Merge 365e7063a3 into 4628b6bd43

p910nd: set bidi only if not already set
Closes #23774 Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-27 03:11:56 +02:00 · 2024-04-26 14:53:06 -07:00 · 2024-04-26 17:03:33 +02:00 · 2024-04-23 09:31:31 +03:00
11 changed files with 335 additions and 29 deletions
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=banip
 PKG_VERSION:=0.9.5
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@ -15,7 +15,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 | adguard             | adguard IPs                    |         |         |    x    | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists)        |
 | adguardtrackers     | adguardtracker IPs             |         |         |    x    | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists)        |
 | antipopads          | antipopads IPs                 |         |         |    x    | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists)        |
-| asn                 | ASN segments                   |         |         |    x    | tcp: 80, 443 | [Link](https://asn.ipinfo.app)                               |
+| asn                 | ASN segments                   |    x    |    x    |    x    |              | [Link](https://asn.ipinfo.app)                               |
 | backscatterer       | backscatterer IPs              |    x    |    x    |         |              | [Link](https://www.uceprotect.net/en/index.php)              |
 | becyber             | malicious attacker IPs         |    x    |    x    |         |              | [Link](https://github.com/duggytuxy/malicious_ip_addresses)  |
 | binarydefense       | binary defense banlist         |    x    |    x    |         |              | [Link](https://iplists.firehol.org/?ipset=bds_atif)          |
@ -114,7 +114,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
 * If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
 * Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
-* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
+* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs, see the options reference table below

 ## banIP CLI interface
 * All important banIP functions are accessible via CLI.
@ -428,12 +428,12 @@ A valid JSON source object contains the following information, e.g.:
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "tor exit nodes",
-		"flag": "tcp 80-89 443"
+		"flag": "gz tcp 80-88 udp 50000"
 	},
 	[...]
 ```
 Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.  
-Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations.  
+Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.  

 ## Support
 Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -595,24 +595,30 @@ f_etag() {
 # build initial nft file with base table, chains and rules
 #
 f_nftinit() {
-	local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc allow_proto allow_dport flag file="${1}"
+	local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc flag tmp_proto tmp_port allow_dport file="${1}"

 	wan_dev="$(printf "%s" "${ban_dev}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
 	[ -n "${ban_vlanallow}" ] && vlan_allow="$(printf "%s" "${ban_vlanallow%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
 	[ -n "${ban_vlanblock}" ] && vlan_block="$(printf "%s" "${ban_vlanblock%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"

 	for flag in ${ban_allowflag}; do
-		if [ -z "${allow_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
-			allow_proto="${flag}"
-		elif [ -n "${allow_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${allow_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
-			if [ -z "${allow_dport}" ]; then
-				allow_dport="${flag}"
-			else
-				allow_dport="${allow_dport}, ${flag}"
+		if [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
+			if [ -z "${tmp_proto}" ]; then
+				tmp_proto="${flag}"
+			elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
+				tmp_proto="${tmp_proto}, ${flag}"
+			fi
+		elif [ -n "${flag//[![:digit]-]/}" ]; then
+			if [ -z "${tmp_port}" ]; then
+				tmp_port="${flag}"
+			elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
+				tmp_port="${tmp_port}, ${flag}"
 			fi
 		fi
 	done
-	[ -n "${allow_dport}" ] && allow_dport="${allow_proto} dport { ${allow_dport} }"
+	if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
+		allow_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
+	fi

 	if [ "${ban_logprerouting}" = "1" ]; then
 		log_icmp="log level ${ban_nftloglevel} prefix \"banIP/pre-icmp/drop: \""
@ -697,7 +703,7 @@ f_nftinit() {
 #
 f_down() {
 	local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc
-	local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_proto feed_dport feed_target
+	local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_target feed_dport tmp_proto tmp_port flag
 	local feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"

 	start_ts="$(date +%s)"
@ -756,19 +762,25 @@ f_down() {
 	# prepare feed flags
 	#
 	for flag in ${feed_flag}; do
-		if [ "${flag}" = "gz" ] && ! printf "%s" "${feed_comp}" | "${ban_grepcmd}" -qw "${flag}"; then
+		if [ "${flag}" = "gz" ]; then
 			feed_comp="${flag}"
-		elif [ -z "${feed_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
-			feed_proto="${flag}"
-		elif [ -n "${feed_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${feed_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
-			if [ -z "${feed_dport}" ]; then
-				feed_dport="${flag}"
-			else
-				feed_dport="${feed_dport}, ${flag}"
+		elif [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
+			if [ -z "${tmp_proto}" ]; then
+				tmp_proto="${flag}"
+			elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
+				tmp_proto="${tmp_proto}, ${flag}"
+			fi
+		elif [ -n "${flag//[![:digit]-]/}" ]; then
+			if [ -z "${tmp_port}" ]; then
+				tmp_port="${flag}"
+			elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
+				tmp_port="${tmp_port}, ${flag}"
 			fi
 		fi
 	done
-	[ -n "${feed_dport}" ] && feed_dport="${feed_proto} dport { ${feed_dport} }"
+	if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
+		feed_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
+	fi

 	# chain/rule maintenance
 	#
--- a/net/banip/files/banip.feeds
+++ b/net/banip/files/banip.feeds
@ -36,8 +36,7 @@
 		"url_6": "https://asn.ipinfo.app/api/text/list/",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
-		"descr": "ASN IP segments",
-		"flag": "tcp 80 443"
+		"descr": "ASN IP segments"
 	},
 	"backscatterer":{
 		"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",
--- a/net/p910nd/Makefile
+++ b/net/p910nd/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=p910nd
 PKG_VERSION:=0.97
-PKG_RELEASE:=13
+PKG_RELEASE:=14

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/p910nd
--- a/net/p910nd/files/p910nd.hotplug
+++ b/net/p910nd/files/p910nd.hotplug
@ -281,8 +281,7 @@ get_and_store_printer_info() {
 		[ "$DEBUG" ] && echo ${MFG:+MFG=$MFG} ${MDL:+MDL=$MDL} ${CMD:+CMD=$CMD} ${CLS:+CLS=$CLS} ${DES:+DES=$DES} ${SN:+SN=$SN}

 		[ "$DEBUG" ] && echo 'uci set' for UCI_DEV_CFG_NUMBER: $UCI_DEV_CFG_NUMBER
-		# Take the USB info as fact: set bidir regardless. It seems to be a source of confusion.
-		eval "$uqsddu_cmd.bidirectional='$BIDIR'"
+		[ -z "$(eval "$uqgddu_cmd".bidirectional)" ] && eval "$uqsddu_cmd.bidirectional='$BIDIR'"
 		[ -z "$(eval "$uqgddu_cmd".port)" ] && eval "$uqsddu_cmd.port='0'"
 		[ -z "$(eval "$uqgddu_cmd".enabled)" ] && eval "$uqsddu_cmd.enabled='1'"
 		[ -z "$(eval "$uqgddu_cmd".usbvidpid)" ] && [ -n "$THIS_USB_VIDPID" ] && eval "$uqsddu_cmd.usbvidpid='$THIS_USB_VIDPID'"
--- a/net/sftp-server/Makefile
+++ b/net/sftp-server/Makefile
@ -0,0 +1,44 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=sftp-server
+PKG_VERSION:=2
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/ewxrjk/sftpserver.git
+PKG_SOURCE_DATE:=2024-04-17
+PKG_SOURCE_VERSION:=454309adcd99e3253f106f1f634e800e4d098b18
+PKG_MIRROR_HASH:=9590f6c0d4defe820eed8f359f5f782cd87801ca40c2c2f0d160e521bc80dc3b
+
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/sftp-server
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=SSH
+  TITLE:=Green End SFTP Server
+  CONFLICTS:=openssh-sftp-server
+  URL:=http://www.greenend.org.uk/rjk/sftpserver/
+endef
+
+define Package/sftp-server/description
+ This is an SFTP server supporting up to protocol version 6.
+ It is possible to use it as a drop-in replacement
+ for the OpenSSH server.
+endef
+
+CONFIGURE_ARGS += --libexecdir=/usr/libexec
+
+define Package/sftp-server/install
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/libexec/gesftpserver $(1)/usr/libexec/sftp-server
+endef
+
+$(eval $(call BuildPackage,sftp-server))
--- a/net/sftp-server/patches/110-fix-autoconf-warnings.patch
+++ b/net/sftp-server/patches/110-fix-autoconf-warnings.patch
@ -0,0 +1,83 @@
+From 234709884c84896511d5d5d52f5f7926b44ca6ad Mon Sep 17 00:00:00 2001
+From: Andy Pan <andypan@ntuosc.org>
+Date: Wed, 6 Sep 2023 14:12:03 +0800
+Subject: [PATCH] Eliminate autoconf warnings
+
+---
+ acinclude.m4 | 20 ++++++++++----------
+ configure.ac |  6 +++---
+ 2 files changed, 13 insertions(+), 13 deletions(-)
+
+--- a/acinclude.m4
+++ b/acinclude.m4
+@@ -120,10 +120,10 @@ $suppress \
+   fi
+   AC_CACHE_CHECK([whether <inttypes.h> macros produce warnings],
+                  [rjk_cv_inttypeswarnings],[
+-    AC_TRY_COMPILE([#include <stddef.h>
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stddef.h>
+ #include <stdio.h>
+-#include <inttypes.h>],
+-                   [uint64_t x=0;size_t sz=0;printf("%"PRIu64" %zu\n", x, sz);],
+#include <inttypes.h>]],[
+                   [uint64_t x=0;size_t sz=0;printf("%"PRIu64" %zu\n", x, sz);]])],
+                    [rjk_cv_inttypeswarnings=no],
+                    [rjk_cv_inttypeswarnings=yes])
+   ])
+@@ -144,16 +144,16 @@ AC_DEFUN([RJK_GTKFLAGS],[
+ AC_DEFUN([RJK_STAT_TIMESPEC],[
+   AC_CACHE_CHECK([for timespec style in struct stat],[rjk_cv_stat_timespec],[
+     rjk_cv_stat_timespec=none
+-    AC_TRY_COMPILE([#include <sys/stat.h>],[
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/stat.h>]],[[
+       struct stat sb;
+       sb.st_atim.tv_sec = 0;
+       (void)sb;
+-    ],[rjk_cv_stat_timespec=POSIX])
+-    AC_TRY_COMPILE([#include <sys/stat.h>],[
+    ]])],[rjk_cv_stat_timespec=POSIX],[])
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/stat.h>]],[[
+       struct stat sb;
+       sb.st_atimespec.tv_sec = 0;
+       (void)sb;
+-    ],[rjk_cv_stat_timespec=BSD])
+    ]])],[rjk_cv_stat_timespec=BSD],[])
+   ])
+   case "$rjk_cv_stat_timespec" in
+   BSD )
+@@ -243,12 +243,12 @@ AC_DEFUN([RJK_SIZE_MAX],[
+   AC_CHECK_SIZEOF([size_t])
+   AC_CHECK_HEADERS([stdint.h])
+   AC_CACHE_CHECK([for SIZE_MAX],[rjk_cv_size_max],[
+-    AC_TRY_COMPILE([#include <limits.h>
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <limits.h>
+                     #include <stddef.h>
+                     #if HAVE_STDINT_H
+                     # include <stdint.h>
+-                    #endif],
+-                   [size_t x = SIZE_MAX;++x;],
+                    #endif]],
+                   [[size_t x = SIZE_MAX;++x;]])],
+                    [rjk_cv_size_max=yes],
+                    [rjk_cv_size_max=no])
+   ])
+--- a/configure.ac
+++ b/configure.ac
+@@ -17,14 +17,14 @@
+ # USA
+ 
+ # Process this file with autoconf to produce a configure script.
+-AC_INIT(sftpserver, 2, rjk@greenend.org.uk)
+AC_INIT([sftpserver],[2],[rjk@greenend.org.uk])
+ AC_CONFIG_AUX_DIR([config.aux])
+ AM_INIT_AUTOMAKE([foreign])
+ AC_CONFIG_SRCDIR([alloc.c])
+-AM_CONFIG_HEADER([config.h])
+AC_CONFIG_HEADERS([config.h])
+ 
+ AC_PROG_CC
+-AC_SET_MAKE
+AC_PROG_MAKE_SET
+ 
+ #AC_PROG_LIBTOOL
+ #AC_LIBTOOL_DLOPEN
--- a/net/sftp-server/patches/120-fix-for-old-libedit.patch
+++ b/net/sftp-server/patches/120-fix-for-old-libedit.patch
@ -0,0 +1,21 @@
+From b5113a1a3fd72dca5d358ce8c8c7f387f7f9356b Mon Sep 17 00:00:00 2001
+From: Andy Pan <andy0130tw@yahoo.com.tw>
+Date: Mon, 13 Nov 2023 01:09:56 +0800
+Subject: [PATCH] Fix config script where rl_copy_text is not found in old
+ libedit.
+
+ref. https://github.com/gphoto/gphoto2/issues/381
+---
+ configure.ac | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/configure.ac
+++ b/configure.ac
+@@ -41,6 +41,7 @@ AC_CHECK_LIB([socket],[socket])
+ AC_CHECK_LIB([readline],[readline],
+              [AC_SUBST([LIBREADLINE],[-lreadline])
+               AC_DEFINE([HAVE_READLINE],[1],[define if you have a readline library])])
+AC_CHECK_LIB([readline],[rl_copy_text])
+ RJK_ICONV
+ AC_DEFINE([_GNU_SOURCE], [1], [required for e.g. strsignal])
+ AC_C_INLINE
--- a/net/sftp-server/patches/130-fix-locale-issue.patch
+++ b/net/sftp-server/patches/130-fix-locale-issue.patch
@ -0,0 +1,21 @@
+From 5b944c94527555457ee76815351d50a662892929 Mon Sep 17 00:00:00 2001
+From: Andy Pan <andy0130tw@yahoo.com.tw>
+Date: Mon, 13 Nov 2023 01:13:35 +0800
+Subject: [PATCH] Do not print char >= 0x7f even if isprint returns nonzero
+
+... which is seemingly caused by `setlocale(LC_CTYPE, "");`
+---
+ debug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/debug.c
+++ b/debug.c
+@@ -75,7 +75,7 @@ void sftp_debug_hexdump(const void *ptr,
+     output += 2;
+     for(j = 0; j < 16; ++j)
+       if(i + j < n)
+-        *output++ = isprint(p[i + j]) ? p[i + j] : '.';
+        *output++ = (isprint(p[i + j]) && p[i + j] < 0x7f) ? p[i + j] : '.';
+     *output++ = '\n';
+     *output = 0;
+     fputs(buffer, debugfp);
--- a/net/sftp-server/patches/140-add-websocat-support.patch
+++ b/net/sftp-server/patches/140-add-websocat-support.patch
@ -0,0 +1,127 @@
+From 1c589910e6726bfc2d01ec01092ae744174f7219 Mon Sep 17 00:00:00 2001
+From: Andy Pan <andy0130tw@yahoo.com.tw>
+Date: Thu, 16 Nov 2023 03:25:04 +0800
+Subject: [PATCH] Add an option --websocat in SFTP server
+
+---
+ configure.ac |  2 +-
+ send.c       |  8 ++++++++
+ sftpclient.c |  3 +++
+ sftpserver.c | 19 +++++++++++++++++++
+ sftpserver.h |  7 +++++++
+ 5 files changed, 38 insertions(+), 1 deletion(-)
+
+--- a/configure.ac
+++ b/configure.ac
+@@ -41,7 +41,7 @@ AC_CHECK_LIB([socket],[socket])
+ AC_CHECK_LIB([readline],[readline],
+              [AC_SUBST([LIBREADLINE],[-lreadline])
+               AC_DEFINE([HAVE_READLINE],[1],[define if you have a readline library])])
+-AC_CHECK_LIB([readline],[rl_copy_text])
+AC_CHECK_LIB([readline],[rl_copy_text],[true])
+ RJK_ICONV
+ AC_DEFINE([_GNU_SOURCE], [1], [required for e.g. strsignal])
+ AC_C_INLINE
+--- a/send.c
+++ b/send.c
+@@ -93,6 +93,14 @@ void sftp_send_end(struct worker *w) {
+     D(("%s:", sendtype));
+     sftp_debug_hexdump(w->buffer + 4, w->bufused - 4);
+   }
+
+  if (websocat_compatible) {
+    uint32_t buf_prefix = htonl(w->bufused);
+    if ((n = write(sftpout, &buf_prefix, 4)) != 4) {
+      sftp_fatal("error sending response prefix: %s", strerror(errno));
+    }
+  }
+
+   /* Write the whole buffer, coping with short writes */
+   written = 0;
+   while((size_t)written < w->bufused)
+--- a/sftpclient.c
+++ b/sftpclient.c
+@@ -132,6 +132,9 @@ static int forceversion;
+ 
+ static char *sftp_realpath(const char *path);
+ 
+/* used in server; unused in client. */
+int websocat_compatible;
+
+ enum {
+   OPT_QUIRK_REVERSE_SYMLINK = 256,
+   OPT_STOP_ON_ERROR,
+--- a/sftpserver.c
+++ b/sftpserver.c
+@@ -82,8 +82,14 @@ static const struct queuedetails workque
+ const struct sftpprotocol *protocol = &sftp_preinit;
+ const char sendtype[] = "response";
+ 
+int websocat_compatible;
+
+ /* Options */
+ 
+enum {
+  OPT_WEBSOCAT_COMPATIBLE = 256,
+};
+
+ static const struct option options[] = {
+     {"help", no_argument, 0, 'h'},
+     {"version", no_argument, 0, 'V'},
+@@ -99,6 +105,7 @@ static const struct option options[] = {
+     {"ipv4", no_argument, 0, '4'},
+     {"ipv6", no_argument, 0, '6'},
+ #endif
+    {"websocat", no_argument, 0, OPT_WEBSOCAT_COMPATIBLE},
+     {"readonly", no_argument, 0, 'R'},
+     {0, 0, 0, 0}};
+ 
+@@ -121,6 +128,7 @@ static void attribute((noreturn)) help(v
+                "  -4|-6                    Force IPv4 or IPv6 for --listen\n"
+                "  --background, -b         Daemonize\n"
+ #endif
+               "  --websocat               Transmit length-prefixed messages\n"
+                "  --readonly, -R           Read-only mode\n");
+   exit(0);
+ }
+@@ -498,6 +506,9 @@ int main(int argc, char **argv) {
+     case 'C':
+       config = optarg;
+       break;
+    case OPT_WEBSOCAT_COMPATIBLE:
+      websocat_compatible = 1;
+      break;
+     default:
+       exit(1);
+     }
+@@ -664,6 +675,14 @@ static void sftp_service(void) {
+   umask(0);
+   while(sftp_state_get() != sftp_state_stop &&
+         !sftp_xread(0, &len, sizeof len)) {
+
+    if (websocat_compatible) {
+      /* discard the prefix and read again */
+      if (sftp_xread(0, &len, sizeof len)) {
+        break;
+      }
+    }
+
+     job = sftp_xmalloc(sizeof *job);
+     job->len = ntohl(len);
+     if(!job->len || job->len > MAXREQUEST)
+--- a/sftpserver.h
+++ b/sftpserver.h
+@@ -57,6 +57,13 @@
+ #    define NTHREADS 4
+ #  endif
+ 
+/* If true, operate in websocat-compatible mode.
+   For use in conjunction with "lengthprefix:" overlay in websocat.
+   See websocat's doc for detail.
+   Prefix all outgoing messages with their length in uint32BE.
+   Also expect incoming messages to be formatted in the same way. */
+extern int websocat_compatible;
+
+ /** @brief Send an @ref SSH_FXP_STATUS message
+  * @param job Job
+  * @param status Status code
Author	SHA1	Message	Date
Oskari Rauta	29298b2d31	Merge `365e7063a3` into `4628b6bd43`	2024-04-27 03:11:56 +02:00
Paul Donald	4628b6bd43	p910nd: set bidi only if not already set Closes #23774 Signed-off-by: Paul Donald <newtwen+github@gmail.com>	2024-04-26 14:53:06 -07:00
Dirk Brenken	2c6d5adac0	banip: update 0.9.5-3 * allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000' * removed the default protocol/port limitation from asn feed Signed-off-by: Dirk Brenken <dev@brenken.org>	2024-04-26 17:03:33 +02:00
Oskari Rauta	365e7063a3	sftp-server: add package sftp-server is a lightweight sftp-server which can be used if user wants to avoid -O when using scp and installing openssh-sftp-server. sftp-server can be used as a drop-in replacement for openssh-sftp-server while it isn't as feature rich. sftp-server is also known as Green End sftpserver. Package uses git instead of release/tag because tagged versions were quite out-dated. I also added some patches from forked repositories which either provide small fixes, for example, to autoconf script - or add features, such as socat support. sftp-server is minimal comparing disk space needed by openssh-sftp-server. And it does not have depencies. Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>	2024-04-23 09:31:31 +03:00