dawn: update to 2021-08-05

* c70773a - datastorage: use signal strength as a metric
* 14e0f83 - Don't display debugging output with DAWN_NO_OUTPUT
* 97e5de1 - uci: add neighbor list priority options
* 2b1a53c - dawn_uci: set default values
* 6eb747b - Use separate configs for 802.11g & 802.11a bands
* 1e34357 - Verify compatibility before parsing config message
* a7a8309 - List all neighbors with same score when kicking
* 3ba0fa4 - Change beacon request fields to appropriate values
* 009aab9 - Change mode config parameter from int to string

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2039e3fce068d39ff51cf2be514bf50f66468043)

docker: update to 20.10.9

* switch to AUTORELEASE

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

dockerd: update to 20.10.9

* switch to AUTORELEASE
* fixes CVE-2021-41089

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

yq: Update to 4.13.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 336577fe29f569d8a7455603ba92cdde14dde300)

nextdns: Update to version 1.37.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

ksmbd-tools: update to 3.4.2

Signed-off-by: Marcos Del Sol Vives <marcos@orca.pet>
(cherry picked from commit 212f057df74b3937ebaf8b347852c937484ee7bb)

ksmbd-tools: update to 3.4.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ac5097af94a6e63a4089c7c4bc1ecd443c6248e7)

ksmbd: use hostname only as name

even if a fqdn (with domain) is set by user

Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
(cherry picked from commit 47e87e1b75dfd5286a7e87cbfee25db3d9c78f8a)

ksmbd-tools: update to 3.4.0

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0162bd3a9f449ee92ee73232db10f541576be162)

django: bump to version 3.2.8

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

Merge pull request #16930 from stangri/openwrt-21.02

[21.02] vpn-policy-routing: bugfixes: killall and tmpfs params

vpn-policy-routing: bugfixes: killall and tmpfs params

* bugfix: change killall param from -HUP to -s HUP
* bugfix: change tmpfs param from status to gateway

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 2b6c8d827369a29d3546c6bae27121aeb93e7f9a)

node: bump to 14.18.1 / October 12th 2021 Security Releases

October 12th 2021 Security Releases:
 HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)
 HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

Merge pull request #16924 from stangri/openwrt-21.02

[21.02] vpn-policy-routing: revert to 0.3.4-8

vpn-policy-routing: revert to 0.3.4-8

* there are reports that 0.3.5-x versions do not work on some configs
* the development of the new features moved to the new package (pbr)
* revert to the last known good version of vpn-policy-routing

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 77514c10a7795a395167213f02cb9669ea9a1d77)

msgpack-c: Update to 4.0.0

- Fixed typo error in PKG_LICENSE_FILES.
- Updated CMAKE_OPTIONS.
- Refreshed the patch.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e4d463b89d300bb6148a4e232667bb5838cd718a)

msgpack-c: don't check for GTest

Not available with OpenWrt. Fixes compilation when host GTest is
present.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7f34b03356e770d6aa14a9fa5152ac4020338b93)

nnn: update to 4.2

* switch to AUTORELEASE

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 42bf46039c48d7a7b03c292e1975870b1d360269)

fakepop: fix compilation with PKG_ASLR

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 15d2ed15caa23003447e83d1de219b7968919088)

lxc: update to 4.0.10

Remove getline patch. It seems to be for uClibc, which is no longer in
the tree.

Remove commands patch. Issue was fixed upstream. Same with the tests
patch.

Remove gpg patch. It's an upstream backport.

Refreshed others.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3df43e2f66a8f089e7b0b2af9c012a2e300229b0)

Merge pull request #16899 from stangri/openwrt-21.02

[21.02] simple-adblock: update to 1.8.8-1

simple-adblock: update to 1.8.8-1

* update 'check' function

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit d11f310230497ea81cf207f9214528bd9d221eee)

Merge pull request #16896 from stangri/openwrt-21.02

[21.02] curl: update to 7.79.1

curl: update to 7.79.1

* update to [7.79.1](https://curl.se/changes.html#7_79_1)

Signed-off-by: Stan Grishin <stangri@melmac.net>

Merge pull request #16889 from paper42/knot-3.1.2-21

[21.02]: knot: update to 3.1.2

knot: update to 3.1.2

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

crowdsec-firewall-bouncer: initial package v0.0.15

/net/crowdsec-firewall-bouncer/

crowdsec-firewall-bouncer will fetch new and old decisions from
 a CrowdSec API to add them in a blocklist used by supported firewalls.

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 676a621647000c2618360a7752151c7110bd6c58)

crowdsec: initial package v1.2.0

/net/crowdsec/

Crowdsec - An open-source, lightweight agent to detect
 and respond to bad behaviours.
 It also automatically benefits from a global community-wide
 IP reputation database.

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 8903d1b7ca403bcffaead372ac288213252d5d75)

yq: Update to 4.13.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 2f51a0188c36ed99b21d53fa9ddb123458b935e8)

Merge pull request #16884 from stangri/openwrt-21.02

[21.02] https-dns-proxy: update to 2021-09-27

https-dns-proxy: update to 2021-09-27

* update to [2021-09-27](https://github.com/aarond10/https_dns_proxy/commit/da2501f542a732167a78f1851a511d9c0abc2fd8)
* fixes https://github.com/aarond10/https_dns_proxy/issues/125
* restart instead of reload on interface hotplug
* fixes https://github.com/openwrt/packages/issues/16794
* produce output and log entries on service start/stop
* prevent unnecessary dnsmasq restarts if service has previously updated dnsmasq settings
* allow both named and typed dnsmasq instance settings to be updated
* update 010-fix-cmakelists patch file

Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit f8d16338da979ad20908bd2a16ca62857a902e91)

tor: update to 0.4.5.10

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

acme: update to 3.0.1

On September the 29th, the certificate for R3, the intermediate
CA of Let's Encrypt expired, followed by the root CA expiration
on September the 30th. Update the acme client to 3.0.1,
to make sure newly generated certificates are using the new CA.
This is a backport of 468fc5fca429ca4276dfcfb4136a0d741ed9038b.
https://github.com/openwrt/packages/pull/16801

Default to letsencrypt because the upstream default may change.
Passing --staging is no longer needed, since --serever will
select a staging server if needed.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>

golang: Update to 1.17.2

Includes fix for CVE-2021-38297 (passing very large arguments to WASM
module functions can cause portions of the module to be overwritten).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit dd986cde7fba08b7c01e3c2a7e25ae612319041f)

Merge pull request #16806 from mhei/21.02-php8-update

[21.02] php8: update to 8.0.11

Merge pull request #16805 from mhei/21.02-php7-update

[21.02] php7: update to 7.4.24

perl: perlmod.mk: use flock when hostpkg/perl used

Avoid parallel relinking and usage of the host perl binary by wrapping
its usage around flock calls.

Sometimes, two packages will try to relink the static host perl binary
at the same time.  Neither of them will have the other's module linked
in, and one of them will unavoidably clobber the other one's binary.

This will lead to errors when a package will not be able to find a
module that was supposed to be installed.

To fix that, an exclusive flock is used when relinking, with a 900
seconds timeout to avoid locking up the build process forever.

This is not enough because the binary may be concurrently used to build
another module package; perl is used in Configure, Compile, and Install
procedures.  If timing is right, a package will fail with a "permission
denied" error.

So a shared flock call is added in Configure, Compile, and Install
definitions for host and target, with a shorter, 300 seconds timeout.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1e18c4324fd1fb43764057fb8f4e9c1ea4a17553)

ttyd: fix ssl ca option init

Signed-off-by: Max S Kash <asukms@ya.ru>

python-pytz: bump to version 2021.3

And switch to AUTORELEASE for PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

nano: update to 5.9

Update nano editor to version 5.9.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 38143e6f8b9d1ff0a3e33a15d655306cc9f74c27)

smcroute: update to version 2.5.3

Signed-off-by: Moritz Warning <moritzwarning@web.de>

autossh: fix procd env issue

This commit fixes an issue where the `AUTOSSH_GATETIME` is not available in the `procd`  environment which gets overwritten by the second `procd_set_param env` call.
It now calls the `procd_set_param env` once with the two variables, instead of twice.

Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 9c4d79519ced3d0ccf6917e24b32b747e1672c62)

autossh: fix compilation without ssh installed

configure script looks for host ssh. Just pass the configure variable
directly. --with-ssh doesn't work.

Also get rid of custom Compile section. It's not needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 63b7febf5f62a120539611b1f7c252db5dc244cb)

php8: update to 8.0.11

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 6969fedfd96010dbab67e83d4e761d581bbb3a1d)

php8: fix module loading with glibc (refs #16642)

Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 1bff138517bd4ea93b59873590f7dfd0c7fe1931)

php8: update to 8.0.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 449acc7dacf867db2a00ea886b7e4484ceeca6d9)

php7: update to 7.4.24

This fixes:
    - CVE-2021-21706

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 96a04adbf3a3c76360c8be6f7a18c7e9c04561d4)

php7: fix module loading with glibc (refs #16642)

Without -ldl linker flag .so extensions are not loaded
when glibc is used. Fix it by providing adjusted LDFLAGS
for this case.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit d153c61650c0e5a55f4d9d00fcae6f257992c35f)

travelmate: support meta-refresh with single-quote

Currently `travelmate` only support `<meta` tag
if it contains `"`. This updates `travelmate.sh` to support
`'` as well.

```html
<meta...content='1; url=
```

Signed-off-by: Kamil Trzciński <ayufan@ayufan.eu>
(cherry picked from commit 2cbd9a2eb1a1658bed9d766e7397ff9ee39cd83b)

cache-domains: Fixed remote script usage change
* Removed all unnecessary files after configuration
* Reduced code duplication
* Changed to symlinking config instead of copying

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>

haveged: update to 1.9.15

Update haveged to version 1.9.15.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

yq: Update to 4.13.3

Fixes: CVE-2021-33196
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 86e26a0c3b18883d8e6884c538d68e04160eaf47)

openpyxl: bump to version 3.0.9

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

[openwrt-21.02] delve: Update to 1.7.2

See https://github.com/go-delve/delve/blob/master/CHANGELOG.md for
changes.

Signed-off-by: Niels Widger <niels@qacafe.com>

zerotier: update to 1.6.6

This is a security release (see [1]).

[1] https://www.zerotier.com/2021/09/21/incident-response-to-september-20th-2021

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 7f50af89496751206a764c244a7f93a4acde9c34)

xray-core: Update to 1.4.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0a2fb81acc71a687b7f8a29baff5ad2ef7d58497)

yq: Update to 4.13.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f97d8182b8cbfc89db70cf99052b924883136464)

attendedsysupgrade-common: use sysupgrade.openwrt.org

A new server was added which runs within the OpenWrt cloud, it's much
faster and should be used instead. For development the server at
https://asu.aparcar.org stays available.

Signed-off-by: Paul Spooren <mail@aparcar.org>

libmbim: bump to 1.24.8

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 2e3fb9c996afa9b0a026f92d9a1b57cb4238e012)

modemmanager: bump to 1.16.6

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 5bfe8ed2dffb8b8af37b78d8399b19344ba49311)

libqmi: bump to 1.28.8

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 4e67af0cc1f96217a483e5196edf06cb1d216573)

libqmi: bump to 1.28.6

Signed-off-by: Nicholas Smith <nicholas@nbembedded.com>
(cherry picked from commit 875e7a759de89cb86f44cace9622549d7e9855af)

lxc: remove legacy cgroups from common.conf

I am unaware of any kernel currently provided that retains cgroup v1 support.
This patch removes these lines in /usr/share/lxc/config/common.conf to allow
for error free usage.

Providing common.conf as-is will result in failure to start. One solution is to
comment out the legacy lines.[1] This requires users to either provide a custom
version of this file on their builds or to manually edit it with each update.

Since many do not build their own, the first option is not available to them.
Manually editing the file with each update will cause a failure to start
containers set to auto-start upon rebooting into the update.

1. https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container/99835

Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit 049cf1e1b0fef97f98ad77a8a26d0fa1b6dad174)

syncthing: update to 1.18.2

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 9a172a52fbd293c742d02cdb49f77ddf06928c7f)

python-astral: update to version 2.2

Update copyright

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1deaf6dbbeb1247ff34c1b569ccd922a0e656511)

fail2ban: patch CVE-2021-32749

* switch to AUTORELEASE

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 273a6d19c5aa29b84873a765a942b204b4249200)

Merge pull request #16635 from mhei/21.02-php7-update

[21.02] php7: update to 7.4.23

Merge pull request #16633 from 1715173329/yq-2102

[openwrt-21.02] yq: Update to 4.13.0

php7: fix config file upgrade issue (fixes #14623)

The addressed issue is related to #6893 as its resolution
is actually causing the problem.

When changing the priority of the config file it happens
that after a sysupgrade the previous file is restored
and the new file is added, ending up in a situation
like this:

/etc/php7/15_openssl.ini
/etc/php7/20_openssl.ini

Causing a double extension=openssl.so to be parsed,
which is not appropriate and leads to error message.

The same problem might also occur for mysqli since there
was also a priority change - let's take care about this
at the same time.

The solution is to remove one of the files. Since it is
a configuration file, the user might have adjusted it, so
lets just use the previous version to replace the new
installed version.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit e51a04930153dad8f7bf74fbde4cfd8e8bd4d0f8)

php7: update to 7.4.23

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit fb9e05615b40a8015168d8e6d8ab1cb9eb636fd5)

yq: Update to 4.13.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 993315f90a0f632803e5d0da923f000176ff7818)

travelmate: update to 2.0.7-2

* removed the newly introduced wpa-supplicant dependency as it makes trouble with a circular dependency

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 40f1071a393a6606eca262b386d2266b4fa931b4)

openpyxl: bump to version 3.0.8

And switch to AUTORELEASE for PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

adguardhome: bump to 0.106.3

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.3

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit 3626cc96f8c0bb91078e2be5f793de99d770441f)

adguardhome: bump to 0.106.2

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.2

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit b7048446586ce34ad958381d89dd67bcc80b7665)

adguardhome: bump to 0.106.1

* Create working directory when it is not present. Apparently
  some recent change made adguardhome fail to start when working
  directory is missing.
* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.1

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit 350ba8cbbd7d24dfabd7ecdec6f264265b37d368)

adguardhome: bump to 0.106.0

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.0
* Add build time LDFLAG introduced in commit [1].

[1]: https://github.com/AdguardTeam/AdGuardHome/commit/1d07afb30ee9ff00de72182200b7e1c6d1606d77#diff-82ef468ec5547f1ed424776755a7f87dfec4eba9838d2c2ac02c9881bb67d737R67

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit 48bf0f8e81dc10d63ac1072ae3e17915f7fe58ab)

adguardhome: bump to 0.105.2

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.105.2

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit d12c6658e4419637f703f2978a83fb849f315a76)

adguardhome: bump to 0.105.1

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.105.0
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.105.1
* Add node-yarn/host dependency as it is needed since [1].
* Adjust LDFLAGS to the new ones introduced in [2].
* Invoke targets from make instead of manually running npm and yarn.
* Replace GO_PKG_EXCLUDES with GO_PKG_BUILD_PKG as our intention is to
  build only one specific package (a cosmetic change).

[1]: https://github.com/AdguardTeam/AdGuardHome/commit/5e20ac7ed5de861ea5c945d1775f75312d62b69f#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R140
[2]: https://github.com/AdguardTeam/AdGuardHome/commit/0d67aa251d18f8ab47cfd90072e9d0387dff4224#diff-82ef468ec5547f1ed424776755a7f87dfec4eba9838d2c2ac02c9881bb67d737R60

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit d208610b8d56be1845b26605c34589ed79414bd3)

Merge pull request #16621 from jefferyto/golang-1.17.1-openwrt-21.02

[openwrt-21.02] golang: Update to 1.17.1

Merge pull request #16627 from acooler15/add_parted-21.02

[21.02]parted: add new package

autoconf: fix shebang

Fix shebang errors for autom4te, autoreconf, autoheader, autoscan, autoupdate, ifnames.

resolve openwrt/packages#16604

Signed-off-by: Ren Zongjia <acooler15@foxmail.com>
(cherry picked from commit 72f3dfcb0e1c2acb225d282c6968e42852df6cef)
Signed-off-by: Ren Zongjia <acooler15@foxmail.com>

parted: add new package

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 5ad56ca3407973980109a42c66995cd31fe1f456)
Signed-off-by: Ren Zongjia <acooler15@foxmail.com>

golang: Update to 1.17.1

Includes fix for CVE-2021-39293 (archive/zip: overflow in preallocation
check can cause OOM panic).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit aa96b8408f84a42142e44e930191a33143914b0d)

banip: update 0.7.10-3

* Updated firehol ipset URLs

Signed-off-by: Richard Gering <rg4github@dutchies.us>
(cherry picked from commit e803f3d75f383929426b4e17331b9d5f80ffdcc8)

travelmate: update to 2.0.7

* add wpa-supplicant package dependency
* removed no longer working 'db-bahn.login' and 'wifionice.login' auto-login scripts
* added the new 'wifibahn.login' script for auto-logins to captive portals WIFI@BAHN (DE),
  run tested on a single ICE (station logins are currently unsupported!)
* vodafone.login prepared to support free/time limited logins (still WIP!)
* change return code handling in login scripts and travelmate
* refine f_wifi function
* fix a few conercase issues

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3167e00aff44c1ae5172f4c5547b3136caef6088)

Merge pull request #16524 from paper42/hplip-no-aslr-21

[21.02] hplip: add a patch to fix PIE builds

ntfs-3g: patch CVE-2019-9755

* switch to AUTORELEASE

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>

python3: bump version to 3.9.7

Refreshed patches.
And apply hack for line-endings in pep517 (from pip).

Hack comment:
  # FIXME: [1] get rid of this asap; 'patch' doesn't like Windows endings, and this file is full of them...
  #        I actually tried this in a number of ways and the only way to fix this is to implement
  #        a poor-man's dos2unix using sed.
  #        The issue is with the pip package; it seems that it throws in some Windows line-endings
  #        and 'patch' won't handle them. So, we do a "dos2unix" and then patch.
  #        We can get rid of this once this is solved upstream and in pip:
  #            https://github.com/pypa/pep517/pull/130

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 26988f905f1f78ee0fd67dc90c3c7b112ac1817d)

fail2ban: fix hotplug when disabled

Avoid restarting fail2ban by hotplug when the service is disabled.
Related issue: https://github.com/openwrt/packages/issues/16601

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
(cherry picked from commit 57aab9f1d15fd694ffdf6a83d73d15497d1a5f08)
Signed-off-by: Kerma Gérald <gandalf@gk2.net>

django: bump to version 3.2.7

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

fail2ban: fix package for fail2ban v0.11.2

fail2ban v0.11.2 package version 2

Following PR #15098, add fixes to build fail2ban package:
- remove use of fail2ban-python (directly use python3 in script)
- remove link to python3 in /usr/bin (break the package build)
- remove python-tests (reduce the package size)

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 56a084d3922c84e936ef660a67a2156439223393)

fail2ban: initial package of fail2ban version 0.11.2
python3-pyinotify: initial package version 0.9.6 of pyinotify for python3

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit bcb8775e48eb8f99a76b05a8539a0140513e4158)

nextdns: Update to version 1.37.2

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

unbound: backport fix for permission denied error

Currently there is a problem with log spam when ipv6 network
is dropped. Fix this by backporting a patch to silence these errors
when verbose logging is not enabled.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit f2f05088a5a12bf9963b83d9613bb96335a27e66)

unbound: update to 1.3.2

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry picked from commit 17c25269d75c5cfedb68aec20d2f9cffa977bc62)

unbound: fix build on non-linux systems

Override places that call uname to detect target features

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit cc1d0aa3d2e83252b1e85e65ce6eb6c7a4c4e98b)

cgi-io: update to latest Git HEAD

98cef9d Retry splice() syscall on EINTR

Fixes: https://github.com/openwrt/luci/issues/5342
Fixes: https://bugs.openwrt.org/index.php?do=details&task_id=4006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit db8e0fdea454c3b07d859935de5a7d3714fd72ac)

haproxy: Update HAProxy to v2.2.17

- This update fixes CVE-2021-40346; see: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
- Update haproxy download URL and hash

Signed-off-by: Christian Lachner <gladiac@gmail.com>

wsdd2: update to git (2021-08-09), switch to Netgear repo

* update to git (2021-08-09)
* switch to Netgear repo

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>