adblock[18.06]: backport release 3.5.4 to 18.06 branch

Tested with latest 18.06 branch (OpenWrt 18.06-SNAPSHOT,
r7175+5-ca0c649a38)

Signed-off-by: Dirk Brenken <dev@brenken.org>

diff --git a/net/adblock/Makefile b/net/adblock/Makefile
index 2dd63565eb1432ba2c9332764dfa674a0c745ba9..4b199597ea8062a22eacbd5701f604dd2dfedaf1 100644 (file)
--- a/net/adblock/Makefile
+++ b/net/adblock/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=adblock
-PKG_VERSION:=3.5.2
-PKG_RELEASE:=1
+PKG_VERSION:=3.5.4
+PKG_RELEASE:=2
 PKG_LICENSE:=GPL-3.0+
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
 

diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf
index 6cdae471ae823c304e0d46a5cca42623c1dce3c0..a10d158a91b80acb291a949d038fd1fed857a296 100644 (file)
--- a/net/adblock/files/adblock.conf
+++ b/net/adblock/files/adblock.conf
@@ -151,7 +151,7 @@ config source 'spam404'
        option adb_src_desc 'generic blocklist, infrequent updates, approx. 6.000 entries'
        option enabled '0'
 
-config source 'sysctl' 
+config source 'sysctl'
        option adb_src 'http://sysctl.org/cameleon/hosts'
        option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}'
        option adb_src_desc 'broad blocklist, weekly updates, approx. 16.500 entries'
@@ -181,7 +181,7 @@ config source 'whocares'
        option enabled '0'
 
 config source 'winspy'
-       option adb_src 'https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt'
+       option adb_src 'https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt'
        option adb_src_rset '/^0\.0\.0\.0[[:space:]]+([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}'
        option adb_src_desc 'focus on windows spy & telemetry domains, infrequent updates, approx. 300 entries'
        option enabled '0'
@@ -203,3 +203,4 @@ config source 'zeus'
        option adb_src_rset '/^([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}'
        option adb_src_desc 'focus on zeus botnet by abuse.ch, daily updates, approx. 400 entries'
        option enabled '0'
+

diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init
index 33aebbfee3570704662e9d54955c177e1a7eddfe..b3981039fde3a317eed4ab2aef34a905b2b2580b 100755 (executable)
--- a/net/adblock/files/adblock.init
+++ b/net/adblock/files/adblock.init
@@ -32,9 +32,11 @@ start_service()
                 return 0
             fi
         fi
+        local nice="$(uci_get adblock extra adb_nice)"
         procd_open_instance "adblock"
         procd_set_param command "${adb_script}" "${@}"
         procd_set_param pidfile "${adb_pidfile}"
+        procd_set_param nice ${nice:-0}
         procd_set_param stdout 1
         procd_set_param stderr 1
         procd_close_instance

diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh
index d0280b3a0dee7ee7ade00d233f9044b3415911da..e91f8e9d7a7d49936c30303f949cca34c5111299 100755 (executable)
--- a/net/adblock/files/adblock.sh
+++ b/net/adblock/files/adblock.sh
@@ -10,7 +10,7 @@
 #
 LC_ALL=C
 PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="3.5.2"
+adb_ver="3.5.4-2"
 adb_sysver="unknown"
 adb_enabled=0
 adb_debug=0
@@ -35,7 +35,7 @@ adb_rtfile="/tmp/adb_runtime.json"
 adb_hashutil="$(command -v sha256sum)"
 adb_hashold=""
 adb_hashnew=""
-adb_cnt=0
+adb_cnt=""
 adb_rc=0
 adb_action="${1:-"start"}"
 adb_pidfile="/var/run/adblock.pid"
@@ -126,11 +126,8 @@ f_envload()
             adb_dnsdir="${adb_dnsdir:-"/tmp"}"
             adb_dnsheader=""
             adb_dnsdeny="awk '{print \"server=/\"\$0\"/\"}'"
-            if [ ${adb_jail} -eq 1 ]
-            then
-                adb_dnsallow="awk '{print \"server=/\"\$0\"/#\"}'"
-                adb_dnshalt="server=/#/"
-            fi
+            adb_dnsallow="awk '{print \"server=/\"\$0\"/#\"}'"
+            adb_dnshalt="server=/#/"
         ;;
         unbound)
             adb_dnsinstance="${adb_dnsinstance:-"0"}"
@@ -138,11 +135,8 @@ f_envload()
             adb_dnsdir="${adb_dnsdir:-"/var/lib/unbound"}"
             adb_dnsheader=""
             adb_dnsdeny="awk '{print \"local-zone: \042\"\$0\"\042 static\"}'"
-            if [ ${adb_jail} -eq 1 ]
-            then
-                adb_dnsallow="awk '{print \"local-zone: \042\"\$0\"\042 transparent\"}'"
-                adb_dnshalt="local-zone: \".\" static"
-            fi
+            adb_dnsallow="awk '{print \"local-zone: \042\"\$0\"\042 transparent\"}'"
+            adb_dnshalt="local-zone: \".\" static"
         ;;
         named)
             adb_dnsinstance="${adb_dnsinstance:-"0"}"
@@ -150,11 +144,8 @@ f_envload()
             adb_dnsdir="${adb_dnsdir:-"/var/lib/bind"}"
             adb_dnsheader="\$TTL 2h"$'\n'"@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)"$'\n'"  IN NS localhost."
             adb_dnsdeny="awk '{print \"\"\$0\" CNAME .\n*.\"\$0\" CNAME .\"}'"
-            if [ ${adb_jail} -eq 1 ]
-            then
-                adb_dnsallow="awk '{print \"\"\$0\" CNAME rpz-passthru.\n*.\"\$0\" CNAME rpz-passthru.\"}'"
-                adb_dnshalt="* CNAME ."
-            fi
+            adb_dnsallow="awk '{print \"\"\$0\" CNAME rpz-passthru.\n*.\"\$0\" CNAME rpz-passthru.\"}'"
+            adb_dnshalt="* CNAME ."
         ;;
         kresd)
             adb_dnsinstance="${adb_dnsinstance:-"0"}"
@@ -162,11 +153,8 @@ f_envload()
             adb_dnsdir="${adb_dnsdir:-"/etc/kresd"}"
             adb_dnsheader="\$TTL 2h"$'\n'"@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)"$'\n'"  IN NS  localhost."
             adb_dnsdeny="awk '{print \"\"\$0\" CNAME .\n*.\"\$0\" CNAME .\"}'"
-            if [ ${adb_jail} -eq 1 ]
-            then
-                adb_dnsallow="awk '{print \"\"\$0\" CNAME rpz-passthru.\n*.\"\$0\" CNAME rpz-passthru.\"}'"
-                adb_dnshalt="* CNAME ."
-            fi
+            adb_dnsallow="awk '{print \"\"\$0\" CNAME rpz-passthru.\n*.\"\$0\" CNAME rpz-passthru.\"}'"
+            adb_dnshalt="* CNAME ."
         ;;
         dnscrypt-proxy)
             adb_dnsinstance="${adb_dnsinstance:-"0"}"
@@ -174,6 +162,8 @@ f_envload()
             adb_dnsdir="${adb_dnsdir:-"/tmp"}"
             adb_dnsheader=""
             adb_dnsdeny="awk '{print \$0}'"
+            adb_dnsallow=""
+            adb_dnshalt=""
         ;;
     esac
 
@@ -210,9 +200,12 @@ f_envload()
         cnt=$((cnt+1))
     done
 
-    if [ -z "${adb_dns}" ] || [ -z "${adb_dnsdeny}" ] || [ ! -x "$(command -v ${adb_dns})" ] || [ ! -d "${adb_dnsdir}" ]
+    if [ "${dns_up}" != "true" ] || [ -z "${adb_dns}" ] || [ ! -x "$(command -v ${adb_dns})" ]
+    then
+        f_log "err" "'${adb_dns}' not running or not executable"
+    elif [ ! -d "${adb_dnsdir}" ]
     then
-        f_log "err" "'${adb_dns}' not running, DNS backend not found"
+        f_log "err" "'${adb_dnsdir}' backend directory not found"
     fi
 }
 
@@ -270,7 +263,7 @@ f_envcheck()
     f_log "info" "start adblock processing (${adb_action})"
 }
 
-# create temporay files and directories
+# create temporary files and directories
 #
 f_temp()
 {
@@ -286,7 +279,7 @@ f_temp()
     fi
 }
 
-# remove temporay files and directories
+# remove temporary files and directories
 #
 f_rmtemp()
 {
@@ -352,15 +345,11 @@ f_count()
     adb_cnt=0
     if [ -s "${adb_dnsdir}/${adb_dnsfile}" ] && ([ -z "${mode}" ] || [ "${mode}" = "final" ])
     then
+        adb_cnt="$(( $(wc -l 2>/dev/null < "${adb_dnsdir}/${adb_dnsfile}") - $(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.add_whitelist") ))"
         if [ "${adb_dns}" = "named" ] || [ "${adb_dns}" = "kresd" ]
         then
-            adb_cnt="$(( ($(wc -l 2>/dev/null < "${adb_dnsdir}/${adb_dnsfile}") - $(printf '%s' "${adb_dnsheader}" | grep -c "^")) / 2 ))"
-        else
-            adb_cnt="$(wc -l 2>/dev/null < "${adb_dnsdir}/${adb_dnsfile}")"
+            adb_cnt="$(( (${adb_cnt} - $(printf '%s' "${adb_dnsheader}" | grep -c "^")) / 2 ))"
         fi
-    elif [ "${mode}" = "whitelist" ] && [ -s "${adb_tmpdir}/tmp.whitelist" ]
-    then
-        adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.whitelist")"
     elif [ -s "${adb_tmpfile}" ]
     then
         adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpfile}")"
@@ -371,7 +360,7 @@ f_count()
 #
 f_extconf()
 {
-    local uci_config
+    local uci_config port port_list="53 853 5353"
 
     case "${adb_dns}" in
         dnsmasq)
@@ -406,20 +395,24 @@ f_extconf()
 
     uci_config="firewall"
     if [ ${adb_enabled} -eq 1 ] && [ ${adb_forcedns} -eq 1 ] && \
-       [ -z "$(uci -q get firewall.adblock_dns)" ] && [ $(/etc/init.d/firewall enabled; printf '%u' ${?}) -eq 0 ]
+       [ -z "$(uci -q get firewall.adblock_dns_53)" ] && [ $(/etc/init.d/firewall enabled; printf '%u' ${?}) -eq 0 ]
     then
-               uci -q batch <<-EOF
-                       set firewall.adblock_dns="redirect"
-                       set firewall.adblock_dns.name="Adblock DNS"
-                       set firewall.adblock_dns.src="lan"
-                       set firewall.adblock_dns.proto="tcp udp"
-                       set firewall.adblock_dns.src_dport="53"
-                       set firewall.adblock_dns.dest_port="53"
-                       set firewall.adblock_dns.target="DNAT"
-               EOF
-    elif [ -n "$(uci -q get firewall.adblock_dns)" ] && ([ ${adb_enabled} -eq 0 ] || [ ${adb_forcedns} -eq 0 ])
+        for port in ${port_list}
+        do
+            uci_add firewall "redirect" "adblock_dns_${port}"
+            uci_set firewall "adblock_dns_${port}" "name" "Adblock DNS, port ${port}"
+            uci_set firewall "adblock_dns_${port}" "src" "lan"
+            uci_set firewall "adblock_dns_${port}" "proto" "tcp udp"
+            uci_set firewall "adblock_dns_${port}" "src_dport" "${port}"
+            uci_set firewall "adblock_dns_${port}" "dest_port" "${port}"
+            uci_set firewall "adblock_dns_${port}" "target" "DNAT"
+        done
+    elif [ -n "$(uci -q get firewall.adblock_dns_53)" ] && ([ ${adb_enabled} -eq 0 ] || [ ${adb_forcedns} -eq 0 ])
     then
-        uci -q delete firewall.adblock_dns
+        for port in ${port_list}
+        do
+            uci_remove firewall "adblock_dns_${port}"
+        done
     fi
     f_uci "${uci_config}"
 }
@@ -545,12 +538,20 @@ f_list()
             adb_tmpfile="${adb_tmpdir}/${adb_dnsfile}"
         ;;
         final)
-            if [ -s "${adb_tmpdir}/tmp.whitelist" ]
+            > "${adb_dnsdir}/${adb_dnsfile}"
+
+            if [ -s "${adb_tmpdir}/tmp.add_whitelist" ]
             then
-                grep -vf "${adb_tmpdir}/tmp.whitelist" "${adb_tmpdir}/${adb_dnsfile}" | eval "${adb_dnsdeny}" > "${adb_dnsdir}/${adb_dnsfile}"
+                cat "${adb_tmpdir}/tmp.add_whitelist" >> "${adb_dnsdir}/${adb_dnsfile}"
+            fi
+
+            if [ -s "${adb_tmpdir}/tmp.rem_whitelist" ]
+            then
+                grep -vf "${adb_tmpdir}/tmp.rem_whitelist" "${adb_tmpdir}/${adb_dnsfile}" | eval "${adb_dnsdeny}" >> "${adb_dnsdir}/${adb_dnsfile}"
             else
-                eval "${adb_dnsdeny}" "${adb_tmpdir}/${adb_dnsfile}" > "${adb_dnsdir}/${adb_dnsfile}"
+                eval "${adb_dnsdeny}" "${adb_tmpdir}/${adb_dnsfile}" >> "${adb_dnsdir}/${adb_dnsfile}"
             fi
+
             if [ ${?} -eq 0 ] && [ -n "${adb_dnsheader}" ]
             then
                 printf '%s\n' "${adb_dnsheader}" | cat - "${adb_dnsdir}/${adb_dnsfile}" > "${adb_tmpdir}/${adb_dnsfile}"
@@ -670,7 +671,7 @@ f_switch()
 #
 f_query()
 {
-    local search result field=1 domain="${1}" tld="${1#*.}"
+    local search result prefix suffix field domain="${1}" tld="${1#*.}"
 
     if [ -z "${domain}" ] || [ "${domain}" = "${tld}" ]
     then
@@ -678,16 +679,35 @@ f_query()
     else
         case "${adb_dns}" in
             dnsmasq)
+                prefix=".*[\/\.]"
+                suffix="(\/)"
                 field=2
             ;;
             unbound)
+                prefix=".*[\"\.]"
+                suffix="(static)"
                 field=3
             ;;
+            named)
+                prefix="[^\*].*[\.]"
+                suffix="( \.)"
+                field=1
+            ;;
+            kresd)
+                prefix="[^\*].*[\.]"
+                suffix="( \.)"
+                field=1
+            ;;
+            dnscrypt-proxy)
+                prefix=".*[\.]"
+                suffix=""
+                field=1
+            ;;
         esac
         while [ "${domain}" != "${tld}" ]
         do
             search="${domain//./\.}"
-            result="$(awk -F '/|\"| ' "/^($search|[^\*].*[\/\"\. ]+${search})/{i++;{printf(\"  + %s\n\",\$${field})};if(i>9){printf(\"  + %s\n\",\"[...]\");exit}}" "${adb_dnsdir}/${adb_dnsfile}")"
+            result="$(awk -F '/|\"| ' "/^($search|${prefix}+${search}.*${suffix}$)/{i++;{printf(\"  + %s\n\",\$${field})};if(i>9){printf(\"  + %s\n\",\"[...]\");exit}}" "${adb_dnsdir}/${adb_dnsfile}")"
             printf '%s\n' "::: results for domain '${domain}'"
             printf '%s\n' "${result:-"  - no match"}"
             domain="${tld}"
@@ -700,16 +720,21 @@ f_query()
 #
 f_jsnup()
 {
-    local bg_pid rundate="$(/bin/date "+%d.%m.%Y %H:%M:%S")" status="${1:-"enabled"}" mode="normal mode" no_mail=0
+    local bg_pid rundate status="${1:-"enabled"}" mode="normal mode" no_mail=0
 
     if [ ${adb_rc} -gt 0 ]
     then
         status="error"
+        rundate="$(/bin/date "+%d.%m.%Y %H:%M:%S")"
     fi
     if [ ${adb_enabled} -eq 0 ]
     then
         status="disabled"
     fi
+    if [ "${status}" = "enabled" ]
+    then
+        rundate="$(/bin/date "+%d.%m.%Y %H:%M:%S")"
+    fi
     if [ "${status}" = "suspend" ]
     then
         status="paused"
@@ -719,28 +744,36 @@ f_jsnup()
         no_mail=1
         status="enabled"
     fi
-    if [ "${status}" = "enabled" ]
-    then
-        f_count
-    fi
-
     if [ ${adb_backup_mode} -eq 1 ]
     then
         mode="backup mode"
     fi
 
-    if [ -z "${adb_fetchinfo}" ] && [ -s "${adb_rtfile}" ]
+    if [ -s "${adb_rtfile}" ]
     then
         json_load "$(cat "${adb_rtfile}" 2>/dev/null)"
         json_select data
-        json_get_var adb_fetchinfo "fetch_utility"
+
+        if [ -z "${adb_fetchinfo}" ] && [ -s "${adb_rtfile}" ]
+        then
+            json_get_var adb_fetchinfo "fetch_utility"
+        fi
+        if [ -z "${rundate}" ]
+        then
+            json_get_var rundate "last_rundate"
+        fi
+        if [ -z "${adb_cnt}" ]
+        then
+            json_get_var adb_cnt "overall_domains"
+            adb_cnt="${adb_cnt%% *}"
+        fi
     fi
 
     json_init
     json_add_object "data"
     json_add_string "adblock_status" "${status}"
     json_add_string "adblock_version" "${adb_ver}"
-    json_add_string "overall_domains" "${adb_cnt} (${mode})"
+    json_add_string "overall_domains" "${adb_cnt:-0} (${mode})"
     json_add_string "fetch_utility" "${adb_fetchinfo:-"-"}"
     json_add_string "dns_backend" "${adb_dns} (${adb_dnsdir})"
     json_add_string "last_rundate" "${rundate:-"-"}"
@@ -770,7 +803,7 @@ f_log()
         then
             f_rmdns
             f_jsnup
-            logger -p "${class}" -t "adblock-[${adb_ver}]" "Please also check 'https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md' (${adb_sysver})"
+            logger -p "${class}" -t "adblock-[${adb_ver}]" "Please also check 'https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md'"
             exit 1
         fi
     fi
@@ -787,29 +820,33 @@ f_main()
     tmp_load="${adb_tmpload}"
     tmp_file="${adb_tmpfile}"
     > "${adb_dnsdir}/.${adb_dnsfile}"
-    > "${adb_tmpdir}/tmp.whitelist"
+    > "${adb_tmpdir}/tmp.raw_whitelist"
+    > "${adb_tmpdir}/tmp.add_whitelist"
+    > "${adb_tmpdir}/tmp.rem_whitelist"
     f_log "debug" "f_main ::: dns: ${adb_dns}, fetch_util: ${adb_fetchinfo}, backup: ${adb_backup}, backup_mode: ${adb_backup_mode}, dns_jail: ${adb_jail}, force_srt: ${adb_forcesrt}, force_dns: ${adb_forcedns}, mem_total: ${mem_total:-0}, mem_free: ${mem_free:-0}, max_queue: ${adb_maxqueue}"
 
     # prepare whitelist entries
     #
     if [ -s "${adb_whitelist}" ]
     then
+        adb_whitelist_rset="/^([^([:space:]|\#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
+        awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.raw_whitelist"
+        f_tld "${adb_tmpdir}/tmp.raw_whitelist"
+
         adb_whitelist_rset="/^([^([:space:]|\#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{gsub(\"\\\.\",\"\\\.\",\$1);print tolower(\"^\"\$1\"\\\|\\\.\"\$1)}"
-        awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.whitelist"
-        f_list whitelist
-        if [ ${adb_jail} -eq 1 ] && [ "${adb_dns}" != "dnscrypt-proxy" ]
+        awk "${adb_whitelist_rset}" "${adb_tmpdir}/tmp.raw_whitelist" > "${adb_tmpdir}/tmp.rem_whitelist"
+
+        if [ -n "${adb_dnsallow}" ]
         then
-            adb_whitelist_rset="/^([^([:space:]|\#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
-            awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.dnsjail"
+            eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw_whitelist" > "${adb_tmpdir}/tmp.add_whitelist"
         fi
     fi
 
     # build 'dnsjail' list
     #
-    if [ ${adb_jail} -eq 1 ] && [ "${adb_dns}" != "dnscrypt-proxy" ]
+    if [ ${adb_jail} -eq 1 ]
     then
-        f_tld "${adb_tmpdir}/tmp.dnsjail"
-        eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.dnsjail" > "/tmp/${adb_dnsjail}"
+        cat "${adb_tmpdir}/tmp.add_whitelist" > "/tmp/${adb_dnsjail}"
         printf '%s\n' "${adb_dnshalt}" >> "/tmp/${adb_dnsjail}"
         if [ -n "${adb_dnsheader}" ]
         then