feed/packages.git
2 years agoMerge pull request #19571 from 1715173329/v2
Josef Schlehofer [Wed, 12 Oct 2022 06:43:04 +0000 (08:43 +0200)]
Merge pull request #19571 from 1715173329/v2

[openwrt-22.03] v2ray-core: add new package

2 years agopython3: update to 3.10.7
Michal Vasilek [Mon, 10 Oct 2022 13:39:46 +0000 (15:39 +0200)]
python3: update to 3.10.7

* fixes CVE-2021-28861
* adjust pip and setuptools versions
* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit e9ddc479f9a77b9d173081bbc57cd805b24942d8)

2 years agoMerge pull request #19580 from stangri/openwrt-22.03-curl
Stan Grishin [Mon, 10 Oct 2022 11:09:22 +0000 (04:09 -0700)]
Merge pull request #19580 from stangri/openwrt-22.03-curl

[22.03] curl: error out if wolfSSL is not usable

2 years agocurl: error out if wolfSSL is not usable 19580/head
Petr Štetiar [Mon, 10 Oct 2022 08:47:55 +0000 (10:47 +0200)]
curl: error out if wolfSSL is not usable

When we explicitly declare, that we would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then we should
make sure, that we either endup with curl having that support, or it
shouldn't be available at all, otherwise we risk, that we end up with
regressions like following:

  configure:25299: checking for wolfSSL_Init in -lwolfssl
  configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
  In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
                   from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
                  from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
                   from conftest.c:47:
  target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
       #include <wolfssl/wolfcrypt/sp_int.h>
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
  compilation terminated.

and in the end thus produce curl without https support:

 curl: (1) Protocol "https" not supported or disabled in libcurl

So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:

 checking for wolfSSL_Init in -lwolfssl... no
 configure: error: --with-wolfssl but wolfSSL was not found or doesn't work

References: #19005, #19547
Upstream-Status: Accepted [https://github.com/curl/curl/pull/9682]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 9140f366ef91c6eeb04ca39347c40deecaf56419)

2 years agoMerge pull request #19568 from 1715173329/y3
Josef Schlehofer [Sun, 9 Oct 2022 19:37:02 +0000 (21:37 +0200)]
Merge pull request #19568 from 1715173329/y3

[openwrt-22.03] yq: Update to 4.28.1

2 years agoMerge pull request #19567 from 1715173329/c3
Josef Schlehofer [Sun, 9 Oct 2022 19:36:56 +0000 (21:36 +0200)]
Merge pull request #19567 from 1715173329/c3

[openwrt-22.03] cloudflared: Update to 2022.10.0

2 years agov2ray-geodata: split from xray-geodata 19571/head
Tianling Shen [Thu, 8 Sep 2022 01:54:40 +0000 (09:54 +0800)]
v2ray-geodata: split from xray-geodata

This can be used for v2ray, Xray, v2rayA and some other projects,
make it generic.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 975153f93da132e545353d90ff3eb76b16ed0938)
[rebased into 22.03 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agov2ray-core: add new package
Tianling Shen [Thu, 8 Sep 2022 01:52:57 +0000 (09:52 +0800)]
v2ray-core: add new package

Project V is a set of network tools that help you to build your own computer network.
It secures your network connections and thus protects your privacy.

For more details, see https://www.v2fly.org/en_US/guide/faq.html

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6461d1b055d32021de6591bebae4f3301a755fd0)

2 years agoyq: Update to 4.28.1 19568/head
Tianling Shen [Sat, 8 Oct 2022 06:25:38 +0000 (14:25 +0800)]
yq: Update to 4.28.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 40f0e263bf63068ff8c4e1adeaf4e807498d95f5)

2 years agocloudflared: Update to 2022.10.0 19567/head
Tianling Shen [Sat, 8 Oct 2022 06:24:38 +0000 (14:24 +0800)]
cloudflared: Update to 2022.10.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 37bdf739b1c2710614db31a90df5e3e819d6aa01)

2 years agocloudflared: Update to 2022.9.1
Tianling Shen [Sun, 2 Oct 2022 04:57:25 +0000 (12:57 +0800)]
cloudflared: Update to 2022.9.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit cae36485f02b7f05a0296396483174f045cfece4)

2 years agoMerge pull request #19553 from commodo/python-pytz-22.03
Alexandru Ardelean [Sun, 9 Oct 2022 05:07:48 +0000 (08:07 +0300)]
Merge pull request #19553 from commodo/python-pytz-22.03

[22.03] python3-pytz: bump to version 2022.4

2 years agogg: Update to 0.2.13
Tianling Shen [Sun, 2 Oct 2022 04:58:23 +0000 (12:58 +0800)]
gg: Update to 0.2.13

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 891b87747a5100d5e8c489cea0882a0a0ce8f127)

2 years agodnsproxy: Update to 0.45.2
Tianling Shen [Sun, 2 Oct 2022 04:55:46 +0000 (12:55 +0800)]
dnsproxy: Update to 0.45.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b5ec852c54efe2ef69320101b37f0981c52063bd)

2 years agodnsproxy: Update to 0.45.0
Tianling Shen [Fri, 23 Sep 2022 06:56:50 +0000 (14:56 +0800)]
dnsproxy: Update to 0.45.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5b72dce338e197e0e3998d8a9d49f52248178a99)

2 years agoMerge pull request #19544 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Fri, 7 Oct 2022 21:27:43 +0000 (14:27 -0700)]
Merge pull request #19544 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: update to 2022-08-12-1

2 years agopython3-pytz: bump to version 2022.4 19553/head
Alexandru Ardelean [Fri, 7 Oct 2022 07:34:15 +0000 (10:34 +0300)]
python3-pytz: bump to version 2022.4

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2 years agobind: bump to 9.18.7
Noah Meyerhans [Wed, 21 Sep 2022 18:57:50 +0000 (11:57 -0700)]
bind: bump to 9.18.7

Fixes multiple security issues:

CVE-2022-38178 - Fix memory leak in EdDSA verify processing

CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query

CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected

CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer

CVE-2022-2795 - Prevent excessive resource use while processing large
delegations

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 58bcd3fad37eaf56d4dbeecc0c73abe464e7e987)

2 years agohttps-dns-proxy: update to 2022-08-12-1 19544/head
Stan Grishin [Fri, 7 Oct 2022 06:26:21 +0000 (06:26 +0000)]
https-dns-proxy: update to 2022-08-12-1

* update to upstream version 2022-08-12
* add ca_certs_file option for CA certs file for curl
* add procd_add_interface_trigger for wan6 (hopefully fixes
  https://github.com/openwrt/packages/issues/19531)

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 796a3dda800b0d17df06d87995148b934be15e5d)

2 years agolibgd: avoid recursive and redundant dependencies
Eneas U de Queiroz [Wed, 14 Sep 2022 21:32:47 +0000 (18:32 -0300)]
libgd: avoid recursive and redundant dependencies

Change the CONFLICTS line from the libgd-full to libgd to fix a
recursive dependency.

While at it, remove the redundant +LIBGD_TIFF:libtiff
+LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 085eb34fbf7c7aaa20da35ebe2f493601c5f19b2)

2 years agotor: update to 0.4.7.10
Nick Hainke [Sat, 24 Sep 2022 15:59:40 +0000 (17:59 +0200)]
tor: update to 0.4.7.10

Release Notes:
https://forum.torproject.net/t/urgent-stable-release-0-4-5-14-0-4-6-12-and-0-4-7-10

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit b9cf0cdce6ee56778a0b7ecd3d5ed520b3e2dbac)
[fix commit title]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agoexpat: update to 2.4.9
Nick Hainke [Fri, 30 Sep 2022 10:03:05 +0000 (12:03 +0200)]
expat: update to 2.4.9

Fixes CVE-2022-40674.

Release Notes:
- https://github.com/libexpat/libexpat/blob/R_2_4_8/expat/Changes
- https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit a8774f84e9c18fb0ff1ab3f831a5fe8fcab377e0)

2 years agolighttpd: remove deprecated modules
Glenn Strauss [Sat, 1 Oct 2022 07:58:16 +0000 (03:58 -0400)]
lighttpd: remove deprecated modules

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 9d7e18fb257914d0c03e0b5e9e4afef49073d375)

2 years agonode: bump to v16.17.1
Hirokazu MORIKAWA [Wed, 5 Oct 2022 02:27:26 +0000 (11:27 +0900)]
node: bump to v16.17.1

The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
    * Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
    * Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
    * Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.

llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 658621bf5eec076f6f1a7d12b29105fba279a379)

2 years agoMerge pull request #19521 from ynezz/ynezz/openwrt-22.03-wolfssl-CVE-2022-39173
Petr Štetiar [Wed, 5 Oct 2022 19:30:52 +0000 (21:30 +0200)]
Merge pull request #19521 from ynezz/ynezz/openwrt-22.03-wolfssl-CVE-2022-39173

[22.03] treewide: fix security issues by bumping all packages using libwolfssl

2 years agoMerge pull request #19528 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Wed, 5 Oct 2022 06:41:12 +0000 (23:41 -0700)]
Merge pull request #19528 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: add settings for canary domains

2 years agohttps-dns-proxy: add settings for canary domains 19528/head
Stan Grishin [Tue, 4 Oct 2022 22:07:52 +0000 (22:07 +0000)]
https-dns-proxy: add settings for canary domains

* add setting to enable/disable blocking access to iCloud Private Relay resolvers
* add setting to enable/disable blocking access to Mozilla resolvers
* rename variables loaded from config in the init script

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 4ff71d8e4cd7cd4b3f4cc0d4d832ead512edef08)

2 years agoMerge pull request #19526 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Tue, 4 Oct 2022 22:06:15 +0000 (15:06 -0700)]
Merge pull request #19526 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: bugfix: prevent canary domains duplicates

2 years agohttps-dns-proxy: bugfix: prevent canary domains duplicates 19526/head
Stan Grishin [Tue, 4 Oct 2022 21:25:42 +0000 (21:25 +0000)]
https-dns-proxy: bugfix: prevent canary domains duplicates

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit f99ada410fa799b419ca7819ed2bbcf779ec3d12)

2 years agoMerge pull request #19516 from mhei/22.03-php8-update-8.1.11
Michael Heimpold [Tue, 4 Oct 2022 15:35:04 +0000 (17:35 +0200)]
Merge pull request #19516 from mhei/22.03-php8-update-8.1.11

[22.03] php8: update to 8.1.11

2 years agotreewide: fix security issues by bumping all packages using libwolfssl 19521/head
Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl

As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.

Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)

2 years agoRevert "treewide: fix security issues by bumping all packages using libwolfssl"
Petr Štetiar [Tue, 4 Oct 2022 08:13:08 +0000 (10:13 +0200)]
Revert "treewide: fix security issues by bumping all packages using libwolfssl"

This reverts commit 0ddec62e6911b7f97016062ee18f6558f455debc as it was
backport too soon, we need to first wait for fixed libwolfssl being
available.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 years agotreewide: fix security issues by bumping all packages using libwolfssl
Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl

As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.

Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)

2 years agoopenvpn: explicitly disable engine parameter for openssl variant
Ivan Pavlov [Thu, 25 Aug 2022 19:39:47 +0000 (22:39 +0300)]
openvpn: explicitly disable engine parameter for openssl variant

Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default
is to disable engine support as engine support is deprecated. For ath79 architecture
build with autodetection engine support fails, so explicitly set off for now.

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 62e909e845e25ea87d671358cc8f4724326c7eaf)

2 years agoopenvpn: update to 2.5.7
Ivan Pavlov [Mon, 6 Jun 2022 05:57:31 +0000 (08:57 +0300)]
openvpn: update to 2.5.7

Added limited support for OpenSSL 3.0
Fixed some bugs

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 45b751dd850b20e791851d116f2f927c3fbe79eb)

2 years agoopenvpn: update to 2.5.6
Ivan Pavlov [Fri, 18 Mar 2022 05:43:53 +0000 (08:43 +0300)]
openvpn: update to 2.5.6

Maintainer: me / @mkrkn

Compile tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
Run tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500

bugfix release including one security fix ("Disallow multiple deferred authentication plug-ins.", CVE: 2022-0547)

several build fixes, refer to https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 172795b8584c43327d320b591ab64647e4b821d4)

2 years agortty: update to 8.0.1
Jianhui Zhao [Sun, 22 May 2022 14:01:18 +0000 (22:01 +0800)]
rtty: update to 8.0.1

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit 0ea357c164d4d265d750459de2ad6a63149fe89e)

2 years agophp8: update to 8.1.11 19516/head
Michael Heimpold [Mon, 3 Oct 2022 09:08:08 +0000 (11:08 +0200)]
php8: update to 8.1.11

This fixes:
    - CVE-2022-31628
    - CVE-2022-31629

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit e0db68ef0af282679f3450e34d6d7c2a817b9af2)

2 years agoMerge pull request #19502 from stangri/openwrt-22.03-simple-adblock
Stan Grishin [Tue, 4 Oct 2022 03:59:56 +0000 (20:59 -0700)]
Merge pull request #19502 from stangri/openwrt-22.03-simple-adblock

[22.03] simple-adblock: allow domains bugfix & canary domains support

2 years agonextdns: initialize nextdns from /etc/uci-defaults
Marc Benoit [Mon, 5 Sep 2022 18:52:07 +0000 (14:52 -0400)]
nextdns: initialize nextdns from /etc/uci-defaults

Signed-off-by: Marc Benoit <marcb62185@gmail.com>
(cherry picked from commit e54247a6fa9c03f286d38460c425d6dbd622b657)

2 years agodnslookup: Update to 1.8.0
Tianling Shen [Fri, 23 Sep 2022 06:58:22 +0000 (14:58 +0800)]
dnslookup: Update to 1.8.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 671e794db130b1819f041346e8f19ad752f6aa08)

2 years agosimple-adblock: allow domains bugfix & canary domains support 19502/head
Stan Grishin [Sat, 1 Oct 2022 23:11:28 +0000 (23:11 +0000)]
simple-adblock: allow domains bugfix & canary domains support

* fix bug in download_lists and adb_allow to prevent unintended exclisions from
  the block-lists of domains containing allowed domain. Fixes issue:
  https://github.com/stangri/source.openwrt.melmac.net/issues/160
* add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains,
  disabled by default

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 9156ef6507f8c3fe6785234dff223bad5b59a78e)

2 years agoMerge pull request #19490 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Sat, 1 Oct 2022 23:01:43 +0000 (16:01 -0700)]
Merge pull request #19490 from stangri/openwrt-22.03-https-dns-proxy

[22.03] https-dns-proxy: uci wrappers & iCloud canary domains

2 years agoMerge pull request #19469 from stangri/openwrt-22.03-simple-adblock
Stan Grishin [Sat, 1 Oct 2022 23:01:22 +0000 (16:01 -0700)]
Merge pull request #19469 from stangri/openwrt-22.03-simple-adblock

[22.03] simple-adblock: update to 1.9.1-1

2 years agohttps-dns-proxy: uci wrappers & iCloud canary domains 19490/head
Stan Grishin [Thu, 29 Sep 2022 23:58:53 +0000 (23:58 +0000)]
https-dns-proxy: uci wrappers & iCloud canary domains

* switch to using uci wrappers instead of direct uci calls
* add support for iCloud canary domains
  https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 749b03ffbffbdf208bd589db6526c939d404ba79)

2 years agobandwidthd: fix format warnings
Rosen Penev [Sun, 18 Sep 2022 00:26:50 +0000 (17:26 -0700)]
bandwidthd: fix format warnings

Should fix crashing errors under musl 1.2

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e62158b6f8ab3ea2b6869474a36845dc69fbbe02)

2 years agounbound: update to version 1.16.3
Josef Schlehofer [Sun, 25 Sep 2022 10:00:55 +0000 (12:00 +0200)]
unbound: update to version 1.16.3

Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3
- Fixes: CVE-2022-3204

Refreshed one patch

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 027533f9a23bbedd0b7c988405a9b5fd433da502)

2 years agosimple-adblock: update to 1.9.1-1 19469/head
Stan Grishin [Fri, 23 Sep 2022 20:44:12 +0000 (20:44 +0000)]
simple-adblock: update to 1.9.1-1

* remove obsolete block-lists from config
* add removal of obsolete lists to config-update
* add AdGuard team's block-list to config
* improve allow command
* improve nftset support
* move config load to uci_load_validate, which required some code refactoring which
  looks dramatic, but isn't
* always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options
  for dnsmasq

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit f8c5fd93e7e055e2425729e812fe0d1e4aab8032)

2 years agoMerge pull request #19466 from stangri/openwrt-22.03-curl
Stan Grishin [Mon, 26 Sep 2022 20:34:50 +0000 (13:34 -0700)]
Merge pull request #19466 from stangri/openwrt-22.03-curl

[22.03] curl: bugfix: github source url

2 years agocurl: bugfix: github source url 19466/head
Stan Grishin [Mon, 26 Sep 2022 08:31:56 +0000 (08:31 +0000)]
curl: bugfix: github source url

* fixes https://github.com/openwrt/packages/issues/19456

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit c812153f8d4f73b3f82cb19e3b98c84ca680eecb)

2 years agopdns-recursor: update to 4.7.3
Peter van Dijk [Wed, 21 Sep 2022 10:31:25 +0000 (12:31 +0200)]
pdns-recursor: update to 4.7.3

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit 8e234be1e753184f1529af785af96b962e84c40b)

2 years agolibs/cjson: bump to 1.7.15
Karl Palsson [Fri, 23 Sep 2022 12:01:25 +0000 (12:01 +0000)]
libs/cjson: bump to 1.7.15

This is a bugfix release.
Full release notes available at: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.15

Signed-off-by: Karl Palsson <karlp@etactica.com>
2 years agopagekite: add patchs for 64bit time
Karl Palsson [Mon, 19 Sep 2022 14:15:27 +0000 (14:15 +0000)]
pagekite: add patchs for 64bit time

Source: https://github.com/pagekite/libpagekite/pull/78

Signed-off-by: Karl Palsson <karlp@etactica.com>
2 years agomosquitto: bump to 2.0.15
Karl Palsson [Mon, 19 Sep 2022 11:45:13 +0000 (11:45 +0000)]
mosquitto: bump to 2.0.15

Changelog: https://mosquitto.org/blog/2022/08/version-2-0-15-released/
Changelog: https://mosquitto.org/blog/2021/11/version-2-0-14-released/

2.0.15 is bigger security and bugfix release.  2.0.14 had a couple of
  minor changes and was skipped for OpenWrt.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2 years agomosquitto: add missing 'persistence' section in config
Ptilopsis Leucotis [Sun, 15 May 2022 04:02:40 +0000 (07:02 +0300)]
mosquitto: add missing 'persistence' section in config

Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.

Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
2 years agopoemgr: update to latest HEAD
David Bauer [Fri, 23 Sep 2022 11:15:37 +0000 (13:15 +0200)]
poemgr: update to latest HEAD

8988247 Makefile: Enable warnings as errors (-Werror)
aea39ca Makefile: Respect the CFLAGS and LDFLAGS that have been passed in
189594f poemgr: Fix compiler warnings in poemgr.c
0e1a8cf pd69104: Avoid self-induced pointer casts
2d53298 uswflex: Remove unused variables and declarations
d345441 poemgr: Reorganize poemgr.h to remove forward declarations
df1a7bc contrib: remove unneccessary functions.sh loading
056a6a9 poemgr: Fix name based profile selection
b8f8f23 poemgr: prolong the power budget detection delay
9e8344a poemgr: configure power_budget to override detected limit

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 255c4e6c80ae1f5c00e443eb0b77438ecf78c54c)

2 years agopoemgr: fix conffiles path
Stijn Tintel [Thu, 24 Mar 2022 14:52:30 +0000 (16:52 +0200)]
poemgr: fix conffiles path

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 33927a51c896e459aff4f7f9658da64f7768489a)

2 years agoadblock: update 4.1.4-5
Dirk Brenken [Sun, 25 Sep 2022 19:00:00 +0000 (21:00 +0200)]
adblock: update 4.1.4-5

* auto-whitelist ext. dns lookup domain
* add public doh server blocklist source
* whitespace fixes in adblock.sources

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5603ed923747f7f361be4bf69387317f35f7f548)

2 years agoadblock: add lightswitch05 blocklist source
James McGuire [Sat, 24 Sep 2022 21:49:21 +0000 (14:49 -0700)]
adblock: add lightswitch05 blocklist source

Signed-off-by: James McGuire <jamesm51@gmail.com>
(cherry picked from commit b971cdc79b812334f71d0095a938bbc4a784a38f)

2 years agohping3: add new package
Alexander E. Patrakov [Sun, 4 Sep 2022 16:38:58 +0000 (00:38 +0800)]
hping3: add new package

The new package would help measuring one-way delays using ICMP type 13
packets. This is important for various scripts that automatically adjust
CAKE shaper bandwidth based on the observed bufferbloat. They need to
understand whether the delay is on the way up or on the way down, so
that they can adjust the bandwidth of the proper part of the shaper.

https://forum.openwrt.org/t/cake-w-adaptive-bandwidth-historic/108848
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth/135379

V2: refreshed patches

Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
(cherry picked from commit 688a5413d087a4f8f70d523b189875831d6e39c4)

2 years agoMerge pull request #19438 from mhei/22.03-squid-libxml2-backport
Michael Heimpold [Sun, 25 Sep 2022 08:22:17 +0000 (10:22 +0200)]
Merge pull request #19438 from mhei/22.03-squid-libxml2-backport

[22.03] squid: fix compilation with libxml (fixes #19099)

2 years agosnowflake: run snowflake-proxy with procd-ujail
Daniel Golle [Sun, 25 Sep 2022 00:28:43 +0000 (01:28 +0100)]
snowflake: run snowflake-proxy with procd-ujail

snowflake-proxy doesn't write any files
 => run in read-only rootfs environment

the process needs to read SSL certs but no other files
 => only exposed path is /etc/ssl/certificates (read-only)

running as unpriviledged user with no additional capabilities
 => set no-new-privs bit

By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0f3d48a3784fb495ffdfe4a83f540ad42fab89df)
Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agosnowflake: add package
Daniel Golle [Sat, 24 Sep 2022 02:03:22 +0000 (03:03 +0100)]
snowflake: add package

Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit cf120a7effd5d13a7f705b5eb9d22410b73d71f3)
Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agosquid: fix compilation with libxml (fixes #19099) 19438/head
Michael Heimpold [Thu, 25 Aug 2022 06:20:45 +0000 (08:20 +0200)]
squid: fix compilation with libxml (fixes #19099)

Add a patch which removes a call in Libxml2Parser.cc to 'xmlSetFeature'.
This function belongs to the 'depreciated' API part and is not
available in OpenWrt builds.

According to my understanding, this call can be removed safely since
it disables the feature "substitute entities" which is disabled by default.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 3ec47dc85cc4b191be1b2fee3195680343f770e1)

2 years agogatling: add package gatling
Martin Hübner [Tue, 2 Aug 2022 12:42:06 +0000 (14:42 +0200)]
gatling: add package gatling

Gatling is a high-performance webserver from fefe. It gives a
fairly decent feature-set at really small size. And its fast.

Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
(cherry picked from commit 83ff83e32055dc50b01fffe7bae9ea113655756b)

2 years agogg: Update to 0.2.11
Tianling Shen [Mon, 19 Sep 2022 02:42:57 +0000 (10:42 +0800)]
gg: Update to 0.2.11

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 2a0ee392aea2a2cc1434c64c0af60be427e2786c)

2 years agoyq: Update to 4.27.5
Tianling Shen [Mon, 19 Sep 2022 02:33:32 +0000 (10:33 +0800)]
yq: Update to 4.27.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fca4f1b8301917cb4eb64d0f5e9bfb4836d3d8e8)

2 years agoxray-core: Update to 1.6.0
Tianling Shen [Mon, 19 Sep 2022 02:45:48 +0000 (10:45 +0800)]
xray-core: Update to 1.6.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a0126b15c58f7527ed21dbcb659d51072ad1f5fc)
[Update geodata to latest version, based on f8c25627ebe1d9]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 years agolighttpd: update to lighttpd 1.4.67 release hash
Glenn Strauss [Sun, 18 Sep 2022 07:02:40 +0000 (03:02 -0400)]
lighttpd: update to lighttpd 1.4.67 release hash

* update to lighttpd 1.4.67 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit f750089d26422557280ddfda1788f2491d15f701)

2 years agotang: update directory
Rosen Penev [Thu, 22 Sep 2022 23:04:25 +0000 (16:04 -0700)]
tang: update directory

There's no more cache.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b847cfb93f89114d7a714b57af67198abadf9fa4)

2 years agoRevert "jose: remove libjose"
Rosen Penev [Thu, 22 Sep 2022 23:02:24 +0000 (16:02 -0700)]
Revert "jose: remove libjose"

This reverts commit 02d6c8346cfae7c2de456800a862a7dd90782858.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 09781a8a65fa6624db55867f6918e9b4c03d7a32)

2 years agoRevert "jose: fix static library usage"
Rosen Penev [Thu, 22 Sep 2022 23:02:05 +0000 (16:02 -0700)]
Revert "jose: fix static library usage"

This reverts commit c61b70918b6c10f6fd726b098474736a7e0ae9cd.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f5d3b820c529de94f2a55e078e8f5f2ff87755e9)

2 years agoknot-resolver: update to 5.5.3
Michal Vasilek [Thu, 22 Sep 2022 17:47:41 +0000 (19:47 +0200)]
knot-resolver: update to 5.5.3

* fixes CVE-2022-40188

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 5d2fd886930a95d14df02ca8fbaf6f3814df3c01)

2 years agolibtorrent-rasterbar: Update to 2.0.7
Tianling Shen [Sat, 3 Sep 2022 09:34:58 +0000 (17:34 +0800)]
libtorrent-rasterbar: Update to 2.0.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c741bf64cdac2ac1059c0e545e1afd842820c8c1)

2 years agoMerge pull request #19418 from mhei/22.03-libxml2-update-2.10.2
Michael Heimpold [Wed, 21 Sep 2022 15:25:12 +0000 (17:25 +0200)]
Merge pull request #19418 from mhei/22.03-libxml2-update-2.10.2

[22.03] libxml2: update to 2.10.2

2 years agoMerge pull request #19381 from stangri/openwrt-22.03-curl
Stan Grishin [Tue, 20 Sep 2022 22:04:44 +0000 (15:04 -0700)]
Merge pull request #19381 from stangri/openwrt-22.03-curl

[22.03] curl: update to 7.85.0

2 years agoMerge pull request #19415 from G-M0N3Y-2503/docker-update-22.03
Hannu Nyman [Tue, 20 Sep 2022 19:27:30 +0000 (22:27 +0300)]
Merge pull request #19415 from G-M0N3Y-2503/docker-update-22.03

[22.03] Docker: Update to v20.10.18

2 years agodockerd: Update to v20.10.18 19415/head
Gerard Ryan [Tue, 20 Sep 2022 10:45:06 +0000 (20:45 +1000)]
dockerd: Update to v20.10.18

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agodocker: Update to v20.10.18
Gerard Ryan [Tue, 20 Sep 2022 10:44:44 +0000 (20:44 +1000)]
docker: Update to v20.10.18

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agolibnetwork: Update to 0dde5c8 for Docker v20.10.18
Gerard Ryan [Tue, 20 Sep 2022 10:41:21 +0000 (20:41 +1000)]
libnetwork: Update to 0dde5c8 for Docker v20.10.18

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agocontainerd: Update to v1.6.8 for Docker v20.10.18
Gerard Ryan [Tue, 20 Sep 2022 10:38:17 +0000 (20:38 +1000)]
containerd: Update to v1.6.8 for Docker v20.10.18

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agorunc: Update to v1.1.4 for Docker v20.10.18
Gerard Ryan [Tue, 20 Sep 2022 10:37:08 +0000 (20:37 +1000)]
runc: Update to v1.1.4 for Docker v20.10.18

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agolibxml2: update to 2.10.2 19418/head
Michael Heimpold [Mon, 29 Aug 2022 21:26:20 +0000 (23:26 +0200)]
libxml2: update to 2.10.2

This fixes:
- CVE-2022-2309

Release Notes:
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.0
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.1
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.2

Also drop removed docbook compile switch.
Disable PKG_FIXUP to allow backporting.

Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit dc21121cf9c1c51649f0ffdaffd26326e53b4f45)

2 years agoMerge pull request #19412 from mhei/22.03-php-8.1.10
Michael Heimpold [Tue, 20 Sep 2022 05:51:48 +0000 (07:51 +0200)]
Merge pull request #19412 from mhei/22.03-php-8.1.10

[22.03] php8: update to 8.1.10

2 years agophp8: update to 8.1.10 19412/head
Michael Heimpold [Tue, 6 Sep 2022 19:47:30 +0000 (21:47 +0200)]
php8: update to 8.1.10

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 026a672ad10898705f57f421ad09cf083bdfec13)

2 years agojose: fix static library usage
Rosen Penev [Sat, 17 Sep 2022 22:22:53 +0000 (15:22 -0700)]
jose: fix static library usage

When libjose is built statically, it must use --whole-archive as it uses
GCC's constructor attribute to initialize itself.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c61b70918b6c10f6fd726b098474736a7e0ae9cd)

2 years agoadblock: update 4.1.4-3
Dirk Brenken [Sun, 18 Sep 2022 07:09:07 +0000 (09:09 +0200)]
adblock: update 4.1.4-3

* unbound: fix domain search regression

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit e80d0236e3219ba95febdf4854b2c122e0150dd2)

2 years agouacme: add libev dependency to uacme-ualpn
Eneas U de Queiroz [Tue, 5 Apr 2022 14:50:46 +0000 (11:50 -0300)]
uacme: add libev dependency to uacme-ualpn

The dependency has a PACKAGE_uacme-ualpn condition so that libev won't
be unnecessarily built if uacme-ualpn is not selected.

Remove PKG_USE_MIPS16:=0, as it is not necessary when not using the
libev that is bundled with uacme.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1642b68d4583c45e87b9628a38ae039e23617e0d)

2 years agonextdns: Update to version 1.37.11
Olivier Poitrey [Sat, 2 Apr 2022 20:59:21 +0000 (20:59 +0000)]
nextdns: Update to version 1.37.11

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
(cherry picked from commit b665a6d6836a4a1dbbb6a6e4289e73b2d8363973)

2 years agopython-flask-socketio: update to 5.3.1
Michal Vasilek [Fri, 16 Sep 2022 10:48:19 +0000 (12:48 +0200)]
python-flask-socketio: update to 5.3.1

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7fd9d010a29173705241e2ade2172a28429234ca)

2 years agocurl: update to 7.85.0 19381/head
Stan Grishin [Thu, 15 Sep 2022 20:51:07 +0000 (20:51 +0000)]
curl: update to 7.85.0

* https://curl.se/changes.html#7_85_0
* add GitHub to PKG_SOURCE_URL

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 03a32717bc15d8dd0c99e200dd64ae0bbd558c35)

2 years ago adblock: update 4.1.4-2
Dirk Brenken [Sun, 11 Sep 2022 10:45:51 +0000 (12:45 +0200)]
 adblock: update 4.1.4-2

* some more cleanups, forgotten with the last update
* optimized unbound syntax ('always_nxdomain' & 'always_transparent')
* optimized oisd download sources (use wilcard variants which are much smaller)
* removed superfluous version information/function

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 54f493ed9d283620d8bbf468df5c024eed383dbb)

2 years ago adblock: update 4.1.4
Dirk Brenken [Sat, 10 Sep 2022 16:42:14 +0000 (18:42 +0200)]
 adblock: update 4.1.4

* dnsmasq upstream has changed the code for domain handling
  and recommends the 'local' syntax for large blocklists
* remove pipefail command, see #19043 for reference
* removed the unused 'adb_dnsinotify' parameter
* removed the 'adb_maxqueue' parameter,
  the queue size will be automatically set by the number of cpu cores
* various cleanups, mostly shellcheck related

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 254b3d9380425841347ac4988defa6f035c8ca8a)

2 years agoyt-dlp: update to 2022.9.1
Michal Vasilek [Wed, 7 Sep 2022 12:52:32 +0000 (14:52 +0200)]
yt-dlp: update to 2022.9.1

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit b1031b07a220b919beaebe80484cb63182ee6094)

2 years agoknot: update to version 3.2.1
Jan Hák [Tue, 13 Sep 2022 12:46:11 +0000 (14:46 +0200)]
knot: update to version 3.2.1

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 023df0992a8b3fff97eb9dd8c36708114ac0f1a7)

2 years agopython3: backport and fix target musl libc detection
Šimon Bořek [Mon, 27 Jun 2022 12:49:05 +0000 (14:49 +0200)]
python3: backport and fix target musl libc detection

Patch 030:
Backported from Python main branch[^1] for Python to distinguish between glibc and musl libc SOABI.

Patch 131:
Changes PLATFORM_TRIPLET -gnu/-musl suffix detection (performed by the backported patch)
to be based on the target OS instead of the building OS.

See included patches for more detailed descriptions.

Specifically this fixes cross-compilation for mpc8548 CPUs with SPE instructions[^2] enabled.

[^1]: merged to python:main as https://github.com/python/cpython/pull/24502 'bpo-43112: detect musl as a separate SOABI'
[^2]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf

Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit 992fcd1bd8770bb44a56bc4173ac3befe0fa16ef)

2 years agoMerge pull request #19350 from stangri/openwrt-22.03-aria2 19363/head
Stan Grishin [Tue, 13 Sep 2022 00:56:34 +0000 (03:56 +0300)]
Merge pull request #19350 from stangri/openwrt-22.03-aria2

[22.03] aria2: Fix aria2.init start issue

2 years agoaria2: Fix aria2.init start issue 19350/head
Naraku J [Fri, 8 Apr 2022 08:10:55 +0000 (10:10 +0200)]
aria2: Fix aria2.init start issue
Re-mount '$config_file' inside the '$config_dir' will cause aria2 process unable to start.

Signed-off-by: Naraku J <74468372+Narakuku@users.noreply.github.com>
(cherry picked from commit 3eba8468e1e93e5f66df20aa3f8ebe5d3f1cffea)

2 years agoksmbd-tools: add package with hotplug.d script for auto sharing
Rafał Miłecki [Wed, 10 Aug 2022 12:23:44 +0000 (14:23 +0200)]
ksmbd-tools: add package with hotplug.d script for auto sharing

One of common use cases for SMB3 server in routers is sharing hotplugged
drives. Users make many attempts setting that up which often are not
optimal.

This script handles it in the cleanest way by using:
1. hotplug.d mount subsystem
2. runtime config in the /var/run/config/

It provides a working basic solution that can be later adjusted by
modifying provided hotplug script.

A pretty much idential solution was part of the samba36 package. It was
added in the OpenWrt commit ef1efa756e0d0 ("samba36: add package with
hotplug.d script for auto sharing") as an answer for feature required by
the Rosinson company.

Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d0406d4c956e92f979802640832180eedd1a6efe)

2 years agoksmbd-tools: append config from /var/run/config/ for runtime shares
Rafał Miłecki [Wed, 10 Aug 2022 12:23:40 +0000 (14:23 +0200)]
ksmbd-tools: append config from /var/run/config/ for runtime shares

Dynamically created shares shouldn't be stored in the /etc/config/
because of:
1. Flash wearing
2. Risk of inconsistent state on reboots

With this change all automation/hotplug.d scripts can store runtime in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.

Also: automated scripts should never call "uci [foo] commit" as that
could flush incomplete config. This problem also gets solved.

Identical feature was added to samba36 in the OpenWrt commit
5a59e2c059866 ("samba36: append config from /var/run/config/ for runtime
shares") but wasn't ported to ksmbd until now.

Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c9cba619898d7bf87fc8277e57b473923d912c32)