Merge branch 'openwrt:master' into master

2023-05-14 20:26:03 +05:30 · 2023-05-14 20:26:03 +05:30 · c91693d848
commit c91693d848
parent 04143bcb34 5098dd0cf1
31 changed files with 529 additions and 294 deletions
--- a/admin/netatop/patches/100-fix-compilation-warning-fallthrough.patch
+++ b/admin/netatop/patches/100-fix-compilation-warning-fallthrough.patch
@ -0,0 +1,11 @@
 --- a/module/netatop.c
 +++ b/module/netatop.c
@@ -1617,7 +1617,7 @@ getsockopt(struct sock *sk, int cmd, void __user *user, int *len)
  	   case NETATOP_GETCNT_TGID:
 		tasktype = 'g';		
 -		// fall through
 +		fallthrough;
  	   case NETATOP_GETCNT_PID:
 		if (*len < sizeof(pid_t))
 			return -EINVAL;
--- a/libs/dmx_usb_module/patches/100-fix-compilation-warning-wrong-cast.patch
+++ b/libs/dmx_usb_module/patches/100-fix-compilation-warning-wrong-cast.patch
@ -0,0 +1,11 @@
 --- a/dmx_usb.c
 +++ b/dmx_usb.c
@@ -406,7 +406,7 @@ static ssize_t dmx_usb_write (struct file *file, const char *buffer, size_t coun
 	dev = (struct dmx_usb_device *)file->private_data;
 -	dbg("%s - minor %d, count = %d", __FUNCTION__, dev->minor, count);
 +	dbg("%s - minor %d, count = %zu", __FUNCTION__, dev->minor, count);
 	/* lock this object */
 	down (&dev->sem);
--- a/libs/libpfring/patches/100-fix-compilation-warning.patch
+++ b/libs/libpfring/patches/100-fix-compilation-warning.patch
@ -0,0 +1,30 @@
 --- a/kernel/pf_ring.c
 +++ b/kernel/pf_ring.c
@@ -3940,7 +3940,7 @@ static int hash_pkt_cluster(ring_cluster_element *cluster_ptr,
       break;
     }
     /* else, fall through, because it's like 2-tuple for non-TCP packets */
 -
 +    fallthrough;
   case cluster_per_flow_2_tuple:
   case cluster_per_inner_flow_2_tuple:
     flags |= mask_2_tuple;
@@ -5485,8 +5485,7 @@ static int ring_release(struct socket *sock)
     remove_cluster_referee(pfr);
   if((pfr->zc_device_entry != NULL)
 -     && pfr->zc_device_entry->zc_dev.dev
 -     && pfr->zc_device_entry->zc_dev.dev->name) {
 +     && pfr->zc_device_entry->zc_dev.dev) {
     pfring_release_zc_dev(pfr);
   }
@@ -5617,8 +5616,6 @@ static int ring_bind(struct socket *sock, struct sockaddr *sa, int addr_len)
     return(-EINVAL);
   if(sa->sa_family != PF_RING)
     return(-EINVAL);
 -  if(sa->sa_data == NULL)
 -    return(-EINVAL);
   memcpy(name, sa->sa_data, sizeof(sa->sa_data));
--- a/libs/libvorbis/Makefile
+++ b/libs/libvorbis/Makefile
@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=libvorbis
 PKG_VERSION:=1.3.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/
--- a/libs/libvorbis/patches/010-cmake_soname.patch
+++ b/libs/libvorbis/patches/010-cmake_soname.patch
@ -0,0 +1,44 @@
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -28,8 +28,8 @@ set(PROJECT_VERSION_MINOR ${CMAKE_MATCH_
 set(PROJECT_VERSION_PATCH ${CMAKE_MATCH_3})
 set(PROJECT_VERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH})
 -# Helper function to get version-info
 -function(get_version_info result current_var_name age_var_name revision_var_name)
 +# Helper function to get library versions
 +function(get_lib_versions version_result soversion_result current_var_name age_var_name revision_var_name)
     string(REGEX MATCH "${current_var_name}=([0-9]*)" DUMMY ${CONFIGURE_AC_CONTENTS})
     set(VERSION_INFO_CURRENT ${CMAKE_MATCH_1})
@@ -41,7 +41,8 @@ function(get_version_info result current
     math(EXPR VERSION_INFO_CURRENT_MINUS_AGE "${VERSION_INFO_CURRENT} - ${VERSION_INFO_AGE}")
 -    set(${result} "${VERSION_INFO_CURRENT_MINUS_AGE}.${VERSION_INFO_AGE}.${VERSION_INFO_REVISION}" PARENT_SCOPE)
 +    set(${version_result} "${VERSION_INFO_CURRENT_MINUS_AGE}.${VERSION_INFO_AGE}.${VERSION_INFO_REVISION}" PARENT_SCOPE)
 +    set(${soversion_result} "${VERSION_INFO_CURRENT_MINUS_AGE}" PARENT_SCOPE)
 endfunction()
 # Helper function to configure pkg-config files
 --- a/lib/CMakeLists.txt
 +++ b/lib/CMakeLists.txt
@@ -78,12 +78,12 @@ if (NOT BUILD_FRAMEWORK)
     add_library(vorbisenc ${VORBISENC_SOURCES})
     add_library(vorbisfile ${VORBISFILE_SOURCES})
 -    get_version_info(VORBIS_VERSION_INFO "V_LIB_CURRENT" "V_LIB_AGE" "V_LIB_REVISION")
 -    set_target_properties(vorbis PROPERTIES SOVERSION ${VORBIS_VERSION_INFO})
 -    get_version_info(VORBISENC_VERSION_INFO "VE_LIB_CURRENT" "VE_LIB_AGE" "VE_LIB_REVISION")
 -    set_target_properties(vorbisenc PROPERTIES SOVERSION ${VORBISENC_VERSION_INFO})
 -    get_version_info(VORBISFILE_VERSION_INFO "VF_LIB_CURRENT" "VF_LIB_AGE" "VF_LIB_REVISION")
 -    set_target_properties(vorbisfile PROPERTIES SOVERSION ${VORBISFILE_VERSION_INFO})
 +    get_lib_versions(VORBIS_VERSION VORBIS_SOVERSION "V_LIB_CURRENT" "V_LIB_AGE" "V_LIB_REVISION")
 +    set_target_properties(vorbis PROPERTIES VERSION ${VORBIS_VERSION} SOVERSION ${VORBIS_SOVERSION})
 +    get_lib_versions(VORBISENC_VERSION VORBISENC_SOVERSION "VE_LIB_CURRENT" "VE_LIB_AGE" "VE_LIB_REVISION")
 +    set_target_properties(vorbisenc PROPERTIES VERSION ${VORBISENC_VERSION} SOVERSION ${VORBISENC_SOVERSION})
 +    get_lib_versions(VORBISFILE_VERSION VORBISFILE_SOVERSION "VF_LIB_CURRENT" "VF_LIB_AGE" "VF_LIB_REVISION")
 +    set_target_properties(vorbisfile PROPERTIES VERSION ${VORBISFILE_VERSION} SOVERSION ${VORBISFILE_SOVERSION})
     target_include_directories(vorbis
         PUBLIC
--- a/libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch
+++ b/libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch
@ -0,0 +1,42 @@
 --- a/xr_usb_serial_common-1a/xr_usb_serial_common.c
 +++ b/xr_usb_serial_common-1a/xr_usb_serial_common.c
@@ -258,7 +258,9 @@ static void xr_usb_serial_ctrl_irq(struct urb *urb)
 {
 	struct xr_usb_serial *xr_usb_serial = urb->context;
 	struct usb_cdc_notification *dr = urb->transfer_buffer;
 +#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
 	struct tty_struct *tty;
 +#endif
 	unsigned char *data;
 	int newctrl;
 	int retval;
@@ -390,7 +392,9 @@ static int xr_usb_serial_submit_read_urbs(struct xr_usb_serial *xr_usb_serial, g
 }
 static void xr_usb_serial_process_read_urb(struct xr_usb_serial *xr_usb_serial, struct urb *urb)
 {
 +#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
 	struct tty_struct *tty;
 +#endif
 	if (!urb->actual_length)
 		return;
 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0)    
@@ -465,7 +469,9 @@ static void xr_usb_serial_write_bulk(struct urb *urb)
 static void xr_usb_serial_softint(struct work_struct *work)
 {
 	struct xr_usb_serial *xr_usb_serial = container_of(work, struct xr_usb_serial, work);
 +#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
 	struct tty_struct *tty;
 +#endif
 	dev_vdbg(&xr_usb_serial->data->dev, "%s\n", __func__);
 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0)
@@ -1631,7 +1637,9 @@ err_out:
 static int xr_usb_serial_reset_resume(struct usb_interface *intf)
 {
 	struct xr_usb_serial *xr_usb_serial = usb_get_intfdata(intf);
 +#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
 	struct tty_struct *tty;
 +#endif
 	if (tty_port_initialized(&xr_usb_serial->port)){
 #if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0)	
 	tty_port_tty_hangup(&xr_usb_serial->port, false);
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=dovecot
-PKG_VERSION:=2.3.18
+PKG_VERSION:=2.3.20
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://dovecot.org/releases/2.3
-PKG_HASH:=06e73f668c6c093c45bdeeeb7c20398ab8dc49317234f4b5781ac5e2cc5d6c33
+PKG_HASH:=caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552
 PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
 PKG_LICENSE:=LGPL-2.1-only MIT BSD-3-Clause
--- a/mail/pigeonhole/Makefile
+++ b/mail/pigeonhole/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=dovecot-pigeonhole
-PKG_VERSION_PLUGIN:=0.5.19
+PKG_VERSION_PLUGIN:=0.5.20
 PKG_VERSION_DOVECOT:=$(shell make --no-print-directory -C ../dovecot/ val.PKG_VERSION V=s)
 PKG_VERSION:=$(PKG_VERSION_DOVECOT)-$(PKG_VERSION_PLUGIN)
 PKG_RELEASE:=1
@ -17,7 +17,7 @@ DOVECOT_VERSION:=2.3
 PKG_SOURCE:=dovecot-$(DOVECOT_VERSION)-pigeonhole-$(PKG_VERSION_PLUGIN).tar.gz
 PKG_SOURCE_URL:=https://pigeonhole.dovecot.org/releases/$(DOVECOT_VERSION)
-PKG_HASH:=637709a83fb1338c918e5398049f96b7aeb5ae00696794ed1e5a4d4c0ca3f688
+PKG_HASH:=ae32bd4870ea2c1328ae09ba206e9ec12128046d6afca52fbbc9ef7f75617c98
 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 PKG_LICENSE:=LGPL-2.1-or-later
--- a/net/aardvark-dns/Makefile
+++ b/net/aardvark-dns/Makefile
@ -0,0 +1,43 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=aardvark-dns
 PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/containers/aardvark-dns.git
 PKG_SOURCE_DATE:=2023-05-12
 PKG_SOURCE_VERSION:=6e06736707d8a84240858e968a54a083083e3a09
 PKG_MIRROR_HASH:=407d73c0a01b9fd6248a1ce058541707580db46a7d18f776780fe7922ba97391
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 PKG_BUILD_DEPENDS:=rust/host
 include $(INCLUDE_DIR)/package.mk
 include ../../lang/rust/rust-package.mk
 define Package/aardvark-dns
  SECTION:=net
  CATEGORY:=Network
  DEPENDS:=$(RUST_ARCH_DEPENDS)
  TITLE:=authoritative dns server for container records
  URL:=https://github.com/containers/aardvark-dns
 endef
 define Package/aardvark-dns/description
  Aardvark-dns is an authoritative dns server for A/AAAA container records.
  It can forward other requests to configured resolvers.
  It is mostly intended to be used with Netavark which will
  launch it automatically if both are installed.
 endef
 define Package/aardvark-dns/install
 	$(INSTALL_DIR) $(1)/usr/lib/podman
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/aardvark-dns $(1)/usr/lib/podman/
 endef
 $(eval $(call RustBinPackage,aardvark-dns))
 $(eval $(call BuildPackage,aardvark-dns))
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -5,8 +5,8 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=banip
-PKG_VERSION:=0.8.5
+PKG_VERSION:=0.8.6
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -75,6 +75,7 @@ ban_fetchinsecure=""
 ban_fetchretry="5"
 ban_cores=""
 ban_memory=""
 ban_packages=""
 ban_trigger=""
 ban_triggerdelay="10"
 ban_resolver=""
@ -90,8 +91,9 @@ f_system() {
 		ban_debug="$(uci_get banip global ban_debug)"
 		ban_cores="$(uci_get banip global ban_cores)"
 	fi
 	ban_packages="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
 	ban_memory="$("${ban_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
-	ban_ver="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | jsonfilter -ql1 -e '@.packages.banip')"
+	ban_ver="$(printf "%s" "${ban_packages}" | jsonfilter -ql1 -e '@.packages.banip')"
 	ban_sysver="$(${ban_ubuscmd} -S call system board 2>/dev/null | jsonfilter -ql1 -e '@.model' -e '@.release.description' |
 		"${ban_awkcmd}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
 	if [ -z "${ban_cores}" ]; then
@ -171,6 +173,19 @@ f_trim() {
 	printf "%s" "${string}"
 }
 # remove logservice
 #
 f_rmpid() {
 	local ppid pid pids
 	ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
 	[ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" || return 0
 	for pid in ${pids}; do
 		kill -INT "${pid}" >/dev/null 2>&1
 	done
 	: >"${ban_pidfile}"
 }
 # write log messages
 #
 f_log() {
@ -253,30 +268,54 @@ f_conf() {
 	[ "${ban_action}" = "boot" ] && [ -z "${ban_trigger}" ] && sleep ${ban_triggerdelay}
 }
-# prepare fetch utility
+# get nft/monitor actuals
 #
-f_fetch() {
+f_actual() {
-	local item utils packages insecure
+	local nft monitor
-	if [ -z "${ban_fetchcmd}" ] || [ ! -x "$(command -v "${ban_fetchcmd}")" ]; then
+	if "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then
-		packages="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
+		nft="$(f_char "1")"
-		[ -z "${packages}" ] && f_log "err" "no local package repository"
+	else
 		nft="$(f_char "0")"
 	fi
 	if pgrep -f "logread" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then
 		monitor="$(f_char "1")"
 	else
 		monitor="$(f_char "0")"
 	fi
 	printf "%s" "nft: ${nft}, monitor: ${monitor}"
 }
 # get fetch utility
 #
 f_getfetch() {
 	local item utils insecure update="0"
 	if { [ "${ban_fetchcmd}" = "uclient-fetch" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
 		{ [ "${ban_fetchcmd}" = "wget" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
 		[ "${ban_fetchcmd}" = "curl" ] || [ "${ban_fetchcmd}" = "aria2c" ]; then
 		ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
 	else
 		ban_fetchcmd=""
 	fi
 	if [ "${ban_autodetect}" = "1" ] && [ ! -x "${ban_fetchcmd}" ]; then
 		utils="aria2c curl wget uclient-fetch"
 		for item in ${utils}; do
-			if { [ "${item}" = "uclient-fetch" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
+			if { [ "${item}" = "uclient-fetch" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
-				{ [ "${item}" = "wget" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
+				{ [ "${item}" = "wget" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
 				[ "${item}" = "curl" ] || [ "${item}" = "aria2c" ]; then
 				ban_fetchcmd="$(command -v "${item}")"
 				if [ -x "${ban_fetchcmd}" ]; then
-					uci_set banip global ban_fetchcmd "${ban_fetchcmd##*/}"
+					update="1"
 					uci_set banip global ban_fetchcmd "${item}"
 					uci_commit "banip"
 					break
 				fi
 			fi
 		done
 	else
 		ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
 	fi
 	[ ! -x "${ban_fetchcmd}" ] && f_log "err" "no download utility with SSL support"
 	case "${ban_fetchcmd##*/}" in
 		"aria2c")
@ -297,38 +336,7 @@ f_fetch() {
 			;;
 	esac
-	f_log "debug" "f_fetch     ::: cmd: ${ban_fetchcmd:-"-"}, parm: ${ban_fetchparm:-"-"}"
+	f_log "debug" "f_getfetch  ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, parm: ${ban_fetchparm:-"-"}"
 }
 # remove logservice
 #
 f_rmpid() {
 	local ppid pid pids
 	ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
 	[ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" || return 0
 	for pid in ${pids}; do
 		kill -INT "${pid}" >/dev/null 2>&1
 	done
 	: >"${ban_pidfile}"
 }
 # get nft/monitor actuals
 #
 f_actual() {
 	local nft monitor
 	if "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then
 		nft="$(f_char "1")"
 	else
 		nft="$(f_char "0")"
 	fi
 	if pgrep -f "logread" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then
 		monitor="$(f_char "1")"
 	else
 		monitor="$(f_char "0")"
 	fi
 	printf "%s" "nft: ${nft}, monitor: ${monitor}"
 }
 # get wan interfaces
@ -1355,6 +1363,59 @@ f_mail() {
 	f_log "debug" "f_mail      ::: notification: ${ban_mailnotification}, template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}"
 }
 # log monitor
 #
 f_monitor() {
 	local nft_expiry line proto ip log_raw log_count
 	if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
 		f_log "info" "start detached banIP log service"
 		[ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")"
 		# read log continuously with given logterms
 		#
 		"${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
 			while read -r line; do
 				proto=""
 				# IPv4 log parsing
 				#
 				ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')"
 				ip="$(f_trim "${ip}")"
 				ip="${ip##* }"
 				[ -n "${ip}" ] && proto="v4"
 				if [ -z "${proto}" ]; then
 					# IPv6 log parsing
 					#
 					ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{if(!seen[RT]++)printf "%s ",RT}')"
 					ip="$(f_trim "${ip}")"
 					ip="${ip##* }"
 					[ -n "${ip}" ] && proto="v6"
 				fi
 				if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then
 					f_log "info" "suspicious IP${proto} '${ip}'"
 					log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
 					log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP${proto} '${ip}'")"
 					if [ "${log_count}" -ge "${ban_logcount}" ]; then
 						if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" "{ ${ip} ${nft_expiry} }" >/dev/null 2>&1; then
 							f_log "info" "add IP${proto} '${ip}' (expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set"
 							if [ -z "${ban_nftexpiry}" ] && [ "${ban_autoblocklist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; then
 								printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
 								f_log "info" "add IP${proto} '${ip}' to local blocklist"
 							fi
 						fi
 					fi
 				fi
 			done
 	# start detached no-op service loop
 	#
 	else
 		f_log "info" "start detached no-op banIP service"
 		while :; do
 			sleep 1
 		done
 	fi
 }
 # initial sourcing
 #
 if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]; then
--- a/net/banip/files/banip-service.sh
+++ b/net/banip/files/banip-service.sh
@ -18,7 +18,7 @@ f_log "info" "start banIP processing (${ban_action})"
 f_log "debug" "f_system    ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}"
 f_genstatus "processing"
 f_tmp
-f_fetch
+f_getfetch
 f_getif
 f_getdev
 f_getuplink
@ -93,7 +93,7 @@ for feed in allowlist ${ban_feed} blocklist; do
 		eval json_get_var feed_"${object}" '${object}' >/dev/null 2>&1
 	done
 	json_select ..
-	
+
 	# skip incomplete feeds
 	#
 	if { { [ -n "${feed_url_4}" ] && [ -z "${feed_rule_4}" ]; } || { [ -z "${feed_url_4}" ] && [ -n "${feed_rule_4}" ]; }; } ||
@ -162,54 +162,6 @@ fi
 json_cleanup
 rm -rf "${ban_lock}"
-# start detached log service
+# start detached log service (infinite loop)
 #
-if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
+f_monitor
 	f_log "info" "start detached banIP log service"
 	nft_expiry="$(printf "%s" "${ban_nftexpiry}" | grep -oE "([0-9]+[h|m|s]$)")"
 	[ -n "${nft_expiry}" ] && nft_expiry="timeout ${nft_expiry}"
 	# read log continuously with given logterms
 	#
 	"${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
 		while read -r line; do
 			proto=""
 			# IPv4 log parsing
 			#
 			ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')"
 			ip="$(f_trim "${ip}")"
 			ip="${ip##* }"
 			[ -n "${ip}" ] && proto="v4"
 			if [ -z "${proto}" ]; then
 				# IPv6 log parsing
 				#
 				ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{if(!seen[RT]++)printf "%s ",RT}')"
 				ip="$(f_trim "${ip}")"
 				ip="${ip##* }"
 				[ -n "${ip}" ] && proto="v6"
 			fi
 			if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then
 				f_log "info" "suspicious IP${proto} '${ip}'"
 				log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
 				log_count="$(printf "%s\n" "${log_raw}" | grep -c "suspicious IP${proto} '${ip}'")"
 				if [ "${log_count}" -ge "${ban_logcount}" ]; then
 					if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" "{ ${ip} ${nft_expiry} }" >/dev/null 2>&1; then
 						f_log "info" "add IP${proto} '${ip}' (expiry: ${nft_expiry:-"-"}) to blocklist${proto} set"
 						if [ "${ban_autoblocklist}" = "1" ] && ! grep -q "^${ip}" "${ban_blocklist}"; then
 							printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
 							f_log "info" "add IP${proto} '${ip}' to local blocklist"
 						fi
 					fi
 				fi
 			fi
 		done
 # start detached no-op service loop
 #
 else
 	f_log "info" "start detached no-op banIP service"
 	while :; do
 		sleep 1
 	done
 fi
--- a/net/lighttpd/Makefile
+++ b/net/lighttpd/Makefile
@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=lighttpd
-PKG_VERSION:=1.4.69
+PKG_VERSION:=1.4.70
-PKG_RELEASE:=3
+PKG_RELEASE:=1
 # release candidate ~rcX testing; remove for release
 #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
-PKG_HASH:=16ac8db95e719629ba61949b99f8a26feba946a81d185215b28379bb4116b0b4
+PKG_HASH:=921ebe1cf4b6b9897e03779ab7a23a31f4ba40a1abe2067525c33cd3ce61fe85
 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 PKG_LICENSE:=BSD-3-Clause
@ -60,7 +60,7 @@ PKG_BUILD_DEPENDS:= \
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/meson.mk
-# choose crypto lib for lighttpd to use for crypto algorithms (default: nettle)
+# choose crypto lib for lighttpd to use for crypto algorithms
 # (separate from lighttpd TLS modules, which are each standalone)
 cryptolibdep= \
  +LIGHTTPD_CRYPTOLIB_NETTLE:libnettle \
@ -69,8 +69,6 @@ cryptolibdep= \
 ifdef CONFIG_LIGHTTPD_CRYPTOLIB_MBEDTLS
  TARGET_CPPFLAGS += -DFORCE_MBEDTLS_CRYPTO
 else ifdef CONFIG_LIGHTTPD_CRYPTOLIB_WOLFSSL
  # (Note: if CONFIG_LIGHTTPD_CRYPTOLIB_WOLFSSL is set,
  #  then lighttpd-mod-mbedtls should not be selected to also be built)
  TARGET_CPPFLAGS += -DFORCE_WOLFSSL_CRYPTO
 endif
@ -123,7 +121,7 @@ config LIGHTTPD_PCRE2
 if PACKAGE_lighttpd
 	choice
 		prompt "crypto library"
-		default LIGHTTPD_CRYPTOLIB_NETTLE
+		default LIGHTTPD_CRYPTOLIB_MBEDTLS
 		help
 		  library to use for cryptographic algorithms
@ -177,7 +175,7 @@ MESON_ARGS += \
 	-Dwith_zlib=$(if $(CONFIG_PACKAGE_lighttpd-mod-deflate),enabled,disabled) \
 	-Dwith_zstd=disabled
-BASE_MODULES:=dirlisting
+BASE_MODULES:=dirlisting h2
 define Package/lighttpd/conffiles
 /etc/lighttpd/lighttpd.conf
@ -307,8 +305,9 @@ server.modules += ( \"mod_$(1)\" )" $$(1)/etc/lighttpd/conf.d/$(4)-$(1).conf ; \
  $$(eval $$(call BuildPackage,lighttpd-mod-$(1)))
 endef
-# included in BASE_MODULES:=dirlisting
+# included in BASE_MODULES:=dirlisting h2
 #$(eval $(call BuildPlugin,dirlisting,dirlisting,,30))
 #$(eval $(call BuildPlugin,h2,HTTP/2,,30))
 # included in base lighttpd executable;
 # no longer loaded as separate dynamic modules
--- a/net/lighttpd/patches/020-meson-mod_webdav_min.patch
+++ b/net/lighttpd/patches/020-meson-mod_webdav_min.patch
@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid
 --- a/src/meson.build
 +++ b/src/meson.build
-@@ -865,6 +865,16 @@ if libsasl.found()
+@@ -879,6 +879,16 @@ if libsasl.found()
 	]
 endif
--- a/net/lighttpd/patches/030-meson-check-FORCE_._CRYPTO.patch
+++ b/net/lighttpd/patches/030-meson-check-FORCE_._CRYPTO.patch
@ -1,34 +0,0 @@
 From e91ad65e4aacde815679c06cb687931dd7beb9b3 Mon Sep 17 00:00:00 2001
 From: Glenn Strauss <gstrauss@gluelogic.com>
 Date: Thu, 20 Apr 2023 21:27:36 -0400
 Subject: [PATCH] [meson] check FORCE_{WOLFSSL,MBEDTLS}_CRYPTO
 ---
 src/meson.build | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
 --- a/src/meson.build
 +++ b/src/meson.build
@@ -358,15 +358,19 @@ if get_option('with_mbedtls')
 	libmbedtls = [ compiler.find_library('mbedtls') ]
 	libmbedx509 = [ compiler.find_library('mbedx509') ]
 	libmbedcrypto = [ compiler.find_library('mbedcrypto') ]
 -	libcrypto = [ compiler.find_library('mbedcrypto') ]
 +	if compiler.get_define('FORCE_WOLFSSL_CRYPTO') == ''
 +	  libcrypto = [ compiler.find_library('mbedcrypto') ]
 +	endif
 	conf_data.set('HAVE_LIBMBEDCRYPTO', true)
 endif
 if get_option('with_nettle')
 	# manual search:
 	# header: nettle/nettle-types.h
 	# function: nettle_md5_init (-lnettle)
 -	libcrypto = [ dependency('nettle') ]
 -	conf_data.set('HAVE_NETTLE_NETTLE_TYPES_H', true)
 +	if compiler.get_define('FORCE_WOLFSSL_CRYPTO') == '' and compiler.get_define('FORCE_MBEDTLS_CRYPTO') == ''
 +	  libcrypto = [ dependency('nettle') ]
 +	  conf_data.set('HAVE_NETTLE_NETTLE_TYPES_H', true)
 +	endif
 endif
 if get_option('with_gnutls')
 	# manual search:
--- a/net/lighttpd/patches/030-mod_h2-HTTP-2-separate-mod.patch
+++ b/net/lighttpd/patches/030-mod_h2-HTTP-2-separate-mod.patch
@ -0,0 +1,87 @@
 From 2892a7bf3f8ce92f41134fab25fbc2057f4a36bf Mon Sep 17 00:00:00 2001
 From: Glenn Strauss <gstrauss@gluelogic.com>
 Date: Wed, 10 May 2023 19:06:42 -0400
 Subject: [PATCH] [mod_h2] HTTP/2 separate module; no longer builtin
 ---
 src/CMakeLists.txt | 3 ---
 src/Makefile.am    | 9 +++------
 src/SConscript     | 4 +---
 src/meson.build    | 3 ---
 4 files changed, 4 insertions(+), 15 deletions(-)
 --- a/src/CMakeLists.txt
 +++ b/src/CMakeLists.txt
@@ -922,10 +922,7 @@ set(SERVER_SRC
 	response.c
 	connections.c
 	h1.c
 -	h2.c
 	sock_addr_cache.c
 -	ls-hpack/lshpack.c
 -	algo_xxhash.c
 	fdevent_impl.c
 	http_range.c
 	network.c
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -70,12 +70,10 @@ common_src=base64.c buffer.c burl.c log.
 common_src += fdevent_win32.c fs_win32.c
 -src = server.c response.c connections.c h1.c h2.c \
 +src = server.c response.c connections.c h1.c \
 	sock_addr_cache.c \
 	network.c \
 	network_write.c \
 -	ls-hpack/lshpack.c \
 -	algo_xxhash.c \
 	fdevent_impl.c \
 	http_range.c \
 	data_config.c \
@@ -428,6 +426,8 @@ lighttpd_LDADD = \
   $(FAM_LIBS) $(LIBEV_LIBS) $(LIBUNWIND_LIBS)
 lighttpd_LDFLAGS = -export-dynamic
 +lighttpd_SOURCES += h2.c ls-hpack/lshpack.c algo_xxhash.c
 +lighttpd_LDADD += $(XXHASH_LIBS)
 if BUILD_WITH_MAXMINDDB
 lighttpd_SOURCES += mod_maxminddb.c
 lighttpd_LDADD += $(MAXMINDDB_LIB)
@@ -489,9 +489,6 @@ lighttpd_SOURCES += mod_wolfssl.c
 lighttpd_CPPFLAGS += $(WOLFSSL_CFLAGS)
 lighttpd_LDADD += $(WOLFSSL_LIBS)
 endif
 -#(until switch to mod_h2)
 -#lighttpd_SOURCES += h2.c ls-hpack/lshpack.c algo_xxhash.c
 -#lighttpd_LDADD += $(XXHASH_LIBS)
 else
 --- a/src/SConscript
 +++ b/src/SConscript
@@ -75,10 +75,8 @@ common_src = Split("base64.c buffer.c bu
 	ck.c \
 ")
 -src = Split("server.c response.c connections.c h1.c h2.c \
 +src = Split("server.c response.c connections.c h1.c \
 	sock_addr_cache.c \
 -	ls-hpack/lshpack.c \
 -	algo_xxhash.c \
 	fdevent_impl.c \
 	http_range.c \
 	network.c \
 --- a/src/meson.build
 +++ b/src/meson.build
@@ -560,10 +560,7 @@ main_src = files(
 	'connections.c',
 	'data_config.c',
 	'h1.c',
 -	'h2.c',
 	'sock_addr_cache.c',
 -	'ls-hpack/lshpack.c',
 -	'algo_xxhash.c',
 	'fdevent_impl.c',
 	'http_range.c',
 	'network_write.c',
--- a/net/lighttpd/patches/031-mod_mbedtls-check-MBEDTLS_DEBUG_C.patch
+++ b/net/lighttpd/patches/031-mod_mbedtls-check-MBEDTLS_DEBUG_C.patch
@ -1,23 +0,0 @@
 From 37cbdacda78f9df4aba4c39e60472025d93bb7ba Mon Sep 17 00:00:00 2001
 From: Glenn Strauss <gstrauss@gluelogic.com>
 Date: Fri, 28 Apr 2023 03:17:16 -0400
 Subject: [PATCH] [mod_mbedtls] check MBEDTLS_DEBUG_C for debug func
 ---
 src/mod_mbedtls.c | 2 ++
 1 file changed, 2 insertions(+)
 --- a/src/mod_mbedtls.c
 +++ b/src/mod_mbedtls.c
@@ -2357,9 +2357,11 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_a
      * overlap, and so this debug setting is not reset upon connection close.
      * Once enabled, debug hook will remain so for this mbedtls_ssl_config */
     if (hctx->conf.ssl_log_noise) {/* volume level for debug message callback */
 +      #ifdef MBEDTLS_DEBUG_C
       #if MBEDTLS_VERSION_NUMBER >= 0x02000000 /* mbedtls 2.0.0 */
         mbedtls_debug_set_threshold(hctx->conf.ssl_log_noise);
       #endif
 +      #endif
         mbedtls_ssl_conf_dbg(hctx->ssl_ctx, mod_mbedtls_debug_cb,
                              (void *)(intptr_t)hctx->conf.ssl_log_noise);
     }
--- a/net/lighttpd/patches/032-meson-build-fix-for-builtin_mods.patch
+++ b/net/lighttpd/patches/032-meson-build-fix-for-builtin_mods.patch
@ -1,20 +0,0 @@
 From 2fc157f37ea4644ba9ac776de1926b9e518ec42b Mon Sep 17 00:00:00 2001
 From: Glenn Strauss <gstrauss@gluelogic.com>
 Date: Sat, 29 Apr 2023 00:43:55 -0400
 Subject: [PATCH] [meson] build fix for builtin_mods
 ---
 src/meson.build | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 --- a/src/meson.build
 +++ b/src/meson.build
@@ -656,7 +656,7 @@ executable('lighttpd-angel',
 )
 executable('lighttpd', configparser,
 -	sources: common_src + main_src,
 +	sources: common_src + main_src + builtin_mods,
 	dependencies: [ common_flags, lighttpd_flags
 		, libattr
 		, libcrypto
--- a/net/netavark/Makefile
+++ b/net/netavark/Makefile
@ -0,0 +1,51 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=netavark
 PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/containers/netavark.git
 PKG_SOURCE_DATE:=2023-05-12
 PKG_SOURCE_VERSION:=07d63eadef1def977f2ece25b0f464f7e5d77be1
 PKG_MIRROR_HASH:=f7597d70528d039b984b2ecc6ef0e1f1c17aacfc7862907e5a79789ebe98aa89
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 PKG_BUILD_DEPENDS:= \
 	rust/host \
 	protobuf/host
 include $(INCLUDE_DIR)/package.mk
 include ../../lang/rust/rust-package.mk
 define Package/netavark
  SECTION:=net
  CATEGORY:=Network
  DEPENDS:=$(RUST_ARCH_DEPENDS)
  TITLE:=A container network stack
  URL:=https://github.com/containers/netavark
 endef
 define Package/netavark/description
  Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also
  applicable for other OCI container management applications.
 endef
 define Package/netavark/conffiles
 /etc/config/netavark
 endef
 CARGO_VARS += \
 	PROTOC=$(STAGING_DIR_HOSTPKG)/bin/protoc
 define Package/netavark/install
 	$(INSTALL_DIR) $(1)/etc/config $(1)/usr/lib/podman
 	$(INSTALL_CONF) ./files/netavark-config $(1)/etc/config/netavark
 	$(INSTALL_BIN) ./files/netavark-wrapper $(1)/usr/lib/podman/netavark
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/netavark $(1)/usr/lib/podman/netavark-bin
 endef
 $(eval $(call RustBinPackage,netavark))
 $(eval $(call BuildPackage,netavark))
--- a/net/netavark/files/netavark-config
+++ b/net/netavark/files/netavark-config
@ -0,0 +1,3 @@
 config firewall
 	option driver 'none'
--- a/net/netavark/files/netavark-wrapper
+++ b/net/netavark/files/netavark-wrapper
@ -0,0 +1,6 @@
 #!/bin/sh
 FW_DRIVER=$(uci -q get 'netavark.@firewall[0].driver')
 [ -z "$FW_DRIVER" ] && FW_DRIVER="none"
 NETAVARK_FW="$FW_DRIVER" /usr/lib/podman/netavark-bin $@
--- a/net/pbr/Makefile
+++ b/net/pbr/Makefile
@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=pbr
 PKG_VERSION:=1.1.1
-PKG_RELEASE:=5
+PKG_RELEASE:=7
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
--- a/net/pbr/files/etc/init.d/pbr.init
+++ b/net/pbr/files/etc/init.d/pbr.init
@ -163,7 +163,7 @@ output_failn() { output 1 "$_FAIL_\\n"; output 2 "$__FAIL__\\n"; }
 # shellcheck disable=SC2317
 str_replace() { printf "%b" "$1" | sed -e "s/$(printf "%b" "$2")/$(printf "%b" "$3")/g"; }
 str_replace() { echo "${1//$2/$3}"; }
-str_contains() { [ -n "$1" ] &&[ -n "$2" ] && [ "${1//$2}" != "$1" ]; }
+str_contains() { [ -n "$1" ] && [ -n "$2" ] && [ "${1//$2}" != "$1" ]; }
 is_greater() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
 is_greater_or_equal() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" = "$2"; }
 str_contains_word() { echo "$1" | grep -q -w "$2"; }
@ -307,7 +307,7 @@ get_nft_sets() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null
 is_ipset_type_supported() { ipset help hash:"$1" >/dev/null 2>&1; }
 ubus_get_status() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@.${packageName}.instances.main.data.status.${1}"; }
 ubus_get_iface() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@.${packageName}.instances.main.data.interfaces[@.name='${1}']${2:+.$2}"; }
-opkg_get_version() { grep -m1 -A1 "$1" '/usr/lib/opkg/status' | grep -m1 'Version: ' | sed 's|Version: \(.*\)|\1|'; }
+opkg_get_version() { grep -m1 -A1 "Package: $1$" '/usr/lib/opkg/status' | grep -m1 'Version: ' | sed 's|Version: \(.*\)|\1|'; }
 load_package_config() {
 	config_load "$packageName"
@ -1776,7 +1776,8 @@ EOF
 							while read -r i; do
 								i="$(echo "$i" | sed 's/ linkdown$//')"
 								i="$(echo "$i" | sed 's/ onlink$//')"
-								$ip_bin -6 route add "$i" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+								# shellcheck disable=SC2086
 								$ip_bin -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
 							done << EOF
 							$($ip_bin -6 route list table main | grep " dev $dev6 ")
 EOF
@ -1855,7 +1856,8 @@ EOF
 						$ip_bin -6 route add unreachable default table "$tid" || ipv6_error=1
 					elif $ip_bin -6 route list table main | grep -q " dev $dev6 "; then
 						while read -r i; do
-							$ip_bin -6 route add "$i" table "$tid" >/dev/null 2>&1 || ipv6_error=1
+							# shellcheck disable=SC2086
 							$ip_bin -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
 						done << EOF
 						$($ip_bin -6 route list table main | grep " dev $dev6 ")
 EOF
@ -2335,6 +2337,11 @@ status_service_nft() {
 		echo "IPv4 table $((wan_tid + i)) route: $($ip_bin -4 route show table $((wan_tid + i)) | grep default)"
 		echo "IPv4 table $((wan_tid + i)) rule(s):"
 		$ip_bin -4 rule list table "$((wan_tid + i))"
 		if [ -n "$ipv6_enabled" ]; then
 			echo "IPv6 table $((wan_tid + i)) route: $($ip_bin -6 route show table $((wan_tid + i)) | grep default)"
 			echo "IPv6 table $((wan_tid + i)) rule(s):"
 			$ip_bin -6 route show table $((wan_tid + i))
 		fi
 		i=$((i + 1))
 	done
 }
--- a/net/siit/src/siit.c
+++ b/net/siit/src/siit.c
@ -985,10 +985,10 @@ static int ip6_ip4(char *src, int len, char *dst, int include_flag)
 static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_device *dev, struct ethhdr *eth_h)
 {
 	struct sk_buff *skb2 = NULL;       /* pointer to new struct sk_buff for transleded packet */
-	char buff[FRAG_BUFF_SIZE+hdr_len]; /* buffer to form new fragment packet */
+	char *buff; /* buffer to form new fragment packet */
 	char *cur_ptr = skb->data+hdr_len; /* pointter to current packet data with len = frag_len */
 	struct iphdr *ih4 = (struct iphdr *) skb->data;
-	struct iphdr *new_ih4 = (struct iphdr *) buff; /* point to new IPv4 hdr */
+	struct iphdr *new_ih4; /* point to new IPv4 hdr */
 	struct ethhdr *new_eth_h;   /* point to ether hdr, need to set hard header data in fragment */
 	int data_len = len - hdr_len; /* origin packet data len */
 	int rest_len = data_len;    /* rest data to fragment */
@ -999,6 +999,8 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
 	__u16 frag_offset = 0;      /* fragment offset */
 	unsigned int csum;
 	unsigned short udp_len;
 	int ret = 0;
 #ifdef SIIT_DEBUG
 	printk("siit: it's DF == 0 and result IPv6 packet will be > 1280\n");
@ -1035,6 +1037,14 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
 	new_id = ih4->id;
 	buff = kcalloc(FRAG_BUFF_SIZE+hdr_len, sizeof(*buff), GFP_KERNEL);
 	if (!buff) {
 		printk("siit: Failed to allocate buf\n");
 		return -1;
 	}
 	new_ih4 = (struct iphdr *) buff;
 	while(1) {
 		if (rest_len <= FRAG_BUFF_SIZE) {
 			/* it's last fragmen */
@ -1072,7 +1082,8 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
 		if (!skb2) {
 			printk(KERN_DEBUG "%s: alloc_skb failure - packet dropped.\n", dev->name);
 			dev_kfree_skb(skb2);
-			return -1;
+			ret = -1;
 			goto exit;
 		}
 		/* allocate skb->data portion for IP header len, fragment data len and ether header len
 		 * and copy to head ether header from origin skb
@ -1094,7 +1105,8 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
 		/* call translation function */
 		if ( ip4_ip6(buff, frag_len+hdr_len, skb2->data, 0) == -1) {
 			dev_kfree_skb(skb2);
-			return -1;
+			ret = -1;
 			goto exit;
 		}
 		/*
@ -1123,7 +1135,9 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
 		frag_offset = (frag_offset*8 + frag_len)/8;
 	}
-	return 0;
+exit:
 	kfree(buff);
 	return ret;
 }
 /*
 * Transmit a packet (called by the kernel)
@ -1156,7 +1170,6 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
 	int len;                    /* original packets length */
 	int new_packet_len;
 	int skb_delta = 0;          /* delta size for allocate new skb */
 	char new_packet_buff[2048];
 	/* Check pointer to sk_buff and device structs */
 	if (skb == NULL || dev == NULL)
@ -1303,6 +1316,14 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
 	 * IPv6 paket
 	 */
 	else if (ntohs(skb->protocol) == ETH_P_IPV6) {
 		char *new_packet_buff;
 		new_packet_buff = kcalloc(2048, sizeof(*new_packet_buff), GFP_KERNEL);
 		if (!new_packet_buff) {
 			printk(KERN_DEBUG "%s: alloc new_packet_buff failure, packet dropped.\n", dev->name);
 			siit_stats(dev)->rx_dropped++;
 			goto end;
 		}
 #ifdef SIIT_DEBUG
 		siit_print_dump(skb->data, sizeof(struct ipv6hdr), "siit: (in) ip6_hdr dump");
@ -1315,6 +1336,7 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
 		{
 			PDEBUG("siit_xmit(): error translation ipv6->ipv4, packet dropped.\n");
 			siit_stats(dev)->rx_dropped++;
 			kfree(new_packet_buff);
 			goto end;
 		}
@ -1323,6 +1345,7 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
 		if (!skb2) {
 			printk(KERN_DEBUG "%s: alloc_skb failure, packet dropped.\n", dev->name);
 			siit_stats(dev)->rx_dropped++;
 			kfree(new_packet_buff);
 			goto end;
 		}
 		memcpy(skb_put(skb2, new_packet_len + dev->hard_header_len), (char *)eth_h, dev->hard_header_len);
--- a/utils/gl-mifi-mcu/src/module.c
+++ b/utils/gl-mifi-mcu/src/module.c
@ -164,7 +164,7 @@ static enum hrtimer_restart handle_rx(struct hrtimer* timer)
  return result;
 }
-static int __init init(void)
+static int __init gl_mifi_mcu_init(void)
 {
  bool success = true;
@ -193,7 +193,7 @@ static int __init init(void)
  return success;
 }
-static void __exit exit(void)
+static void __exit gl_mifi_mcu_exit(void)
 {
  disable_irq(gpio_to_irq(gpio_rx));
  hrtimer_cancel(&timer_tx);
@ -205,6 +205,6 @@ static void __exit exit(void)
  remove_proc_entry("gl_mifi_mcu", NULL);
 }
-module_init(init);
+module_init(gl_mifi_mcu_init);
-module_exit(exit);
+module_exit(gl_mifi_mcu_exit);
--- a/utils/podman/Makefile
+++ b/utils/podman/Makefile
@ -1,18 +1,18 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=podman
-PKG_VERSION:=4.4.2
+PKG_VERSION:=4.5.0
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
-PKG_HASH:=59cec158438efa8a3e651b19e150d9afd90f7e3f07c30605a997e18b8c54b67c
+PKG_HASH:=830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
-PKG_BUILD_DEPENDS:=golang/host protobuf/host
+PKG_BUILD_DEPENDS:=golang/host protobuf/host btrfs-progs
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
 PKG_INSTALL:=1
@ -39,7 +39,7 @@ define Package/podman
  CATEGORY:=Utilities
  TITLE:=Podman
  URL:=https://podman.io
-  DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +uci-firewall +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple +kmod-veth +PODMAN_SELINUX_SUPPORT:libselinux
+  DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +libgpgme +libseccomp +nsenter +zoneinfo-simple +kmod-veth +slirp4netns +netavark +aardvark-dns +PODMAN_SELINUX_SUPPORT:libselinux
 endef
 define Package/podman/description
@ -53,10 +53,6 @@ define Package/podman/config
    bool "Enable SELinux support"
    default n
    config PODMAN_IPTABLES_FW
    bool "Add iptabels firewall options to default podman network"
    default n
  endmenu
 endef
@ -65,7 +61,7 @@ define Package/podman/conffiles
 /etc/containers/storage.conf
 /etc/containers/registries.conf
 /etc/containers/containers.conf
-/etc/cni/net.d/87-podman-bridge.conflist
+/etc/containers/networks/podman.json
 endef
 ifdef CONFIG_PODMAN_SELINUX_SUPPORT
@ -74,12 +70,6 @@ else
  GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,apparmor
 endif
 ifdef CONFIG_PODMAN_IPTABLES_FW
  CNIFILE:=87-podman-bridge-iptables.conflist
 else
  CNIFILE:=87-podman-bridge.conflist
 endif
 MAKE_VARS += \
 	GO_INSTALL_BIN_PATH="$(strip $(GO_PKG_INSTALL_BIN_PATH))" \
 	BUILD_DIR="$(PKG_BUILD_DIR)" \
@ -126,8 +116,8 @@ define Package/podman/install
 	$(INSTALL_DATA) $(DL_DIR)/registries.fedora-da9a9c8778 $(1)/etc/containers/registries.conf
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/vendor/github.com/containers/storage/storage.conf $(1)/etc/containers/storage.conf
 	$(INSTALL_DATA) ./files/containers.conf $(1)/etc/containers/containers.conf
-	$(INSTALL_DIR) $(1)/etc/cni/net.d
+	$(INSTALL_DIR) $(1)/etc/containers/networks
-	$(INSTALL_CONF) ./files/$(CNIFILE) $(1)/etc/cni/net.d/87-podman-bridge.conflist
+	$(INSTALL_CONF) ./files/podman.json $(1)/etc/containers/networks
 	$(INSTALL_DIR) $(1)/usr/share/containers
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/vendor/github.com/containers/common/pkg/seccomp/seccomp.json $(1)/usr/share/containers/
 	$(INSTALL_DIR) $(1)/etc/init.d
--- a/utils/podman/files/87-podman-bridge-iptables.conflist
+++ b/utils/podman/files/87-podman-bridge-iptables.conflist
@ -1,37 +0,0 @@
 {
  "cniVersion": "0.4.0",
  "name": "podman",
  "plugins": [
    {
      "type": "bridge",
      "bridge": "cni-podman0",
      "isGateway": true,
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": {
        "type": "host-local",
        "routes": [{ "dst": "0.0.0.0/0" }],
        "ranges": [
          [
            {
              "subnet": "10.88.0.0/16",
              "gateway": "10.88.0.1"
            }
          ]
        ]
      }
    },
    {
      "type": "portmap",
      "capabilities": {
        "portMappings": true
      }
    },
    {
      "type": "firewall"
    },
    {
      "type": "tuning"
    }
  ]
 }
--- a/utils/podman/files/87-podman-bridge.conflist
+++ b/utils/podman/files/87-podman-bridge.conflist
@ -1,28 +0,0 @@
 {
  "cniVersion": "0.4.0",
  "name": "podman",
  "plugins": [
    {
      "type": "bridge",
      "bridge": "cni-podman0",
      "isGateway": true,
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": {
        "type": "host-local",
        "routes": [{ "dst": "0.0.0.0/0" }],
        "ranges": [
          [
            {
              "subnet": "10.88.0.0/16",
              "gateway": "10.88.0.1"
            }
          ]
        ]
      }
    },
    {
      "type": "tuning"
    }
  ]
 }
--- a/utils/podman/files/containers.conf
+++ b/utils/podman/files/containers.conf
@ -30,10 +30,8 @@ default_sysctls = [
 ]
 [network]
-cni_plugin_dirs = [
+network_backend = "netavark"
-  "/usr/lib/cni"
+network_config_dir = "/etc/containers/networks/"
 ]
 network_config_dir = "/etc/cni/net.d/"
 default_network = "podman"
 [engine]
--- a/utils/podman/files/podman.json
+++ b/utils/podman/files/podman.json
@ -0,0 +1,19 @@
 {
     "name": "podman",
     "id": "5ef894788befd4d42498314b6e66282ca730aa2e1e82f9b9597bf4d1725ca074",
     "driver": "bridge",
     "network_interface": "podman0",
     "created": "2023-02-20T08:56:34.652030952Z",
     "subnets": [
          {
               "subnet": "10.88.0.0/16",
               "gateway": "10.88.0.1"
          }
     ],
     "ipv6_enabled": false,
     "internal": false,
     "dns_enabled": true,
     "ipam_options": {
          "driver": "host-local"
     }
 }
--- a/utils/podman/patches/010-do-not-build-docs.patch
+++ b/utils/podman/patches/010-do-not-build-docs.patch
@ -1,6 +1,6 @@
 --- a/Makefile
 +++ b/Makefile
-@@ -206,7 +206,7 @@ GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb
+@@ -209,7 +209,7 @@ GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb
 default: all
 .PHONY: all
@ -9,7 +9,7 @@
 .PHONY: binaries
 ifeq ($(shell uname -s),FreeBSD)
-@@ -797,7 +797,7 @@ package-install: package  ## Install rpm
+@@ -790,7 +790,7 @@ package-install: package  ## Install rpm
 	/usr/bin/podman info  # will catch a broken conmon
 .PHONY: install