Merge branch 'openwrt:master' into master

2023-12-30 19:08:35 +05:30 · 2023-12-30 19:08:35 +05:30 · e16fae30ab
commit e16fae30ab
parent 1ae934d62f 738937a9c6
23 changed files with 223 additions and 152 deletions
--- a/lang/lua-eco/Makefile
+++ b/lang/lua-eco/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=lua-eco
-PKG_VERSION:=3.1.2
+PKG_VERSION:=3.2.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION)
-PKG_HASH:=eff99419d14d3cb13e2513bcf38bac643560e905461043492bb9daa282b34e7f
+PKG_HASH:=b317599302c5c73195d980bfcfc1977e55da485137fc81f16d1a958ca893e2ed

 PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
 PKG_LICENSE:=MIT
@ -94,11 +94,14 @@ ifneq ($(CONFIG_PACKAGE_lua-eco-ssl),)
 endif

 define Package/lua-eco/install
-	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/local/lib/lua/5.3/eco/core $(1)/usr/local/lib/lua/5.3/eco/encoding
+	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/local/lib/lua/5.3/eco/core \
+		$(1)/usr/lib $(1)/usr/local/lib/lua/5.3/eco/encoding
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/eco $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libeco.so $(1)/usr/lib
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bufio.so $(1)/usr/local/lib/lua/5.3/eco
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/hex.lua $(1)/usr/local/lib/lua/5.3/eco/encoding
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/{time,bufio,sys,file}.so $(1)/usr/local/lib/lua/5.3/eco/core
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/{time,bufio,sys,file,sync}.lua $(1)/usr/local/lib/lua/5.3/eco
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/{time,sys,file,sync}.lua $(1)/usr/local/lib/lua/5.3/eco
 endef

 define Package/lua-eco-log/install
--- a/lang/python/django/Makefile
+++ b/lang/python/django/Makefile
@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=django
-PKG_VERSION:=4.2.5
+PKG_VERSION:=5.0
 PKG_RELEASE:=1

 PYPI_NAME:=Django
-PKG_HASH:=5e5c1c9548ffb7796b4a8a4782e9a2e5a3df3615259fc1bfd3ebc73b646146c1
+PKG_HASH:=7d29e14dfbc19cb6a95a4bd669edbde11f5d4c6a71fdaa42c2d40b6846e807f7

 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>, Peter Stadler <peter.stadler@student.uibk.ac.at>
 PKG_LICENSE:=BSD-3-Clause
--- a/lang/python/django/test.sh
+++ b/lang/python/django/test.sh
@ -0,0 +1,21 @@
+#!/bin/sh
+
+[ "$1" = "python3-django" ] || exit 0
+
+GOT_VER=$(/usr/bin/django-admin version)
+[ "$GOT_VER" = "$2" ] || {
+	echo "Incorrect version: expected '$2' ; obtained '$GOT_VER'"
+	exit 1
+}
+
+python3 - << EOF
+import sys
+import django
+
+if (django.__version__) != "$GOT_VER":
+    print("Wrong version: " + django.__version__)
+    sys.exit(1)
+
+sys.exit(0)
+EOF
+
--- a/libs/boost/Makefile
+++ b/libs/boost/Makefile
@ -11,13 +11,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=boost
-PKG_VERSION:=1.83.0
-PKG_SOURCE_VERSION:=1_83_0
+PKG_VERSION:=1.84.0
+PKG_SOURCE_VERSION:=1_84_0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)_$(PKG_SOURCE_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/$(PKG_NAME)/$(PKG_NAME)/$(PKG_VERSION) https://boostorg.jfrog.io/artifactory/main/release/$(PKG_VERSION)/source/
-PKG_HASH:=6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e
+PKG_HASH:=cc4b893acf645c9d4b698e9a0f08ca8846aa5d6c68275c14c3e7949c24109454

 PKG_MAINTAINER:=Carlos M. Ferreira <carlosmf.pt@gmail.com>
 PKG_LICENSE:=BSL-1.0
@ -42,12 +42,13 @@ define Package/boost/Default
 endef

 define Package/boost/description
-This package provides the Boost v1.83.0 libraries.
+This package provides the Boost v1.84.0 libraries.
 Boost is a set of free, peer-reviewed, portable C++ source libraries.

 This package provides the following run-time libraries:
 - atomic
 - chrono
+ - cobalt (new)
 - container
 - context
 - contract
@ -78,7 +79,7 @@ This package provides the following run-time libraries:
 - wave

 There are many more header-only libraries supported by Boost.
-See more at http://www.boost.org/doc/libs/1_83_0/
+See more at http://www.boost.org/doc/libs/1_84_0/
 endef

 PKG_BUILD_DEPENDS:=boost/host
@ -336,6 +337,7 @@ endef

 $(eval $(call DefineBoostLibrary,atomic,system))
 $(eval $(call DefineBoostLibrary,chrono,system))
+$(eval $(call DefineBoostLibrary,cobalt,system container))
 $(eval $(call DefineBoostLibrary,container))
 $(eval $(call DefineBoostLibrary,context,chrono system,,!boost-context-exclude))
 $(eval $(call DefineBoostLibrary,contract,system))
@ -384,12 +386,10 @@ TARGET_LDFLAGS += -pthread -lrt -lstdc++ -Wl,--as-needed,--print-gc-sections
 TARGET_CFLAGS += \
 	$(if $(CONFIG_SOFT_FLOAT),-DBOOST_NO_FENV_H) -fPIC

-ifeq ($(word 1,$(subst ., ,$(call qstrip,$(CONFIG_GCC_VERSION)))),5)
-    EXTRA_CXXFLAGS += -std=gnu++14
-else ifneq ($(filter-out 6 7 8 9,$(word 1,$(subst ., ,$(call qstrip,$(CONFIG_GCC_VERSION))))),)
-    EXTRA_CXXFLAGS += -std=gnu++17
-else
+ifeq ($(word 1,$(subst ., ,$(call qstrip,$(CONFIG_GCC_VERSION)))),11)
    EXTRA_CXXFLAGS += -std=gnu++20
+else
+    EXTRA_CXXFLAGS += -std=gnu++23
 endif

 ifneq ($(findstring mips,$(ARCH)),)
--- a/libs/xmlrpc-c/Makefile
+++ b/libs/xmlrpc-c/Makefile
@ -119,6 +119,7 @@ define Build/InstallDev
 		$(1)/usr/include \
 		$(1)/usr/lib \
 		$(1)/usr/bin \
+		$(1)/usr/lib/pkgconfig \
 		$(2)/bin
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/include/* \
@ -136,6 +137,9 @@ define Build/InstallDev
 	$(SED) \
 		's,LIBINST_DIR="/usr/lib",LIBINST_DIR="$(STAGING_DIR)/usr/lib",g' \
 		$(2)/bin/xmlrpc-c-config
+	$(INSTALL_DATA) \
+		$(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc \
+		$(1)/usr/lib/pkgconfig/
 endef

 define Package/xmlrpc-c-libxml2/install
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=banip
 PKG_VERSION:=0.9.3
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@ -106,8 +106,9 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 * Install banIP (_opkg install banip_) - the banIP service is disabled by default
 * Install the LuCI companion package 'luci-app-banip' (opkg install luci-app-banip)
 * It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
+* If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
+* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
 * If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
-* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status'

 ## banIP CLI interface
 * All important banIP functions are accessible via CLI.
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -5,11 +5,13 @@
 # (s)hellcheck exceptions
 # shellcheck disable=all

-# set initial defaults
+# environment
 #
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"

+# initial defaults
+#
 ban_basedir="/tmp"
 ban_backupdir="/tmp/banIP-backup"
 ban_reportdir="/tmp/banIP-report"
@ -25,18 +27,6 @@ ban_rdapurl="https://rdap.db.ripe.net/ip/"
 ban_lock="/var/run/banip.lock"
 ban_logreadfile="/var/log/messages"
 ban_logreadcmd=""
-ban_logcmd="$(command -v logger)"
-ban_ubuscmd="$(command -v ubus)"
-ban_nftcmd="$(command -v nft)"
-ban_fw4cmd="$(command -v fw4)"
-ban_awkcmd="$(command -v awk)"
-ban_grepcmd="$(command -v grep)"
-ban_sedcmd="$(command -v sed)"
-ban_catcmd="$(command -v cat)"
-ban_zcatcmd="$(command -v zcat)"
-ban_lookupcmd="$(command -v nslookup)"
-ban_jsoncmd="$(command -v jsonfilter)"
-ban_mailcmd="$(command -v msmtp)"
 ban_mailsender="no-reply@banIP"
 ban_mailreceiver=""
 ban_mailtopic="banIP notification"
@ -103,7 +93,7 @@ f_system() {
 		ban_debug="$(uci_get banip global ban_debug)"
 		ban_cores="$(uci_get banip global ban_cores)"
 	fi
-	ban_packages="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
+	ban_packages="$("${ban_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
 	ban_memory="$("${ban_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
 	ban_ver="$(printf "%s" "${ban_packages}" | "${ban_jsoncmd}" -ql1 -e '@.packages.banip')"
 	ban_sysver="$("${ban_ubuscmd}" -S call system board 2>/dev/null | "${ban_jsoncmd}" -ql1 -e '@.model' -e '@.release.description' |
@ -117,6 +107,23 @@ f_system() {
 	fi
 }

+# command selector
+#
+f_cmd() {
+	local cmd pri_cmd="${1}" sec_cmd="${2}"
+
+	cmd="$(command -v "${pri_cmd}" 2>/dev/null)"
+	if [ ! -x "${cmd}" ]; then
+		if [ -n "${sec_cmd}" ]; then
+			[ "${sec_cmd}" = "true" ] && return
+			cmd="$(command -v "${sec_cmd}" 2>/dev/null)"
+		fi
+		[ -x "${cmd}" ] && printf "%s" "${cmd}" || f_log "emerg" "command '${pri_cmd:-"-"}'/'${sec_cmd:-"-"}' not found"
+	else
+		printf "%s" "${cmd}"
+	fi
+}
+
 # create directories
 #
 f_mkdir() {
@ -192,9 +199,9 @@ f_rmpid() {

 	ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
 	if [ -n "${ppid}" ]; then
-		pids="$(pgrep -P "${ppid}" 2>/dev/null)"
+		pids="$("${ban_pgrepcmd}" -P "${ppid}" 2>/dev/null)"
 		for pid in ${pids}; do
-			pids="${pids} $(pgrep -P "${pid}" 2>/dev/null)"
+			pids="${pids} $("${ban_pgrepcmd}" -P "${pid}" 2>/dev/null)"
 		done
 		for pid in ${pids}; do
 			kill -INT "${pid}" >/dev/null 2>&1
@ -216,13 +223,15 @@ f_log() {
 			printf "%s %s %s\n" "${class}" "banIP-${ban_ver}[${$}]" "${log_msg}"
 		fi
 	fi
-	if [ "${class}" = "err" ]; then
-		"${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
-		if [ "${ban_enabled}" = "1" ]; then
-			f_genstatus "error"
-			[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
-		else
-			f_genstatus "disabled"
+	if [ "${class}" = "err" ] || [ "${class}" = "emerg" ]; then
+		if [ "${class}" = "err" ]; then 
+			"${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
+			if [ "$(uci_get banip global ban_enabled)" = "1" ]; then
+				f_genstatus "error"
+				[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
+			else
+				f_genstatus "disabled"
+			fi
 		fi
 		f_rmdir "${ban_tmpdir}"
 		f_rmpid
@ -297,7 +306,7 @@ f_conf() {
 # get nft/monitor actuals
 #
 f_actual() {
-	local nft monitor ppid pid
+	local nft monitor ppid pids pid

 	if "${ban_nftcmd}" -t list set inet banIP allowlistv4MAC >/dev/null 2>&1; then
 		nft="$(f_char "1")"
@ -307,10 +316,15 @@ f_actual() {

 	ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
 	if [ -n "${ppid}" ]; then
-		pid="$(pgrep -oP "${ppid}" 2>/dev/null)"
-	fi
-	if pgrep -f "${ban_logreadcmd##*/}" -P "${pid}" >/dev/null 2>&1; then
-		monitor="$(f_char "1")"
+		pids="$("${ban_pgrepcmd}" -P "${ppid}" 2>/dev/null)"
+		for pid in ${pids}; do
+			if "${ban_pgrepcmd}" -f "${ban_logreadcmd##*/}" -P "${pid}" >/dev/null 2>&1; then
+				monitor="$(f_char "1")"
+				break
+			else
+				monitor="$(f_char "0")"
+			fi
+		done
 	else
 		monitor="$(f_char "0")"
 	fi
@ -325,9 +339,7 @@ f_getfetch() {
 	if { [ "${ban_fetchcmd}" = "uclient-fetch" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
 		{ [ "${ban_fetchcmd}" = "wget" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
 		[ "${ban_fetchcmd}" = "curl" ] || [ "${ban_fetchcmd}" = "aria2c" ]; then
-		ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
-	else
-		ban_fetchcmd=""
+		ban_fetchcmd="$(f_cmd "${ban_fetchcmd}" "true")"
 	fi

 	if [ "${ban_autodetect}" = "1" ] && [ ! -x "${ban_fetchcmd}" ]; then
@ -380,44 +392,47 @@ f_getfetch() {
 # get wan interfaces
 #
 f_getif() {
-	local iface update="0"
+	local iface iface_del update="0"

 	if [ "${ban_autodetect}" = "1" ]; then
-		if [ -z "${ban_ifv4}" ]; then
-			network_flush_cache
-			network_find_wan iface
-			if [ -n "${iface}" ] && "${ban_ubuscmd}" -t 10 wait_for network.interface."${iface}" >/dev/null 2>&1; then
-				ban_protov4="1"
-				ban_ifv4="${iface}"
-				uci_set banip global ban_protov4 "1"
-				uci_add_list banip global ban_ifv4 "${iface}"
-				f_log "info" "add IPv4 interface '${iface}' to config"
-			fi
+		network_flush_cache
+		network_find_wan iface
+		if [ -n "${iface}" ] && [ "${iface}" != "$(f_trim "${ban_ifv4}")" ] && "${ban_ubuscmd}" -t 10 wait_for network.interface."${iface}" >/dev/null 2>&1; then
+			for iface_del in ${ban_ifv4}; do
+				uci_remove_list banip global ban_ifv4 "${iface_del}"
+				f_log "info" "remove IPv4 interface '${iface_del}' from config"
+			done
+			ban_protov4="1"
+			ban_ifv4="${iface}"
+			uci_set banip global ban_protov4 "1"
+			uci_add_list banip global ban_ifv4 "${iface}"
+			f_log "info" "add IPv4 interface '${iface}' to config"
 		fi
-		if [ -z "${ban_ifv6}" ]; then
-			network_flush_cache
-			network_find_wan6 iface
-			if [ -n "${iface}" ] && "${ban_ubuscmd}" -t 10 wait_for network.interface."${iface}" >/dev/null 2>&1; then
-				ban_protov6="1"
-				ban_ifv6="${iface}"
-				uci_set banip global ban_protov6 "1"
-				uci_add_list banip global ban_ifv6 "${iface}"
-				f_log "info" "add IPv6 interface '${iface}' to config"
-			fi
+		network_find_wan6 iface
+		if [ -n "${iface}" ] && [ "${iface}" != "$(f_trim "${ban_ifv6}")" ] && "${ban_ubuscmd}" -t 10 wait_for network.interface."${iface}" >/dev/null 2>&1; then
+			for iface_del in ${ban_ifv6}; do
+				uci_remove_list banip global ban_ifv6 "${iface_del}"
+				f_log "info" "remove IPv6 interface '${iface_del}' from config"
+			done
+			ban_protov6="1"
+			ban_ifv6="${iface}"
+			uci_set banip global ban_protov6 "1"
+			uci_add_list banip global ban_ifv6 "${iface}"
+			f_log "info" "add IPv6 interface '${iface}' to config"
 		fi
 	fi
 	if [ -n "$(uci -q changes "banip")" ]; then
 		update="1"
 		uci_commit "banip"
 	else
-		ban_ifv4="${ban_ifv4%%?}"
-		ban_ifv6="${ban_ifv6%%?}"
 		for iface in ${ban_ifv4} ${ban_ifv6}; do
 			if ! "${ban_ubuscmd}" -t 10 wait_for network.interface."${iface}" >/dev/null 2>&1; then
 				f_log "err" "no wan interface '${iface}'"
 			fi
 		done
 	fi
+	ban_ifv4="$(f_trim "${ban_ifv4}")"
+	ban_ifv6="$(f_trim "${ban_ifv6}")"
 	[ -z "${ban_ifv4}" ] && [ -z "${ban_ifv6}" ] && f_log "err" "no wan interfaces"

 	f_log "debug" "f_getif     ::: auto/update: ${ban_autodetect}/${update}, interfaces (4/6): ${ban_ifv4}/${ban_ifv6}, protocols (4/6): ${ban_protov4}/${ban_protov6}"
@ -426,31 +441,36 @@ f_getif() {
 # get wan devices
 #
 f_getdev() {
-	local dev iface update="0" cnt="0" cnt_max="30"
+	local dev dev_del iface update="0"

 	if [ "${ban_autodetect}" = "1" ]; then
-		while [ "${cnt}" -lt "${cnt_max}" ] && [ -z "${ban_dev}" ]; do
-			network_flush_cache
-			for iface in ${ban_ifv4} ${ban_ifv6}; do
-				network_get_device dev "${iface}"
-				if [ -n "${dev}" ] && ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then
+		network_flush_cache
+		dev_del="${ban_dev}"
+		for iface in ${ban_ifv4} ${ban_ifv6}; do
+			network_get_device dev "${iface}"
+			if [ -n "${dev}" ]; then
+				dev_del="${dev_del/${dev} / }"
+				if ! printf " %s " "${ban_dev}" | "${ban_grepcmd}" -q " ${dev} "; then
 					ban_dev="${ban_dev}${dev} "
 					uci_add_list banip global ban_dev "${dev}"
 					f_log "info" "add device '${dev}' to config"
 				fi
-			done
-			cnt="$((cnt + 1))"
-			sleep 1
+			fi
+		done
+		for dev in ${dev_del}; do
+			ban_dev="${ban_dev/${dev} / }"
+			uci_remove_list banip global ban_dev "${dev}"
+			f_log "info" "remove device '${dev}' from config"
 		done
 	fi
 	if [ -n "$(uci -q changes "banip")" ]; then
 		update="1"
 		uci_commit "banip"
 	fi
-	ban_dev="${ban_dev%%?}"
+	ban_dev="$(f_trim "${ban_dev}")"
 	[ -z "${ban_dev}" ] && f_log "err" "no wan devices"

-	f_log "debug" "f_getdev    ::: auto/update: ${ban_autodetect}/${update}, wan_devices: ${ban_dev}, cnt: ${cnt}"
+	f_log "debug" "f_getdev    ::: auto/update: ${ban_autodetect}/${update}, wan_devices: ${ban_dev}"
 }

 # get local uplink
@ -488,7 +508,7 @@ f_getuplink() {
 				update="1"
 			fi
 		done
-		ban_uplink="${ban_uplink%%?}"
+		ban_uplink="$(f_trim "${ban_uplink}")"
 	elif [ "${ban_autoallowlist}" = "1" ] && [ "${ban_autoallowuplink}" = "disable" ]; then
 		"${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}"
 		update="1"
@ -1090,7 +1110,7 @@ f_rmset() {
 	} >"${tmp_del}"

 	if [ -n "${del_set}" ]; then
-		del_set="${del_set%%??}"
+		del_set="$(f_trim "${del_set}")"
 		feed_log="$("${ban_nftcmd}" -f "${tmp_del}" 2>&1)"
 		feed_rc="${?}"
 	fi
@ -1573,15 +1593,29 @@ if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/us
 	. "/lib/functions/network.sh"
 	. "/usr/share/libubox/jshn.sh"
 else
-	rm -rf "${ban_lock}"
-	exit 1
+	f_log "emerg" "system libraries not found"
 fi

-# check banIP availability
+# initial system calls
 #
-f_system
+ban_awkcmd="$(f_cmd gawk awk)"
+ban_catcmd="$(f_cmd cat)"
+ban_fw4cmd="$(f_cmd fw4)"
+ban_grepcmd="$(f_cmd grep)"
+ban_jsoncmd="$(f_cmd jsonfilter)"
+ban_logcmd="$(f_cmd logger)"
+ban_lookupcmd="$(f_cmd nslookup)"
+ban_mailcmd="$(f_cmd msmtp true)"
+ban_nftcmd="$(f_cmd nft)"
+ban_pgrepcmd="$(f_cmd pgrep)"
+ban_sedcmd="$(f_cmd sed)"
+ban_ubuscmd="$(f_cmd ubus)"
+ban_zcatcmd="$(f_cmd zcat)"
+
 if [ "${ban_action}" != "stop" ]; then
 	[ ! -d "/etc/banip" ] && f_log "err" "no banIP config directory"
 	[ ! -r "/etc/config/banip" ] && f_log "err" "no banIP config"
 	[ "$(uci_get banip global ban_enabled)" = "0" ] && f_log "err" "banIP is disabled"
 fi
+
+f_system
--- a/net/banip/files/banip-service.sh
+++ b/net/banip/files/banip-service.sh
@ -9,11 +9,11 @@
 ban_action="${1}"
 ban_starttime="$(date "+%s")"
 ban_funlib="/usr/lib/banip-functions.sh"
-[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
+[ -z "${ban_ver}" ] && . "${ban_funlib}"

 # load config and set banIP environment
 #
-[ "${ban_action}" = "boot" ] && sleep "$(uci_get banip global ban_triggerdelay "10")"
+[ "${ban_action}" = "boot" ] && sleep "$(uci_get banip global ban_triggerdelay "20")"
 f_conf
 f_log "info" "start banIP processing (${ban_action})"
 f_log "debug" "f_system    ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}"
--- a/net/banip/files/banip.init
+++ b/net/banip/files/banip.init
@ -25,6 +25,8 @@ ban_lock="/var/run/banip.lock"
 [ ! -r "${ban_funlib}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "lookup" ] || [ "${action}" = "status" ]; } && exit 1
 [ -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1
 [ ! -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && mkdir -p "${ban_lock}"
+{ [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "lookup" ] || [ "${action}" = "status" ]; } && . "${ban_funlib}"
+[ ! -d "${ban_lock}" ] && { [ "${action}" = "boot" ] || [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "lookup" ]; } && exit 1

 boot() {
 	: >"${ban_pidfile}"
@ -32,7 +34,6 @@ boot() {
 }

 start_service() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	if "${ban_init}" enabled; then
 		f_rmpid
 		procd_open_instance "banip-service"
@ -50,13 +51,11 @@ start_service() {
 }

 reload_service() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	f_rmpid
 	rc_procd start_service "reload"
 }

 stop_service() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	"${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
 	f_genstatus "stopped"
 	f_rmpid
@ -73,29 +72,24 @@ status() {
 }

 status_service() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	f_getstatus
 }

 report() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	f_report "${1:-"text"}"
 }

 search() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	f_search "${1}"
 }

 survey() {
-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	f_survey "${1}"
 }

 lookup() {
 	local list hold cnt="1"

-	[ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
 	for list in allowlist blocklist; do
 		(f_lookup "${list}") &
 		hold="$((cnt % ban_cores))"
@ -109,7 +103,7 @@ lookup() {
 service_triggers() {
 	local iface trigger delay

-	delay="$(uci_get banip global ban_triggerdelay "10")"
+	delay="$(uci_get banip global ban_triggerdelay "20")"
 	trigger="$(uci_get banip global ban_trigger)"

 	PROCD_RELOAD_DELAY="$((delay * 1000))"
--- a/net/banip/files/banip.tpl
+++ b/net/banip/files/banip.tpl
@ -4,14 +4,20 @@

 # info preparation
 #
-local banip_info report_info log_info system_info mail_text
+local banip_info report_info log_info system_info mail_text logread_cmd

-banip_info="$(/etc/init.d/banip status 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
-report_info="$(cat ${ban_reportdir}/ban_report.txt 2>/dev/null)"
-log_info="$("${ban_logreadcmd}" -l 100 -e "banIP/" 2>/dev/null | awk '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
+if [ -f "${ban_logreadfile}" ]; then
+	logread_cmd="${ban_logreadcmd} -qn ${ban_loglimit} ${ban_logreadfile} 2>/dev/null | ${ban_grepcmd} -e \"banIP/\" 2>/dev/null"
+elif printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"logd'; then
+	logread_cmd="${ban_logreadcmd} -l ${ban_loglimit} -e "banIP/" 2>/dev/null"
+fi
+
+banip_info="$(/etc/init.d/banip status 2>/dev/null | "${ban_awkcmd}" '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
+report_info="$("${ban_catcmd}" "${ban_reportdir}/ban_report.txt" 2>/dev/null)"
+log_info="$(${logread_cmd} | "${ban_awkcmd}" '{NR=1;max=160;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
 system_info="$(
 	strings /etc/banner 2>/dev/null
-	ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf "  + %-12s: %s\n",$2,$4}'
+	"${ban_ubuscmd}" call system board | "${ban_awkcmd}" 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf "  + %-12s: %s\n",$2,$4}'
 )"

 # content header
--- a/net/dnsdist/Makefile
+++ b/net/dnsdist/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsdist
 PKG_VERSION:=1.8.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
@ -137,7 +137,7 @@ TARGET_CXXFLAGS+=-Os -fvisibility=hidden -flto -fno-ipa-cp -DNDEBUG \
 	$(if $(call IsEnabled,DNSDIST_DYNBLOCKS),,-DDISABLE_DYNBLOCKS) \
 	$(if $(call IsEnabled,DNSDIST_ECS_ACTIONS),,-DDISABLE_ECS_ACTIONS) \
 	$(if $(call IsEnabled,DNSDIST_HASHED),,-DDISABLE_HASHED_CREDENTIALS) \
-	$(if $(call IsEnabled,DNSDIST_LUA_ADVANCED),,-DDISABLE_NON_FFI_DQ_BINDINGS -DDISABLE_POLICIES_BINDINGS -DDISABLE_DOWNSTREAM_BINDINGS -DDISABLE_DNSHEADER_BINDINGS -DDISABLE_COMBO_ADDR_BINDINGS -DDISABLE_QPS_LIMITER_BINDINGS -DDISABLE_PACKETCACHE_BINDINGS -DDISABLE_CLIENT_STATE_BINDINGS -DDISABLE_DNSPACKET_BINDINGS -DDISABLE_LUA_BINDINGS_RINGS) \
+	$(if $(call IsEnabled,DNSDIST_LUA_ADVANCED),,-DDISABLE_NON_FFI_DQ_BINDINGS -DDISABLE_DOWNSTREAM_BINDINGS -DDISABLE_DNSHEADER_BINDINGS -DDISABLE_COMBO_ADDR_BINDINGS -DDISABLE_QPS_LIMITER_BINDINGS -DDISABLE_PACKETCACHE_BINDINGS -DDISABLE_CLIENT_STATE_BINDINGS -DDISABLE_DNSPACKET_BINDINGS -DDISABLE_LUA_BINDINGS_RINGS) \
 	$(if $(call IsEnabled,DNSDIST_MAC),-DDNSDIST_RINGS_WITH_MACADDRESS,) \
 	$(if $(call IsEnabled,DNSDIST_OCSP_STAPLING),,-DDISABLE_OCSP_STAPLING) \
 	$(if $(call IsEnabled,DNSDIST_PROTOBUF),,-DDISABLE_PROTOBUF) \
--- a/net/nebula/Makefile
+++ b/net/nebula/Makefile
@ -4,12 +4,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nebula
-PKG_VERSION:=1.8.0
+PKG_VERSION:=1.8.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/slackhq/nebula/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=678ad2bda47258cce8c2d14b3fa56d17c0ba4f894d75b75afab8937d64e12da7
+PKG_HASH:=85c048b6d39296eeb8cf2d3324124d834011121383d0550662018190494d433e

 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
 PKG_LICENSE:=MIT
--- a/net/snort3/Makefile
+++ b/net/snort3/Makefile
@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=snort3
-PKG_VERSION:=3.1.76.0
-PKG_RELEASE:=2
+PKG_VERSION:=3.1.77.0
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
-PKG_HASH:=5586199be8b7a7c6a1b73e0af2e2e004db8417b8282668b10583071e35c9c7a9
+PKG_HASH:=cb98c0d15caa7c84da24995e8521f42f4e86a860b9748418154d8649b6a0db2d

 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>, John Audia <therealgraysky@proton.me>
 PKG_LICENSE:=GPL-2.0-only
--- a/net/sshtunnel/Makefile
+++ b/net/sshtunnel/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=sshtunnel
 PKG_VERSION:=5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_LICENSE:=GPL-2.0-or-later

 PKG_MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
--- a/net/sshtunnel/files/sshtunnel.init
+++ b/net/sshtunnel/files/sshtunnel.init
@ -18,16 +18,6 @@ _err() {
 	logger -p daemon.err -t sshtunnel "$@"
 }

-append_params() {
-	local p v args
-	for p in "$@"; do
-		eval "v=\$$p"
-		[ -n "$v" ] && args="$args -o $p=$v"
-	done
-
-	ARGS_options="${args# *}"
-}
-
 append_string() {
 	local varname="$1"; local add="$2"; local separator="${3:- }"; local actual new
 	eval "actual=\$$varname"
@ -45,14 +35,14 @@ validate_server_section() {
 		'PKCS11Provider:file' \
 		'CheckHostIP:or("yes", "no")' \
 		'Compression:or("yes", "no")' \
-		'CompressionLevel:range(1,9)' \
 		'IdentityFile:file' \
 		'LogLevel:or("QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3")' \
 		'ServerAliveCountMax:min(1)' \
 		'ServerAliveInterval:min(0)' \
 		'StrictHostKeyChecking:or("yes", "no", "accept-new"):accept-new' \
 		'TCPKeepAlive:or("yes", "no")' \
-		'VerifyHostKeyDNS:or("yes", "no")'
+		'VerifyHostKeyDNS:or("yes", "no")' \
+		'ProxyCommand:string(1)'
 }

 validate_tunnelR_section() {
@ -171,8 +161,6 @@ load_server() {

 	[ "$2" = 0 ] || { _err "server $server: validation failed"; return 1; }

-	local ARGS=""
-	local ARGS_options=""
 	local ARGS_tunnels=""
 	local count=0

@ -182,22 +170,33 @@ load_server() {
 	config_foreach validate_tunnelW_section "tunnelW" load_tunnelW
 	[ "$count" -eq 0 ] && { _err "tunnels to $server not started - no tunnels defined"; return 1; }

-	append_params CheckHostIP Compression CompressionLevel \
-		LogLevel PKCS11Provider ServerAliveCountMax ServerAliveInterval \
-		StrictHostKeyChecking TCPKeepAlive VerifyHostKeyDNS
+	# old dbclient use -y for StrictHostKeyChecking.
+	# The -y for OpenSSH means to use syslog but that's ok
+	local db_StrictHostKeyChecking=""
+	[ "$StrictHostKeyChecking" = "accept-new" ] && db_StrictHostKeyChecking="-y"
+	[ "$StrictHostKeyChecking" = "no" ] && db_StrictHostKeyChecking="-yy"

-	# dropbear doesn't support -o IdentityFile so use -i instead
-	[ -n "$IdentityFile" ] && ARGS_options="$ARGS_options -i $IdentityFile"
-	# dbclient doesn't support StrictHostKeyChecking but it has the -y option that works same
-	[ "$StrictHostKeyChecking" = "accept-new" ] && ARGS_options="$ARGS_options -y"
-	[ "$StrictHostKeyChecking" = "no" ] && ARGS_options="$ARGS_options -yy"
-	ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels "
-	[ -n "$port" ] && ARGS="$ARGS -p $port "
-	[ -n "$user" ] && ARGS="$ARGS $user@"
-	ARGS="${ARGS}$hostname"
+	local ARGS="$hostname $ARGS_tunnels \
+	${port:+-p $port} \
+	${user:+-l $user} \
+	${IdentityFile:+-i $IdentityFile} \
+	${CheckHostIP:+-o CheckHostIP=$CheckHostIP} \
+	${VerifyHostKeyDNS:+-o VerifyHostKeyDNS=$VerifyHostKeyDNS} \
+	${Compression:+-o Compression=$Compression} \
+	${LogLevel:+-o LogLevel=$LogLevel} \
+	${PKCS11Provider:+-o PKCS11Provider=$PKCS11Provider} \
+	${TCPKeepAlive:+-o TCPKeepAlive=$TCPKeepAlive} \
+	${ServerAliveCountMax:+-o ServerAliveCountMax=$ServerAliveCountMax} \
+	${ServerAliveInterval:+-o ServerAliveInterval=$ServerAliveInterval} \
+	${StrictHostKeyChecking:+-o StrictHostKeyChecking=$StrictHostKeyChecking $db_StrictHostKeyChecking} \
+	-o ExitOnForwardFailure=yes -o BatchMode=yes -nN \
+	"

 	procd_open_instance "$server"
 	procd_set_param command "$PROG" $ARGS
+	# ProxyCommand must be quoted
+	[ -n "$ProxyCommand" ] && procd_append_param command -o "ProxyCommand=$ProxyCommand"
+
 	procd_set_param stdout 1
 	procd_set_param stderr 1
 	procd_set_param respawn 0 "$retrydelay" 1
--- a/net/sshtunnel/files/uci_sshtunnel
+++ b/net/sshtunnel/files/uci_sshtunnel
@ -10,7 +10,6 @@
 #	option retrydelay		1
 #	option CheckHostIP		yes
 #	option Compression		no
-#	option CompressionLevel		6
 #	option IdentityFile		/root/.ssh/id_rsa
 #	option LogLevel			INFO
 #	option PKCS11Provider		/lib/pteidpkcs11.so
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=strongswan
 PKG_VERSION:=5.9.13
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
--- a/net/strongswan/files/swanctl.init
+++ b/net/strongswan/files/swanctl.init
@ -712,6 +712,16 @@ stop_service() {
 service_triggers() {
 	procd_add_reload_trigger "ipsec"
 	config load "ipsec"
+
+	config_foreach service_trigger_ipsec ipsec
+}
+
+service_trigger_ipsec() {
+	local interface interface_list
+	config_list_foreach "$1" interface append_var interface_list
+	for interface in $interface_list; do
+		procd_add_reload_interface_trigger $interface
+	done
 }

 start_service() {
--- a/net/tailscale/Makefile
+++ b/net/tailscale/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=tailscale
-PKG_VERSION:=1.54.0
+PKG_VERSION:=1.56.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=c895a0f489706535ed400b0599d7d932d9eebc5f1bad2c236408a1e4b86620e7
+PKG_HASH:=56b7d25c704e3c22e9e20dcb55695cd9c816878d2c172a73c64aac42e460fd41

 PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
--- a/utils/exfatprogs/Makefile
+++ b/utils/exfatprogs/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=exfatprogs
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=14dabb9ae1c7dbfc29aaf6871b93cf4bde688b8d4b29aec1188c6dd92fb9e86f
+PKG_HASH:=16b28c9130b4dfab0b571dce6d2959d2ee93fce27aa0f4b2c1bb30700f371393

 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 PKG_LICENSE:=GPL-2.0-only
--- a/utils/rtty/Makefile
+++ b/utils/rtty/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=rtty
-PKG_VERSION:=8.0.1
-PKG_RELEASE:=2
+PKG_VERSION:=8.1.0
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://github.com/zhaojh329/rtty/releases/download/v$(PKG_VERSION)
-PKG_HASH:=b1a21819c2256b3364b8c64dfcc56583b9647409ab8b39ff54e00e242e44028e
+PKG_HASH:=e634939bae62bf3d52ceebae5df00179629d214634b93464eeb2294406512b30

 PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
 PKG_LICENSE:=MIT
--- a/utils/zoneinfo/Makefile
+++ b/utils/zoneinfo/Makefile
@ -9,8 +9,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=zoneinfo
-PKG_VERSION:=2023c
-PKG_RELEASE:=2
+PKG_VERSION:=2023d
+PKG_RELEASE:=1

 #As i couldn't find real license used "Public Domain"
 #as referense to http://www.iana.org/time-zones/repository/tz-link.html
@ -19,14 +19,14 @@ PKG_LICENSE:=Public Domain
 PKG_SOURCE:=tzdata$(PKG_VERSION).tar.gz
 PKG_SOURCE_CODE:=tzcode$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.iana.org/time-zones/repository/releases
-PKG_HASH:=3f510b5d1b4ae9bb38e485aa302a776b317fb3637bdb6404c4adf7b6cadd965c
+PKG_HASH:=dbca21970b0a8b8c0ceceec1d7b91fa903be0f6eca5ae732b5329672232a08f3

 include $(INCLUDE_DIR)/package.mk

 define Download/tzcode
   FILE=$(PKG_SOURCE_CODE)
   URL=$(PKG_SOURCE_URL)
-   HASH:=46d17f2bb19ad73290f03a203006152e0fa0d7b11e5b71467c4a823811b214e7
+   HASH:=e9a5f9e118886d2de92b62bb05510a28cc6c058d791c93bd6b84d3292c3c161e
 endef

 $(eval $(call Download,tzcode))