Merge branch 'v1.4' into v1.5

docs/Bridge_Mode.md

@@ -62,10 +62,40 @@ LibreCMC device's MAC address, so you don't have trouble finding it.
 
 ![alt text](images/librecmc-switch-lan-to-dhcp.png)
 
-## Adjusting the firewall...?
+## Advanced
 
-To make a more consistent look in the your LibreCMC interface, you
-could go into Network >> Firewall and do things like deleting WAN
-zones or disabling NAT masquerading. But since the ports are bridged,
-it isn't necessary, and it will only make it more work to switch back
-out of "bridge mode" if you want to later.
+These adjustments are not required, but they lead to a configuration
+which will be more consistent and have cleaner logs.
+
+### Disabling odhcpd (DHCP daemon)
+
+In bridge mode, you aren't going to want to serve DHCP out any
+interface. So you might as well just shut down the whole DHCP
+server. Log in via SSH, and run the commands:
+
+```
+/etc/init.d/odhcpd stop
+/etc/init.d/odhcpd disable
+```
+
+### Delete the WAN(6) interfaces
+
+From `Network` >> `Interfaces`, you can delete the WAN and WAN6
+interfaces. See also the "Add a LAN6 interface" section below.
+
+### Delete the WAN Firewall Zone
+
+From `Network` >> `Firewall` you can delete the WAN zone. If you do
+need a WAN firewall, then you should not be running in bridge mode in
+the first place.
+
+### Add a LAN6 Interface
+
+If you have IPv6 access, you will want an interface which receives an
+IPv6 address. From `Network` >> `Interfaces` create a new interface
+called `LAN6` with `Protocol` set to `DHCPv6 client`.
+
+You will likely also want to disable `odhcpd` (see above). Otherwise
+your logs can get filled up with unnecessary IPv6 related messages, as
+libreCMC tries to act like an IPv6 router. `odhcpd` normally handles
+DHCPv6 as well as IPv6 Router Advertisements.

docs/GL-AR300M.md

@@ -1,4 +1,4 @@
-# GL-INet AR300M
+# GL.iNet AR300M
 
 ## Hardware Specs
 
@@ -8,7 +8,7 @@
 
 ## Flashing from factory
 
-### Using GL-Inet's U-boot-mod and web UI
+### Using GL.iNet's U-boot-mod and web UI
 
 1) Set computer IP address to 192.168.1.2
 
@@ -37,7 +37,9 @@
 
 * This router is dual flash and stock uboot attempts to boot nand flash first.
 
-* NOR flash uses .bin image and Nand flash uses .img image.
+* NOR flash uses .bin image and NAND flash uses .img image.
+
+* Use librecmc-ar71xx-nand-gl-ar300m-squashfs-sysupgrade.tar to update NAND installations
 
 * Default router ip is 192.168.10.1
 

package/libs/mbedtls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.7.0
+PKG_VERSION:=2.8.0
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
 PKG_SOURCE_URL:=https://tls.mbed.org/download/
-PKG_HASH:=2c6fe289b4b50bf67b4839e81b07fcf52a19f5129d0241d2aa4d49cb1ef11e4f
+PKG_HASH:=649eb27187154590edda52943a7f468e740ec08807e5bf68ff45f4e8ffd68923
 
 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0+

package/libs/mbedtls/patches/200-config.patch

@@ -91,7 +91,7 @@
  
  /**
   * \def MBEDTLS_ENTROPY_NV_SEED
-@@ -1056,14 +1056,14 @@
+@@ -1057,14 +1057,14 @@
   * Uncomment this macro to disable the use of CRT in RSA.
   *
   */
@@ -108,7 +108,7 @@
  
  /**
   * \def MBEDTLS_SHA256_SMALLER
-@@ -1079,7 +1079,7 @@
+@@ -1080,7 +1080,7 @@
   *
   * Uncomment to enable the smaller implementation of SHA256.
   */
@@ -117,7 +117,7 @@
  
  /**
   * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
-@@ -1206,7 +1206,7 @@
+@@ -1207,7 +1207,7 @@
   *          configuration of this extension).
   *
   */
@@ -126,7 +126,7 @@
  
  /**
   * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-@@ -1380,8 +1380,8 @@
+@@ -1381,8 +1381,8 @@
   * callbacks are provided by MBEDTLS_SSL_TICKET_C.
   *
   * Comment this macro to disable support for SSL session tickets
@@ -136,7 +136,7 @@
  
  /**
   * \def MBEDTLS_SSL_EXPORT_KEYS
-@@ -1411,7 +1411,7 @@
+@@ -1412,7 +1412,7 @@
   *
   * Comment this macro to disable support for truncated HMAC in SSL
   */
@@ -144,8 +144,8 @@
 +//#define MBEDTLS_SSL_TRUNCATED_HMAC
  
  /**
-  * \def MBEDTLS_THREADING_ALT
-@@ -1445,8 +1445,8 @@
+  * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
+@@ -1470,8 +1470,8 @@
   * Requires: MBEDTLS_VERSION_C
   *
   * Comment this to disable run-time checking and save ROM space
@@ -155,7 +155,7 @@
  
  /**
   * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-@@ -1773,7 +1773,7 @@
+@@ -1801,7 +1801,7 @@
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
   */
@@ -164,7 +164,7 @@
  
  /**
   * \def MBEDTLS_CCM_C
-@@ -1787,7 +1787,7 @@
+@@ -1815,7 +1815,7 @@
   * This module enables the AES-CCM ciphersuites, if other requisites are
   * enabled as well.
   */
@@ -173,7 +173,7 @@
  
  /**
   * \def MBEDTLS_CERTS_C
-@@ -1799,7 +1799,7 @@
+@@ -1827,7 +1827,7 @@
   *
   * This module is used for testing (ssl_client/server).
   */
@@ -182,7 +182,7 @@
  
  /**
   * \def MBEDTLS_CIPHER_C
-@@ -1852,7 +1852,7 @@
+@@ -1880,7 +1880,7 @@
   *
   * This module provides debugging functions.
   */
@@ -191,7 +191,7 @@
  
  /**
   * \def MBEDTLS_DES_C
-@@ -1881,7 +1881,7 @@
+@@ -1909,7 +1909,7 @@
   * \warning   DES is considered a weak cipher and its use constitutes a
   *            security risk. We recommend considering stronger ciphers instead.
   */
@@ -200,7 +200,7 @@
  
  /**
   * \def MBEDTLS_DHM_C
-@@ -2042,8 +2042,8 @@
+@@ -2070,8 +2070,8 @@
   * Requires: MBEDTLS_MD_C
   *
   * Uncomment to enable the HMAC_DRBG random number geerator.
@@ -210,7 +210,7 @@
  
  /**
   * \def MBEDTLS_MD_C
-@@ -2337,7 +2337,7 @@
+@@ -2365,7 +2365,7 @@
   * Caller:  library/md.c
   *
   */
@@ -219,7 +219,7 @@
  
  /**
   * \def MBEDTLS_RSA_C
-@@ -2421,8 +2421,8 @@
+@@ -2449,8 +2449,8 @@
   * Caller:
   *
   * Requires: MBEDTLS_SSL_CACHE_C
@@ -229,7 +229,7 @@
  
  /**
   * \def MBEDTLS_SSL_COOKIE_C
-@@ -2443,8 +2443,8 @@
+@@ -2471,8 +2471,8 @@
   * Caller:
   *
   * Requires: MBEDTLS_CIPHER_C
@@ -239,7 +239,7 @@
  
  /**
   * \def MBEDTLS_SSL_CLI_C
-@@ -2543,8 +2543,8 @@
+@@ -2571,8 +2571,8 @@
   * Module:  library/version.c
   *
   * This module provides run-time version information.
@@ -249,7 +249,7 @@
  
  /**
   * \def MBEDTLS_X509_USE_C
-@@ -2654,7 +2654,7 @@
+@@ -2682,7 +2682,7 @@
   * Module:  library/xtea.c
   * Caller:
   */

package/libs/openssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
-PKG_BUGFIX:=n
+PKG_BUGFIX:=o
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
 
-PKG_HASH:=370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe
+PKG_HASH:=ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE

package/luci/applications/luci-app-shellinabox/Makefile

@@ -0,0 +1,54 @@
+#
+# Copyright (C) 2017 Robert Call <bob@bobcall.me>
+#
+# You may redistribute this program and/or modify it under the terms of
+# the GNU General Public License as published by the Free Software Foundation,
+# either version 3 of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-shellinabox
+PKG_VERSION:=0.1
+PKG_RELEASE:=4
+
+PKG_LICENSE:=GPL-3.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/luci-app-shellinabox
+	SECTION:=luci
+	CATEGORY:=LuCI
+	SUBMENU:=3. Applications
+	TITLE:=Shell in a box integration
+	URL:=
+	MAINTAINER:=Robert Call <bob@bobcall.me>
+	DEPENDS:=+shellinabox
+endef
+
+define Package/luci-app-shellinabox/description
+	This package adds terminal integration into luci to make
+	router maintanance easier for those new to GNU/Linux or
+	don't have access to a GNU/Linux box.
+
+endef
+
+define Build/Compile
+endef
+
+define Package/luci-app-shellinabox/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/luci
+	$(INSTALL_DIR) $(1)/www/static
+	$(CP) ./luasrc/* $(1)/usr/lib/lua/luci
+	$(CP) ./files/terminal.png $(1)/www/static/terminal.png
+endef
+
+$(eval $(call BuildPackage,luci-app-shellinabox))

package/luci/applications/luci-app-shellinabox/luasrc/controller/shellinabox.lua

@@ -0,0 +1,4 @@
+module("luci.controller.shellinabox", package.seeall)  --notice that new_tab is the name of the file new_tab.lua
+ function index()
+     entry({"admin", "system", "tab_from_view"}, template("shellinabox/view_tab"), "Terminal", 2)  --this adds the second sub-tab that is located in <luci-path>/luci-myapplication/view/myapp-mymodule and the file is called view_tab.htm, also set to the second position
+end

package/luci/applications/luci-app-shellinabox/luasrc/model/cbi/shellinabox/cbi_tab.lua

@@ -0,0 +1,4 @@
+m = Map("cbi_file", translate("First Tab Form"), translate("Please fill out the form below")) -- cbi_file is the config file in /etc/config
+d = m:section(TypedSection, "info", "Part A of the form")  -- info is the section called info in cbi_file
+a = d:option(Value, "name", "Name"); a.optional=false; a.rmempty = false;  -- name is the option in the cbi_file
+return m

package/luci/applications/luci-app-shellinabox/luasrc/view/shellinabox/view_tab.htm

@@ -0,0 +1,3 @@
+<%+header%>                                                                    
+<a href="http://192.168.10.1:4200"><img src="/static/terminal.png"></a>
+<%+footer%>

package/network/services/openvpn/Makefile

@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=3
+PKG_VERSION:=2.4.5
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \
 	https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
+PKG_HASH:=43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch

@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1336,7 +1336,7 @@ const char *
+@@ -1394,7 +1394,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];

package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch

@@ -1,15 +1,17 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1068,62 +1068,15 @@ dnl
+@@ -1077,68 +1077,15 @@ dnl
  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
 -    if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
 -	# if the user did not explicitly specify flags, try to autodetect
 -	PKG_CHECK_MODULES([LZ4],
--			  [liblz4 >= 1.7.1],
+-			  [liblz4 >= 1.7.1 liblz4 < 100],
 -			  [have_lz4="yes"],
--			  [] # If this fails, we will do another test next
+-			  [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
+-					     # We also add set LZ4_LIBS otherwise the
+-					     # linker will not know about the lz4 library
 -	)
 -    fi
 
@@ -47,20 +49,24 @@
 -	fi
 -    fi
 -
--    # if LZ4_LIBS is set, we assume it will work, otherwise test
--    if test -z "${LZ4_LIBS}"; then
+-    # Double check we have a few needed functions
+-    if test "${have_lz4}" = "yes" ; then
 -	AC_CHECK_LIB([lz4],
--		     [LZ4_compress],
--		     [LZ4_LIBS="-llz4"],
+-		     [LZ4_compress_default],
+-		     [],
+-		     [have_lz4="no"])
+-	AC_CHECK_LIB([lz4],
+-		     [LZ4_decompress_safe],
+-		     [],
 -		     [have_lz4="no"])
 -    fi
 -
 -    if test "${have_lz4}" != "yes" ; then
--	AC_MSG_RESULT([		usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+-	AC_MSG_RESULT([		usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 -	AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 -	LZ4_LIBS=""
 -    fi
-+    AC_MSG_RESULT([		usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++    AC_MSG_RESULT([		usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 +    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 +    LZ4_LIBS=""
      OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"

package/network/services/shellinabox/Makefile

@@ -0,0 +1,64 @@
+# 
+# Copyright (C) 2006-2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# Initial port of shellinabox to OpenWrt - Jan Jaeger 25-MAR-2010
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shellinabox
+PKG_VERSION:=2.10
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=HEAD
+PKG_SOURCE_URL:=https://github.com/OnionIoT/shellinabox.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)
+PKG_SOURCE:=$(PKG_NAME).tar.gz
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+
+#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+#PKG_SOURCE_URL:=http://shellinabox.googlecode.com/files
+#PKG_MD5SUM:=0e144910d85d92edc54702ab9c46f032
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shellinabox
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=Shell In A Box
+	DEPENDS:= zlib
+	URL:=http://shellinabox.googlecode.com
+endef
+
+define Package/shellinabox/description
+Web based AJAX terminal emulator
+endef
+
+define Build/Configure
+	$(call Build/Configure/Default)
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		$(TARGET_CONFIGURE_OPTS) \
+		CFLAGS="$(TARGET_CFLAGS)" \
+		BINDIR="/usr/sbin" \
+		all
+endef
+
+define Package/shellinabox/install
+	# install the binary
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/shellinaboxd $(1)/usr/sbin/
+	# install the init.d file
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME)
+	# install the css file
+	$(INSTALL_DIR) $(1)/usr/lib/shellinabox
+	$(INSTALL_BIN) ./files/style.css $(1)/usr/lib/shellinabox/style.css
+endef
+
+$(eval $(call BuildPackage,shellinabox))

package/network/services/shellinabox/files/shellinabox.init

@@ -0,0 +1,17 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2010 OpenWrt.org
+
+# enable auto start of this daemon
+START=99
+
+USE_PROCD=1
+PROG=/usr/sbin/shellinaboxd
+
+start_service() {
+        procd_open_instance
+        procd_set_param command $PROG -t --service=/:LOGIN --css /usr/lib/shellinabox/style.css
+        # disable automatic respawn - allow daemon to be turned off
+	#procd_set_param respawn                                                                   
+        procd_close_instance   
+}
+ 

package/network/services/shellinabox/files/style.css

@@ -0,0 +1,24 @@
+#vt100 #cursor.bright {
+  background-color: white;
+  color:            black;
+}
+
+#vt100 #scrollable {
+  color:            #ffffff;
+  background-color: #000000;
+}
+
+#vt100 #scrollable.inverted {
+  color:            #000000;
+  background-color: #ffffff;
+}
+
+#vt100 .ansi15 {
+  color:            #000000;
+}
+
+#vt100 .bgAnsi0 {
+  background-color: #ffffff;
+}
+
+

package/network/services/shellinabox/old/000-makefile-arch.patch

@@ -0,0 +1,22 @@
+diff -Naur shellinabox-2.10.orig/Makefile.am shellinabox-2.10/Makefile.am
+--- shellinabox-2.10.orig/Makefile.am	2009-11-18 17:55:52.000000000 +0100
++++ shellinabox-2.10/Makefile.am	2010-03-25 14:16:03.000000000 +0100
+@@ -107,6 +107,7 @@
+ objcopyflags         = case "$(host_cpu)" in                                  \
+                          i[0-9]86) echo '-O elf32-i386 -B i386';;             \
+                          x86_64)   echo '-O elf64-x86-64 -B i386:x86-64';;    \
++                         mips*)    echo '-O elf32-tradbigmips -B mips:isa32';; \
+                          arm*)     echo '-O elf32-littlearm -B arm';;         \
+                        esac
+ 
+diff -Naur shellinabox-2.10.orig/Makefile.in shellinabox-2.10/Makefile.in
+--- shellinabox-2.10.orig/Makefile.in	2009-11-21 23:47:39.000000000 +0100
++++ shellinabox-2.10/Makefile.in	2010-03-25 14:16:28.000000000 +0100
+@@ -371,6 +371,7 @@
+ objcopyflags = case "$(host_cpu)" in                                  \
+                          i[0-9]86) echo '-O elf32-i386 -B i386';;             \
+                          x86_64)   echo '-O elf64-x86-64 -B i386:x86-64';;    \
++                         mips*)    echo '-O elf32-tradbigmips -B mips:isa32';; \
+                          arm*)     echo '-O elf32-littlearm -B arm';;         \
+                        esac
+ 

package/network/services/shellinabox/old/001-makefile-objcopy.patch

@@ -0,0 +1,105 @@
+diff -Naur shellinabox-2.10.orig/Makefile.am shellinabox-2.10/Makefile.am
+--- shellinabox-2.10.orig/Makefile.am	2010-03-25 19:30:55.000000000 +0100
++++ shellinabox-2.10/Makefile.am	2010-03-25 19:53:49.000000000 +0100
+@@ -218,23 +218,23 @@
+                 debian/tmp
+ 
+ .css.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .gif.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .html.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .ico.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ shellinabox/shell_in_a_box.o: shellinabox/shell_in_a_box.js config.h
+@@ -249,12 +249,12 @@
+ 	     "$<" >"$@"
+ 
+ .js.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .wav.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+diff -Naur shellinabox-2.10.orig/Makefile.in shellinabox-2.10/Makefile.in
+--- shellinabox-2.10.orig/Makefile.in	2010-03-25 19:30:55.000000000 +0100
++++ shellinabox-2.10/Makefile.in	2010-03-25 19:54:21.000000000 +0100
+@@ -1231,23 +1231,23 @@
+                 debian/tmp
+ 
+ .css.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .gif.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .html.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .ico.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ shellinabox/shell_in_a_box.o: shellinabox/shell_in_a_box.js config.h
+@@ -1262,13 +1262,13 @@
+ 	     "$<" >"$@"
+ 
+ .js.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ .wav.o:
+-	@echo objcopy "$<" "$@"
+-	@objcopy -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
++	@echo $(OBJCOPY) "$<" "$@"
++	@$(OBJCOPY) -I binary `$(objcopyflags)` `echo "$<" | $(renamesymbols)`   \
+ 	  "$<" "$@"
+ 
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.

package/network/services/shellinabox/old/002-httpconn-isnan.patch

@@ -0,0 +1,20 @@
+--- shellinabox-2.10.orig/libhttp/httpconnection.c      2015-09-25 10:55:38.350974827 +0000
++++ shellinabox-2.10/libhttp/httpconnection.c   2015-09-25 10:56:23.462944723 +0000
+@@ -69,6 +69,17 @@
+ #define max(a, b) ({ typeof(a) _a = (a); typeof(b) _b = (b);                  \
+                      _a > _b ? _a : _b; })
+ 
++#undef isnan
++#ifndef isnan
++# define isnan(x) \
++    (sizeof (x) == sizeof (long double) ? isnan_ld (x) \
++     : sizeof (x) == sizeof (double) ? isnan_d (x) \
++     : isnan_f (x))
++static inline int isnan_f  (float       x) { return x != x; }
++static inline int isnan_d  (double      x) { return x != x; }
++static inline int isnan_ld (long double x) { return x != x; }
++#endif
++
+ #include "libhttp/httpconnection.h"
+ #include "logging/logging.h"
+ 

package/network/services/shellinabox/old/readme

@@ -0,0 +1,5 @@
+Files here are patches required to get shellinabox-2.10 from Google Code to compile in OpenWRT buildroot
+
+These fixes have been integrated into the code in the Onion shellinabox repo
+
+

package/system/opkg/Makefile

@@ -1,32 +1,32 @@
 #
 # Copyright (C) 2006-2015 OpenWrt.org
-# Copyright (C) 2016-2017 LEDE Project
+# Copyright (C) 2016 LEDE Project
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
+include $(INCLUDE_DIR)/version.mk
+include $(INCLUDE_DIR)/feeds.mk
 
 PKG_NAME:=opkg
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_FLAGS:=essential
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.openwrt.org/project/opkg-lede.git
-PKG_SOURCE_DATE:=2017-12-07
-PKG_SOURCE_VERSION:=3b417b9f41b4ceb5912d82f867dd5534e5675b5c
-PKG_MIRROR_HASH:=1c9c21e56186345d0034d15051c1d9c5ebb5aa6658d6ae8886d8403207a914a3
+PKG_SOURCE_URL:=https://git.lede-project.org/project/opkg-lede.git
+PKG_SOURCE_DATE:=2017-12-08
+PKG_SOURCE_VERSION:=9f61f7acf3845d2e09675b49fec5d783d57eb780
+PKG_MIRROR_HASH:=3e70d78e92f73e0848a75cfd74762656a4172b6d71369b9e2717dc57acf39cbf
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
 
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 
-# Extend depends from version.mk
-PKG_CONFIG_DEPENDS += \
-	CONFIG_SIGNED_PACKAGES \
-	CONFIG_TARGET_INIT_PATH
+PKG_FLAGS := nonshared
+PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH
 
 PKG_BUILD_PARALLEL:=1
 HOST_BUILD_PARALLEL:=1
@@ -43,7 +43,7 @@ define Package/opkg
   CATEGORY:=Base system
   TITLE:=opkg package manager
   DEPENDS:=+uclient-fetch +libpthread +libubox
-  URL:=$(PKG_SOURCE_URL)
+  URL:=https://git.lede-project.org/?p=project/opkg-lede.git
   MENU:=1
 endef
 
@@ -86,6 +86,8 @@ define Package/opkg/install
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DATA) ./files/customfeeds.conf $(1)/etc/opkg/customfeeds.conf
 	$(INSTALL_DATA) ./files/opkg$(2).conf $(1)/etc/opkg.conf
+	$(call FeedSourcesAppend,$(1)/etc/opkg/distfeeds.conf)
+	$(VERSION_SED) $(1)/etc/opkg/distfeeds.conf
 	$(INSTALL_BIN) ./files/20_migrate-feeds $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/opkg-cl $(1)/bin/opkg
   ifneq ($(CONFIG_SIGNED_PACKAGES),)

package/system/procd/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=procd
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
+PKG_SOURCE_URL=$(LEDE_GIT)/project/procd.git
 PKG_SOURCE_DATE:=2018-01-23
-PKG_SOURCE_VERSION:=653629f19e591a0827ab39de07b4526bb119a57a
-PKG_MIRROR_HASH:=2e0c3ae45521eea456a8411c8d9ef19ed9a5ed6c0ab38b9496555625fb4ba6a2
+PKG_SOURCE_VERSION:=9a4036fb1b7412ab2ea4f360d2cc7e6a5e0fa6b5
+PKG_MIRROR_HASH:=bc500e2afe76fc0ce591900ddc5d68b33092841229a835699abc1e3455fc4499
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=GPL-2.0
@@ -22,9 +22,11 @@ PKG_LICENSE_FILES:=
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 
+PKG_FLAGS:=nonshared
+
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_TARGET_INIT_PATH CONFIG_KERNEL_SECCOMP \
-	CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS \
+	CONFIG_NAND_SUPPORT CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS \
 	CONFIG_KERNEL_NAMESPACES CONFIG_PACKAGE_procd-ujail CONFIG_PACKAGE_procd-seccomp
 
 include $(INCLUDE_DIR)/package.mk
@@ -40,7 +42,7 @@ TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lrt)
 define Package/procd
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=+ubusd +ubus +libjson-script +ubox +USE_GLIBC:librt +libubox +libubus
+  DEPENDS:=+ubusd +ubus +libjson-script +ubox +USE_GLIBC:librt +libubox +libubus +NAND_SUPPORT:procd-nand
   TITLE:=OpenWrt system process manager
 endef
 
@@ -58,6 +60,20 @@ define Package/procd-seccomp
   TITLE:=OpenWrt process seccomp helper + utrace
 endef
 
+define Package/procd-nand
+  SECTION:=utils
+  CATEGORY:=Utilities
+  DEPENDS:=@NAND_SUPPORT +ubi-utils
+  TITLE:=OpenWrt sysupgrade nand helper
+endef
+
+define Package/procd-nand-firstboot
+  SECTION:=utils
+  CATEGORY:=Utilities
+  DEPENDS:=procd-nand
+  TITLE:=OpenWrt firstboot nand helper
+endef
+
 define Package/procd/config
 menu "Configuration"
 	depends on PACKAGE_procd
@@ -75,6 +91,10 @@ endmenu
 endef
 
 
+ifeq ($(CONFIG_NAND_SUPPORT),y)
+  CMAKE_OPTIONS += -DBUILD_UPGRADED=1
+endif
+
 ifeq ($(CONFIG_PROCD_SHOW_BOOT),y)
   CMAKE_OPTIONS += -DSHOW_BOOT_ON_CONSOLE=1
 endif
@@ -93,7 +113,7 @@ CMAKE_OPTIONS += -DSECCOMP_SUPPORT=$(SECCOMP) -DUTRACE_SUPPORT=$(SECCOMP)
 define Package/procd/install
 	$(INSTALL_DIR) $(1)/sbin $(1)/etc $(1)/lib/functions
 
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{init,procd,askfirst,udevtrigger,upgraded} $(1)/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{init,procd,askfirst,udevtrigger} $(1)/sbin/
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libsetlbf.so $(1)/lib
 	$(INSTALL_BIN) ./files/reload_config $(1)/sbin/
 	$(INSTALL_DATA) ./files/hotplug*.json $(1)/etc/
@@ -109,10 +129,25 @@ define Package/procd-seccomp/install
 	$(INSTALL_DIR) $(1)/sbin $(1)/lib
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so $(1)/lib
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/utrace $(1)/sbin/
-	$(LN) utrace $(1)/sbin/seccomp-trace
+	ln -s utrace $(1)/sbin/seccomp-trace
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-trace.so $(1)/lib
 endef
 
+define Package/procd-nand/install
+	$(INSTALL_DIR) $(1)/sbin $(1)/lib/upgrade
+
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/upgraded $(1)/sbin/
+	$(INSTALL_DATA) ./files/nand.sh $(1)/lib/upgrade/
+endef
+
+define Package/procd-nand-firstboot/install
+	$(INSTALL_DIR) $(1)/lib/preinit
+
+	$(INSTALL_DATA) ./files/nand-preinit.sh $(1)/lib/preinit/60-nand-firstboot.sh
+endef
+
 $(eval $(call BuildPackage,procd))
 $(eval $(call BuildPackage,procd-ujail))
 $(eval $(call BuildPackage,procd-seccomp))
+$(eval $(call BuildPackage,procd-nand))
+$(eval $(call BuildPackage,procd-nand-firstboot))

package/system/procd/files/hotplug-preinit.json

@@ -8,11 +8,11 @@
 					[ "load-firmware", "/lib/firmware" ],
 					[ "return" ]
 				]
-			]
-		]
-	} ],
+			],
+		],
+	}, ],
 	[ "if",
 		[ "eq", "SUBSYSTEM", "button" ],
 		[ "exec", "/etc/rc.button/failsafe" ]
-	]
+	],
 ]

package/system/procd/files/hotplug.json

@@ -4,27 +4,27 @@
 			[ "if",
 				[ "and",
 					[ "has", "MAJOR" ],
-					[ "has", "MINOR" ]
+					[ "has", "MINOR" ],
 				],
 				[
 					[ "if",
 						[ "eq", "DEVNAME",
-							[ "null", "full", "ptmx", "zero", "tty", "net", "random", "urandom" ]
+							[ "null", "full", "ptmx", "zero", "tty", "net", "random", "urandom" ],
 						],
 						[
 							[ "makedev", "/dev/%DEVNAME%", "0666" ],
-							[ "return" ]
+							[ "return" ],
 						]
 					],
 					[ "if",
 						[ "regex", "DEVNAME", "^snd" ],
-						[ "makedev", "/dev/%DEVNAME%", "0660", "audio" ]
+						[ "makedev", "/dev/%DEVNAME%", "0660", "audio" ],
 					],
 					[ "if",
 						[ "has", "DEVNAME" ],
-						[ "makedev", "/dev/%DEVNAME%", "0600" ]
-					]
-				]
+						[ "makedev", "/dev/%DEVNAME%", "0600" ],
+					],
+				],
 			],
 			[ "if",
 				[ "has", "FIRMWARE" ],
@@ -33,14 +33,14 @@
 					[ "load-firmware", "/lib/firmware" ],
 					[ "return" ]
 				]
-			]
+			],
 		],
 		"remove" : [
 			[ "if",
 				[ "and",
 					[ "has", "DEVNAME" ],
 					[ "has", "MAJOR" ],
-					[ "has", "MINOR" ]
+					[ "has", "MINOR" ],
 				],
 				[ "rm", "/dev/%DEVNAME%" ]
 			]
@@ -49,7 +49,7 @@
 	[ "if",
 		[ "and",
 			[ "has", "BUTTON" ],
-			[ "eq", "SUBSYSTEM", "button" ]
+			[ "eq", "SUBSYSTEM", "button" ],
 		],
 		[ "button", "/etc/rc.button/%BUTTON%" ]
 	],
@@ -65,5 +65,5 @@
 			[ "isdir", "/etc/hotplug.d/%SUBSYSTEM%" ],
 			[ "exec", "/sbin/hotplug-call", "%SUBSYSTEM%" ]
 		]
-	]
+	],
 ]

package/system/procd/files/procd.sh

@@ -33,25 +33,11 @@
 #   Send a signal to a service instance (or all instances)
 #
 
-. "$IPKG_INSTROOT/usr/share/libubox/jshn.sh"
+. $IPKG_INSTROOT/usr/share/libubox/jshn.sh
 
 PROCD_RELOAD_DELAY=1000
 _PROCD_SERVICE=
 
-procd_lock() {
-	local basescript=$(readlink "$initscript")
-	local service_name="$(basename ${basescript:-$initscript})"
-
-	flock -n 1000 &> /dev/null
-	if [ "$?" != "0" ]; then
-		exec 1000>"$IPKG_INSTROOT/var/lock/procd_${service_name}.lock"
-		flock 1000
-		if [ "$?" != "0" ]; then
-			logger "warning: procd flock for $service_name failed"
-		fi
-	fi
-}
-
 _procd_call() {
 	local old_cb
 
@@ -61,7 +47,6 @@ _procd_call() {
 }
 
 _procd_wrapper() {
-	procd_lock
 	while [ -n "$1" ]; do
 		eval "$1() { _procd_call _$1 \"\$@\"; }"
 		shift
@@ -94,9 +79,6 @@ _procd_close_service() {
 	_procd_open_trigger
 	service_triggers
 	_procd_close_trigger
-	_procd_open_data
-	service_data
-	_procd_close_data
 	_procd_ubus_call ${1:-set}
 }
 
@@ -152,18 +134,6 @@ _procd_close_trigger() {
 	json_close_array
 }
 
-_procd_open_data() {
-	let '_procd_data_open = _procd_data_open + 1'
-	[ "$_procd_data_open" -gt 1 ] && return
-	json_add_object "data"
-}
-
-_procd_close_data() {
-	let '_procd_data_open = _procd_data_open - 1'
-	[ "$_procd_data_open" -lt 1 ] || return
-	json_close_object
-}
-
 _procd_open_validate() {
 	json_select ..
 	json_add_array "validate"
@@ -243,7 +213,7 @@ _procd_set_param() {
 			json_add_string "" "$@"
 			json_close_array
 		;;
-		nice|term_timeout)
+		nice)
 			json_add_int "$type" "$1"
 		;;
 		reload_signal)
@@ -413,10 +383,6 @@ _procd_send_signal() {
 	local instance="$2"
 	local signal="$3"
 
-	case "$signal" in
-		[A-Z]*)	signal="$(kill -l "$signal" 2>/dev/null)" || return 1;;
-	esac
-
 	json_init
 	json_add_string name "$service"
 	[ -n "$instance" -a "$instance" != "*" ] && json_add_string instance "$instance"