From 4849542035d2ecb4f446e3125dc0afa8b5535d6c Mon Sep 17 00:00:00 2001
From: Rob White <rob@blue-wave.net>
Date: Thu, 23 Nov 2023 16:06:11 +0000
Subject: [PATCH] opennds: update to version 10.2.0

    Maintainer: Rob White rob@blue-wave.net

    Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

    Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

    Description:
    opennds (10.2.0)

This version is a minor upgrade that introduces some significant additional functionality.

In addition it includes numerous enhancements bug fixes and cosmetic fixes.

Additional functionality includes:

**Pre-emptive Client Lists**
A list of the MAC addresses and access conditions of pre-emptively authenticated client devices.
Unlike Trusted Clients, Pre-emptive clients have their data usage monitored. Quotas and timeouts are applied.
Pre-emptive clients are logged both locally and in remote fas servers in the same way as normal validated clients.

**Autonomous Block Lists**
Autonomous block lists are lists of FQDNs for which all ip addresses allocated to those FQDNs will be blocked.

**Internet hosted https FAS support for resource limited routers.**
For limited resource router hardware, inbound nat traversal has been extended to allow https FAS without additional dependencies.
An example FAS script ``fas_hid_https.php`` is provided.

**Fair Usage Policy**
A Fair Usage Policy (FUP) option is introduced where if a client exceeds the pre-configured data quota, rate throttling will be enabled automatically.

**Changelog:**

  * Add - Page 202 HTTP_ACCEPTED for future use
  * Fix - remove redundant workaround for old MHD versions [bluewavenet]
  * Fix - some nft and other error messages [bluewavenet]
  * Fix - remove unnecessary debug messages [bluewavenet]
  * Add - improved ndsctl status detection for authmon [bluewavenet]
  * Add - increase RestartSec parameter in opennds.service for generic Linux [bluewavenet]
  * Fix - prevent unnecessary shutdown [bluewavenet]
  * Fix - Generic Linux, error updating dnsmasq.conf [bluewavenet]
  * Add - allow dynamic update of flowtable rules [bluewavenet]
  * Fix - use Themespec in place of deprecated preauth in ndectl status [bluewavenet]
  * Fix - Generic linux -  keep old config [bluewavenet]
  * Fix - remove some unused variables [bluewavenet]
  * Add - support for nftables blocklists [bluewavenet]
  * Add - ensure authenticated user rules are added in list order [bluewavenet]
  * Add - Set default authenticated policy to accept [bluewavenet]
  * Add - urandom hash to key generation [bluewavenet]
  * Fix - Fix - duplicate users_to_router rules [bluewavenet]
  * Add - Automatic dns resolution of fas_remotefqdn in nftables rules [bluewavenet]
  * Add - flowtables rules [bluewavenet]
  * Add - dynamic flowtable support allowing multiple upstream connections [bluewavenet]
  * Add - skip preemptivemac client if not dhcp database or is already authenticated [bluewavenet]
  * Add - Skip auth_restore if client is in preemptivemac list [bluewavenet]
  * Add - use daemon_auth in auth_restore [bluewavenet]
  * Add - Dynamic refresh of configured preemptive macs [bluewavenet]
  * Fix - suppress demon_auth debug output [bluewavenet]
  * Add - urlencode ALL list blocks and introduce preemptivemac lists [bluewavenet]
  * Add - fas-hid-https to makefiles [bluewavenet]
  * Add - warning that pre-shared key will be generated and added to config if not present [bluewavenet]
  * Add - b64decode payload in fas [bluewavenet]
  * Add - b64encode payload before sending to fas [bluewavenet]
  * Add - level 4 fas-hid-https [bluewavenet]
  * Add - support for fas_secure_enabled = 4 [bluewavenet]
  * Add - updates to comments in fas-hid script [bluewavenet]
  * Fix - fas-hid icon position [bluewavenet]
  * Add - wget_request support to authmon [bluewavenet]
  * Add - ruleset full parsing of verdict, protocol ports to/from address [bluewavenet]
  * Fix - send_to_fas_deauthed [bluewavenet]
  * Fix - ensure action is parsed correctly in all cases [bluewavenet]
  * Add - Quota based Fair Usage Policy, sets throttled rate when quota exceeded [bluewavenet]
  * Add - QL code scanning support in Community theme_voucher ThemeSpec script [bluewavenet]
  * Add - support for cpi_query in example FAS scripts [bluewavenet]
  * Fix - memory leak when deleting client from client list [bluewavenet]
  * Add - html entity handling for semicolon [bluewavenet]
  * Add - Store RFC8910 request string in client data [bluewavenet]

 -- Rob White <dot@blue-wave.net>  Wed, 22 Nov 2023 11:08:15 +0000


Signed-off-by: Rob White <rob@blue-wave.net>
---
 opennds/Makefile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/opennds/Makefile b/opennds/Makefile
index 3f0f78110..6941ebeac 100644
--- a/opennds/Makefile
+++ b/opennds/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=opennds
-PKG_VERSION:=10.1.3
+PKG_VERSION:=10.2.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/opennds/opennds/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=8016a8d20643a2dfc7e8d9e8012e300db6996aeede5ea8a895cb1b95e52f202a
+PKG_HASH:=c2da51e3051e390fc1ddae2a4fa751f7b62919eb8e5526710067ca4622331017
 PKG_BUILD_DIR:=$(BUILD_DIR)/openNDS-$(PKG_VERSION)
 
 PKG_MAINTAINER:=Rob White <rob@blue-wave.net>
@@ -72,6 +72,7 @@ define Package/opennds/install
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/post-request.php $(1)/usr/lib/opennds/
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes.php $(1)/etc/opennds/
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-hid/fas-hid.php $(1)/etc/opennds/
+	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-hid/fas-hid-https.php $(1)/etc/opennds/
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes-https.php $(1)/etc/opennds/
 endef