crun: update to 1.9.2

changelog 1.9.2:
 - cgroup: reset the inherited cpu affinity after moving to cgroup. Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move, so we need to reset it in order to honor the cpuset configuration.

changelog 1.9.1:
 - utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink.
 - build: fix build on CentOS 7
 - linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed.
 - utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit bb3af8acb92e396f181d3f435dd2ca8ac1c9ec30)

conmon: update to 2.1.8

Bug fixes:
 - stdio: ignore EIO for terminals
 - ensure console socket buffers are properly sized
 - conmon: drop return after pexit()
 - ctrl: make accept4 failures fatal
 - logging: avoid opening /dev/null for each write
 - oom: restore old OOM score
 - Use default umask 0022

Misc changes:
 - cli: log parsing errors to stderr
 - Changes to build conmon for riscv64
 - Changes to build conmon for ppc64le
 - Fix close_other_fds on FreeBSD

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 3d88d18ee2918840b9b05fb27e50587fc9f62b64)

v2ray-geodata: add package v2ray-geosite-ir

"Iran Hosted Domains" is a comprehensive list of Iranian domains and services that are hosted within the country.

Signed-off-by: Kaveh Dadgar <Kavehdadgar666@protonmail.com>
(cherry picked from commit b1fc3754b3969edc9dca2f1fd5129edbd0a76517)

cloudreve: Update to 3.8.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 503825ef41d67af8b2cb35fe8dfe683f1c1ca766)

dnsproxy: Update to 0.56.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 303f0ad5ed690a22de5bfe959975d0d19511043a)

dnsproxy: Update to 0.55.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 830552b624a5be6ebc6dcdb39096d18d31cadf5d)

v2ray-core: Update to 5.8.0

Removed upstreamed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 02b723bec3c17567edf60e6bf8012834c49a7270)

curl: Update to version 8.4.0

For detailed changes, see https://curl.se/changes.html#8_4_0
Switching to tar.bz2 for the time being as tar.xz is not yet available.
Fixes CVE-2023-38546 and CVE-2023-38545.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from d353218c320073bf6c2b48f4b9eeab5d4aeeed1c)

python3: Update to 3.11.6, refresh patches

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 2aba43afe9e1bf5d9dc5e3578af7f82f6da51b2b)

Merge pull request #22346 from douglarek/sb

[openwrt-23.05] sing-box: update to v1.5.2

Merge pull request #22293 from jefferyto/python-charset-normalizer-3.3.0-openwrt-23.05

[openwrt-23.05] python-charset-normalizer: Update to 3.3.0

sing-box: update to v1.5.2

* Enable `with_ech` and `with_dhcp`, just like upstream
* See changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.5.2

Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: ShadowsocksR is marked as deprecated since v1.5.0

Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: remove dhcp by default

Signed-off-by: Leo Douglas <douglarek@gmail.com>
(cherry picked from commit bf7ce353b8af9a36411525306abcde23e860e76d)

nextdns: Update to version 1.41.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

net-snmp: move to PCRE2 library

Add upstream patch adding support for pcre2 and update dependency to
require libpcre2 instead of libpcre.

--with-pcre2-8 is now needed to exclude support for pcre and only
require pcre2 as net-snmp still use and try to use pcre by default.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit daf29ecbb2e17adce7ba9c25759b60c9afff9c01)

Merge pull request #22326 from jefferyto/python-twisted-23.8.0-openwrt-23.05

[openwrt-23.05] python-twisted: Update to 23.8.0, rework patches

libvpx: update to 1.13.1

v1.13.0

This release includes more Neon and AVX2 optimizations, adds a new codec
control to set per frame QP, upgrades GoogleTest to v1.12.1, and includes
numerous bug fixes.

v1.13.1

This release contains two security related fixes. One each for VP8 and VP9.

- https://crbug.com/1486441 (CVE-2023-5217)
- Fix bug with smaller width bigger size (CVE-2023-44488)

Fixes #22318

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 36566a99af9074334eee3293a6d5a0aa7f4e8246)

exim: update to version 4.96.1

This is a security release.

JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
      could be triggered by externally-supplied input.  Found by Trend Micro.
      CVE-2023-42115

JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7c8f4a2a1c2e883ae3ebd62aab96bb45e31b4d55)

golang: Update to 1.21.2

Includes fix for CVE-2023-39323 (cmd/go: line directives allows
arbitrary execution during build).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit a8374204bbf5c111f8492995560088a4c399dca4)

python3: avoid unnecessary rebuilds

Move the order in which BuildPackage is called, so that the libpython
package is built ahead of the module packages, to avoid forcing a
clean-build of the package when 'make package/python3/compile' is called
a second time without changes.

The library must be built first, so that when the buildsystem checks for
ABI version changes using libpython3.version, its timestamp should be
older than the dependent package's STAMP_PREPARED file.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c230d7bd7f8a794032d2414588f1cdfc1a5ec74e)

openssh: bump to 9.5p1

Changelog: https://www.openssh.com/txt/release-9.5

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 6dc86d46da18d573971b7e7a2d625b2498dbe249)

tor-fw-helper: remove it

This package does not receive any update since 2015. [1]
It seems unmaintained and most likely not used at all.

[1] https://gitweb.torproject.org/tor-fw-helper.git/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit c980086b1e4353fcdbd9f44065ce1cbf9c158e09)

python-twisted: Update to 23.8.0, rework patches

The package changed to the hatchling build backend.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 00841f98731fe7599c7f2cae2bf4e08599833647)

crowdsec-firewall-bouncer: new upstream release version 0.0.28

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0-rc3

Description: Update crowdsec-firewall-bouncer to latest upstream release version 0.0.28
(cherry picked from commit 401d2428ac24abcd90dcaa7bf5bc32ef33e6769b)

Merge pull request #22312 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: bugfix: properly identify hosts-files

banip: release 0.9.1-1

* drop packets silently on input and forwardwan chains or actively reject the traffic, set 'ban_blocktype' accordingly
* optimized banIP boot/reload handling
* removed pppoe quirk in device detection
* small fixes and optimizations

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 00cad2980cc7707f662acb1fa2a51c4e4fc331d9)

yq: Update to 4.35.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b46ff1fd8a877afc0f36cf7df5b9aae9d15fdb95)

adblock-fast: bugfix: properly identify hosts-files

* escape dots in grep command to properly identify hosts files

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 13a88d0b79142f385d77baaa390211673bf6b9c0)

atftp: move to PCRE2

Move atftp to PCRE2 as PCRE is flagged as EOL and won't receive security
updates anymore.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f81a1a1212c17f460721fe6f4d4497e66ee418c6)

atftp: bump to release 0.8.0

Bump to release 0.8.0. Autorecong is now needed to correctly compile the
package.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 364fe00b17ddfeb9f2bdf16298eda84866d58d27)

ffmpeg: Add avi muxer

Otherwise one cannot produce *.avi containers needed for some H.264
camera codecs.

Signed-off-by: Jan Kratochvil <jan@jankratochvil.net>
(cherry picked from commit 62f01d7b36ca621f3b9e2e01c78a64e897dbf4e8)

wget: Update to 1.21.4

Removed upstreamed patches and unneeded autoreconf.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 54593c0ba9a52ca72c69a1041b11bc9ef558db77)

syslog-ng: update to version 4.4.0

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.4.0

- Bump version in config file

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4dd49d7c3cd571107958154f1ed1ec8d8dba7464)

python-cffi: Update to 1.16.0

This includes a patch to unpin the version of setuptools required for
build; the required version is newer than the version bundled with
Python 3.11. This patch should not be necessary when Python 3.12 is
available.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit dd5af62695e2c0fcf421adfffbea92f37d1a652d)

python-packaging: Update to 23.2

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 78bcdd0fd1291a1a02e0d73e43c28e04f36d507d)

python-bcrypt: Update to 4.0.1, add myself as maintainer

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6b3da46777bb5d029a4933481ee5939efa7c7109)

python-pyopenssl: Update to 23.2.0

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit bb278a015c6b76ca2c9fdf6663dbd7428777915e)

python-charset-normalizer: Update to 3.3.0

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 85540346fef07abf5df1a2d3558b341e7afb60d8)

Merge pull request #22287 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.0.0-5

adblock-fast: update to 1.0.0-5

* improve processing of dnsmasq config files
* do not run sed/show error if allow_filter is empty

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit f3b8e569a5a619d87da873c3f9f657f77b1656c7)

Merge pull request #22269 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.0.0-5

libwebp: bump to version 1.3.2

From https://github.com/webmproject/libwebp/releases/tag/v1.3.2

- 9/13/2023: version 1.3.2
  This is a binary compatible release.
  * security fix for lossless decoder (chromium: #1479274, CVE-2023-4863)

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 90c6cb239002b1581b249ed19c3d7475fa78e5f1)

prometheus-node-exporter-lua: drop bmx6 package

In the OpenWrt routing feed, package bmx6 and luci-app-bmx6 were removed because the LuCI app was vulnerable to several CVEs, as found by dependabot. It has been reporting it for a few months and has even created an issue. These two packages are not maintained in OpenWrt as well in upstream.

Users should switch to the bmx7 package.

Fixes: 9fb9d9343ea27d6dbb5008ece10c0c843dd2c781 ("bmx6: drop package") in the routing feed
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9c2bf859005ada11c17835f74826b356cdb0fb7b)

cloudflared: Update to 2023.7.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 08f3dccccd867967d34b8f9102544896cf97edfe)

adguardhome: update quic-go to v0.37.6

* quic-go v0.36.x cannot be compiled with Go 1.21. Update that
  AdGuardHome dependency to latest one from v0.37 series.
* It fixes following compilation error:
  go-mod-cache/github.com/quic-go/quic-go@v0.36.2/internal/qtls/go121.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet. For more details, please see https://github.
  com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet.

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit 11230bb580443efd14a3c3bb4aa193c0476e4a7d)

python-typing-extensions: Update to 4.8.0

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit cb8648679b01982131eda7b2e74aff02f9a7499e)

python-trove-classifiers: Update to 2023.9.19

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 423235b40a84663c611e0f95abb11aaa7202681d)

python-setuptools: Update to 68.2.2

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit c12e4e873d43c6d61909f1a110be924918be1ab5)

python-cryptography: Update to 41.0.4

This includes a patch to update the version of ouroboros (Rust crate)
used, to fix RUSTSEC-2023-0042[1]. Upstream has switch from ouroboros to
self_cell so this patch should only be necessary for cryptography 41.

[1]: https://rustsec.org/advisories/RUSTSEC-2023-0042.html

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 9fdff3ea94662653188c3902840e97c35e9f138f)

python: Add environment variables to build Rust extensions

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 4d43be8549c8240f5039040fd1efd44aa2eb61fa)

python-setuptools-rust: Add new host-only package

From the README:

setuptools-rust is a plugin for setuptools to build Rust Python
extensions implemented with PyO3 or rust-cpython.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit f467f47f0ca226e382356a8e3615b5c55655b692)

python-semantic-version: Add new host-only package

From the README:

This small python library provides a few tools to handle SemVer in
Python. It follows strictly the 2.0.0 version of the SemVer scheme.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit b078e01f0c60354b8580fed8b12c25b5a5706cc6)

exim: apply hotfix for some ZDI reported vulnerabilities

Apply preliminary hotfix for some (three?) of the 0-day
vulnerabilities reported by ZDI.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit db85d9ead6c3258757e199ad1fbd5bd20c9aac5f)

adblock-fast: update to 1.0.0-5

* improve processing of dnsmasq config files
* do not run sed/show error if allow_filter is empty

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0dc2aa2e7d67b6b4bce3d3bae9b14e67b90ff0c1)

v2raya: remove go version hack

This hack was added for Go 1.20 as it did not take minor version.
Now we have Go 1.21, this hack can go away.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

Merge pull request #22242 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: better error reporting when nothing to do

v2ray-core: backport upstream Go 1.21 updates

Fix build for Go 1.21.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a8ac5861f677e908e4886406cf57049648c7312d)

frp: update to 0.51.3

Includes some bug fixes and adds support for GO 1.21.

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 14dd31ef27adf023becce757898c9c075591fc08)

frp: update to 0.51.0

XTCP is incompatible with previous versions since 0.49.0.

Changelog:
https://github.com/fatedier/frp/releases/tag/v0.49.0
https://github.com/fatedier/frp/releases/tag/v0.50.0
https://github.com/fatedier/frp/releases/tag/v0.51.0

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 62901b7895583d6f4845bf7cc2d944f98c662a1e)

kismet: drop the package

This package is no longer maintained in OpenWrt even though it is maintained by upstream.
The last update was done in August 2016 and because we have 2023, drop this package
without replacement.

If anyone from the community wants to step in and retake the maintainership together with the update,
feel free to do it.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 52def58084583ff070c107d8c5455fce780e4c32)

adblock-fast: better error reporting when nothing to do

* also nicer file type output in high verbosity

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit ed6729c251407bbe8a5eedb8a692b40afcb2b782)

adguardhome: update to v0.107.36

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.34
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.35
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.36

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
[ Reword commit message ]
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit d4fa3d0a1aa242c0aed5a5292335fe9d9ac42a31)

syncthing: update to 1.24.0

This package can be built with Go 1.21 and QUIC can be enabled.

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 86522d77f1ccf7ed80ef556e0d6621efbd190275)

syncthing: disable quic to support GO 1.21

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 23113ceb97dbc1ad5d3caba83b72dbb1d0a69a37)

syncthing: update to 1.23.7

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 0449b0f3949e720c7484df5e0569b6ff518e5898)

tailscale: Update to 1.50.0

Signed-off-by: Zephyr Lykos <git@mochaa.ws>
(cherry picked from commit eeb1e0f057ea9463a99aa3f49cbd64ce69906713)

tailscale: update to version 1.48.2

Release notes:
https://github.com/tailscale/tailscale/releases/tag/v1.48.2

Signed-off-by: Tyler Young <git@yfh.addy.io>
(cherry picked from commit 992807ca35ce3a8ef3dae8f71d9b1e6dbe724e22)

tailscale: enable autodect of fw type

Signed-off-by: Tyler Young <git@yfh.addy.io>
(cherry picked from commit 40d5ba9378127a852b0b4735b02798be17e2e12c)

tailscale: Update to 1.48.1

Signed-off-by: Zephyr Lykos <git@mochaa.ws>
(cherry picked from commit a9373d6dd1782807dafbad2bf6a2c8f30b252638)

tailscale: Update to 1.48.0

Everything is working on pure upstream code.
Patching is not longer needed.

Added entire /etc/tailscale/ directory to conffiles for persistent ssh
host key & https certificate across sysupgrades.

Signed-off-by: Zephyr Lykos <git@mochaa.ws>
(cherry picked from commit 750faf5942088c430732533e162ea5d91b17579a)

dnscrypt-proxy2: update to version 2.1.5

Fixes compilation with Go 1.21+.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 536569ca62b125994b26e7cf02c981b338f82676)

apache: move to PCRE2

Move apache to PCRE2 now that PCRE is flagged EOL and won't receive any
security update.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit d14fe0c51c0be8d66772b83a165c7fb3c4850af0)

apache: bump to release 2.4.57

Bump apache to release 2.4.57 and refresh patch automatically.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 86f9af41c1cb8670e56be5d0fec8b64daf7c7499)

Merge pull request #22222 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: bugfix: better detect ABP lists

python3-networkx: Update to 3.1, rename source package

This renames the source package to python-networkx to match other Python
packages.

This also updates the list of dependencies.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 77cebb0d0391e7f6f8594a4b046beac702124609)

python-bidict: Update to 0.22.1

The package no longer has a build dependency on setuptools-scm.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 04344131087473289f0d9cfff0ffb196ac3376bd)

golang: Update to 1.21.1

Includes fixes for:

* CVE-2023-39318: html/template: improper handling of HTML-like comments
  within script contexts

* CVE-2023-39319: html/template: improper handling of special tags
  within script contexts

* CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
  execution

* CVE-2023-39321 and CVE-2023-39322: crypto/tls: panic when processing
  partial post-handshake message in QUICConn.HandleData

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit d9a999521ea3113f3c48b65d468917bf94f83821)

golang: Update to 1.21.0, remove patch

Upstream has updated the Go compiler to not use gold when building for
arm, and is waiting for a fix to binutils (released in 2.41) before
doing the same for aarch64.[1]

Based on the above, it does not appear that
https://github.com/golang/go/pull/49748 will be merged. This removes the
patch from that pull request.

[1]: https://github.com/golang/go/issues/22040

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit a80af7e44347c50c745967c17f20c89385f1ea08)

btrfs-progs: update to version 6.5.1

Release notes:
https://github.com/kdave/btrfs-progs/releases/tag/v6.5.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 16e484cad1d2e9686916c0cfcafd54cf3777378f)

openvswitch: disable groff manpage check

The openvswitch build trips over a number of warnings during the
manpage-check step if groff 1.23 is installed on the build host,
resulting in a failed build.

As this check is optional, and we don't even install the manpages, simply
override the groff configure check to never detect groff.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit db34f33cc712ef2c6c4ca2f7ace1f428e83f316c)

tunneldigger: set PKG_SOURCE_DATE

opkg requires monotonically increasing version numbers to know which
version of a package is newer. As git commit IDs do not satisfy this
condition, PKG_SOURCE_DATE must be set to the date of the referenced
commit, resulting in the complete version number '2021-03-08-4f72b305-1'.

As the source date also becomes part of the paths inside the download
archive, the source hash must be updated as well.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 0a3e5dd122abb92f215369eeb0a957114b61746f)

tunneldigger: add group option to UCI config

The group can be used for policy routing and similar purposes.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 21dd77f6c48f5c59beee5dccc4aee9a2afa3e137)

adblock-fast: bugfix: better detect ABP lists

* bugfix: better detect ABP lists
* update Makefile with BUSYBOX features dependencies
* update the type of dnsmasq_instance setting
* add error message when file type can't be detected
* add reporting when file type can't be detected
* bugfix: include URL on errors related to URL processing/parsing
* rename resolver function to resolver_config to better reflect its use

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit cfe85fbde3cdce2ab05e9cd888ebb3713c42299f)

Merge pull request #22207 from commodo/django-update-23.05

[23.05] django: bump to version 4.2.5

iperf3: update to 3.15

see changelog: https://github.com/esnet/iperf/releases/tag/3.15.

Signed-off-by: Leo Douglas <douglarek@gmail.com>
(cherry picked from commit 8a223d4724d996db13bc8077035b27562b5e8fbd)

zerotier: update to 1.12.2

see changelog: https://github.com/zerotier/ZeroTierOne/releases/tag/1.12.2.

Signed-off-by: Leo Douglas <douglarek@gmail.com>
(cherry picked from commit 0343dffefa2b1b5dbd731516ed0a9431d6ed4cae)

crowdsec: new upstream release version 1.5.4

Update crowdsec to latest upstream release version 1.5.4

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space

Description: update to latest version of upstream
(cherry picked from commit 7528bf76821eb9234d4665752371c85496ca5b89)

apfree-wifidog: Update to v6.08.1950

Fixed some memory leak bug

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit 5b3e517be4a1d2674fc12ea81a60ba885423758a)

django: bump to version 4.2.5

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 331b5f75f4b4d5b71c6db9bd6658b6eeef01d891)

libmariadb: Fix async api by linking to libucontext

The asynchronous API of libmariadb uses cooperative multi threading
by using the system calls
  * makecontext
  * swapcontext
  * getcontext
  * setcontext
of the ucontext.h C-API.

Thus additionally link libmariadb to libucontext which is a library
providing these system calls on platforms not supporting them out of
the box - like musl based platforms.

Signed-off-by: Volker Christian <me@vchrist.at>
(cherry picked from commit 6748f95168660792a2162d8d35ce1ecf85f2d865)

xfrpc: update to version 2.9.644

Release notes:
https://github.com/liudf0716/xfrpc/releases/tag/2.9.644

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>

samba4: update to 4.18.6

Fixes various security issues. For detailed history see:

* https://www.samba.org/samba/history/samba-4.18.6.html
* https://www.samba.org/samba/history/samba-4.18.5.html
* https://www.samba.org/samba/history/samba-4.18.4.html
* https://www.samba.org/samba/history/samba-4.18.3.html
* https://www.samba.org/samba/history/samba-4.18.2.html
* https://www.samba.org/samba/history/samba-4.18.1.html

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>

czmq: drop libpcre dependency

It seems like the libpcre dependency was added by mistake.
While checking in the source code of czmq (Makefile.am, CMakeLists.txt),
I see there are several dependencies, but there isn't PCRE.

Fixes: 936a48a ("czmq: add new package")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e3ab95185cb67e6d5753b2d7380bac74c4ef4acd)

mg: switch pcre to pcre2

Switch pcre to pcre2
https://github.com/openwrt/packages/issues/22006

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3d11e5c197e250f0a32ca813ff07d480b59311d0)

msmtp: update to version 1.8.24

Release notes:
https://github.com/marlam/msmtp-mirror/commit/ef62463e4d0dc1f8e7f1db4f8dd35650999c13f9X

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 29a9a6a4a7b797097992eb7ff2cfd84d11920b25)

setools: Update to 4.4.3

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 0ea5e63b15065b79fc6d9fef799e3947750c8368)

Merge pull request #22168 from jefferyto/rust-cargo-rustflags-openwrt-23.05

[openwrt-23.05] rust: Set rustflags by environment variable

rust: Set rustflags by environment variable

In order to use $(RUSTC_TARGET_ARCH) in HOST_BUILD_DIR, the line to
include rust-values.mk in the Rust makefile was moved in
f489e019ac4a15e974518d9928ef913a157d135a, causing it to be included
before package.mk is included.

This had the side effect of preventing "-lssp_nonshared" from being
added to RUSTC_LDFLAGS, because PKG_SSP is indirectly set by package.mk
(package.mk includes hardening.mk, hardening.mk sets PKG_SSP).

There is a deeper issue; it is the Rust package's PKG_SSP value that
causes RUSTC_LDFLAGS to be set and written to the Cargo config file. For
packages that use Rust to build, their PKG_SSP value does not affect the
linker flag.

This sets rustflags with the RUSTFLAGS environment variable, instead of
writing the value to the Cargo config file, allowing PKG_SSP from the
package being built to be used and for the package being built to modify
the rustflags used.

This also:

* Fix "-lssp_nonshared" being added to TARGET_CFLAGS instead of
  RUSTC_LDFLAGS, when CONFIG_PKG_CC_STACKPROTECTOR_STRONG is set.

* Remove the use of $(RUSTC_TARGET_ARCH) in HOST_BUILD_DIR and move the
  include line for rust-values.mk back to after package.mk.

  Since the host build directory was moved under the target build
  directory in efdbac38dc8b649ca26b49fac27abeb5cf76cd28, it is no longer
  necessary to separate build directories with RUSTC_TARGET_ARCH;
  $(BUILD_DIR) already separates build directories by target.

* Add BUILDONLY:=1, as the Rust package does not build a target package.

* Install the Cargo config file as "config.toml" instead of "config", as
  this is the preferred form[1].

* Rename RUST_CFLAGS to RUSTC_CFLAGS and CONFIG_HOST_SUFFIX to
  RUSTC_HOST_SUFFIX, for consistency.

* Allow CARGO_VARS to be set before rust-values.mk is included.

[1]: https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure

Fixes: f489e019ac4a ("rust: compile host package per target")
Fixes: 83785a7ce016 ("rust-lang: Add the rust language support")
Fixes: https://github.com/openwrt/packages/issues/22133
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 37762abcb46955467482174019249178d68e9aea)

node: bump to v18.18.0

Update to v18.18.0

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 86355454094ce47f47a468727897e335ba2f316d)

rust: Update to 1.72.0

Version 1.72.0 (2023-08-24)
==========================

Language
--------
- [Replace const eval limit by a lint and add an exponential backoff warning](https://github.com/rust-lang/rust/pull/103877/)
- [expand: Change how `#![cfg(FALSE)]` behaves on crate root](https://github.com/rust-lang/rust/pull/110141/)
- [Stabilize inline asm for LoongArch64](https://github.com/rust-lang/rust/pull/111235/)
- [Uplift `clippy::undropped_manually_drops` lint](https://github.com/rust-lang/rust/pull/111530/)
- [Uplift `clippy::invalid_utf8_in_unchecked` lint](https://github.com/rust-lang/rust/pull/111543/)
- [Uplift `clippy::cast_ref_to_mut` lint](https://github.com/rust-lang/rust/pull/111567/)
- [Uplift `clippy::cmp_nan` lint](https://github.com/rust-lang/rust/pull/111818/)
- [resolve: Remove artificial import ambiguity errors](https://github.com/rust-lang/rust/pull/112086/)
- [Don't require associated types with Self: Sized bounds in `dyn Trait` objects](https://github.com/rust-lang/rust/pull/112319/)

Compiler
--------
- [Remember names of `cfg`-ed out items to mention them in diagnostics](https://github.com/rust-lang/rust/pull/109005/)
- [Support for native WASM exceptions](https://github.com/rust-lang/rust/pull/111322/)
- [Add support for NetBSD/aarch64-be (big-endian arm64).](https://github.com/rust-lang/rust/pull/111326/)
- [Write to stdout if `-` is given as output file](https://github.com/rust-lang/rust/pull/111626/)
- [Force all native libraries to be statically linked when linking a static binary](https://github.com/rust-lang/rust/pull/111698/)
- [Add Tier 3 support for `loongarch64-unknown-none*`](https://github.com/rust-lang/rust/pull/112310/)
- [Prevent `.eh_frame` from being emitted for `-C panic=abort`](https://github.com/rust-lang/rust/pull/112403/)
- [Support 128-bit enum variant in debuginfo codegen](https://github.com/rust-lang/rust/pull/112474/)
- [compiler: update solaris/illumos to enable tsan support.](https://github.com/rust-lang/rust/pull/112039/)

Refer to Rust's [platform support page][platform-support-doc]
for more information on Rust's tiered platform support.

Libraries
---------
- [Document memory orderings of `thread::{park, unpark}`](https://github.com/rust-lang/rust/pull/99587/)
- [io: soften ‘at most one write attempt’ requirement in io::Write::write](https://github.com/rust-lang/rust/pull/107200/)
- [Specify behavior of HashSet::insert](https://github.com/rust-lang/rust/pull/107619/)
- [Relax implicit `T: Sized` bounds on `BufReader<T>`, `BufWriter<T>` and `LineWriter<T>`](https://github.com/rust-lang/rust/pull/111074/)
- [Update runtime guarantee for `select_nth_unstable`](https://github.com/rust-lang/rust/pull/111974/)
- [Return `Ok` on kill if process has already exited](https://github.com/rust-lang/rust/pull/112594/)
- [Implement PartialOrd for `Vec`s over different allocators](https://github.com/rust-lang/rust/pull/112632/)
- [Use 128 bits for TypeId hash](https://github.com/rust-lang/rust/pull/109953/)
- [Don't drain-on-drop in DrainFilter impls of various collections.](https://github.com/rust-lang/rust/pull/104455/)
- [Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata](https://github.com/rust-lang/rust/pull/106450/)

Rustdoc
-------
- [Allow whitespace as path separator like double colon](https://github.com/rust-lang/rust/pull/108537/)
- [Add search result item types after their name](https://github.com/rust-lang/rust/pull/110688/)
- [Search for slices and arrays by type with `[]`](https://github.com/rust-lang/rust/pull/111958/)
- [Clean up type unification and "unboxing"](https://github.com/rust-lang/rust/pull/112233/)

Stabilized APIs
---------------
- [`impl<T: Send> Sync for mpsc::Sender<T>`](https://doc.rust-lang.org/nightly/std/sync/mpsc/struct.Sender.html#impl-Sync-for-Sender%3CT%3E)
- [`impl TryFrom<&OsStr> for &str`](https://doc.rust-lang.org/nightly/std/primitive.str.html#impl-TryFrom%3C%26'a+OsStr%3E-for-%26'a+str)
- [`String::leak`](https://doc.rust-lang.org/nightly/alloc/string/struct.String.html#method.leak)

These APIs are now stable in const contexts:

- [`CStr::from_bytes_with_nul`](https://doc.rust-lang.org/nightly/std/ffi/struct.CStr.html#method.from_bytes_with_nul)
- [`CStr::to_bytes`](https://doc.rust-lang.org/nightly/std/ffi/struct.CStr.html#method.from_bytes_with_nul)
- [`CStr::to_bytes_with_nul`](https://doc.rust-lang.org/nightly/std/ffi/struct.CStr.html#method.from_bytes_with_nul)
- [`CStr::to_str`](https://doc.rust-lang.org/nightly/std/ffi/struct.CStr.html#method.from_bytes_with_nul)

Cargo
-----
- Enable `-Zdoctest-in-workspace` by default. When running each documentation
  test, the working directory is set to the root directory of the package the
  test belongs to.
  [docs](https://doc.rust-lang.org/nightly/cargo/commands/cargo-test.html#working-directory-of-tests)
  [#12221](https://github.com/rust-lang/cargo/pull/12221)
  [#12288](https://github.com/rust-lang/cargo/pull/12288)
- Add support of the "default" keyword to reset previously set `build.jobs`
  parallelism back to the default.
  [#12222](https://github.com/rust-lang/cargo/pull/12222)

Compatibility Notes
-------------------
- [Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses](https://github.com/rust-lang/rust/pull/112606/)
- Cargo changed feature name validation check to a hard error. The warning was
  added in Rust 1.49. These extended characters aren't allowed on crates.io, so
  this should only impact users of other registries, or people who don't publish
  to a registry.
  [#12291](https://github.com/rust-lang/cargo/pull/12291)

Refreshed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 846ee0b9d0a84ea0868c7f3a3a6bb2e1730c16d7)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>

fastd: update repository URL

I've changed my username to neocturne.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit ac897e05dd6a30be498897494843962db4633436)