) stream received END_STREAM from peer. -+ * (e.g. clients might fire off POST request followed by DATA, -+ * and a response might be sent before processing DATA frames) -+ * (id <= h2c->h2_cid) already checked above, else H2_E_PROTOCOL_ERROR -+ * If the above conditions do not hold, then send GOAWAY to attempt to -+ * reduce the chance of becoming an infinite data sink for misbehaving -+ * clients, though remaining streams are still handled before the -+ * connection is closed. */ - chunkqueue_mark_written(cq, 9+len); -- return 0; -+ if (h2c->half_closed_ts + 2 >= log_epoch_secs) { -+ h2_send_window_update(con, 0, len); /*(h2r->h2_rwin)*/ -+ return 1; -+ } -+ else { -+ if (!h2c->sent_goaway && 0 != alen) -+ h2_send_goaway_e(con, H2_E_NO_ERROR); -+ return 0; -+ } - } - - if (r->h2state == H2_STATE_CLOSED -@@ -808,7 +831,7 @@ h2_recv_data (connection * const con, co - } - } - /*(allow h2r->h2_rwin to dip below 0 so that entire frame is processed)*/ -- /*(undeflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used) -+ /*(underflow will not occur (with reasonable SETTINGS_MAX_FRAME_SIZE used) - * since windows updated elsewhere and data is streamed to temp files if - * not FDEVENT_STREAM_REQUEST_BUFMIN)*/ - /*r->h2_rwin -= (int32_t)len;*/ -@@ -2347,16 +2370,25 @@ h2_send_end_stream_data (request_st * co - } }; - - dataframe.u[2] = htonl(r->h2id); -- r->h2state = H2_STATE_CLOSED; - /*(ignore window updates when sending 0-length DATA frame with END_STREAM)*/ - chunkqueue_append_mem(con->write_queue, /*(+3 to skip over align pad)*/ - (const char *)dataframe.c+3, sizeof(dataframe)-3); -+ -+ if (r->h2state != H2_STATE_HALF_CLOSED_REMOTE) { -+ /* set timestamp for comparison; not tracking individual stream ids */ -+ h2con * const h2c = con->h2; -+ h2c->half_closed_ts = log_epoch_secs; -+ /* indicate to peer that no more DATA should be sent from peer */ -+ h2_send_rst_stream_id(r->h2id, con, H2_E_NO_ERROR); -+ } -+ r->h2state = H2_STATE_CLOSED; - } - - - void - h2_send_end_stream (request_st * const r, connection * const con) - { -+ if (r->h2state == H2_STATE_CLOSED) return; - if (r->state != CON_STATE_ERROR && r->resp_body_finished) { - /* CON_STATE_RESPONSE_END */ - if (r->gw_dechunk && r->gw_dechunk->done ---- a/src/h2.h -+++ b/src/h2.h -@@ -92,6 +92,7 @@ struct h2con { - uint32_t s_max_header_list_size; /* SETTINGS_MAX_HEADER_LIST_SIZE */ - struct lshpack_dec decoder; - struct lshpack_enc encoder; -+ time_t half_closed_ts; - }; - - void h2_send_goaway (connection *con, request_h2error_t e); diff --git a/net/sshfs/Makefile b/net/sshfs/Makefile index df165e5e..c612d418 100644 --- a/net/sshfs/Makefile +++ b/net/sshfs/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sshfs -PKG_VERSION:=3.7.1 -PKG_RELEASE:=1 +PKG_VERSION:=3.7.2 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/libfuse/sshfs/releases/download/$(PKG_NAME)-$(PKG_VERSION) -PKG_HASH:=fe5d3436d61b46974889e0c4515899c21a9d67851e3793c209989f72353d7750 +PKG_HASH:=1c596d42724d13aeba9f49ee127b8ef2fdeb813e25c6018f92d0c9ec4754fa2d PKG_MAINTAINER:=Zoltan HERPAI PKG_LICENSE:=GPL-2.0-only @@ -23,7 +23,7 @@ PKG_INSTALL:=1 include $(INCLUDE_DIR)/nls.mk include $(INCLUDE_DIR)/package.mk -include ../../devel/meson/meson.mk +include $(INCLUDE_DIR)/meson.mk define Package/sshfs TITLE:=SSHFS diff --git a/sound/mpd/Makefile b/sound/mpd/Makefile index 890553ab..80ef37df 100644 --- a/sound/mpd/Makefile +++ b/sound/mpd/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mpd -PKG_VERSION:=0.22.8 +PKG_VERSION:=0.23.5 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=https://www.musicpd.org/download/mpd/0.22/ -PKG_HASH:=9617ed08c9ffafcf5f925819251f6b90df3f4f73cf2838c41033e1962104286d +PKG_SOURCE_URL:=https://www.musicpd.org/download/mpd/0.23 +PKG_HASH:=f22c2c25093a05f4566f9cd7207cfbcd8405af67ed29a989bcf8905f80b7a299 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0-or-later @@ -26,14 +26,14 @@ PKG_USE_MIPS16:=0 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk -include ../../devel/meson/meson.mk +include $(INCLUDE_DIR)/meson.mk define Package/mpd/Default SECTION:=sound CATEGORY:=Sound TITLE:=Music Player Daemon URL:=https://www.musicpd.org/ - DEPENDS:= +zlib +libcurl +libpthread +libmpdclient +boost $(ICONV_DEPENDS) \ + DEPENDS:= +zlib +libcurl +libpthread +libmpdclient +boost $(ICONV_DEPENDS) +libfmt \ +AUDIO_SUPPORT:alsa-lib +libexpat +libflac +libid3tag +libfaad2 +libopus USERID:=mpd:mpd endef @@ -48,7 +48,7 @@ endef define Package/mpd-full $(call Package/mpd/Default) TITLE+= (full) - DEPENDS+= +AUDIO_SUPPORT:pulseaudio-daemon +libvorbis +libmms +libupnp +libshout +yajl \ + DEPENDS+= +AUDIO_SUPPORT:pulseaudio-daemon +libvorbis +libmms +libnpupnp +libshout +yajl \ +libffmpeg +lame-lib +!BUILD_PATENTED:libmad PROVIDES:=mpd VARIANT:=full @@ -129,7 +129,6 @@ MESON_ARGS += \ -Dnfs=disabled \ -Dsmbclient=disabled \ -Dqobuz=disabled \ - -Dtidal=disabled \ -Dbzip2=disabled \ -Diso9660=disabled \ -Dzzip=disabled \ @@ -141,10 +140,11 @@ MESON_ARGS += \ -Dflac=enabled \ -Dfluidsynth=disabled \ -Dgme=disabled \ - -Dmpg123=disabled \ -Dmikmod=disabled \ -Dmodplug=disabled \ -Dmpcdec=disabled \ + -Dmpg123=disabled \ + -Dopenmpt=disabled \ -Dopus=enabled \ -Dsidplay=disabled \ -Dsndfile=disabled \ @@ -163,6 +163,8 @@ MESON_ARGS += \ -Djack=disabled \ -Dopenal=disabled \ -Doss=disabled \ + -Dpipewire=disabled \ + -Dsnapcast=false \ -Dsndio=disabled \ -Dsolaris_output=disabled \ -Ddbus=disabled \ @@ -177,7 +179,7 @@ MESON_ARGS += \ ifeq ($(BUILD_VARIANT),full) MESON_ARGS += \ - -Dupnp=enabled \ + -Dupnp=npupnp \ -Dmms=enabled \ -Dsoundcloud=enabled \ -Dffmpeg=$(if $(CONFIG_BUILD_PATENTED),en,dis)abled \ diff --git a/utils/fontconfig/Makefile b/utils/fontconfig/Makefile index 4ef73c5a..2e8922ce 100644 --- a/utils/fontconfig/Makefile +++ b/utils/fontconfig/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fontconfig -PKG_VERSION:=2.13.93 -PKG_RELEASE:=2 +PKG_VERSION:=2.13.94 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://fontconfig.org/release/ -PKG_HASH:=ea968631eadc5739bc7c8856cef5c77da812d1f67b763f5e51b57b8026c1a0a0 +PKG_HASH:=a5f052cb73fd479ffb7b697980510903b563bbb55b8f7a2b001fcfb94026003c PKG_MAINTAINER:= PKG_LICENSE:= @@ -24,7 +24,7 @@ PKG_INSTALL:=1 PKG_BUILD_DEPENDS:=gperf/host include $(INCLUDE_DIR)/package.mk -include ../../devel/meson/meson.mk +include $(INCLUDE_DIR)/meson.mk define Package/fontconfig SECTION:=xorg-util diff --git a/utils/fontconfig/patches/001-revert-upstream-meson-commit.patch b/utils/fontconfig/patches/001-revert-upstream-meson-commit.patch new file mode 100644 index 00000000..bcd7ce8c --- /dev/null +++ b/utils/fontconfig/patches/001-revert-upstream-meson-commit.patch @@ -0,0 +1,26 @@ +Revert partially the upstream commit ae9ac2a1 + + Subject: [PATCH] meson: fix cross-compilation issues with gperf header file preprocessing + + Pass c_args to the compiler when preprocessing the gperf header file, + they might contain important bits without which compilation/preprocessing + might fail (e.g. with clang on Android). cc.cmd_array() does not include + the c_args and we can't easily look them up from the meson.build file, so + we have to retrieve from the introspection info. + + This is basically the Meson equivalent to commit 57103773. + +Revert the host_cargs related part of the patch + + +--- a/src/cutout.py ++++ b/src/cutout.py +@@ -24,7 +24,7 @@ if __name__== '__main__': + break + + cpp = args[1] +- ret = subprocess.run(cpp + host_cargs + [args[0].input], stdout=subprocess.PIPE, check=True) ++ ret = subprocess.run(cpp + [args[0].input], stdout=subprocess.PIPE, check=True) + + stdout = ret.stdout.decode('utf8') + diff --git a/utils/fontconfig/patches/010-Handle-absolute-sysconfdir-when-installing-symlinks.patch b/utils/fontconfig/patches/010-Handle-absolute-sysconfdir-when-installing-symlinks.patch deleted file mode 100644 index e937c951..00000000 --- a/utils/fontconfig/patches/010-Handle-absolute-sysconfdir-when-installing-symlinks.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 4e42925096e97f4a6c9d09f475de7eb54a226668 Mon Sep 17 00:00:00 2001 -From: Heiko Becker -Date: Thu, 3 Dec 2020 21:04:26 +0100 -Subject: [PATCH] Handle absolute sysconfdir when installing symlinks - -sysconfdir defaults to /etc when the prefix is set to /usr. But joining -MESON_INSTALL_DESTDIR_PREFIX and sysconfdir when the latter is an -absoulte path, results in sysconfdir only. Which might lead to an error -during install because /etc/fonts/conf.d/ might already exist from an -pre-existing fontconfig installation. ---- - conf.d/link_confs.py | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - ---- a/conf.d/link_confs.py -+++ b/conf.d/link_confs.py -@@ -11,7 +11,14 @@ if __name__=='__main__': - parser.add_argument('links', nargs='+') - args = parser.parse_args() - -- confpath = os.path.join(os.environ['MESON_INSTALL_DESTDIR_PREFIX'], args.confpath) -+ if os.path.isabs(args.confpath): -+ destdir = os.environ.get('DESTDIR') -+ if destdir: -+ confpath = os.path.join(destdir, args.confpath[1:]) -+ else: -+ confpath = args.confpath -+ else: -+ confpath = os.path.join(os.environ['MESON_INSTALL_DESTDIR_PREFIX'], args.confpath) - - if not os.path.exists(confpath): - os.makedirs(confpath) diff --git a/utils/fontconfig/patches/020-distutils.patch b/utils/fontconfig/patches/020-distutils.patch deleted file mode 100644 index 759b59a7..00000000 --- a/utils/fontconfig/patches/020-distutils.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/meson.build -+++ b/meson.build -@@ -38,7 +38,7 @@ expat_dep = dependency('expat', - - i18n = import('i18n') - pkgmod = import('pkgconfig') --python3 = import('python').find_installation() -+python3 = 'python3' - - check_headers = [ - ['dirent.h'],