diff --git a/libs/nss/Makefile b/libs/nss/Makefile
index 1a201aea2..af399852c 100644
--- a/libs/nss/Makefile
+++ b/libs/nss/Makefile
@@ -7,14 +7,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nss
-PKG_VERSION:=3.84
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=3.85
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
     https://download.cdn.mozilla.net/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src \
     https://archive.mozilla.org/pub/security/$(PKG_NAME)/releases/NSS_$(subst .,_,$(PKG_VERSION))_RTM/src
-PKG_HASH:=9a387ffe350ff14f001d943f96cc0c064891551d71e1a97a5ddbffe7f1207a25
+PKG_HASH:=afd9d64510b1154debbd6cab3571e9ff64a3373898e03483e4c85cdada13d297
 
 PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
 PKG_LICENCE:=MPL-2.0
diff --git a/libs/nss/patches/010-nanosleep.patch b/libs/nss/patches/010-nanosleep.patch
index f62e36d9a..36f67b708 100644
--- a/libs/nss/patches/010-nanosleep.patch
+++ b/libs/nss/patches/010-nanosleep.patch
@@ -1,6 +1,6 @@
 --- a/nss/lib/freebl/stubs.c
 +++ b/nss/lib/freebl/stubs.c
-@@ -503,7 +503,8 @@ extern PRStatus
+@@ -500,7 +500,8 @@ extern PRStatus
  PR_Sleep_stub(PRIntervalTime ticks)
  {
      STUB_SAFE_CALL1(PR_Sleep, ticks);
diff --git a/net/lighttpd/Makefile b/net/lighttpd/Makefile
index 6bf8f9f70..1cbb0adeb 100644
--- a/net/lighttpd/Makefile
+++ b/net/lighttpd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lighttpd
 PKG_VERSION:=1.4.67
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 # release candidate ~rcX testing; remove for release
 #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
@@ -267,7 +267,7 @@ $(eval $(call BuildPlugin,openssl,TLS using openssl,@LIGHTTPD_SSL +PACKAGE_light
 $(eval $(call BuildPlugin,proxy,Proxy,,30))
 $(eval $(call BuildPlugin,redirect,URL redirection,$(if $(CONFIG_LIGHTTPD_PCRE2),+PACKAGE_lighttpd-mod-redirect:libpcre2,),10))
 $(eval $(call BuildPlugin,rewrite,URL rewriting,$(if $(CONFIG_LIGHTTPD_PCRE2),+PACKAGE_lighttpd-mod-rewrite:libpcre2,),30))
-$(eval $(call BuildPlugin,rrdtool,RRDtool,,30))
+$(eval $(call BuildPlugin,rrdtool,RRDtool,rrdtool1,30))
 $(eval $(call BuildPlugin,scgi,SCGI,,30))
 $(eval $(call BuildPlugin,setenv,Environment variable setting,,30))
 $(eval $(call BuildPlugin,simple_vhost,Simple virtual hosting,,30))
diff --git a/net/lighttpd/files/lighttpd.conf b/net/lighttpd/files/lighttpd.conf
index 64640779f..4ce516d90 100644
--- a/net/lighttpd/files/lighttpd.conf
+++ b/net/lighttpd/files/lighttpd.conf
@@ -1,34 +1,41 @@
-server.document-root        = "/www"
+### Documentation
+# https://wiki.lighttpd.net/
+#
+### Configuration Syntax
+# https://wiki.lighttpd.net/Docs_Configuration
+#
+### Configuration Options
+# https://wiki.lighttpd.net/Docs_ConfigurationOptions
+#
+### Configuration Variables (potentially used in /etc/lighttpd/conf.d/*.conf)
+var.log_root    = "/var/log/lighttpd/"
+var.server_root = "/www/"
+var.state_dir   = "/var/run/"
+var.home_dir    = "/var/lib/lighttpd/"
+var.conf_dir    = "/etc/lighttpd"
+var.vhosts_dir  = server_root + "/vhosts"
+var.cache_dir   = "/var/cache/lighttpd"
+var.socket_dir  = home_dir + "/sockets"
+
+### OpenWRT lighttpd base configuration
+server.document-root        = server_root
 server.upload-dirs          = ( "/tmp" )
-server.errorlog             = "/var/log/lighttpd/error.log"
-server.pid-file             = "/var/run/lighttpd.pid"
+server.errorlog             = log_root + "error.log"
+server.pid-file             = state_dir + "lighttpd.pid"
 server.username             = "http"
 server.groupname            = "www-data"
 
+# historical; preserved for compatibility; should have been disabled by default
 index-file.names            = ( "index.php", "index.html",
                                 "index.htm", "default.htm",
                               )
 
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
-### Features
-#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
-server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
-#server.feature-flags       += ("server.graceful-restart-bg" => "enable")
-
-### Options that are useful but not always necessary:
-#server.chroot               = "/"
-#server.port                 = 81
-#server.bind                 = "localhost"
-#server.tag                  = "lighttpd"
-#server.errorlog-use-syslog  = "enable"
-#server.network-backend      = "writev"
-
-### Use IPv6 if available
-#include_shell "/usr/share/lighttpd/use-ipv6.pl"
-
-#dir-listing.encoding        = "utf-8"
-#dir-listing.activate        = "enable"
-
 include "/etc/lighttpd/mime.conf"
 include "/etc/lighttpd/conf.d/*.conf"
+
+### Customizations
+# customizations should generally be placed in separate files such as
+#   /etc/lighttpd/conf.d/00_vars.conf    # override variables for conf.d/*.conf
+#   /etc/lighttpd/conf.d/zz_custom.conf  # override other conf.d/*.conf settings
diff --git a/net/lighttpd/files/lighttpd.init b/net/lighttpd/files/lighttpd.init
index 1d290063e..ffaae34a2 100644
--- a/net/lighttpd/files/lighttpd.init
+++ b/net/lighttpd/files/lighttpd.init
@@ -8,18 +8,20 @@ USE_PROCD=1
 PROG=/usr/sbin/lighttpd
 
 validate_conf() {
-	$PROG -tt -f /etc/lighttpd/lighttpd.conf >/dev/null 2>&1 || {
-		echo "validation failed"
+	$PROG -tt -f /etc/lighttpd/lighttpd.conf >/dev/null || {
+		echo 1>&2 "lighttpd.conf validation failed"
 		return 1
 	}
 }
 
 start_service() {
 	user_exists http || user_add http
-	[ -d /var/log/lighttpd ] || {
-		mkdir -m 0775 -p /var/log/lighttpd
-		chgrp www-data /var/log/lighttpd
-	}
+	for i in /var/log/lighttpd /var/lib/lighttpd /var/cache/lighttpd; do
+		[ -d "$i" ] || {
+			mkdir -m 0775 -p "$i"
+			chgrp www-data "$i"
+		}
+	done
 
 	validate_conf || exit 1
 
@@ -34,6 +36,7 @@ service_triggers() {
 }
 
 reload_service() {
+	validate_conf || exit 1
 	# lighttpd graceful restart (SIGUSR1)
 	procd_send_signal lighttpd '*' USR1
 }
diff --git a/net/microsocks/Makefile b/net/microsocks/Makefile
new file mode 100644
index 000000000..e16e577b3
--- /dev/null
+++ b/net/microsocks/Makefile
@@ -0,0 +1,46 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=microsocks
+PKG_VERSION:=1.0.3
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=6801559b6f8e17240ed8eef17a36eea8643412b5a7476980fd4e24b02a021b82
+
+PKG_MAINTAINER:=Mateusz Korniak <matkorgithubcom@ant.gliwice.pl>
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/microsocks
+  SECTION:=net
+  SUBMENU:=Web Servers/Proxies
+  CATEGORY:=Network
+  TITLE:=SOCKS5 TCP/IP only proxy
+endef
+
+define Package/microsocks/description
+  Low resource SOCKS5 proxy.
+  Supports only SOCKS5 protocol and forwarding only TCP/IP connections.
+endef
+
+define Package/microsocks/conffiles
+/etc/config/microsocks
+endef
+
+TARGET_CFLAGS+= -flto
+TARGET_LDFLAGS+= -flto -Wl,--gc-sections,--as-needed
+
+define Package/microsocks/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/microsocks $(1)/usr/bin
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/microsocks.config $(1)/etc/config/microsocks
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/microsocks.init $(1)/etc/init.d/microsocks
+endef
+
+$(eval $(call BuildPackage,microsocks))
diff --git a/net/microsocks/files/microsocks.config b/net/microsocks/files/microsocks.config
new file mode 100644
index 000000000..b85d74084
--- /dev/null
+++ b/net/microsocks/files/microsocks.config
@@ -0,0 +1,9 @@
+
+config microsocks 'config'
+	option enabled '0'
+	option bindaddr ''
+	option listenip '127.0.0.1'
+	option port '1080'
+	option user ''
+	option password ''
+	option auth_once '0' # Boolean, must be used together with user/pass
diff --git a/net/microsocks/files/microsocks.init b/net/microsocks/files/microsocks.init
new file mode 100755
index 000000000..e775d89d7
--- /dev/null
+++ b/net/microsocks/files/microsocks.init
@@ -0,0 +1,54 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=95
+
+CONF="microsocks"
+
+start_service() {
+	config_load "$CONF"
+    
+	local _enabled
+	config_get_bool _enabled "config" "enabled" "0"
+	[ "$_enabled" -eq "1" ] || return 1
+    
+    	local _port
+	local _listenip
+	local _bindaddr
+	local _user
+	local _format
+	local _auth_once
+
+	config_get _port "config" "port"
+	config_get _listenip "config" "listenip"
+	config_get _bindaddr "config" "bindaddr"
+	config_get _user "config" "user"
+	config_get _password "config" "password"
+	config_get_bool _auth_once "config" "auth_once" 0
+    
+	procd_open_instance "$CONF"
+	procd_set_param command /usr/bin/microsocks
+	[ -z "$_port" ] || procd_append_param command -p "${_port}"
+	[ -z "$_listenip" ] || procd_append_param command -i "${_listenip}"
+	[ -z "$_bindaddr" ] || procd_append_param command -b "${_bindaddr}"
+	[ -z "$_user" ] || procd_append_param command -u "${_user}"
+	[ -z "$_password" ] || procd_append_param command -P "${_password}"
+	[ "$_auth_once" -eq "0" ] || procd_append_param command -1
+	
+	procd_set_param respawn
+	procd_set_param stderr 1
+	# TODO: Make it dependable on some verbose/debug config setting?
+	# procd_set_param stdout 1
+    
+	procd_close_instance
+}
+
+
+reload_service() {
+	stop
+	start
+}
+
+service_triggers() { 
+	procd_add_reload_trigger "$CONF" 
+}