Merge branch 'openwrt:master' into master

2023-10-04 14:50:32 +05:30 · 2023-10-04 14:50:32 +05:30 · b18eb1d9dc
commit b18eb1d9dc
parent abfb9d4637 2227198d74
55 changed files with 2361 additions and 271 deletions
--- a/lang/lua-eco/Makefile
+++ b/lang/lua-eco/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=lua-eco
-PKG_VERSION:=2.5.1
+PKG_VERSION:=3.0.0
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION)
-PKG_HASH:=436c09dd7dbc88ab651ae7696f2102b5635628ab420cc550bc237ecb04cade5d
+PKG_HASH:=530b179af2283b7a1983643794f3b6de936317fe3c23a9dca4f7828dec6f7e46
 PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
 PKG_LICENSE:=MIT
@ -26,7 +26,7 @@ define Package/lua-eco
  CATEGORY:=Languages
  SUBMENU:=Lua
  URL:=https://github.com/zhaojh329/lua-eco
-  DEPENDS:=+libev +liblua +luabitop
+  DEPENDS:=+libev +liblua5.3
 endef
 define Package/lua-eco/description
@ -45,22 +45,19 @@ define Package/lua-eco/Module
 endef
 Package/lua-eco-log=$(call Package/lua-eco/Module,log utils)
 Package/lua-eco-sys=$(call Package/lua-eco/Module,system utils)
 Package/lua-eco-file=$(call Package/lua-eco/Module,file utils)
 Package/lua-eco-base64=$(call Package/lua-eco/Module,base64)
 Package/lua-eco-sha1=$(call Package/lua-eco/Module,sha1)
 Package/lua-eco-md5=$(call Package/lua-eco/Module,md5)
-Package/lua-eco-socket=$(call Package/lua-eco/Module,socket,+lua-eco-file +lua-eco-sys)
+Package/lua-eco-socket=$(call Package/lua-eco/Module,socket)
 Package/lua-eco-dns=$(call Package/lua-eco/Module,dns,+lua-eco-socket)
 Package/lua-eco-ssl=$(call Package/lua-eco/Module,ssl,\
  +LUA_ECO_OPENSSL:libopenssl +LUA_ECO_WOLFSSL:libwolfssl \
  +LUA_ECO_MBEDTLS:libmbedtls +LUA_ECO_MBEDTLS:zlib +lua-eco-socket)
 Package/lua-eco-ubus=$(call Package/lua-eco/Module,ubus,+libubus)
-Package/lua-eco-http=$(call Package/lua-eco/Module,http/https,+lua-eco-dns +lua-eco-ssl +lua-eco-log)
+Package/lua-eco-http=$(call Package/lua-eco/Module,http/https,+lua-eco-dns +lua-eco-ssl +lua-eco-base64 +lua-eco-log)
-Package/lua-eco-mqtt=$(call Package/lua-eco/Module,mqtt,+lua-eco-socket +lua-eco-dns +lua-mosquitto)
+Package/lua-eco-mqtt=$(call Package/lua-eco/Module,mqtt,+lua-eco-socket +lua-eco-dns +libmosquitto-ssl)
 Package/lua-eco-websocket=$(call Package/lua-eco/Module,websocket,+lua-eco-http +lua-eco-base64 +lua-eco-sha1)
 Package/lua-eco-termios=$(call Package/lua-eco/Module,termios)
 Package/lua-eco-struct=$(call Package/lua-eco/Module,struct pack)
 Package/lua-eco-netlink=$(call Package/lua-eco/Module,netlink,+lua-eco-socket)
 Package/lua-eco-ip=$(call Package/lua-eco/Module,ip utils,+lua-eco-netlink)
 Package/lua-eco-nl80211=$(call Package/lua-eco/Module,nl80211,+lua-eco-netlink)
@ -82,7 +79,6 @@ define Package/lua-eco-ssl/config
 endef
 CMAKE_OPTIONS += \
  -DPLATFORM="openwrt" \
  -DECO_UBUS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ubus),N,FF) \
  -DECO_SSL_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ssl),N,FF)
@ -97,116 +93,97 @@ ifneq ($(CONFIG_PACKAGE_lua-eco-ssl),)
 endif
 define Package/lua-eco/install
-	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/lib/lua/eco/core $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/local/lib/lua/5.3/eco/core $(1)/usr/local/lib/lua/5.3/eco/encoding
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/eco $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/eco $(1)/usr/bin
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/hex.lua $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/hex.lua $(1)/usr/local/lib/lua/5.3/eco/encoding
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/{time,bufio}.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/{time,bufio,sys,file}.so $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{time,bufio,bit,sync}.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/{time,bufio,sys,file,sync}.lua $(1)/usr/local/lib/lua/5.3/eco
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/binary.so $(1)/usr/lib/lua/eco
 endef
 define Package/lua-eco-log/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/log.so $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/log.so $(1)/usr/local/lib/lua/5.3/eco
 endef
 define Package/lua-eco-sys/install
 	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/sys.lua $(1)/usr/lib/lua/eco
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/sys.so $(1)/usr/lib/lua/eco/core
 endef
 define Package/lua-eco-file/install
 	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/file.lua $(1)/usr/lib/lua/eco
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/file.so $(1)/usr/lib/lua/eco/core
 endef
 define Package/lua-eco-base64/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/encoding
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/base64.so $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/base64.so $(1)/usr/local/lib/lua/5.3/eco/encoding
 endef
 define Package/lua-eco-sha1/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/crypto
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/hash
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/crypto/sha1.so $(1)/usr/lib/lua/eco/crypto
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/sha1.so $(1)/usr/local/lib/lua/5.3/eco/hash
 endef
 define Package/lua-eco-md5/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/crypto
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/hash
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/crypto/md5.so $(1)/usr/lib/lua/eco/crypto
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/md5.so $(1)/usr/local/lib/lua/5.3/eco/hash
 endef
 define Package/lua-eco-socket/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/socket.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/socket.lua $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/socket.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/socket.so $(1)/usr/local/lib/lua/5.3/eco/core
 endef
 define Package/lua-eco-dns/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/dns.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/dns.lua $(1)/usr/local/lib/lua/5.3/eco
 endef
 define Package/lua-eco-ssl/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ssl.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/ssl.lua $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ssl.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ssl.so $(1)/usr/local/lib/lua/5.3/eco/core
 endef
 define Package/lua-eco-ubus/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ubus.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/ubus.lua $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ubus.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ubus.so $(1)/usr/local/lib/lua/5.3/eco/core
 endef
 define Package/lua-eco-http/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/http
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{url,http}.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/http/*.lua $(1)/usr/local/lib/lua/5.3/eco/http
 endef
 define Package/lua-eco-mqtt/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/mqtt.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/mqtt.lua $(1)/usr/local/lib/lua/5.3/eco
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/mqtt.so $(1)/usr/local/lib/lua/5.3/eco/core
 endef
 define Package/lua-eco-websocket/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/websocket.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/websocket.lua $(1)/usr/local/lib/lua/5.3/eco
 endef
 define Package/lua-eco-termios/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/termios.so $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/termios.so $(1)/usr/local/lib/lua/5.3/eco
 endef
 define Package/lua-eco-struct/install
 	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/struct.so $(1)/usr/lib/lua/eco
 endef
 define Package/lua-eco-netlink/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{nl,genl}.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/{nl,genl}.lua $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/{nl,genl}.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/{nl,genl}.so $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/rtnl.so $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/rtnl.so $(1)/usr/local/lib/lua/5.3/eco
 endef
 define Package/lua-eco-ip/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ip.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/ip.lua $(1)/usr/local/lib/lua/5.3/eco
 endef
 define Package/lua-eco-nl80211/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DIR) $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/nl80211.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/nl80211.lua $(1)/usr/local/lib/lua/5.3/eco
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/nl80211.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/nl80211.so $(1)/usr/local/lib/lua/5.3/eco/core
 endef
 $(eval $(call BuildPackage,lua-eco))
 $(eval $(call BuildPackage,lua-eco-log))
 $(eval $(call BuildPackage,lua-eco-sys))
 $(eval $(call BuildPackage,lua-eco-file))
 $(eval $(call BuildPackage,lua-eco-base64))
 $(eval $(call BuildPackage,lua-eco-sha1))
 $(eval $(call BuildPackage,lua-eco-md5))
--- a/lang/lua-openssl/Makefile
+++ b/lang/lua-openssl/Makefile
@ -12,8 +12,8 @@ PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/zhaozg/lua-openssl.git
-PKG_SOURCE_VERSION:=0.8.2-1
+PKG_SOURCE_VERSION:=0.8.5-1
-PKG_MIRROR_HASH:=3a7c8fcd76389970671bc8d07fe7a06225e537850b1ad209dda436fb3b5ea0cb
+PKG_MIRROR_HASH:=d2875aa9b87a80c71d57e2b29c8e882b41aa81f995043e0fbae9a642250ab1c7
 PKG_MAINTAINER:=Amnon Paz <pazamnon@gmail.com>
 PKG_LICENSE:=MIT
--- a/lang/lua-openssl/patches/010-no-luajit.patch
+++ b/lang/lua-openssl/patches/010-no-luajit.patch
@ -1,10 +1,14 @@
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -8,7 +8,6 @@ option(BUILD_SHARED_LUA_OPENSSL "Shared
+@@ -8,10 +8,7 @@ option(BUILD_SHARED_LUA_OPENSSL "Shared
 include(GNUInstallDirs)
 -find_package(LuaJIT)
- if(NOT LUAJIT_FOUND)
+-if(NOT LUAJIT_FOUND)
-     find_package(Lua REQUIRED)
+-    find_package(Lua REQUIRED)
- endif()
+-endif()
 +find_package(Lua REQUIRED)
 find_package(OpenSSL REQUIRED)
 set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
--- a/lang/python/python-bcrypt/Makefile
+++ b/lang/python/python-bcrypt/Makefile
@ -6,16 +6,17 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=python-bcrypt
-PKG_VERSION:=3.2.2
+PKG_VERSION:=4.0.1
 PKG_RELEASE:=1
 PYPI_NAME:=bcrypt
-PKG_HASH:=433c410c2177057705da2a9f2cd01dd157493b2a7ac14c8593a16b3dab6b6bfb
+PKG_HASH:=27d375903ac8261cfe4047f6709d16f7d18d39b1ec92aaf72af989552a650ebd
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
-PKG_BUILD_DEPENDS:=libffi/host python-cffi/host  # cffi>=1.1
+PKG_BUILD_DEPENDS:=python-setuptools-rust/host
 include ../pypi.mk
 include $(INCLUDE_DIR)/package.mk
@ -27,11 +28,12 @@ define Package/python3-bcrypt
  SUBMENU:=Python
  TITLE:=Modern password hashing
  URL:=https://github.com/pyca/bcrypt/
-  DEPENDS:=+python3-light +python3-cffi
+  DEPENDS:=+python3-light $(RUST_ARCH_DEPENDS)
 endef
 define Package/python3-bcrypt/description
-  Good password hashing for your software and your servers.
+Acceptable password hashing for your software and your servers (but you
 should really use argon2id or scrypt)
 endef
 $(eval $(call Py3Package,python3-bcrypt))
--- a/lang/python/python-bcrypt/test.sh
+++ b/lang/python/python-bcrypt/test.sh
@ -0,0 +1,11 @@
 #!/bin/sh
 [ "$1" = python3-bcrypt ] || exit 0
 python3 - << EOF
 import sys
 import bcrypt
 password = b"super secret password"
 hashed = bcrypt.hashpw(password, bcrypt.gensalt())
 sys.exit(0 if bcrypt.checkpw(password, hashed) else 1)
 EOF
--- a/lang/python/python-cffi/Makefile
+++ b/lang/python/python-cffi/Makefile
@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=python-cffi
-PKG_VERSION:=1.15.1
+PKG_VERSION:=1.16.0
 PKG_RELEASE:=1
 PYPI_NAME:=cffi
-PKG_HASH:=d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9
+PKG_HASH:=bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
@ -40,6 +40,7 @@ define Package/python3-cffi
  DEPENDS:= \
      +libffi \
      +python3-light \
      +python3-ctypes \
      +python3-pycparser
 endef
--- a/lang/python/python-cffi/patches/001-unpin-setuptools.patch
+++ b/lang/python/python-cffi/patches/001-unpin-setuptools.patch
@ -0,0 +1,10 @@
 --- a/pyproject.toml
 +++ b/pyproject.toml
@@ -2,6 +2,6 @@
 requires = [
     # first version that supports Python 3.12; older versions may work
     # with previous Python versions, but are not tested
 -    "setuptools >= 66.1"
 +    "setuptools"
 ]
 build-backend = "setuptools.build_meta"
--- a/lang/python/python-cffi/test.sh
+++ b/lang/python/python-cffi/test.sh
@ -0,0 +1,8 @@
 #!/bin/sh
 [ "$1" = python3-cffi ] || exit 0
 python3 - << EOF
 from cffi import FFI
 ffibuilder = FFI()
 EOF
--- a/lang/python/python-charset-normalizer/Makefile
+++ b/lang/python/python-charset-normalizer/Makefile
@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=python-charset-normalizer
-PKG_VERSION:=3.2.0
+PKG_VERSION:=3.3.0
 PKG_RELEASE:=1
 PYPI_NAME:=charset-normalizer
-PKG_HASH:=3bb3d25a8e6c0aedd251753a79ae98a093c7e7b471faa3aa9a93a81431987ace
+PKG_HASH:=63563193aec44bce707e0c5ca64ff69fa72ed7cf34ce6e11d5127555756fd2f6
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
--- a/lang/python/python-charset-normalizer/test.sh
+++ b/lang/python/python-charset-normalizer/test.sh
@ -0,0 +1,12 @@
 #!/bin/sh
 [ "$1" = python3-charset-normalizer ] || exit 0
 python3 - << EOF
 import sys
 from charset_normalizer import from_bytes
 s = 'Bсеки човек има право на образование.'
 byte_str = s.encode('cp1251')
 result = from_bytes(byte_str).best()
 sys.exit(0 if str(result) == s else 1)
 EOF
--- a/lang/python/python-packaging/Makefile
+++ b/lang/python/python-packaging/Makefile
@ -7,11 +7,11 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=python-packaging
-PKG_VERSION:=23.1
+PKG_VERSION:=23.2
 PKG_RELEASE:=1
 PYPI_NAME:=packaging
-PKG_HASH:=a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f
+PKG_HASH:=048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5
 PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>, Jeffery To <jeffery.to@gmail.com>
 PKG_LICENSE:=Apache-2.0 BSD-2-Clause
@ -32,7 +32,7 @@ define Package/python3-packaging
  SUBMENU:=Python
  TITLE:=Core utilities for Python packages
  URL:=https://github.com/pypa/packaging
-  DEPENDS:=+python3-light +python3-logging +python3-urllib
+  DEPENDS:=+python3-light +python3-email +python3-logging +python3-urllib
 endef
 define Package/python3-packaging/description
--- a/lang/python/python-packaging/test.sh
+++ b/lang/python/python-packaging/test.sh
@ -0,0 +1,11 @@
 #!/bin/sh
 [ "$1" = python3-packaging ] || exit 0
 python3 - << EOF
 import sys
 from packaging.version import Version, parse
 v1 = parse("1.0a5")
 v2 = Version("1.0")
 sys.exit(0 if v1 < v2 else 1)
 EOF
--- a/lang/python/python-pyopenssl/Makefile
+++ b/lang/python/python-pyopenssl/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2015-2018 OpenWrt.org
+# Copyright (C) 2015-2016, 2018-2021, 2023 Jeffery To
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=python-pyopenssl
-PKG_VERSION:=21.0.0
+PKG_VERSION:=23.2.0
 PKG_RELEASE:=1
 PYPI_NAME:=pyOpenSSL
-PKG_HASH:=5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3
+PKG_HASH:=276f931f55a452e7dea69c7173e984eb2a4407ce413c918aa34b55f82f9b8bac
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
@ -31,8 +31,8 @@ define Package/python3-pyopenssl
  URL:=https://pyopenssl.org/
  DEPENDS:= \
      +python3-light \
-      +python3-cryptography \
+      +python3-openssl \
-      +python3-six
+      +python3-cryptography
 endef
 define Package/python3-pyopenssl/description
--- a/lang/python/python-pyopenssl/test.sh
+++ b/lang/python/python-pyopenssl/test.sh
@ -0,0 +1,5 @@
 #!/bin/sh
 [ "$1" = python3-pyopenssl ] || exit 0
 python3 -m OpenSSL.debug
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=exim
 PKG_VERSION:=4.96
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/
--- a/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch
+++ b/mail/exim/patches/000-preliminary-fixes-for-ZDI-vulns.patch
@ -0,0 +1,185 @@
 From florz@florz.de Sun Oct  1 10:33:31 2023
 Received: from [10.0.0.9] (helo=cumin.exim.org)
 	by mailman with esmtp (Exim 4.94.2)
 	(envelope-from <florz@florz.de>)
 	id 1qmspP-003gpc-28
 	for exim-dev@lists.exim.org; Sun, 01 Oct 2023 09:33:31 +0000
 Authentication-Results: exim.org;
 	iprev=pass (rain.florz.de) smtp.remote-ip=2a07:12c0:1c00:40::1;
 	dmarc=none header.from=florz.de;
 	arc=none
 Received: from rain.florz.de ([2a07:12c0:1c00:40::1]:36467)
 	by cumin.exim.org with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
 	(Exim 4.94.2-31-503e55a2c)
 	(envelope-from <florz@florz.de>)
 	id 1qmspN-00EIpR-5w
 	for exim-dev@lists.exim.org; Sun, 01 Oct 2023 09:33:30 +0000
 Received: from [2a07:12c0:1c00:43::121] (port=60772 helo=florz.florz.de)
 	by rain.florz.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
 	(Exim 4.92)
 	(envelope-from <florz@florz.de>)
 	id 1qmspL-0007Zj-F8
 	for exim-dev@lists.exim.org; Sun, 01 Oct 2023 11:33:27 +0200
 Received: from florz by florz.florz.de with local (Exim 4.92)
 	(envelope-from <florz@florz.de>)
 	id 1qmspK-0001ZU-Sl
 	for exim-dev@lists.exim.org; Sun, 01 Oct 2023 11:33:26 +0200
 Date: Sun, 1 Oct 2023 11:33:26 +0200
 From: Florian Zumbiehl <florz@florz.de>
 To: exim-dev@lists.exim.org
 Message-ID: <20231001093326.GS3837@florz.florz.de>
 MIME-Version: 1.0
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 User-Agent: Mutt/1.10.1 (2018-07-13)
 X-Spam-Score: 0.0 (/)
 Message-ID-Hash: D3TCMSGJTLM76H6APEQXZEYOLYJKKCNZ
 X-Message-ID-Hash: D3TCMSGJTLM76H6APEQXZEYOLYJKKCNZ
 X-MailFrom: florz@florz.de
 X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-exim-dev.lists.exim.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
 X-Mailman-Version: 3.3.3
 Precedence: list
 Subject: [exim-dev] Hotfix for some of the ZDI vulnerabilities
 List-Id: Exim MTA  development list <exim-dev.lists.exim.org>
 List-Help: <mailto:exim-dev-request@lists.exim.org?subject=help>
 List-Owner: <mailto:exim-dev-owner@lists.exim.org>
 List-Post: <mailto:exim-dev@lists.exim.org>
 List-Subscribe: <mailto:exim-dev-join@lists.exim.org>
 List-Unsubscribe: <mailto:exim-dev-leave@lists.exim.org>
 Message: 1
 Status: RO
 Content-Length: 5347
 Hi,
 below you find a patch that fixes some (probably three?) of what I guess are
 the vulnerabilities reported by ZDI.
 Please note that the patch is only mildly tested, it is developed based on
 the git master branch, but can be applied to older versions with minor
 massaging. If you go back far enough, proxy.c was part of smtp_in.c, but if
 you adjust for that, the patch can be made to apply there, too.
 Obviously, I have no idea whether this actually addresses what ZDI has
 reported, but if not, these probably should be fixed, too, and if so, given
 the fact that I managed to rather easily find these vulnerabilities based
 on the information that's publicly available, I don't think there is much
 point to trying to keep this secret any longer--if anything, it's
 counterproductive.
 Also mind you that this is a hot fix, it's neither elegant, nor does it do
 any useful error reporting, the goal was simply to prevent out of bounds
 accesses.
 Florian
 ---
 --- a/src/auths/external.c
 +++ b/src/auths/external.c
@@ -100,6 +100,9 @@ if (expand_nmax == 0) 	/* skip if rxd da
   if ((rc = auth_prompt(CUS"")) != OK)
     return rc;
 +if (expand_nmax != 1)
 +  return FAIL;
 +
 if (ob->server_param2)
   {
   uschar * s = expand_string(ob->server_param2);
 --- a/src/auths/spa.c
 +++ b/src/auths/spa.c
@@ -165,12 +165,18 @@ if (auth_get_no64_data(&data, msgbuf) !=
   return FAIL;
 /* dump client response */
 -if (spa_base64_to_bits(CS &response, sizeof(response), CCS data) < 0)
 +int l = spa_base64_to_bits(CS &response, sizeof(response), CCS data);
 +if (l < 0)
   {
   DEBUG(D_auth) debug_printf("auth_spa_server(): bad base64 data in "
     "response: %s\n", data);
   return FAIL;
   }
 +if(l < (char *)&response.buffer - (char *)&response)return FAIL;
 +unsigned long o = IVAL(&response.uUser.offset, 0);
 +if((l < o) || (l - o < SVAL(&response.uUser.len, 0)))return FAIL;
 +o = IVAL(&response.ntResponse.offset, 0);
 +if((l < o) || (l - o < 24))return FAIL;
 /***************************************************************
 PH 07-Aug-2003: The original code here was this:
@@ -345,7 +351,10 @@ if (!smtp_read_response(sx, US buffer, b
 /* convert the challenge into the challenge struct */
 DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4);
 -spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4));
 +int l = spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4));
 +if((l < 0) || (l < (char *)&challenge.buffer - (char *)&challenge))return FAIL;
 +unsigned long o = IVAL(&challenge.uDomain.offset, 0);
 +if((l < o) || (l - o < SVAL(&challenge.uDomain.len, 0)))return FAIL;
 spa_build_auth_response(&challenge, &response, CS username, CS password);
 spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response));
 --- a/src/smtp_in.c
 +++ b/src/smtp_in.c
@@ -1172,6 +1172,8 @@ while (capacity > 0)
   do { ret = read(fd, to, 1); } while (ret == -1 && errno == EINTR && !had_command_timeout);
   if (ret == -1)
     return -1;
 +  if (!ret)
 +    break;
   have++;
   if (last)
     return have;
@@ -1320,6 +1322,8 @@ if ((ret == PROXY_INITIAL_READ) && (memc
     goto proxyfail;
     }
 +  if (ret < 16)
 +    goto proxyfail;
   /* The v2 header will always be 16 bytes per the spec. */
   size = 16 + ntohs(hdr.v2.len);
   DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n",
@@ -1340,7 +1344,7 @@ if ((ret == PROXY_INITIAL_READ) && (memc
       {
       retmore = read(fd, (uschar*)&hdr + ret, size-ret);
       } while (retmore == -1 && errno == EINTR && !had_command_timeout);
 -    if (retmore == -1)
 +    if (retmore < 1)
       goto proxyfail;
     ret += retmore;
     DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size);
@@ -1362,6 +1366,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig,
       switch (hdr.v2.fam)
         {
         case 0x11:  /* TCPv4 address type */
 +	  if (ret < 28)
 +            goto proxyfail;
           iptype = US"IPv4";
           tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr;
           inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip));
@@ -1388,6 +1394,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig,
           proxy_external_port  = tmpport;
           goto done;
         case 0x21:  /* TCPv6 address type */
 +	  if (ret < 52)
 +            goto proxyfail;
           iptype = US"IPv6";
           memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16);
           inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6));
@@ -1446,10 +1454,13 @@ else if (ret >= 8 && memcmp(hdr.v1.line,
     goto proxyfail;
   ret += r2;
 +  if(ret > 107)
 +    goto proxyfail;
 +  hdr.v1.line[ret] = 0;
   p = string_copy(hdr.v1.line);
   end = memchr(p, '\r', ret - 1);
 -  if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n')
 +  if (!end || end[1] != '\n')
     {
     DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n");
     goto proxyfail;
--- a/multimedia/ffmpeg/Config.in
+++ b/multimedia/ffmpeg/Config.in
@ -303,6 +303,9 @@ comment "Muxers"
 config FFMPEG_CUSTOM_MUXER_ac3
 	bool "AC3"
 config FFMPEG_CUSTOM_MUXER_avi
 	bool "AVI"
 config FFMPEG_CUSTOM_MUXER_h264
 	bool "H.264 Raw Video"
 	depends on FFMPEG_CUSTOM_PATENTED
--- a/multimedia/ffmpeg/Makefile
+++ b/multimedia/ffmpeg/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=ffmpeg
 PKG_VERSION:=5.1.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://ffmpeg.org/releases/
@ -69,6 +69,7 @@ FFMPEG_CUSTOM_DECODERS:= \
 FFMPEG_CUSTOM_MUXERS:= \
 	ac3 \
 	avi \
 	ffm \
 	h264 \
 	hevc \
--- a/net/aardvark-dns/Makefile
+++ b/net/aardvark-dns/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=aardvark-dns
-PKG_VERSION:=1.7.0
+PKG_VERSION:=1.8.0
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/containers/aardvark-dns/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=6ee7dfa8bab8040b917959a2f57f25496ad036a2d933c6225114e2c1e68bab0b
+PKG_HASH:=c9b818110e3d5d45f8bdb3c9ccc48c994aedb0b19fefcc7577fc1ef7ed294343
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 PKG_LICENSE:=Apache-2.0
--- a/net/adblock-fast/Makefile
+++ b/net/adblock-fast/Makefile
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=adblock-fast
 PKG_VERSION:=1.0.0
-PKG_RELEASE:=3
+PKG_RELEASE:=5
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
 PKG_LICENSE:=GPL-3.0-or-later
--- a/net/adblock-fast/files/etc/init.d/adblock-fast
+++ b/net/adblock-fast/files/etc/init.d/adblock-fast
@ -64,8 +64,9 @@ readonly sharedMemoryError="/dev/shm/$packageName-error"
 readonly hostsFilter='/localhost/d;/^#/d;/^[^0-9]/d;s/^0\.0\.0\.0.//;s/^127\.0\.0\.1.//;s/[[:space:]]*#.*$//;s/[[:cntrl:]]$//;s/[[:space:]]//g;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;'
 readonly domainsFilter='/^#/d;s/[[:space:]]*#.*$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;'
 readonly adBlockPlusFilter='/^#/d;/^!/d;s/[[:space:]]*#.*$//;s/^||//;s/\^$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;'
-readonly dnsmasqFileFilter='\|^server=/[[:alnum:]_.-].*/|!d'
+readonly dnsmasqFileFilter='\|^server=/[[:alnum:]_.-].*/|!d;s|server=/||;s|/.*$||'
-readonly dnsmasq2FileFilter='\|^local=/[[:alnum:]_.-].*/|!d'
+readonly dnsmasq2FileFilter='\|^local=/[[:alnum:]_.-].*/|!d;s|local=/||;s|/.*$||'
 readonly dnsmasq3FileFilter='\|^address=/[[:alnum:]_.-].*/|!d;s|address=/||;s|/.*$||'
 readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m'
 readonly _FAIL_='\033[0;31m\xe2\x9c\x97\033[0m'
 readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m'
@ -152,6 +153,7 @@ get_text() {
 		errorNoSSLSupport) r="no HTTPS/SSL support on device";;
 		errorCreatingDirectory) r="failed to create output/cache/gzip file directory";;
 		errorDetectingFileType) r="failed to detect format";;
 		errorNothingToDo) r="no blocked list URLs nor blocked-domains enabled";;
 		statusNoInstall) r="$serviceName is not installed or not found";;
 		statusStopped) r="Stopped";;
@ -273,11 +275,13 @@ append_url() {
 	local file="$1"
 	if [ "$(head -1 "$file")" = '[Adblock Plus]' ] || \
 		grep -q '^||' "$file"; then
- 		echo 'adBlockPlus'
+ 		echo 'adblockplus'
 	elif grep -q '^server=' "$file"; then
- 		echo 'dnsmasqFile'
+ 		echo 'dnsmasq'
 	elif grep -q '^local=' "$file"; then
- 		echo 'dnsmasq2File'
+ 		echo 'dnsmasq2'
 	elif grep -q '^address=' "$file"; then
 		echo 'dnsmasq3'
 	elif grep -q '^0.0.0.0' "$file" || grep -q '^127.0.0.1' "$file"; then
 		echo 'hosts'
 	elif [ -n "$(sed "$domainsFilter" "$file" | head -1)" ]; then
@ -287,11 +291,11 @@ append_url() {
 # detect_file_type() {
 # 	local file="$1"
 # 	if [ -n "$(sed "$adBlockPlusFilter" "$file" | head -1)" ]; then
-# 		echo 'adBlockPlus'
+# 		echo 'adblockplus'
 # 	elif [ -n "$(sed "$dnsmasqFileFilter" "$file" | head -1)" ]; then
-# 		echo 'dnsmasqFile'
+# 		echo 'dnsmasq'
 # 	elif [ -n "$(sed "$dnsmasq2FileFilter" "$file" | head -1)" ]; then
-# 		echo 'dnsmasq2File'
+# 		echo 'dnsmasq2'
 # 	elif [ -n "$(sed "$hostsFilter" "$file" | head -1)" ]; then
 # 		echo 'hosts'
 # 	elif [ -n "$(sed "$domainsFilter" "$file" | head -1)" ]; then
@ -864,9 +868,10 @@ process_file_url() {
 		fi
 		format="$(detect_file_type "$R_TMP")"
 		case "$format" in
-			adBlockPlus) filter="$adBlockPlusFilter";;
+			adblockplus) filter="$adBlockPlusFilter";;
-			dnsmasqFile) filter="$dnsmasqFileFilter";;
+			dnsmasq) filter="$dnsmasqFileFilter";;
-			dnsmasq2File) filter="$dnsmasq2FileFilter";;
+			dnsmasq2) filter="$dnsmasq2FileFilter";;
 			dnsmasq3) filter="$dnsmasq3FileFilter";;
 			domains) filter="$domainsFilter";;
 			hosts) filter="$hostsFilter";;
 			*)
@ -877,7 +882,9 @@ process_file_url() {
 				return 0
 			;;
 		esac
-		sed -i "$filter" "$R_TMP"
+		if [ -n "$filter" ] && [ "$action" != 'file' ]; then
 			sed -i "$filter" "$R_TMP"
 		fi
 		if [ ! -s "$R_TMP" ]; then
 			output 1 "$_FAIL_"
 			output 2 "[DL] $type $label ($format) $__FAIL__\\n"
@ -1037,15 +1044,16 @@ $(cat $A_TMP)"
 		mv "$A_TMP" "$B_TMP"
 	fi
-	output 2 'Allowing domains '
+	if [ -n "$allow_filter" ]; then
-	json set message "$(get_text "statusProcessing"): allowing domains"
+		output 2 'Allowing domains '
-	if sed -i -E "$allow_filter" "$B_TMP"; then
+		json set message "$(get_text "statusProcessing"): allowing domains"
-		output_ok
+		if sed -i -E "$allow_filter" "$B_TMP"; then
-	else
+			output_ok
-		output_failn
+		else
-		json add error "errorAllowListProcessing"
+			output_failn
 			json add error "errorAllowListProcessing"
 		fi
 	fi
 	output 2 'Formatting merged file '
 	json set message "$(get_text "statusProcessing"): formatting merged file"
 	if [ -z "$outputFilterIPv6" ]; then
@ -1389,21 +1397,27 @@ adb_start() {
 		fi
 	fi
 	if [ "$action" = 'download' ]; then
-		if [ -s "$outputFile" ] || cache 'test' || cache 'test_gzip'; then
+		if [ -z "$blocked_url" ] && [ -z "$blocked_domain" ]; then
-			output 0 "Force-reloading $serviceName... "
+			json set status "statusFail"
-			output 3 "Force-reloading $serviceName...\\n"
+			json add error "errorNothingToDo"
-			json set status "statusForceReloading"
+			output "${_ERROR_}: $(get_text 'errorNothingToDo')!\\n"
 		else
-			output 0 "Starting $serviceName... "
+			if [ -s "$outputFile" ] || cache 'test' || cache 'test_gzip'; then
-			output 3 "Starting $serviceName...\\n"
+				output 0 "Force-reloading $serviceName... "
-			json set status "statusStarting"
+				output 3 "Force-reloading $serviceName...\\n"
 				json set status "statusForceReloading"
 			else
 				output 0 "Starting $serviceName... "
 				output 3 "Starting $serviceName...\\n"
 				json set status "statusStarting"
 			fi
 			if [ "$dns" = 'dnsmasq.conf' ] && [ -n "$dnsmasq_config_file_url" ]; then
 				download_dnsmasq_file
 			else
 				download_lists
 			fi
 			dns 'on_start'
 		fi
 		if [ "$dns" = 'dnsmasq.conf' ] && [ -n "$dnsmasq_config_file_url" ]; then
 			download_dnsmasq_file
 		else
 			download_lists
 		fi
 		dns 'on_start'
 	fi
 	if [ "$action" = 'restart' ]; then
 		output 0 "Restarting $serviceName... "
--- a/net/aircrack-ng/Makefile
+++ b/net/aircrack-ng/Makefile
@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=aircrack-ng
-PKG_VERSION:=1.6
+PKG_VERSION:=1.7
-PKG_RELEASE:=3
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:aircrack-ng:aircrack-ng
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://download.aircrack-ng.org/
-PKG_HASH:=4f0bfd486efc6ea7229f7fbc54340ff8b2094a0d73e9f617e0a39f878999a247
+PKG_HASH:=05a704e3c8f7792a17315080a21214a4448fd2452c1b0dd5226a3a55f90b58c3
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
@ -40,7 +40,7 @@ include $(INCLUDE_DIR)/package.mk
 define Package/aircrack-ng
  SECTION:=net
  CATEGORY:=Network
-  DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre +libpthread +libstdcpp
+  DEPENDS:=+AIRCRACK_NG_HWLOC:libhwloc +libpcap +libpcre2 +libpthread +libstdcpp
  DEPENDS += +AIRCRACK_NG_OPENSSL:libopenssl
  DEPENDS += +AIRCRACK_NG_GCRYPT:libgcrypt
  DEPENDS += +AIRCRACK_NG_SQLITE3:libsqlite3
--- a/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch
+++ b/net/aircrack-ng/patches/100-01-autotools-add-PCRE2-detection.patch
@ -0,0 +1,94 @@
 From 6b05dc10cdcf45d50bc8f9dd74667a3ff399a059 Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Fri, 20 Jan 2023 14:52:12 +0100
 Subject: [PATCH 1/9] autotools: add PCRE2 detection
 ---
 build/m4/aircrack_ng_pcre2.m4 | 61 +++++++++++++++++++++++++++++++++++
 configure.ac                  |  2 ++
 2 files changed, 63 insertions(+)
 create mode 100644 build/m4/aircrack_ng_pcre2.m4
 --- /dev/null
 +++ b/build/m4/aircrack_ng_pcre2.m4
@@ -0,0 +1,61 @@
 +dnl Aircrack-ng
 +dnl
 +dnl Copyright (C) 2023 Andras Gemes <andrasgemes@outlook.com>
 +dnl
 +dnl Autotool support was written by: Joseph Benden <joe@benden.us>
 +dnl
 +dnl This program is free software; you can redistribute it and/or modify
 +dnl it under the terms of the GNU General Public License as published by
 +dnl the Free Software Foundation; either version 2 of the License, or
 +dnl (at your option) any later version.
 +dnl
 +dnl This program is distributed in the hope that it will be useful,
 +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
 +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +dnl GNU General Public License for more details.
 +dnl
 +dnl You should have received a copy of the GNU General Public License
 +dnl along with this program; if not, write to the Free Software
 +dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 +dnl
 +dnl In addition, as a special exception, the copyright holders give
 +dnl permission to link the code of portions of this program with the
 +dnl OpenSSL library under certain conditions as described in each
 +dnl individual source file, and distribute linked combinations
 +dnl including the two.
 +dnl
 +dnl You must obey the GNU General Public License in all respects
 +dnl for all of the code used other than OpenSSL.
 +dnl
 +dnl If you modify file(s) with this exception, you may extend this
 +dnl exception to your dnl version of the file(s), but you are not obligated
 +dnl to do so.
 +dnl
 +dnl If you dnl do not wish to do so, delete this exception statement from your
 +dnl version.
 +dnl
 +dnl If you delete this exception statement from all source files in the
 +dnl program, then also delete it here.
 +
 +AC_DEFUN([AIRCRACK_NG_PCRE2], [
 +AC_ARG_ENABLE(static-pcre2,
 +    AS_HELP_STRING([--enable-static-pcre2],
 +		[Enable statically linked PCRE2 libpcre2-8.]),
 +    [static_pcre2=$enableval], [static_pcre2=no])
 +
 +if test "x$static_pcre2" != "xno"; then
 +	AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT])
 +	AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version)
 +	if test "x$PCRE2_FOUND" = xyes; then
 +		HAVE_PCRE2=yes
 +	else
 +		HAVE_PCRE2=no
 +	fi
 +else
 +	PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no)
 +fi
 +
 +AS_IF([test "x$HAVE_PCRE2" = "xyes"], [
 +    AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system])
 +])
 +])
 \ No newline at end of file
 --- a/configure.ac
 +++ b/configure.ac
@@ -144,6 +144,7 @@ AIRCRACK_NG_EXT_SCRIPTS
 AIRCRACK_NG_HWLOC
 AIRCRACK_NG_PCAP
 AIRCRACK_NG_PCRE
 +AIRCRACK_NG_PCRE2
 AIRCRACK_NG_RFKILL
 AIRCRACK_NG_SQLITE
 AIRCRACK_NG_ZLIB
@@ -320,6 +321,7 @@ ${PACKAGE} ${VERSION}
     Jemalloc:                    ${JEMALLOC}
     Pcap:                        ${PCAP_FOUND}
     Pcre:                        ${HAVE_PCRE}
 +    Pcre2:                       ${HAVE_PCRE2}
     Sqlite:                      ${HAVE_SQLITE3}
     Tcmalloc:                    ${TCMALLOC}
     Zlib:                        ${HAVE_ZLIB}
--- a/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch
+++ b/net/aircrack-ng/patches/100-02-airodump-ng-add-PCRE2-support.patch
@ -0,0 +1,142 @@
 From 37bc38a1749f61f3e54dbebca7b33df844b6de82 Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Fri, 20 Jan 2023 14:53:59 +0100
 Subject: [PATCH 2/9] airodump-ng: add PCRE2 support
 ---
 src/airodump-ng/airodump-ng.c | 75 +++++++++++++++++++++++++++++++----
 1 file changed, 67 insertions(+), 8 deletions(-)
 --- a/src/airodump-ng/airodump-ng.c
 +++ b/src/airodump-ng/airodump-ng.c
@@ -68,7 +68,10 @@
 #include <sys/wait.h>
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif defined HAVE_PCRE
 #include <pcre.h>
 #endif
@@ -150,7 +153,10 @@ static struct local_options
 	unsigned char prev_bssid[6];
 	char ** f_essid;
 	int f_essid_count;
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	pcre2_code * f_essid_regex;
 +	pcre2_match_data * f_essid_match_data;
 +#elif defined HAVE_PCRE
 	pcre * f_essid_regex;
 #endif
 	char * dump_prefix;
@@ -784,7 +790,7 @@ static const char usage[] =
 	"      --netmask <netmask>   : Filter APs by mask\n"
 	"      --bssid     <bssid>   : Filter APs by BSSID\n"
 	"      --essid     <essid>   : Filter APs by ESSID\n"
 -#ifdef HAVE_PCRE
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 	"      --essid-regex <regex> : Filter APs by ESSID using a regular\n"
 	"                              expression\n"
 #endif
@@ -857,7 +863,22 @@ int is_filtered_essid(const uint8_t * es
 		ret = 1;
 	}
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	if (lopt.f_essid_regex)
 +	{
 +		lopt.f_essid_match_data
 +			= pcre2_match_data_create_from_pattern(lopt.f_essid_regex, NULL);
 +
 +		return pcre2_match(lopt.f_essid_regex,
 +						   (PCRE2_SPTR) essid,
 +						   (int) strnlen((char *) essid, ESSID_LENGTH),
 +						   0,
 +						   0,
 +						   lopt.f_essid_match_data,
 +						   0)
 +			   < 0;
 +	}
 +#elif defined HAVE_PCRE
 	if (lopt.f_essid_regex)
 	{
 		return pcre_exec(lopt.f_essid_regex,
@@ -5782,7 +5803,10 @@ int main(int argc, char * argv[])
 	int wi_read_failed = 0;
 	int n = 0;
 	int output_format_first_time = 1;
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	int pcreerror;
 +	PCRE2_SIZE pcreerroffset;
 +#elif defined HAVE_PCRE
 	const char * pcreerror;
 	int pcreerroffset;
 #endif
@@ -5938,7 +5962,9 @@ int main(int argc, char * argv[])
 #ifdef CONFIG_LIBNL
 	lopt.htval = CHANNEL_NO_HT;
 #endif
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	lopt.f_essid_regex = NULL;
 +#elif defined HAVE_PCRE
 	lopt.f_essid_regex = NULL;
 #endif
@@ -6359,7 +6385,34 @@ int main(int argc, char * argv[])
 			case 'R':
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +				if (lopt.f_essid_regex != NULL)
 +				{
 +					printf("Error: ESSID regular expression already given. "
 +						   "Aborting\n");
 +					exit(EXIT_FAILURE);
 +				}
 +
 +				lopt.f_essid_regex = pcre2_compile((PCRE2_SPTR) optarg,
 +												   PCRE2_ZERO_TERMINATED,
 +												   0,
 +												   &pcreerror,
 +												   &pcreerroffset,
 +												   NULL);
 +
 +				if (lopt.f_essid_regex == NULL)
 +				{
 +					PCRE2_UCHAR pcreerrbuffer[256];
 +					pcre2_get_error_message(
 +						pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer));
 +
 +					printf("Error: regular expression compilation failed at "
 +						   "offset %lu: %s; aborting\n",
 +						   pcreerroffset,
 +						   pcreerrbuffer);
 +					exit(EXIT_FAILURE);
 +				}
 +#elif defined HAVE_PCRE
 				if (lopt.f_essid_regex != NULL)
 				{
 					printf("Error: ESSID regular expression already given. "
@@ -7297,7 +7350,13 @@ int main(int argc, char * argv[])
 	if (lopt.keyout) free(lopt.keyout);
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	if (lopt.f_essid_regex)
 +	{
 +		pcre2_match_data_free(lopt.f_essid_match_data);
 +		pcre2_code_free(lopt.f_essid_regex);
 +	}
 +#elif defined HAVE_PCRE
 	if (lopt.f_essid_regex) pcre_free(lopt.f_essid_regex);
 #endif
--- a/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch
+++ b/net/aircrack-ng/patches/100-03-besside-ng-add-PCRE2-support.patch
@ -0,0 +1,146 @@
 From dbc80d96cfba2dab959ab20bf76f8dd4f517bd29 Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Fri, 20 Jan 2023 14:55:18 +0100
 Subject: [PATCH 3/9] besside-ng: add PCRE2 support
 ---
 src/besside-ng/besside-ng.c | 86 ++++++++++++++++++++++++++++++++++---
 1 file changed, 79 insertions(+), 7 deletions(-)
 --- a/src/besside-ng/besside-ng.c
 +++ b/src/besside-ng/besside-ng.c
@@ -57,7 +57,10 @@
 #include <unistd.h>
 #include <limits.h>
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif defined HAVE_PCRE
 #include <pcre.h>
 #endif
@@ -155,7 +158,10 @@ static struct conf
 	int cf_do_wep;
 	int cf_do_wpa;
 	char * cf_wpa_server;
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	pcre2_code * cf_essid_regex;
 +	pcre2_match_data * cf_essid_match_data;
 +#elif defined HAVE_PCRE
 	pcre * cf_essid_regex;
 #endif
 } _conf;
@@ -1116,7 +1122,31 @@ static void attack_ping(void * a)
 	timer_in(100 * 1000, attack_ping, n);
 }
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +static int is_filtered_essid(char * essid)
 +{
 +	REQUIRE(essid != NULL);
 +
 +	int ret = 0;
 +
 +	if (_conf.cf_essid_regex)
 +	{
 +		_conf.cf_essid_match_data
 +			= pcre2_match_data_create_from_pattern(_conf.cf_essid_regex, NULL);
 +
 +		return pcre2_match(_conf.cf_essid_regex,
 +						   (PCRE2_SPTR) essid,
 +						   (int) strnlen((char *) essid, MAX_IE_ELEMENT_SIZE),
 +						   0,
 +						   0,
 +						   _conf.cf_essid_match_data,
 +						   0)
 +			   < 0;
 +	}
 +
 +	return (ret);
 +}
 +#elif defined HAVE_PCRE
 static int is_filtered_essid(char * essid)
 {
 	REQUIRE(essid != NULL);
@@ -1148,7 +1178,12 @@ static int should_attack(struct network
 	if (_conf.cf_bssid && memcmp(_conf.cf_bssid, n->n_bssid, 6) != 0)
 		return (0);
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	if (is_filtered_essid(n->n_ssid))
 +	{
 +		return (0);
 +	}
 +#elif defined HAVE_PCRE
 	if (is_filtered_essid(n->n_ssid))
 	{
 		return (0);
@@ -3007,7 +3042,13 @@ static void cleanup(int UNUSED(x))
 	print_work();
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	if (_conf.cf_essid_regex)
 +	{
 +		pcre2_match_data_free(_conf.cf_essid_match_data);
 +		pcre2_code_free(_conf.cf_essid_regex);
 +	}
 +#elif defined HAVE_PCRE
 	if (_conf.cf_essid_regex) pcre_free(_conf.cf_essid_regex);
 #endif
@@ -3295,7 +3336,10 @@ static void usage(char * prog)
 int main(int argc, char * argv[])
 {
 	int ch, temp;
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +	int pcreerror;
 +	PCRE2_SIZE pcreerroffset;
 +#elif defined HAVE_PCRE
 	const char * pcreerror;
 	int pcreerroffset;
 #endif
@@ -3349,7 +3393,35 @@ int main(int argc, char * argv[])
 				break;
 			case 'R':
 -#ifdef HAVE_PCRE
 +#ifdef HAVE_PCRE2
 +				if (_conf.cf_essid_regex != NULL)
 +				{
 +					printf("Error: ESSID regular expression already given. "
 +						   "Aborting\n");
 +					exit(EXIT_FAILURE);
 +				}
 +
 +				_conf.cf_essid_regex = pcre2_compile((PCRE2_SPTR) optarg,
 +													 PCRE2_ZERO_TERMINATED,
 +													 0,
 +													 &pcreerror,
 +													 &pcreerroffset,
 +													 NULL);
 +
 +				if (_conf.cf_essid_regex == NULL)
 +				{
 +					PCRE2_UCHAR pcreerrbuffer[256];
 +					pcre2_get_error_message(
 +						pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer));
 +
 +					printf("Error: regular expression compilation failed at "
 +						   "offset %lu: %s; aborting\n",
 +						   pcreerroffset,
 +						   pcreerrbuffer);
 +					exit(EXIT_FAILURE);
 +				}
 +				break;
 +#elif defined HAVE_PCRE
 				if (_conf.cf_essid_regex != NULL)
 				{
 					printf("Error: ESSID regular expression already given. "
--- a/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch
+++ b/net/aircrack-ng/patches/100-04-makefile-add-PCRE2-to-linker-flags.patch
@ -0,0 +1,29 @@
 From ca05a44c449be3c433ea67c04f11d544ab62395f Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Fri, 20 Jan 2023 14:57:16 +0100
 Subject: [PATCH 4/9] makefile: add PCRE2 to linker flags
 ---
 src/Makefile.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 --- a/src/Makefile.inc
 +++ b/src/Makefile.inc
@@ -130,7 +130,7 @@ aireplay_ng_LDADD		= $(COMMON_LDADD) $(L
 airodump_ng_SOURCES		= $(SRC_ADU) $(SRC_DWRITE)
 airodump_ng_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS)
 airodump_ng_CPPFLAGS	= $(AM_CPPFLAGS) -I$(abs_srcdir)/src/airodump-ng
 -airodump_ng_LDADD			= $(COMMON_LDADD) $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 +airodump_ng_LDADD			= $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 airserv_ng_SOURCES	= $(SRC_AS)
 airserv_ng_CFLAGS		= $(COMMON_CFLAGS) $(LIBNL_CFLAGS)
@@ -164,7 +164,7 @@ buddy_ng_LDADD		= $(COMMON_LDADD) $(LIBA
 besside_ng_SOURCES	= $(SRC_BS)
 besside_ng_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS)
 -besside_ng_LDADD		= $(COMMON_LDADD) $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 +besside_ng_LDADD		= $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 besside_ng_crawler_SOURCES	= $(SRC_BC)
 besside_ng_crawler_CFLAGS		= $(COMMON_CFLAGS) $(PCAP_CFLAGS)
--- a/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch
+++ b/net/aircrack-ng/patches/100-05-airodump-ng-dump_write-remove-unused-PCRE-include.patch
@ -0,0 +1,21 @@
 From fa532b05d48e856c774837b83a3323dafcc8c33e Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Fri, 20 Jan 2023 14:58:35 +0100
 Subject: [PATCH 5/9] airodump-ng/dump_write: remove unused PCRE include
 ---
 src/airodump-ng/dump_write.c | 3 ---
 1 file changed, 3 deletions(-)
 --- a/src/airodump-ng/dump_write.c
 +++ b/src/airodump-ng/dump_write.c
@@ -45,9 +45,6 @@
 #include <unistd.h> // ftruncate
 #include <sys/types.h> // ftruncate
 #include <sys/time.h>
 -#ifdef HAVE_PCRE
 -#include <pcre.h>
 -#endif
 #include "aircrack-ng/defs.h"
 #include "airodump-ng.h"
--- a/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch
+++ b/net/aircrack-ng/patches/100-07-compat-pcre-add-compat-type-PCRE-header.patch
@ -0,0 +1,114 @@
 From bac9b5fed2bb29e13326c90d7c12a6936fe9f04b Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Sat, 21 Jan 2023 19:29:58 +0100
 Subject: [PATCH 7/9] compat-pcre: add compat-type PCRE header
 ---
 include/Makefile.inc                   |  1 +
 include/aircrack-ng/pcre/compat-pcre.h | 90 ++++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 include/aircrack-ng/pcre/compat-pcre.h
 --- a/include/Makefile.inc
 +++ b/include/Makefile.inc
@@ -71,6 +71,7 @@ nobase_aircrack_HEADERS = 	%D%/aircrack-
                             %D%/aircrack-ng/osdep/network.h \
                             %D%/aircrack-ng/osdep/osdep.h \
                             %D%/aircrack-ng/osdep/packed.h \
 +                            %D%/aircrack-ng/pcre/compat-pcre.h \
                             %D%/aircrack-ng/ptw/aircrack-ptw-lib.h \
                             %D%/aircrack-ng/support/common.h \
                             %D%/aircrack-ng/support/communications.h \
 --- /dev/null
 +++ b/include/aircrack-ng/pcre/compat-pcre.h
@@ -0,0 +1,90 @@
 +/*
 +*  Copyright (C) 2023 Andras Gemes <andrasgemes@outlook.com>
 +*
 +*  This program is free software; you can redistribute it and/or modify
 +*  it under the terms of the GNU General Public License as published by
 +*  the Free Software Foundation; either version 2 of the License, or
 +*  (at your option) any later version.
 +*
 +*  This program is distributed in the hope that it will be useful,
 +*  but WITHOUT ANY WARRANTY; without even the implied warranty of
 +*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +*  GNU General Public License for more details.
 +*
 +*  You should have received a copy of the GNU General Public License
 +*  along with this program; if not, write to the Free Software
 +*  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 +*
 +*
 +*  In addition, as a special exception, the copyright holders give
 +*  permission to link the code of portions of this program with the
 +*  OpenSSL library under certain conditions as described in each
 +*  individual source file, and distribute linked combinations
 +*  including the two.
 +*  You must obey the GNU General Public License in all respects
 +*  for all of the code used other than OpenSSL. *  If you modify
 +*  file(s) with this exception, you may extend this exception to your
 +*  version of the file(s), but you are not obligated to do so. *  If you
 +*  do not wish to do so, delete this exception statement from your
 +*  version. *  If you delete this exception statement from all source
 +*  files in the program, then also delete it here.
 +*/
 +
 +#ifndef AIRCRACK_NG_COMPAT_PCRE_H
 +#define AIRCRACK_NG_COMPAT_PCRE_H
 +
 +#ifdef HAVE_PCRE2
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif defined HAVE_PCRE
 +#include <pcre.h>
 +#endif
 +
 +#ifdef HAVE_PCRE2
 +#define COMPAT_PCRE_COMPILE(pattern, pcreerror, pcreerroffset)                 \
 +	pcre2_compile((PCRE2_SPTR) (pattern),                                      \
 +				  PCRE2_ZERO_TERMINATED,                                       \
 +				  0,                                                           \
 +				  (pcreerror),                                                 \
 +				  (pcreerroffset),                                             \
 +				  NULL)
 +#elif defined HAVE_PCRE
 +#define COMPAT_PCRE_COMPILE(pattern, pcreerror, pcreerroffset)                 \
 +	pcre_compile((pattern), 0, (pcreerror), (pcreerroffset), NULL)
 +#endif
 +
 +#ifdef HAVE_PCRE2
 +#define COMPAT_PCRE_MATCH(regex, essid, length, match_data)                    \
 +	pcre2_match((regex),                                                       \
 +				(PCRE2_SPTR) (essid),                                          \
 +				(int) strnlen((char *) (essid), (length)),                     \
 +				0,                                                             \
 +				0,                                                             \
 +				(match_data),                                                  \
 +				0)
 +#elif defined HAVE_PCRE
 +#define COMPAT_PCRE_MATCH(regex, essid, length, match_data)                    \
 +	pcre_exec((regex),                                                         \
 +			  NULL,                                                            \
 +			  (char *) (essid),                                                \
 +			  strnlen((char *) (essid), (length)),                             \
 +			  0,                                                               \
 +			  0,                                                               \
 +			  NULL,                                                            \
 +			  0)
 +#endif
 +
 +#ifdef HAVE_PCRE2
 +#define COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerr)                        \
 +	printf("Error: regular expression compilation failed at "                  \
 +		   "offset %zu: %s; aborting\n",                                       \
 +		   (pcreerroffset),                                                    \
 +		   (pcreerr))
 +#elif defined HAVE_PCRE
 +#define COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf)                   \
 +	printf("Error: regular expression compilation failed at "                  \
 +		   "offset %d: %s; aborting\n",                                        \
 +		   (pcreerroffset),                                                    \
 +		   (pcreerrorbuf))
 +#endif
 +#endif //AIRCRACK_NG_COMPAT_PCRE_H
--- a/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch
+++ b/net/aircrack-ng/patches/100-08-airodump-ng-utilize-compat-pcre.patch
@ -0,0 +1,146 @@
 From e7ace80dbcfd2feecbbc6263ce59ce20acdafca0 Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Sat, 21 Jan 2023 19:31:07 +0100
 Subject: [PATCH 8/9] airodump-ng: utilize compat-pcre
 ---
 src/airodump-ng/airodump-ng.c | 80 +++++++++--------------------------
 1 file changed, 19 insertions(+), 61 deletions(-)
 --- a/src/airodump-ng/airodump-ng.c
 +++ b/src/airodump-ng/airodump-ng.c
@@ -68,13 +68,7 @@
 #include <sys/wait.h>
 -#ifdef HAVE_PCRE2
 -#define PCRE2_CODE_UNIT_WIDTH 8
 -#include <pcre2.h>
 -#elif defined HAVE_PCRE
 -#include <pcre.h>
 -#endif
 -
 +#include "aircrack-ng/pcre/compat-pcre.h"
 #include "aircrack-ng/defs.h"
 #include "aircrack-ng/version.h"
 #include "aircrack-ng/support/pcap_local.h"
@@ -863,33 +857,22 @@ int is_filtered_essid(const uint8_t * es
 		ret = 1;
 	}
 -#ifdef HAVE_PCRE2
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 	if (lopt.f_essid_regex)
 	{
 +#ifdef HAVE_PCRE2
 		lopt.f_essid_match_data
 			= pcre2_match_data_create_from_pattern(lopt.f_essid_regex, NULL);
 -		return pcre2_match(lopt.f_essid_regex,
 -						   (PCRE2_SPTR) essid,
 -						   (int) strnlen((char *) essid, ESSID_LENGTH),
 -						   0,
 -						   0,
 -						   lopt.f_essid_match_data,
 -						   0)
 +		return COMPAT_PCRE_MATCH(lopt.f_essid_regex,
 +								 essid,
 +								 ESSID_LENGTH,
 +								 lopt.f_essid_match_data)
 			   < 0;
 -	}
 #elif defined HAVE_PCRE
 -	if (lopt.f_essid_regex)
 -	{
 -		return pcre_exec(lopt.f_essid_regex,
 -						 NULL,
 -						 (char *) essid,
 -						 (int) strnlen((char *) essid, ESSID_LENGTH),
 -						 0,
 -						 0,
 -						 NULL,
 -						 0)
 +		return COMPAT_PCRE_MATCH(lopt.f_essid_regex, essid, ESSID_LENGTH, NULL)
 			   < 0;
 +#endif
 	}
 #endif
@@ -5805,6 +5788,7 @@ int main(int argc, char * argv[])
 	int output_format_first_time = 1;
 #ifdef HAVE_PCRE2
 	int pcreerror;
 +	PCRE2_UCHAR pcreerrorbuf[256];
 	PCRE2_SIZE pcreerroffset;
 #elif defined HAVE_PCRE
 	const char * pcreerror;
@@ -5962,9 +5946,7 @@ int main(int argc, char * argv[])
 #ifdef CONFIG_LIBNL
 	lopt.htval = CHANNEL_NO_HT;
 #endif
 -#ifdef HAVE_PCRE2
 -	lopt.f_essid_regex = NULL;
 -#elif defined HAVE_PCRE
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 	lopt.f_essid_regex = NULL;
 #endif
@@ -6385,7 +6367,7 @@ int main(int argc, char * argv[])
 			case 'R':
 -#ifdef HAVE_PCRE2
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 				if (lopt.f_essid_regex != NULL)
 				{
 					printf("Error: ESSID regular expression already given. "
@@ -6393,42 +6375,18 @@ int main(int argc, char * argv[])
 					exit(EXIT_FAILURE);
 				}
 -				lopt.f_essid_regex = pcre2_compile((PCRE2_SPTR) optarg,
 -												   PCRE2_ZERO_TERMINATED,
 -												   0,
 -												   &pcreerror,
 -												   &pcreerroffset,
 -												   NULL);
 +				lopt.f_essid_regex
 +					= COMPAT_PCRE_COMPILE(optarg, &pcreerror, &pcreerroffset);
 				if (lopt.f_essid_regex == NULL)
 				{
 -					PCRE2_UCHAR pcreerrbuffer[256];
 +#ifdef HAVE_PCRE2
 					pcre2_get_error_message(
 -						pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer));
 -
 -					printf("Error: regular expression compilation failed at "
 -						   "offset %lu: %s; aborting\n",
 -						   pcreerroffset,
 -						   pcreerrbuffer);
 -					exit(EXIT_FAILURE);
 -				}
 +						pcreerror, pcreerrorbuf, sizeof(pcreerrorbuf));
 +					COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf);
 #elif defined HAVE_PCRE
 -				if (lopt.f_essid_regex != NULL)
 -				{
 -					printf("Error: ESSID regular expression already given. "
 -						   "Aborting\n");
 -					exit(EXIT_FAILURE);
 -				}
 -
 -				lopt.f_essid_regex
 -					= pcre_compile(optarg, 0, &pcreerror, &pcreerroffset, NULL);
 -
 -				if (lopt.f_essid_regex == NULL)
 -				{
 -					printf("Error: regular expression compilation failed at "
 -						   "offset %d: %s; aborting\n",
 -						   pcreerroffset,
 -						   pcreerror);
 +					COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerror);
 +#endif
 					exit(EXIT_FAILURE);
 				}
 #else
--- a/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch
+++ b/net/aircrack-ng/patches/100-09-besside-ng-utilize-compat-pcre.patch
@ -0,0 +1,165 @@
 From d7eb251f945524b419e8c90dd54c640d9922e5d5 Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Sat, 21 Jan 2023 19:31:31 +0100
 Subject: [PATCH 9/9] besside-ng: utilize compat-pcre
 ---
 src/besside-ng/besside-ng.c | 94 ++++++++-----------------------------
 1 file changed, 20 insertions(+), 74 deletions(-)
 --- a/src/besside-ng/besside-ng.c
 +++ b/src/besside-ng/besside-ng.c
@@ -57,13 +57,7 @@
 #include <unistd.h>
 #include <limits.h>
 -#ifdef HAVE_PCRE2
 -#define PCRE2_CODE_UNIT_WIDTH 8
 -#include <pcre2.h>
 -#elif defined HAVE_PCRE
 -#include <pcre.h>
 -#endif
 -
 +#include "aircrack-ng/pcre/compat-pcre.h"
 #include "aircrack-ng/defs.h"
 #include "aircrack-ng/aircrack-ng.h"
 #include "aircrack-ng/version.h"
@@ -1122,7 +1116,7 @@ static void attack_ping(void * a)
 	timer_in(100 * 1000, attack_ping, n);
 }
 -#ifdef HAVE_PCRE2
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 static int is_filtered_essid(char * essid)
 {
 	REQUIRE(essid != NULL);
@@ -1131,39 +1125,20 @@ static int is_filtered_essid(char * essi
 	if (_conf.cf_essid_regex)
 	{
 +#ifdef HAVE_PCRE2
 		_conf.cf_essid_match_data
 			= pcre2_match_data_create_from_pattern(_conf.cf_essid_regex, NULL);
 -		return pcre2_match(_conf.cf_essid_regex,
 -						   (PCRE2_SPTR) essid,
 -						   (int) strnlen((char *) essid, MAX_IE_ELEMENT_SIZE),
 -						   0,
 -						   0,
 -						   _conf.cf_essid_match_data,
 -						   0)
 +		return COMPAT_PCRE_MATCH(_conf.cf_essid_regex,
 +								 essid,
 +								 MAX_IE_ELEMENT_SIZE,
 +								 _conf.cf_essid_match_data)
 			   < 0;
 -	}
 -
 -	return (ret);
 -}
 #elif defined HAVE_PCRE
 -static int is_filtered_essid(char * essid)
 -{
 -	REQUIRE(essid != NULL);
 -
 -	int ret = 0;
 -
 -	if (_conf.cf_essid_regex)
 -	{
 -		return pcre_exec(_conf.cf_essid_regex,
 -						 NULL,
 -						 (char *) essid,
 -						 strnlen((char *) essid, MAX_IE_ELEMENT_SIZE),
 -						 0,
 -						 0,
 -						 NULL,
 -						 0)
 +		return COMPAT_PCRE_MATCH(
 +				   _conf.cf_essid_regex, essid, MAX_IE_ELEMENT_SIZE, NULL)
 			   < 0;
 +#endif
 	}
 	return (ret);
@@ -1178,12 +1153,7 @@ static int should_attack(struct network
 	if (_conf.cf_bssid && memcmp(_conf.cf_bssid, n->n_bssid, 6) != 0)
 		return (0);
 -#ifdef HAVE_PCRE2
 -	if (is_filtered_essid(n->n_ssid))
 -	{
 -		return (0);
 -	}
 -#elif defined HAVE_PCRE
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 	if (is_filtered_essid(n->n_ssid))
 	{
 		return (0);
@@ -3338,6 +3308,7 @@ int main(int argc, char * argv[])
 	int ch, temp;
 #ifdef HAVE_PCRE2
 	int pcreerror;
 +	PCRE2_UCHAR pcreerrorbuf[256];
 	PCRE2_SIZE pcreerroffset;
 #elif defined HAVE_PCRE
 	const char * pcreerror;
@@ -3393,7 +3364,7 @@ int main(int argc, char * argv[])
 				break;
 			case 'R':
 -#ifdef HAVE_PCRE2
 +#if defined HAVE_PCRE2 || defined HAVE_PCRE
 				if (_conf.cf_essid_regex != NULL)
 				{
 					printf("Error: ESSID regular expression already given. "
@@ -3401,43 +3372,18 @@ int main(int argc, char * argv[])
 					exit(EXIT_FAILURE);
 				}
 -				_conf.cf_essid_regex = pcre2_compile((PCRE2_SPTR) optarg,
 -													 PCRE2_ZERO_TERMINATED,
 -													 0,
 -													 &pcreerror,
 -													 &pcreerroffset,
 -													 NULL);
 +				_conf.cf_essid_regex
 +					= COMPAT_PCRE_COMPILE(optarg, &pcreerror, &pcreerroffset);
 				if (_conf.cf_essid_regex == NULL)
 				{
 -					PCRE2_UCHAR pcreerrbuffer[256];
 +#ifdef HAVE_PCRE2
 					pcre2_get_error_message(
 -						pcreerror, pcreerrbuffer, sizeof(pcreerrbuffer));
 -
 -					printf("Error: regular expression compilation failed at "
 -						   "offset %lu: %s; aborting\n",
 -						   pcreerroffset,
 -						   pcreerrbuffer);
 -					exit(EXIT_FAILURE);
 -				}
 -				break;
 +						pcreerror, pcreerrorbuf, sizeof(pcreerrorbuf));
 +					COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerrorbuf);
 #elif defined HAVE_PCRE
 -				if (_conf.cf_essid_regex != NULL)
 -				{
 -					printf("Error: ESSID regular expression already given. "
 -						   "Aborting\n");
 -					exit(EXIT_FAILURE);
 -				}
 -
 -				_conf.cf_essid_regex
 -					= pcre_compile(optarg, 0, &pcreerror, &pcreerroffset, NULL);
 -
 -				if (_conf.cf_essid_regex == NULL)
 -				{
 -					printf("Error: regular expression compilation failed at "
 -						   "offset %d: %s; aborting\n",
 -						   pcreerroffset,
 -						   pcreerror);
 +					COMPAT_PCRE_PRINT_ERROR(pcreerroffset, pcreerror);
 +#endif
 					exit(EXIT_FAILURE);
 				}
 				break;
--- a/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch
+++ b/net/aircrack-ng/patches/101-02-src-makefile-add-PCRE2_CFLAGS-to-airodump-and-bessid.patch
@ -0,0 +1,29 @@
 From 8c6a4f171b7d97a294590fab9dc2069b149b9b36 Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Mon, 23 Jan 2023 10:42:39 +0100
 Subject: [PATCH 2/6] src/makefile: add PCRE2_CFLAGS to airodump and besside
 ---
 src/Makefile.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 --- a/src/Makefile.inc
 +++ b/src/Makefile.inc
@@ -128,7 +128,7 @@ aireplay_ng_CFLAGS	= $(COMMON_CFLAGS) $(
 aireplay_ng_LDADD		= $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 airodump_ng_SOURCES		= $(SRC_ADU) $(SRC_DWRITE)
 -airodump_ng_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS)
 +airodump_ng_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) $(LIBNL_CFLAGS)
 airodump_ng_CPPFLAGS	= $(AM_CPPFLAGS) -I$(abs_srcdir)/src/airodump-ng
 airodump_ng_LDADD			= $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBAIRCRACK_CE_WEP_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
@@ -163,7 +163,7 @@ buddy_ng_CPPFLAGS	= $(AM_CPPFLAGS) -I$(a
 buddy_ng_LDADD		= $(COMMON_LDADD) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 besside_ng_SOURCES	= $(SRC_BS)
 -besside_ng_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(LIBNL_CFLAGS)
 +besside_ng_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) $(LIBNL_CFLAGS)
 besside_ng_LDADD		= $(COMMON_LDADD) $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(LIBACCRYPTO_LIBS) $(LIBPTW_LIBS) $(AIRPCAP_LIBS) $(LIBAIRCRACK_LIBS) $(CRYPTO_LIBS)
 besside_ng_crawler_SOURCES	= $(SRC_BC)
--- a/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch
+++ b/net/aircrack-ng/patches/101-03-lib-makefile-add-PCRE2-to-libaccrypto-and-libaircrac.patch
@ -0,0 +1,37 @@
 From 0be8f0d7d8e4a09ea5687bcec6690876b4161a0e Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Mon, 23 Jan 2023 10:46:26 +0100
 Subject: [PATCH 3/6] lib/makefile: add PCRE2 to libaccrypto and libaircrack
 ---
 lib/Makefile.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 --- a/lib/Makefile.inc
 +++ b/lib/Makefile.inc
@@ -65,8 +65,8 @@ SRC_CRYPTO	+=	%D%/crypto/sha1-git.c
 endif
 libaccrypto_la_SOURCES	= $(SRC_CRYPTO)
 -libaccrypto_la_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS)
 -libaccrypto_la_LIBADD		= $(PCRE_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS)
 +libaccrypto_la_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS)
 +libaccrypto_la_LIBADD		= $(PCRE_LIBS) $(PCRE2_LIBS) $(LIBAIRCRACK_OSDEP_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS)
 libcowpatty_la_SOURCES = $(SRC_COW)
 libcowpatty_la_CFLAGS = $(COMMON_CFLAGS) $(LIBCOW_CFLAGS)
@@ -121,12 +121,12 @@ SRC_LIBAC += %D%/libac/support/strlcpy.c
 endif
 libaircrack_la_SOURCES	= $(SRC_LIBAC) $(TRAMPOLINE) $(CPUSET)
 -libaircrack_la_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) \
 +libaircrack_la_CFLAGS		= $(COMMON_CFLAGS) $(PCRE_CFLAGS) $(PCRE2_CFLAGS) \
 													"-DLIBAIRCRACK_CE_WPA_PATH=\"$(LIBAIRCRACK_CE_WPA_PATH)\"" \
 													"-DABS_TOP_SRCDIR=\"$(abs_top_srcdir)\"" \
 													"-DABS_TOP_BUILDDIR=\"$(abs_top_builddir)\"" \
 													"-DLIBDIR=\"$(libdir)\""
 -libaircrack_la_LIBADD		= $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(PCRE_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS)
 +libaircrack_la_LIBADD		= $(COMMON_LDADD) $(LIBAIRCRACK_OSDEP_LIBS) $(PCRE_LIBS) $(PCRE2_LIBS) $(CRYPTO_LDFLAGS) $(CRYPTO_LIBS)
 if CYGWIN
 libaircrack_la_LIBADD += -lshlwapi
--- a/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch
+++ b/net/aircrack-ng/patches/102-autotools-indicate-if-PCRE-or-PCRE2-is-being-used.patch
@ -0,0 +1,132 @@
 From b381ef3f6b6cc83a4aa016f4c0aebb58fcffcf3f Mon Sep 17 00:00:00 2001
 From: Andras Gemes <andrasgemes@outlook.com>
 Date: Mon, 23 Jan 2023 16:58:38 +0100
 Subject: [PATCH] autotools: indicate if PCRE or PCRE2 is being used
 ---
 build/m4/aircrack_ng_pcre.m4  | 28 ++++++++++++++--
 build/m4/aircrack_ng_pcre2.m4 | 61 -----------------------------------
 configure.ac                  |  3 +-
 3 files changed, 26 insertions(+), 66 deletions(-)
 delete mode 100644 build/m4/aircrack_ng_pcre2.m4
 --- a/build/m4/aircrack_ng_pcre.m4
 +++ b/build/m4/aircrack_ng_pcre.m4
@@ -55,7 +55,29 @@ else
 	PKG_CHECK_MODULES(PCRE, libpcre, HAVE_PCRE=yes, HAVE_PCRE=no)
 fi
 -AS_IF([test "x$HAVE_PCRE" = "xyes"], [
 +AC_ARG_ENABLE(static-pcre2,
 +    AS_HELP_STRING([--enable-static-pcre2],
 +		[Enable statically linked PCRE2 libpcre2-8.]),
 +    [static_pcre2=$enableval], [static_pcre2=no])
 +
 +if test "x$static_pcre2" != "xno"; then
 +	AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT])
 +	AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version)
 +	if test "x$PCRE2_FOUND" = xyes; then
 +		HAVE_PCRE2=yes
 +	else
 +		HAVE_PCRE2=no
 +	fi
 +else
 +	PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no)
 +fi
 +
 +if test "x$HAVE_PCRE" = "xyes" && test "x$HAVE_PCRE2" = "xyes"; then
 +    AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system])
 +    PCRE2_NOTE="(Pcre and Pcre2 found, using Pcre2)"
 +elif test "x$HAVE_PCRE" = "xyes"; then
     AC_DEFINE([HAVE_PCRE], [1], [Define this if you have libpcre on your system])
 -])
 -])
 +elif test "x$HAVE_PCRE2" = "xyes"; then
 +    AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system])
 +fi
 +])
 \ No newline at end of file
 --- a/build/m4/aircrack_ng_pcre2.m4
 +++ /dev/null
@@ -1,61 +0,0 @@
 -dnl Aircrack-ng
 -dnl
 -dnl Copyright (C) 2023 Andras Gemes <andrasgemes@outlook.com>
 -dnl
 -dnl Autotool support was written by: Joseph Benden <joe@benden.us>
 -dnl
 -dnl This program is free software; you can redistribute it and/or modify
 -dnl it under the terms of the GNU General Public License as published by
 -dnl the Free Software Foundation; either version 2 of the License, or
 -dnl (at your option) any later version.
 -dnl
 -dnl This program is distributed in the hope that it will be useful,
 -dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
 -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 -dnl GNU General Public License for more details.
 -dnl
 -dnl You should have received a copy of the GNU General Public License
 -dnl along with this program; if not, write to the Free Software
 -dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 -dnl
 -dnl In addition, as a special exception, the copyright holders give
 -dnl permission to link the code of portions of this program with the
 -dnl OpenSSL library under certain conditions as described in each
 -dnl individual source file, and distribute linked combinations
 -dnl including the two.
 -dnl
 -dnl You must obey the GNU General Public License in all respects
 -dnl for all of the code used other than OpenSSL.
 -dnl
 -dnl If you modify file(s) with this exception, you may extend this
 -dnl exception to your dnl version of the file(s), but you are not obligated
 -dnl to do so.
 -dnl
 -dnl If you dnl do not wish to do so, delete this exception statement from your
 -dnl version.
 -dnl
 -dnl If you delete this exception statement from all source files in the
 -dnl program, then also delete it here.
 -
 -AC_DEFUN([AIRCRACK_NG_PCRE2], [
 -AC_ARG_ENABLE(static-pcre2,
 -    AS_HELP_STRING([--enable-static-pcre2],
 -		[Enable statically linked PCRE2 libpcre2-8.]),
 -    [static_pcre2=$enableval], [static_pcre2=no])
 -
 -if test "x$static_pcre2" != "xno"; then
 -	AC_REQUIRE([AX_EXT_HAVE_STATIC_LIB_DETECT])
 -	AX_EXT_HAVE_STATIC_LIB(PCRE2, ${DEFAULT_STATIC_LIB_SEARCH_PATHS}, pcre2 libpcre2-8, pcre2_version)
 -	if test "x$PCRE2_FOUND" = xyes; then
 -		HAVE_PCRE2=yes
 -	else
 -		HAVE_PCRE2=no
 -	fi
 -else
 -	PKG_CHECK_MODULES(PCRE2, libpcre2-8, HAVE_PCRE2=yes, HAVE_PCRE2=no)
 -fi
 -
 -AS_IF([test "x$HAVE_PCRE2" = "xyes"], [
 -    AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system])
 -])
 -])
 \ No newline at end of file
 --- a/configure.ac
 +++ b/configure.ac
@@ -144,7 +144,6 @@ AIRCRACK_NG_EXT_SCRIPTS
 AIRCRACK_NG_HWLOC
 AIRCRACK_NG_PCAP
 AIRCRACK_NG_PCRE
 -AIRCRACK_NG_PCRE2
 AIRCRACK_NG_RFKILL
 AIRCRACK_NG_SQLITE
 AIRCRACK_NG_ZLIB
@@ -321,7 +320,7 @@ ${PACKAGE} ${VERSION}
     Jemalloc:                    ${JEMALLOC}
     Pcap:                        ${PCAP_FOUND}
     Pcre:                        ${HAVE_PCRE}
 -    Pcre2:                       ${HAVE_PCRE2}
 +    Pcre2:                       ${HAVE_PCRE2} ${PCRE2_NOTE}
     Sqlite:                      ${HAVE_SQLITE3}
     Tcmalloc:                    ${TCMALLOC}
     Zlib:                        ${HAVE_ZLIB}
--- a/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch
+++ b/net/aircrack-ng/patches/103-autotools-reset-PCRE-CFLAGS-LIBS-with-both-PCRE-and-.patch
@ -0,0 +1,39 @@
 From b8d0b8cb6caa6940443b3e6ca32efc78d0c9d00e Mon Sep 17 00:00:00 2001
 From: Christian Marangi <ansuelsmth@gmail.com>
 Date: Sun, 1 Oct 2023 00:32:16 +0200
 Subject: [PATCH] autotools: reset PCRE CFLAGS/LIBS with both PCRE and PCRE2
 present
 Commit b381ef3f6b6c ("autotools: indicate if PCRE or PCRE2 is being
 used") fixed a case where both pcre and pcre2 library are detected and
 put a preference on using pcre2.
 Although the commit fix this corner case, there is still a latent
 problem with trying to link/include both library. This is caused by the
 fact that in the Makefile.inc for src and lib, we include both
 PCRE_CFLAGS and PCRE2_CFLAGS and PCRE_LIBS and PCRE2_LIBS for each
 tool/lib.
 To handle this and not bloat the Makefile with additional condition,
 simply reset the PCRE_CFLAGS and PCRE_LIBS in case where we detect both
 library and we prefer to use pcre2.
 Fixes: b381ef3f6b6c ("autotools: indicate if PCRE or PCRE2 is being used")
 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 ---
 build/m4/aircrack_ng_pcre.m4 | 4 ++++
 1 file changed, 4 insertions(+)
 --- a/build/m4/aircrack_ng_pcre.m4
 +++ b/build/m4/aircrack_ng_pcre.m4
@@ -75,6 +75,10 @@ fi
 if test "x$HAVE_PCRE" = "xyes" && test "x$HAVE_PCRE2" = "xyes"; then
     AC_DEFINE([HAVE_PCRE2], [1], [Define this if you have libpcre2-8 on your system])
     PCRE2_NOTE="(Pcre and Pcre2 found, using Pcre2)"
 +    # Reset PCRE cflags and libs variables as we include both PCRE and PCRE2 in Makefile.inc
 +    # and would result in trying to link/include both library.
 +    PCRE_CFLAGS=""
 +    PCRE_LIBS=""
 elif test "x$HAVE_PCRE" = "xyes"; then
     AC_DEFINE([HAVE_PCRE], [1], [Define this if you have libpcre on your system])
 elif test "x$HAVE_PCRE2" = "xyes"; then
--- a/net/atftp/Makefile
+++ b/net/atftp/Makefile
@ -7,12 +7,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=atftp
-PKG_VERSION:=0.7.5
+PKG_VERSION:=0.8.0
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=93c87a4fb18218414e008e01c995dadd231ba4c752d0f894b34416d1e6d3038a
+PKG_HASH:=df2aa089c7670f9eab40e5598e5d2cb6a582dc5182926ea50b4d690e4e37f316
 PKG_MAINTAINER:=Daniel Danzberger <daniel@dd-wrt.com>
 PKG_LICENSE:=GPL-2.0-or-later
@ -21,6 +21,8 @@ PKG_LICENSE_FILES:=LICENSE
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf
 include $(INCLUDE_DIR)/package.mk
 define Package/atftp/Default
@ -38,7 +40,7 @@ endef
 define Package/atftpd
  $(call Package/atftp/Default)
-  DEPENDS:=+libpcre +libpthread
+  DEPENDS:=+libpcre2 +libpthread
  TITLE+= server
 endef
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=banip
-PKG_VERSION:=0.9.0
+PKG_VERSION:=0.9.1
 PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@ -162,9 +162,8 @@ Available commands:
 | ban_dev                 | list   | - / autodetect                | wan device(s), e.g. 'eth2'                                                                                   |
 | ban_vlanallow           | list   | -                             | always allow certain VLAN forwards, e.g. br-lan.20                                                           |
 | ban_vlanblock           | list   | -                             | always block certain VLAN forwards, e.g. br-lan.10                                                           |
-| ban_trigger             | list   | -                             | logical startup trigger interface(s), e.g. 'wan'                                                             |
+| ban_trigger             | list   | -                             | logical reload trigger interface(s), e.g. 'wan'                                                              |
-| ban_triggerdelay        | option | 10                            | trigger timeout before banIP processing begins                                                               |
+| ban_triggerdelay        | option | 10                            | trigger timeout during interface reload and boot                                                             |
 | ban_triggeraction       | option | start                         | trigger action on ifup events, e.g. start, restart or reload                                                 |
 | ban_deduplicate         | option | 1                             | deduplicate IP addresses across all active Sets                                                              |
 | ban_splitsize           | option | 0                             | split ext. Sets after every n lines/members (saves RAM)                                                      |
 | ban_cores               | option | - / autodetect                | limit the cpu cores used by banIP (saves RAM)                                                                |
@ -176,6 +175,7 @@ Available commands:
 | ban_asn                 | list   | -                             | ASNs for the 'asn' feed, e.g.'32934'                                                                         |
 | ban_country             | list   | -                             | country iso codes for the 'country' feed, e.g. 'ru'                                                          |
 | ban_blockpolicy         | option | -                             | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan'                |
 | ban_blocktype           | option | drop                          | 'drop' packets silently on input and forwardwan chains or actively 'reject' the traffic                      |
 | ban_blockinput          | list   | -                             | limit a feed to the wan-input chain, e.g. 'country'                                                          |
 | ban_blockforwardwan     | list   | -                             | limit a feed to the wan-forward chain, e.g. 'debl'                                                           |
 | ban_blockforwardlan     | list   | -                             | limit a feed to the lan-forward chain, e.g. 'doh'                                                            |
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -65,6 +65,7 @@ ban_splitsize="0"
 ban_autodetect="1"
 ban_feed=""
 ban_blockpolicy=""
 ban_blocktype="drop"
 ban_blockinput=""
 ban_blockforwardwan=""
 ban_blockforwardlan=""
@ -86,7 +87,6 @@ ban_cores=""
 ban_memory=""
 ban_packages=""
 ban_trigger=""
 ban_triggerdelay="10"
 ban_resolver=""
 ban_enabled="0"
 ban_debug="0"
@ -283,8 +283,6 @@ f_conf() {
 		}
 	}
 	config_load banip
 	[ "${ban_action}" = "boot" ] && [ -z "${ban_trigger}" ] && sleep ${ban_triggerdelay}
 }
 # get nft/monitor actuals
@ -421,15 +419,10 @@ f_getdev() {
 			network_flush_cache
 			for iface in ${ban_ifv4} ${ban_ifv6}; do
 				network_get_device dev "${iface}"
-				if [ -n "${dev}" ]; then
+				if [ -n "${dev}" ] && ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then
-					if printf "%s" "${dev}" | "${ban_grepcmd}" -qE "pppoe|6in4"; then
+					ban_dev="${ban_dev}${dev} "
-						dev="${iface}"
+					uci_add_list banip global ban_dev "${dev}"
-					fi
+					f_log "info" "add device '${dev}' to config"
 					if ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then
 						ban_dev="${ban_dev}${dev} "
 						uci_add_list banip global ban_dev "${dev}"
 						f_log "info" "add device '${dev}' to config"
 					fi
 				fi
 			done
 			cnt="$((cnt + 1))"
@ -495,13 +488,15 @@ f_getuplink() {
 f_getfeed() {
 	json_init
 	if [ -s "${ban_customfeedfile}" ]; then
-		if ! json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then
+		if json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then
 			return
 		else
 			f_log "info" "can't load banIP custom feed file"
 			if ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then
 				f_log "err" "can't load banIP feed file"
 			fi
 		fi
-	elif ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then
+	fi
 	if [ -s "${ban_feedfile}" ] && json_load_file "${ban_feedfile}" >/dev/null 2>&1; then
 		return
 	else
 		f_log "err" "can't load banIP feed file"
 	fi
 }
@ -526,9 +521,9 @@ f_etag() {
 		etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^[[:space:]]*etag: /{gsub("\"","");printf "%s",$2}')"
 		etag_rc="${?}"
-		if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then
+		if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then
 			out_rc="0"
-		elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; then
+		elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${ban_backupdir}/banIP.etag"; then
 			"${ban_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${ban_backupdir}/banIP.etag"
 			printf "%-20s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag"
 			out_rc="2"
@ -559,6 +554,12 @@ f_nftinit() {
 		printf "%s\n" "add chain inet banIP wan-input { type filter hook input priority ${ban_nftpriority}; policy accept; }"
 		printf "%s\n" "add chain inet banIP wan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }"
 		printf "%s\n" "add chain inet banIP lan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }"
 		printf "%s\n" "add chain inet banIP reject-chain"
 		# default reject rules
 		#
 		printf "%s\n" "add rule inet banIP reject-chain meta l4proto tcp reject with tcp reset"
 		printf "%s\n" "add rule inet banIP reject-chain reject"
 		# default wan-input rules
 		#
@ -581,7 +582,7 @@ f_nftinit() {
 		printf "%s\n" "add rule inet banIP lan-forward ct state established,related counter accept"
 		printf "%s\n" "add rule inet banIP lan-forward oifname != { ${wan_dev} } counter accept"
 		[ -n "${vlan_allow}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_allow} } counter accept"
-		[ -n "${vlan_block}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_block} } counter reject"
+		[ -n "${vlan_block}" ] && printf "%s\n" "add rule inet banIP lan-forward iifname { ${vlan_block} } counter goto reject-chain"
 	} >"${file}"
 	# load initial banIP table within nft (atomic load)
@ -609,9 +610,9 @@ f_down() {
 	tmp_nft="${ban_tmpfile}.${feed}.nft"
 	tmp_allow="${ban_tmpfile}.${feed%v*}"
-	[ "${ban_loginput}" = "1" ] && log_input="log level ${ban_nftloglevel} prefix \"banIP/inp-wan/drp/${feed}: \""
+	[ "${ban_loginput}" = "1" ] && log_input="log level ${ban_nftloglevel} prefix \"banIP/inp-wan/${ban_blocktype}/${feed}: \""
-	[ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/drp/${feed}: \""
+	[ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/${ban_blocktype}/${feed}: \""
-	[ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/rej/${feed}: \""
+	[ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/reject/${feed}: \""
 	# set feed block direction
 	#
@ -724,21 +725,29 @@ f_down() {
 				printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }"
 				if [ -z "${feed_direction##*input*}" ]; then
 					if [ "${ban_allowlistonly}" = "1" ]; then
-						printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop"
+						if [ "${ban_blocktype}" = "reject" ]; then
 							printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter goto reject-chain"
 						else
 							printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop"
 						fi
 					else
 						printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} counter accept"
 					fi
 				fi
 				if [ -z "${feed_direction##*forwardwan*}" ]; then
 					if [ "${ban_allowlistonly}" = "1" ]; then
-						printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop"
+						if [ "${ban_blocktype}" = "reject" ]; then
 							printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter goto reject-chain"
 						else
 							printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop"
 						fi
 					else
 						printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} counter accept"
 					fi
 				fi
 				if [ -z "${feed_direction##*forwardlan*}" ]; then
 					if [ "${ban_allowlistonly}" = "1" ]; then
-						printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited"
+						printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter goto reject-chain"
 					else
 						printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} counter accept"
 					fi
@ -749,21 +758,29 @@ f_down() {
 				printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }"
 				if [ -z "${feed_direction##*input*}" ]; then
 					if [ "${ban_allowlistonly}" = "1" ]; then
-						printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop"
+						if [ "${ban_blocktype}" = "reject" ]; then
 							printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter goto reject-chain"
 						else
 							printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop"
 						fi
 					else
 						printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} counter accept"
 					fi
 				fi
 				if [ -z "${feed_direction##*forwardwan*}" ]; then
 					if [ "${ban_allowlistonly}" = "1" ]; then
-						printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop"
+						if [ "${ban_blocktype}" = "reject" ]; then
 							printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter goto reject-chain"
 						else
 							printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop"
 						fi
 					else
 						printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} counter accept"
 					fi
 				fi
 				if [ -z "${feed_direction##*forwardlan*}" ]; then
 					if [ "${ban_allowlistonly}" = "1" ]; then
-						printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
+						printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter goto reject-chain"
 					else
 						printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} counter accept"
 					fi
@ -778,11 +795,11 @@ f_down() {
 			if [ "${proto}" = "4MAC" ]; then
 				"${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="0.0.0.0/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}"
 				printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv4_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }"
-				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter reject"
+				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip saddr @${feed} counter goto reject-chain"
 			elif [ "${proto}" = "6MAC" ]; then
 				"${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}(\/([0-9]|[1-3][0-9]|4[0-8]))?([[:space:]]+([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?[[:space:]]*$|[[:space:]]+$|$)/{if(!$2)$2="::/0";if(!seen[$1]++)printf "%s . %s, ",tolower($1),$2}' "${ban_blocklist}" >"${tmp_file}"
 				printf "%s\n" "add set inet banIP ${feed} { type ether_addr . ipv6_addr; flags interval; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }"
-				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter reject"
+				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr . ip6 saddr @${feed} counter goto reject-chain"
 			elif [ "${proto}" = "4" ]; then
 				if [ "${ban_deduplicate}" = "1" ]; then
 					"${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]].*|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_raw}"
@ -794,9 +811,14 @@ f_down() {
 				fi
 				"${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}"
 				printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }"
-				[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop"
+				if [ "${ban_blocktype}" = "reject" ]; then
-				[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop"
+					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter goto reject-chain"
-				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited"
+					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter goto reject-chain"
 				else
 					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop"
 					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop"
 				fi
 				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter goto reject-chain"
 			elif [ "${proto}" = "6" ]; then
 				if [ "${ban_deduplicate}" = "1" ]; then
 					"${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}.*/{printf "%s\n",$1}' "${ban_blocklist}" |
@ -810,9 +832,14 @@ f_down() {
 				fi
 				"${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}"
 				printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval, timeout; auto-merge; policy ${ban_nftpolicy}; $(f_getelements "${tmp_file}") }"
-				[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop"
+				if [ "${ban_blocktype}" = "reject" ]; then
-				[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop"
+					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter goto reject-chain"
-				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
+					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter goto reject-chain"
 				else
 					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop"
 					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop"
 				fi
 				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain"
 			fi
 		} >"${tmp_nft}"
 		feed_rc="0"
@ -907,9 +934,14 @@ f_down() {
 				# input and forward rules
 				#
-				[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop"
+				if [ "${ban_blocktype}" = "reject" ]; then
-				[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop"
+					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter goto reject-chain"
-				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited"
+					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter goto reject-chain"
 				else
 					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop"
 					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop"
 				fi
 				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter goto reject-chain"
 			} >"${tmp_nft}"
 		elif [ "${feed_rc}" = "0" ] && [ "${proto}" = "6" ]; then
 			{
@ -921,9 +953,14 @@ f_down() {
 				# input and forward rules
 				#
-				[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop"
+				if [ "${ban_blocktype}" = "reject" ]; then
-				[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop"
+					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter goto reject-chain"
-				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
+					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter goto reject-chain"
 				else
 					[ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop"
 					[ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop"
 				fi
 				[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter goto reject-chain"
 			} >"${tmp_nft}"
 		fi
 	fi
@ -1035,18 +1072,18 @@ f_rmset() {
 # generate status information
 #
 f_genstatus() {
-	local object duration item table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}"
+	local object end_time duration table_sets cnt_elements="0" custom_feed="0" split="0" status="${1}"
 	[ -z "${ban_dev}" ] && f_conf
 	if [ "${status}" = "active" ]; then
-		if [ -n "${ban_starttime}" ]; then
+		if [ -n "${ban_starttime}" ] && [ "${ban_action}" != "boot" ]; then
-			ban_endtime="$(date "+%s")"
+			end_time="$(date "+%s")"
-			duration="$(((ban_endtime - ban_starttime) / 60))m $(((ban_endtime - ban_starttime) % 60))s"
+			duration="$(((end_time - ban_starttime) / 60))m $(((end_time - ban_starttime) % 60))s"
 		fi
 		table_sets="$("${ban_nftcmd}" -tj list ruleset 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[@.set.table="banIP"].set.name')"
 		if [ "${ban_reportelements}" = "1" ]; then
-			for item in ${table_sets}; do
+			for object in ${table_sets}; do
-				cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${item}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))"
+				cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${object}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))"
 			done
 		fi
 		runtime="action: ${ban_action:-"-"}, fetch: ${ban_fetchcmd##*/}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")"
@ -1437,13 +1474,11 @@ f_monitor() {
 	local nft_expiry line proto ip log_raw log_count rdap_log rdap_rc rdap_elements rdap_info
 	if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
 		f_log "info" "start detached banIP log service"
 		[ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")"
 		"${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
 			while read -r line; do
-				: >"{ban_rdapfile}"
+				: >"${ban_rdapfile}"
 				proto=""
 				ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')"
 				ip="$(f_trim "${ip}")"
@ -1455,7 +1490,7 @@ f_monitor() {
 					ip="${ip##* }"
 					[ -n "${ip}" ] && proto="v6"
 				fi
-				if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then
+				if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1 && ! "${ban_grepcmd}" -q "^${ip}" "${ban_allowlist}"; then
 					f_log "info" "suspicious IP '${ip}'"
 					log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
 					log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")"
--- a/net/banip/files/banip-service.sh
+++ b/net/banip/files/banip-service.sh
@ -13,6 +13,7 @@ ban_funlib="/usr/lib/banip-functions.sh"
 # load config and set banIP environment
 #
 [ "${ban_action}" = "boot" ] && sleep "$(uci_get banip global ban_triggerdelay "10")"
 f_conf
 f_log "info" "start banIP processing (${ban_action})"
 f_log "debug" "f_system    ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}"
@ -56,7 +57,11 @@ fi
 # handle downloads
 #
 f_log "info" "start banIP download processes"
-[ "${ban_allowlistonly}" = "1" ] && ban_feed="" || f_getfeed
+if [ "${ban_allowlistonly}" = "1" ]; then
 	ban_feed=""
 else
 	f_getfeed
 fi
 [ "${ban_deduplicate}" = "1" ] && printf "\n" >"${ban_tmpfile}.deduplicate"
 cnt="1"
@ -146,7 +151,7 @@ wait
 #
 if [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ]; then
 	(
-		sleep ${ban_triggerdelay}
+		sleep 5
 		f_mail
 	) &
 fi
--- a/net/banip/files/banip.init
+++ b/net/banip/files/banip.init
@ -6,7 +6,7 @@
 # (s)hellcheck exceptions
 # shellcheck disable=all
-START=30
+START=95
 USE_PROCD=1
 extra_command "report" "[text|json|mail] Print banIP related Set statistics"
@ -22,8 +22,8 @@ ban_lock="/var/run/banip.lock"
 [ "${action}" = "boot" ] && "${ban_init}" running && exit 0
 { [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "survey" ] || [ "${action}" = "lookup" ]; } && ! "${ban_init}" running && exit 0
-[ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1
+[ -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1
-[ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}"
+[ ! -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}"
 boot() {
 	: >"${ban_pidfile}"
@ -32,7 +32,6 @@ boot() {
 start_service() {
 	if "${ban_init}" enabled; then
 		[ "${action}" = "boot" ] && [ -n "$(uci_get banip global ban_trigger)" ] && return 0
 		[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 		f_rmpid
 		procd_open_instance "banip-service"
@ -108,15 +107,16 @@ lookup() {
 }
 service_triggers() {
-	local iface trigger trigger_action delay
+	local iface trigger delay
 	trigger="$(uci_get banip global ban_trigger)"
 	trigger_action="$(uci_get banip global ban_triggeraction "start")"
 	delay="$(uci_get banip global ban_triggerdelay "10")"
-	PROCD_RELOAD_DELAY=$((delay * 1000))
+	trigger="$(uci_get banip global ban_trigger)"
 	PROCD_RELOAD_DELAY="$((delay * 1000))"
 	for iface in ${trigger}; do
-		procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "${trigger_action}"
+		procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" reload
 	done
 	PROCD_RELOAD_DELAY="$((2 * 1000))"
 	procd_add_reload_trigger "banip"
 }
--- a/net/banip/files/banip.tpl
+++ b/net/banip/files/banip.tpl
@ -6,9 +6,9 @@
 #
 local banip_info report_info log_info system_info mail_text
-banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
+banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
 report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)"
-log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=140;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
+log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
 system_info="$(
 	strings /etc/banner 2>/dev/null
 	ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf "  + %-12s: %s\n",$2,$4}'
--- a/net/irssi/Makefile
+++ b/net/irssi/Makefile
@ -8,23 +8,22 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=irssi
-PKG_VERSION:=1.2.3
+PKG_VERSION:=1.4.5
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/irssi/irssi/releases/download/$(PKG_VERSION)/
-PKG_HASH:=a647bfefed14d2221fa77b6edac594934dc672c4a560417b1abcbbc6b88d769f
+PKG_HASH:=72a951cb0ad622785a8962801f005a3a412736c7e7e3ce152f176287c52fe062
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:irssi:irssi
 PKG_FIXUP:=autoreconf
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/nls.mk
 include $(INCLUDE_DIR)/meson.mk
 define Package/irssi
  SUBMENU:=Instant Messaging
@ -42,12 +41,12 @@ endef
 TARGET_LDFLAGS += -Wl,--gc-sections
-CONFIGURE_ARGS += \
+MESON_ARGS += \
-	--disable-glibtest \
+	-Dwithout-textui=no \
-	--with-textui \
+	-Dwith-bot=no \
-	--without-bot \
+	-Dwith-otr=no \
-	--without-perl \
+	-Dwith-perl=no \
-	--without-proxy
+	-Dwith-proxy=no \
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/irssi
--- a/net/irssi/patches/010-Fix-finding-OpenSSL-when-1.1-with-deprecated-APIs-di.patch
+++ b/net/irssi/patches/010-Fix-finding-OpenSSL-when-1.1-with-deprecated-APIs-di.patch
@ -1,22 +0,0 @@
 From cff1385b398b59c74c535d6c0cd9deec561101fd Mon Sep 17 00:00:00 2001
 From: Rosen Penev <rosenp@gmail.com>
 Date: Fri, 15 Feb 2019 15:02:34 -0800
 Subject: [PATCH] Fix finding OpenSSL when 1.1 with deprecated APIs disabled
 SSL_library_init is a deprecated function. OPENSSL_init_ssl is not in 1.0.2.
 SSL_CTX_new is in both.
 ---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- a/configure.ac
 +++ b/configure.ac
@@ -328,7 +328,7 @@ PKG_CHECK_MODULES([OPENSSL], [openssl],
 	CFLAGS="$CFLAGS $OPENSSL_CFLAGS"
 	LIBS="$LIBS $OPENSSL_LIBS"
 ], [
 -	AC_CHECK_LIB([ssl], [SSL_library_init], [
 +	AC_CHECK_LIB([ssl], [SSL_CTX_new], [
 		LIBS="$LIBS -lssl -lcrypto"
 	], [
 		AC_MSG_ERROR([The OpenSSL library was not found])
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=net-snmp
 PKG_VERSION:=5.9.1
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/net-snmp
@ -41,7 +41,7 @@ define Package/libnetsnmp
 $(call Package/net-snmp/Default)
  SECTION:=libs
  CATEGORY:=Libraries
-  DEPENDS:=+libnl-tiny +libpci +libpcre
+  DEPENDS:=+libnl-tiny +libpci +libpcre2
  TITLE:=Open source SNMP implementation (libraries)
 endef
@ -208,6 +208,7 @@ CONFIGURE_ARGS += \
 	--without-mysql \
 	--without-rpm \
 	--without-zlib \
 	--with-pcre2-8 \
 	--with-nl \
 	 $(call autoconf_bool,CONFIG_IPV6,ipv6) \
 	--disable-perl-cc-checks \
--- a/net/net-snmp/patches/200-add-pcre2-support.patch
+++ b/net/net-snmp/patches/200-add-pcre2-support.patch
@ -0,0 +1,407 @@
 From d3e95c87b32397815f6d5bcfc844259f2552697a Mon Sep 17 00:00:00 2001
 From: gagan sidhu <gagan@hotmail.com>
 Date: Sun, 21 May 2023 15:47:36 -0600
 Subject: [PATCH] add pcre2 support
 ---
 agent/mibgroup/host/data_access/swrun.c       | 29 ++++++++++--
 agent/mibgroup/if-mib/data_access/interface.c | 47 ++++++++++++++++---
 agent/mibgroup/struct.h                       |  2 +-
 agent/mibgroup/ucd-snmp/proc.c                | 32 +++++++++----
 agent/mibgroup/ucd-snmp/proc.h                |  2 +-
 configure.d/config_os_libs1                   | 27 +++++++++++
 configure.d/config_project_with_enable        |  4 ++
 include/net-snmp/data_access/interface.h      |  9 +++-
 include/net-snmp/data_access/swrun.h          |  2 +-
 include/net-snmp/types.h                      |  2 +-
 10 files changed, 132 insertions(+), 24 deletions(-)
 --- a/agent/mibgroup/host/data_access/swrun.c
 +++ b/agent/mibgroup/host/data_access/swrun.c
@@ -17,7 +17,10 @@
 #include "swrun.h"
 #include "swrun_private.h"
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H)
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif defined(HAVE_PCRE_H)
 #include <pcre.h>
 #endif
@@ -100,32 +103,52 @@ swrun_max_processes( void )
 #endif /* NETSNMP_FEATURE_REMOVE_SWRUN_MAX_PROCESSES */
 #ifndef NETSNMP_FEATURE_REMOVE_SWRUN_COUNT_PROCESSES_BY_REGEX
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
 int
 swrun_count_processes_by_regex( char *name, netsnmp_regex_ptr regexp )
 {
     netsnmp_swrun_entry *entry;
     netsnmp_iterator  *it;
     int i = 0;
 +#ifdef HAVE_PCRE2_H
 +    pcre2_match_data *ndx_match;
 +    int *found_ndx;
 +    ndx_match = pcre2_match_data_create(30, NULL);
 +    found_ndx = pcre2_get_ovector_pointer(ndx_match);
 +#elif HAVE_PCRE_H
     int found_ndx[30];
 +#endif
     int found;
     char fullCommand[64 + 128 + 128 + 3];
     netsnmp_cache_check_and_reload(swrun_cache);
     if ( !swrun_container || !name || !regexp.regex_ptr )
 +#ifdef HAVE_PCRE2_H
 +      { 
 +        pcre2_match_data_free(ndx_match);
 +        return 0;
 +      }
 +#else 
         return 0;    /* or -1 */
 +#endif
     it = CONTAINER_ITERATOR( swrun_container );
     while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
         /* need to assemble full command back so regexps can get full picture */
         sprintf(fullCommand, "%s %s", entry->hrSWRunPath, entry->hrSWRunParameters);
 +#ifdef HAVE_PCRE2_H
 +        found = pcre2_match(regexp.regex_ptr, fullCommand, strlen(fullCommand), 0, 0, ndx_match, NULL);
 +#elif  HAVE_PCRE_H
         found = pcre_exec(regexp.regex_ptr, NULL, fullCommand, strlen(fullCommand), 0, 0, found_ndx, 30);
 +#endif
         if (found > 0) {
             i++;
         }
     }
     ITERATOR_RELEASE( it );
 -
 +#ifdef HAVE_PCRE2_H
 +    pcre2_match_data_free(ndx_match);
 +#endif
     return i;
 }
 #endif /* HAVE_PCRE_H */
 --- a/agent/mibgroup/if-mib/data_access/interface.c
 +++ b/agent/mibgroup/if-mib/data_access/interface.c
@@ -16,7 +16,11 @@
 #include "if-mib/ifTable/ifTable.h"
 #include "if-mib/data_access/interface.h"
 #include "interface_private.h"
 -#if HAVE_PCRE_H
 +
 +#if defined(HAVE_PCRE2_H)
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif defined(HAVE_PCRE_H)
 #include <pcre.h>
 #elif HAVE_REGEX_H
 #include <sys/types.h>
@@ -840,7 +844,13 @@ int netsnmp_access_interface_max_reached
 int netsnmp_access_interface_include(const char *name)
 {
     netsnmp_include_if_list *if_ptr;
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) 
 +    //pcre_exec->pcre2_match
 +    //ovector->pcre2_match_data
 +    pcre2_match_data *ndx_match;
 +    ndx_match = pcre2_match_data_create(3, NULL);
 +    int *found_ndx = pcre2_get_ovector_pointer(ndx_match);
 +#elif defined(HAVE_PCRE_H)
     int                      found_ndx[3];
 #endif
@@ -856,7 +866,13 @@ int netsnmp_access_interface_include(con
     for (if_ptr = include_list; if_ptr; if_ptr = if_ptr->next) {
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H)
 +        if (pcre2_match(if_ptr->regex_ptr, name, strlen(name), 0, 0, 
 +                                ndx_match, NULL) >= 0)  {
 +                pcre2_match_data_free(ndx_match);
 +                return TRUE;
 +        }
 +#elif defined(HAVE_PCRE_H)
         if (pcre_exec(if_ptr->regex_ptr, NULL, name, strlen(name), 0, 0,
                       found_ndx, 3) >= 0)
             return TRUE;
@@ -869,6 +885,9 @@ int netsnmp_access_interface_include(con
 #endif
     }
 +#if defined(HAVE_PCRE2_H)
 +    pcre2_match_data_free(ndx_match);
 +#endif
     return FALSE;
 }
@@ -980,7 +999,13 @@ _parse_include_if_config(const char *tok
 {
     netsnmp_include_if_list *if_ptr, *if_new;
     char                    *name, *st;
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H)
 +    //we can only get the message upon calling pcre2_error_message.
 +    // so an additional variable is required.
 +    int                     pcre2_err_code;
 +    unsigned char           pcre2_error[128];
 +    int                     pcre2_error_offset;
 +#elif defined(HAVE_PCRE_H)
     const char              *pcre_error;
     int                     pcre_error_offset;
 #elif HAVE_REGEX_H
@@ -1012,7 +1037,15 @@ _parse_include_if_config(const char *tok
             config_perror("Out of memory");
             goto err;
         }
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H)
 +        if_new->regex_ptr = pcre2_compile(if_new->name, PCRE2_ZERO_TERMINATED, 0,
 +                         &pcre2_err_code, &pcre2_error_offset, NULL);
 +        if (!if_new->regex_ptr) {
 +            pcre2_get_error_message(pcre2_err_code, pcre2_error, 128);
 +            config_perror(pcre2_error);
 +            goto err;
 +        }
 +#elif defined(HAVE_PCRE_H)
         if_new->regex_ptr = pcre_compile(if_new->name, 0,  &pcre_error,
                                          &pcre_error_offset, NULL);
         if (!if_new->regex_ptr) {
@@ -1048,7 +1081,7 @@ _parse_include_if_config(const char *tok
 err:
     if (if_new) {
 -#if defined(HAVE_PCRE_H) || defined(HAVE_REGEX_H)
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H) || defined(HAVE_REGEX_H)
         free(if_new->regex_ptr);
 #endif
         free(if_new->name);
@@ -1063,7 +1096,7 @@ _free_include_if_config(void)
     while (if_ptr) {
         if_next = if_ptr->next;
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
         free(if_ptr->regex_ptr);
 #elif HAVE_REGEX_H
         regfree(if_ptr->regex_ptr);
 --- a/agent/mibgroup/struct.h
 +++ b/agent/mibgroup/struct.h
@@ -30,7 +30,7 @@ struct extensible {
 struct myproc {
     char            name[STRMAX];
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
     netsnmp_regex_ptr regexp;
 #endif
     char            fixcmd[STRMAX];
 --- a/agent/mibgroup/ucd-snmp/proc.c
 +++ b/agent/mibgroup/ucd-snmp/proc.c
@@ -39,7 +39,10 @@
 #  include <time.h>
 # endif
 #endif
 -#if HAVE_PCRE_H
 +#ifdef HAVE_PCRE2_H
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif HAVE_PCRE_H
 #include <pcre.h>
 #endif
@@ -108,7 +111,7 @@ init_proc(void)
     REGISTER_MIB("ucd-snmp/proc", extensible_proc_variables, variable2,
                  proc_variables_oid);
 -#ifdef HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
 #define proc_parse_usage "process-name [max-num] [min-num] [regexp]"
 #else
 #define proc_parse_usage "process-name [max-num] [min-num]"
@@ -134,7 +137,7 @@ proc_free_config(void)
     for (ptmp = procwatch; ptmp != NULL;) {
         ptmp2 = ptmp;
         ptmp = ptmp->next;
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
         free(ptmp2->regexp.regex_ptr);
 #endif
         free(ptmp2);
@@ -208,7 +211,7 @@ proc_parse_config(const char *token, cha
     if (*procp == NULL)
         return;                 /* memory alloc error */
     numprocs++;
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
     (*procp)->regexp.regex_ptr = NULL;
 #endif
     /*
@@ -220,18 +223,31 @@ proc_parse_config(const char *token, cha
         cptr = skip_not_white(cptr);
         if ((cptr = skip_white(cptr))) {
             (*procp)->min = atoi(cptr);
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
             cptr = skip_not_white(cptr);
             if ((cptr = skip_white(cptr))) {
 +                DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr));
 +#ifdef HAVE_PCRE2_H
 +                unsigned char pcre2_error_msg[128];
 +                int pcre2_err_code;
 +                int pcre2_error_offset;
 +
 +                (*procp)->regexp.regex_ptr =
 +                    pcre2_compile(cptr, PCRE2_ZERO_TERMINATED, 0, &pcre2_err_code, &pcre2_error_offset, NULL);
 +                pcre2_get_error_message(pcre2_err_code, pcre2_error_msg, 128);
 +                if ((*procp)->regexp.regex_ptr == NULL) {
 +                    config_perror(pcre2_error_msg);
 +                }
 +#elif HAVE_PCRE_H
                 const char *pcre_error;
                 int pcre_error_offset;
 -                DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr));
                 (*procp)->regexp.regex_ptr =
                     pcre_compile(cptr, 0,  &pcre_error, &pcre_error_offset, NULL);
                 if ((*procp)->regexp.regex_ptr == NULL) {
                     config_perror(pcre_error);
                 }
 +#endif
             }
 #endif
         } else
@@ -390,7 +406,7 @@ sh_count_myprocs(struct myproc *proc)
     if (proc == NULL)
         return 0;
 -#if defined(USING_HOST_DATA_ACCESS_SWRUN_MODULE) && defined(HAVE_PCRE_H)
 +#if defined(USING_HOST_DATA_ACCESS_SWRUN_MODULE) && (defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H))
     if (proc->regexp.regex_ptr != NULL)
       return sh_count_procs_by_regex(proc->name, proc->regexp);
 #endif
@@ -406,7 +422,7 @@ sh_count_procs(char *procname)
   return swrun_count_processes_by_name( procname );
 }
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
 netsnmp_feature_require(swrun_count_processes_by_regex);
 int
 sh_count_procs_by_regex(char *procname, netsnmp_regex_ptr regexp)
 --- a/agent/mibgroup/ucd-snmp/proc.h
 +++ b/agent/mibgroup/ucd-snmp/proc.h
@@ -12,7 +12,7 @@ config_require(util_funcs)
      extern WriteMethod fixProcError;
      int sh_count_myprocs(struct myproc *);
      int             sh_count_procs(char *);
 -#ifdef HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
      int sh_count_procs_by_regex(char *, netsnmp_regex_ptr);
 #endif
 --- a/configure.d/config_os_libs1
 +++ b/configure.d/config_os_libs1
@@ -97,6 +97,32 @@ LIBS="$netsnmp_save_LIBS"
 #
 #   regex in process table
 #
 +if test "x$with_pcre2" != "xno"; then
 +  AC_CHECK_HEADER([pcre2.h], [
 +      AC_DEFINE([HAVE_PCRE2_H], [1], [Define to 1 if you have <pcre2.h>.])
 +      pcre2_h=yes
 +    ],
 +    [pcre2_h=no], [#define PCRE2_CODE_UNIT_WIDTH 8]
 +  )
 +fi
 +if test "x$pcre2header_h" = "xno" -o "x$pcre2_h" = "xno" ; then
 +  if test "x$with_pcre2" = "xyes" ; then
 +    AC_MSG_ERROR([Could not find the pcre2 header file needed and was specifically asked to use pcre2 support])
 +  else
 +    with_pcre2=no
 +  fi
 +fi
 +
 +if test "x$with_pcre2" != "xno"; then
 +  NETSNMP_SEARCH_LIBS([pcre2_match_8], [pcre2-8], [
 +    LMIBLIBS="$LMIBLIBS -lpcre2-8"
 +    ],,, LAGENTLIBS)
 +  AC_SUBST(LAGENTLIBS)
 +  AC_SUBST(LMIBLIBS)
 +fi
 +
 +if test "x$with_pcre2" != "xyes"; then
 +
 if test "x$with_pcre" != "xno"; then
   AC_CHECK_HEADER([pcre.h], [
       AC_DEFINE([HAVE_PCRE_H], [1], [Define to 1 if you have <pcre.h>.])
@@ -121,3 +147,4 @@ NETSNMP_SEARCH_LIBS([pcre_exec], [pcre],
   ],,, LAGENTLIBS)
 AC_SUBST(LAGENTLIBS)
 AC_SUBST(LMIBLIBS)
 +fi
 --- a/configure.d/config_project_with_enable
 +++ b/configure.d/config_project_with_enable
@@ -160,6 +160,10 @@ NETSNMP_ARG_WITH(rpm,
                                   management system when building the host MIB
                                   module.])
 +NETSNMP_ARG_WITH(pcre2-8,
 +[  --without-pcre2                  Don't include pcre2 process searching
 +                                  support in the agent.],
 +      with_pcre2="$withval", with_pcre2="maybe")
 NETSNMP_ARG_WITH(pcre,
 [  --without-pcre                  Don't include pcre process searching
 --- a/include/net-snmp/data_access/interface.h
 +++ b/include/net-snmp/data_access/interface.h
@@ -10,7 +10,10 @@
 extern          "C" {
 #endif
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H)
 +#define PCRE2_CODE_UNIT_WIDTH 8
 +#include <pcre2.h>
 +#elif defined(HAVE_PCRE_H)
 #include <pcre.h>
 #elif HAVE_REGEX_H
 #include <regex.h>
@@ -211,7 +214,9 @@ typedef struct _conf_if_list {
     typedef netsnmp_conf_if_list conf_if_list; /* backwards compat */
 typedef struct _include_if_list {
 -#if HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H)
 +    pcre2_code              *regex_ptr;
 +#elif defined(HAVE_PCRE_H)
     pcre                    *regex_ptr;
 #elif HAVE_REGEX_H
     regex_t                 *regex_ptr;
 --- a/include/net-snmp/data_access/swrun.h
 +++ b/include/net-snmp/data_access/swrun.h
@@ -90,7 +90,7 @@ extern "C" {
     int  swrun_count_processes_by_name( char *name );
 #if !defined(NETSNMP_FEATURE_REMOVE_SWRUN_COUNT_PROCESSES_BY_REGEX) \
 -    && defined(HAVE_PCRE_H)
 +    && (defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H))
     int  swrun_count_processes_by_regex(char *name, netsnmp_regex_ptr regexp);
 #endif
 --- a/include/net-snmp/types.h
 +++ b/include/net-snmp/types.h
@@ -63,7 +63,7 @@ typedef long ssize_t;
 typedef unsigned long int nfds_t;
 #endif
 -#ifdef HAVE_PCRE_H
 +#if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
 /*
  * Abstract the pcre typedef such that not all *.c files have to include
  * <pcre.h>.
--- a/net/net-snmp/patches/201-Run-autoreconf.patch
+++ b/net/net-snmp/patches/201-Run-autoreconf.patch
@ -0,0 +1,185 @@
 From 48b313ca34dbdf303fb232191d4f74e1d0fc9f06 Mon Sep 17 00:00:00 2001
 From: Bart Van Assche <bvanassche@acm.org>
 Date: Sun, 21 May 2023 16:20:15 -0700
 Subject: [PATCH] Run autoreconf
 ---
 configure                             | 126 ++++++++++++++++++++++++++
 include/net-snmp/net-snmp-config.h.in |   3 +
 2 files changed, 129 insertions(+)
 --- a/configure
 +++ b/configure
@@ -898,6 +898,8 @@ with_dnssec
 enable_dnssec
 with_rpm
 enable_rpm
 +with_pcre2_8
 +enable_pcre2_8
 with_pcre
 enable_pcre
 with_install_prefix
@@ -1810,6 +1812,8 @@ Compiler Options:
   --without-rpm                   Don't include support for the RPM package
                                   management system when building the host MIB
                                   module.
 +  --without-pcre2                  Don't include pcre2 process searching
 +                                  support in the agent.
   --without-pcre                  Don't include pcre process searching
                                   support in the agent.
   --with-install-prefix=PATH      Just for installing, prefix all
@@ -4907,6 +4911,21 @@ fi
 +# Check whether --with-pcre2-8 was given.
 +if test ${with_pcre2_8+y}
 +then :
 +  withval=$with_pcre2_8; with_pcre2="$withval"
 +else $as_nop
 +  with_pcre2="maybe"
 +fi
 +
 +   # Check whether --enable-pcre2-8 was given.
 +if test ${enable_pcre2_8+y}
 +then :
 +  enableval=$enable_pcre2_8; as_fn_error $? "Invalid option. Use --with-pcre2-8/--without-pcre2-8 instead" "$LINENO" 5
 +fi
 +
 +
 # Check whether --with-pcre was given.
 if test "${with_pcre+set}" = set; then :
@@ -22321,6 +22340,112 @@ LIBS="$netsnmp_save_LIBS"
 #
 #   regex in process table
 #
 +if test "x$with_pcre2" != "xno"; then
 +  ac_fn_c_check_header_compile "$LINENO" "pcre2.h" "ac_cv_header_pcre2_h" "#define PCRE2_CODE_UNIT_WIDTH 8
 +
 +"
 +if test "x$ac_cv_header_pcre2_h" = xyes
 +then :
 +
 +
 +printf "%s\n" "#define HAVE_PCRE2_H 1" >>confdefs.h
 +
 +      pcre2_h=yes
 +
 +else $as_nop
 +  pcre2_h=no
 +fi
 +
 +fi
 +if test "x$pcre2header_h" = "xno" -o "x$pcre2_h" = "xno" ; then
 +  if test "x$with_pcre2" = "xyes" ; then
 +    as_fn_error $? "Could not find the pcre2 header file needed and was specifically asked to use pcre2 support" "$LINENO" 5
 +  else
 +    with_pcre2=no
 +  fi
 +fi
 +
 +if test "x$with_pcre2" != "xno"; then
 +
 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing pcre2_match_8" >&5
 +printf %s "checking for library containing pcre2_match_8... " >&6; }
 +if test ${netsnmp_cv_func_pcre2_match_8_LAGENTLIBS+y}
 +then :
 +  printf %s "(cached) " >&6
 +else $as_nop
 +  netsnmp_func_search_save_LIBS="$LIBS"
 +     netsnmp_target_val="$LAGENTLIBS"
 +          netsnmp_temp_LIBS="${netsnmp_target_val}  ${LIBS}"
 +     netsnmp_result=no
 +     LIBS="${netsnmp_temp_LIBS}"
 +     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 +/* end confdefs.h.  */
 +
 +/* Override any GCC internal prototype to avoid an error.
 +   Use char because int might match the return type of a GCC
 +   builtin and then its argument prototype would still apply.  */
 +char pcre2_match_8 ();
 +int
 +main (void)
 +{
 +return pcre2_match_8 ();
 +  ;
 +  return 0;
 +}
 +_ACEOF
 +if ac_fn_c_try_link "$LINENO"
 +then :
 +  netsnmp_result="none required"
 +else $as_nop
 +  for netsnmp_cur_lib in pcre2-8 ; do
 +              LIBS="-l${netsnmp_cur_lib} ${netsnmp_temp_LIBS}"
 +              cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 +/* end confdefs.h.  */
 +
 +/* Override any GCC internal prototype to avoid an error.
 +   Use char because int might match the return type of a GCC
 +   builtin and then its argument prototype would still apply.  */
 +char pcre2_match_8 ();
 +int
 +main (void)
 +{
 +return pcre2_match_8 ();
 +  ;
 +  return 0;
 +}
 +_ACEOF
 +if ac_fn_c_try_link "$LINENO"
 +then :
 +  netsnmp_result=-l${netsnmp_cur_lib}
 +                   break
 +fi
 +rm -f core conftest.err conftest.$ac_objext conftest.beam \
 +    conftest$ac_exeext conftest.$ac_ext
 +          done
 +fi
 +rm -f core conftest.err conftest.$ac_objext conftest.beam \
 +    conftest$ac_exeext conftest.$ac_ext
 +     LIBS="${netsnmp_func_search_save_LIBS}"
 +     netsnmp_cv_func_pcre2_match_8_LAGENTLIBS="${netsnmp_result}"
 +fi
 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $netsnmp_cv_func_pcre2_match_8_LAGENTLIBS" >&5
 +printf "%s\n" "$netsnmp_cv_func_pcre2_match_8_LAGENTLIBS" >&6; }
 + if test "${netsnmp_cv_func_pcre2_match_8_LAGENTLIBS}" != "no" ; then
 +    if test "${netsnmp_cv_func_pcre2_match_8_LAGENTLIBS}" != "none required" ; then
 +       LAGENTLIBS="${netsnmp_result} ${netsnmp_target_val}"
 +    fi
 +
 +    LMIBLIBS="$LMIBLIBS -lpcre2-8"
 +
 +
 + fi
 +
 +
 +
 +fi
 +
 +if test "x$with_pcre2" != "xyes"; then
 +
 if test "x$with_pcre" != "xno"; then
   ac_fn_c_check_header_mongrel "$LINENO" "pcre.h" "ac_cv_header_pcre_h" "$ac_includes_default"
 if test "x$ac_cv_header_pcre_h" = xyes; then :
@@ -25886,6 +26011,7 @@ done
 fi
 +fi
 --- a/include/net-snmp/net-snmp-config.h.in
 +++ b/include/net-snmp/net-snmp-config.h.in
@@ -722,6 +722,9 @@
 /* Define to 1 if you have the <pci/pci.h> header file. */
 #undef HAVE_PCI_PCI_H
 +/* Define to 1 if you have <pcre2.h>. */
 +#undef HAVE_PCRE2_H
 +
 /* Define to 1 if you have <pcre.h>. */
 #undef HAVE_PCRE_H
--- a/net/net-snmp/patches/202-Improve-pcre2-support.patch
+++ b/net/net-snmp/patches/202-Improve-pcre2-support.patch
@ -0,0 +1,152 @@
 From 346b6f8959513320e5b674fd670c49ba2cd43af5 Mon Sep 17 00:00:00 2001
 From: Bart Van Assche <bvanassche@acm.org>
 Date: Sun, 21 May 2023 16:18:56 -0700
 Subject: [PATCH] Improve pcre2 support
 Fix compiler warnings. Convert C++ comments to C comments. Make sure that
 declarations occur before statements.
 ---
 agent/mibgroup/host/data_access/swrun.c       | 17 ++++------
 agent/mibgroup/if-mib/data_access/interface.c | 32 ++++++++++---------
 agent/mibgroup/ucd-snmp/proc.c                | 13 +++++---
 3 files changed, 31 insertions(+), 31 deletions(-)
 --- a/agent/mibgroup/host/data_access/swrun.c
 +++ b/agent/mibgroup/host/data_access/swrun.c
@@ -111,10 +111,7 @@ swrun_count_processes_by_regex( char *na
     netsnmp_iterator  *it;
     int i = 0;
 #ifdef HAVE_PCRE2_H
 -    pcre2_match_data *ndx_match;
 -    int *found_ndx;
 -    ndx_match = pcre2_match_data_create(30, NULL);
 -    found_ndx = pcre2_get_ovector_pointer(ndx_match);
 +    pcre2_match_data *ndx_match = pcre2_match_data_create(30, NULL);
 #elif HAVE_PCRE_H
     int found_ndx[30];
 #endif
@@ -122,22 +119,20 @@ swrun_count_processes_by_regex( char *na
     char fullCommand[64 + 128 + 128 + 3];
     netsnmp_cache_check_and_reload(swrun_cache);
 -    if ( !swrun_container || !name || !regexp.regex_ptr )
 +    if ( !swrun_container || !name || !regexp.regex_ptr ) {
 #ifdef HAVE_PCRE2_H
 -      { 
         pcre2_match_data_free(ndx_match);
 -        return 0;
 -      }
 -#else 
 -        return 0;    /* or -1 */
 #endif
 +        return 0;    /* or -1 */
 +    }
     it = CONTAINER_ITERATOR( swrun_container );
     while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
         /* need to assemble full command back so regexps can get full picture */
         sprintf(fullCommand, "%s %s", entry->hrSWRunPath, entry->hrSWRunParameters);
 #ifdef HAVE_PCRE2_H
 -        found = pcre2_match(regexp.regex_ptr, fullCommand, strlen(fullCommand), 0, 0, ndx_match, NULL);
 +        found = pcre2_match(regexp.regex_ptr, (unsigned char *)fullCommand,
 +                            strlen(fullCommand), 0, 0, ndx_match, NULL);
 #elif  HAVE_PCRE_H
         found = pcre_exec(regexp.regex_ptr, NULL, fullCommand, strlen(fullCommand), 0, 0, found_ndx, 30);
 #endif
 --- a/agent/mibgroup/if-mib/data_access/interface.c
 +++ b/agent/mibgroup/if-mib/data_access/interface.c
@@ -844,12 +844,8 @@ int netsnmp_access_interface_max_reached
 int netsnmp_access_interface_include(const char *name)
 {
     netsnmp_include_if_list *if_ptr;
 -#if defined(HAVE_PCRE2_H) 
 -    //pcre_exec->pcre2_match
 -    //ovector->pcre2_match_data
 -    pcre2_match_data *ndx_match;
 -    ndx_match = pcre2_match_data_create(3, NULL);
 -    int *found_ndx = pcre2_get_ovector_pointer(ndx_match);
 +#if defined(HAVE_PCRE2_H)
 +    pcre2_match_data *ndx_match = pcre2_match_data_create(3, NULL);
 #elif defined(HAVE_PCRE_H)
     int                      found_ndx[3];
 #endif
@@ -867,8 +863,8 @@ int netsnmp_access_interface_include(con
     for (if_ptr = include_list; if_ptr; if_ptr = if_ptr->next) {
 #if defined(HAVE_PCRE2_H)
 -        if (pcre2_match(if_ptr->regex_ptr, name, strlen(name), 0, 0, 
 -                                ndx_match, NULL) >= 0)  {
 +        if (pcre2_match(if_ptr->regex_ptr, (const unsigned char *)name,
 +                        strlen(name), 0, 0, ndx_match, NULL) >= 0)  {
                 pcre2_match_data_free(ndx_match);
                 return TRUE;
         }
@@ -1000,11 +996,13 @@ _parse_include_if_config(const char *tok
     netsnmp_include_if_list *if_ptr, *if_new;
     char                    *name, *st;
 #if defined(HAVE_PCRE2_H)
 -    //we can only get the message upon calling pcre2_error_message.
 -    // so an additional variable is required.
 +    /*
 +     * We can only get the message upon calling pcre2_error_message.
 +     * so an additional variable is required.
 +     */
     int                     pcre2_err_code;
 -    unsigned char           pcre2_error[128];
 -    int                     pcre2_error_offset;
 +    char                    pcre2_error[128];
 +    size_t                  pcre2_error_offset;
 #elif defined(HAVE_PCRE_H)
     const char              *pcre_error;
     int                     pcre_error_offset;
@@ -1038,10 +1036,14 @@ _parse_include_if_config(const char *tok
             goto err;
         }
 #if defined(HAVE_PCRE2_H)
 -        if_new->regex_ptr = pcre2_compile(if_new->name, PCRE2_ZERO_TERMINATED, 0,
 -                         &pcre2_err_code, &pcre2_error_offset, NULL);
 +        if_new->regex_ptr = pcre2_compile((const unsigned char *)if_new->name,
 +                                          PCRE2_ZERO_TERMINATED, 0,
 +                                          &pcre2_err_code, &pcre2_error_offset,
 +                                          NULL);
         if (!if_new->regex_ptr) {
 -            pcre2_get_error_message(pcre2_err_code, pcre2_error, 128);
 +            pcre2_get_error_message(pcre2_err_code,
 +                                    (unsigned char *)pcre2_error,
 +                                    sizeof(pcre2_error));
             config_perror(pcre2_error);
             goto err;
         }
 --- a/agent/mibgroup/ucd-snmp/proc.c
 +++ b/agent/mibgroup/ucd-snmp/proc.c
@@ -226,15 +226,17 @@ proc_parse_config(const char *token, cha
 #if defined(HAVE_PCRE2_H) || defined(HAVE_PCRE_H)
             cptr = skip_not_white(cptr);
             if ((cptr = skip_white(cptr))) {
 -                DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr));
 #ifdef HAVE_PCRE2_H
 -                unsigned char pcre2_error_msg[128];
 +                char pcre2_error_msg[128];
                 int pcre2_err_code;
 -                int pcre2_error_offset;
 +                size_t pcre2_error_offset;
 +                DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr));
                 (*procp)->regexp.regex_ptr =
 -                    pcre2_compile(cptr, PCRE2_ZERO_TERMINATED, 0, &pcre2_err_code, &pcre2_error_offset, NULL);
 -                pcre2_get_error_message(pcre2_err_code, pcre2_error_msg, 128);
 +                    pcre2_compile((const unsigned char *)cptr, PCRE2_ZERO_TERMINATED, 0, &pcre2_err_code, &pcre2_error_offset, NULL);
 +                pcre2_get_error_message(pcre2_err_code,
 +                                        (unsigned char *)pcre2_error_msg,
 +                                        sizeof(pcre2_error_msg));
                 if ((*procp)->regexp.regex_ptr == NULL) {
                     config_perror(pcre2_error_msg);
                 }
@@ -242,6 +244,7 @@ proc_parse_config(const char *token, cha
                 const char *pcre_error;
                 int pcre_error_offset;
 +                DEBUGMSGTL(("ucd-snmp/regexp_proc", "Loading regex %s\n", cptr));
                 (*procp)->regexp.regex_ptr =
                     pcre_compile(cptr, 0,  &pcre_error, &pcre_error_offset, NULL);
                 if ((*procp)->regexp.regex_ptr == NULL) {
--- a/net/netavark/Makefile
+++ b/net/netavark/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=netavark
-PKG_VERSION:=1.7.0
+PKG_VERSION:=1.8.0
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/containers/netavark/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=b0ed7d80fd96ef2af88e7a001d91024919125e5842d9772de94648044630e116
+PKG_HASH:=b1422ef6927458e9f80f7d322b751e29ab5d04d8ed6cb065baa82fa4291af10f
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 PKG_LICENSE:=Apache-2.0
--- a/net/netbird/Makefile
+++ b/net/netbird/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=netbird
-PKG_VERSION:=0.21.7
+PKG_VERSION:=0.23.6
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=f2a18a6b9e6af15c182fd023cc47aecb2062d3da586820746f4987856d20f0ac
+PKG_HASH:=cb29e237652634f3a2a5774fdc239f615d46cf9339811c707744d1e03797126d
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
--- a/utils/crun/Makefile
+++ b/utils/crun/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=crun
-PKG_VERSION:=1.9
+PKG_VERSION:=1.9.2
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/containers/crun/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=dfe15045953f6876fde273518ac2cafbabda7c0eebd3dcdba34c4e5dc8b46661
+PKG_HASH:=a5ed2984a9ebb3e0e5cba0781832f03931423097a56f48a948ab034b46726aef
 PKG_BUILD_DEPENDS:=argp-standalone
 PKG_BUILD_PARALLEL:=1
--- a/utils/ncdu/Makefile
+++ b/utils/ncdu/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=ncdu
-PKG_VERSION:=1.18.1
+PKG_VERSION:=1.19
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://dev.yorhel.nl/download
-PKG_HASH:=7c0fa1eb29d85aaed4ba174164bdbb8f011b5c390d017c57d668fc7231332405
+PKG_HASH:=30363019180cde0752c7fb006c12e154920412f4e1b5dc3090654698496bb17d
 PKG_MAINTAINER:=Charles E. Lehner <cel@celehner.com>
 PKG_LICENSE:=MIT
--- a/utils/podman/Makefile
+++ b/utils/podman/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=podman
-PKG_VERSION:=4.6.2
+PKG_VERSION:=4.7.0
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
-PKG_HASH:=2d8e04f0c3819c3f0ed1ca5d01da87e6d911571b96ae690448f7f75df41f2ad1
+PKG_HASH:=8fbeab8a821c59ac10ade87c9597d7bb13be4f7868b438278a9f6a17c50bf20d
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
--- a/utils/podman/patches/010-do-not-build-docs.patch
+++ b/utils/podman/patches/010-do-not-build-docs.patch
@ -1,6 +1,6 @@
 --- a/Makefile
 +++ b/Makefile
-@@ -211,7 +211,7 @@ GV_SHA=407efb5dcdb0f4445935f7360535800b6
+@@ -219,7 +219,7 @@ GV_SHA=db608827124caa71ba411cec8ea959bb9
 default: all
 .PHONY: all
@ -9,7 +9,7 @@
 .PHONY: binaries
 ifeq ($(shell uname -s),FreeBSD)
-@@ -798,7 +798,7 @@ rpm-install: package  ## Install rpm pac
+@@ -804,7 +804,7 @@ rpm-install: package  ## Install rpm pac
 	/usr/bin/podman info  # will catch a broken conmon
 .PHONY: install
--- a/utils/prometheus-node-exporter-lua/Makefile
+++ b/utils/prometheus-node-exporter-lua/Makefile
@ -59,17 +59,6 @@ endef
 # Additional optional exporters:
 define Package/prometheus-node-exporter-lua-bmx6
  $(call Package/prometheus-node-exporter-lua/Default)
  TITLE+= (bmx6 links collector)
  DEPENDS:=prometheus-node-exporter-lua bmx6 +lua-cjson +bmx6-json
 endef
 define Package/prometheus-node-exporter-lua-bmx6/install
 	$(INSTALL_DIR) $(1)/usr/lib/lua/prometheus-collectors
 	$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/bmx6.lua $(1)/usr/lib/lua/prometheus-collectors/
 endef
 define Package/prometheus-node-exporter-lua-bmx7
  $(call Package/prometheus-node-exporter-lua/Default)
  TITLE+= (bmx7 links collector)
@ -236,7 +225,6 @@ define Package/prometheus-node-exporter-lua-realtek-poe/install
 endef
 $(eval $(call BuildPackage,prometheus-node-exporter-lua))
 $(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx6))
 $(eval $(call BuildPackage,prometheus-node-exporter-lua-bmx7))
 $(eval $(call BuildPackage,prometheus-node-exporter-lua-dawn))
 $(eval $(call BuildPackage,prometheus-node-exporter-lua-hostapd_stations))
--- a/utils/yq/Makefile
+++ b/utils/yq/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=yq
-PKG_VERSION:=4.35.1
+PKG_VERSION:=4.35.2
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=b3e079169529ec6b42925d0802c22d86f1ef6e1458dce67eae5a1d6db56cb8c3
+PKG_HASH:=8b17d710c56f764e9beff06d7a7b1c77d87c4ba4219ce4ce67e7ee29670f4f13
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MIT