Merge branch 'backfire' into xburst

2024-11-23 23:16:16 +02:00 · 2010-08-13 10:55:42 +00:00 · 2010-08-13 10:55:42 +00:00 · be475875bd
commit be475875bd
parent 80fd8664da 74a83bbdb2
17 changed files with 296 additions and 75 deletions
--- a/package/6in4/Makefile
+++ b/package/6in4/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=6in4
-PKG_VERSION:=3
+PKG_VERSION:=4
 PKG_RELEASE:=1

 include $(INCLUDE_DIR)/package.mk
--- a/package/6in4/files/6in4.sh
+++ b/package/6in4/files/6in4.sh
@ -2,13 +2,13 @@
 # Copyright (c) 2010 OpenWrt.org

 find_6in4_wanif() {
-	local if=$(ip -4 r l e 0/0); if="${if#default via * dev }"; if="${if%% *}"
+	local if=$(ip -4 r l e 0/0); if="${if#default* dev }"; if="${if%% *}"
 	[ -n "$if" ] && grep -qs "^ *$if:" /proc/net/dev && echo "$if"
 }

 find_6in4_wanip() {
 	local ip=$(ip -4 a s dev "$1"); ip="${ip#*inet }"
-	echo "${ip%%/[0-9]* brd *}"
+	echo "${ip%%[^0-9.]*}"
 }

 # Hook into scan_interfaces() to synthesize a .device option
--- a/package/kernel/modules/video.mk
+++ b/package/kernel/modules/video.mk
@ -11,7 +11,7 @@ VIDEO_MENU:=Video Support
 define KernelPackage/video-core
  SUBMENU:=$(VIDEO_MENU)
  TITLE=Video4Linux support
-  DEPENDS:=@PCI_SUPPORT||USB_SUPPORT
+  DEPENDS:=@PCI_SUPPORT||USB_SUPPORT +kmod-i2c-core
  KCONFIG:= \
 	CONFIG_MEDIA_SUPPORT=m \
 	CONFIG_VIDEO_DEV \
@ -99,7 +99,7 @@ $(eval $(call KernelPackage,video-ov511))


 define KernelPackage/video-ovcamchip
-$(call KernelPackage/video/Depends,@LINUX_2_6 @USB_SUPPORT +kmod-i2c-core)
+$(call KernelPackage/video/Depends,@LINUX_2_6 @USB_SUPPORT +kmod-usb-core)
  TITLE:=OV6xxx/OV7xxx Camera Chip support
  KCONFIG:=CONFIG_VIDEO_OVCAMCHIP
  FILES:=$(LINUX_DIR)/drivers/media/video/ovcamchip/ovcamchip.$(LINUX_KMOD_SUFFIX)
@ -150,7 +150,7 @@ endef
 $(eval $(call KernelPackage,video-pwc))

 define KernelPackage/video-uvc
-$(call KernelPackage/video/Depends,@LINUX_2_6 @USB_SUPPORT +kmod-usb-core)
+$(call KernelPackage/video/Depends,@LINUX_2_6 @USB_SUPPORT +kmod-usb-core +!TARGET_x86:kmod-input-core)
  TITLE:=USB Video Class (UVC) support
  KCONFIG:= CONFIG_USB_VIDEO_CLASS
  FILES:=$(LINUX_DIR)/drivers/media/video/uvc/uvcvideo.$(LINUX_KMOD_SUFFIX)
--- a/package/uhttpd/Makefile
+++ b/package/uhttpd/Makefile
@ -8,9 +8,10 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=uhttpd
-PKG_RELEASE:=11
+PKG_RELEASE:=14

 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+PKG_BUILD_DEPENDS := libcyassl liblua

 include $(INCLUDE_DIR)/package.mk

--- a/package/uhttpd/files/uhttpd.config
+++ b/package/uhttpd/files/uhttpd.config
@ -12,6 +12,11 @@ config uhttpd main
 	# Server document root
 	option home		/www

+	# Reject requests from RFC1918 IP addresses
+	# directed to the servers public IP(s).
+	# This is a DNS rebinding countermeasure.
+	option rfc1918_filter 1
+
 	# Certificate and private key for HTTPS.
 	# If no listen_https addresses are given,
 	# the key options are ignored.
--- a/package/uhttpd/files/uhttpd.init
+++ b/package/uhttpd/files/uhttpd.init
@ -17,6 +17,17 @@ append_arg() {
 	[ -n "$val" -o -n "$def" ] && append UHTTPD_ARGS "$opt ${val:-$def}"
 }

+append_bool() {
+	local cfg="$1"
+	local var="$2"
+	local opt="$3"
+	local def="$4"
+	local val
+
+	config_get_bool val "$cfg" "$var" "$def"
+	[ "$val" = 1 ] && append UHTTPD_ARGS "$opt"
+}
+
 generate_keys() {
 	local cfg="$1"
 	local key="$2"
@ -34,11 +45,7 @@ generate_keys() {
 		$PX5G_BIN selfsigned -der \
 			-days ${days:-730} -newkey rsa:${bits:-1024} -keyout "$UHTTPD_KEY" -out "$UHTTPD_CERT" \
 			-subj /C=${country:-DE}/ST=${state:-Saxony}/L=${location:-Leipzig}/CN=${commonname:-OpenWrt}
-	} || {
-		echo "WARNING: the specified certificate and key" \
-			"files do not exist and the px5g generator" \
-			"is not available, skipping SSL setup."
-	}	
+	}
 }

 start_instance()
@ -59,6 +66,12 @@ start_instance()
 	append_arg "$cfg" lua_handler "-L"
 	append_arg "$cfg" script_timeout "-t"
 	append_arg "$cfg" network_timeout "-T"
+	append_arg "$cfg" error_page "-E"
+	append_arg "$cfg" index_page "-I"
+
+	append_bool "$cfg" no_symlinks "-S" 0
+	append_bool "$cfg" no_dirlists "-D" 0
+	append_bool "$cfg" rfc1918_filter "-R" 0

 	config_get http "$cfg" listen_http
 	for listen in $http; do
--- a/package/uhttpd/src/uhttpd-cgi.c
+++ b/package/uhttpd/src/uhttpd-cgi.c
@ -234,6 +234,17 @@ void uh_cgi_request(struct client *cl, struct http_request *req, struct path_inf
 				if( pi->info )
 					setenv("PATH_INFO", pi->info, 1);

+				/* REDIRECT_STATUS, php-cgi wants it */
+				switch( req->redirect_status )
+				{
+					case 404:
+						setenv("REDIRECT_STATUS", "404", 1);
+						break;
+
+					default:
+						setenv("REDIRECT_STATUS", "200", 1);
+						break;
+				}

 				/* http version */
 				if( req->version > 1.0 )
--- a/package/uhttpd/src/uhttpd-file.c
+++ b/package/uhttpd/src/uhttpd-file.c
@ -29,7 +29,7 @@
 static const char * uh_file_mime_lookup(const char *path)
 {
 	struct mimetype *m = &uh_mime_types[0];
-	char *e;
+	const char *e;

 	while( m->extn )
 	{
@ -97,36 +97,39 @@ static char * uh_file_header_lookup(struct http_request *req, const char *name)
 	return NULL;
 }

+#define ensure_ret(x) \
+	do { if( x < 0 ) return; } while(0)
+
 static void uh_file_response_ok_hdrs(struct client *cl, struct http_request *req, struct stat *s)
 {
-	uh_http_sendf(cl, NULL, "Connection: close\r\n");
+	ensure_ret(uh_http_sendf(cl, NULL, "Connection: close\r\n"));

 	if( s )
 	{
-		uh_http_sendf(cl, NULL, "ETag: %s\r\n", uh_file_mktag(s));
-		uh_http_sendf(cl, NULL, "Last-Modified: %s\r\n", uh_file_unix2date(s->st_mtime));
+		ensure_ret(uh_http_sendf(cl, NULL, "ETag: %s\r\n", uh_file_mktag(s)));
+		ensure_ret(uh_http_sendf(cl, NULL, "Last-Modified: %s\r\n", uh_file_unix2date(s->st_mtime)));
 	}

-	uh_http_sendf(cl, NULL, "Date: %s\r\n", uh_file_unix2date(time(NULL)));
+	ensure_ret(uh_http_sendf(cl, NULL, "Date: %s\r\n", uh_file_unix2date(time(NULL))));
 }

 static void uh_file_response_200(struct client *cl, struct http_request *req, struct stat *s)
 {
-	uh_http_sendf(cl, NULL, "HTTP/%.1f 200 OK\r\n", req->version);
+	ensure_ret(uh_http_sendf(cl, NULL, "HTTP/%.1f 200 OK\r\n", req->version));
 	uh_file_response_ok_hdrs(cl, req, s);
 }

 static void uh_file_response_304(struct client *cl, struct http_request *req, struct stat *s)
 {
-	uh_http_sendf(cl, NULL, "HTTP/%.1f 304 Not Modified\r\n", req->version);
+	ensure_ret(uh_http_sendf(cl, NULL, "HTTP/%.1f 304 Not Modified\r\n", req->version));
 	uh_file_response_ok_hdrs(cl, req, s);
 }

 static void uh_file_response_412(struct client *cl, struct http_request *req)
 {
-	uh_http_sendf(cl, NULL,
+	ensure_ret(uh_http_sendf(cl, NULL,
 		"HTTP/%.1f 412 Precondition Failed\r\n"
-		"Connection: close\r\n", req->version);
+		"Connection: close\r\n", req->version));
 }

 static int uh_file_if_match(struct client *cl, struct http_request *req, struct stat *s)
@ -244,6 +247,9 @@ static int uh_file_if_unmodified_since(struct client *cl, struct http_request *r
 }


+#define ensure_out(x) \
+	do { if( x < 0 ) goto out; } while(0)
+
 static int uh_file_scandir_filter_dir(const struct dirent *e)
 {
 	return strcmp(e->d_name, ".") ? 1 : 0;
@ -251,17 +257,18 @@ static int uh_file_scandir_filter_dir(const struct dirent *e)

 static void uh_file_dirlist(struct client *cl, struct http_request *req, struct path_info *pi)
 {
-	int i, count;
+	int i;
+	int count = 0;
 	char filename[PATH_MAX];
 	char *pathptr;
 	struct dirent **files = NULL;
 	struct stat s;

-	uh_http_sendf(cl, req,
+	ensure_out(uh_http_sendf(cl, req,
 		"<html><head><title>Index of %s</title></head>"
 		"<body><h1>Index of %s</h1><hr /><ol>",
 			pi->name, pi->name
-	);
+	));

 	if( (count = scandir(pi->phys, &files, uh_file_scandir_filter_dir, alphasort)) > 0 )
 	{
@ -275,14 +282,16 @@ static void uh_file_dirlist(struct client *cl, struct http_request *req, struct
 			strncat(filename, files[i]->d_name,
 				sizeof(filename) - strlen(files[i]->d_name));

-			if( !stat(filename, &s) && (s.st_mode & S_IFDIR) )
-				uh_http_sendf(cl, req,
+			if( !stat(filename, &s) &&
+			    (s.st_mode & S_IFDIR) && (s.st_mode & S_IXOTH)
+			)
+				ensure_out(uh_http_sendf(cl, req,
 					"<li><strong><a href='%s%s'>%s</a>/</strong><br />"
 					"<small>modified: %s<br />directory - %.02f kbyte"
 					"<br /><br /></small></li>",
 						pi->name, files[i]->d_name, files[i]->d_name,
 						uh_file_unix2date(s.st_mtime), s.st_size / 1024.0
-				);
+				));

 			*pathptr = 0;
 		}
@ -293,31 +302,40 @@ static void uh_file_dirlist(struct client *cl, struct http_request *req, struct
 			strncat(filename, files[i]->d_name,
 				sizeof(filename) - strlen(files[i]->d_name));

-			if( !stat(filename, &s) && !(s.st_mode & S_IFDIR) )
-				uh_http_sendf(cl, req,
+			if( !stat(filename, &s) &&
+			    !(s.st_mode & S_IFDIR) && (s.st_mode & S_IROTH)
+			)
+				ensure_out(uh_http_sendf(cl, req,
 					"<li><strong><a href='%s%s'>%s</a></strong><br />"
 					"<small>modified: %s<br />%s - %.02f kbyte<br />"
 					"<br /></small></li>",
 						pi->name, files[i]->d_name, files[i]->d_name,
 						uh_file_unix2date(s.st_mtime),
 						uh_file_mime_lookup(filename), s.st_size / 1024.0
-				);
+				));

 			*pathptr = 0;
-			free(files[i]);
 		}
 	}

-	free(files);
+	ensure_out(uh_http_sendf(cl, req, "</ol><hr /></body></html>"));
+	ensure_out(uh_http_sendf(cl, req, ""));

-	uh_http_sendf(cl, req, "</ol><hr /></body></html>");
-	uh_http_sendf(cl, req, "");
+out:
+	if( files )
+	{
+		for( i = 0; i < count; i++ )
+			free(files[i]);
+
+		free(files);
+	}
 }


 void uh_file_request(struct client *cl, struct http_request *req, struct path_info *pi)
 {
-	int fd, rlen;
+	int rlen;
+	int fd = -1;
 	char buf[UH_LIMIT_MSGHEAD];

 	/* we have a file */
@ -334,50 +352,45 @@ void uh_file_request(struct client *cl, struct http_request *req, struct path_in
 			/* write status */
 			uh_file_response_200(cl, req, &pi->stat);

-			uh_http_sendf(cl, NULL, "Content-Type: %s\r\n", uh_file_mime_lookup(pi->name));
-			uh_http_sendf(cl, NULL, "Content-Length: %i\r\n", pi->stat.st_size);
+			ensure_out(uh_http_sendf(cl, NULL, "Content-Type: %s\r\n", uh_file_mime_lookup(pi->name)));
+			ensure_out(uh_http_sendf(cl, NULL, "Content-Length: %i\r\n", pi->stat.st_size));

 			/* if request was HTTP 1.1 we'll respond chunked */
 			if( (req->version > 1.0) && (req->method != UH_HTTP_MSG_HEAD) )
-				uh_http_send(cl, NULL, "Transfer-Encoding: chunked\r\n", -1);
+				ensure_out(uh_http_send(cl, NULL, "Transfer-Encoding: chunked\r\n", -1));

 			/* close header */
-			uh_http_send(cl, NULL, "\r\n", -1);
+			ensure_out(uh_http_send(cl, NULL, "\r\n", -1));

 			/* send body */
 			if( req->method != UH_HTTP_MSG_HEAD )
 			{
 				/* pump file data */
 				while( (rlen = read(fd, buf, sizeof(buf))) > 0 )
-				{
-					if( uh_http_send(cl, req, buf, rlen) < 0 )
-						break;
-				}
+					ensure_out(uh_http_send(cl, req, buf, rlen));

 				/* send trailer in chunked mode */
-				uh_http_send(cl, req, "", 0);
+				ensure_out(uh_http_send(cl, req, "", 0));
 			}
 		}

 		/* one of the preconditions failed, terminate opened header and exit */
 		else
 		{
-			uh_http_send(cl, NULL, "\r\n", -1);
+			ensure_out(uh_http_send(cl, NULL, "\r\n", -1));
 		}
-
-		close(fd);
 	}

 	/* directory */
-	else if( pi->stat.st_mode & S_IFDIR )
+	else if( (pi->stat.st_mode & S_IFDIR) && !cl->server->conf->no_dirlists )
 	{
 		/* write status */
 		uh_file_response_200(cl, req, NULL);

 		if( req->version > 1.0 )
-			uh_http_send(cl, NULL, "Transfer-Encoding: chunked\r\n", -1);
+			ensure_out(uh_http_send(cl, NULL, "Transfer-Encoding: chunked\r\n", -1));

-		uh_http_send(cl, NULL, "Content-Type: text/html\r\n\r\n", -1);
+		ensure_out(uh_http_send(cl, NULL, "Content-Type: text/html\r\n\r\n", -1));

 		/* content */
 		uh_file_dirlist(cl, req, pi);
@ -386,8 +399,12 @@ void uh_file_request(struct client *cl, struct http_request *req, struct path_in
 	/* 403 */
 	else
 	{
-		uh_http_sendhf(cl, 403, "Forbidden",
-			"Access to this resource is forbidden");
+		ensure_out(uh_http_sendhf(cl, 403, "Forbidden",
+			"Access to this resource is forbidden"));
 	}
+
+out:
+	if( fd > -1 )
+		close(fd);
 }

--- a/package/uhttpd/src/uhttpd-utils.c
+++ b/package/uhttpd/src/uhttpd-utils.c
@ -59,6 +59,21 @@ int sa_port(void *sa)
 	return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
 }

+int sa_rfc1918(void *sa)
+{
+	struct sockaddr_in *v4 = (struct sockaddr_in *)sa;
+	unsigned long a = htonl(v4->sin_addr.s_addr);
+
+	if( v4->sin_family == AF_INET )
+	{
+		return ((a >= 0x0A000000) && (a <= 0x0AFFFFFF)) ||
+		       ((a >= 0xAC100000) && (a <= 0xAC1FFFFF)) ||
+		       ((a >= 0xC0A80000) && (a <= 0xC0A8FFFF));
+	}
+
+	return 0;
+}
+
 /* Simple strstr() like function that takes len arguments for both haystack and needle. */
 char *strfind(char *haystack, int hslen, const char *needle, int ndlen)
 {
@ -464,6 +479,9 @@ struct path_info * uh_path_lookup(struct client *cl, const char *url)
 	int i = 0;
 	struct stat s;

+	/* back out early if url is undefined */
+	if ( url == NULL )
+		return NULL;

 	memset(path_phys, 0, sizeof(path_phys));
 	memset(path_info, 0, sizeof(path_info));
@ -550,18 +568,31 @@ struct path_info * uh_path_lookup(struct client *cl, const char *url)
 			memcpy(buffer, path_phys, sizeof(buffer));
 			pathptr = &buffer[strlen(buffer)];

-			for( i = 0; i < array_size(uh_index_files); i++ )
+			if( cl->server->conf->index_file )
 			{
-				strncat(buffer, uh_index_files[i], sizeof(buffer));
+				strncat(buffer, cl->server->conf->index_file, sizeof(buffer));

 				if( !stat(buffer, &s) && (s.st_mode & S_IFREG) )
 				{
 					memcpy(path_phys, buffer, sizeof(path_phys));
 					memcpy(&p.stat, &s, sizeof(p.stat));
-					break;
 				}
+			}
+			else
+			{
+				for( i = 0; i < array_size(uh_index_files); i++ )
+				{
+					strncat(buffer, uh_index_files[i], sizeof(buffer));

-				*pathptr = 0;
+					if( !stat(buffer, &s) && (s.st_mode & S_IFREG) )
+					{
+						memcpy(path_phys, buffer, sizeof(path_phys));
+						memcpy(&p.stat, &s, sizeof(p.stat));
+						break;
+					}
+
+					*pathptr = 0;
+				}
 			}

 			p.root = docroot;
--- a/package/uhttpd/src/uhttpd-utils.h
+++ b/package/uhttpd/src/uhttpd-utils.h
@ -49,6 +49,7 @@ struct path_info {
 const char * sa_straddr(void *sa);
 const char * sa_strport(void *sa);
 int sa_port(void *sa);
+int sa_rfc1918(void *sa);

 char *strfind(char *haystack, int hslen, const char *needle, int ndlen);

--- a/package/uhttpd/src/uhttpd.c
+++ b/package/uhttpd/src/uhttpd.c
@ -47,7 +47,7 @@ static void uh_sigchld(int sig)
 	while( waitpid(-1, NULL, WNOHANG) > 0 ) { }
 }

-static void uh_config_parse(const char *path)
+static void uh_config_parse(struct config *conf)
 {
 	FILE *c;
 	char line[512];
@ -55,7 +55,10 @@ static void uh_config_parse(const char *path)
 	char *pass = NULL;
 	char *eol  = NULL;

-	if( (c = fopen(path ? path : "/etc/httpd.conf", "r")) != NULL )
+	const char *path = conf->file ? conf->file : "/etc/httpd.conf";
+
+
+	if( (c = fopen(path, "r")) != NULL )
 	{
 		memset(line, 0, sizeof(line));

@ -74,9 +77,23 @@ static void uh_config_parse(const char *path)
 						"Notice: No password set for user %s, ignoring "
 						"authentication on %s\n", user, line
 					);
+				}
+			}
+			else if( !strncmp(line, "I:", 2) )
+			{
+				if( !(user = strchr(line, ':')) || (*user++ = 0) ||
+				    !(eol = strchr(user, '\n')) || (*eol++  = 0) )
+				    	continue;

-					break;
-				} 
+				conf->index_file = strdup(user);
+			}
+			else if( !strncmp(line, "E404:", 5) )
+			{
+				if( !(user = strchr(line, ':')) || (*user++ = 0) ||
+				    !(eol = strchr(user, '\n')) || (*eol++  = 0) )
+						continue;
+
+				conf->error_handler = strdup(user);
 			}
 		}

@ -249,7 +266,8 @@ static struct http_request * uh_http_header_parse(struct client *cl, char *buffe
 		}

 		/* check version */
-		if( strcmp(version, "HTTP/0.9") && strcmp(version, "HTTP/1.0") && strcmp(version, "HTTP/1.1") )
+		if( (version == NULL) || (strcmp(version, "HTTP/0.9") &&
+		    strcmp(version, "HTTP/1.0") && strcmp(version, "HTTP/1.1")) )
 		{
 			/* unsupported version */
 			uh_http_response(cl, 400, "Bad Request");
@ -302,6 +320,7 @@ static struct http_request * uh_http_header_parse(struct client *cl, char *buffe
 		}

 		/* valid enough */
+		req.redirect_status = 200;
 		return &req;
 	}

@ -505,8 +524,9 @@ int main (int argc, char **argv)
 	}
 #endif

-	while( (opt = getopt(argc, argv, "fSC:K:p:s:h:c:l:L:d:r:m:x:t:T:")) > 0 )
-	{
+	while( (opt = getopt(argc, argv,
+		"fSDRC:K:E:I:p:s:h:c:l:L:d:r:m:x:t:T:")) > 0
+	) {
 		switch(opt)
 		{
 			/* [addr:]port */
@ -597,11 +617,42 @@ int main (int argc, char **argv)
 				}
 				break;

+			/* error handler */
+			case 'E':
+				if( (strlen(optarg) == 0) || (optarg[0] != '/') )
+				{
+					fprintf(stderr, "Error: Invalid error handler: %s\n",
+						optarg);
+					exit(1);
+				}
+				conf.error_handler = optarg;
+				break;
+
+			/* index file */
+			case 'I':
+				if( (strlen(optarg) == 0) || (optarg[0] == '/') )
+				{
+					fprintf(stderr, "Error: Invalid index page: %s\n",
+						optarg);
+					exit(1);
+				}
+				conf.index_file = optarg;
+				break;
+
 			/* don't follow symlinks */
 			case 'S':
 				conf.no_symlinks = 1;
 				break;

+			/* don't list directories */
+			case 'D':
+				conf.no_dirlists = 1;
+				break;
+
+			case 'R':
+				conf.rfc1918_filter = 1;
+				break;
+
 #ifdef HAVE_CGI
 			/* cgi prefix */
 			case 'x':
@ -678,7 +729,11 @@ int main (int argc, char **argv)
 					"	-K file         ASN.1 server private key file\n"
 #endif
 					"	-h directory    Specify the document root, default is '.'\n"
+					"	-E string       Use given virtual URL as 404 error handler\n"
+					"	-I string       Use given filename as index page for directories\n"
 					"	-S              Do not follow symbolic links outside of the docroot\n"
+					"	-D              Do not allow directory listings, send 403 instead\n"
+					"	-R              Enable RFC1918 filter\n"
 #ifdef HAVE_LUA
 					"	-l string       URL prefix for Lua handler, default is '/lua'\n"
 					"	-L file         Lua handler script, omit to disable Lua\n"
@ -727,7 +782,7 @@ int main (int argc, char **argv)
 		conf.realm = "Protected Area";

 	/* config file */
-	uh_config_parse(conf.file);
+	uh_config_parse(&conf);

 	/* default network timeout */
 	if( conf.network_timeout <= 0 )
@ -883,6 +938,14 @@ int main (int argc, char **argv)
 					/* parse message header */
 					if( (req = uh_http_header_recv(cl)) != NULL )
 					{
+						/* RFC1918 filtering required? */
+						if( conf.rfc1918_filter && sa_rfc1918(&cl->peeraddr) &&
+						    !sa_rfc1918(&cl->servaddr) )
+						{
+							uh_http_sendhf(cl, 403, "Forbidden",
+								"Rejected request from RFC1918 IP to public server address");
+						}
+						else
 #ifdef HAVE_LUA
 						/* Lua request? */
 						if( L && uh_path_match(conf.lua_prefix, req->url) )
@ -913,16 +976,30 @@ int main (int argc, char **argv)
 						/* 404 */
 						else
 						{
-							uh_http_sendhf(cl, 404, "Not Found",
-								"No such file or directory");
-						}
-					}
+							/* Try to invoke an error handler */
+							pin = uh_path_lookup(cl, conf.error_handler);

-					/* 400 */
-					else
-					{
-						uh_http_sendhf(cl, 400, "Bad Request",
-							"Malformed request received");
+							if( pin && uh_auth_check(cl, req, pin) )
+							{
+								req->redirect_status = 404;
+
+#ifdef HAVE_CGI
+								if( uh_path_match(conf.cgi_prefix, pin->name) )
+								{
+									uh_cgi_request(cl, req, pin);
+								}
+								else
+#endif
+								{
+									uh_file_request(cl, req, pin);
+								}
+							}
+							else
+							{
+								uh_http_sendhf(cl, 404, "Not Found",
+									"No such file or directory");
+							}
+						}
 					}

 #ifdef HAVE_TLS
--- a/package/uhttpd/src/uhttpd.h
+++ b/package/uhttpd/src/uhttpd.h
@ -64,8 +64,12 @@ struct config {
 	char docroot[PATH_MAX];
 	char *realm;
 	char *file;
+	char *index_file;
+	char *error_handler;
 	int no_symlinks;
+	int no_dirlists;
 	int network_timeout;
+	int rfc1918_filter;
 #ifdef HAVE_CGI
 	char *cgi_prefix;
 #endif
@ -124,6 +128,7 @@ struct auth_realm {
 struct http_request {
 	int	method;
 	float version;
+	int redirect_status;
 	char *url;
 	char *headers[UH_LIMIT_HEADERS];
 	struct auth_realm *realm;
--- a/package/util-linux-ng/Makefile
+++ b/package/util-linux-ng/Makefile
@ -110,7 +110,7 @@ endef
 define Package/setterm
 $(call Package/util-linux/Default)
  TITLE:=Tool for setting terminal attributes
-  SUBMENU:=terminal
+  SUBMENU:=Terminal
  DEPENDS:= +libncurses
 endef

@ -118,6 +118,17 @@ define Package/setterm/description
  This package contains a utility for setting terminal attributes
 endef

+define Package/script
+$(call Package/util-linux/Default)
+  TITLE:=Make typescript of terminal session
+  SUBMENU=Terminal
+endef
+
+define Package/script/description
+ Script makes a typescript of everything printed on your terminal.
+ http://linux.die.net/man/1/script
+endef
+

 define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR)/disk-utils mkswap
@ -126,6 +137,7 @@ define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR)/hwclock hwclock
 	$(MAKE) -C $(PKG_BUILD_DIR)/sys-utils flock
 	$(MAKE) -C $(PKG_BUILD_DIR)/misc-utils setterm
+	$(MAKE) -C $(PKG_BUILD_DIR)/misc-utils script
 endef

 define Package/fdisk/install
@ -174,6 +186,11 @@ define Package/setterm/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/misc-utils/setterm $(1)/usr/bin/
 endef

+define Package/script/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/misc-utils/script $(1)/usr/bin/
+endef
+

 $(eval $(call BuildPackage,fdisk))
 $(eval $(call BuildPackage,cfdisk))
@ -184,3 +201,4 @@ $(eval $(call BuildPackage,swap-utils))
 $(eval $(call BuildPackage,hwclock))
 $(eval $(call BuildPackage,flock))
 $(eval $(call BuildPackage,setterm))
+$(eval $(call BuildPackage,script))
--- a/target/linux/generic-2.6/patches-2.6.30/976-ssb_increase_pci_delay.patch
+++ b/target/linux/generic-2.6/patches-2.6.30/976-ssb_increase_pci_delay.patch
@ -0,0 +1,11 @@
+--- a/drivers/ssb/driver_pcicore.c
+++ b/drivers/ssb/driver_pcicore.c
+@@ -399,7 +399,7 @@ static void ssb_pcicore_init_hostmode(st
+ 	set_io_port_base(ssb_pcicore_controller.io_map_base);
+ 	/* Give some time to the PCI controller to configure itself with the new
+ 	 * values. Not waiting at this point causes crashes of the machine. */
+-	mdelay(10);
+	mdelay(300);
+ 	register_pci_controller(&ssb_pcicore_controller);
+ }
+ 
--- a/target/linux/generic-2.6/patches-2.6.32/976-ssb_increase_pci_delay.patch
+++ b/target/linux/generic-2.6/patches-2.6.32/976-ssb_increase_pci_delay.patch
@ -0,0 +1,11 @@
+--- a/drivers/ssb/driver_pcicore.c
+++ b/drivers/ssb/driver_pcicore.c
+@@ -370,7 +370,7 @@ static void ssb_pcicore_init_hostmode(st
+ 	set_io_port_base(ssb_pcicore_controller.io_map_base);
+ 	/* Give some time to the PCI controller to configure itself with the new
+ 	 * values. Not waiting at this point causes crashes of the machine. */
+-	mdelay(10);
+	mdelay(300);
+ 	register_pci_controller(&ssb_pcicore_controller);
+ }
+ 
--- a/target/linux/orion/image/Makefile
+++ b/target/linux/orion/image/Makefile
@ -79,13 +79,24 @@ define Image/Build/Linksys
 endef

 define Image/Build/Freecom
+	# Orion Freecom Images
+ # backup unwanted files
+	rm -rf ${TMP_DIR}/$2_backup
+	mkdir ${TMP_DIR}/$2_backup
+	-mv $(TARGET_DIR)/{var,jffs,rom} ${TMP_DIR}/$2_backup
+ # add extra files
 	$(INSTALL_DIR) $(TARGET_DIR)/boot
 	# TODO: Add special CMDLINE shim for webupgrade image here
 	$(CP) $(KDIR)/dt2-uImage $(TARGET_DIR)/boot/uImage
-	rm -rf $(TARGET_DIR)/{var,jffs,rom}
 	$(INSTALL_DIR) $(TARGET_DIR)/var
+ # create image
 	$(TAR) cfj $(BIN_DIR)/openwrt-$(2)-$(1).img --numeric-owner --owner=0 --group=0 -C $(TARGET_DIR)/ .
 	$(STAGING_DIR_HOST)/bin/encode_crc $(BIN_DIR)/openwrt-$(2)-$(1).img $(BIN_DIR)/openwrt-$(2)-$(1)-webupgrade.img $(3)
+ # remove extra files
+	rm -rf $(TARGET_DIR)/{boot,var}
+ # recover unwanted files
+	-mv ${TMP_DIR}/$2_backup/* $(TARGET_DIR)/
+	rm -rf ${TMP_DIR}/$2_backup
 endef

 define Image/Build
--- a/target/linux/x86/config-default
+++ b/target/linux/x86/config-default
@ -44,6 +44,7 @@ CONFIG_CLOCKSOURCE_WATCHDOG=y
 # CONFIG_CMDLINE_BOOL is not set
 CONFIG_COMPAT_VDSO=y
 CONFIG_CONSOLE_TRANSLATIONS=y
+# CONFIG_CPA_DEBUG is not set
 # CONFIG_CPU5_WDT is not set
 CONFIG_CPU_FREQ=y
 # CONFIG_CPU_FREQ_DEBUG is not set
@ -71,7 +72,13 @@ CONFIG_CPU_IDLE_GOV_LADDER=y
 # CONFIG_CS5535_GPIO is not set
 # CONFIG_CS89x0 is not set
 # CONFIG_DCDBAS is not set
+# CONFIG_DEBUG_BOOT_PARAMS is not set
 CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_NX_TEST is not set
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_DEBUG_RODATA is not set
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+# CONFIG_DEBUG_VIRTUAL is not set
 CONFIG_DECOMPRESS_BZIP2=y
 CONFIG_DECOMPRESS_GZIP=y
 CONFIG_DECOMPRESS_LZMA=y
@ -202,6 +209,7 @@ CONFIG_KEYBOARD_ATKBD=y
 # CONFIG_KEYBOARD_STOWAWAY is not set
 # CONFIG_KEYBOARD_SUNKBD is not set
 # CONFIG_KEYBOARD_XTKBD is not set
+# CONFIG_KMEMCHECK is not set
 CONFIG_KTIME_SCALAR=y
 # CONFIG_LANCE is not set
 # CONFIG_LEDS_ALIX2 is not set
@ -406,6 +414,7 @@ CONFIG_X86_POPAD_OK=y
 # CONFIG_X86_POWERNOW_K7 is not set
 # CONFIG_X86_POWERNOW_K8 is not set
 CONFIG_X86_PPRO_FENCE=y
+# CONFIG_X86_PTDUMP is not set
 # CONFIG_X86_REBOOTFIXUPS is not set
 CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
 CONFIG_X86_RESERVE_LOW_64K=y