net/tinc: fix PKG_CPE_ID

tinc-vpn:tinc is a better CPE ID than tinc:tinc as this CPE ID has the
latest CVEs (whereas tinc:tinc only has CVEs up to 2002):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinc-vpn:tinc

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit b52f465c7b2c6fc8438f5a09aab3bbb26eba9de5)

net/tinyproxy: fix PKG_CPE_ID

tinyproxy_project:tinyproxy is a better CPE ID than banu:tinyproxy as
this CPE ID has the latest CVEs (whereas banu:tinyproxy only has CVEs up
to 2012):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinyproxy_project:tinyproxy

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit d6d157f644ec57b682c246f6c876936f0bcb9baa)

utils/tmux: fix PKG_CPE_ID

tmux_project:tmux is a better CPE ID than nicholas_marriott:tmux as this
CPE ID has the latest CVE (whereas nicholas_marriott:tmux only has a CVE
from 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tmux_project:tmux

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit c42dcc5fd69a6f5d8cfe2aba9af0c5dccdd73e05)

utils/zsh: fix PKG_CPE_ID

zsh:zsh is a better CPE ID than zsh_project:zsh as this CPE ID has the
latest CVEs (whereas zsh_project:zsh only has CVEs up to 2017):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:zsh:zsh

Fixes: ff056fcffcacf2632505bb108bf8e8c2a3cef09c (zsh: Update to 5.6.2)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 00e038942a5856b01ee359706dbb4398148ba162)

net/boinc: fix PKG_CPE_ID

boinc_project:boinc has never been a valid CPE ID so use
rom_walton:boinc instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:rom_walton:boinc

Fixes: 9c2bd865c715cad8646157d6bbfb669d9970c322 (boinc: new package for distributed computing/data acquisition)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 013a2f2dfa1f6b7e582588c8641b0ecbc7cf223e)

utils/lrzsz: fix PKG_CPE_ID

PKG_CPE_ID was missing ":lrzsz"

Fixes: 6d6c4b21b5e22a9f1058db5b61521a298e00a5f0 (lrzsz: update to v0.12.21rc and fix a CVE)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit da56ee5bed54bf0f58a4a51d7849b9de2880dfde)

libs/expat: fix PKG_CPE_ID

There is not a single CVE linked to libexpat:expat so use
libexpat_project:libexpat instead:

https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libexpat_project:libexpat

Fixes: 70c62ef2d77aef5d8a27ccca2b147bc2a69dc7f8 (expat: update to version 2.2.7 (security fix))
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 77a02f1efcdb3ff5d7ce697806075bc34ed2ed4b)

libs/libidn2: fix PKG_CPE_ID

There is not a single CVE linked to libidn2_project:libidn2 so use
gnu:libidn2 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gnu:libidn2

Fixes: ceadbcbb64de727c3a974e552d9a723d532e4e40 (treewide: add PKG_CPE_ID for cvescanner)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit b5b4545b2452ef3a9a4d958a22f5cc053be0523c)

net/miniupnpc: fix PKG_CPE_ID

cpe:/a:miniupnp_project:miniupnpc is the correct CPE ID for miniupnpc:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:miniupnp_project:miniupnpc

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 0d96d38c6c1f5645efb129fde2e5e06c8ffc2bdc)

multimedia/motion: fix PKG_CPE_ID

motion_project:motion is a better CPE ID than lavrsen:motion as this CPE
ID has the latest CVE (whereas lavrsen:motion only a CVE from 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:motion_project:motion

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 1a50def3051ef64f4ce6240a74512177e7d51e6d)

net/nbd: fix PKG_CPE_ID

There is not a single CVE linked to network_block_device:nbd so use
network_block_device_project:network_block_device instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:network_block_device_project:network_block_device

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 222df5ed5d469f42034fea230666c011e7ea3e30)

lang/python/python-pip: fix PKG_CPE_ID

There is not a single CVE linked to python:pip so use pypa:pip instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pypa:pip

Moreover, CPE_ID missed PKG_ prefix

Fixes: eee273507b868ad5f6f7e744d513c85330967906 (python3: Split pip into separate source package)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit acad8ffb5f4b9f2f380a22c53702c048e22c82ea)

utils/gpsd: fix PKG_CPE_ID

gpsd_project:gpsd is a better CPE ID than berlios:gps_daemon as this CPE
ID has the latest CVEs (whereas berlios:gps_daemon only has one CVE from
2004):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gpsd_project:gpsd

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 1b1c28c9a03f7742ffaeda7ac2b22d82182a1137)

utils/ntfs-3g: fix PKG_CPE_ID

tuxera:ntfs-3g is a better CPE ID than ntfs-3g:ntfs-3g as this CPE ID
has the latest CVEs (whereas ntfs-3g:ntfs-3g only has one CVE from 2007):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tuxera:ntfs-3g

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 52a5e71b49dd3d10d57a20f4cb9e83aad8fbbc5e)

treewide: assign PKG_CPE_ID

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[davici: not present in 23.05]
(cherry picked from commit 5afe5c9031190844f267357c68efe3c9c3cbe51d)

lang/python/python-yaml: fix PKG_CPE_ID

There is not a single CVE linked to pyyaml_project:pyyaml so use
pyyaml:pyyaml instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pyyaml:pyyaml

Fixes: c06a04c754bdcfdb2ea0bd1d654128863a2b6738 (python-yaml: update to version 5.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 94734c4bf9ff99c0b2001c4934a3c3f1398aca38)

treewide: fix licence typos

- PKG_LICENCE -> PKG_LICENSE
- PKC_LICENSE_FILES -> PKG_LICENSE_FILES
- BSD 3-Clause -> BSD-3-Clause
- BSD-3-clause -> BSD-3-Clause
- BSD-2-clause -> BSD-2-Clause
- Public Domain -> Public-Domain
- PublicDomain -> Public-Domain
- Drop unneeded ',' in PKG_LICENSE or PKG_LICENSE_FILES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 820fcc5fb979ad9ac630231dcf12ce76342d1c01)

openssh: bump to 9.8p1

Release notes: https://www.openssh.com/txt/release-9.8

* 9.8p1 fixes CVE-2024-6387
* Adjusted Makefile to provide /usr/lib/sshd-session
* Given the troubles with -fzero-call-used-regs and all the
  broken checks, makes sense to skip it

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 75674f0439ee497bc6b77222a23e3974d150be89)

dockerd: Update to 27.0.3

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit e7ef6ae485008486a587b05df1489152abfb6248)

docker: Update to 27.0.3

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit d9925c4813d8d5c44705c81a63d54c3304170ade)

docker: Update to 27.0.2

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit ec1320310ab09ddfaf0a10b447e8f4c99f5e617b)

runc: Update to 1.1.13

This is the thirteenth patch release in the 1.1.z release branch of runc.
Itbrings in Go 1.22.x compatibility and fixes a few issues,
including anoccasional wrong nofile rlimit in runc exec,
and a race between runc list and runc delete.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit c49a11723819fa0405513800aa340c5cfa7fc9b8)

dockerd: Update to 27.0.2

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 24d29581e20d7643b8636efa3a26463fb2fd7f62)

dockerd: Update to 26.1.4

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 001e7138ddd8aa7c13213cea86956785cb382995)

containerd: Update to 1.7.18

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 8f3a94645df07996d5e1a8f26d1c4355bf2928c3)

docker: Update to 26.1.4

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit ab5b9ea2f0f530f245f068a78288968535ba85a1)

adblock: update 4.1.5-11

* removed an accidentally commited flag of the upcoming adblock 5.x, this fixes a startup regression without trigger interface

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b76f6e1c166d0344f9022d1ca994946414d9d035)

jool: update to 4.1.12

Update jool to 4.1.12
Changelog: https://github.com/NICMx/Jool/releases/tag/v4.1.12

Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
(cherry picked from commit 28256b2710fdbdb07a76d37f768bae23af45c4cf)

jool: update documentation

* corrected the documentation links for upstream
* fixed style to be correctly rendered
* add reference to OpenWrt tutorial

Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
(cherry picked from commit 8b08b29271e9f8d26ce8d337ffb4261ea8a25914)

jool: update to 4.1.11

Update jool to 4.1.11 and remove unneeded patch.
Changelog: https://github.com/NICMx/Jool/releases/tag/v4.1.11

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 643e3bf73a9222b460f00dcd23aa11b6ecf3e852)

jool: update package to version 4.1.10

Update jool to version 4.1.10 and remove a no longer needed patch.
There was also a need to backport a patch to fix compile in some archs.

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 26bf35bb4338caaefad3b1be4ee2c99d8e618618)

cloudflared: Update to 2024.4.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 462bfd84e484da313b3f096cc4dbaec54c8c94a1)
[rebased upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

cloudflared: Fix incorrect uci config syntax

Fix incorrect uci config syntax, caused by a careless newbie contributer.
Modify function append_param_arg() in init script, to support hyphenated
arguments.
Add more command parameters as uci options, no value is set to keep it default.

Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
(cherry picked from commit 2d711c8fbda489ab5f89b162c040b6502986e970)
[rebased upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

cloudflared: Add more run parameters in UCI

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/

Close #24122

Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
(cherry picked from commit 31c91837f9f171828ef6d4bd1e1867f4c593e2cc)
[rebased upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

adblock: update 4.1.5-10

* made the DNS Reporting / tcpdump parsing code more capable
* small init fixes
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit a029f01d81b021b6ab7fd24e5da7d9af03681aba)

aardvark-dns: update to 1.11.0

changelogs:
https://github.com/containers/aardvark-dns/compare/v1.10.0...v1.11.0

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 39f75472f5f3686833c890daea0dca0166ebb5db)

aardvark-dns: update to 1.10.0

changelogs: https://github.com/containers/aardvark-dns/releases

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit f03ac48d30629b032ac2372b24d41a9f9b8e4732)

libjwt: add package

Add package for JWT C Library built against OpenSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 57fdc5d2b98e6bdd96f8f0f6f0448579bc3ddbad)

powertop: update to 2.15

Release mainly focuses on bug fixes and patching compatibility issues.
Also, adds support to multiple platforms.
Removed obsolete patch as upstream has fixed.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>

xray-core: update to 1.8.16

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit f84ed39a615011d029077335578ba1d4db795e5d)

xray-core: update to 1.8.15

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 4cbfd4709e1050a85f51b42fafab3753a0329901)

natmap: reset PKG_RELEASE to 1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 1d542b8919a0e98836055bdd251e0345b80a0bc6)

natmap: update to 20240603

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b0a4fd300f23f99bc678162165c23e93bb1e24e8)

banip: update 1.0.0-4

* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit d17f661aee8aab300bd73d682748eac61bea27a2)

golang: Update to 1.21.11

go1.21.11 (released 2024-06-04) includes
security fixes to the archive/zip and net/netip packages,
as well as bug fixes to the compiler,
the go command, the runtime, and the os package.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>

lighttpd: fix missing dependency for OpenSSL crypto library

This change will provide the necessary dependency resolution, fixing:

  Package lighttpd is missing dependencies for the following libraries:
  libcrypto.so.3

Fixes: #23794
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a300185d49e87848f9b8027393196631841b32f6)

lighttpd: add option to use OpenSSL crypto library

Currently, it is not feasible to configure lighttpd to use OpenSSL as
its internal crypto library. Instead, one must rely on alternative
crypto libraries such as Nettle or mbedTLS. This setup is not ideal in
scenarios where a single crypto library is preferred. To address this
issue, lets propose introducing OpenSSL as an additional configuration
option.  Similarly, propose GnuTLS as additional configuration option.

Closes: #24004
Co-developed-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8c9597f1dcb0ab5965a5ecdb506e234c5da61a3e)

schroot: fix compilation with GCC14

GCC now does not allow assigning an std::locale to an std::string. No
idea why it worked originally.

Also fixed compilation with full NLS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c3e2dcc128adde5af8b0d07c38962cc4fd8b3a3b)

stlink: fix compilation with GCC 14

Switch to local git tarballs. Smaller.

Upstream backport and a local patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 41a5880f01529c7226af5c1fece9b8e0017c5132)

prometheus-node-exporter-lua: Add optional mwan3 collector

Supports interface metrics exposed by mwan3. The performance is a
little slow compared to other collectors (~300ms) as the ubus call is
where most of the time is spent. Any future speedups are likely better
put into mwan3's rpcd binary.

Signed-off-by: Ryan Doyle <ryan@doylenet.net>
[rename metrics,bump version]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit c279efb760ca516db7cdaee32216344df47f2203)

prometheus-node-exporter-lua: Add "node_textfile_mtime_seconds" metric

…for textfile collector, to make it more consistent with the upstream
Prometheus node-exporter

Signed-off-by: Rob Hoelz <rob@hoelz.ro>
[bump version]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 4edae8449946f46bbb3943eb0af066048ef37c54)

prometheus-node-exporter-lua: remove duplicated nat samples

Merge duplicate src/dest samples by suming their value (bytes count)

Fixes #24166

Signed-off-by: Antoine C <hi@acolombier.dev>
[bump version number]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit cd8f67298c588a6e80c5991b6921222eea10a06f)

prometheus-node-exporter-lua: fix netclass duplicate TYPE lines

Fixes a315c40b7232bbc83582685c98e41466d84d7a35

[initial fix]
Signed-off-by: René Treffer <treffer@measite.de>
[fixup René version]
Signed-off-by: PichetGoulu <pichet@nosuid.be>
[actual commit]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit aa7ea7938f4b39fef4b8a0a3f9ab14c1119be515)

prometheus-node-exporter-lua-hostapd_stations: fix not reporting metrics

- fix incorrect interface name mapping in hostapd_stations exporter

Signed-off-by: Balázs Urbán <szalab9@gmail.com>
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 1930d39a15113a8ede7d2794e394678e87697f5d)

prometheus-node-exporter-lua: add missing libubus-lua dependency

Fixes a315c40b7232bbc83582685c98e41466d84d7a35

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit fe489585c260a40832ce76ab1236751cf6561da8)

prometheus-node-exporter-lua: bump package version

Signed-off-by: Ivan Mironov <mironov.ivan@gmail.com>
(cherry picked from commit 41975220c0b177892bd0184387a354bc036bc983)

prometheus-node-exporter-lua: add basic hwmon exporter

This collector supports following metrics:

 * node_hwmon_temp_celsius
 * node_hwmon_pwm

and following auxiliary mappings:

 * node_hwmon_chip_names
 * node_hwmon_sensor_label

Tested on:

 * Banana Pi BPI-r3 / OpenWrt 23.05.0-rc2
 * TP-Link Archer C7 v5 / OpenWrt 22.03.5

Signed-off-by: Ivan Mironov <mironov.ivan@gmail.com>
(cherry picked from commit 431fefbdea559625c5b46ff2011237fefcbf1c1c)

prometheus-node-exporter-lua: Add thermal collector

Signed-off-by: Joel Pettersson <me@joelpet.se>
(cherry picked from commit 1eeb1dc2de82c093e2cd1ccc71ffd36a449301f9)

banip: update 1.0.0-3

* fixed a regression in the split Set function (reported in the forum)
* fixed regex for urlhaus feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2cc7cf3ca0aa6ad2cf5d67a66632ca5a516eb07b)

apfree-wifidog: update to 7.06.2008

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit a1b1bd87bf87643e8a3b9235c3b21a3099722658)

apfree-wifidog: support rule group and websocket&dns proxy flag

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit a34f47e7bb067f98419c217d132e529549d2ecc5)

ruby: update to 3.2.4

The 3.2.3 release includes many bug-fixes. This release also includes
the update of uri.gem to 0.12.2 which contains the security fix.

- CVE-2023-36617: ReDoS vulnerability in URI

See: https://www.ruby-lang.org/en/news/2024/01/18/ruby-3-2-3-released/

The 3.2.4 release includes security fixes. Please check the topics below
for details.

- CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
- CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
- CVE-2024-27280: Buffer overread vulnerability in StringIO

See: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-2-4-released/

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

banip: update 1.0.0-2

* fixed a possible "Argument list too long" error in the f_log function
* fixed multiple, incomplete digit character classes
* fixed/optimized split file handling
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 059a5303296cd8a56aa6777ef5c9a61bef5dd48a)

sing-box: update to 1.9.3

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 128c0f03ef0d166f9f6d2fe83cea55a6d80789df)

sing-box: update to 1.9.2

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b82a70dd191f8e401d3aeb710d2aeb0530895b05)

sing-box: update to 1.9.1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 909ec005b605857d529bc449843206195a4c1e32)

unbound: pull in adblock-fast generated adb_list

* adblock-fast can generate the compatible adb_list-file, but it's
  only pulled if net/adblock installed, this patch also pulls in the
  adb_list file if net/adblock-fast is installed.
* also bump PKG_RELEASE

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit d7d1743c834dffeb7e3ea0c9ee16ec587788f0ca)

Merge pull request #24340 from mhei/23.05-php8-update-to-8.2.20

[23.05] php8: update to 8.2.20

iperf3: fix usage with big endian

Upstream submissions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 37ade7efabae535bb4612177bc4cf0a32353b8e9)

iperf3: update to 3.17.1

Changelogs since last release:
https://github.com/esnet/iperf/releases/tag/3.17
https://github.com/esnet/iperf/releases/tag/3.17.1

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit b450fbc5eaf7bcfeac1b0e8641f5d46a5d3f821c)

banip: release 1.0

* made sure, that the domain lookup always add the found IPs to the underlying allow-/blocklist-Set
* major readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cc709768b5a243d0f021834a9cc4ca872e5f84bb)

php8: update to 8.2.20

This fixes:
    - CVE-2024-4577
    - CVE-2024-5458
    - CVE-2024-5585

Changelog: https://www.php.net/ChangeLog-8.php#8.2.20

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

libpfring: backport patch fixing compilation error for sa_data

Backport patch fixing compilation error for sa_data not well defined.
This is triggered only on platform that makes use of fortify string and
cause compilation error due to the fact that sa_data is not well defined
and his size is arbitrary.

Patch has been accepted in the PF_RING project and this is just a
backport.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c3a50a9fac8f9d8665f8b012abd85bb9e461e865)

libpfring: update to 8.4.0

Release notes:
https://github.com/ntop/PF_RING/releases/tag/8.4.0

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 534bd518f3fff6c31656a1edcd7e10922f3e06e5)

hev-socks5-server: update to 2.6.6

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit c6777c6ecc2a5097d3ef12b142c1d330f226cbf4)

Merge pull request #24317 from p-w-p/xray-core_update

[23.05] xray-core: update to 1.8.13

xray-core: update to 1.8.13

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6a9b65119d95ebddd5875135ffaca1fc77a28e5f)

node: bump to v18.20.3

Notable changes
This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.
A fix has also been included for compiling Node.js from source with newer versions of Clang.
The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
* acorn updated to 8.11.3.
* acorn-walk updated to 8.3.2.
* ada updated to 2.7.8.
* c-ares updated to 1.28.1.
* corepack updated to 0.28.0.
* nghttp2 updated to 1.61.0.
* ngtcp2 updated to 1.3.0.
* npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
* simdutf updated to 5.2.4.
* zlib updated to 1.3.0.1-motley-7d77fb7.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

sing-box: update to 1.9.0

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 087fe17bf746fa1edc6f452c02ac05d75fa93daf)

banip: update 0.9.6-3

* fixed concurrent, too high nft loads during feed processing (seen in LuCI frontend)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3584187f69f954e0e70dc86ffcf7d46d0df37452)

apache: add compile fix for libxml-2.12.x

libxml2 restructured includes, thus another include is now required
otherwise build fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 7009c6be73cdb1535c4e13bd86bbccb623cade87)

banip: update 0.9.6-2

* fix regex for nixspam and sslbl feed
* list the pre-routing limits in the banIP status
* small fixes and log improvements

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 27e86ef42e832545a9a66d479c4bbd99afaab5c5)

xfrpc: update to 3.05.661

This version is compatible with FRPS 0.58.0

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit d5c22612a90e9a0fd09d4307e567240562a10287)

xfrpc: Revised the config file and adjusted the corresponding init file

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit e39af317532bd67580e6d12d4b4c9590cafa574e)

ocserv: use a more neutral character for sed

This resolves a startup issue.

Resolves: #24203

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

nextdns: Update to version 1.43.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>

sing-box: update to 1.8.14

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 2b7369c323ac232ccb39f0321c5b86053a29b263)

dnsdist: update to 1.9.4

fixes CVE-2024-25581

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>

haproxy: update to v2.8.9

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>

banip: release 0.9.6-1

* refine IPv4 parsing, skip rough feed entries like loopback addresses
* better error logging during banIP nftables initialization and Set loading
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ccca9c832540d9eea78d5a438c14142f8e087735)

openconnect: introduced URI parameter

This allows specifying a camouflage string in ocserv.

Fixes: #23364
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

openconnect: backport fix for anyconnect compatibility

Fixes: #21135
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

gptfdisk: update to 1.0.10

- Delete upstreamed patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit ad6344d0455038e374f57a7fb15d3d1ace8d889b)

golang: Update to 1.21.10

go1.21.10 (released 2024-05-07) includes security fixes to the go
command, as well as bug fixes to the net/http package.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

Merge pull request #24139 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.1.2-1

pdns-recursor: update to 4.8.8

fixes CVE-2024-25583; also includes changes from 4.8.7 that
fix regressions introduced with the security fixes in 4.8.6

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>

adblock-fast: update to 1.1.2-1

* move extra_command and EXTRA_HELP to the top of the init file
* add packageCompat variable for compatibility check with WebUI
* add OutputFilter variables for supported resolvers
* simplify adb_check with the use of OutputFilter variables
* add show_blocklist command to display currently blocked domains

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit fb151d5b8269f458cd54b75975d6a63ad8401b35)

ocserv: updated to 1.3.0

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

banip: update 0.9.5-5

* fix a processing race condition
* it's now possible to disable the icmp/syn/udp safeguards in pre-routing - set the threshold to '0'.

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 083554094b169ad79ce4d4054e227f0829722de7)

docker: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>