miniupnpd: update to 2.2 (20201129 git snapshot)

A few changes/fixes on top of upstream:

 - Updated new configure script with Asuswrt-specific code from old genconfig.sh
 - Fixed config.h path in ifacewatcher
 - Now use upstream Makefile.linux instead of (outdated) custom Makefile.merlin,
   with minimal changes to it:
     . Added EXTRACFLAGS content
     . Disabled building test executables
 - iptables path now passed as argument to new configure script
 - Don't append git tag to version string

This has only been tested with SDK 6.37/iptables 1.4.15 and newer (untested on
older MIPS platform since we no longer support them anyway)

release/src/router/Makefile

@@ -3565,23 +3565,23 @@ iptables-1.4.x-clean:
 
 miniupnpd/config.h: shared/version.h
 ifeq ($(RTCONFIG_IGD2),y)
-	cd miniupnpd && ./genconfig.sh --vendorcfg --leasefile $(if $(RTCONFIG_IPV6),--ipv6,) --igd2 --portinuse $(if $(RTCONFIG_AURASYNC),--aurasync,) $(if $(RTCONFIG_GEFORCENOW),--nvgfn)
+	cd miniupnpd && ./configure --vendorcfg --leasefile $(if $(RTCONFIG_IPV6),--ipv6,) --igd2 --portinuse $(if $(RTCONFIG_AURASYNC),--aurasync,) $(if $(RTCONFIG_GEFORCENOW),--nvgfn) --iptablespath=$(TOP)/$(IPTABLES)
 else
-	cd miniupnpd && ./genconfig.sh --vendorcfg --leasefile --portinuse $(if $(RTCONFIG_AURASYNC),--aurasync,) $(if $(RTCONFIG_GEFORCENOW),--nvgfn)
+	cd miniupnpd && ./configure --vendorcfg --leasefile --portinuse $(if $(RTCONFIG_AURASYNC),--aurasync,) $(if $(RTCONFIG_GEFORCENOW),--nvgfn) --iptablespath=$(TOP)/$(IPTABLES)
 endif
 
 miniupnpd: $(IPTABLES) e2fsprogs miniupnpd/config.h
 	@$(SEP)
 	cp -f ./shared/version.h miniupnpd$(MUVER)/.
 	PKG_CONFIG=false ARCH=$(PLATFORM) \
-	$(MAKE) -C $@ -f Makefile.merlin $(PARALLEL_BUILD) \
+	$(MAKE) -C $@ -f Makefile $(PARALLEL_BUILD) \
 	    IPTABLESPATH=$(TOP)/$(IPTABLES) \
 	    EXTRACFLAGS="-Os $(EXTRACFLAGS) -idirafter$(KERNEL_HEADER_DIR) $(if $(or $(RTCONFIG_AURASYNC), $(RTCONFIG_GEFORCENOW)), -I$(TOP)/shared) -ffunction-sections -fdata-sections -I$(TOP)/e2fsprogs/lib" \
 	    LDFLAGS="$(EXTRALDFLAGS) -ffunction-sections -fdata-sections -Wl,--gc-sections -L$(IPTC_LIBDIR) -L$(TOP)/e2fsprogs/lib" \
 		LDLIBS="-Wl,--as-needed $(if $(or $(RTCONFIG_AURASYNC), $(RTCONFIG_GEFORCENOW)),-L$(TOP)/shared -lshared -L$(TOP_PLATFORM)/nvram$(BCMEX)$(EX7) -lnvram,) -luuid -lrt $(IPTC_LIBS) $(if $(RTCONFIG_HND_ROUTER),-L$(TOP_PLATFORM)/wlcsm -lwlcsm,)"
 
 miniupnpd-clean:
-	-@$(MAKE) -C miniupnpd -f Makefile.merlin clean
+	-@$(MAKE) -C miniupnpd -f Makefile clean
 	-@rm miniupnpd/config.h
 
 miniupnpd_1.4: $(IPTABLES) shared/version.h

release/src/router/miniupnpd/.gitignore

@@ -1,4 +1,5 @@
 *.o
+*.d
 *.bak
 config.h
 ipfw/testipfwrdr
@@ -19,9 +20,18 @@ validateupnppermissions
 validategetifaddr
 testssdppktgen
 validatessdppktgen
+validateversion
 .depend
 pf/testobsdrdr
 pf/testpfpinhole
 netfilter/test_nfct_get
 testminissdp
-version.h
+dox/
+bsdmake.inc
+upnpstun
+Makefile
+config.mk
+netfilter_nft/testnftnlrdr
+netfilter_nft/testnftpinhole
+netfilter_nft/test_nfct_get
+.configure.cache

release/src/router/miniupnpd/Changelog.txt

@@ -1,4 +1,80 @@
-$Id: Changelog.txt,v 1.450 2019/08/24 08:42:50 nanard Exp $
+$Id: Changelog.txt,v 1.472 2020/10/31 09:16:14 nanard Exp $
+
+VERSION 2.2.0 : released on 2020/10/31
+
+2020/10/30:
+  OpenBSD: portinuse.c compatible with OpenBSD 5.5+
+
+2020/10/26:
+  Improve AddAnyPortMapping port selection
+
+2020/10/22:
+  netfilter_nft: fix rule-cache update when using the same chain name in
+    both tables.
+
+2020/06/20:
+  -v/-vv to output more log (LOG_INFO / LOG_DEBUG)
+  AddAnyPortMapping() tries all possible ports
+
+2020/06/10:
+  improvements and bug fixes in netfilter_nft/nftnlrdr_misc.c
+
+2020/06/05:
+  fix handling of ipv4 M-SEARCH received on ipv6 sockets
+  numerous fixes in linux/nftables implementation
+
+2020/06/03:
+  configure --disable-fork to disable going to background
+  improve upnp_get_portmapping_number_of_entries()
+
+2020/05/30:
+  "IGD2 Port Triggering" pf implementation (adding a nat rule)
+
+2020/05/07:
+  Linux: use libcap or libcap-ng to drop unnecessary capabilities
+
+2020/05/04:
+  Move configuration detection from Makefiles to configure (was genconfig.sh)
+  update linux Makefiles
+
+2020/04/29:
+  fix for bridges
+
+2020/04/21:
+  Remove FW API detecting code from Makefile (BSD). generate bsdmake.inc
+  netfilter: addmasqueraderule() even if internal/external ports are the same
+  improve error and debug log in upnpstun.c
+
+2020/04/20:
+  Fix "IGD2 Port Triggering" in update_portmapping()
+
+2020/04/12:
+  pf: disabled setting dst address in rule by default
+
+2020/04/09:
+  Option to disable IPv6 at runtime : -4 / ipv6_disable=yes
+
+2020/03/29:
+  Fix FreeBSD build
+
+2019/12/18:
+  Fix PCPSendUnsolicitedAnnounce() when IPv6 is not available
+
+2019/10/05:
+  Use OpenSSL TLS_server_method() instead of TLSv1_server_method()
+  Add --version commandline option
+
+2019/10/03:
+  Use OpenBSD pledge()
+
+2019/10/02:
+  Working NFTables implementation thanks to Paul Chambers
+
+2019/09/24:
+  Distinguish between iptables and nftables in genconfig.sh
+
+2019/09/01:
+  fix of nftables scripts : https://github.com/miniupnp/miniupnp/pull/395
 
 2019/08/24:
   Small fixes in netfilter code

release/src/router/miniupnpd/INSTALL

@@ -1,5 +1,5 @@
 MiniUPnP project.
-(c) 2006-2019 Thomas Bernard
+(c) 2006-2020 Thomas Bernard
 Homepage : http://miniupnp.free.fr/
 Mirror: https://miniupnp.tuxfamily.org/
 github: https://github.com/miniupnp/miniupnp
@@ -11,12 +11,11 @@ web forum https://miniupnp.tuxfamily.org/ if you need more information.
 ================================ *BSD/pf =================================
 To Build and Install :
 
+- first use ./configure
+  For more details about options :
+  > ./configure -h
+  then edit config.h to fine tune to your preferences.
 - use BSD make to compile.
-- you can first 'make config.h' then edit config.h to your preferences and
-  finally 'make'
-  Alternatively to editing config.h, options can be passed to genconfig.sh
-  For more details :
-  > ./genconfig.sh -h
 - add "rdr-anchor miniupnpd" or/and "anchor miniupnpd" lines to /etc/pf.conf
   (Since OpenBSD 4.7, rdr-anchor lines are no longer used and should be
   removed, leaving only the anchor lines).
@@ -39,9 +38,8 @@ To Build and Install :
 
 =========================== *BSD,*Solaris/ipf =============================
 
-genconfig.sh and the Makefile try to detect wether ipf or pf should be
-used. If it fails, edit config.h and Makefile by hand.
-In Makefile, the FWNAME variable value should be pf or ipf.
+configure tries to detect wether ipf or pf should be
+used. If it fails, you can use ./configure --firewall=ipf
 Installation steps are allmost the same as with pf.
 
 *Solaris users would be interested in reading informations from :
@@ -50,9 +48,8 @@ http://blogs.sun.com/avalon/category/IPFilter
 ============================= Mac OS X/ipfw ===============================
 
 - To enable non standard compilation options,
-  > ./genconfig.sh -h
-  Or edit config.h after it has been generated by genconfig.sh
-- use 'bsdmake' (if available) or 'make -f Makefile.macosx' to build
+  > ./configure -h
+- use either 'bsdmake -f Makefile.bsd' (if available) or 'make' to build
 
 ============================== Mac OS X/pf ================================
 
@@ -61,8 +58,11 @@ also bsdmake is not available anymore.
 Make sure you have installed the Xcode commande line tools (from the
 Xcode Preferences menu or using 'xcode-select --install' command)
 
-You'll need to download xnu sources : https://github.com/opensource-apple/xnu
-> INCLUDES="-I.../xnu/bsd -I.../xnu/libkern" make -f Makefile.macosx
+You need to download xnu sources : https://opensource.apple.com/tarballs/xnu/
+- If version of xnu >= 4570,
+  > ./configure
+  Then edit config.h, adding line "#define PFVAR_NEW_STYLE" to it.
+> INCLUDES="-I.../xnu/bsd -I.../xnu/libkern" make
 
 ============================ Linux/netfilter ==============================
 To Build and install :
@@ -77,14 +77,15 @@ To Build and install :
   This script must allways be run before the daemon
   to set up initial rules and chains.
 - Build and edit the config.h file
-  > make -f Makefile.linux config.h
+  > ./configure
   > vi config.h
 - Build the daemon
-  > make -f Makefile.linux
+  > make
   If not using iptables from your system,
-  > IPTABLESPATH=/path/to/iptables-1.4.1 make -f Makefile.linux
+  > ./configure --iptablespath=/path/to/iptables-1.4.1
+  > make
 - install as root using :
-  > make -f Makefile.linux install
+  > make install
 - A miniupnpd script should be installed to /etc/init.d
   and the configuration files to /etc/miniupnpd
 - anytime, you can use the netfilter/iptables_flush.sh
@@ -108,12 +109,20 @@ How to get libiptc with its headers on debian :
   > ./configure --enable-static
   > make
 - it is now possible to compile miniupnpd using the following command :
-  > IPTABLESPATH=/path/to/iptables-x.x.x make -f Makefile.linux
+  > ./configure --iptablespath=/path/to/iptables-x.x.x
+  > make
 
 ======================== Linux/netfilter nftables =========================
 
-work is in progress. To build :
- > make -f Makefile.linux_nft
+work is in progress.
+install the required development libraries. For debian :
+ > apt-get install libnftnl-dev libmnl-dev
+
+To build :
+ > ./configure --firewall=nftables
+ > make
+(first clean any old config if you built the netfilter/iptables version
+previoulsy)
 
 see :
 https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=4370
@@ -186,8 +195,6 @@ On linux systems, one could also use the command
 
 More simple, use the genuuid makefile target :
 > make genuuid
-or
-> make -f Makefile.linux genuuid
 This target is needed by the "install" target, so it is done automatically
 during install.
 

release/src/router/miniupnpd/LICENSE

@@ -1,5 +1,5 @@
 MiniUPnPd
-Copyright (c) 2006-2019, Thomas BERNARD
+Copyright (c) 2006-2020, Thomas BERNARD
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without