travelmate: update 2.1.2-4

* more re-connections tweaks
* made travelmate generated emails responsive

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit bd8829b341b8e86147280ba5aa2c4523f3adc2af)

Merge pull request #23485 from mhei/23.05-php8-update-to-8.2.16

[23.05] php8: update to 8.2.16

travelmate: update 2.1.2-3

* various vpn optimizations
* remove obsololete trm_maxscan option
* small fixes for net status and captive portal handling
* add an additional login variant to the h-hotels login script
* fix the wifibahn login script work again with wifionice hotspots again
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 6e4ea63b7e701298807babecfc8d319327d6a4ad)

git: update to 2.43.2

- Refresh a patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit f9e16375f6ab491be91b506e6c9a7828ee9f7adf)

git: update to 2.43.0

- Refresh patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 158b76119385cc5d4bacdde9b903da8cabd44706)

lighttpd: update to lighttpd 1.4.74 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 4d8bb07b734391d11318cb319548a17273820685)

ovn: bump to 22.03.5

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 4d1c7a144ab06dfdad6b11a90a364e7f88a976c3)

openvswitch: bump to 2.17.9

Refresh and backport patches so that

 - ./python path in the source code takes precedence over the same dir in hostpkg
 - OVN LTS version 22.03.5 which depends on Open vSwitch 3.0 can compile
   with Open vSwitch 2.17

Fixes: https://github.com/openwrt/packages/issues/22744
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 7ccbb9a66cfadba035e2ad95a7931877e5faf504)

squid: fix configure options

- Remove non-existing 'dlmalloc' option
- Use 'with-cap' instead of 'with-libcap'
- Use 'with-xml2' instead of 'with-libxml2'
- Patch configure.ac to properly handle 'with-nettle'

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit f58be51721fb0e2c5aa0747bce36a19deb7392dd)

unbound: update to latest upstream release version 1.19.1

Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2 with updated packages from snapshot
Signed-off-by: S. Brusch <ne20002@gmx.ch>
(cherry picked from commit 35ba14e50c6c90b3cc32538573d02a3b4f5b9184)

libuv: fix CVE-2024-24806

Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks

Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 02a982bc10e8278905d0b76ac073b82192576433)

haproxy: update to v2.8.6

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>

ocserv: updated config

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

ocserv: use better separator for sed

This prevents clashes with network addresses that
contain '/'.

Resolves: #18589

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

openconnect: make host dependency more resilient

Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.

Resolves: #23185

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

openconnect: update to 9.12

Remove upstream backport and fix libxml 1.12 compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

openconnect: add support for option --pfs

Add support for the OpenConnect option `--pfs`.
Designed to require perfect forward secrecy.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>

php8: update to 8.2.16

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

lxc: update to 5.0.3

Bump to latest upstream release.

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1b5ee689f3f8fa68580206274b5b67c06db3ec91)

zabbix: update to version 6.4.7

Switch to current stable version 6.4.7.
See release notes:
https://www.zabbix.com/rn/rn6.4.7

So that the new version builds cleanly. The 'libevent2-pthreads' must be
added as dependency.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 4f9ced5cf9d411dc54a815beb365b539c561bbfb)

yt-dlp: bump to version 2023.12.30

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit 5d3424f992b09602f2abd4e71cb163a3af8f3e7c)

yt-dlp: bump to version 2023.11.16

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit 707e87884d67650c26fda2c30c790d5832e319d7)

yt-dlp: add missing dependencies

Added missing python3-{logging,uuid} dependencies.

Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 40a680ffd7d155798123a9eadcc3411f7a201259)

node: February 14 2024 Security Releases

Update to v18.19.1
This is a security release.

Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* npm version 10.2.4

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

Merge pull request #23407 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: add force_dns_interface setting

bind: bump to 9.18.24

Fixes CVEs:

- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
  could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
  excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
  excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
  failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
  named to crash with an assertion failure, when both of these features were
  enabled.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit d277e41e78972130f75dc816ebcbd7931f582519)

bind: bump to 9.18.19

Fixes CVEs:

CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.

CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 835b1051511b592d69bc0b8a7d5d993337f890da)

bind: update to version 9.18.18

Release notes:
https://downloads.isc.org/isc/bind9/9.18.18/doc/arm/html/notes.html#notes-for-bind-9-18-18
https://downloads.isc.org/isc/bind9/9.18.17/doc/arm/html/notes.html#notes-for-bind-9-18-17

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 6a8d3565f0a99fe22cac6db9a8bbf553b7dff5a5)

bind: bump to 9.18.16

Fixes CVEs:

- CVE-2023-2828: The overmem cleaning process has been improved, to
  prevent the cache from significantly exceeding the configured
  max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
  triggers a fetch to refresh the stale data in cache. If the fetch is
  aborted for exceeding the recursion quota, it was possible for named
  to enter an infinite callback loop and crash due to stack overflow.

The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 9ac79ad46966908d2ceb64c0e0d8a0bff435767a)

pdns-recursor: update to 4.8.6 (fixes CVE-2023-50387, CVE-2023-50868)

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>

Merge pull request #23415 from systemcrash/p910nd_picks

P910nd v23.05 picks

squid: update to 6.7

- Switch URL to HTTPS
- Remove default/obsolete configure options
- Fix and refresh the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 4007a08529a86b600b4ce6476cf6367de577a645)

p910nd: bump release

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 9dad4285d3c2de30cf27baa2b299246bda514577)

p910nd: hotplug shellcheck fixes

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 58e7bfc41f02118e5d8b6f5b08a021d9bc351e00)

p910nd: init: check device (/dev/usb/lpX) existence

this prevents the daemon exiting when a configured device
is not plugged in.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit dabeaa76439260a6a41942365b2526c69dc728aa)

p910nd: init: partial fix for openwrt/packages#10496

Harmless to carry this fix until procd.sh adds the param

This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:

"Apple LaserWriter Pro 630"

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit ac501c908d1a6a607f89373d4667a6949b88ca55)

p910nd: hotplug+init: include extra ieee1284 properties

Apple and macOS GUI co-opts the mDNS note= param as "Location"

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 4591a79fa29f5c46b7061860ac1f51adc848697f)

p910nd: hotplug: minor bug fixes

Commit driver_home defaults before continuing

Fix missing path for serial number acquisition

Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 5bc581e6986c84e81d4827b244bbf0deacad6e00)

p910nd: hotplug: small refactor

replace -a with &&

shorten uci commands via variables

add optional ieee1284_id parameters

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 6e886cd4340470a21d6f8cc7928d18d4a48214df)

p910nd: init: add txtvers=1 to mDNS properties

The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:

... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 069cc8dc810f10e04abc239727b582e34053d6f1)

p910nd: init: line-break and conditionalize mDNS properties

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit ffa1bbbe7844aca3ae465cc7f1ba018cc4590579)

p910nd: init: only run mDNS changes if mdns is set to on

i.e. don't do the extra work unless mdns setting is enabled

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit b8890c69e40dbd72f35e4ea9fc78aa13a425fd46)

p910nd: init script

Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.

This way, all supplied parameters should be visible via e.g.:

ps
xargs -0 < /proc/{procid}/cmdline

Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 34a35c93cedb259ab67d826d05c700a0457ab136)

p910nd: hotplug script

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 825b22a4db952c891b07341e0176bc6d64f2d72a)

adblock-fast: add force_dns_interface setting

* allow users to specify list of interfaces/networks to force the
  DNS Hijacking on

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit eafdd63d675a84c3a80a86f7af8c1fd4fb823caa)

stlink: add packages

stlink is an open source toolset to program and debug STM32 devices
and boards manufactured by STMicroelectronics.

Resulting binary packages:
 * stlink - library and shared chip info data
 * st-info - a programmer and chip information tool
 * st-flash - a flash manipulation tool
 * st-trace - a logging tool to record information on execution
 * st-util - a GDB server

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e609f6acdf3e4619d691d5325efb9cc8a9a1b9fa)

crowdsec: new upstream release version 1.6.0

Update crowdsec to latest upstream release version 1.6.0

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested: not able to test run due to limited space (package is big)

Description: update to latest version of upstream
(cherry picked from commit c08dac5ec52441d1aefc0bf8ef251fb1fae5ff8e)

openssh: fix build failure on powerpc_8548
https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd

Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit a79c49578ca136556bd10d8990aa52ef4eb0664b)

openssh: bump to 9.6p1

Release notes: https://www.openssh.com/txt/release-9.6

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
(cherry picked from commit e8dfc6abbee88f35887c66ec785b081252d6d07d)

tailscale: create combined tailscale/tailscaled

Modify Makefile to combine tailscale and tailscaled according to
Tailscale documentatio (https://tailscale.com/kb/1207/small-tailscale)

This resulted for x86_64 in an exec of 31MB + the symlink. Before it
was 29MB (tailscaled) and 10MB (tailscale).

Signed-off-by: Thomas Kupper <thomas.kupper@gmail.com>
(cherry picked from commit 7bef195bbabcec88a2b9055846880fd93c2a8a7a)

knot: update to version 3.3.4

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 66c1065b453b46a709f5143459d8a4cee777f9a0)

knot: update to version 3.3.3

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit a693dd5821b11c442bff817cbc4a8193d0367839)

dawn: Add PKG_BUILD_FLAGS:=no-lto because lto causes strange SegFaults

Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
(cherry picked from commit d9acb54dc49b63ea3b473d72543c76c02e93eb2d)

dawn: Update to 2023-05-14

Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
(cherry picked from commit 6c5c99d206e62b44de1bbe60b66deba459396508)

snowflake: update to 2.8.1

Changelog:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/v2.8.1/ChangeLog

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4173327904acc61a0c2597dd881bc1fa51ad8894)

mosquitto: reenable options wrongly turned off

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 69dc285ac9259241b65cc7d0c690236dbeaf743e)

python-ble2mqtt: update to 0.2.2

b3b0cc8 version 0.2.2
85515cd roidmi: initial support for NEX2 Pro
62addc2 isort imports
8695649 README: update other govee to govee_ht
33f6ade ruuvitag: remove device class for counter
2099607 Rename key govee->govee_ht
12acacd codestyle updates
dbba43d ruuvitag: drop redundant import
84878e0 base: add and use HumidityTemperatureSensor
e9f0046 xiaomi_lywsd03_atc: make send_custom a class variable
2f4809a base: use lowercase for instance variable
5b1af17 govee: add manufacturer
7891691 ruuvitag: add manufacturer
cfd799b ruuvitag: remove inheritance from SubscribeAndSetDataMixin
7be28a1 codestyle updates
bffcf5e Add Govee H5074 temperature/humidity sensor support (#77)

Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
(cherry picked from commit 268ed6d3476f3f3170d71f7ceb91b8c6f2611ea2)

python-dbus-fast: upgrade to 2.21.1

fix: avoid expensive runtime inspection of known callables (https://github.com/Bluetooth-Devices/dbus-fast/pull/277)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
(cherry picked from commit 8db974d8ebcc19882dd5af6d00248ee820bb5483)

nextdns: Update to version 1.42.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

Openvpn: add missing script-security

Maintainer:  @neheb

Compile tested: armv7, cortexA15, OpenWRT 23.05
Run tested: Linksys EA8500

Compile tested: armv8, cortexA53, OpenWRT main
Run tested: Dynalink DL-WRX36

Description:
Script-security is always 2 and cannot be changed from the openvpn config file due to a missing rule in openvpn.init.

This is discussed in issue #23014

This patch adds the missing rule in openvpn.init to parse script-security from the openvpn config file.

Signed-off-by: Erik Conijn <egc112@msn.com>
(cherry picked from commit 7b40d179bcd04a1f3b5b794fd952ef431c833cad)

cloudflared: refine config.yml

The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.

The `url: http://localhost:8000` is not a valid config option.

Additionally add a smale of configuring ingres rules.

The cloudflared.config has missing option token.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit b3580a76d8a4bc0bfa075ba3da945bfe92526871)

dnsproxy: Update to 0.64.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f6714eb01e60d56113b67831bfcd9fc83ea07ef7)

inih: Update to r58

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 2c6453adb68a63aaa7a79d079038b08c288a0da6)

rclone: Update to 1.65.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 4437234dc43095212299417ee25aa43266374f50)

cloudflared: Update to 2024.1.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 17dfbd861360cae1a787c4618a0fe859d10e92da)

dos2unix: Update to 7.5.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 38fc2d2e9f7dfa8ea50ddb89fd9ea76d0609d439)

Merge pull request #23253 from stangri/openwrt-23.05-curl

[23.05] curl: update to 8.6.0

Merge remote-tracking branch 'yggdrasil-openwrt/yggdrasil-for-23.05' into openwrt-23.05

[23.05] yggdrasil: overhaul package with netifd support

Compile tested: none, see below
Run tested: all package compiling and qa testing done in snapshots
Description: we must backport v0.5 into 23.05 because the breaking protocol situation with v.0.4. the counterpart package, luci-proto-yggdrasil is already in 23.05 feeds.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

curl: update to 8.6.0

* https://curl.se/changes.html#8_6_0

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit 0f2c98d53f1aec96c21a707fc0e1a01b5a53a840)

Merge pull request #23227 from stangri/openwrt-23.05-nebula

[23.05] nebula: update to 1.8.2-2

nebula: update to 1.8.2-2

The following fixes have been applied to Makefile:
* fix the nebula license type
* add PKG_CPE_ID
* remove unneeded call to Build/Compile
* add leading spaces to descriptions
* add Package/nebula/conffiles definition
* remove unneeded /lib/upgrade/keep.d files
* no longer install actual license file
* add the README file

Kudos to @BKPepe and @1715173329 for feedback which lead to these fixes

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit ae22bea8ddda7dd4409ea436e34c39073c954d8d)

Merge pull request #23201 from mhei/23.05-php8-update-to-8.2.15

[23.05] php8: update to 8.2.15

xz: Update to 5.4.6

Update xz to the version 5.4.6

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a297c70c16e2828406628da1e0d485d16d006476)

php8: update to 8.2.15

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

python-dbus-fast: update version 2.21.0

Signed-off-by: Andy Syam <privasisource@gmail.com>
(cherry picked from commit 81a5b89c96bab4e312c5e54debede14aaee22ba1)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>

python3-bleak: add missing python3-typing-extensions dependency

Dependency introduced by https://github.com/hbldh/bleak/commit/21094e67cf5d238b911352ba8c45a33d72f47d80
and
https://github.com/hbldh/bleak/commit/3c1fac9773e13acf52cebfe4e9df5c60bffaf76b

(And only for python versions below 3.12.)

Fixes: 64fa106 (python3-bleak: bump version to 0.21.1)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
(cherry picked from commit fcb02c264b935cfb620d37c2f7eb98a042dd2e6a)

natmap: update to 20240126

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 42c6e10ada066e54071026930460e91ba14dfb4b)

sing-box: update to 1.8.4

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 49ab3e0018948ebcbad676f5640c3ca7e3984db5)

 banip: update 0.9.3-5

* fix the nft Set survey function

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 79ae76806bbf118612b4036ee984e832aceba5f5)

v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1aaa5c045dd835331d6c5bb70636e9d34d6bb530)

v2raya: do not allow changing config/log directory

We need stable path to persist configurations and read log from LuCI.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 272cff0d1c6265fe374aeed582423858beedf6bc)

dnsproxy: Update to 0.63.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3711f7f6d2b44e85bd149f54038a3361726fce72)

rclone: Update to 1.65.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 05b61b3b6d8c3e2ab8f20e8b08932adfd25fbc3a)

xray-core: Update to 1.8.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ea4bbc46e19de971e72b44126bb429ecf158c2de)

cloudflared: Update to 2024.1.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 48b55bde67715de3b7f01cb099e552abbf86a12e)

cloudflared: Update to 2024.1.2

Finally fixed build with Go 1.21.

Fixes: #22383
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d16377d23fd08e8c5583bba6d93afd89ad3144eb)

Merge pull request #23137 from nmav/tmp-new-ocserv-23.05

23.05: update ocserv to 1.2.4

gnutls: updated to 3.8.3

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

ocserv: updated to 1.2.4

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

Openvpn: add missing script event options

Maintainer: @mkrkn  @neheb
Compile tested: aarch64, cortex-a53, OpenWRT Master
Run tested: Dynalink DL-WRX36

Description:
[A previous commit](https://github.com/openwrt/packages/commit/f8a8b71e26b9bdbf86fbb7d4d1482637af7f3ba4) has added more script event options.
However it looked like that commit was not complete as it stops the use of the script events route-up, route-pre-down, and ipchange when those are placed in the openvpn config file.

This PR fixes a regression that makes it problematic to specify certain event options in the OpenVPN configuration file.

Discussion in [this thread](https://forum.openwrt.org/t/openvpn-custom-route-up-script-in-23-05-rc2/167105/13) and [here](https://forum.openwrt.org/t/openvpn-route-up-and-route-pre-down-broken-in-23-05/176568)

Please have a look and consider implementing or make it possible to use all script event options in the openvpn config file in another way.

Pull request has been discussed and improved with the help of @AuthorReflex, see: https://github.com/openwrt/packages/pull/21732

Signed-off-by: Erik Conijn <egc112@msn.com>
(cherry picked from commit 7735cdfe6046a4f8690c8cf7e4a05a8cff5622dd)

htop: update to 3.3.0

Changelog: https://github.com/htop-dev/htop/compare/3.2.2...3.3.0

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 3ee7b46610e9dbd8fd2bba87bd06024cd0d9c08f)

Merge pull request #23127 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.1.1-3

adblock-fast: update to 1.1.1-3

* allow top-level domains in the blocked-domains options fixes
  https://github.com/openwrt/packages/issues/23125

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0f059b6523f3720441cf608cbd9769265d859de6)

Merge pull request #23117 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: sync with main branch

adblock-fast: sync with main branch

* somehow parts of the code of the init script got different between the
  main branch and release branch, this PR fixes that.

Signed-off-by: Stan Grishin <stangri@melmac.ca>

Merge pull request #23101 from stangri/openwrt-23.05-nebula

[23.05] nebula: update to 1.8.2

nebula: update to 1.8.2

* update to 1.8.2: https://github.com/slackhq/nebula/releases/tag/v1.8.2

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 91afa9f641382c459a19321127bac04cf296efaa)

Merge pull request #23085 from muink/openwrt-23.05

[23.05] sing-box: Update to 1.8.0

sing-box: update to 1.8.0

New features for v1.8.0:
1. Migrate cache file from Clash API to independent options
2. Introducing Rule Set
3. Add `sing-box geoip`, `sing-box geosite` and `sing-box rule-set` commands
4. Allow nested logical rules
5. Independent `source_ip_is_private` and `ip_is_private` rules
6. Add context to JSON decode error message
7. Reject internal fake-ip queries
8. Add GSO support for TUN and WireGuard system interface
9. The legacy LWIP stack has been deprecated and removed
10. Add `idle_timeout` for URLTest outbound
11. Added some new uTLS fingerprints
...
Release notes: https://github.com/SagerNet/sing-box/releases/tag/v1.8.0

The new version has some breaking changes and may stop working after upgrading if use the original config.
Please see the migration manual to migrate the config: https://sing-box.sagernet.org/migration/

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 8fe2f6848511c3edd2feb46c04c1f8b6ffd1b99e)

rust: Update to 1.75.0

Changelog: https://blog.rust-lang.org/2023/12/28/Rust-1.75.0.html

Refreshed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 546e6eba4fd14607e8068787cea8e3d7f9f49e42)