Merge pull request #2867 from dgazineu/patch-1

debootstrap: Filename, version and MD5SUM

CONTRIBUTING.md

@@ -5,7 +5,21 @@ Please make sure that all packages you commit or request to pull:
 * Have yourself or another person listed in the (PKG_)MAINTAINER field.
 * Will be updated regularly to maintained and supported versions.
 * Have no dependencies outside the openwrt core packages or this feed.
+* Are "run tested" (or at least compile tested)
 
-Please sign-off all your commits / pull requests to this repository. See:
-https://dev.openwrt.org/wiki/SubmittingPatches#a10.Signyourwork
+Please make sure that all commits you make to this repository:
+* Are signed-off (see https://dev.openwrt.org/wiki/SubmittingPatches#a10.Signyourwork)
+* Have a proper description (starting with <package-name>: / including <package-name>)
 
+If you have commit access:
+* Do NOT use git push --force.
+* Do NOT commit to other maintainer's packages without their consent.
+* Use Pull Requests if you are unsure and to suggest changes to other maintainers.
+
+Release Branches:
+* Branches named "for-XX.YY" (e.g. for-14.07) are release branches.
+* These branches are built with the respective OpenWrt release and are created
+  during the release stabilisation phase.
+* Please ONLY cherry-pick or commit security and bug-fixes to these branches.
+* Do NOT add new packages and do NOT do major upgrades of packages here.
+* If you are unsure if your change is suitable, please use a pull request.

admin/debootstrap/Makefile

@@ -9,13 +9,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=debootstrap
-PKG_VERSION:=1.0.60~bpo70+1
+PKG_VERSION:=1.0.64~bpo70+1
 PKG_RELEASE:=1
 PKG_MAINTAINER=Daniel Golle <daniel@makrotopia.org>
 
 PKG_SOURCE:=$(PKG_NAME)-udeb_$(PKG_VERSION)_all.udeb
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/d/debootstrap
-PKG_MD5SUM:=6d4e3b97981b9e0bb86f49d8edac91af
+PKG_MD5SUM:=554185ccc6cb27fc15d0e9cfed260cb5
 
 UNPACK_CMD=ar -p "$(DL_DIR)/$(PKG_SOURCE)" data.tar.xz | xzcat | tar -C $(1) -xf -
 

admin/monit/Makefile

@@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=monit
-PKG_VERSION:=5.8.1
-PKG_RELEASE:=2
+PKG_VERSION:=5.10
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://mmonit.com/monit/dist
-PKG_MD5SUM:=9467328f1da0b644a766a387443db2ea
+PKG_MD5SUM:=5b5b5cc7939b975bbbef73bd6426750a
 
 PKG_LICENSE:=AGPL-3.0
-PKG_LICENSE_FILES:=
+PKG_LICENSE_FILES:=COPYING
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_INSTALL:=1

admin/monit/patches/001-fix-default-piddir.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -13555,14 +13555,7 @@ fi
+@@ -13744,14 +13744,7 @@ fi
  # Find the right directory to put the root-mode PID file in
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking pid file location" >&5
  $as_echo_n "checking pid file location... " >&6; }

admin/zabbix/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2013 OpenWrt.org
+# Copyright (C) 2006-2014 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zabbix
-PKG_VERSION:=2.2.5
+PKG_VERSION:=2.4.3
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/zabbix
-PKG_MD5SUM:=e7b74a0208743f743585d9cc1d46eccf
+PKG_MD5SUM:=e8a0699c4e49999a15c63650a2280600
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=
@@ -31,7 +31,7 @@ define Package/zabbix/Default
   TITLE:=Zabbix
   URL:=http://www.zabbix.com/
   SUBMENU:=zabbix
-  MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
+  MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
 endef
 
 define Package/zabbix-agent

admin/zabbix/patches/001-cross_compile.patch

@@ -1,29 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -824,25 +824,8 @@ dnl ************************************
- 
- dnl Check for %qu format (FreeBSD 4.x)
- dnl FreeBSD 4.x does not support %llu
--AC_MSG_CHECKING(for long long format)
--AC_TRY_RUN(
--[
--#include <sys/types.h>
--int main()
--{
--        uint64_t i;
--
--        sscanf("200000000010020", "%qu", &i);
--
--        if (i == 200000000010020) return 0;
--        else return -1;
--}
--],
--AC_DEFINE(HAVE_LONG_LONG_QU, 1 ,[Define to 1 if format '%qu' exists.])
--AC_MSG_RESULT(yes),
--AC_MSG_RESULT(no))
--
- dnl option -rdynamic is needed for readable backtraces
-+
- AC_MSG_CHECKING(for -rdynamic linking option)
- saved_LDFLAGS="$LDFLAGS"
- LDFLAGS="-rdynamic $LDFLAGS"

admin/zabbix/patches/002-fix-res_send-on-uclibc.patch

@@ -13,15 +13,15 @@
  dnl *                                                               *
 --- a/src/libs/zbxsysinfo/common/net.c
 +++ b/src/libs/zbxsysinfo/common/net.c
-@@ -425,6 +425,7 @@ static int	dns_query(AGENT_REQUEST *requ
- 	if (-1 == res_init())	/* initialize always, settings might have changed */
+@@ -450,6 +450,7 @@ static int	dns_query(AGENT_REQUEST *requ
  		return SYSINFO_RET_FAIL;
+ 	}
  
 +#if defined(HAVE_RES_MKQUERY) && defined(HAVE_RES_SEND) 
  	if (-1 == (res = res_mkquery(QUERY, zone, C_IN, type, NULL, 0, NULL, buf, sizeof(buf))))
- 		return SYSINFO_RET_FAIL;
- 
-@@ -449,6 +450,11 @@ static int	dns_query(AGENT_REQUEST *requ
+ 	{
+ 		SET_MSG_RESULT(result, zbx_dsprintf(NULL, "Cannot create DNS query: %s", zbx_strerror(errno)));
+@@ -480,6 +481,11 @@ static int	dns_query(AGENT_REQUEST *requ
  	_res.retry = retry;
  
  	res = res_send(buf, res, answer.buffer, sizeof(answer.buffer));

admin/zabbix/patches/002-uclibc_loadavg.patch

@@ -1,8 +1,8 @@
 --- a/src/libs/zbxsysinfo/linux/cpu.c
 +++ b/src/libs/zbxsysinfo/linux/cpu.c
-@@ -21,6 +21,45 @@
- #include "sysinfo.h"
- #include "stats.h"
+@@ -62,6 +62,45 @@ int	SYSTEM_CPU_DISCOVERY(AGENT_REQUEST *
+ 	return SYSINFO_RET_OK;
+ }
  
 +
 +/* uclibc and dietlibc do not have this junk -ReneR */

admin/zabbix/patches/010-change-agentd-config.patch

@@ -50,11 +50,12 @@
  ### Option: HostnameItem
  #	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
  #	Does not support UserParameters or aliases.
-@@ -240,7 +231,7 @@ Hostname=Zabbix server
+@@ -249,8 +240,8 @@ Hostname=Zabbix server
  # Include=
  
  # Include=/usr/local/etc/zabbix_agentd.userparams.conf
 -# Include=/usr/local/etc/zabbix_agentd.conf.d/
+ # Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
 +Include=/etc/zabbix_agentd.conf.d/
  
  ####### USER-DEFINED MONITORED PARAMETERS #######

ipv6/aiccu/files/aiccu.sh

@@ -34,7 +34,7 @@ proto_aiccu_setup() {
 	echo "ipv6_interface $link"   >> "$CFGFILE"
 	[ -n "$server" ] && echo "server $server" >> "$CFGFILE"
 	[ -n "$protocol" ] && echo "protocol $protocol" >> "$CFGFILE"
-	[ -n "$tunnel_id" ] && echo "tunnel_id $tunnel_id"	  >> "$CFGFILE"
+	[ -n "$tunnelid" ] && echo "tunnel_id $tunnelid"	  >> "$CFGFILE"
 	[ -n "$requiretls" ] && echo "requiretls $requiretls"	   >> "$CFGFILE"
 	[ "$nat" == 1 ] && echo "behindnat true"     >> "$CFGFILE"
 	[ "$heartbeat"	== 1 ] && echo "makebeats true" >> "$CFGFILE"

lang/perl-compress-bzip2/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=perl-compress-bzip2
-PKG_VERSION:=2.17
+PKG_VERSION:=2.18
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://www.cpan.org/authors/id/R/RU/RURBAN/
 PKG_SOURCE:=Compress-Bzip2-$(PKG_VERSION).tar.gz
-PKG_MD5SUM:=d8b809f6efe3edb33f81d608c932b2ef
+PKG_MD5SUM:=c4a1995df9443cb97c28593cbbb23304
 
 PKG_LICENSE:=GPLv1+ ARTISTIC
 PKG_MAINTAINER:=Marcel Denia <naoir@gmx.net>

lang/perl-www/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=perl-www
 PKG_VERSION:=5.837
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=http://www.cpan.org/authors/id/G/GA/GAAS/
 PKG_SOURCE:=libwww-perl-$(PKG_VERSION).tar.gz

lang/perl-www/patches/010-lwp-https-call-verify-hostname-when-avail.patch

@@ -0,0 +1,41 @@
+commit 3b266f17ccd5613a9c42d1e04118e94ca6467489
+Author: Gisle Aas <gisle@aas.no>
+Date:   Sun Jan 16 12:56:30 2011 +0100
+
+    Call IO::Socket::SSL's verify_hostname when available
+
+--- a/lib/LWP/Protocol/https.pm
++++ b/lib/LWP/Protocol/https.pm
+@@ -14,6 +14,15 @@ sub socket_type
+ sub _check_sock
+ {
+     my($self, $req, $sock) = @_;
++    if ($sock->can("verify_hostname")) {
++	if (!$sock->verify_hostname($req->uri->host, "www")) {
++	    my $subject = $sock->peer_certificate("subject");
++	    die "SSL-peer fails verification [subject=$subject]\n";
++	}
++	else {
++	    $req->{ssl_sock_verified}++;
++	}
++    }
+     my $check = $req->header("If-SSL-Cert-Subject");
+     if (defined $check) {
+ 	my $cert = $sock->get_peer_certificate ||
+@@ -36,9 +45,14 @@ sub _get_sock_info
+ 	$res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
+ 	$res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
+     }
+-    if(! eval { $sock->get_peer_verify }) {
+-       $res->header("Client-SSL-Warning" => "Peer certificate not verified");
++    if (!$res->request->{ssl_sock_verified}) {
++	if(! eval { $sock->get_peer_verify }) {
++	    my $msg = "Peer certificate not verified";
++	    $msg .= " [$@]" if $@;
++	    $res->header("Client-SSL-Warning" => $msg);
++	}
+     }
++    $res->header("Client-SSL-Socket-Class" => $Net::HTTPS::SSL_SOCKET_CLASS);
+ }
+ 
+ #-----------------------------------------------------------

lang/perl-www/patches/020-lwp-https-verify-hostnames-by-default.patch

@@ -0,0 +1,113 @@
+commit 62dd58188d8f8987d24bd84951813a54a8bf5987
+Author: Gisle Aas <gisle@aas.no>
+Date:   Mon Jan 24 23:19:59 2011 +0100
+
+    Default to verifying hostnames when using SSL
+
+--- a/lib/LWP/Protocol/https.pm
++++ b/lib/LWP/Protocol/https.pm
+@@ -11,18 +11,30 @@ sub socket_type
+     return "https";
+ }
+ 
+-sub _check_sock
++sub _extra_sock_opts
+ {
+-    my($self, $req, $sock) = @_;
+-    if ($sock->can("verify_hostname")) {
+-	if (!$sock->verify_hostname($req->uri->host, "www")) {
+-	    my $subject = $sock->peer_certificate("subject");
+-	    die "SSL-peer fails verification [subject=$subject]\n";
+-	}
+-	else {
+-	    $req->{ssl_sock_verified}++;
++    my $self = shift;
++    my %ssl_opts = %{$self->{ua}{ssl_opts} || {}};
++    unless (exists $ssl_opts{SSL_verify_mode}) {
++	$ssl_opts{SSL_verify_mode} = 1;
++    }
++    if (delete $ssl_opts{verify_hostname}) {
++	$ssl_opts{SSL_verify_mode} ||= 1;
++	$ssl_opts{SSL_verifycn_scheme} = 'www';
++    }
++    if ($ssl_opts{SSL_verify_mode}) {
++	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
++	    require Mozilla::CA;
++	    $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
+ 	}
+     }
++    $self->{ssl_opts} = \%ssl_opts;
++    return (%ssl_opts, $self->SUPER::_extra_sock_opts);
++}
++
++sub _check_sock
++{
++    my($self, $req, $sock) = @_;
+     my $check = $req->header("If-SSL-Cert-Subject");
+     if (defined $check) {
+ 	my $cert = $sock->get_peer_certificate ||
+@@ -45,12 +57,11 @@ sub _get_sock_info
+ 	$res->header("Client-SSL-Cert-Subject" => $cert->subject_name);
+ 	$res->header("Client-SSL-Cert-Issuer" => $cert->issuer_name);
+     }
+-    if (!$res->request->{ssl_sock_verified}) {
+-	if(! eval { $sock->get_peer_verify }) {
+-	    my $msg = "Peer certificate not verified";
+-	    $msg .= " [$@]" if $@;
+-	    $res->header("Client-SSL-Warning" => $msg);
+-	}
++    if (!$self->{ssl_opts}{SSL_verify_mode}) {
++	$res->push_header("Client-SSL-Warning" => "Peer certificate not verified");
++    }
++    elsif (!$self->{ssl_opts}{SSL_verifycn_scheme}) {
++	$res->push_header("Client-SSL-Warning" => "Peer hostname match with certificate not verified");
+     }
+     $res->header("Client-SSL-Socket-Class" => $Net::HTTPS::SSL_SOCKET_CLASS);
+ }
+--- a/lib/LWP/UserAgent.pm
++++ b/lib/LWP/UserAgent.pm
+@@ -41,6 +41,7 @@ sub new
+     my $timeout = delete $cnf{timeout};
+     $timeout = 3*60 unless defined $timeout;
+     my $local_address = delete $cnf{local_address};
++    my $ssl_opts = delete $cnf{ssl_opts};
+     my $use_eval = delete $cnf{use_eval};
+     $use_eval = 1 unless defined $use_eval;
+     my $parse_head = delete $cnf{parse_head};
+@@ -83,6 +84,7 @@ sub new
+ 		      def_headers  => $def_headers,
+ 		      timeout      => $timeout,
+ 		      local_address => $local_address,
++		      ssl_opts     => { $ssl_opts ? %$ssl_opts  : (verify_hostname => 1) },
+ 		      use_eval     => $use_eval,
+                       show_progress=> $show_progress,
+ 		      max_size     => $max_size,
+@@ -582,6 +584,20 @@ sub max_size     { shift->_elem('max_siz
+ sub max_redirect { shift->_elem('max_redirect', @_); }
+ sub show_progress{ shift->_elem('show_progress', @_); }
+ 
++sub ssl_opts {
++    my $self = shift;
++    if (@_ == 1) {
++	my $k = shift;
++	return $self->{ssl_opts}{$k};
++    }
++    if (@_) {
++	%{$self->{ssl_opts}} = (%{$self->{ssl_opts}}, @_);
++    }
++    else {
++	return keys %{$self->{ssl_opts}};
++    }
++}
++
+ sub parse_head {
+     my $self = shift;
+     if (@_) {
+@@ -1040,6 +1056,7 @@ The following options correspond to attr
+    cookie_jar              undef
+    default_headers         HTTP::Headers->new
+    local_address           undef
++   ssl_opts		   { verify_hostname => 1 }
+    max_size                undef
+    max_redirect            7
+    parse_head              1

lang/perl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=perl
 PKG_VERSION:=5.20.0
-PKG_RELEASE:=4
+PKG_RELEASE:=6
 
 PKG_SOURCE_URL:=ftp://ftp.cpan.org/pub/CPAN/src/5.0 \
 		http://www.cpan.org/src/5.0/perl-5.20.0.tar.gz \
@@ -68,6 +68,7 @@ endef
 
 define Host/Install
 	( cd $(HOST_BUILD_DIR); ./miniperl installperl )
+	$(INSTALL_DIR) $(HOST_PERL_PREFIX)/bin/
 	$(CP) $(HOST_BUILD_DIR)/generate_uudmap $(HOST_PERL_PREFIX)/bin/
 endef
 
@@ -99,13 +100,16 @@ endef
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/lib/perl5/5.20/CORE
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/perl5/5.20/CORE/*.h $(1)/usr/lib/perl5/5.20/CORE/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/perl5/5.20 $(1)/usr/lib/perl5/
 endef
 
 define Package/perl/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/perl$(PKG_VERSION) $(1)/usr/bin
 	ln -nsf perl$(PKG_VERSION) $(1)/usr/bin/perl
+
+	$(INSTALL_DIR) $(1)/usr/lib/perl5/5.20/CORE
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/perl5/5.20/CORE/libperl.so $(1)/usr/lib/perl5/5.20/CORE/
 endef
 
 

lang/perl/files/config.sh-arm.in

@@ -53,7 +53,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -739,14 +738,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -830,7 +829,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@maia.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -1002,7 +1001,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1109,7 +1108,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1156,6 +1155,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-armeb.in

@@ -53,7 +53,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -739,14 +738,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -830,7 +829,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@maia.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -1002,7 +1001,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1109,7 +1108,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1156,6 +1155,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-avr32.in

@@ -53,7 +53,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -741,14 +740,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -832,7 +831,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@maia.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -1004,7 +1003,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1111,7 +1110,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1158,6 +1157,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-i486.in

@@ -51,7 +51,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -732,14 +731,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -821,7 +820,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@maia.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -991,7 +990,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1094,7 +1093,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1141,6 +1140,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-mips.in

@@ -53,7 +53,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -739,14 +738,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -830,7 +829,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@merope.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -1002,7 +1001,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1109,7 +1108,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1156,6 +1155,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-mipsel.in

@@ -51,7 +51,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -732,14 +731,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -821,7 +820,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@merope.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -991,7 +990,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1094,7 +1093,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1141,6 +1140,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-powerpc.in

@@ -53,7 +53,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -601,13 +600,13 @@ html1direxp=''
 html3dir=' '
 html3direxp=''
 i16size='2'
-i16type='short'
+i16type='signed short'
 i32size='4'
-i32type='long'
+i32type='signed long'
 i64size='8'
-i64type='long long'
+i64type='signed long long'
 i8size='1'
-i8type='char'
+i8type='signed char'
 i_arpainet='define'
 i_bsdioctl=''
 i_crypt='define'
@@ -739,14 +738,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -830,7 +829,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@maia.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -1002,7 +1001,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1109,7 +1108,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='2147483647'
@@ -1156,6 +1155,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/files/config.sh-x86_64.in

@@ -51,7 +51,6 @@ castflags='0'
 cat='cat'
 cc='%%CC%%'
 cccdlflags='-fPIC'
-ccdlflags='-Wl,-E'
 ccflags='%%CFLAGS%%'
 ccflags_uselargefiles='-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
 ccname='gcc'
@@ -732,14 +731,14 @@ ldlibpthname='LD_LIBRARY_PATH'
 less='less'
 lib_ext='.a'
 libc=''
-libperl='libperl.a'
+libperl='libperl.so'
 libpth='%%LIBDIRS%%'
-libs='-lgdbm -ldb -lnsl -ldl -lm -lcrypt -lutil -lc'
+libs='-lgdbm -ldb -ldl -lm -lcrypt -lutil -lc'
 libsdirs='%%LIBDIRS%%'
-libsfiles=' libnsl.so libdl.so libm.so libcrypt.so libutil.so libc.so'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+libsfiles=' libdl.so libm.so libcrypt.so libutil.so libc.so'
+#libsfound=' /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 libspath='%%LIBDIRS%%'
-libswanted='sfio socket inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
+libswanted='sfio socket inet nm ndbm gdbm dbm db malloc dl dld ld sun m crypt sec util c cposix posix ucb BSD'
 libswanted_uselargefiles=''
 line=''
 lint=''
@@ -821,7 +820,7 @@ perl5=''
 perl=''
 perl_patchlevel=''
 perladmin='root@maia.dev.null'
-perllibs='-lnsl -ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
+perllibs='-ldl -lm -lcrypt -lutil -lc %%EXTRA_PERLLIBS%%'
 perlpath='/usr/bin/perl'
 pg='pg'
 phostname='hostname'
@@ -991,7 +990,7 @@ useposix='true'
 usereentrant='undef'
 userelocatableinc='undef'
 usesfio='false'
-useshrplib='false'
+useshrplib='true'
 usesitecustomize='undef'
 usesocks='undef'
 usethreads='undef'
@@ -1094,7 +1093,7 @@ i_stdbool='define'
 i_syspoll='define'
 #incpth='/usr/lib/gcc/i486-slackware-linux/4.8.2/include /usr/local/include /usr/lib/gcc/i486-slackware-linux/4.8.2/include-fixed /usr/include'
 ld_can_script='define'
-#libsfound=' /usr/lib/libnsl.so /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
+#libsfound=' /usr/lib/libgdbm.so /usr/lib/libdb.so /usr/lib/libdl.so /usr/lib/libm.so /usr/lib/libcrypt.so /usr/lib/libutil.so /usr/lib/libc.so'
 nv_overflows_integers_at='0'
 perl_static_inline='static __inline__'
 sGMTIME_max='67768036191676799'
@@ -1141,6 +1140,7 @@ version_patchlevel_string='version 20 subversion 0'
 PERL_VERSION=20
 PERL_API_VERSION=20
 patchlevel='20'
+ccdlflags='-fPIC -Wl,-rpath,/usr/lib/perl5/5.20/CORE'
 
 # Make perl use these tools instead of the target binaries during build.
 hostgenerate='%%HOSTGENERATE%%'

lang/perl/perlbase.mk

@@ -48,7 +48,7 @@ TITLE:=attributes perl module
 endef
 
 define Package/perlbase-attributes/install
-$(call perlmod/Install,$(1),attributes.pm,)
+$(call perlmod/Install,$(1),attributes.pm auto/attributes,)
 endef
 
 $(eval $(call BuildPackage,perlbase-attributes))
@@ -192,7 +192,7 @@ TITLE:=charnames perl module
 endef
 
 define Package/perlbase-charnames/install
-$(call perlmod/Install,$(1),charnames.pm,)
+$(call perlmod/Install,$(1),charnames.pm _charnames.pm,)
 endef
 
 $(eval $(call BuildPackage,perlbase-charnames))
@@ -228,7 +228,7 @@ TITLE:=Config perl module
 endef
 
 define Package/perlbase-config/install
-$(call perlmod/Install,$(1),Config Config.pm Config_heavy.pl,)
+$(call perlmod/Install,$(1),Config Config.pm Config_heavy.pl Config_git.pl,)
 endef
 
 $(eval $(call BuildPackage,perlbase-config))
@@ -458,7 +458,7 @@ TITLE:=essential perl module
 endef
 
 define Package/perlbase-essential/install
-$(call perlmod/Install,$(1),Carp Carp.pm Exporter Exporter.pm constant.pm lib.pm locale.pm overload.pm strict.pm subs.pm vars.pm warnings warnings.pm overloading.pm,)
+$(call perlmod/Install,$(1),Carp Carp.pm Exporter Exporter.pm constant.pm lib.pm locale.pm overload.pm overloading.pm parent.pm strict.pm subs.pm vars.pm warnings warnings.pm deprecate.pm,)
 endef
 
 $(eval $(call BuildPackage,perlbase-essential))
@@ -786,7 +786,7 @@ TITLE:=mro perl module
 endef
 
 define Package/perlbase-mro/install
-$(call perlmod/Install,$(1),mro.pm,)
+$(call perlmod/Install,$(1),mro.pm auto/mro,)
 endef
 
 $(eval $(call BuildPackage,perlbase-mro))
@@ -1160,7 +1160,7 @@ TITLE:=Tie perl module
 endef
 
 define Package/perlbase-tie/install
-$(call perlmod/Install,$(1),Tie,)
+$(call perlmod/Install,$(1),Tie auto/Tie,)
 endef
 
 $(eval $(call BuildPackage,perlbase-tie))
@@ -1244,7 +1244,7 @@ TITLE:=version perl module
 endef
 
 define Package/perlbase-version/install
-$(call perlmod/Install,$(1),version.pm,)
+$(call perlmod/Install,$(1),version.pm version,)
 endef
 
 $(eval $(call BuildPackage,perlbase-version))

libs/apr-util/Makefile

@@ -12,7 +12,7 @@ PKG_VERSION:=1.5.3
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://mirrors.ibiblio.org/apache/apr/
+PKG_SOURCE_URL:=https://archive.apache.org/dist/apr/
 PKG_MD5SUM:=6f3417691c7a27090f36e7cf4d94b36e
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
 PKG_LICENSE:=Apache License

libs/gnutls/Config.in

@@ -38,7 +38,7 @@ config GNUTLS_PSK
 
 config GNUTLS_ANON
 	bool "enable anonymous authentication support"
-	default n
+	default y
 
 config GNUTLS_PKCS11
 	bool "enable smart card (PKCS11) support"

libs/gnutls/Makefile

@@ -8,18 +8,33 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gnutls
-PKG_VERSION:=3.2.15
+PKG_VERSION:=3.3.16
 PKG_RELEASE:=1
+PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2
-PKG_MD5SUM:=ec3b06f80e312137386c5d322183ca5a
+PKG_SOURCE_URL:=ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3
+PKG_MD5SUM:=c2143db71a57248f7bdb2fb6acd6b567
 PKG_MAINTAINER:=Nikos Mavrogiannopoulos <nmav@gnutls.org>
 
 PKG_INSTALL:=1
 PKG_LIBTOOL_PATHS:=. lib
 PKG_CHECK_FORMAT_SECURITY:=0
 
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_GNUTLS_ALPN \
+	CONFIG_GNUTLS_ANON \
+	CONFIG_GNUTLS_CRYPTODEV \
+	CONFIG_GNUTLS_DTLS_SRTP \
+	CONFIG_GNUTLS_EXT_LIBTASN1 \
+	CONFIG_GNUTLS_HEARTBEAT \
+	CONFIG_GNUTLS_OCSP \
+	CONFIG_GNUTLS_OPENPGP \
+	CONFIG_GNUTLS_PKCS11 \
+	CONFIG_GNUTLS_PSK \
+	CONFIG_GNUTLS_SRP \
+	CONFIG_LIBNETTLE_MINI \
+
 include $(INCLUDE_DIR)/package.mk
 
 
@@ -107,6 +122,7 @@ CONFIGURE_ARGS+= \
 	--disable-doc \
 	--disable-tests \
 	--disable-rsa-export \
+	--with-default-trust-store-dir=/etc/ssl/certs/ \
 	--disable-crywrap
 
 ifneq ($(CONFIG_GNUTLS_EXT_LIBTASN1),y)

libs/gnutls/patches/0001-nn-hash.patch

@@ -1,28 +0,0 @@
-diff --git a/lib/accelerated/x86/x86-common.h b/lib/accelerated/x86/x86-common.h
-index 03fc8de..647c7d6 100644
---- a/lib/accelerated/x86/x86-common.h
-+++ b/lib/accelerated/x86/x86-common.h
-@@ -29,11 +29,13 @@ extern unsigned int _gnutls_x86_cpuid_s[4];
- void gnutls_cpuid(unsigned int func, unsigned int *ax, unsigned int *bx,
- 		  unsigned int *cx, unsigned int *dx);
- 
--#ifdef ASM_X86_32
-+# ifdef ASM_X86_32
- unsigned int gnutls_have_cpuid(void);
--#else
--#define gnutls_have_cpuid() 1
--#endif				/* ASM_X86_32 */
-+# else
-+#  define gnutls_have_cpuid() 1
-+# endif				/* ASM_X86_32 */
-+
-+#endif
- 
- #define NN_HASH(name, update_func, digest_func, NAME) {	\
-  #name,						\
-@@ -44,5 +46,3 @@ unsigned int gnutls_have_cpuid(void);
-  (nettle_hash_update_func *) update_func,	\
-  (nettle_hash_digest_func *) digest_func	\
- } 
--
--#endif

libs/gnutls/patches/001-ai-idn-remove.patch

@@ -0,0 +1,15 @@
+diff --git a/src/socket.c b/src/socket.c
+index 82c6252..e2feda9 100644
+--- a/src/socket.c
++++ b/src/socket.c
+@@ -241,10 +241,6 @@ socket_open(socket_st * hd, const char *hostname, const char *service,
+ 	/* get server name */
+ 	memset(&hints, 0, sizeof(hints));
+ 
+-#ifdef AI_IDN
+-	hints.ai_flags = AI_IDN|AI_IDN_ALLOW_UNASSIGNED;
+-#endif
+-
+ 	hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
+ 	if ((err = getaddrinfo(hostname, service, &hints, &res))) {
+ 		fprintf(stderr, "Cannot resolve %s:%s: %s\n", hostname,

libs/libevent/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libevent
-PKG_VERSION:=1.4.14b
-PKG_RELEASE:=2
+PKG_VERSION:=1.4.15
+PKG_RELEASE:=1
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-stable
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-stable.tar.gz
-PKG_SOURCE_URL:=https://github.com/downloads/libevent/libevent/
-PKG_MD5SUM:=a00e037e4d3f9e4fe9893e8a2d27918c
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-release-$(PKG_VERSION)-stable
+PKG_SOURCE:=release-$(PKG_VERSION)-stable.tar.gz
+PKG_SOURCE_URL:=https://github.com/libevent/libevent/archive/
+PKG_MD5SUM:=6dce6fe39f133c09ffe63de895805f7f
 PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
 
 PKG_FIXUP:=autoreconf

libs/libftdi/Makefile

@@ -20,6 +20,7 @@ PKG_LICENSE:=LGPL-2.0
 PKG_LICENSE_FILES:=COPYING.LIB
 
 PKG_INSTALL:=1
+PKG_USE_MIPS16:=0
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

libs/libftdi1/Makefile

@@ -20,6 +20,7 @@ PKG_LICENSE:=LGPL-2.0
 PKG_LICENSE_FILES:=COPYING.LIB
 
 PKG_INSTALL:=1
+PKG_USE_MIPS16:=0
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

libs/libpam/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libpam
 PKG_VERSION:=1.1.8
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=Linux-PAM-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://www.linux-pam.org/library/

libs/libpam/patches/007-cve-2014-2583.patch

@@ -0,0 +1,52 @@
+From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Wed, 26 Mar 2014 22:17:23 +0000
+Subject: pam_timestamp: fix potential directory traversal issue (ticket #27)
+
+pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
+the timestamp pathname it creates, so extra care should be taken to
+avoid potential directory traversal issues.
+
+* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
+"." and ".." tty values as invalid.
+(get_ruser): Treat "." and ".." ruser values, as well as any ruser
+value containing '/', as invalid.
+
+Fixes CVE-2014-2583.
+
+Reported-by: Sebastian Krahmer <krahmer@suse.de>
+
+diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
+index 5193733..b3f08b1 100644
+--- a/modules/pam_timestamp/pam_timestamp.c
++++ b/modules/pam_timestamp/pam_timestamp.c
+@@ -158,7 +158,7 @@ check_tty(const char *tty)
+ 		tty = strrchr(tty, '/') + 1;
+ 	}
+ 	/* Make sure the tty wasn't actually a directory (no basename). */
+-	if (strlen(tty) == 0) {
++	if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
+ 		return NULL;
+ 	}
+ 	return tty;
+@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
+ 		if (pwd != NULL) {
+ 			ruser = pwd->pw_name;
+ 		}
++	} else {
++		/*
++		 * This ruser is used by format_timestamp_name as a component
++		 * of constructed timestamp pathname, so ".", "..", and '/'
++		 * are disallowed to avoid potential path traversal issues.
++		 */
++		if (!strcmp(ruser, ".") ||
++		    !strcmp(ruser, "..") ||
++		    strchr(ruser, '/')) {
++			ruser = NULL;
++		}
+ 	}
+ 	if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
+ 		*ruserbuf = '\0';
+-- 
+cgit v0.10.2
+

libs/libpng/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libpng
-PKG_VERSION:=1.2.51
+PKG_VERSION:=1.2.56
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@SF/libpng
-PKG_MD5SUM:=4efba67fa5aa2b785c6fcec2cc3e90c9
+PKG_MD5SUM:=868562bd1c58b76ed8703f135a2e439a
 PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
 
 PKG_LICENSE:=Libpng GPL-2.0+ BSD-3-Clause

libs/libtasn1/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libtasn1
-PKG_VERSION:=4.0
+PKG_VERSION:=4.4
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.gnu.org/gnu/libtasn1
-PKG_MD5SUM:=d3d2d9bce3b6668b9827a9df52635be1
+PKG_MD5SUM:=c26d76d1309dd339365c563076599912
 
 #PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
@@ -24,6 +24,7 @@ define Package/libtasn1
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=An ASN.1 and DER structures manipulation library
+  MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
   URL:=ftp://ftp.gnu.org/gnu/libtasn1/
 endef
 

libs/libtorrent/Makefile

@@ -50,11 +50,6 @@ CONFIGURE_ARGS+= \
 	--enable-openssl \
 	--disable-instrumentation
 
-define Build/Configure
-	( cd $(PKG_BUILD_DIR); ./autogen.sh );
-	$(call Build/Configure/Default)
-endef
-
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/torrent $(1)/usr/include/

libs/libxml2/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libxml2
-PKG_VERSION:=2.9.1
-PKG_RELEASE:=1
+PKG_VERSION:=2.9.2
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://gd.tuwien.ac.at/languages/libxml/ \
 	http://xmlsoft.org/sources/ \
 	ftp://fr.rpmfind.net/pub/libxml/
-PKG_MD5SUM:=9c0cfef285d5c4a5c80d00904ddab380
+PKG_MD5SUM:=9e6a9aca9d155737868b3dc5fd82f788
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
@@ -71,7 +71,7 @@ CONFIGURE_ARGS += \
 	--with-xinclude \
 	--with-xpath \
 	--with-xptr \
-	--with-zlib \
+	--with-zlib=$(STAGING_DIR)/usr \
 	--without-lzma
 
 define Build/InstallDev

libs/nacl/Makefile

@@ -9,13 +9,15 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nacl
 PKG_VERSION:=20110221
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://hyperelliptic.org/nacl
 PKG_MD5SUM:=7efb5715561c3d10dafd3fa97b4f2d20
 
+PKG_USE_MIPS16:=0
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/nacl

libs/p11-kit/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=p11-kit
-PKG_VERSION:=0.20.2
+PKG_VERSION:=0.20.7
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MD5SUM:=757b97ee4ac0ce598661a90cd784c4f1
+PKG_MD5SUM:=6648cad01a3080b685b8b3bf7372c91a
 PKG_SOURCE_URL:=http://p11-glue.freedesktop.org/releases/
 
 PKG_INSTALL:=1

libs/protobuf-c/Makefile

@@ -18,6 +18,7 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=6136f54b221ab8883731349d01f34b01812e391d
 
 PKG_INSTALL:=1
+PKG_FIXUP:=autoreconf
 
 PKG_MAINTAINER:=Jacob Siverskog <jacob@teenageengineering.com>
 
@@ -42,11 +43,6 @@ CONFIGURE_ARGS += \
 	--enable-static \
 	--disable-protoc
 
-define Build/Configure
-	cd $(PKG_BUILD_DIR) && ./autogen.sh
-	$(call Build/Configure/Default)
-endef
-
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/

libs/sqlite3/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sqlite
-PKG_VERSION:=3080500
+PKG_VERSION:=3080704
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-autoconf-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.sqlite.org/2014/
-PKG_MD5SUM:=0544ef6d7afd8ca797935ccc2685a9ed
+PKG_MD5SUM:=33bb8db0038317ce1b0480ca1185c7ba
 
 PKG_LICENSE:=PUBLICDOMAIN
 PKG_LICENSE_FILES:=

libs/tiff/Makefile

@@ -0,0 +1,108 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tiff
+PKG_VERSION:=4.0.3
+PKG_RELEASE:=3
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://download.osgeo.org/libtiff
+PKG_MD5SUM:=051c1068e6a0627f461948c365290410
+
+PKG_FIXUP:=autoreconf
+PKG_REMOVE_FILES:=autogen.sh aclocal.m4
+
+PKG_LICENSE:=BSD
+PKG_LICENSE_FILES:=COPYRIGHT
+
+PKG_INSTALL:=1
+
+PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_libtiffxx
+
+include $(INCLUDE_DIR)/uclibc++.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Package/tiff/Default
+  TITLE:=TIFF
+  URL:=http://www.remotesensing.org/libtiff/
+  MAINTAINER:=Jiri Slachta <slachta@cesnet.cz>
+endef
+
+define Package/libtiff
+$(call Package/tiff/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE+= library
+  DEPENDS:=+zlib +libjpeg
+endef
+
+define Package/libtiffxx
+$(call Package/tiff/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE+= library(c++ bindings)
+  DEPENDS:=+libtiff $(CXX_DEPENDS)
+endef
+
+define Package/tiff-utils
+$(call Package/tiff/Default)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE+= utilities
+  DEPENDS:=+libtiff
+endef
+
+TARGET_CFLAGS += $(FPIC)
+
+define Build/Configure
+	$(call Build/Configure/Default, \
+		$(if $(CONFIG_PACKAGE_libtiffxx), \
+			--enable-cxx, \
+			--disable-cxx \
+		) \
+		--disable-lzma \
+		--enable-ccitt \
+		--enable-packbits \
+		--enable-lzw \
+		--enable-thunder \
+		--enable-next \
+		--enable-logluv \
+		--enable-mdi \
+		--enable-zlib \
+		--enable-jpeg \
+		--disable-old-jpeg \
+		--disable-jbig \
+		--without-x \
+	)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/{lib,include}
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib* $(1)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
+endef
+
+define Package/libtiff/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libtiff.so.* $(1)/usr/lib/
+endef
+
+define Package/libtiffxx/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libtiffxx.so.* $(1)/usr/lib/
+endef
+
+define Package/tiff-utils/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,libtiff))
+$(eval $(call BuildPackage,libtiffxx))
+$(eval $(call BuildPackage,tiff-utils))

libs/tiff/patches/001-autoconf-compat.patch

@@ -0,0 +1,31 @@
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -25,7 +25,7 @@
+ 
+ docdir = $(LIBTIFF_DOCDIR)
+ 
+-AUTOMAKE_OPTIONS = 1.12 dist-zip foreign
++AUTOMAKE_OPTIONS = dist-zip foreign
+ ACLOCAL_AMFLAGS = -I m4
+ 
+ docfiles = \
+@@ -48,7 +48,7 @@ EXTRA_DIST = \
+ 
+ dist_doc_DATA = $(docfiles)
+ 
+-SUBDIRS = port libtiff tools build contrib test man html
++SUBDIRS = port libtiff tools build contrib
+ 
+ release:
+ 	(rm -f $(top_srcdir)/RELEASE-DATE && echo $(LIBTIFF_RELEASE_DATE) > $(top_srcdir)/RELEASE-DATE)
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -23,7 +23,7 @@
+ 
+ # Process this file with automake to produce Makefile.in.
+ 
+-AUTOMAKE_OPTIONS = 1.12 color-tests parallel-tests foreign
++AUTOMAKE_OPTIONS = color-tests parallel-tests foreign
+ 
+ LIBTIFF = $(top_builddir)/libtiff/libtiff.la
+ 

libs/tiff/patches/010-CVE-2012-4564.patch

@@ -0,0 +1,31 @@
+Index: tiff-4.0.3/tools/ppm2tiff.c
+===================================================================
+--- tiff-4.0.3.orig/tools/ppm2tiff.c	2013-06-23 10:36:50.779629492 -0400
++++ tiff-4.0.3/tools/ppm2tiff.c	2013-06-23 10:36:50.775629494 -0400
+@@ -89,6 +89,7 @@
+ 	int c;
+ 	extern int optind;
+ 	extern char* optarg;
++	tmsize_t scanline_size;
+ 
+ 	if (argc < 2) {
+ 	    fprintf(stderr, "%s: Too few arguments\n", argv[0]);
+@@ -237,8 +238,16 @@
+ 	}
+ 	if (TIFFScanlineSize(out) > linebytes)
+ 		buf = (unsigned char *)_TIFFmalloc(linebytes);
+-	else
+-		buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++	else {
++		scanline_size = TIFFScanlineSize(out);
++		if (scanline_size != 0)
++			buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++		else {
++			fprintf(stderr, "%s: scanline size overflow\n",infile);
++			(void) TIFFClose(out);
++			exit(-2);
++			}
++		}
+ 	if (resolution > 0) {
+ 		TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
+ 		TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);

libs/tiff/patches/011-CVE-2013-1960.patch

@@ -0,0 +1,146 @@
+Index: tiff-4.0.3/tools/tiff2pdf.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiff2pdf.c	2013-06-23 10:36:50.979629486 -0400
++++ tiff-4.0.3/tools/tiff2pdf.c	2013-06-23 10:36:50.975629486 -0400
+@@ -3341,33 +3341,56 @@
+ 	uint32 height){
+ 
+ 	tsize_t i=0;
+-	uint16 ri =0;
+-	uint16 v_samp=1;
+-	uint16 h_samp=1;
+-	int j=0;
+-	
+-	i++;
+-	
+-	while(i<(*striplength)){
++
++	while (i < *striplength) {
++		tsize_t datalen;
++		uint16 ri;
++		uint16 v_samp;
++		uint16 h_samp;
++		int j;
++		int ncomp;
++
++		/* marker header: one or more FFs */
++		if (strip[i] != 0xff)
++			return(0);
++		i++;
++		while (i < *striplength && strip[i] == 0xff)
++			i++;
++		if (i >= *striplength)
++			return(0);
++		/* SOI is the only pre-SOS marker without a length word */
++		if (strip[i] == 0xd8)
++			datalen = 0;
++		else {
++			if ((*striplength - i) <= 2)
++				return(0);
++			datalen = (strip[i+1] << 8) | strip[i+2];
++			if (datalen < 2 || datalen >= (*striplength - i))
++				return(0);
++		}
+ 		switch( strip[i] ){
+-			case 0xd8:
+-				/* SOI - start of image */
++			case 0xd8:	/* SOI - start of image */
+ 				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
+ 				*bufferoffset+=2;
+-				i+=2;
+ 				break;
+-			case 0xc0:
+-			case 0xc1:
+-			case 0xc3:
+-			case 0xc9:
+-			case 0xca:
++			case 0xc0:	/* SOF0 */
++			case 0xc1:	/* SOF1 */
++			case 0xc3:	/* SOF3 */
++			case 0xc9:	/* SOF9 */
++			case 0xca:	/* SOF10 */
+ 				if(no==0){
+-					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-					for(j=0;j<buffer[*bufferoffset+9];j++){
+-						if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) 
+-							h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
+-						if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) 
+-							v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
++					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
++					ncomp = buffer[*bufferoffset+9];
++					if (ncomp < 1 || ncomp > 4)
++						return(0);
++					v_samp=1;
++					h_samp=1;
++					for(j=0;j<ncomp;j++){
++						uint16 samp = buffer[*bufferoffset+11+(3*j)];
++						if( (samp>>4) > h_samp) 
++							h_samp = (samp>>4);
++						if( (samp & 0x0f) > v_samp) 
++							v_samp = (samp & 0x0f);
+ 					}
+ 					v_samp*=8;
+ 					h_samp*=8;
+@@ -3381,45 +3404,43 @@
+                                           (unsigned char) ((height>>8) & 0xff);
+ 					buffer[*bufferoffset+6]=
+                                             (unsigned char) (height & 0xff);
+-					*bufferoffset+=strip[i+2]+2;
+-					i+=strip[i+2]+2;
+-
++					*bufferoffset+=datalen+2;
++					/* insert a DRI marker */
+ 					buffer[(*bufferoffset)++]=0xff;
+ 					buffer[(*bufferoffset)++]=0xdd;
+ 					buffer[(*bufferoffset)++]=0x00;
+ 					buffer[(*bufferoffset)++]=0x04;
+ 					buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
+ 					buffer[(*bufferoffset)++]= ri & 0xff;
+-				} else {
+-					i+=strip[i+2]+2;
+ 				}
+ 				break;
+-			case 0xc4:
+-			case 0xdb:
+-				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-				*bufferoffset+=strip[i+2]+2;
+-				i+=strip[i+2]+2;
++			case 0xc4: /* DHT */
++			case 0xdb: /* DQT */
++				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
++				*bufferoffset+=datalen+2;
+ 				break;
+-			case 0xda:
++			case 0xda: /* SOS */
+ 				if(no==0){
+-					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-					*bufferoffset+=strip[i+2]+2;
+-					i+=strip[i+2]+2;
++					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
++					*bufferoffset+=datalen+2;
+ 				} else {
+ 					buffer[(*bufferoffset)++]=0xff;
+ 					buffer[(*bufferoffset)++]=
+                                             (unsigned char)(0xd0 | ((no-1)%8));
+-					i+=strip[i+2]+2;
+ 				}
+-				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
+-				*bufferoffset+=(*striplength)-i-1;
++				i += datalen + 1;
++				/* copy remainder of strip */
++				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
++				*bufferoffset+= *striplength - i;
+ 				return(1);
+ 			default:
+-				i+=strip[i+2]+2;
++				/* ignore any other marker */
++				break;
+ 		}
++		i += datalen + 1;
+ 	}
+-	
+ 
++	/* failed to find SOS marker */
+ 	return(0);
+ }
+ #endif

libs/tiff/patches/012-CVE-2013-1961.patch

@@ -0,0 +1,768 @@
+Index: tiff-4.0.3/contrib/dbs/xtiff/xtiff.c
+===================================================================
+--- tiff-4.0.3.orig/contrib/dbs/xtiff/xtiff.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/contrib/dbs/xtiff/xtiff.c	2013-06-23 10:36:51.147629484 -0400
+@@ -512,9 +512,9 @@
+     Arg args[1];
+ 
+     if (tfMultiPage)
+-        sprintf(buffer, "%s - page %d", fileName, tfDirectory);
++        snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory);
+     else
+-        strcpy(buffer, fileName);
++        snprintf(buffer, sizeof(buffer), "%s", fileName);
+     XtSetArg(args[0], XtNlabel, buffer);
+     XtSetValues(labelWidget, args, 1);
+ }
+Index: tiff-4.0.3/libtiff/tif_dirinfo.c
+===================================================================
+--- tiff-4.0.3.orig/libtiff/tif_dirinfo.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/libtiff/tif_dirinfo.c	2013-06-23 10:36:51.147629484 -0400
+@@ -711,7 +711,7 @@
+ 	 * note that this name is a special sign to TIFFClose() and
+ 	 * _TIFFSetupFields() to free the field
+ 	 */
+-	sprintf(fld->field_name, "Tag %d", (int) tag);
++	snprintf(fld->field_name, 32, "Tag %d", (int) tag);
+ 
+ 	return fld;    
+ }
+Index: tiff-4.0.3/libtiff/tif_codec.c
+===================================================================
+--- tiff-4.0.3.orig/libtiff/tif_codec.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/libtiff/tif_codec.c	2013-06-23 10:36:51.151629482 -0400
+@@ -108,7 +108,8 @@
+ 	const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression);
+         char compression_code[20];
+         
+-        sprintf( compression_code, "%d", tif->tif_dir.td_compression );
++        snprintf(compression_code, sizeof(compression_code), "%d",
++		 tif->tif_dir.td_compression );
+ 	TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                      "%s compression support is not configured", 
+                      c ? c->name : compression_code );
+Index: tiff-4.0.3/tools/tiffdither.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiffdither.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/tools/tiffdither.c	2013-06-23 10:36:51.151629482 -0400
+@@ -260,7 +260,7 @@
+ 		TIFFSetField(out, TIFFTAG_FILLORDER, fillorder);
+ 	else
+ 		CopyField(TIFFTAG_FILLORDER, shortv);
+-	sprintf(thing, "Dithered B&W version of %s", argv[optind]);
++	snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]);
+ 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
+ 	CopyField(TIFFTAG_PHOTOMETRIC, shortv);
+ 	CopyField(TIFFTAG_ORIENTATION, shortv);
+Index: tiff-4.0.3/tools/rgb2ycbcr.c
+===================================================================
+--- tiff-4.0.3.orig/tools/rgb2ycbcr.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/tools/rgb2ycbcr.c	2013-06-23 10:36:51.151629482 -0400
+@@ -332,7 +332,8 @@
+ 	TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
+ 	{ char buf[2048];
+ 	  char *cp = strrchr(TIFFFileName(in), '/');
+-	  sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in));
++	  snprintf(buf, sizeof(buf), "YCbCr conversion of %s",
++		   cp ? cp+1 : TIFFFileName(in));
+ 	  TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf);
+ 	}
+ 	TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion());
+Index: tiff-4.0.3/tools/tiff2pdf.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiff2pdf.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/tools/tiff2pdf.c	2013-06-23 10:36:51.151629482 -0400
+@@ -3630,7 +3630,9 @@
+ 	char buffer[16];
+ 	int buflen=0;
+ 	
+-	buflen=sprintf(buffer, "%%PDF-%u.%u ", t2p->pdf_majorversion&0xff, t2p->pdf_minorversion&0xff);
++	buflen = snprintf(buffer, sizeof(buffer), "%%PDF-%u.%u ",
++			  t2p->pdf_majorversion&0xff,
++			  t2p->pdf_minorversion&0xff);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t)"\n%\342\343\317\323\n", 7);
+ 
+@@ -3644,10 +3646,10 @@
+ tsize_t t2p_write_pdf_obj_start(uint32 number, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 
+-	buflen=sprintf(buffer, "%lu", (unsigned long)number);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen );
+ 	written += t2pWriteFile(output, (tdata_t) " 0 obj\n", 7);
+ 
+@@ -3686,13 +3688,13 @@
+ 	written += t2pWriteFile(output, (tdata_t) "/", 1);
+ 	for (i=0;i<namelen;i++){
+ 		if ( ((unsigned char)name[i]) < 0x21){
+-			sprintf(buffer, "#%.2X", name[i]);
++			snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 			buffer[sizeof(buffer) - 1] = '\0';
+ 			written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 			nextchar=1;
+ 		}
+ 		if ( ((unsigned char)name[i]) > 0x7E){
+-			sprintf(buffer, "#%.2X", name[i]);
++			snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 			buffer[sizeof(buffer) - 1] = '\0';
+ 			written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 			nextchar=1;
+@@ -3700,57 +3702,57 @@
+ 		if (nextchar==0){
+ 			switch (name[i]){
+ 				case 0x23:
+-					sprintf(buffer, "#%.2X", name[i]);
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x25:
+-					sprintf(buffer, "#%.2X", name[i]);
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x28:
+-					sprintf(buffer, "#%.2X", name[i]);
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x29:
+-					sprintf(buffer, "#%.2X", name[i]); 
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x2F:
+-					sprintf(buffer, "#%.2X", name[i]); 
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x3C:
+-					sprintf(buffer, "#%.2X", name[i]); 
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x3E:
+-					sprintf(buffer, "#%.2X", name[i]);
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x5B:
+-					sprintf(buffer, "#%.2X", name[i]); 
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x5D:
+-					sprintf(buffer, "#%.2X", name[i]);
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x7B:
+-					sprintf(buffer, "#%.2X", name[i]); 
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+ 				case 0x7D:
+-					sprintf(buffer, "#%.2X", name[i]); 
++					snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); 
+ 					buffer[sizeof(buffer) - 1] = '\0';
+ 					written += t2pWriteFile(output, (tdata_t) buffer, 3);
+ 					break;
+@@ -3865,14 +3867,14 @@
+ tsize_t t2p_write_pdf_stream_dict(tsize_t len, uint32 number, TIFF* output){
+ 	
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 	
+ 	written += t2pWriteFile(output, (tdata_t) "/Length ", 8);
+ 	if(len!=0){
+ 		written += t2p_write_pdf_stream_length(len, output);
+ 	} else {
+-		buflen=sprintf(buffer, "%lu", (unsigned long)number);
++		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
+ 	}
+@@ -3913,10 +3915,10 @@
+ tsize_t t2p_write_pdf_stream_length(tsize_t len, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 
+-	buflen=sprintf(buffer, "%lu", (unsigned long)len);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)len);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "\n", 1);
+ 
+@@ -3930,7 +3932,7 @@
+ tsize_t t2p_write_pdf_catalog(T2P* t2p, TIFF* output)
+ {
+ 	tsize_t written = 0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen = 0;
+ 
+ 	written += t2pWriteFile(output, 
+@@ -3969,7 +3971,6 @@
+ 		written += t2p_write_pdf_string(t2p->pdf_datetime, output);
+ 	}
+ 	written += t2pWriteFile(output, (tdata_t) "\n/Producer ", 11);
+-	_TIFFmemset((tdata_t)buffer, 0x00, sizeof(buffer));
+ 	snprintf(buffer, sizeof(buffer), "libtiff / tiff2pdf - %d", TIFFLIB_VERSION);
+ 	written += t2p_write_pdf_string(buffer, output);
+ 	written += t2pWriteFile(output, (tdata_t) "\n", 1);
+@@ -4110,7 +4111,7 @@
+ {
+ 	tsize_t written=0;
+ 	tdir_t i=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 
+ 	int page=0;
+@@ -4118,7 +4119,7 @@
+ 		(tdata_t) "<< \n/Type /Pages \n/Kids [ ", 26);
+ 	page = t2p->pdf_pages+1;
+ 	for (i=0;i<t2p->tiff_pagecount;i++){
+-		buflen=sprintf(buffer, "%d", page);
++		buflen=snprintf(buffer, sizeof(buffer), "%d", page);
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+ 		if ( ((i+1)%8)==0 ) {
+@@ -4133,8 +4134,7 @@
+ 		}
+ 	}
+ 	written += t2pWriteFile(output, (tdata_t) "] \n/Count ", 10);
+-	_TIFFmemset(buffer, 0x00, 16);
+-	buflen=sprintf(buffer, "%d", t2p->tiff_pagecount);
++	buflen=snprintf(buffer, sizeof(buffer), "%d", t2p->tiff_pagecount);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " \n>> \n", 6);
+ 
+@@ -4149,28 +4149,28 @@
+ 
+ 	unsigned int i=0;
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[256];
+ 	int buflen=0;
+ 
+ 	written += t2pWriteFile(output, (tdata_t) "<<\n/Type /Page \n/Parent ", 24);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_pages);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_pages);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
+ 	written += t2pWriteFile(output, (tdata_t) "/MediaBox [", 11); 
+-	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x1);
++	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x1);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " ", 1); 
+-	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y1);
++	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y1);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " ", 1); 
+-	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x2);
++	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x2);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " ", 1); 
+-	buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y2);
++	buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y2);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "] \n", 3); 
+ 	written += t2pWriteFile(output, (tdata_t) "/Contents ", 10);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)(object + 1));
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(object + 1));
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
+ 	written += t2pWriteFile(output, (tdata_t) "/Resources << \n", 15);
+@@ -4178,15 +4178,13 @@
+ 		written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
+ 		for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i++){
+ 			written += t2pWriteFile(output, (tdata_t) "/Im", 3);
+-			buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
++			buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
+ 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			written += t2pWriteFile(output, (tdata_t) "_", 1);
+-			buflen = sprintf(buffer, "%u", i+1);
++			buflen = snprintf(buffer, sizeof(buffer), "%u", i+1);
+ 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			written += t2pWriteFile(output, (tdata_t) " ", 1);
+-			buflen = sprintf(
+-				buffer, 
+-				"%lu", 
++			buflen = snprintf(buffer, sizeof(buffer), "%lu",
+ 				(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); 
+ 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+@@ -4198,12 +4196,10 @@
+ 	} else {
+ 			written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
+ 			written += t2pWriteFile(output, (tdata_t) "/Im", 3);
+-			buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
++			buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
+ 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			written += t2pWriteFile(output, (tdata_t) " ", 1);
+-			buflen = sprintf(
+-				buffer, 
+-				"%lu", 
++			buflen = snprintf(buffer, sizeof(buffer), "%lu",
+ 				(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); 
+ 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+@@ -4212,9 +4208,7 @@
+ 	if(t2p->tiff_transferfunctioncount != 0) {
+ 		written += t2pWriteFile(output, (tdata_t) "/ExtGState <<", 13);
+ 		t2pWriteFile(output, (tdata_t) "/GS1 ", 5);
+-		buflen = sprintf(
+-			buffer, 
+-			"%lu", 
++		buflen = snprintf(buffer, sizeof(buffer), "%lu",
+ 			(unsigned long)(object + 3)); 
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+@@ -4587,7 +4581,7 @@
+ 	if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount>0){ 
+ 		for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount; i++){
+ 			box=t2p->tiff_tiles[t2p->pdf_page].tiles_tiles[i].tile_box;
+-			buflen=sprintf(buffer, 
++			buflen=snprintf(buffer, sizeof(buffer), 
+ 				"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d_%ld Do Q\n", 
+ 				t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
+ 				box.mat[0],
+@@ -4602,7 +4596,7 @@
+ 		}
+ 	} else {
+ 		box=t2p->pdf_imagebox;
+-		buflen=sprintf(buffer, 
++		buflen=snprintf(buffer, sizeof(buffer), 
+ 			"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d Do Q\n", 
+ 			t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
+ 			box.mat[0],
+@@ -4627,59 +4621,48 @@
+ 												TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 
+ 	written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output); 
+ 	written += t2pWriteFile(output, 
+ 		(tdata_t) "/Type /XObject \n/Subtype /Image \n/Name /Im", 
+ 		42);
+-	buflen=sprintf(buffer, "%u", t2p->pdf_page+1);
++	buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	if(tile != 0){
+ 		written += t2pWriteFile(output, (tdata_t) "_", 1);
+-		buflen=sprintf(buffer, "%lu", (unsigned long)tile);
++		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)tile);
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	}
+ 	written += t2pWriteFile(output, (tdata_t) "\n/Width ", 8);
+-	_TIFFmemset((tdata_t)buffer, 0x00, 16);
+ 	if(tile==0){
+-		buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_width);
++		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_width);
+ 	} else {
+ 		if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
+-			buflen=sprintf(
+-				buffer, 
+-				"%lu", 
++			buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
+ 		} else {
+-			buflen=sprintf(
+-				buffer, 
+-				"%lu", 
++			buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
+ 		}
+ 	}
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "\n/Height ", 9);
+-	_TIFFmemset((tdata_t)buffer, 0x00, 16);
+ 	if(tile==0){
+-		buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_length);
++		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_length);
+ 	} else {
+ 		if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
+-			buflen=sprintf(
+-				buffer, 
+-				"%lu", 
++			buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
+ 		} else {
+-			buflen=sprintf(
+-				buffer, 
+-				"%lu", 
++			buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 				(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
+ 		}
+ 	}
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "\n/BitsPerComponent ", 19);
+-	_TIFFmemset((tdata_t)buffer, 0x00, 16);
+-	buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
++	buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "\n/ColorSpace ", 13);
+ 	written += t2p_write_pdf_xobject_cs(t2p, output);
+@@ -4723,11 +4706,10 @@
+ 		t2p->pdf_colorspace ^= T2P_CS_PALETTE;
+ 		written += t2p_write_pdf_xobject_cs(t2p, output);
+ 		t2p->pdf_colorspace |= T2P_CS_PALETTE;
+-		buflen=sprintf(buffer, "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
++		buflen=snprintf(buffer, sizeof(buffer), "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " ", 1);
+-		_TIFFmemset(buffer, 0x00, 16);
+-		buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_palettecs ); 
++		buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_palettecs ); 
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ]\n", 7);
+ 		return(written);
+@@ -4761,10 +4743,10 @@
+ 			X_W /= Y_W;
+ 			Z_W /= Y_W;
+ 			Y_W = 1.0F;
+-			buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
++			buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
+ 			written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			written += t2pWriteFile(output, (tdata_t) "/Range ", 7);
+-			buflen=sprintf(buffer, "[%d %d %d %d] \n", 
++			buflen=snprintf(buffer, sizeof(buffer), "[%d %d %d %d] \n", 
+ 				t2p->pdf_labrange[0], 
+ 				t2p->pdf_labrange[1], 
+ 				t2p->pdf_labrange[2], 
+@@ -4780,26 +4762,26 @@
+ tsize_t t2p_write_pdf_transfer(T2P* t2p, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 
+ 	written += t2pWriteFile(output, (tdata_t) "<< /Type /ExtGState \n/TR ", 25);
+ 	if(t2p->tiff_transferfunctioncount == 1){
+-		buflen=sprintf(buffer, "%lu",
++		buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 			       (unsigned long)(t2p->pdf_xrefcount + 1));
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+ 	} else {
+ 		written += t2pWriteFile(output, (tdata_t) "[ ", 2);
+-		buflen=sprintf(buffer, "%lu",
++		buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 			       (unsigned long)(t2p->pdf_xrefcount + 1));
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+-		buflen=sprintf(buffer, "%lu",
++		buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 			       (unsigned long)(t2p->pdf_xrefcount + 2));
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+-		buflen=sprintf(buffer, "%lu",
++		buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 			       (unsigned long)(t2p->pdf_xrefcount + 3));
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
+@@ -4821,7 +4803,7 @@
+ 	written += t2pWriteFile(output, (tdata_t) "/FunctionType 0 \n", 17);
+ 	written += t2pWriteFile(output, (tdata_t) "/Domain [0.0 1.0] \n", 19);
+ 	written += t2pWriteFile(output, (tdata_t) "/Range [0.0 1.0] \n", 18);
+-	buflen=sprintf(buffer, "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
++	buflen=snprintf(buffer, sizeof(buffer), "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "/BitsPerSample 16 \n", 19);
+ 	written += t2p_write_pdf_stream_dict(((tsize_t)1)<<(t2p->tiff_bitspersample+1), 0, output);
+@@ -4848,7 +4830,7 @@
+ tsize_t t2p_write_pdf_xobject_calcs(T2P* t2p, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[128];
++	char buffer[256];
+ 	int buflen=0;
+ 	
+ 	float X_W=0.0;
+@@ -4916,16 +4898,16 @@
+ 	written += t2pWriteFile(output, (tdata_t) "<< \n", 4);
+ 	if(t2p->pdf_colorspace & T2P_CS_CALGRAY){
+ 		written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
+-		buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
++		buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) "/Gamma 2.2 \n", 12);
+ 	}
+ 	if(t2p->pdf_colorspace & T2P_CS_CALRGB){
+ 		written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
+-		buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
++		buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
+ 		written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 		written += t2pWriteFile(output, (tdata_t) "/Matrix ", 8);
+-		buflen=sprintf(buffer, "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", 
++		buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", 
+ 			X_R, Y_R, Z_R, 
+ 			X_G, Y_G, Z_G, 
+ 			X_B, Y_B, Z_B); 
+@@ -4944,11 +4926,11 @@
+ tsize_t t2p_write_pdf_xobject_icccs(T2P* t2p, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 	
+ 	written += t2pWriteFile(output, (tdata_t) "[/ICCBased ", 11);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_icccs);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_icccs);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " 0 R] \n", 7);
+ 
+@@ -4958,11 +4940,11 @@
+ tsize_t t2p_write_pdf_xobject_icccs_dict(T2P* t2p, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 	
+ 	written += t2pWriteFile(output, (tdata_t) "/N ", 3);
+-	buflen=sprintf(buffer, "%u \n", t2p->tiff_samplesperpixel);
++	buflen=snprintf(buffer, sizeof(buffer), "%u \n", t2p->tiff_samplesperpixel);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) "/Alternate ", 11);
+ 	t2p->pdf_colorspace ^= T2P_CS_ICCBASED;
+@@ -5027,7 +5009,7 @@
+ tsize_t t2p_write_pdf_xobject_stream_filter(ttile_t tile, T2P* t2p, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[16];
++	char buffer[32];
+ 	int buflen=0;
+ 
+ 	if(t2p->pdf_compression==T2P_COMPRESS_NONE){
+@@ -5042,41 +5024,33 @@
+ 			written += t2pWriteFile(output, (tdata_t) "<< /K -1 ", 9);
+ 			if(tile==0){
+ 				written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
+-				buflen=sprintf(buffer, "%lu",
++				buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 					       (unsigned long)t2p->tiff_width);
+ 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
+-				buflen=sprintf(buffer, "%lu",
++				buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 					       (unsigned long)t2p->tiff_length);
+ 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 			} else {
+ 				if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
+ 					written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
+-					buflen=sprintf(
+-						buffer, 
+-						"%lu", 
++					buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
+ 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				} else {
+ 					written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
+-					buflen=sprintf(
+-						buffer, 
+-						"%lu", 
++					buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
+ 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				}
+ 				if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
+ 					written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
+-					buflen=sprintf(
+-						buffer, 
+-						"%lu", 
++					buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
+ 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				} else {
+ 					written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
+-					buflen=sprintf(
+-						buffer, 
+-						"%lu", 
++					buflen=snprintf(buffer, sizeof(buffer), "%lu",
+ 						(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
+ 					written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				}
+@@ -5103,21 +5077,17 @@
+ 			if(t2p->pdf_compressionquality%100){
+ 				written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13);
+ 				written += t2pWriteFile(output, (tdata_t) "<< /Predictor ", 14);
+-				_TIFFmemset(buffer, 0x00, 16);
+-				buflen=sprintf(buffer, "%u", t2p->pdf_compressionquality%100);
++				buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_compressionquality%100);
+ 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				written += t2pWriteFile(output, (tdata_t) " /Columns ", 10);
+-				_TIFFmemset(buffer, 0x00, 16);
+-				buflen = sprintf(buffer, "%lu",
++				buflen = snprintf(buffer, sizeof(buffer), "%lu",
+ 						 (unsigned long)t2p->tiff_width);
+ 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				written += t2pWriteFile(output, (tdata_t) " /Colors ", 9);
+-				_TIFFmemset(buffer, 0x00, 16);
+-				buflen=sprintf(buffer, "%u", t2p->tiff_samplesperpixel);
++				buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_samplesperpixel);
+ 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				written += t2pWriteFile(output, (tdata_t) " /BitsPerComponent ", 19);
+-				_TIFFmemset(buffer, 0x00, 16);
+-				buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
++				buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
+ 				written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 				written += t2pWriteFile(output, (tdata_t) ">>\n", 3);
+ 			}
+@@ -5137,16 +5107,16 @@
+ tsize_t t2p_write_pdf_xreftable(T2P* t2p, TIFF* output){
+ 
+ 	tsize_t written=0;
+-	char buffer[21];
++	char buffer[64];
+ 	int buflen=0;
+ 	uint32 i=0;
+ 
+ 	written += t2pWriteFile(output, (tdata_t) "xref\n0 ", 7);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+ 	written += t2pWriteFile(output, (tdata_t) " \n0000000000 65535 f \n", 22);
+ 	for (i=0;i<t2p->pdf_xrefcount;i++){
+-		sprintf(buffer, "%.10lu 00000 n \n",
++		snprintf(buffer, sizeof(buffer), "%.10lu 00000 n \n",
+ 			(unsigned long)t2p->pdf_xrefoffsets[i]);
+ 		written += t2pWriteFile(output, (tdata_t) buffer, 20);
+ 	}
+@@ -5170,17 +5140,14 @@
+ 		snprintf(t2p->pdf_fileid + i, 9, "%.8X", rand());
+ 
+ 	written += t2pWriteFile(output, (tdata_t) "trailer\n<<\n/Size ", 17);
+-	buflen = sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
++	buflen = snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+-	_TIFFmemset(buffer, 0x00, 32);	
+ 	written += t2pWriteFile(output, (tdata_t) "\n/Root ", 7);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_catalog);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_catalog);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+-	_TIFFmemset(buffer, 0x00, 32);	
+ 	written += t2pWriteFile(output, (tdata_t) " 0 R \n/Info ", 12);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_info);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_info);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+-	_TIFFmemset(buffer, 0x00, 32);	
+ 	written += t2pWriteFile(output, (tdata_t) " 0 R \n/ID[<", 11);
+ 	written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
+ 				sizeof(t2p->pdf_fileid) - 1);
+@@ -5188,9 +5155,8 @@
+ 	written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
+ 				sizeof(t2p->pdf_fileid) - 1);
+ 	written += t2pWriteFile(output, (tdata_t) ">]\n>>\nstartxref\n", 16);
+-	buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_startxref);
++	buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_startxref);
+ 	written += t2pWriteFile(output, (tdata_t) buffer, buflen);
+-	_TIFFmemset(buffer, 0x00, 32);	
+ 	written += t2pWriteFile(output, (tdata_t) "\n%%EOF\n", 7);
+ 
+ 	return(written);
+Index: tiff-4.0.3/tools/tiff2ps.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiff2ps.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/tools/tiff2ps.c	2013-06-23 10:36:51.155629481 -0400
+@@ -1781,8 +1781,8 @@
+ 		imageOp = "imagemask";
+ 
+ 	(void)strcpy(im_x, "0");
+-	(void)sprintf(im_y, "%lu", (long) h);
+-	(void)sprintf(im_h, "%lu", (long) h);
++	(void)snprintf(im_y, sizeof(im_y), "%lu", (long) h);
++	(void)snprintf(im_h, sizeof(im_h), "%lu", (long) h);
+ 	tile_width = w;
+ 	tile_height = h;
+ 	if (TIFFIsTiled(tif)) {
+@@ -1803,7 +1803,7 @@
+ 		}
+ 		if (tile_height < h) {
+ 			fputs("/im_y 0 def\n", fd);
+-			(void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
++			(void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
+ 		}
+ 	} else {
+ 		repeat_count = tf_numberstrips;
+@@ -1815,7 +1815,7 @@
+ 			fprintf(fd, "/im_h %lu def\n",
+ 			    (unsigned long) tile_height);
+ 			(void)strcpy(im_h, "im_h");
+-			(void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
++			(void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
+ 		}
+ 	}
+ 
+Index: tiff-4.0.3/tools/tiffcrop.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiffcrop.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/tools/tiffcrop.c	2013-06-23 10:36:51.159629481 -0400
+@@ -2077,7 +2077,7 @@
+         return 1;
+         }
+ 
+-      sprintf (filenum, "-%03d%s", findex, export_ext);
++      snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext);
+       filenum[14] = '\0';
+       strncat (exportname, filenum, 15);
+       }
+@@ -2230,8 +2230,8 @@
+ 
+           /* dump.infilename is guaranteed to be NUL termimated and have 20 bytes 
+              fewer than PATH_MAX */ 
+-          memset (temp_filename, '\0', PATH_MAX + 1);              
+-          sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images,
++          snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s",
++		   dump.infilename, dump_images,
+                   (dump.format == DUMP_TEXT) ? "txt" : "raw");
+           if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL)
+             {
+@@ -2249,8 +2249,8 @@
+ 
+           /* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes 
+              fewer than PATH_MAX */ 
+-          memset (temp_filename, '\0', PATH_MAX + 1);              
+-          sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images,
++          snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s",
++		   dump.outfilename, dump_images,
+                   (dump.format == DUMP_TEXT) ? "txt" : "raw");
+           if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL)
+             {
+Index: tiff-4.0.3/tools/tiff2bw.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiff2bw.c	2013-06-23 10:36:51.163629483 -0400
++++ tiff-4.0.3/tools/tiff2bw.c	2013-06-23 10:36:51.159629481 -0400
+@@ -205,7 +205,7 @@
+ 		}
+ 	}
+ 	TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK);
+-	sprintf(thing, "B&W version of %s", argv[optind]);
++	snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]);
+ 	TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
+ 	TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
+ 	outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));

libs/tiff/patches/013-CVE-2013-4231.patch

@@ -0,0 +1,17 @@
+Description: Buffer overflow in gif2tiff
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2450
+Bug-Debian: http://bugs.debian.org/719303
+
+Index: tiff-4.0.3/tools/gif2tiff.c
+===================================================================
+--- tiff-4.0.3.orig/tools/gif2tiff.c	2013-08-22 11:46:11.960846910 -0400
++++ tiff-4.0.3/tools/gif2tiff.c	2013-08-22 11:46:11.956846910 -0400
+@@ -333,6 +333,8 @@
+     int status = 1;
+ 
+     datasize = getc(infile);
++    if (datasize > 12)
++	return 0;
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;

libs/tiff/patches/014-CVE-2013-4232.patch

@@ -0,0 +1,18 @@
+Description: use after free in tiff2pdf
+Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2449
+Bug-Debian: http://bugs.debian.org/719303
+
+Index: tiff-4.0.3/tools/tiff2pdf.c
+===================================================================
+--- tiff-4.0.3.orig/tools/tiff2pdf.c	2013-08-22 11:46:37.292847242 -0400
++++ tiff-4.0.3/tools/tiff2pdf.c	2013-08-22 11:46:37.292847242 -0400
+@@ -2461,7 +2461,8 @@
+ 					(unsigned long) t2p->tiff_datasize, 
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+-			  _TIFFfree(buffer);
++				_TIFFfree(buffer);
++				return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;

libs/tiff/patches/015-CVE-2013-4244.patch

@@ -0,0 +1,18 @@
+Description: OOB write in gif2tiff
+Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
+
+Index: tiff-4.0.3/tools/gif2tiff.c
+===================================================================
+--- tiff-4.0.3.orig/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
++++ tiff-4.0.3/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
+@@ -400,6 +400,10 @@
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;

libs/tiff/patches/016-CVE-2013-4243.patch

@@ -0,0 +1,37 @@
+Index: tiff/tools/gif2tiff.c
+===================================================================
+--- tiff.orig/tools/gif2tiff.c
++++ tiff/tools/gif2tiff.c
+@@ -280,6 +280,10 @@ readgifimage(char* mode)
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
++    if (width == 0 || height == 0) {
++        fprintf(stderr, "Invalid value of width or height\n");
++        return(0);
++    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+@@ -404,6 +408,10 @@ process(register int code, unsigned char
+             fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+             return 0;
+         }
++        if (*fill >= raster + width*height) {
++            fprintf(stderr, "raster full before eoi code\n");
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
+@@ -434,6 +442,10 @@ process(register int code, unsigned char
+     }
+     oldcode = incode;
+     do {
++        if (*fill >= raster + width*height) {
++            fprintf(stderr, "raster full before eoi code\n");
++            return 0;
++        }
+ 	*(*fill)++ = *--stackp;
+     } while (stackp > stack);
+     return 1;

multimedia/mjpg-streamer/Makefile

@@ -52,7 +52,7 @@ CAMBOZOLA:=cambozola-latest.tar.gz
 define Download/cambozola
   URL:=http://www.andywilcock.com/code/cambozola
   FILE:=$(CAMBOZOLA)
-  MD5SUM:=6c48fd994685d4d72668850eeb613e24
+  MD5SUM:=c9b0da91f8e6e72efccd307e04e2b75b
 endef
 
 # Fetch latest cambozola that works with latest Java(s)

net/ddns-scripts/Makefile

@@ -2,7 +2,8 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ddns-scripts
 PKG_VERSION:=1.0.0
-PKG_RELEASE:=22
+PKG_RELEASE:=23
+PKG_LICENSE:=GPL-2.0
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 
@@ -14,6 +15,7 @@ define Package/ddns-scripts
         SUBMENU:=IP Addresses and Names
 	TITLE:=Dynamic DNS Scripts
 	PKGARCH:=all
+	MAINTAINER:=Christian Schoenebeck <christian.schoenebeck@gmail.com>
 endef
 
 define Package/ddns-scripts/description

net/ddns-scripts/files/etc/hotplug.d/iface/25-ddns

@@ -1,9 +1,7 @@
 #!/bin/sh
 
-. /usr/lib/ddns/dynamic_dns_functions.sh
-
 if [ "$ACTION" = "ifup" ]; then
-	start_daemon_for_all_ddns_sections "$INTERFACE"
+	. /usr/lib/ddns/dynamic_dns_functions.sh
+	/etc/init.d/ddns enabled && start_daemon_for_all_ddns_sections "$INTERFACE"
 fi
 
-

net/ddns-scripts/files/etc/init.d/ddns

@@ -1,6 +1,10 @@
 #!/bin/sh /etc/rc.common
 START=95
 
+boot() {
+	return 0
+}
+
 start() {
 	. /usr/lib/ddns/dynamic_dns_functions.sh
 	start_daemon_for_all_ddns_sections

net/ddns-scripts/files/usr/lib/ddns/dynamic_dns_updater.sh~

@@ -1,360 +0,0 @@
-#!/bin/sh
-# /usr/lib/dynamic_dns/dynamic_dns_updater.sh
-#
-# Written by Eric Paul Bishop, Janary 2008
-# Distributed under the terms of the GNU General Public License (GPL) version 2.0
-#
-# This script is (loosely) based on the one posted by exobyte in the forums here:
-# http://forum.openwrt.org/viewtopic.php?id=14040
-#
-
-. /usr/lib/ddns/dynamic_dns_functions.sh
-
-
-service_id=$1
-if [ -z "$service_id" ]
-then
-	echo "ERRROR: You must specify a service id (the section name in the /etc/config/ddns file) to initialize dynamic DNS."
-	return 1
-fi
-
-#default mode is verbose_mode, but easily turned off with second parameter
-verbose_mode="1"
-if [ -n "$2" ]
-then
-	verbose_mode="$2"
-fi
-
-###############################################################
-# Leave this comment here, to clearly document variable names
-# that are expected/possible
-#
-# Now use load_all_config_options to load config
-# options, which is a much more flexible solution.
-#
-#
-#config_load "ddns"
-#
-#config_get enabled $service_id enabled
-#config_get service_name $service_id service_name
-#config_get update_url $service_id update_url
-#
-#
-#config_get username $service_id username
-#config_get password $service_id password
-#config_get domain $service_id domain
-#
-#
-#config_get use_https $service_id use_https
-#config_get use_syslog $service_id use_syslog
-#config_get cacert $service_id cacert
-#
-#config_get ip_source $service_id ip_source
-#config_get ip_interface $service_id ip_interface
-#config_get ip_network $service_id ip_network
-#config_get ip_url $service_id ip_url
-#
-#config_get force_interval $service_id force_interval
-#config_get force_unit $service_id force_unit
-#
-#config_get check_interval $service_id check_interval
-#config_get check_unit $service_id check_unit
-#########################################################
-load_all_config_options "ddns" "$service_id"
-
-
-#some defaults
-if [ -z "$check_interval" ]
-then
-	check_interval=600
-fi
-
-if [ -z "$retry_interval" ]
-then
-	retry_interval=60
-fi
-
-if [ -z "$check_unit" ]
-then
-	check_unit="seconds"
-fi
-
-if [ -z "$force_interval" ]
-then
-	force_interval=72
-fi
-
-if [ -z "$force_unit" ]
-then
-	force_unit="hours"
-fi
-
-if [ -z $use_syslog ]
-then
-	use_syslog=0
-fi
-
-if [ -z "$use_https" ]
-then
-	use_https=0
-fi
-
-
-#some constants
-
-retrieve_prog="/usr/bin/wget -O - ";
-if [ "x$use_https" = "x1" ]
-then
-	/usr/bin/wget --version 2>&1 |grep -q "\+ssl"
-	if [ $? -eq 0 ]
-	then
-		if [ -f "$cacert" ]
-		then
-			retrieve_prog="${retrieve_prog}--ca-certificate=${cacert} "
-		elif [ -d "$cacert" ]
-		then
-			retrieve_prog="${retrieve_prog}--ca-directory=${cacert} "
-		fi
-	else
-		retrieve_prog="/usr/bin/curl "
-		if [ -f "$cacert" ]
-		then
-			retrieve_prog="${retrieve_prog}--cacert $cacert "
-		elif [ -d "$cacert" ]
-		then
-			retrieve_prog="${retrieve_prog}--capath $cacert "
-		fi
-	fi
-fi
-
-
-service_file="/usr/lib/ddns/services"
-
-ip_regex="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
-
-NEWLINE_IFS='
-'
-
-#determine what update url we're using if the service_name is supplied
-if [ -n "$service_name" ]
-then
-	#remove any lines not containing data, and then make sure fields are enclosed in double quotes
-	quoted_services=$(cat $service_file |  grep "^[\t ]*[^#]" |  awk ' gsub("\x27", "\"") { if ($1~/^[^\"]*$/) $1="\""$1"\"" }; { if ( $NF~/^[^\"]*$/) $NF="\""$NF"\""  }; { print $0 }' )
-
-
-	#echo "quoted_services = $quoted_services"
-	OLD_IFS=$IFS
-	IFS=$NEWLINE_IFS
-	for service_line in $quoted_services
-	do
-		#grep out proper parts of data and use echo to remove quotes
-		next_name=$(echo $service_line | grep -o "^[\t ]*\"[^\"]*\"" | xargs -r -n1 echo)
-		next_url=$(echo $service_line | grep -o "\"[^\"]*\"[\t ]*$" | xargs -r -n1 echo)
-
-		if [ "$next_name" = "$service_name" ]
-		then
-			update_url=$next_url
-		fi
-	done
-	IFS=$OLD_IFS
-fi
-
-if [ "x$use_https" = x1 ]
-then
-	update_url=$(echo $update_url | sed -e 's/^http:/https:/')
-fi
-
-verbose_echo "update_url=$update_url"
-
-#if this service isn't enabled then quit
-if [ "$enabled" != "1" ] 
-then
-	return 0
-fi
-
-#compute update interval in seconds
-case "$force_unit" in
-	"days" )
-		force_interval_seconds=$(($force_interval*60*60*24))
-		;;
-	"hours" )
-		force_interval_seconds=$(($force_interval*60*60))
-		;;
-	"minutes" )
-		force_interval_seconds=$(($force_interval*60))
-		;;
-	"seconds" )
-		force_interval_seconds=$force_interval
-		;;
-	* )
-		#default is hours
-		force_interval_seconds=$(($force_interval*60*60))
-		;;
-esac
-
-
-#compute check interval in seconds
-case "$check_unit" in
-	"days" )
-		check_interval_seconds=$(($check_interval*60*60*24))
-		;;
-	"hours" )
-		check_interval_seconds=$(($check_interval*60*60))
-		;;
-	"minutes" )
-		check_interval_seconds=$(($check_interval*60))
-		;;
-	"seconds" )
-		check_interval_seconds=$check_interval
-		;;
-	* )
-		#default is seconds
-		check_interval_seconds=$check_interval
-		;;
-esac
-
-
-#compute retry interval in seconds
-case "$retry_unit" in
-	"days" )
-		retry_interval_seconds=$(($retry_interval*60*60*24))
-		;;
-	"hours" )
-		retry_interval_seconds=$(($retry_interval*60*60))
-		;;
-	"minutes" )
-		retry_interval_seconds=$(($retry_interval*60))
-		;;
-	"seconds" )
-		retry_interval_seconds=$retry_interval
-		;;
-	* )
-		#default is seconds
-		retry_interval_seconds=$retry_interval
-		;;
-esac
-
-
-verbose_echo "force seconds = $force_interval_seconds"
-verbose_echo "check seconds = $check_interval_seconds"
-
-#kill old process if it exists & set new pid file
-if [ -d /var/run/dynamic_dns ]
-then
-	#if process is already running, stop it
-	if [ -e "/var/run/dynamic_dns/$service_id.pid" ]
-	then
-		old_pid=$(cat /var/run/dynamic_dns/$service_id.pid)
-		test_match=$(ps | grep "^[\t ]*$old_pid")
-		verbose_echo "old process id (if it exists) = \"$test_match\""
-		if [ -n  "$test_match" ]
-		then
-			kill $old_pid
-		fi
-	fi
-
-else
-	#make dir since it doesn't exist
-	mkdir /var/run/dynamic_dns
-fi
-echo $$ > /var/run/dynamic_dns/$service_id.pid
-
-
-
-
-#determine when the last update was
-current_time=$(monotonic_time)
-last_update=$(( $current_time - (2*$force_interval_seconds) ))
-if [ -e "/var/run/dynamic_dns/$service_id.update" ]
-then
-	last_update=$(cat /var/run/dynamic_dns/$service_id.update)
-fi
-time_since_update=$(($current_time - $last_update))
-
-
-human_time_since_update=$(( $time_since_update / ( 60 * 60 ) ))
-verbose_echo "time_since_update = $human_time_since_update hours"
-
-
-
-#do update and then loop endlessly, checking ip every check_interval and forcing an updating once every force_interval
-
-while [ true ]
-do
-	registered_ip=$(echo $(nslookup "$domain" 2>/dev/null) |  grep -o "Name:.*" | grep -o "$ip_regex")
-	current_ip=$(get_current_ip)
-
-
-	current_time=$(monotonic_time)
-	time_since_update=$(($current_time - $last_update))
-
-	syslog_echo "Running IP check ..."
-	verbose_echo "Running IP check..."
-	verbose_echo "current system ip = $current_ip"
-	verbose_echo "registered domain ip = $registered_ip"
-
-
-	if [ "$current_ip" != "$registered_ip" ]  || [ $force_interval_seconds -lt $time_since_update ]
-	then
-		verbose_echo "update necessary, performing update ..."
-
-		#do replacement
-		final_url=$update_url
-		for option_var in $ALL_OPTION_VARIABLES
-		do
-			if [ "$option_var" != "update_url" ]
-			then
-				replace_name=$(echo "\[$option_var\]" | tr 'a-z' 'A-Z')
-				replace_value=$(eval echo "\$$option_var")
-				replace_value=$(echo $replace_value | sed -f /usr/lib/ddns/url_escape.sed)
-				final_url=$(echo $final_url | sed s^"$replace_name"^"$replace_value"^g )
-			fi
-		done
-		final_url=$(echo $final_url | sed s^"\[HTTPAUTH\]"^"${username//^/\\^}${password:+:${password//^/\\^}}"^g )
-		final_url=$(echo $final_url | sed s/"\[IP\]"/"$current_ip"/g )
-
-
-		verbose_echo "updating with url=\"$final_url\""
-
-		#here we actually connect, and perform the update
-		update_output=$( $retrieve_prog "$final_url" )
-		if [ $? -gt 0 ]
-		then
-			syslog_echo "update failed, retrying in $retry_interval_seconds seconds"
-			verbose_echo "update failed"
-			sleep $retry_interval_seconds
-			continue
-		fi
-		syslog_echo "Update successful"
-		verbose_echo "Update Output:"
-		verbose_echo "$update_output"
-		verbose_echo ""
-
-		#save the time of the update
-		current_time=$(monotonic_time)
-		last_update=$current_time
-		time_since_update='0'
-		registered_ip=$current_ip
-
-		human_time=$(date)
-		verbose_echo "update complete, time is: $human_time"
-
-		echo "$last_update" > "/var/run/dynamic_dns/$service_id.update"
-	else
-		human_time=$(date)
-		human_time_since_update=$(( $time_since_update / ( 60 * 60 ) ))
-		verbose_echo "update unnecessary"
-		verbose_echo "time since last update = $human_time_since_update hours"
-		verbose_echo "the time is now $human_time"
-	fi
-
-	#sleep for 10 minutes, then re-check ip && time since last update
-	sleep $check_interval_seconds
-done
-
-#should never get here since we're a daemon, but I'll throw it in anyway
-return 0
-
-
-
-

net/ddns-scripts/files/usr/lib/ddns/services

@@ -63,3 +63,9 @@
 
 # Mythic Beasts (https://www.mythic-beasts.com) Dynamic DNS
 "mythic-beasts.com"	"http://dnsapi4.mythic-beasts.com/?domain=[USERNAME]&password=[PASSWORD]&command=REPLACE%20[DOMAIN]%2060%20A%20DYNAMIC_IP"
+
+# Securepoint Dynamic-DNS-Service (http://www.spdns.de)
+"spdns.de" "http://[USERNAME]:[PASSWORD]@update.spdns.de/nic/update?hostname=[DOMAIN]&myip=[IP]"
+
+# duiadns.net - free dynamic DNS
+"duiadns.net" "http://ipv4.duia.ro/dynamic.duia?host=[DOMAIN]&password=[PASSWORD]&ip4=[IP]"

net/freeradius2/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2014 OpenWrt.org
+# Copyright (C) 2008-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,10 +9,12 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freeradius2
 PKG_VERSION:=2.2.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2.3
 
 PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/
+PKG_SOURCE_URL:=\
+	ftp://ftp.freeradius.org/pub/freeradius/ \
+	ftp://ftp.freeradius.org/pub/freeradius/old/
 PKG_MD5SUM:=40535bace507d7a3134c3d858f3cbc5a
 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 

net/freeradius2/patches/010-disable-openssl-check.patch

@@ -36,3 +36,32 @@
    if test "x$OPENSSL_LIBS" = x; then
      LIBS=$old_LIBS
      LDFLAGS="$old_LDFLAGS"
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -43,8 +43,6 @@ static long ssl_built = OPENSSL_VERSION_
+  */
+ int ssl_check_version(int allow_vulnerable)
+ {
+-	long ssl_linked;
+-
+ 	/*
+ 	 *	Initialize the library before calling any library
+ 	 *	functions.
+@@ -52,6 +50,9 @@ int ssl_check_version(int allow_vulnerab
+ 	SSL_library_init();
+ 	SSL_load_error_strings();
+ 
++#if 0
++	long ssl_linked;
++
+ 	ssl_linked = SSLeay();
+ 
+ 	if (ssl_linked != ssl_built) {
+@@ -74,6 +75,7 @@ int ssl_check_version(int allow_vulnerab
+ 			return -1;
+ 		}
+ 	}
++#endif
+ 
+ 	return 0;
+ }

net/freeradius2/patches/012-CVE-2015-4680.patch

@@ -0,0 +1,71 @@
+From 5e698b407dcac2bc45cf03484bac4398109d25c3 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Mon, 22 Jun 2015 15:27:32 -0400
+Subject: [PATCH] Set X509_V_FLAG_CRL_CHECK_ALL
+
+---
+ raddb/eap.conf                                      |  6 +++++-
+ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c | 10 ++++++++++
+ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h |  1 +
+ 3 files changed, 16 insertions(+), 1 deletion(-)
+
+--- a/raddb/eap.conf
++++ b/raddb/eap.conf
+@@ -232,9 +232,13 @@
+ 			#  1) Copy CA certificates and CRLs to same directory.
+ 			#  2) Execute 'c_rehash <CA certs&CRLs Directory>'.
+ 			#    'c_rehash' is OpenSSL's command.
+-			#  3) uncomment the line below.
++			#  3) uncomment the lines below.
+ 			#  5) Restart radiusd
+ 		#	check_crl = yes
++
++			# Check if intermediate CAs have been revoked.
++		#	check_all_crl = yes
++
+ 			CA_path = ${cadir}
+ 
+ 		       #
+--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
++++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+@@ -120,6 +120,8 @@ static CONF_PARSER module_config[] = {
+ 	  offsetof(EAP_TLS_CONF, include_length), NULL, "yes" },
+ 	{ "check_crl", PW_TYPE_BOOLEAN,
+ 	  offsetof(EAP_TLS_CONF, check_crl), NULL, "no"},
++	{ "check_all_crl", PW_TYPE_BOOLEAN,
++	  offsetof(EAP_TLS_CONF, check_all_crl), NULL, "no"},
+ 	{ "allow_expired_crl", PW_TYPE_BOOLEAN,
+ 	  offsetof(EAP_TLS_CONF, allow_expired_crl), NULL, NULL},
+ 	{ "check_cert_cn", PW_TYPE_STRING_PTR,
+@@ -947,6 +949,10 @@ static X509_STORE *init_revocation_store
+ 	if (conf->check_crl)
+ 		X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
+ #endif
++#ifdef X509_V_FLAG_CRL_CHECK_ALL
++	if (conf->check_all_crl)
++		X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK_ALL);
++#endif
+ 	return store;
+ }
+ #endif	/* HAVE_OPENSSL_OCSP_H */
+@@ -1203,6 +1209,10 @@ static SSL_CTX *init_tls_ctx(EAP_TLS_CON
+ 	    return NULL;
+ 	  }
+ 	  X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
++
++	  if (conf->check_all_crl) {
++		  X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK_ALL);
++	  }
+ 	}
+ #endif
+ 
+--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
++++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
+@@ -57,6 +57,7 @@ typedef struct eap_tls_conf {
+ 	 */
+ 	int		fragment_size;
+ 	int		check_crl;
++	int		check_all_crl;
+ 	int		allow_expired_crl;
+ 	char		*check_cert_cn;
+ 	char		*cipher_list;

net/haproxy/Makefile

@@ -9,31 +9,64 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
-PKG_VERSION:=1.5.2
-PKG_RELEASE:=06
+PKG_VERSION:=1.5.14
+PKG_RELEASE:=00
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
-PKG_MD5SUM:=e854fed32ea751d6db7f366cb910225a
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_MD5SUM:=ad9d7262b96ba85a0f8c6acc6cb9edde
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/haproxy
+define Package/haproxy/Default
   SUBMENU:=Web Servers/Proxies
   SECTION:=net
   CATEGORY:=Network
   TITLE:=The Reliable, High Performance TCP/HTTP Load Balancer
   URL:=http://haproxy.1wt.eu/
-  DEPENDS:=+libpcre +libltdl +libopenssl +zlib +libpthread
 endef
 
-define Package/haproxy/conffiles
+define Package/haproxy/Default/conffiles
 /etc/haproxy.cfg
 endef
 
+define Package/haproxy/Default/description
+ Open source Reliable, High Performance TCP/HTTP Load Balancer.
+endef
+
+define Package/haproxy
+  DEPENDS+= +libpcre +libltdl +zlib +libpthread +libopenssl
+  TITLE+= (with SSL support)
+  VARIANT:=ssl
+$(call Package/haproxy/Default)
+endef
+
+define Package/haproxy/conffiles
+$(call Package/haproxy/Default/conffiles)
+endef
+
 define Package/haproxy/description
-  Open source High Performance TCP/HTTP Load Balancer
+$(call Package/haproxy/Default/description)
+ This package is built with SSL support.
+endef
+
+define Package/haproxy-nossl
+  TITLE+= (without SSL support)
+  VARIANT:=nossl
+  DEPENDS+= +libpcre +libltdl +zlib +libpthread
+  TITLE+= (with SSL support)
+$(call Package/haproxy/Default)
+endef
+
+define Package/haproxy-nossl/conffiles
+$(call Package/haproxy/Default/conffiles)
+endef
+
+define Package/haproxy-nossl/description
+$(call Package/haproxy/Default/description)
+ This package is built without SSL support.
 endef
 
 ifeq ($(CONFIG_avr32),y)
@@ -42,6 +75,12 @@ else
   LINUX_TARGET:=linux2628
 endif
 
+ifeq ($(BUILD_VARIANT),ssl)
+	USE_OPENSSL=USE_OPENSSL=1
+else
+	USE_OPENSSL=
+endif
+
 define Build/Compile
 	$(MAKE) TARGET=$(LINUX_TARGET) -C $(PKG_BUILD_DIR) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
@@ -49,22 +88,16 @@ define Build/Compile
 		CFLAGS="$(TARGET_CFLAGS) -fno-align-jumps -fno-align-functions -fno-align-labels -fno-align-loops -pipe -fomit-frame-pointer -fhonour-copts" \
 		LD="$(TARGET_CC)" \
 		LDFLAGS="$(TARGET_LDFLAGS)" \
-		ADDLIB="-lcrypto" \
-		PCREDIR="$(STAGING_DIR)/usr/include" \
+		PCREDIR="$(STAGING_DIR)/usr" \
 		SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 " \
-		USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_REGPARM=1 USE_OPENSSL=1 \
+		USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_REGPARM=1 $(USE_OPENSSL) \
 		USE_ZLIB=yes USE_PCRE=1 \
 		VERSION="$(PKG_VERSION)-patch$(PKG_RELEASE)" \
 		install
 
 	$(MAKE) -C $(PKG_BUILD_DIR)/contrib/halog \
-		DESTDIR="$(PKG_INSTALL_DIR)" \
-		CC="$(TARGET_CC)" \
-		CFLAGS="$(TARGET_CFLAGS) -fno-align-jumps -fno-align-functions -fno-align-labels -fno-align-loops -pipe -fomit-frame-pointer -fhonour-copts" \
-		LD="$(TARGET_CC)" \
-		LDFLAGS="$(TARGET_LDFLAGS)" \
-		ADDLIB="-lcrypto" \
-		VERSION="$(PKG_VERSION)-patch$(PKG_RELEASE)" \
+		CC="$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS)" \
+		OPTIMIZE="" \
 		halog
 endef
 
@@ -79,9 +112,11 @@ define Package/haproxy/install
 	$(INSTALL_BIN) ./files/haproxy.hotplug $(1)/etc/hotplug.d/net/90-haproxy
 endef
 
+Package/haproxy-nossl/install = $(Package/haproxy/install)
+
 define Package/halog
 	MENU:=1
-	$(call Package/haproxy)
+	$(call Package/haproxy/Default)
 	TITLE+= halog
 	DEPENDS:=haproxy
 endef
@@ -95,5 +130,6 @@ define Package/halog/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/contrib/halog/halog $(1)/usr/bin/
 endef
 
+$(eval $(call BuildPackage,haproxy-nossl))
 $(eval $(call BuildPackage,haproxy))
 $(eval $(call BuildPackage,halog))

net/haproxy/patches/0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch

@@ -1,29 +0,0 @@
-From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Sat, 12 Jul 2014 17:31:07 +0200
-Subject: [PATCH 1/2] DOC: mention that Squid correctly responds 400 to PPv2
- header
-
-Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630
-were confirmed to respond correctly here and that any version will do
-the same.
-(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad)
----
- doc/proxy-protocol.txt | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
-index a2dbcea..a3925a4 100644
---- a/doc/proxy-protocol.txt
-+++ b/doc/proxy-protocol.txt
-@@ -692,6 +692,7 @@ presented, even with minimal implementations :
-     - thttpd 2.20c     : 400 Bad Request + abort => pass/optimal
-     - mini-httpd-1.19  : 400 Bad Request + abort => pass/optimal
-     - haproxy 1.4.21   : 400 Bad Request + abort => pass/optimal
-+    - Squid 3          : 400 Bad Request + abort => pass/optimal
-   - SSL :
-     - stud 0.3.47      : connection abort        => pass/optimal
-     - stunnel 4.45     : connection abort        => pass/optimal
--- 
-1.8.5.5
-

net/haproxy/patches/0002-DOC-fix-typo-in-Unix-Socket-commands.patch

@@ -1,29 +0,0 @@
-From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
-Date: Sat, 12 Jul 2014 18:22:42 +0200
-Subject: [PATCH 2/2] DOC: fix typo in Unix Socket commands
-
-Konstantin Romanenko reported a typo in the HTML documentation. The typo is
-already present in the raw text version : the "shutdown sessions" command
-should be "shutdown sessions server".
-(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e)
----
- doc/configuration.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index ca21f7d..2d71555 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -13869,7 +13869,7 @@ shutdown session <id>
-   endless transfer is ongoing. Such terminated sessions are reported with a 'K'
-   flag in the logs.
- 
--shutdown sessions <backend>/<server>
-+shutdown sessions server <backend>/<server>
-   Immediately terminate all the sessions attached to the specified server. This
-   can be used to terminate long-running sessions after a server is put into
-   maintenance mode, for instance. Such terminated sessions are reported with a
--- 
-1.8.5.5
-

net/haproxy/patches/0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch

@@ -1,101 +0,0 @@
-From 60d7aeb6e1450995e721d01f48f60b7db4c44e2b Mon Sep 17 00:00:00 2001
-From: Remi Gacogne <rgacogne[at]aquaray[dot]fr>
-Date: Tue, 15 Jul 2014 11:36:40 +0200
-Subject: [PATCH 3/3] BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
-
-OpenSSL does not free the DH * value returned by the callback specified with SSL_CTX_set_tmp_dh_callback(),
-leading to a memory leak for SSL/TLS connections using Diffie Hellman Ephemeral key exchange.
-This patch fixes the leak by allocating the DH * structs holding the DH parameters once, at configuration time.
-
-Note: this fix must be backported to 1.5.
-(cherry picked from commit 8de5415b85512da871d58d1e9a0a33bd67f3b570)
----
- src/ssl_sock.c | 43 ++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 36 insertions(+), 7 deletions(-)
-
-diff --git a/src/ssl_sock.c b/src/ssl_sock.c
-index 375225d..cf8adc7 100644
---- a/src/ssl_sock.c
-+++ b/src/ssl_sock.c
-@@ -105,6 +105,13 @@ enum {
- int sslconns = 0;
- int totalsslconns = 0;
- 
-+#ifndef OPENSSL_NO_DH
-+static DH *local_dh_1024 = NULL;
-+static DH *local_dh_2048 = NULL;
-+static DH *local_dh_4096 = NULL;
-+static DH *local_dh_8192 = NULL;
-+#endif /* OPENSSL_NO_DH */
-+
- #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
- struct certificate_ocsp {
- 	struct ebmb_node key;
-@@ -1034,16 +1041,16 @@ static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
- 	}
- 
- 	if (keylen >= 8192) {
--		dh = ssl_get_dh_8192();
-+		dh = local_dh_8192;
- 	}
- 	else if (keylen >= 4096) {
--		dh = ssl_get_dh_4096();
-+		dh = local_dh_4096;
- 	}
- 	else if (keylen >= 2048) {
--		dh = ssl_get_dh_2048();
-+		dh = local_dh_2048;
- 	}
- 	else {
--		dh = ssl_get_dh_1024();
-+		dh = local_dh_1024;
- 	}
- 
- 	return dh;
-@@ -1079,11 +1086,11 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
- 
- 		if (global.tune.ssl_default_dh_param <= 1024) {
- 			/* we are limited to DH parameter of 1024 bits anyway */
--			dh = ssl_get_dh_1024();
--			if (dh == NULL)
-+			local_dh_1024 = ssl_get_dh_1024();
-+			if (local_dh_1024 == NULL)
- 				goto end;
- 
--			SSL_CTX_set_tmp_dh(ctx, dh);
-+			SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
- 		}
- 		else {
- 			SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
-@@ -1594,6 +1601,28 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
- 		global.tune.ssl_default_dh_param = 1024;
- 	}
- 
-+#ifndef OPENSSL_NO_DH
-+	if (global.tune.ssl_default_dh_param >= 1024) {
-+		if (local_dh_1024 == NULL) {
-+			local_dh_1024 = ssl_get_dh_1024();
-+		}
-+		if (global.tune.ssl_default_dh_param >= 2048) {
-+			if (local_dh_2048 == NULL) {
-+				local_dh_2048 = ssl_get_dh_2048();
-+			}
-+			if (global.tune.ssl_default_dh_param >= 4096) {
-+				if (local_dh_4096 == NULL) {
-+					local_dh_4096 = ssl_get_dh_4096();
-+				}
-+				if (global.tune.ssl_default_dh_param >= 8192 &&
-+				    local_dh_8192 == NULL) {
-+					local_dh_8192 = ssl_get_dh_8192();
-+				}
-+			}
-+		}
-+	}
-+#endif /* OPENSSL_NO_DH */
-+
- 	SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
- 	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
--- 
-1.8.5.5
-

net/haproxy/patches/0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch

@@ -1,35 +0,0 @@
-From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 15 Jul 2014 21:34:06 +0200
-Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
- version of base32
-
-We're using the internal memory representation of base32 here, which is
-wrong since these data might be exported to headers for logs or be used
-to stick to a server and replicated to other peers. Let's convert base32
-to big endian (network representation) when building the binary block.
-
-This mistake is also present in 1.5, it would be better to backport it.
-(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568)
----
- src/proto_http.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 94afed7..b7ed85d 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in
- 		return 0;
- 
- 	temp = get_trash_chunk();
--	memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
--	temp->len += sizeof(smp->data.uint);
-+	*(unsigned int *)temp->str = htonl(smp->data.uint);
-+	temp->len += sizeof(unsigned int);
- 
- 	switch (cli_conn->addr.from.ss_family) {
- 	case AF_INET:
--- 
-1.8.5.5
-

net/haproxy/patches/0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch

@@ -1,42 +0,0 @@
-From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001
-From: Dave McCowan <11235david@gmail.com>
-Date: Thu, 17 Jul 2014 14:34:01 -0400
-Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
- building a proxy v2 header
-
-Use temporary trash chunk, instead of global trash chunk in
-make_proxy_line_v2() to avoid memory overwrite.
-
-This fix must also be backported to 1.5.
-(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b)
----
- src/connection.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/connection.c b/src/connection.c
-index 20a911b..3435b1a 100644
---- a/src/connection.c
-+++ b/src/connection.c
-@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
- 	char *value = NULL;
- 	struct tlv_ssl *tlv;
- 	int ssl_tlv_len = 0;
-+	struct chunk *cn_trash;
- #endif
- 
- 	if (buf_len < PP2_HEADER_LEN)
-@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
- 				tlv->verify = htonl(ssl_sock_get_verify_result(remote));
- 			}
- 			if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
--				if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
--					tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
-+				cn_trash = get_trash_chunk();
-+				if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
-+					tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
- 					ssl_tlv_len += tlv_len;
- 				}
- 			}
--- 
-1.8.5.5
-

net/haproxy/patches/0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch

@@ -1,34 +0,0 @@
-From 04b80cd29b23d02f373c095569e871275d128b43 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Sat, 19 Jul 2014 06:37:33 +0200
-Subject: [PATCH 6/6] BUG/MEDIUM: connection: fix proxy v2 header again!
-
-Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory corruption
-when building a proxy v2 header") was wrong, using &cn_trash instead
-of cn_trash resulting in a warning and the client's SSL cert CN not
-being stored at the proper location.
-
-Thanks to Lukas Tribus for spotting this quickly.
-
-This should be backported to 1.5 after the patch above is backported.
-(cherry picked from commit 3b9a0c9d4d083d749846d66f9bd4caabafe4ee78)
----
- src/connection.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/connection.c b/src/connection.c
-index 3435b1a..2dd2c02 100644
---- a/src/connection.c
-+++ b/src/connection.c
-@@ -684,7 +684,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
- 			}
- 			if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
- 				cn_trash = get_trash_chunk();
--				if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
-+				if (ssl_sock_get_remote_common_name(remote, cn_trash) > 0) {
- 					tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
- 					ssl_tlv_len += tlv_len;
- 				}
--- 
-1.8.5.5
-

net/horst/Makefile

@@ -0,0 +1,51 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=horst
+PKG_VERSION:=4.2
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-git.tar.gz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_URL:=git://br1.einfach.org/horst
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=version-$(PKG_VERSION)
+
+PKG_MAINTAINER:=Bruno Randolf <br1@einfach.org>
+PKG_LICENSE:=GPL-2.0+
+PKG_LICENSE_FILE:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+MAKE_FLAGS += DEBUG=1
+
+define Package/horst
+	SECTION:=net
+	CATEGORY:=Network
+	SUBMENU:=wireless
+	DEPENDS:=+libncurses
+	MAINTAINER:=Bruno Randolf <br1@einfach.org>
+	TITLE:=Highly Optimized 802.11 Radio Scanning Tool
+	URL:=http://br1.einfach.org/tech/horst/
+endef
+
+define Package/horst/description
+	[horst] is a scanning and analysis tool for 802.11 wireless networks
+	and especially IBSS (ad-hoc) mode and mesh networks (OLSR).
+endef
+
+define Package/horst/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/horst $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/horst.sh $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,horst))

net/knot/Makefile

@@ -8,13 +8,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=knot
-PKG_VERSION:=1.5.0
+PKG_VERSION:=1.5.3
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
-PKG_MD5SUM:=d677de99c19afea3b1e8ef075a9d5a8b
+PKG_MD5SUM:=bab73ec83ad7f1d64bb765bf0c72caae
+
+PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
+PKG_LICENSE:=GPL-2.0+
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_PARALLEL:=1
@@ -28,7 +31,6 @@ define Package/knot/Default
 	CATEGORY:=Network
 	TITLE:=Knot DNS
 	URL:=https://www.knot-dns.cz
-	MAINTAINER:=daniel.salzman@nic.cz
 	SUBMENU:=IP Addresses and Names
 	DEPENDS:=+libopenssl +liburcu
 endef

net/knot/patches/03_zscanner_tests.patch

@@ -34,8 +34,8 @@ index 846f351..272856c 100644
  TESTS_DIR="$SOURCE"/data
  ZSCANNER_TOOL="$BUILD"/zscanner-tool
  
--plan 68
-+plan 66
+-plan 69
++plan 67
  
  mkdir -p "$TMPDIR"/includes/
  for a in 1 2 3 4 5 6; do

net/mosquitto/Makefile

@@ -9,12 +9,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mosquitto
-PKG_VERSION:=1.3.2
+PKG_VERSION:=1.3.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://mosquitto.org/files/source/
-PKG_MD5SUM:=5d2fe7c8bf2518eb9829547751c04bbf
+PKG_MD5SUM:=55094ad4dc7c7985377f43d4fc3d09da
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
 include $(INCLUDE_DIR)/package.mk

net/mwan3-luci/Makefile

@@ -0,0 +1,41 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-mwan3
+PKG_VERSION:=1.3
+PKG_RELEASE:=5
+PKG_MAINTAINER:=Aedan Renner <chipdankly@gmail.com>
+PKG_LICENSE:=GPLv2
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/luci-app-mwan3
+  SECTION:=LuCI
+  CATEGORY:=LuCI
+  SUBMENU:=3. Applications
+  TITLE:=LuCI support for the MWAN3 multiwan hotplug script
+  DEPENDS:=+mwan3 +luci-mod-admin-full +luci-app-firewall +luci-lib-nixio
+  PKGARCH:=all
+  MAINTAINER:=Aedan Renner <chipdankly@gmail.com>
+endef
+
+define Package/luci-app-mwan3/description
+Hotplug script which makes configuration of multiple WAN interfaces simple and
+manageable with loadbalancing/failover support for up to 250 physical or logical
+WAN interfaces, connection tracking and an easy to manage traffic ruleset
+endef
+
+define Build/Compile
+endef
+
+define Package/luci-app-mwan3/install
+	$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,luci-app-mwan3))

net/mwan3-luci/files/etc/hotplug.d/iface/16-mwancustombak

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# to enable this script uncomment the case loop at the bottom
+# to report mwan status on interface hotplug ifup/ifdown events modify the lines in the send_alert function
+
+send_alert()
+{
+	# variable "$1" stores the MWAN status information
+	# insert your code here to send the contents of "$1"
+	echo "$1"
+}
+
+gather_event_info()
+{
+	# create event information message
+	local EVENT_INFO="Interface [ "$INTERFACE" ($DEVICE) ] on router [ "$(uci get -p /var/state system.@system[0].hostname)" ] has triggered a hotplug [ "$ACTION" ] event on "$(date +"%a %b %d %Y %T %Z")""
+
+	# get current interface, policy and rule status
+	local CURRENT_STATUS="$(/usr/sbin/mwan3 status)"
+
+	# get last 50 MWAN systemlog messages
+	local MWAN_LOG="$(echo -e "Last 50 MWAN systemlog entries. Newest entries sorted at the top:\n$(logread | grep mwan3 | tail -n 50 | sed 'x;1!H;$!d;x')")"
+
+	# pass event info to send_alert function
+	send_alert "$(echo -e "$EVENT_INFO\n\n$CURRENT_STATUS\n\n$MWAN_LOG")"
+}
+
+#case "$ACTION" in
+#	ifup)
+#		gather_event_info
+#	;;
+#
+#	ifdown)
+#		gather_event_info
+#	;;
+#esac
+
+exit 0

net/mwan3-luci/files/etc/uci-defaults/mwan-luci

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# replace existing mwan ucitrack entry
+uci -q batch <<-EOF >/dev/null
+	del ucitrack.@mwan3[-1]
+	add ucitrack mwan3
+	set ucitrack.@mwan3[-1].exec="/usr/sbin/mwan3 restart"
+	commit ucitrack
+EOF
+
+# remove LuCI cache
+rm -rf /tmp/luci-indexcache /tmp/luci-modulecache
+
+exit 0

net/mwan3-luci/files/usr/lib/lua/luci/controller/mwan3.lua

@@ -0,0 +1,318 @@
+module("luci.controller.mwan3", package.seeall)
+
+sys = require "luci.sys"
+ut = require "luci.util"
+
+function index()
+	if not nixio.fs.access("/etc/config/mwan3") then
+		return
+	end
+
+	entry({"admin", "network", "mwan"},
+		alias("admin", "network", "mwan", "overview"),
+		_("Load Balancing"), 600)
+
+	entry({"admin", "network", "mwan", "overview"},
+		alias("admin", "network", "mwan", "overview", "overview_interface"),
+		_("Overview"), 10)
+	entry({"admin", "network", "mwan", "overview", "overview_interface"},
+		template("mwan/overview_interface"))
+	entry({"admin", "network", "mwan", "overview", "interface_status"},
+		call("interfaceStatus"))
+	entry({"admin", "network", "mwan", "overview", "overview_detailed"},
+		template("mwan/overview_detailed"))
+	entry({"admin", "network", "mwan", "overview", "detailed_status"},
+		call("detailedStatus"))
+
+	entry({"admin", "network", "mwan", "configuration"},
+		alias("admin", "network", "mwan", "configuration", "interface"),
+		_("Configuration"), 20)
+	entry({"admin", "network", "mwan", "configuration", "interface"},
+		arcombine(cbi("mwan/interface"), cbi("mwan/interfaceconfig")),
+		_("Interfaces"), 10).leaf = true
+	entry({"admin", "network", "mwan", "configuration", "member"},
+		arcombine(cbi("mwan/member"), cbi("mwan/memberconfig")),
+		_("Members"), 20).leaf = true
+	entry({"admin", "network", "mwan", "configuration", "policy"},
+		arcombine(cbi("mwan/policy"), cbi("mwan/policyconfig")),
+		_("Policies"), 30).leaf = true
+	entry({"admin", "network", "mwan", "configuration", "rule"},
+		arcombine(cbi("mwan/rule"), cbi("mwan/ruleconfig")),
+		_("Rules"), 40).leaf = true
+
+	entry({"admin", "network", "mwan", "advanced"},
+		alias("admin", "network", "mwan", "advanced", "hotplugscript"),
+		_("Advanced"), 100)
+	entry({"admin", "network", "mwan", "advanced", "hotplugscript"},
+		form("mwan/advanced_hotplugscript"))
+	entry({"admin", "network", "mwan", "advanced", "mwanconfig"},
+		form("mwan/advanced_mwanconfig"))
+	entry({"admin", "network", "mwan", "advanced", "networkconfig"},
+		form("mwan/advanced_networkconfig"))
+	entry({"admin", "network", "mwan", "advanced", "diagnostics"},
+		template("mwan/advanced_diagnostics"))
+	entry({"admin", "network", "mwan", "advanced", "diagnostics_display"},
+		call("diagnosticsData"), nil).leaf = true
+	entry({"admin", "network", "mwan", "advanced", "troubleshooting"},
+		template("mwan/advanced_troubleshooting"))
+	entry({"admin", "network", "mwan", "advanced", "troubleshooting_display"},
+		call("troubleshootingData"))
+end
+
+function getInterfaceStatus(ruleNumber, interfaceName)
+	if ut.trim(sys.exec("uci get -p /var/state mwan3." .. interfaceName .. ".enabled")) == "1" then
+		if ut.trim(sys.exec("ip route list table " .. ruleNumber)) ~= "" then
+			if ut.trim(sys.exec("uci get -p /var/state mwan3." .. interfaceName .. ".track_ip")) ~= "" then
+				return "online"
+			else
+				return "notMonitored"
+			end
+		else
+			return "offline"
+		end
+	else
+		return "notEnabled"
+	end
+end
+
+function getInterfaceName()
+	local ruleNumber, status = 0, ""
+	uci.cursor():foreach("mwan3", "interface",
+		function (section)
+			ruleNumber = ruleNumber+1
+			status = status .. section[".name"] .. "[" .. getInterfaceStatus(ruleNumber, section[".name"]) .. "]"
+		end
+	)
+	return status
+end
+
+function interfaceStatus()
+	local ntm = require "luci.model.network".init()
+
+	local mArray = {}
+
+	-- overview status
+	local statusString = getInterfaceName()
+	if statusString ~= "" then
+		mArray.wans = {}
+		wansid = {}
+
+		for wanName, interfaceState in string.gfind(statusString, "([^%[]+)%[([^%]]+)%]") do
+			local wanInterfaceName = ut.trim(sys.exec("uci get -p /var/state network." .. wanName .. ".ifname"))
+				if wanInterfaceName == "" then
+					wanInterfaceName = "X"
+				end
+			local wanDeviceLink = ntm:get_interface(wanInterfaceName)
+				wanDeviceLink = wanDeviceLink and wanDeviceLink:get_network()
+				wanDeviceLink = wanDeviceLink and wanDeviceLink:adminlink() or "#"
+			wansid[wanName] = #mArray.wans + 1
+			mArray.wans[wansid[wanName]] = { name = wanName, link = wanDeviceLink, ifname = wanInterfaceName, status = interfaceState }
+		end
+	end
+
+	-- overview status log
+	local mwanLog = ut.trim(sys.exec("logread | grep mwan3 | tail -n 50 | sed 'x;1!H;$!d;x'"))
+	if mwanLog ~= "" then
+		mArray.mwanlog = { mwanLog }
+	end
+
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(mArray)
+end
+
+function detailedStatus()
+	local mArray = {}
+
+	-- detailed mwan status
+	local detailStatusInfo = ut.trim(sys.exec("/usr/sbin/mwan3 status"))
+	if detailStatusInfo ~= "" then
+		mArray.mwandetail = { detailStatusInfo }
+	end
+
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(mArray)
+end
+
+function diagnosticsData(interface, tool, task)
+	function getInterfaceNumber()
+		local number = 0
+		uci.cursor():foreach("mwan3", "interface",
+			function (section)
+				number = number+1
+				if section[".name"] == interface then
+					interfaceNumber = number
+				end
+			end
+		)
+	end
+
+	local mArray = {}
+
+	local results = ""
+	if tool == "service" then
+		os.execute("/usr/sbin/mwan3 " .. task)
+		if task == "restart" then
+			results = "MWAN3 restarted"
+		elseif task == "stop" then
+			results = "MWAN3 stopped"
+		else
+			results = "MWAN3 started"
+		end
+	else
+		local interfaceDevice = ut.trim(sys.exec("uci get -p /var/state network." .. interface .. ".ifname"))
+		if interfaceDevice ~= "" then
+			if tool == "ping" then
+				local gateway = ut.trim(sys.exec("route -n | awk '{if ($8 == \"" .. interfaceDevice .. "\" && $1 == \"0.0.0.0\" && $3 == \"0.0.0.0\") print $2}'"))
+				if gateway ~= "" then
+					if task == "gateway" then
+						local pingCommand = "ping -c 3 -W 2 -I " .. interfaceDevice .. " " .. gateway
+						results = pingCommand .. "\n\n" .. sys.exec(pingCommand)
+					else
+						local tracked = ut.trim(sys.exec("uci get -p /var/state mwan3." .. interface .. ".track_ip"))
+						if tracked ~= "" then
+							for z in tracked:gmatch("[^ ]+") do
+								local pingCommand = "ping -c 3 -W 2 -I " .. interfaceDevice .. " " .. z
+								results = results .. pingCommand .. "\n\n" .. sys.exec(pingCommand) .. "\n\n"
+							end
+						else
+							results = "No tracking IP addresses configured on " .. interface
+						end
+					end
+				else
+					results = "No default gateway for " .. interface .. " found. Default route does not exist or is configured incorrectly"
+				end
+			elseif tool == "rulechk" then
+				getInterfaceNumber()
+				local rule1 = sys.exec("ip rule | grep $(echo $((" .. interfaceNumber .. " + 1000)))")
+				local rule2 = sys.exec("ip rule | grep $(echo $((" .. interfaceNumber .. " + 2000)))")
+				if rule1 ~= "" and rule2 ~= "" then
+					results = "All required interface IP rules found:\n\n" .. rule1 .. rule2
+				elseif rule1 ~= "" or rule2 ~= "" then
+					results = "Missing 1 of the 2 required interface IP rules\n\n\nRules found:\n\n" .. rule1 .. rule2
+				else
+					results = "Missing both of the required interface IP rules"
+				end
+			elseif tool == "routechk" then
+				getInterfaceNumber()
+				local routeTable = sys.exec("ip route list table " .. interfaceNumber)
+				if routeTable ~= "" then
+					results = "Interface routing table " .. interfaceNumber .. " was found:\n\n" .. routeTable
+				else
+					results = "Missing required interface routing table " .. interfaceNumber
+				end
+			elseif tool == "hotplug" then
+				if task == "ifup" then
+					os.execute("/usr/sbin/mwan3 ifup " .. interface)
+					results = "Hotplug ifup sent to interface " .. interface .. "..."
+				else
+					os.execute("/usr/sbin/mwan3 ifdown " .. interface)
+					results = "Hotplug ifdown sent to interface " .. interface .. "..."
+				end
+			end
+		else
+			results = "Unable to perform diagnostic tests on " .. interface .. ". There is no physical or virtual device associated with this interface"
+		end
+	end
+	if results ~= "" then
+		results = ut.trim(results)
+		mArray.diagnostics = { results }
+	end
+
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(mArray)
+end
+
+function troubleshootingData()
+	local mArray = {}
+
+	-- software versions
+	local wrtRelease = ut.trim(luci.version.distversion)
+		if wrtRelease ~= "" then
+			wrtRelease = "OpenWrt - " .. wrtRelease
+		else
+			wrtRelease = "OpenWrt - unknown"
+		end
+	local luciRelease = ut.trim(luci.version.luciversion)
+		if luciRelease ~= "" then
+			luciRelease = "\nLuCI - " .. luciRelease
+		else
+			luciRelease = "\nLuCI - unknown"
+		end
+	local mwanVersion = ut.trim(sys.exec("opkg info mwan3 | grep Version | awk '{print $2}'"))
+		if mwanVersion ~= "" then
+			mwanVersion = "\n\nmwan3 - " .. mwanVersion
+		else
+			mwanVersion = "\n\nmwan3 - unknown"
+		end
+	local mwanLuciVersion = ut.trim(sys.exec("opkg info luci-app-mwan3 | grep Version | awk '{print $2}'"))
+		if mwanLuciVersion ~= "" then
+			mwanLuciVersion = "\nmwan3-luci - " .. mwanLuciVersion
+		else
+			mwanLuciVersion = "\nmwan3-luci - unknown"
+		end
+	mArray.versions = { wrtRelease .. luciRelease .. mwanVersion .. mwanLuciVersion }
+
+	-- mwan config
+	local mwanConfig = ut.trim(sys.exec("cat /etc/config/mwan3"))
+		if mwanConfig == "" then
+			mwanConfig = "No data found"
+		end
+	mArray.mwanconfig = { mwanConfig }
+
+	-- network config
+	local networkConfig = ut.trim(sys.exec("cat /etc/config/network | sed -e 's/.*username.*/	USERNAME HIDDEN/' -e 's/.*password.*/	PASSWORD HIDDEN/'"))
+		if networkConfig == "" then
+			networkConfig = "No data found"
+		end
+	mArray.netconfig = { networkConfig }
+
+	-- ifconfig
+	local ifconfig = ut.trim(sys.exec("ifconfig"))
+		if ifconfig == "" then
+			ifconfig = "No data found"
+		end
+	mArray.ifconfig = { ifconfig }
+
+	-- route -n
+	local routeShow = ut.trim(sys.exec("route -n"))
+		if routeShow == "" then
+			routeShow = "No data found"
+		end
+	mArray.routeshow = { routeShow }
+
+	-- ip rule show
+	local ipRuleShow = ut.trim(sys.exec("ip rule show"))
+		if ipRuleShow == "" then
+			ipRuleShow = "No data found"
+		end
+	mArray.iprule = { ipRuleShow }
+
+	-- ip route list table 1-250
+	local routeList, routeString = ut.trim(sys.exec("ip rule | sed 's/://g' | awk '$1>=2001 && $1<=2250' | awk '{print $NF}'")), ""
+		if routeList ~= "" then
+			for line in routeList:gmatch("[^\r\n]+") do
+				routeString = routeString .. line .. "\n" .. sys.exec("ip route list table " .. line)
+			end
+			routeString = ut.trim(routeString)
+		else
+			routeString = "No data found"
+		end
+	mArray.routelist = { routeString }
+
+	-- default firewall output policy
+	local firewallOut = ut.trim(sys.exec("uci get -p /var/state firewall.@defaults[0].output"))
+		if firewallOut == "" then
+			firewallOut = "No data found"
+		end
+	mArray.firewallout = { firewallOut }
+
+	-- iptables
+	local iptables = ut.trim(sys.exec("iptables -L -t mangle -v -n"))
+		if iptables == "" then
+			iptables = "No data found"
+		end
+	mArray.iptables = { iptables }
+
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(mArray)
+end

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/advanced_hotplugscript.lua

@@ -0,0 +1,55 @@
+-- ------ hotplug script configuration ------ --
+
+fs = require "nixio.fs"
+sys = require "luci.sys"
+ut = require "luci.util"
+
+script = "/etc/hotplug.d/iface/16-mwancustom"
+scriptBackup = "/etc/hotplug.d/iface/16-mwancustombak"
+
+if luci.http.formvalue("cbid.luci.1._restorebak") then -- restore button has been clicked
+	luci.http.redirect(luci.dispatcher.build_url("admin/network/mwan/advanced/hotplugscript") .. "?restore=yes")
+elseif luci.http.formvalue("restore") == "yes" then -- restore script from backup
+	os.execute("cp -f " .. scriptBackup .. " " .. script)
+end
+
+
+m5 = SimpleForm("luci", nil)
+	m5:append(Template("mwan/advanced_hotplugscript")) -- highlight current tab
+
+f = m5:section(SimpleSection, nil,
+	translate("This section allows you to modify the contents of /etc/hotplug.d/iface/16-mwancustom<br />" ..
+	"This is useful for running system commands and/or scripts based on interface ifup or ifdown hotplug events<br /><br />" ..
+	"Notes:<br />" ..
+	"The first line of the script must be &#34;#!/bin/sh&#34; without quotes<br />" ..
+	"Lines beginning with # are comments and are not executed<br /><br />" ..
+	"Available variables:<br />" ..
+	"$ACTION is the hotplug event (ifup, ifdown)<br />" ..
+	"$INTERFACE is the interface name (wan1, wan2, etc.)<br />" ..
+	"$DEVICE is the device name attached to the interface (eth0.1, eth1, etc.)"))
+
+
+restore = f:option(Button, "_restorebak", translate("Restore default hotplug script"))
+	restore.inputtitle = translate("Restore...")
+	restore.inputstyle = "apply"
+
+t = f:option(TextValue, "lines")
+	t.rmempty = true
+	t.rows = 20
+
+	function t.cfgvalue()
+		local hps = fs.readfile(script)
+		if not hps or hps == "" then -- if script does not exist or is blank restore from backup
+			sys.call("cp -f " .. scriptBackup .. " " .. script)
+			return fs.readfile(script)
+		else
+			return hps
+		end
+	end
+
+	function t.write(self, section, data) -- format and write new data to script
+		return fs.writefile(script, ut.trim(data:gsub("\r\n", "\n")) .. "\n")
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/advanced_mwanconfig.lua

@@ -0,0 +1,32 @@
+-- ------ mwan configuration ------ --
+
+ut = require "luci.util"
+
+mwanConfig = "/etc/config/mwan3"
+
+
+m5 = SimpleForm("luci", nil)
+	m5:append(Template("mwan/advanced_mwanconfig")) -- highlight current tab
+
+
+f = m5:section(SimpleSection, nil,
+	translate("This section allows you to modify the contents of /etc/config/mwan3"))
+
+t = f:option(TextValue, "lines")
+	t.rmempty = true
+	t.rows = 20
+
+	function t.cfgvalue()
+		return nixio.fs.readfile(mwanConfig) or ""
+	end
+
+	function t.write(self, section, data) -- format and write new data to script
+		return nixio.fs.writefile(mwanConfig, "\n" .. ut.trim(data:gsub("\r\n", "\n")) .. "\n")
+	end
+
+	function f.handle(self, state, data)
+		return true
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/advanced_networkconfig.lua

@@ -0,0 +1,32 @@
+-- ------ network configuration ------ --
+
+ut = require "luci.util"
+
+networkConfig = "/etc/config/network"
+
+
+m5 = SimpleForm("networkconf", nil)
+	m5:append(Template("mwan/advanced_networkconfig")) -- highlight current tab
+
+
+f = m5:section(SimpleSection, nil,
+	translate("This section allows you to modify the contents of /etc/config/network"))
+
+t = f:option(TextValue, "lines")
+	t.rmempty = true
+	t.rows = 20
+
+	function t.cfgvalue()
+		return nixio.fs.readfile(networkConfig) or ""
+	end
+
+	function t.write(self, section, data) -- format and write new data to script
+		return nixio.fs.writefile(networkConfig, "\n" .. ut.trim(data:gsub("\r\n", "\n")) .. "\n")
+	end
+
+	function f.handle(self, state, data)
+		return true
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/interface.lua

@@ -0,0 +1,266 @@
+-- ------ extra functions ------ --
+
+function interfaceCheck() -- find issues with too many interfaces, reliability and metric
+	uci.cursor():foreach("mwan3", "interface",
+		function (section)
+			local interfaceName = section[".name"]
+			interfaceNumber = interfaceNumber+1 -- count number of mwan interfaces configured
+			-- create list of metrics for none and duplicate checking
+			local metricValue = ut.trim(sys.exec("uci get -p /var/state network." .. interfaceName .. ".metric"))
+			if metricValue == "" then
+				errorFound = 1
+				errorNoMetricList = errorNoMetricList .. interfaceName .. " "
+			else
+				metricList = metricList .. interfaceName .. " " .. metricValue .. "\n"
+			end
+			-- check if any interfaces have a higher reliability requirement than tracking IPs configured
+			local trackingNumber = tonumber(ut.trim(sys.exec("echo $(uci get -p /var/state mwan3." .. interfaceName .. ".track_ip) | wc -w")))
+			if trackingNumber > 0 then
+				local reliabilityNumber = tonumber(ut.trim(sys.exec("uci get -p /var/state mwan3." .. interfaceName .. ".reliability")))
+				if reliabilityNumber and reliabilityNumber > trackingNumber then
+					errorFound = 1
+					errorReliabilityList = errorReliabilityList .. interfaceName .. " "
+				end
+			end
+			-- check if any interfaces are not properly configured in /etc/config/network or have no default route in main routing table
+			if ut.trim(sys.exec("uci get -p /var/state network." .. interfaceName)) == "interface" then
+				local interfaceDevice = ut.trim(sys.exec("uci get -p /var/state network." .. interfaceName .. ".ifname"))
+				if interfaceDevice == "uci: Entry not found" or interfaceDevice == "" then
+					errorFound = 1
+					errorNetConfigList = errorNetConfigList .. interfaceName .. " "
+					errorRouteList = errorRouteList .. interfaceName .. " "
+				else
+					local routeCheck = ut.trim(sys.exec("route -n | awk '{if ($8 == \"" .. interfaceDevice .. "\" && $1 == \"0.0.0.0\" && $3 == \"0.0.0.0\") print $1}'"))
+					if routeCheck == "" then
+						errorFound = 1
+						errorRouteList = errorRouteList .. interfaceName .. " "
+					end
+				end
+			else
+				errorFound = 1
+				errorNetConfigList = errorNetConfigList .. interfaceName .. " "
+				errorRouteList = errorRouteList .. interfaceName .. " "
+			end
+		end
+	)
+	-- check if any interfaces have duplicate metrics
+	local metricDuplicateNumbers = sys.exec("echo '" .. metricList .. "' | awk '{print $2}' | uniq -d")
+	if metricDuplicateNumbers ~= "" then
+		errorFound = 1
+		local metricDuplicates = ""
+		for line in metricDuplicateNumbers:gmatch("[^\r\n]+") do
+			metricDuplicates = sys.exec("echo '" .. metricList .. "' | grep '" .. line .. "' | awk '{print $1}'")
+			errorDuplicateMetricList = errorDuplicateMetricList .. metricDuplicates
+		end
+		errorDuplicateMetricList = sys.exec("echo '" .. errorDuplicateMetricList .. "' | tr '\n' ' '")
+	end
+end
+
+function interfaceWarnings() -- display status and warning messages at the top of the page
+	local warnings = ""
+	if interfaceNumber <= 250 then
+		warnings = "<strong>There are currently " .. interfaceNumber .. " of 250 supported interfaces configured</strong>"
+	else
+		warnings = "<font color=\"ff0000\"><strong>WARNING: " .. interfaceNumber .. " interfaces are configured exceeding the maximum of 250!</strong></font>"
+	end
+	if errorReliabilityList ~= " " then
+		warnings = warnings .. "<br /><br /><font color=\"ff0000\"><strong>WARNING: some interfaces have a higher reliability requirement than there are tracking IP addresses!</strong></font>"
+	end
+	if errorRouteList ~= " " then
+		warnings = warnings .. "<br /><br /><font color=\"ff0000\"><strong>WARNING: some interfaces have no default route in the main routing table!</strong></font>"
+	end
+	if errorNetConfigList ~= " " then
+		warnings = warnings .. "<br /><br /><font color=\"ff0000\"><strong>WARNING: some interfaces are configured incorrectly or not at all in /etc/config/network!</strong></font>"
+	end
+	if errorNoMetricList ~= " " then
+		warnings = warnings .. "<br /><br /><font color=\"ff0000\"><strong>WARNING: some interfaces have no metric configured in /etc/config/network!</strong></font>"
+	end
+	if errorDuplicateMetricList ~= " " then
+		warnings = warnings .. "<br /><br /><font color=\"ff0000\"><strong>WARNING: some interfaces have duplicate metrics configured in /etc/config/network!</strong></font>"
+	end
+	return warnings
+end
+
+-- ------ interface configuration ------ --
+
+dsp = require "luci.dispatcher"
+sys = require "luci.sys"
+ut = require "luci.util"
+
+interfaceNumber = 0
+metricList = ""
+errorFound = 0
+errorDuplicateMetricList = " "
+errorNetConfigList = " "
+errorNoMetricList = " "
+errorReliabilityList = " "
+errorRouteList = " "
+interfaceCheck()
+
+
+m5 = Map("mwan3", translate("MWAN Interface Configuration"),
+	translate(interfaceWarnings()))
+	m5:append(Template("mwan/config_css"))
+
+
+mwan_interface = m5:section(TypedSection, "interface", translate("Interfaces"),
+	translate("MWAN supports up to 250 physical and/or logical interfaces<br />" ..
+	"MWAN requires that all interfaces have a unique metric configured in /etc/config/network<br />" ..
+	"Names must match the interface name found in /etc/config/network (see advanced tab)<br />" ..
+	"Names may contain characters A-Z, a-z, 0-9, _ and no spaces<br />" ..
+	"Interfaces may not share the same name as configured members, policies or rules"))
+	mwan_interface.addremove = true
+	mwan_interface.dynamic = false
+	mwan_interface.sectionhead = "Interface"
+	mwan_interface.sortable = true
+	mwan_interface.template = "cbi/tblsection"
+	mwan_interface.extedit = dsp.build_url("admin", "network", "mwan", "configuration", "interface", "%s")
+	function mwan_interface.create(self, section)
+		TypedSection.create(self, section)
+		m5.uci:save("mwan3")
+		luci.http.redirect(dsp.build_url("admin", "network", "mwan", "configuration", "interface", section))
+	end
+
+
+enabled = mwan_interface:option(DummyValue, "enabled", translate("Enabled"))
+	enabled.rawhtml = true
+	function enabled.cfgvalue(self, s)
+		if self.map:get(s, "enabled") == "1" then
+			return "Yes"
+		else
+			return "No"
+		end
+	end
+
+track_ip = mwan_interface:option(DummyValue, "track_ip", translate("Tracking IP"))
+	track_ip.rawhtml = true
+	function track_ip.cfgvalue(self, s)
+		tracked = self.map:get(s, "track_ip")
+		if tracked then
+			local ipList = ""
+			for k,v in pairs(tracked) do
+				ipList = ipList .. v .. "<br />"
+			end
+			return ipList
+		else
+			return "&#8212;"
+		end
+	end
+
+reliability = mwan_interface:option(DummyValue, "reliability", translate("Tracking reliability"))
+	reliability.rawhtml = true
+	function reliability.cfgvalue(self, s)
+		if tracked then
+			return self.map:get(s, "reliability") or "&#8212;"
+		else
+			return "&#8212;"
+		end
+	end
+
+count = mwan_interface:option(DummyValue, "count", translate("Ping count"))
+	count.rawhtml = true
+	function count.cfgvalue(self, s)
+		if tracked then
+			return self.map:get(s, "count") or "&#8212;"
+		else
+			return "&#8212;"
+		end
+	end
+
+timeout = mwan_interface:option(DummyValue, "timeout", translate("Ping timeout"))
+	timeout.rawhtml = true
+	function timeout.cfgvalue(self, s)
+		if tracked then
+			local timeoutValue = self.map:get(s, "timeout")
+			if timeoutValue then
+				return timeoutValue .. "s"
+			else
+				return "&#8212;"
+			end
+		else
+			return "&#8212;"
+		end
+	end
+
+interval = mwan_interface:option(DummyValue, "interval", translate("Ping interval"))
+	interval.rawhtml = true
+	function interval.cfgvalue(self, s)
+		if tracked then
+			local intervalValue = self.map:get(s, "interval")
+			if intervalValue then
+				return intervalValue .. "s"
+			else
+				return "&#8212;"
+			end
+		else
+			return "&#8212;"
+		end
+	end
+
+down = mwan_interface:option(DummyValue, "down", translate("Interface down"))
+	down.rawhtml = true
+	function down.cfgvalue(self, s)
+		if tracked then
+			return self.map:get(s, "down") or "&#8212;"
+		else
+			return "&#8212;"
+		end
+	end
+
+up = mwan_interface:option(DummyValue, "up", translate("Interface up"))
+	up.rawhtml = true
+	function up.cfgvalue(self, s)
+		if tracked then
+			return self.map:get(s, "up") or "&#8212;"
+		else
+			return "&#8212;"
+		end
+	end
+
+metric = mwan_interface:option(DummyValue, "metric", translate("Metric"))
+	metric.rawhtml = true
+	function metric.cfgvalue(self, s)
+		local metricValue = sys.exec("uci get -p /var/state network." .. s .. ".metric")
+		if metricValue ~= "" then
+			return metricValue
+		else
+			return "&#8212;"
+		end
+	end
+
+errors = mwan_interface:option(DummyValue, "errors", translate("Errors"))
+	errors.rawhtml = true
+	function errors.cfgvalue(self, s)
+		if errorFound == 1 then
+			local mouseOver, lineBreak = "", ""
+			if string.find(errorReliabilityList, " " .. s .. " ") then
+				mouseOver = "Higher reliability requirement than there are tracking IP addresses"
+				lineBreak = "&#10;&#10;"
+			end
+			if string.find(errorRouteList, " " .. s .. " ") then
+				mouseOver = mouseOver .. lineBreak .. "No default route in the main routing table"
+				lineBreak = "&#10;&#10;"
+			end
+			if string.find(errorNetConfigList, " " .. s .. " ") then
+				mouseOver = mouseOver .. lineBreak .. "Configured incorrectly or not at all in /etc/config/network"
+				lineBreak = "&#10;&#10;"
+			end
+			if string.find(errorNoMetricList, " " .. s .. " ") then
+				mouseOver = mouseOver .. lineBreak .. "No metric configured in /etc/config/network"
+				lineBreak = "&#10;&#10;"
+			end
+			if string.find(errorDuplicateMetricList, " " .. s .. " ") then
+				mouseOver = mouseOver .. lineBreak .. "Duplicate metric configured in /etc/config/network"
+			end
+			if mouseOver == "" then
+				return ""
+			else
+				return "<span title=\"" .. mouseOver .. "\"><img src=\"/luci-static/resources/cbi/reset.gif\" alt=\"error\"></img></span>"
+			end
+		else
+			return ""
+		end
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/interfaceconfig.lua

@@ -0,0 +1,190 @@
+-- ------ extra functions ------ --
+
+function interfaceCheck()
+	metricValue = ut.trim(sys.exec("uci get -p /var/state network." .. arg[1] .. ".metric"))
+	if metricValue == "" then -- no metric
+		errorNoMetric = 1
+	else -- if metric exists create list of interface metrics to compare against for duplicates
+		uci.cursor():foreach("mwan3", "interface",
+			function (section)
+				local metricValue = ut.trim(sys.exec("uci get -p /var/state network." .. section[".name"] .. ".metric"))
+				metricList = metricList .. section[".name"] .. " " .. metricValue .. "\n"
+			end
+		)
+		-- compare metric against list
+		local metricDuplicateNumbers, metricDuplicates = sys.exec("echo '" .. metricList .. "' | awk '{print $2}' | uniq -d"), ""
+		for line in metricDuplicateNumbers:gmatch("[^\r\n]+") do
+			metricDuplicates = sys.exec("echo '" .. metricList .. "' | grep '" .. line .. "' | awk '{print $1}'")
+			errorDuplicateMetricList = errorDuplicateMetricList .. metricDuplicates
+		end
+		if sys.exec("echo '" .. errorDuplicateMetricList .. "' | grep -w " .. arg[1]) ~= "" then
+			errorDuplicateMetric = 1
+		end
+	end
+	-- check if this interface has a higher reliability requirement than track IPs configured
+	local trackingNumber = tonumber(ut.trim(sys.exec("echo $(uci get -p /var/state mwan3." .. arg[1] .. ".track_ip) | wc -w")))
+	if trackingNumber > 0 then
+		local reliabilityNumber = tonumber(ut.trim(sys.exec("uci get -p /var/state mwan3." .. arg[1] .. ".reliability")))
+		if reliabilityNumber and reliabilityNumber > trackingNumber then
+			errorReliability = 1
+		end
+	end
+	-- check if any interfaces are not properly configured in /etc/config/network or have no default route in main routing table
+	if ut.trim(sys.exec("uci get -p /var/state network." .. arg[1])) == "interface" then
+		local interfaceDevice = ut.trim(sys.exec("uci get -p /var/state network." .. arg[1] .. ".ifname"))
+		if interfaceDevice == "uci: Entry not found" or interfaceDevice == "" then
+			errorNetConfig = 1
+			errorRoute = 1
+		else
+			local routeCheck = ut.trim(sys.exec("route -n | awk '{if ($8 == \"" .. interfaceDevice .. "\" && $1 == \"0.0.0.0\" && $3 == \"0.0.0.0\") print $1}'"))
+			if routeCheck == "" then
+				errorRoute = 1
+			end
+		end
+	else
+		errorNetConfig = 1
+		errorRoute = 1
+	end
+end
+
+function interfaceWarnings() -- display warning messages at the top of the page
+	local warns, lineBreak = "", ""
+	if errorReliability == 1 then
+		warns = "<font color=\"ff0000\"><strong>WARNING: this interface has a higher reliability requirement than there are tracking IP addresses!</strong></font>"
+		lineBreak = "<br /><br />"
+	end
+	if errorRoute == 1 then
+		warns = warns .. lineBreak .. "<font color=\"ff0000\"><strong>WARNING: this interface has no default route in the main routing table!</strong></font>"
+		lineBreak = "<br /><br />"
+	end
+	if errorNetConfig == 1 then
+		warns = warns .. lineBreak .. "<font color=\"ff0000\"><strong>WARNING: this interface is configured incorrectly or not at all in /etc/config/network!</strong></font>"
+		lineBreak = "<br /><br />"
+	end
+	if errorNoMetric == 1 then
+		warns = warns .. lineBreak .. "<font color=\"ff0000\"><strong>WARNING: this interface has no metric configured in /etc/config/network!</strong></font>"
+	elseif errorDuplicateMetric == 1 then
+		warns = warns .. lineBreak .. "<font color=\"ff0000\"><strong>WARNING: this and other interfaces have duplicate metrics configured in /etc/config/network!</strong></font>"
+	end
+	return warns
+end
+
+-- ------ interface configuration ------ --
+
+dsp = require "luci.dispatcher"
+sys = require "luci.sys"
+ut = require "luci.util"
+arg[1] = arg[1] or ""
+
+metricValue = ""
+metricList = ""
+errorDuplicateMetricList = ""
+errorNoMetric = 0
+errorDuplicateMetric = 0
+errorRoute = 0
+errorNetConfig = 0
+errorReliability = 0
+interfaceCheck()
+
+
+m5 = Map("mwan3", translate("MWAN Interface Configuration - " .. arg[1]),
+	translate(interfaceWarnings()))
+	m5.redirect = dsp.build_url("admin", "network", "mwan", "configuration", "interface")
+
+
+mwan_interface = m5:section(NamedSection, arg[1], "interface", "")
+	mwan_interface.addremove = false
+	mwan_interface.dynamic = false
+
+
+enabled = mwan_interface:option(ListValue, "enabled", translate("Enabled"))
+	enabled.default = "1"
+	enabled:value("1", translate("Yes"))
+	enabled:value("0", translate("No"))
+
+track_ip = mwan_interface:option(DynamicList, "track_ip", translate("Tracking IP"),
+	translate("This IP address will be pinged to dermine if the link is up or down. Leave blank to assume interface is always online"))
+	track_ip.datatype = "ipaddr"
+
+reliability = mwan_interface:option(Value, "reliability", translate("Tracking reliability"),
+	translate("Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up"))
+	reliability.datatype = "range(1, 100)"
+	reliability.default = "1"
+
+count = mwan_interface:option(ListValue, "count", translate("Ping count"))
+	count.default = "1"
+	count:value("1")
+	count:value("2")
+	count:value("3")
+	count:value("4")
+	count:value("5")
+
+timeout = mwan_interface:option(ListValue, "timeout", translate("Ping timeout"))
+	timeout.default = "2"
+	timeout:value("1", translate("1 second"))
+	timeout:value("2", translate("2 seconds"))
+	timeout:value("3", translate("3 seconds"))
+	timeout:value("4", translate("4 seconds"))
+	timeout:value("5", translate("5 seconds"))
+	timeout:value("6", translate("6 seconds"))
+	timeout:value("7", translate("7 seconds"))
+	timeout:value("8", translate("8 seconds"))
+	timeout:value("9", translate("9 seconds"))
+	timeout:value("10", translate("10 seconds"))
+
+interval = mwan_interface:option(ListValue, "interval", translate("Ping interval"))
+	interval.default = "5"
+	interval:value("1", translate("1 second"))
+	interval:value("3", translate("3 seconds"))
+	interval:value("5", translate("5 seconds"))
+	interval:value("10", translate("10 seconds"))
+	interval:value("20", translate("20 seconds"))
+	interval:value("30", translate("30 seconds"))
+	interval:value("60", translate("1 minute"))
+	interval:value("300", translate("5 minutes"))
+	interval:value("600", translate("10 minutes"))
+	interval:value("900", translate("15 minutes"))
+	interval:value("1800", translate("30 minutes"))
+	interval:value("3600", translate("1 hour"))
+
+down = mwan_interface:option(ListValue, "down", translate("Interface down"),
+	translate("Interface will be deemed down after this many failed ping tests"))
+	down.default = "3"
+	down:value("1")
+	down:value("2")
+	down:value("3")
+	down:value("4")
+	down:value("5")
+	down:value("6")
+	down:value("7")
+	down:value("8")
+	down:value("9")
+	down:value("10")
+
+up = mwan_interface:option(ListValue, "up", translate("Interface up"),
+	translate("Downed interface will be deemed up after this many successful ping tests"))
+	up.default = "3"
+	up:value("1")
+	up:value("2")
+	up:value("3")
+	up:value("4")
+	up:value("5")
+	up:value("6")
+	up:value("7")
+	up:value("8")
+	up:value("9")
+	up:value("10")
+
+metric = mwan_interface:option(DummyValue, "metric", translate("Metric"),
+	translate("This displays the metric assigned to this interface in /etc/config/network"))
+	metric.rawhtml = true
+	function metric.cfgvalue(self, s)
+		if errorNoMetric == 0 then
+			return metricValue
+		else
+			return "&#8212;"
+		end
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/member.lua

@@ -0,0 +1,46 @@
+-- ------ member configuration ------ --
+
+ds = require "luci.dispatcher"
+
+
+m5 = Map("mwan3", translate("MWAN Member Configuration"))
+	m5:append(Template("mwan/config_css"))
+
+
+mwan_member = m5:section(TypedSection, "member", translate("Members"),
+	translate("Members are profiles attaching a metric and weight to an MWAN interface<br />" ..
+	"Names may contain characters A-Z, a-z, 0-9, _ and no spaces<br />" ..
+	"Members may not share the same name as configured interfaces, policies or rules"))
+	mwan_member.addremove = true
+	mwan_member.dynamic = false
+	mwan_member.sectionhead = "Member"
+	mwan_member.sortable = true
+	mwan_member.template = "cbi/tblsection"
+	mwan_member.extedit = ds.build_url("admin", "network", "mwan", "configuration", "member", "%s")
+	function mwan_member.create(self, section)
+		TypedSection.create(self, section)
+		m5.uci:save("mwan3")
+		luci.http.redirect(ds.build_url("admin", "network", "mwan", "configuration", "member", section))
+	end
+
+
+interface = mwan_member:option(DummyValue, "interface", translate("Interface"))
+	interface.rawhtml = true
+	function interface.cfgvalue(self, s)
+		return self.map:get(s, "interface") or "&#8212;"
+	end
+
+metric = mwan_member:option(DummyValue, "metric", translate("Metric"))
+	metric.rawhtml = true
+	function metric.cfgvalue(self, s)
+		return self.map:get(s, "metric") or "1"
+	end
+
+weight = mwan_member:option(DummyValue, "weight", translate("Weight"))
+	weight.rawhtml = true
+	function weight.cfgvalue(self, s)
+		return self.map:get(s, "weight") or "1"
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/memberconfig.lua

@@ -0,0 +1,47 @@
+-- ------ extra functions ------ --
+
+function cbi_add_interface(field)
+	uci.cursor():foreach("mwan3", "interface",
+		function (section)
+			field:value(section[".name"])
+		end
+	)
+end
+
+-- ------ member configuration ------ --
+
+dsp = require "luci.dispatcher"
+arg[1] = arg[1] or ""
+
+
+m5 = Map("mwan3", translate("MWAN Member Configuration - ") .. arg[1])
+	m5.redirect = dsp.build_url("admin", "network", "mwan", "configuration", "member")
+
+
+mwan_member = m5:section(NamedSection, arg[1], "member", "")
+	mwan_member.addremove = false
+	mwan_member.dynamic = false
+
+
+interface = mwan_member:option(Value, "interface", translate("Interface"))
+	cbi_add_interface(interface)
+
+metric = mwan_member:option(Value, "metric", translate("Metric"),
+	translate("Acceptable values: 1-1000. Defaults to 1 if not set"))
+	metric.datatype = "range(1, 1000)"
+
+weight = mwan_member:option(Value, "weight", translate("Weight"),
+	translate("Acceptable values: 1-1000. Defaults to 1 if not set"))
+	weight.datatype = "range(1, 1000)"
+
+
+-- ------ currently configured interfaces ------ --
+
+mwan_interface = m5:section(TypedSection, "interface", translate("Currently Configured Interfaces"))
+	mwan_interface.addremove = false
+	mwan_interface.dynamic = false
+	mwan_interface.sortable = false
+	mwan_interface.template = "cbi/tblsection"
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/policy.lua

@@ -0,0 +1,95 @@
+-- ------ extra functions ------ --
+
+function policyCheck() -- check to see if any policy names exceed the maximum of 15 characters
+	uci.cursor():foreach("mwan3", "policy",
+		function (section)
+			if string.len(section[".name"]) > 15 then
+				nameTooLong = 1
+				err_name_list = err_name_list .. section[".name"] .. " "
+			end
+		end
+	)
+end
+
+function policyWarn() -- display status and warning messages at the top of the page
+	if nameTooLong == 1 then
+		return "<font color=\"ff0000\"><strong>WARNING: Some policies have names exceeding the maximum of 15 characters!</strong></font>"
+	else
+		return ""
+	end
+end
+
+-- ------ policy configuration ------ --
+
+ds = require "luci.dispatcher"
+sys = require "luci.sys"
+
+nameTooLong = 0
+err_name_list = " "
+policyCheck()
+
+
+m5 = Map("mwan3", translate("MWAN Policy Configuration"),
+	translate(policyWarn()))
+	m5:append(Template("mwan/config_css"))
+
+
+mwan_policy = m5:section(TypedSection, "policy", translate("Policies"),
+	translate("Policies are profiles grouping one or more members controlling how MWAN distributes traffic<br />" ..
+	"Member interfaces with lower metrics are used first. Interfaces with the same metric load-balance<br />" ..
+	"Load-balanced member interfaces distribute more traffic out those with higher weights<br />" ..
+	"Names may contain characters A-Z, a-z, 0-9, _ and no spaces. Names must be 15 characters or less<br />" ..
+	"Policies may not share the same name as configured interfaces, members or rules"))
+	mwan_policy.addremove = true
+	mwan_policy.dynamic = false
+	mwan_policy.sectionhead = "Policy"
+	mwan_policy.sortable = true
+	mwan_policy.template = "cbi/tblsection"
+	mwan_policy.extedit = ds.build_url("admin", "network", "mwan", "configuration", "policy", "%s")
+	function mwan_policy.create(self, section)
+		TypedSection.create(self, section)
+		m5.uci:save("mwan3")
+		luci.http.redirect(ds.build_url("admin", "network", "mwan", "configuration", "policy", section))
+	end
+
+
+use_member = mwan_policy:option(DummyValue, "use_member", translate("Members assigned"))
+	use_member.rawhtml = true
+	function use_member.cfgvalue(self, s)
+		local memberConfig, memberList = self.map:get(s, "use_member"), ""
+		if memberConfig then
+			for k,v in pairs(memberConfig) do
+				memberList = memberList .. v .. "<br />"
+			end
+			return memberList
+		else
+			return "&#8212;"
+		end
+		
+	end
+
+last_resort = mwan_policy:option(DummyValue, "last_resort", translate("Last resort"))
+	last_resort.rawhtml = true
+	function last_resort.cfgvalue(self, s)
+		local action = self.map:get(s, "last_resort")
+		if action == "blackhole" then
+			return "blackhole (drop)"
+		elseif action == "default" then
+			return "default (use main routing table)"
+		else
+			return "unreachable (reject)"
+		end
+	end
+
+errors = mwan_policy:option(DummyValue, "errors", translate("Errors"))
+	errors.rawhtml = true
+	function errors.cfgvalue(self, s)
+		if not string.find(err_name_list, " " .. s .. " ") then
+			return ""
+		else
+			return "<span title=\"Name exceeds 15 characters\"><img src=\"/luci-static/resources/cbi/reset.gif\" alt=\"error\"></img></span>"
+		end
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/policyconfig.lua

@@ -0,0 +1,65 @@
+-- ------ extra functions ------ --
+
+function policyCheck() -- check to see if this policy's name exceed the maximum of 15 characters
+	policyNameLength = string.len(arg[1])
+	if policyNameLength > 15 then
+		nameTooLong = 1
+	end
+end
+
+function policyWarn() -- display status and warning messages at the top of the page
+	if nameTooLong == 1 then
+		return "<font color=\"ff0000\"><strong>WARNING: this policy's name is " .. policyNameLength .. " characters exceeding the maximum of 15!</strong></font>"
+	else
+		return ""
+	end
+end
+
+function cbiAddMember(field)
+	uci.cursor():foreach("mwan3", "member",
+		function (section)
+			field:value(section[".name"])
+		end
+	)
+end
+
+-- ------ policy configuration ------ --
+
+dsp = require "luci.dispatcher"
+arg[1] = arg[1] or ""
+
+nameTooLong = 0
+policyCheck()
+
+
+m5 = Map("mwan3", translate("MWAN Policy Configuration - " .. arg[1]),
+	translate(policyWarn()))
+	m5.redirect = dsp.build_url("admin", "network", "mwan", "configuration", "policy")
+
+
+mwan_policy = m5:section(NamedSection, arg[1], "policy", "")
+	mwan_policy.addremove = false
+	mwan_policy.dynamic = false
+
+
+use_member = mwan_policy:option(DynamicList, "use_member", translate("Member used"))
+	cbiAddMember(use_member)
+
+last_resort = mwan_policy:option(ListValue, "last_resort", translate("Last resort"),
+	translate("When all policy members are offline use this behavior for matched traffic"))
+	last_resort.default = "unreachable"
+	last_resort:value("unreachable", translate("unreachable (reject)"))
+	last_resort:value("blackhole", translate("blackhole (drop)"))
+	last_resort:value("default", translate("default (use main routing table)"))
+
+
+-- ------ currently configured members ------ --
+
+mwan_member = m5:section(TypedSection, "member", translate("Currently Configured Members"))
+	mwan_member.addremove = false
+	mwan_member.dynamic = false
+	mwan_member.sortable = false
+	mwan_member.template = "cbi/tblsection"
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/rule.lua

@@ -0,0 +1,108 @@
+-- ------ extra functions ------ --
+
+function ruleCheck() -- determine if rules needs a proper protocol configured
+	uci.cursor():foreach("mwan3", "rule",
+		function (section)
+			local sourcePort = ut.trim(sys.exec("uci get -p /var/state mwan3." .. section[".name"] .. ".src_port"))
+			local destPort = ut.trim(sys.exec("uci get -p /var/state mwan3." .. section[".name"] .. ".dest_port"))
+			if sourcePort ~= "" or destPort ~= "" then -- ports configured
+				local protocol = ut.trim(sys.exec("uci get -p /var/state mwan3." .. section[".name"] .. ".proto"))
+				if protocol == "" or protocol == "all" then -- no or improper protocol
+					error_protocol_list = error_protocol_list .. section[".name"] .. " "
+				end
+			end
+		end
+	)
+end
+
+function ruleWarn() -- display warning messages at the top of the page
+	if error_protocol_list ~= " " then
+		return "<font color=\"ff0000\"><strong>WARNING: some rules have a port configured with no or improper protocol specified! Please configure a specific protocol!</strong></font>"
+	else
+		return ""
+	end
+end
+
+-- ------ rule configuration ------ --
+
+dsp = require "luci.dispatcher"
+sys = require "luci.sys"
+ut = require "luci.util"
+
+error_protocol_list = " "
+ruleCheck()
+
+
+m5 = Map("mwan3", translate("MWAN Rule Configuration"),
+	translate(ruleWarn()))
+	m5:append(Template("mwan/config_css"))
+
+
+mwan_rule = m5:section(TypedSection, "rule", translate("Traffic Rules"),
+	translate("Rules specify which traffic will use a particular MWAN policy based on IP address, port or protocol<br />" ..
+	"Rules are matched from top to bottom. Rules below a matching rule are ignored. Traffic not matching any rule is routed using the main routing table<br />" ..
+	"Traffic destined for known (other than default) networks is handled by the main routing table. Traffic matching a rule, but all WAN interfaces for that policy are down will be blackholed<br />" ..
+	"Names may contain characters A-Z, a-z, 0-9, _ and no spaces<br />" ..
+	"Rules may not share the same name as configured interfaces, members or policies"))
+	mwan_rule.addremove = true
+	mwan_rule.anonymous = false
+	mwan_rule.dynamic = false
+	mwan_rule.sectionhead = "Rule"
+	mwan_rule.sortable = true
+	mwan_rule.template = "cbi/tblsection"
+	mwan_rule.extedit = dsp.build_url("admin", "network", "mwan", "configuration", "rule", "%s")
+	function mwan_rule.create(self, section)
+		TypedSection.create(self, section)
+		m5.uci:save("mwan3")
+		luci.http.redirect(dsp.build_url("admin", "network", "mwan", "configuration", "rule", section))
+	end
+
+
+src_ip = mwan_rule:option(DummyValue, "src_ip", translate("Source address"))
+	src_ip.rawhtml = true
+	function src_ip.cfgvalue(self, s)
+		return self.map:get(s, "src_ip") or "&#8212;"
+	end
+
+src_port = mwan_rule:option(DummyValue, "src_port", translate("Source port"))
+	src_port.rawhtml = true
+	function src_port.cfgvalue(self, s)
+		return self.map:get(s, "src_port") or "&#8212;"
+	end
+
+dest_ip = mwan_rule:option(DummyValue, "dest_ip", translate("Destination address"))
+	dest_ip.rawhtml = true
+	function dest_ip.cfgvalue(self, s)
+		return self.map:get(s, "dest_ip") or "&#8212;"
+	end
+
+dest_port = mwan_rule:option(DummyValue, "dest_port", translate("Destination port"))
+	dest_port.rawhtml = true
+	function dest_port.cfgvalue(self, s)
+		return self.map:get(s, "dest_port") or "&#8212;"
+	end
+
+proto = mwan_rule:option(DummyValue, "proto", translate("Protocol"))
+	proto.rawhtml = true
+	function proto.cfgvalue(self, s)
+		return self.map:get(s, "proto") or "all"
+	end
+
+use_policy = mwan_rule:option(DummyValue, "use_policy", translate("Policy assigned"))
+	use_policy.rawhtml = true
+	function use_policy.cfgvalue(self, s)
+		return self.map:get(s, "use_policy") or "&#8212;"
+	end
+
+errors = mwan_rule:option(DummyValue, "errors", translate("Errors"))
+	errors.rawhtml = true
+	function errors.cfgvalue(self, s)
+		if not string.find(error_protocol_list, " " .. s .. " ") then
+			return ""
+		else
+			return "<span title=\"No protocol specified\"><img src=\"/luci-static/resources/cbi/reset.gif\" alt=\"error\"></img></span>"
+		end
+	end
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/model/cbi/mwan/ruleconfig.lua

@@ -0,0 +1,100 @@
+-- ------ extra functions ------ --
+
+function ruleCheck() -- determine if rule needs a protocol specified
+	local sourcePort = ut.trim(sys.exec("uci get -p /var/state mwan3." .. arg[1] .. ".src_port"))
+	local destPort = ut.trim(sys.exec("uci get -p /var/state mwan3." .. arg[1] .. ".dest_port"))
+	if sourcePort ~= "" or destPort ~= "" then -- ports configured
+		local protocol = ut.trim(sys.exec("uci get -p /var/state mwan3." .. arg[1] .. ".proto"))
+		if protocol == "" or protocol == "all" then -- no or improper protocol
+			error_protocol = 1
+		end
+	end
+end
+
+function ruleWarn() -- display warning message at the top of the page
+	if error_protocol == 1 then
+		return "<font color=\"ff0000\"><strong>WARNING: this rule is incorrectly configured with no or improper protocol specified! Please configure a specific protocol!</strong></font>"
+	else
+		return ""
+	end
+end
+
+function cbiAddPolicy(field)
+	uci.cursor():foreach("mwan3", "policy",
+		function (section)
+			field:value(section[".name"])
+		end
+	)
+end
+
+function cbiAddProtocol(field)
+	local protocols = ut.trim(sys.exec("cat /etc/protocols | grep '	# ' | awk '{print $1}' | grep -vw -e 'ip' -e 'tcp' -e 'udp' -e 'icmp' -e 'esp' | grep -v 'ipv6' | sort | tr '\n' ' '"))
+	for p in string.gmatch(protocols, "%S+") do
+		field:value(p)
+	end
+end
+
+-- ------ rule configuration ------ --
+
+dsp = require "luci.dispatcher"
+sys = require "luci.sys"
+ut = require "luci.util"
+arg[1] = arg[1] or ""
+
+error_protocol = 0
+ruleCheck()
+
+
+m5 = Map("mwan3", translate("MWAN Rule Configuration - ") .. arg[1],
+	translate(ruleWarn()))
+	m5.redirect = dsp.build_url("admin", "network", "mwan", "configuration", "rule")
+
+
+mwan_rule = m5:section(NamedSection, arg[1], "rule", "")
+	mwan_rule.addremove = false
+	mwan_rule.dynamic = false
+
+
+src_ip = mwan_rule:option(Value, "src_ip", translate("Source address"),
+	translate("Supports CIDR notation (eg \"192.168.100.0/24\") without quotes"))
+	src_ip.datatype = ipaddr
+
+src_port = mwan_rule:option(Value, "src_port", translate("Source port"),
+	translate("May be entered as a single or multiple port(s) (eg \"22\" or \"80,443\") or as a portrange (eg \"1024:2048\") without quotes"))
+
+dest_ip = mwan_rule:option(Value, "dest_ip", translate("Destination address"),
+	translate("Supports CIDR notation (eg \"192.168.100.0/24\") without quotes"))
+	dest_ip.datatype = ipaddr
+
+dest_port = mwan_rule:option(Value, "dest_port", translate("Destination port"),
+	translate("May be entered as a single or multiple port(s) (eg \"22\" or \"80,443\") or as a portrange (eg \"1024:2048\") without quotes"))
+
+proto = mwan_rule:option(Value, "proto", translate("Protocol"),
+	translate("View the contents of /etc/protocols for protocol descriptions"))
+	proto.default = "all"
+	proto.rmempty = false
+	proto:value("all")
+	proto:value("ip")
+	proto:value("tcp")
+	proto:value("udp")
+	proto:value("icmp")
+	proto:value("esp")
+	cbiAddProtocol(proto)
+
+use_policy = mwan_rule:option(Value, "use_policy", translate("Policy assigned"))
+	cbiAddPolicy(use_policy)
+	use_policy:value("unreachable", translate("unreachable (reject)"))
+	use_policy:value("blackhole", translate("blackhole (drop)"))
+	use_policy:value("default", translate("default (use main routing table)"))
+
+
+-- ------ currently configured policies ------ --
+
+mwan_policy = m5:section(TypedSection, "policy", translate("Currently Configured Policies"))
+	mwan_policy.addremove = false
+	mwan_policy.dynamic = false
+	mwan_policy.sortable = false
+	mwan_policy.template = "cbi/tblsection"
+
+
+return m5

net/mwan3-luci/files/usr/lib/lua/luci/view/admin_status/index/mwan.htm

@@ -0,0 +1 @@
+<%+mwan/openwrt_overview_status%>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/advanced_diagnostics.htm

@@ -0,0 +1,128 @@
+<%+header%>
+
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/hotplugscript")%>"><%:Hotplug Script%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/mwanconfig")%>"><%:MWAN Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/networkconfig")%>"><%:Network Config%></a></li>
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/diagnostics")%>"><%:Diagnostics%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/troubleshooting")%>"><%:Troubleshooting%></a></li>
+</ul>
+
+<%
+	local uci = require "luci.model.uci"
+
+	interfaceNames = ""
+	uci.cursor():foreach("mwan3", "interface",
+		function (section)
+			interfaceNames = interfaceNames .. section[".name"] .. " "
+		end
+	)
+%>
+
+<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+<script type="text/javascript">//<![CDATA[
+	var stxhr = new XHR();
+
+	function update_status(tool, task)
+	{
+		var iface = document.getElementById('mwaniface').value;
+		var output = document.getElementById('diag_output');
+
+		if (tool == "service")
+			{
+				output.innerHTML =
+					'<img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="padding: 20px; vertical-align: middle;" /> ' +
+					"Waiting for MWAN to " + task + "..."
+				;
+			}
+			else
+			{
+				output.innerHTML =
+					'<img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="padding: 20px; vertical-align: middle;" /> ' +
+					"Waiting for diagnostic results..."
+				;
+			}
+
+		output.parentNode.style.display = 'block';
+		output.style.display = 'inline';
+
+		stxhr.get('<%=luci.dispatcher.build_url("admin", "network", "mwan", "advanced")%>/diagnostics_display' + '/' + iface + '/' + tool + '/' + task, null,
+			function(x, mArray)
+			{
+				if (mArray.diagnostics)
+				{
+					output.innerHTML = String.format('<pre id="diag_output_css">%h</pre>', mArray.diagnostics[0]);
+				}
+				else
+				{
+					output.innerHTML = '<pre id="diag_output_css"><strong>No diagnostic results returned</strong></pre>';
+				}
+			}
+		);
+	}
+//]]></script>
+
+<div id="mwan_diagnostics" class="cbi-map">
+	<fieldset id="diag_select" class="cbi-section">
+		<legend><%:MWAN Interface Diagnostics%></legend>
+		<select id="mwaniface">
+			<% for z in interfaceNames:gmatch("[^ ]+") do -%><option value="<%=z%>"><%=z%></option><%- end %>
+		</select>
+		<div id="buttoncss">
+			<input type="button" value="<%:Ping default gateway%>" class="cbi-button cbi-button-apply" onclick="update_status('ping', 'gateway')" />
+			<input type="button" value="<%:Ping tracking IP%>" class="cbi-button cbi-button-apply" onclick="update_status('ping', 'track_ip')" />
+			<input type="button" value="<%:Check IP rules%>" class="cbi-button cbi-button-apply" onclick="update_status('rulechk', null)" />
+			<input type="button" value="<%:Check routing table%>" class="cbi-button cbi-button-apply" onclick="update_status('routechk', null)" />
+			<input type="button" value="<%:Hotplug ifup%>" class="cbi-button cbi-button-apply" onclick="update_status('hotplug', 'ifup')" />
+			<input type="button" value="<%:Hotplug ifdown%>" class="cbi-button cbi-button-apply" onclick="update_status('hotplug', 'ifdown')" />
+		</div>
+	</fieldset>
+	<fieldset id="diag_select" class="cbi-section">
+		<legend><%:MWAN Service Control%></legend>
+		<div id="buttoncss">
+			<input type="button" value="<%:Restart MWAN%>" class="cbi-button cbi-button-apply" onclick="update_status('service', 'restart')" />
+			<input type="button" value="<%:Stop MWAN%>" class="cbi-button cbi-button-apply" onclick="update_status('service', 'stop')" />
+			<input type="button" value="<%:Start MWAN%>" class="cbi-button cbi-button-apply" onclick="update_status('service', 'start')" />
+		</div>
+	</fieldset>
+	<fieldset class="cbi-section" style="display:none">
+		<legend><%:Diagnostic Results%></legend>
+		<div id="diag_output"></div>
+	</fieldset>
+</div>
+
+<style type="text/css">
+  .container {  /* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin-left: 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  #mwan_diagnostics {
+	background-color: #FFFFFF;
+	border: 1px dotted #555555;
+	padding: 20px;
+  }
+  #diag_select {
+	padding: 12px 20px 20px 20px;
+  }
+  #mwaniface {
+	float: left;
+	margin: 8px 20px 0px 0px;
+  }
+  #buttoncss {
+	display: table;
+	float: left;
+	text-align: left;
+  }
+  .cbi-button {
+	margin: 8px 20px 0px 0px;
+	min-width: 153px;
+  }
+  #diag_output_css {
+	padding: 20px;
+	text-align: left;
+  }
+</style>
+
+<%+footer%>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/advanced_hotplugscript.htm

@@ -0,0 +1,23 @@
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/hotplugscript")%>"><%:Hotplug Script%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/mwanconfig")%>"><%:MWAN Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/networkconfig")%>"><%:Network Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/diagnostics")%>"><%:Diagnostics%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/troubleshooting")%>"><%:Troubleshooting%></a></li>
+</ul>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin: 0px 0px 0px 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  .cbi-section-node {
+	margin-top: 20px;
+  }
+  .cbi-section {
+	border: 1px dotted #555555;
+	padding: 20px;
+  }
+</style>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/advanced_mwanconfig.htm

@@ -0,0 +1,23 @@
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/hotplugscript")%>"><%:Hotplug Script%></a></li>
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/mwanconfig")%>"><%:MWAN Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/networkconfig")%>"><%:Network Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/diagnostics")%>"><%:Diagnostics%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/troubleshooting")%>"><%:Troubleshooting%></a></li>
+</ul>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin: 0px 0px 0px 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  .cbi-section-node {
+	margin-top: 20px;
+  }
+  .cbi-section {
+	border: 1px dotted #555555;
+	padding: 20px;
+  }
+</style>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/advanced_networkconfig.htm

@@ -0,0 +1,23 @@
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/hotplugscript")%>"><%:Hotplug Script%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/mwanconfig")%>"><%:MWAN Config%></a></li>
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/networkconfig")%>"><%:Network Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/diagnostics")%>"><%:Diagnostics%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/troubleshooting")%>"><%:Troubleshooting%></a></li>
+</ul>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin: 0px 0px 0px 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  .cbi-section-node {
+	margin-top: 20px;
+  }
+  .cbi-section {
+	border: 1px dotted #555555;
+	padding: 20px;
+  }
+</style>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/advanced_troubleshooting.htm

@@ -0,0 +1,71 @@
+<%+header%>
+
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/hotplugscript")%>"><%:Hotplug Script%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/mwanconfig")%>"><%:MWAN Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/networkconfig")%>"><%:Network Config%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/diagnostics")%>"><%:Diagnostics%></a></li>
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/advanced/troubleshooting")%>"><%:Troubleshooting%></a></li>
+</ul>
+
+<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(15, '<%=luci.dispatcher.build_url("admin", "network", "mwan", "advanced", "troubleshooting_display")%>', null,
+		function(x, mArray)
+		{
+			var tshoot = document.getElementById('troubleshoot_text');
+			if (mArray.versions)
+			{
+				var versions = '<span class="description">Software versions : </span><br /><br />';
+				var mwanConfig = '<br /><br /><span class="description">Output of &#34;cat /etc/config/mwan3&#34; : </span><br /><br />';
+				var netConfig = '<br /><br /><span class="description">Output of &#34;cat /etc/config/network&#34; : </span><br /><br />';
+				var ifconfig = '<br /><br /><span class="description">Output of &#34;ifconfig&#34; : </span><br /><br />';
+				var ipRoute = '<br /><br /><span class="description">Output of &#34;route -n&#34; : </span><br /><br />';
+				var ipRuleShow = '<br /><br /><span class="description">Output of &#34;ip rule show&#34; : </span><br /><br />';
+				var routeListTable = '<br /><br /><span class="description">Output of &#34;ip route list table 1-250&#34; : </span><br /><br />';
+				var firewallOut = '<br /><br /><span class="description">Firewall default output policy (must be ACCEPT) : </span><br /><br />';
+				var iptables = '<br /><br /><span class="description">Output of &#34;iptables -L -t mangle -v -n&#34; : </span><br /><br />';
+				tshoot.innerHTML = String.format(
+					'<pre>%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s</pre>',
+					versions, mArray.versions[0], mwanConfig, mArray.mwanconfig[0], netConfig, mArray.netconfig[0],
+					ifconfig, mArray.ifconfig[0], ipRoute, mArray.routeshow[0], ipRuleShow, mArray.iprule[0],
+					routeListTable, mArray.routelist[0], firewallOut, mArray.firewallout[0], iptables, mArray.iptables[0]
+				);
+			}
+			else
+			{
+				tshoot.innerHTML = '<strong>Error collecting troubleshooting information</strong>';
+			}
+		}
+	);
+//]]></script>
+
+<div id="troubleshoot">
+	<fieldset class="cbi-section">
+		<legend><%:Troubleshooting Data%></legend>
+		<div id="troubleshoot_text"><img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="vertical-align:middle" /> Collecting data...</div>
+	</fieldset>
+</div>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin-left: 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  #troubleshoot {
+	background-color: #FFFFFF;
+	border: 1px dotted #555555;
+	padding: 20px;
+  }
+  #troubleshoot_text {
+	padding: 20px;
+	text-align: left;
+  }
+  .description {
+	background-color: rgb(78, 186, 241);
+  }
+</style>
+
+<%+footer%>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/config_css.htm

@@ -0,0 +1,34 @@
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin-left: 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  table td {	/* cells showing the configuration values */
+	padding: 0px;
+	text-align: center;
+	vertical-align: middle;
+  }
+  table th {	/* column for configuration section name */
+	padding: 0px;
+	text-align: center;
+	vertical-align: middle;
+  }
+  table tbody th {	/* column for configuration section name */
+	padding: 0px;
+	vertical-align: middle;
+  }
+  .cbi-section-node table div {	/* rows */
+	padding-top: 5px;
+  }
+  table.cbi-section-table td.cbi-section-table-cell {	/* sort buttons column */
+	text-align: center;
+  }
+  .cbi-section h3 {
+	color: rgb(85, 85, 85);
+	font-family: Trebuchet MS,Verdana,sans-serif;
+	font-style: italic;
+	font-weight: normal;
+  }
+</style>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/openwrt_overview_status.htm

@@ -0,0 +1,83 @@
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "network", "mwan", "overview", "interface_status")%>', null,
+		function(x, mArray)
+		{
+			var status = document.getElementById('mwan_status_text');
+			if (mArray.wans)
+			{
+				var temp = '';
+				for( var i = 0; i < mArray.wans.length; i++ )
+				{
+					var stat = '';
+					var cssc = '';
+					switch (mArray.wans[i].status)
+					{
+						case 'online':
+							stat = 'Online (tracking active)';
+							cssc = 'wanon';
+							break;
+						case 'notMonitored':
+							stat = 'Online (tracking off)';
+							cssc = 'wanon';
+							break;
+						case 'offline':
+							stat = 'Offline';
+							cssc = 'wanoff';
+							break;
+						case 'notEnabled':
+							stat = 'Disabled';
+							cssc = 'wanoff';
+							break;
+					}
+					temp += String.format(
+						'<span class="%s"><strong>%s (<a href="%q">%s</a>)</strong><br />%s</span>',
+						cssc, mArray.wans[i].name, mArray.wans[i].link, mArray.wans[i].ifname, stat
+					);
+				}
+				status.innerHTML = temp;
+			}
+			else
+			{
+				status.innerHTML = '<strong>No MWAN interfaces found</strong>';
+			}
+		}
+	);
+//]]></script>
+
+<fieldset id="interface_field" class="cbi-section">
+	<legend><%:MWAN Interface Live Status%></legend>
+	<div id="mwan_status_text"><img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="vertical-align:middle" /> Collecting data...</div>
+</fieldset>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: 1044px;
+  }
+  #interface_field {
+	padding: 12px 20px 20px 20px;
+  }
+  #mwan_status_text {
+	display: table;
+	font-size: 14px;
+	margin: auto;
+	max-width: 1044px;
+	min-width: 246px;
+	width: 100%;
+  }
+  .wanon {
+	background-color: rgb(144, 240, 144);
+  }
+  .wanoff {
+	background-color: rgb(240, 144, 144);
+  }
+  .wanon, .wanoff {
+	border-radius: 60px;
+	box-shadow: 0px 2px 5px -3px;
+	float: left;
+	margin: 8px 3px 0px 3px;
+	min-height: 30px;
+	min-width: 235px;
+	padding: 5px 10px 8px 10px;
+	text-align: center;
+  }
+</style>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/overview_detailed.htm

@@ -0,0 +1,51 @@
+<%+header%>
+
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/overview")%>"><%:Interface Status%></a></li>
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/overview/overview_detailed")%>"><%:Detailed Status%></a></li>
+</ul>
+
+<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "network", "mwan", "overview", "detailed_status")%>', null,
+		function(x, mArray)
+		{
+			var status = document.getElementById('mwan_detail_text');
+			if (mArray.mwandetail)
+			{
+				status.innerHTML = String.format('<pre>%s</pre>', mArray.mwandetail[0]);
+			}
+			else
+			{
+				status.innerHTML = '<strong>No detailed status information available</strong>';
+			}
+		}
+	);
+//]]></script>
+
+<div id="mwan_detail_status">
+	<fieldset class="cbi-section">
+		<legend><%:MWAN Detailed Status%></legend>
+		<div id="mwan_detail_text"><img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="vertical-align:middle" /> Collecting data...</div>
+	</fieldset>
+</div>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin-left: 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  #mwan_detail_status {
+	border: 1px dotted #555555;
+	background-color: #FFFFFF;
+	padding: 20px;
+  }
+  #mwan_detail_text {
+	padding: 20px;
+	text-align: left;
+  }
+</style>
+
+<%+footer%>

net/mwan3-luci/files/usr/lib/lua/luci/view/mwan/overview_interface.htm

@@ -0,0 +1,122 @@
+<%+header%>
+
+<ul class="cbi-tabmenu">
+	<li class="cbi-tab"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/overview")%>"><%:Interface Status%></a></li>
+	<li class="cbi-tab-disabled"><a href="<%=luci.dispatcher.build_url("admin/network/mwan/overview/overview_detailed")%>"><%:Detailed Status%></a></li>
+</ul>
+
+<script type="text/javascript" src="<%=resource%>/cbi.js"></script>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "network", "mwan", "overview", "interface_status")%>', null,
+		function(x, mArray)
+		{
+			var statusDiv = document.getElementById('mwan_status_text');
+			if (mArray.wans)
+			{
+				var interfaceStatus = '';
+				for( var i = 0; i < mArray.wans.length; i++ )
+				{
+					var status = '';
+					var css = '';
+					switch (mArray.wans[i].status)
+					{
+						case 'online':
+							status = 'Online (tracking active)';
+							css = 'wanon';
+							break;
+						case 'notMonitored':
+							status = 'Online (tracking off)';
+							css = 'wanon';
+							break;
+						case 'offline':
+							status = 'Offline';
+							css = 'wanoff';
+							break;
+						case 'notEnabled':
+							status = 'Disabled';
+							css = 'wanoff';
+							break;
+					}
+					interfaceStatus += String.format(
+						'<span class="%s"><strong>%s (<a href="%q">%s</a>)</strong><br />%s</span>',
+						css, mArray.wans[i].name, mArray.wans[i].link, mArray.wans[i].ifname, status
+					);
+				}
+				statusDiv.innerHTML = interfaceStatus;
+			}
+			else
+			{
+				statusDiv.innerHTML = '<strong>No MWAN interfaces found</strong>';
+			}
+
+			var logs = document.getElementById('mwan_statuslog_text');
+			if (mArray.mwanlog)
+			{
+				var mwanLog = 'Last 50 MWAN systemlog entries. Newest entries sorted at the top :';
+				logs.innerHTML = String.format('<pre>%s<br /><br />%s</pre>', mwanLog, mArray.mwanlog[0]);
+			}
+			else
+			{
+				logs.innerHTML = '<strong>No MWAN systemlog history found</strong>';
+			}
+		}
+	);
+//]]></script>
+
+<div id="mwan_interface_status">
+	<fieldset id="interface_field" class="cbi-section">
+		<legend><%:MWAN Interface Live Status%></legend>
+		<div id="mwan_status_text"><img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="vertical-align:middle" /> Collecting data...</div>
+	</fieldset>
+	<fieldset class="cbi-section">
+		<legend><%:MWAN Interface Systemlog%></legend>
+		<div id="mwan_statuslog_text"><img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="vertical-align:middle" /> Collecting data...</div>
+	</fieldset>
+</div>
+
+<style type="text/css">
+  .container {	/* container for entire page. fixes bootstrap theme's ridiculously small page width */
+	max-width: none;
+	margin-left: 30px;
+	padding-right: 30px;
+	width: auto;
+  }
+  #mwan_interface_status {
+	background-color: #FFFFFF;
+	border: 1px dotted #555555;
+	padding: 20px;
+  }
+  #interface_field {
+	padding: 12px 20px 20px 20px;
+  }
+  #mwan_status_text {
+	display: table;
+	font-size: 14px;
+	margin: auto;
+	max-width: 1044px;
+	min-width: 246px;
+	width: 100%;
+  }
+  .wanon {
+	background-color: rgb(144, 240, 144);
+  }
+  .wanoff {
+	background-color: rgb(240, 144, 144);
+  }
+  .wanon, .wanoff {
+	border-radius: 60px;
+	box-shadow: 0px 2px 5px -3px;
+	float: left;
+	margin: 8px 3px 0px 3px;
+	min-height: 30px;
+	min-width: 235px;
+	padding: 5px 10px 8px 10px;
+	text-align: center;
+  }
+  #mwan_statuslog_text {
+	padding: 20px;
+	text-align: left;
+  }
+</style>
+
+<%+footer%>

net/mwan3/Makefile

@@ -0,0 +1,45 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=mwan3
+PKG_VERSION:=1.5
+PKG_RELEASE:=10
+PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
+PKG_LICENSE:=GPLv2
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/mwan3
+   SECTION:=net
+   CATEGORY:=Network
+   SUBMENU:=Routing and Redirection
+   DEPENDS:=+ip +iptables +iptables-mod-conntrack-extra +iptables-mod-ipopt
+   TITLE:=Multiwan hotplug script with connection tracking support
+   MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
+   PKGARCH:=all
+endef
+
+define Package/mwan3/description
+Hotplug script which makes configuration of multiple WAN interfaces simple
+and manageable. With loadbalancing/failover support for up to 250 wan
+interfaces, connection tracking and an easy to manage traffic ruleset.
+endef
+
+define Package/mwan3/conffiles
+/etc/config/mwan3
+endef
+
+define Build/Compile
+endef
+
+define Package/mwan3/install
+$(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,mwan3))

net/mwan3/files/etc/config/mwan3

@@ -0,0 +1,79 @@
+
+config interface 'wan'
+	option enabled '1'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	option reliability '2'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '3'
+	option up '8'
+
+config interface 'wan2'
+	option enabled '0'
+	list track_ip '8.8.8.8'
+	list track_ip '208.67.220.220'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '3'
+	option up '8'
+
+config member 'wan_m1_w3'
+	option interface 'wan'
+	option metric '1'
+	option weight '3'
+
+config member 'wan_m2_w3'
+	option interface 'wan'
+	option metric '2'
+	option weight '3'
+
+config member 'wan2_m1_w2'
+	option interface 'wan2'
+	option metric '1'
+	option weight '2'
+
+config member 'wan2_m2_w2'
+	option interface 'wan2'
+	option metric '2'
+	option weight '2'
+
+config policy 'wan_only'
+	list use_member 'wan_m1_w3'
+
+config policy 'wan2_only'
+	list use_member 'wan2_m1_w2'
+
+config policy 'balanced'
+	list use_member 'wan_m1_w3'
+	list use_member 'wan2_m1_w2'
+
+config policy 'wan_wan2'
+	list use_member 'wan_m1_w3'
+	list use_member 'wan2_m2_w2'
+
+config policy 'wan2_wan'
+	list use_member 'wan_m2_w3'
+	list use_member 'wan2_m1_w2'
+
+config rule 'sticky_even'
+	option src_ip '0.0.0.0/0.0.0.1'
+	option dest_port '443'
+	option proto 'tcp'
+	option use_policy 'wan_wan2'
+
+config rule 'sticky_odd'
+	option src_ip '0.0.0.1/0.0.0.1'
+	option dest_port '443'
+	option proto 'tcp'
+	option use_policy 'wan2_wan'
+
+config rule 'default_rule'
+	option dest_ip '0.0.0.0/0'
+	option use_policy 'balanced'
+

net/mwan3/files/etc/hotplug.d/iface/15-mwan3

@@ -0,0 +1,362 @@
+#!/bin/sh
+
+mwan3_get_iface_id()
+{
+	let iface_count++
+	[ "$1" == "$INTERFACE" ] && iface_id=$iface_count
+}
+
+mwan3_set_general_iptables()
+{
+	if ! $IPT -S mwan3_ifaces &> /dev/null; then
+		$IPT -N mwan3_ifaces
+	fi
+
+	if ! $IPT -S mwan3_rules &> /dev/null; then
+		$IPT -N mwan3_rules
+	fi
+
+	if ! $IPT -S mwan3_connected &> /dev/null; then
+		$IPT -N mwan3_connected
+	fi
+
+	if ! $IPT -S mwan3_hook &> /dev/null; then
+		$IPT -N mwan3_hook
+		$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
+		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces
+		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
+		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
+		$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
+		$IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
+	fi
+
+	if ! $IPT -S mwan3_output_hook &> /dev/null; then
+		$IPT -N mwan3_output_hook
+	fi
+
+	if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
+		$IPT -A PREROUTING -j mwan3_hook
+	fi
+
+	if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
+		$IPT -A OUTPUT -j mwan3_hook
+	fi
+
+	if ! $IPT -S OUTPUT | grep mwan3_output_hook &> /dev/null; then
+		$IPT -A OUTPUT -j mwan3_output_hook
+	fi
+
+	$IPT -F mwan3_rules
+}
+
+mwan3_set_general_rules()
+{
+	if [ -z "$($IP rule list | awk '$1 == "2253:"')" ]; then
+		$IP rule add pref 2253 fwmark 0xfd00/0xff00 blackhole
+	fi
+
+	if [ -z "$($IP rule list | awk '$1 == "2254:"')" ]; then
+		$IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
+	fi
+}
+
+mwan3_set_connected_iptables()
+{
+	local connected_networks
+
+	if $IPT -S mwan3_connected &> /dev/null; then
+		$IPT -F mwan3_connected
+
+		for connected_networks in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
+			$IPT -A mwan3_connected -d $connected_networks -j MARK --set-xmark 0xff00/0xff00
+		done
+
+		for connected_networks in $($IP route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
+			$IPT -A mwan3_connected -d $connected_networks -j MARK --set-xmark 0xff00/0xff00
+		done
+
+		$IPT -I mwan3_connected -d 224.0.0.0/3 -j MARK --set-xmark 0xff00/0xff00
+		$IPT -I mwan3_connected -d 127.0.0.0/8 -j MARK --set-xmark 0xff00/0xff00
+	fi
+}
+
+mwan3_set_iface_iptables()
+{
+	local local_net local_nets
+
+	if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
+		$IPT -N mwan3_iface_$INTERFACE
+	fi
+
+	$IPT -F mwan3_iface_$INTERFACE
+	$IPT -D mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
+
+	if [ $ACTION == "ifup" ]; then
+		local_nets=$($IP route list dev $DEVICE scope link | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
+
+		if [ -n "$local_nets" ]; then
+			for local_net in $local_nets ; do
+				if [ $ACTION == "ifup" ]; then
+					$IPT -I mwan3_iface_$INTERFACE -i $DEVICE -s $local_net -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
+				fi
+			done
+		fi
+
+		$IPT -A mwan3_iface_$INTERFACE -i $DEVICE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
+		$IPT -A mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
+	fi
+
+	if [ $ACTION == "ifdown" ]; then
+		$IPT -X mwan3_iface_$INTERFACE
+	fi
+}
+
+mwan3_set_iface_route()
+{
+	$IP route flush table $iface_id
+	[ $ACTION == "ifup" ] && $IP route add table $iface_id default $route_args
+}
+
+mwan3_set_iface_rules()
+{
+	while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
+		$IP rule del pref $(($iface_id+1000))
+	done
+
+	while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
+		$IP rule del pref $(($iface_id+2000))
+	done
+
+	[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
+	[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
+}
+
+mwan3_track()
+{
+	local track_ip track_ips reliability count timeout interval down up
+
+	mwan3_list_track_ips()
+	{
+		track_ips="$1 $track_ips"
+	}
+	config_list_foreach $INTERFACE track_ip mwan3_list_track_ips
+
+	if [ -e /var/run/mwan3track-$INTERFACE.pid ] ; then
+		kill $(cat /var/run/mwan3track-$INTERFACE.pid) &> /dev/null
+		rm /var/run/mwan3track-$INTERFACE.pid &> /dev/null
+	fi
+
+	if [ -n "$track_ips" ]; then
+		config_get reliability $INTERFACE reliability 1
+		config_get count $INTERFACE count 1
+		config_get timeout $INTERFACE timeout 4
+		config_get interval $INTERFACE interval 10
+		config_get down $INTERFACE down 5
+		config_get up $INTERFACE up 5
+
+		if ! $IPT -S mwan3_track_$INTERFACE &> /dev/null; then
+			$IPT -N mwan3_track_$INTERFACE
+			$IPT -A mwan3_output_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE
+		fi
+
+		$IPT -F mwan3_track_$INTERFACE
+
+		for track_ip in $track_ips; do
+			$IPT -A mwan3_track_$INTERFACE -d $track_ip -j MARK --set-xmark 0xff00/0xff00
+		done
+
+		[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
+	else
+		$IPT -D mwan3_output_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE &> /dev/null
+		$IPT -F mwan3_track_$INTERFACE &> /dev/null
+		$IPT -X mwan3_track_$INTERFACE &> /dev/null
+	fi
+}
+
+mwan3_set_policy()
+{
+	local iface_count iface_id INTERFACE metric probability weight
+
+	config_get INTERFACE $1 interface
+	config_get metric $1 metric 1
+	config_get weight $1 weight 1
+
+	[ -n "$INTERFACE" ] || return 0
+	
+	config_foreach mwan3_get_iface_id interface
+
+	[ -n "$iface_id" ] || return 0
+
+	if $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
+		if [ "$metric" -lt "$lowest_metric" ]; then
+
+			total_weight=$weight
+			$IPT -F mwan3_policy_$policy
+			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
+
+			lowest_metric=$metric
+
+		elif [ "$metric" -eq "$lowest_metric" ]; then
+
+			total_weight=$(($total_weight+$weight))
+			probability=$(($weight*1000/$total_weight))
+			
+			if [ "$probability" -lt 10 ]; then
+				probability="0.00$probability"
+				elif [ $probability -lt 100 ]; then
+				probability="0.0$probability"
+				elif [ $probability -lt 1000 ]; then
+				probability="0.$probability"
+			else
+				probability="1"
+			fi
+
+			probability="-m statistic --mode random --probability $probability"
+			
+			$IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
+		fi
+	fi
+}
+
+mwan3_set_policies_iptables()
+{
+	local last_resort lowest_metric policy total_weight
+
+	policy=$1
+
+	config_get last_resort $1 last_resort unreachable
+
+	if [ "$policy" != $(echo "$policy" | cut -c1-15) ]; then
+		$LOG warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
+	fi
+
+	if ! $IPT -S mwan3_policy_$policy &> /dev/null; then
+		$IPT -N mwan3_policy_$policy
+	fi
+
+	$IPT -F mwan3_policy_$policy
+
+	case "$last_resort" in
+		blackhole)
+			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "blackhole" -j MARK --set-xmark 0xfd00/0xff00
+		;;
+		default)
+			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
+		;;
+		*)
+			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
+		;;
+	esac
+
+	lowest_metric=256
+	total_weight=0
+
+	config_list_foreach $policy use_member mwan3_set_policy
+}
+
+mwan3_set_user_rules_iptables()
+{
+	local proto src_ip src_port dest_ip dest_port use_policy
+
+	config_get proto $1 proto all
+	config_get src_ip $1 src_ip 0.0.0.0/0
+	config_get src_port $1 src_port 0:65535
+	config_get dest_ip $1 dest_ip 0.0.0.0/0
+	config_get dest_port $1 dest_port 0:65535
+	config_get use_policy $1 use_policy
+
+	if [ -n "$use_policy" ]; then
+		if [ "$use_policy" == "default" ]; then
+			use_policy="MARK --set-xmark 0xff00/0xff00"
+		elif [ "$use_policy" == "unreachable" ]; then
+			use_policy="MARK --set-xmark 0xfe00/0xff00"
+		elif [ "$use_policy" == "blackhole" ]; then
+			use_policy="MARK --set-xmark 0xfd00/0xff00"
+		else
+			use_policy="mwan3_policy_$use_policy"
+		fi
+
+		case $proto in
+			tcp|udp)
+			$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
+			;;
+			*)
+			$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
+			;;
+		esac
+	fi
+}
+
+mwan3_ifupdown()
+{
+	local counter enabled iface_count iface_id route_args wan_metric
+
+	config_load mwan3
+	config_foreach mwan3_get_iface_id interface
+
+	[ -n "$iface_id" ] || return 0
+	[ "$iface_count" -le 250 ] || return 0
+	unset iface_count
+
+	config_get enabled $INTERFACE enabled 0
+
+	counter=0
+
+	if [ $ACTION == "ifup" ]; then
+		[ "$enabled" -eq 1 ] || return 0
+
+		while [ -z "$($IP route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
+			sleep 1
+			let counter++
+			if [ "$counter" -ge 10 ]; then
+				$LOG warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && return 0
+			fi
+		done
+
+		route_args=$($IP route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//via \1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
+		route_args="$route_args dev $DEVICE"
+	fi
+
+	while [ "$(pgrep -f -o hotplug-call)" -ne $$ -a "$counter" -lt 60 ]; do
+		sleep 1
+		let counter++
+		if [ "$counter" -ge 60 ]; then
+			$LOG warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE (${DEVICE:-unknown}) aborted" && return 0
+		fi
+	done
+
+	$LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
+
+	mwan3_set_general_iptables
+	mwan3_set_general_rules
+	mwan3_set_iface_iptables
+	mwan3_set_iface_route
+	mwan3_set_iface_rules
+
+	[ $ACTION == "ifup" ] && mwan3_track
+
+	config_foreach mwan3_set_policies_iptables policy
+	config_foreach mwan3_set_user_rules_iptables rule
+}
+
+[ -n "$ACTION" ] || exit 0
+[ -n "$INTERFACE" ] || exit 0
+
+if [ $ACTION == "ifup" ]; then
+	[ -n "$DEVICE" ] || exit 0
+fi
+
+local IP IPT LOG
+
+IP="/usr/sbin/ip -4"
+IPT="/usr/sbin/iptables -t mangle -w"
+LOG="/usr/bin/logger -t mwan3 -p"
+
+case "$ACTION" in
+	ifup|ifdown)
+		mwan3_ifupdown
+		mwan3_set_connected_iptables
+	;;
+esac
+
+exit 0

net/mwan3/files/usr/sbin/mwan3

@@ -0,0 +1,214 @@
+#!/bin/sh
+. /lib/functions.sh
+
+IP="/usr/sbin/ip -4"
+IPT="/usr/sbin/iptables -t mangle -w"
+
+help()
+{                                                                    
+	cat <<EOF                                                                                      
+Syntax: mwan3 [command]                                                                          
+                                                                                                       
+Available commands:                                                                                    
+	start           Load iptables rules, ip rules and ip routes
+	stop            Unload iptables rules, ip rules and ip routes
+	restart         Reload iptables rules, ip rules and ip routes
+        ifup <iface>    Load rules and routes for specific interface
+        ifdown <iface>  Unload rules and routes for specific interface
+        interfaces      Show interfaces status
+        policies        Show policies status
+        rules           Show rules status
+        status          Show all status
+
+EOF
+}
+
+ifdown()
+{
+	if [ -z "$1" ]; then
+		echo "Error: Expecting interface. Usage: mwan3 ifdown <interface>" && exit 0
+	fi
+
+	if [ -n "$2" ]; then
+		echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
+	fi
+
+	if [ -e /var/run/mwan3track-$1.pid ] ; then
+		kill $(cat /var/run/mwan3track-$1.pid)
+		rm /var/run/mwan3track-$1.pid
+	fi
+
+	ACTION=ifdown INTERFACE=$1 /sbin/hotplug-call iface
+}
+
+ifup()
+{
+	local device enabled
+
+	config_load mwan3
+
+	if [ -z "$1" ]; then
+		echo "Expecting interface. Usage: mwan3 ifup <interface>" && exit 0
+	fi
+
+	if [ -n "$2" ]; then
+		echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0
+	fi
+	
+	config_get enabled "$1" enabled 0
+
+	device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
+	
+	if [ -n "$device" ] ; then
+		[ "$enabled" -eq 1 ] && ACTION=ifup INTERFACE=$1 DEVICE=$device /sbin/hotplug-call iface
+	fi
+}
+
+interfaces()
+{
+	local device enabled iface_id tracking
+
+	config_load mwan3
+
+	echo "Interface status:"
+	
+	check_iface_status()
+	{
+		let iface_id++
+		device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
+
+		if [ -z "$device" ]; then
+			echo "Interface $1 is unknown"
+			return 0
+		fi
+
+		config_get enabled "$1" enabled 0
+
+		if [ -n "$(ps -w | grep mwan3track | grep -v grep | sed '/.*\/usr\/sbin\/mwan3track \([^ ]*\) .*$/!d;s//\1/' | awk '$1 == "'$1'"')" ]; then
+			tracking="active"
+		else
+			tracking="down"
+		fi
+
+		if [ -n "$($IP rule | awk '$5 == "'$device'"')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
+			if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
+				echo "Interface $1 is online (tracking $tracking)"
+			else
+				echo "Interface $1 is online"
+			fi
+		elif [ -n "$($IP rule | awk '$5 == "'$device'"')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
+			echo "Interface $1 error"
+		else
+			if [ "$enabled" -eq 1 ]; then
+				if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
+					echo "Interface $1 is offline (tracking $tracking)"
+				else
+					echo "Interface $1 is offline"
+				fi
+			else
+				echo "Interface $1 is disabled"
+			fi
+		fi
+	}
+	config_foreach check_iface_status interface
+	echo -e
+}
+
+policies()
+{
+	local percent policy share total_weight weight iface
+
+	for policy in $($IPT -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
+		echo "Policy $policy:" | sed 's/mwan3_policy_//'
+
+		[ -n "$total_weight" ] || total_weight=$($IPT -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
+
+		if [ ! -z "${total_weight##*[!0-9]*}" ]; then
+			for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
+				weight=$($IPT -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
+				percent=$(($weight*100/$total_weight))
+				echo " $iface ($percent%)"
+			done
+		else
+			echo " $($IPT -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
+		fi
+
+		echo -e
+
+		unset iface
+		unset total_weight
+	done
+}
+rules()
+{
+	if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then
+		echo "Known networks:"
+		echo "destination policy hits" | awk '{ printf "%-19s%-19s%-9s%s\n",$1,$2,$3}' | awk '1; {gsub(".","-")}1'
+		$IPT -L mwan3_connected -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//' | awk '{printf "%-19s%-19s%-9s%s\n",$9,"default",$1}'
+		echo -e
+	fi
+
+	if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then
+		echo "Active rules:"
+		echo "source destination proto src-port dest-port policy hits" | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$1,$2,$3,$4,$5,$6,$7}' | awk '1; {gsub(".","-")}1'
+		$IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//' | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$8,$9,$4,$12,$15,$3,$1}'
+		echo -e
+	fi
+}
+
+status()
+{
+	interfaces
+	policies
+	rules
+}
+
+start()
+{
+	config_load mwan3
+	config_foreach ifup interface
+}
+
+stop()
+{
+	local route rule table
+
+	killall mwan3track &> /dev/null
+	rm /var/run/mwan3track-* &> /dev/null
+
+	for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' |  awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
+		$IP route flush table $route &> /dev/null
+	done
+
+	for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
+		$IP rule del pref $rule &> /dev/null
+	done
+
+	$IPT -D PREROUTING -j mwan3_hook &> /dev/null
+	$IPT -D OUTPUT -j mwan3_hook &> /dev/null
+	$IPT -D OUTPUT -j mwan3_output_hook &> /dev/null
+
+	for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
+		$IPT -F $table &> /dev/null
+	done
+
+	for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
+		$IPT -X $table &> /dev/null
+	done
+}
+
+restart() {
+	stop
+	start
+}
+
+case "$1" in
+	ifup|ifdown|interfaces|policies|rules|status|start|stop|restart)
+		$*
+	;;
+	*)
+		help
+	;;
+esac
+
+exit 0