diff --git a/libs/h2o/Makefile b/libs/h2o/Makefile new file mode 100644 index 000000000..688f6ef6d --- /dev/null +++ b/libs/h2o/Makefile @@ -0,0 +1,54 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=h2o +PKG_VERSION:=2.2.6 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=https://codeload.github.com/h2o/h2o/tar.gz/v${PKG_VERSION}? +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_HASH:=f8cbc1b530d85ff098f6efc2c3fdbc5e29baffb30614caac59d5c710f7bda201 + +PKG_MAINTAINER:=James Taylor + #include + #include ++#include + #include "h2o/cache.h" + #include "h2o/memory.h" + #include "h2o/openssl_backport.h" +@@ -45,7 +44,11 @@ + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L + #define H2O_USE_ALPN 1 ++#ifndef OPENSSL_NO_NEXTPROTONEG + #define H2O_USE_NPN 1 ++#else ++#define H2O_USE_NPN 0 ++#endif + #elif OPENSSL_VERSION_NUMBER >= 0x10001000L + #define H2O_USE_ALPN 0 + #define H2O_USE_NPN 1 diff --git a/libs/h2o/patches/200-libh2o-evloop_wslay-link.patch b/libs/h2o/patches/200-libh2o-evloop_wslay-link.patch new file mode 100644 index 000000000..8f7dfcdd1 --- /dev/null +++ b/libs/h2o/patches/200-libh2o-evloop_wslay-link.patch @@ -0,0 +1,9 @@ +--- a/libh2o-evloop.pc.in ++++ b/libh2o-evloop.pc.in +@@ -7,5 +7,5 @@ + Description: An optimized HTTP/1.x & HTTP/2 library + URL: https://h2o.examp1e.net/ + Version: @LIBRARY_VERSION_MAJOR@.@LIBRARY_VERSION_MINOR@.@LIBRARY_VERSION_PATCH@ +-Libs: -L${libdir} -lh2o-evloop ++Libs: -L${libdir} -lh2o-evloop -lwslay + Cflags: -I${includedir} diff --git a/libs/h2o/patches/300-picotls-chacha-detect.patch b/libs/h2o/patches/300-picotls-chacha-detect.patch new file mode 100644 index 000000000..5fc793285 --- /dev/null +++ b/libs/h2o/patches/300-picotls-chacha-detect.patch @@ -0,0 +1,17 @@ +--- a/deps/picotls/include/picotls/openssl.h ++++ b/deps/picotls/include/picotls/openssl.h +@@ -26,11 +26,14 @@ + #include + #include + #include ++#include + #include "../picotls.h" + + #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + #define PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 + #endif ++#endif + + extern ptls_key_exchange_algorithm_t ptls_openssl_secp256r1; + extern ptls_key_exchange_algorithm_t *ptls_openssl_key_exchanges[]; diff --git a/libs/libwslay/Makefile b/libs/libwslay/Makefile new file mode 100644 index 000000000..1c62d4599 --- /dev/null +++ b/libs/libwslay/Makefile @@ -0,0 +1,56 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=libwslay +PKG_VERSION:=1.1.0 +PKG_RELEASE=1 + +PKG_SOURCE:=release-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/tatsuhiro-t/wslay/tar.gz/release-$(PKG_VERSION)? +PKG_HASH:=df5dca9f03614073cd8bdd22aa3c9b116f841ed3120b2d4463d2382cc44fc594 + +PKG_BUILD_DIR:=$(BUILD_DIR)/wslay-release-$(PKG_VERSION) + +PKG_MAINTAINER:=James Taylor +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=COPYING + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk + +define Package/libwslay + SECTION:=libs + CATEGORY:=Libraries + TITLE:=Wslay is a WebSocket library written in C + URL:=https://tatsuhiro-t.github.io/wslay/ +endef + +define Package/libwslay/description + Wslay is a WebSocket library written in C. It implements the protocol version 13 described + in RFC 6455. This library offers 2 levels of API: event-based API and frame-based low-level + API. For event-based API, it is suitable for non-blocking reactor pattern style. You can set + callbacks in various events. For frame-based API, you can send WebSocket frame directly. + Wslay only supports data transfer part of WebSocket protocol and does not perform opening + handshake in HTTP. +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/wslay + $(CP) $(PKG_INSTALL_DIR)/usr/include/wslay/*.h $(1)/usr/include/wslay/ + + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwslay.{a,so*} $(1)/usr/lib/ + + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libwslay.pc $(1)/usr/lib/pkgconfig/ +endef + +define Package/libwslay/install + $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libwslay.so* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libwslay)) diff --git a/libs/libwslay/patches/100-disable-doc.patch b/libs/libwslay/patches/100-disable-doc.patch new file mode 100644 index 000000000..d5a21bad2 --- /dev/null +++ b/libs/libwslay/patches/100-disable-doc.patch @@ -0,0 +1,26 @@ +diff --git a/Makefile.am b/Makefile.am +index ae8b02f..2e86973 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -20,6 +20,6 @@ + # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-SUBDIRS = lib tests examples doc ++SUBDIRS = lib tests + + ACLOCAL_AMFLAGS = -I m4 +diff --git a/configure.ac b/configure.ac +index 5e83cbf..88f4f03 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -123,9 +123,6 @@ AC_CONFIG_FILES([ + lib/includes/Makefile + lib/includes/wslay/wslayver.h + tests/Makefile +- examples/Makefile +- doc/Makefile +- doc/sphinx/conf.py + ]) + AC_OUTPUT + diff --git a/net/dnsdist/Makefile b/net/dnsdist/Makefile index 3acd8c9f6..85dfacb98 100644 --- a/net/dnsdist/Makefile +++ b/net/dnsdist/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsdist -PKG_VERSION:=1.3.3 -PKG_RELEASE:=3 +PKG_VERSION:=1.4.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=9fb24f9032025955169f3c6e9b0a05b6aa9d6441ec47da08d22de1c1aa23e8cf +PKG_HASH:=a336fa2c3eb381c2464d9d9790014fd6d4505029ed2c1b73ee1dc9115a2f1dc0 PKG_MAINTAINER:=James Taylor PKG_LICENSE:=GPL-2.0-only @@ -22,22 +22,43 @@ PKG_CONFIG_DEPENDS:= \ include $(INCLUDE_DIR)/package.mk define Package/dnsdist/config -comment "SSL support" +menu "Configuration" + depends on PACKAGE_dnsdist -choice - prompt "Selected SSL library" - default DNSDIST_OPENSSSL + comment "SSL Support" + choice + prompt "Selected SSL library" + default DNSDIST_OPENSSSL - config DNSDIST_OPENSSL - bool "OpenSSL" + config DNSDIST_OPENSSL + bool "OpenSSL" - config DNSDIST_GNUTLS - bool "GnuTLS" + config DNSDIST_GNUTLS + bool "GnuTLS" - config DNSDIST_NOSSL - bool "No SSL support" + config DNSDIST_NOSSL + bool "No SSL support" -endchoice + endchoice + + comment "DNS over HTTPS/TLS Support + depends on !DNSDIST_NOSSL + + config DNSDIST_DNS_OVER_HTTPS + depends on DNSDIST_OPENSSL + depends on !DNSDIST_NOSSL + bool "DNS over HTTPS Support" + help + "Enables DNS over HTTPS Support for dnsdist" + default y + + config DNSDIST_DNS_OVER_TLS + depends on !DNSDIST_NOSSL + bool "DNS over TLS Support" + help + "Enabled DNS over TLS Support for dnsdist" + default y +endmenu endef define Package/dnsdist @@ -45,7 +66,7 @@ define Package/dnsdist CATEGORY:=Network SUBMENU:=IP Addresses and Names TITLE:=dnsdist DNS-, DOS- and abuse-aware loadbalancer - DEPENDS:=+DNSDIST_OPENSSL:libopenssl +DNSDIST_GNUTLS:libgnutls +protobuf +re2 +libedit +libfstrm +libsodium +lua +boost +libnetsnmp +libatomic + DEPENDS:=+DNSDIST_OPENSSL:libopenssl +DNSDIST_GNUTLS:libgnutls +protobuf +re2 +libedit +libfstrm +lua +boost +libnetsnmp +libatomic +libsodium +DNSDIST_DNS_OVER_HTTPS:libh2o-evloop URL:=https://dnsdist.org/ endef @@ -63,15 +84,16 @@ endef CONFIGURE_ARGS+= \ --enable-dnscrypt \ - $(if $(CONFIG_DNSDIST_NOSSL),,--enable-dns-over-tls) \ - --enable-fstrm \ - --enable-libsodium \ - --enable-protobuf \ - --enable-re2 \ + --enable-dnstap \ + --with-libsodium \ + --with-protobuf \ + --with-re2 \ --with-lua=lua \ --with-net-snmp \ - $(if $(CONFIG_DNSDIST_GNUTLS),--enable,--disable)-gnutls \ - $(if $(CONFIG_DNSDIST_OPENSSL),--enable,--disable)-libssl + $(if $(CONFIG_DNSDIST_GNUTLS),--with,--without)-gnutls \ + $(if $(CONFIG_DNSDIST_OPENSSL),--with,--without)-libssl \ + $(if $(CONFIG_DNSDIST_DNS_OVER_TLS),--enable-dns-over-tls,) \ + $(if $(CONFIG_DNSDIST_DNS_OVER_HTTPS),--enable-dns-over-https,) define Package/dnsdist/install $(INSTALL_DIR) $(1)/etc diff --git a/net/dnsdist/patches/100-net-snmp-config-Use-netsnmp_agent_libs-instead-of-agent_libs.patch b/net/dnsdist/patches/100-net-snmp-config-Use-netsnmp_agent_libs-instead-of-agent_libs.patch deleted file mode 100644 index 49d72a973..000000000 --- a/net/dnsdist/patches/100-net-snmp-config-Use-netsnmp_agent_libs-instead-of-agent_libs.patch +++ /dev/null @@ -1,23 +0,0 @@ -From d73bc006c62e4340ab56dd4baba5bc8eb8e1db49 Mon Sep 17 00:00:00 2001 -From: Remi Gacogne -Date: Mon, 13 May 2019 16:01:06 +0200 -Subject: [PATCH] SNMP: Use net-snmp-config --netsnmp-agent-libs instead of - --agent-libs - ---- - m4/pdns_with_net_snmp.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/m4/pdns_with_net_snmp.m4 b/m4/pdns_with_net_snmp.m4 -index 8040672e6c..2da80c75fc 100644 ---- a/m4/pdns_with_net_snmp.m4 -+++ b/m4/pdns_with_net_snmp.m4 -@@ -10,7 +10,7 @@ AC_DEFUN([PDNS_WITH_NET_SNMP], [ - AS_IF([test "x$with_net_snmp" != "xno"], [ - AS_IF([test "x$with_net_snmp" = "xyes" -o "x$with_net_snmp" = "xauto"], [ - AC_CHECK_PROG([NET_SNMP_CFLAGS], [net-snmp-config], [`net-snmp-config --cflags`]) -- AC_CHECK_PROG([NET_SNMP_LIBS], [net-snmp-config], [`net-snmp-config --agent-libs`]) -+ AC_CHECK_PROG([NET_SNMP_LIBS], [net-snmp-config], [`net-snmp-config --netsnmp-agent-libs`]) - AC_CHECK_DECLS([snmp_select_info2], [ : ], [ : ], - [AC_INCLUDES_DEFAULT - #include diff --git a/net/dnsdist/patches/200-libatomic-detect.patch b/net/dnsdist/patches/200-libatomic-detect.patch deleted file mode 100644 index 29881cc4f..000000000 --- a/net/dnsdist/patches/200-libatomic-detect.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- a/m4/pdns_check_os.m4 -+++ b/m4/pdns_check_os.m4 -@@ -35,16 +35,21 @@ - AM_CONDITIONAL([HAVE_LINUX], [test "x$have_linux" = "xyes"]) - AM_CONDITIONAL([HAVE_SOLARIS], [test "x$have_solaris" = "xyes"]) - -- case "$host" in -- mips* | powerpc-* ) -- AC_MSG_CHECKING([whether the linker accepts -latomic]) -- LDFLAGS="-latomic $LDFLAGS" -- AC_LINK_IFELSE([m4_default([],[AC_LANG_PROGRAM()])], -- [AC_MSG_RESULT([yes])], -- [AC_MSG_ERROR([Unable to link against libatomic, cannot continue])] -- ) -- ;; -- esac -+ AC_MSG_CHECKING([whether -latomic is needed for __atomic builtins]) -+ AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM([[#include ]], -+ [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]] -+ )], -+ [AC_MSG_RESULT([no])], -+ [LIBS="$LIBS -latomic" -+ AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM([[#include ]], -+ [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]] -+ )], -+ [AC_MSG_RESULT([yes])], -+ [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, cannot continue])] -+ )] -+ ) - - AC_SUBST(THREADFLAGS) - AC_SUBST([DYNLINKFLAGS], [-export-dynamic]) diff --git a/net/dnsdist/patches/300-openssl-deprecated.patch b/net/dnsdist/patches/300-openssl-deprecated.patch deleted file mode 100644 index ff80ee255..000000000 --- a/net/dnsdist/patches/300-openssl-deprecated.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- a/tcpiohandler.cc -+++ b/tcpiohandler.cc -@@ -369,8 +369,10 @@ public: - } - - if (s_users.fetch_add(1) == 0) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_crypto_strings(); - OpenSSL_add_ssl_algorithms(); -+#endif - openssl_thread_setup(); - - s_ticketsKeyIndex = SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr); -@@ -439,6 +441,7 @@ public: - d_tlsCtx.reset(); - - if (s_users.fetch_sub(1) == 1) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_free_strings(); - - EVP_cleanup(); -@@ -448,6 +451,7 @@ public: - CONF_modules_unload(1); - - CRYPTO_cleanup_all_ex_data(); -+#endif - openssl_thread_cleanup(); - } - }