Merge pull request #10721 from James-TR/update/dnsdist

dnsdist: update to 1.4.0 w/ new dependencies

libs/h2o/Makefile

@@ -0,0 +1,54 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=h2o
+PKG_VERSION:=2.2.6
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=f8cbc1b530d85ff098f6efc2c3fdbc5e29baffb30614caac59d5c710f7bda201
+
+PKG_MAINTAINER:=James Taylor <james@jtaylor.id.au
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+PKG_BUILD_DEPENDS:=ruby/host
+PKG_BUILD_PARALLEL:=1
+
+CMAKE_OPTIONS:= \
+	-DBUILD_SHARED_LIBS=ON \
+	-DWITH_MRUBY=OFF
+
+CMAKE_INSTALL:=1
+
+define Package/libh2o-evloop
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=H2O Library compiled with its own event loop
+  URL:=https://h2o.examp1e.net/
+  DEPENDS:=+libwslay +libopenssl +zlib +libyaml +ruby
+endef
+
+define Package/libh2o
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=H2O Library compiled with libuv
+  URL:=https://h2o.examp1e.net/
+  DEPENDS:=+libuv +libwslay +libopenssl +zlib +libyaml +ruby
+endef
+
+define Package/libh2o-evloop/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libh2o-evloop.so* $(1)/usr/lib/
+endef
+
+define Package/libh2o/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libh2o.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libh2o-evloop))
+$(eval $(call BuildPackage,libh2o))

libs/h2o/patches/100-socket_disable_npn.patch

@@ -0,0 +1,22 @@
+--- a/include/h2o/socket.h
++++ b/include/h2o/socket.h
+@@ -29,6 +29,7 @@
+ #include <stdint.h>
+ #include <sys/socket.h>
+ #include <openssl/ssl.h>
++#include <openssl/opensslconf.h>
+ #include "h2o/cache.h"
+ #include "h2o/memory.h"
+ #include "h2o/openssl_backport.h"
+@@ -45,7 +44,11 @@
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ #define H2O_USE_ALPN 1
++#ifndef OPENSSL_NO_NEXTPROTONEG
+ #define H2O_USE_NPN 1
++#else
++#define H2O_USE_NPN 0
++#endif
+ #elif OPENSSL_VERSION_NUMBER >= 0x10001000L
+ #define H2O_USE_ALPN 0
+ #define H2O_USE_NPN 1

libs/h2o/patches/200-libh2o-evloop_wslay-link.patch

@@ -0,0 +1,9 @@
+--- a/libh2o-evloop.pc.in
++++ b/libh2o-evloop.pc.in
+@@ -7,5 +7,5 @@
+ Description: An optimized HTTP/1.x & HTTP/2 library
+ URL: https://h2o.examp1e.net/
+ Version: @LIBRARY_VERSION_MAJOR@.@LIBRARY_VERSION_MINOR@.@LIBRARY_VERSION_PATCH@
+-Libs: -L${libdir} -lh2o-evloop
++Libs: -L${libdir} -lh2o-evloop -lwslay
+ Cflags: -I${includedir}

libs/h2o/patches/300-picotls-chacha-detect.patch

@@ -0,0 +1,17 @@
+--- a/deps/picotls/include/picotls/openssl.h
++++ b/deps/picotls/include/picotls/openssl.h
+@@ -26,11 +26,14 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
+ #include <openssl/x509.h>
++#include <openssl/opensslconf.h>
+ #include "../picotls.h"
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ #define PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
+ #endif
++#endif
+ 
+ extern ptls_key_exchange_algorithm_t ptls_openssl_secp256r1;
+ extern ptls_key_exchange_algorithm_t *ptls_openssl_key_exchanges[];

libs/libwslay/Makefile

@@ -0,0 +1,56 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libwslay
+PKG_VERSION:=1.1.0
+PKG_RELEASE=1
+
+PKG_SOURCE:=release-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/tatsuhiro-t/wslay/tar.gz/release-$(PKG_VERSION)?
+PKG_HASH:=df5dca9f03614073cd8bdd22aa3c9b116f841ed3120b2d4463d2382cc44fc594
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/wslay-release-$(PKG_VERSION)
+
+PKG_MAINTAINER:=James Taylor <james@jtaylor.id.au>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=COPYING
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libwslay
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=Wslay is a WebSocket library written in C
+  URL:=https://tatsuhiro-t.github.io/wslay/
+endef
+
+define Package/libwslay/description
+   Wslay is a WebSocket library written in C. It implements the protocol version 13 described
+   in RFC 6455. This library offers 2 levels of API: event-based API and frame-based low-level
+   API. For event-based API, it is suitable for non-blocking reactor pattern style. You can set
+   callbacks in various events. For frame-based API, you can send WebSocket frame directly.
+   Wslay only supports data transfer part of WebSocket protocol and does not perform opening
+   handshake in HTTP.
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/wslay
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/wslay/*.h $(1)/usr/include/wslay/
+
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwslay.{a,so*} $(1)/usr/lib/
+
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libwslay.pc $(1)/usr/lib/pkgconfig/
+endef
+
+define Package/libwslay/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libwslay.so* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libwslay))

libs/libwslay/patches/100-disable-doc.patch

@@ -0,0 +1,26 @@
+diff --git a/Makefile.am b/Makefile.am
+index ae8b02f..2e86973 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -20,6 +20,6 @@
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+-SUBDIRS = lib tests examples doc
++SUBDIRS = lib tests
+
+ ACLOCAL_AMFLAGS = -I m4
+diff --git a/configure.ac b/configure.ac
+index 5e83cbf..88f4f03 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -123,9 +123,6 @@ AC_CONFIG_FILES([
+   lib/includes/Makefile
+   lib/includes/wslay/wslayver.h
+   tests/Makefile
+-  examples/Makefile
+-  doc/Makefile
+-  doc/sphinx/conf.py
+ ])
+ AC_OUTPUT
+

net/dnsdist/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsdist
-PKG_VERSION:=1.3.3
-PKG_RELEASE:=3
+PKG_VERSION:=1.4.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=9fb24f9032025955169f3c6e9b0a05b6aa9d6441ec47da08d22de1c1aa23e8cf
+PKG_HASH:=a336fa2c3eb381c2464d9d9790014fd6d4505029ed2c1b73ee1dc9115a2f1dc0
 
 PKG_MAINTAINER:=James Taylor <james@jtaylor.id.au>
 PKG_LICENSE:=GPL-2.0-only
@@ -22,22 +22,43 @@ PKG_CONFIG_DEPENDS:= \
 include $(INCLUDE_DIR)/package.mk
 
 define Package/dnsdist/config
-comment "SSL support"
+menu "Configuration"
+	depends on PACKAGE_dnsdist
 
-choice
-        prompt "Selected SSL library"
-        default DNSDIST_OPENSSSL
+	comment "SSL Support"
+	choice
+		prompt "Selected SSL library"
+		default DNSDIST_OPENSSSL
 
-        config DNSDIST_OPENSSL
-                bool "OpenSSL"
+		config DNSDIST_OPENSSL
+			bool "OpenSSL"
 
-        config DNSDIST_GNUTLS
-                bool "GnuTLS"
+		config DNSDIST_GNUTLS
+			bool "GnuTLS"
 
-        config DNSDIST_NOSSL
-                bool "No SSL support"
+		config DNSDIST_NOSSL
+			bool "No SSL support"
 
-endchoice
+	endchoice
+
+	comment "DNS over HTTPS/TLS Support
+	depends on !DNSDIST_NOSSL
+
+	config DNSDIST_DNS_OVER_HTTPS
+	depends on DNSDIST_OPENSSL
+	depends on !DNSDIST_NOSSL
+		bool "DNS over HTTPS Support"
+		help
+			"Enables DNS over HTTPS Support for dnsdist"
+		default y
+
+	config DNSDIST_DNS_OVER_TLS
+	depends on !DNSDIST_NOSSL
+		bool "DNS over TLS Support"
+		help
+			"Enabled DNS over TLS Support for dnsdist"
+		default y
+endmenu
 endef
 
 define Package/dnsdist
@@ -45,7 +66,7 @@ define Package/dnsdist
   CATEGORY:=Network
   SUBMENU:=IP Addresses and Names
   TITLE:=dnsdist DNS-, DOS- and abuse-aware loadbalancer
-  DEPENDS:=+DNSDIST_OPENSSL:libopenssl +DNSDIST_GNUTLS:libgnutls +protobuf +re2 +libedit +libfstrm +libsodium +lua +boost +libnetsnmp +libatomic
+  DEPENDS:=+DNSDIST_OPENSSL:libopenssl +DNSDIST_GNUTLS:libgnutls +protobuf +re2 +libedit +libfstrm +lua +boost +libnetsnmp +libatomic +libsodium +DNSDIST_DNS_OVER_HTTPS:libh2o-evloop
   URL:=https://dnsdist.org/
 endef
 
@@ -63,15 +84,16 @@ endef
 
 CONFIGURE_ARGS+= \
 	--enable-dnscrypt \
-	$(if $(CONFIG_DNSDIST_NOSSL),,--enable-dns-over-tls) \
-	--enable-fstrm \
-	--enable-libsodium \
-	--enable-protobuf \
-	--enable-re2 \
+	--enable-dnstap \
+	--with-libsodium \
+	--with-protobuf \
+	--with-re2 \
 	--with-lua=lua \
 	--with-net-snmp \
-        $(if $(CONFIG_DNSDIST_GNUTLS),--enable,--disable)-gnutls \
-        $(if $(CONFIG_DNSDIST_OPENSSL),--enable,--disable)-libssl
+	$(if $(CONFIG_DNSDIST_GNUTLS),--with,--without)-gnutls \
+	$(if $(CONFIG_DNSDIST_OPENSSL),--with,--without)-libssl \
+	$(if $(CONFIG_DNSDIST_DNS_OVER_TLS),--enable-dns-over-tls,) \
+	$(if $(CONFIG_DNSDIST_DNS_OVER_HTTPS),--enable-dns-over-https,)
 
 define Package/dnsdist/install
 	$(INSTALL_DIR) $(1)/etc

net/dnsdist/patches/100-net-snmp-config-Use-netsnmp_agent_libs-instead-of-agent_libs.patch

@@ -1,23 +0,0 @@
-From d73bc006c62e4340ab56dd4baba5bc8eb8e1db49 Mon Sep 17 00:00:00 2001
-From: Remi Gacogne <remi.gacogne@powerdns.com>
-Date: Mon, 13 May 2019 16:01:06 +0200
-Subject: [PATCH] SNMP: Use net-snmp-config --netsnmp-agent-libs instead of
- --agent-libs
-
----
- m4/pdns_with_net_snmp.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/m4/pdns_with_net_snmp.m4 b/m4/pdns_with_net_snmp.m4
-index 8040672e6c..2da80c75fc 100644
---- a/m4/pdns_with_net_snmp.m4
-+++ b/m4/pdns_with_net_snmp.m4
-@@ -10,7 +10,7 @@ AC_DEFUN([PDNS_WITH_NET_SNMP], [
-   AS_IF([test "x$with_net_snmp" != "xno"], [
-     AS_IF([test "x$with_net_snmp" = "xyes" -o "x$with_net_snmp" = "xauto"], [
-       AC_CHECK_PROG([NET_SNMP_CFLAGS], [net-snmp-config], [`net-snmp-config --cflags`])
--      AC_CHECK_PROG([NET_SNMP_LIBS], [net-snmp-config], [`net-snmp-config --agent-libs`])
-+      AC_CHECK_PROG([NET_SNMP_LIBS], [net-snmp-config], [`net-snmp-config --netsnmp-agent-libs`])
-       AC_CHECK_DECLS([snmp_select_info2], [ : ], [ : ],
-         [AC_INCLUDES_DEFAULT
-           #include <net-snmp/net-snmp-config.h>

net/dnsdist/patches/200-libatomic-detect.patch

@@ -1,34 +0,0 @@
---- a/m4/pdns_check_os.m4
-+++ b/m4/pdns_check_os.m4
-@@ -35,16 +35,21 @@
-   AM_CONDITIONAL([HAVE_LINUX], [test "x$have_linux" = "xyes"])
-   AM_CONDITIONAL([HAVE_SOLARIS], [test "x$have_solaris" = "xyes"])
-
--  case "$host" in
--  mips* | powerpc-* )
--    AC_MSG_CHECKING([whether the linker accepts -latomic])
--    LDFLAGS="-latomic $LDFLAGS"
--    AC_LINK_IFELSE([m4_default([],[AC_LANG_PROGRAM()])],
--      [AC_MSG_RESULT([yes])],
--      [AC_MSG_ERROR([Unable to link against libatomic, cannot continue])]
--    )
--    ;;
--  esac
-+  AC_MSG_CHECKING([whether -latomic is needed for __atomic builtins])
-+  AC_LINK_IFELSE(
-+    [AC_LANG_PROGRAM([[#include <stdint.h>]],
-+       [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]]
-+    )],
-+    [AC_MSG_RESULT([no])],
-+    [LIBS="$LIBS -latomic"
-+     AC_LINK_IFELSE(
-+       [AC_LANG_PROGRAM([[#include <stdint.h>]],
-+               [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]]
-+       )],
-+       [AC_MSG_RESULT([yes])],
-+       [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, cannot continue])]
-+    )]
-+  )
-
-   AC_SUBST(THREADFLAGS)
-   AC_SUBST([DYNLINKFLAGS], [-export-dynamic])

net/dnsdist/patches/300-openssl-deprecated.patch

@@ -1,29 +0,0 @@
---- a/tcpiohandler.cc
-+++ b/tcpiohandler.cc
-@@ -369,8 +369,10 @@ public:
-     }
- 
-     if (s_users.fetch_add(1) == 0) {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-       ERR_load_crypto_strings();
-       OpenSSL_add_ssl_algorithms();
-+#endif
-       openssl_thread_setup();
- 
-       s_ticketsKeyIndex = SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
-@@ -439,6 +441,7 @@ public:
-     d_tlsCtx.reset();
- 
-     if (s_users.fetch_sub(1) == 1) {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-       ERR_free_strings();
- 
-       EVP_cleanup();
-@@ -448,6 +451,7 @@ public:
-       CONF_modules_unload(1);
- 
-       CRYPTO_cleanup_all_ex_data();
-+#endif
-       openssl_thread_cleanup();
-     }
-   }