Merge branch 'openwrt:master' into master

2023-03-05 11:52:29 +05:30 · 2023-03-05 11:52:29 +05:30 · e7661c9277
commit e7661c9277
parent 7b5ffb35c0 bf51e33b57
35 changed files with 531 additions and 649 deletions
--- a/lang/lua-eco/Makefile
+++ b/lang/lua-eco/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=lua-eco
-PKG_VERSION:=1.0.0
-PKG_RELEASE:=4
+PKG_VERSION:=2.0.0
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION)
-PKG_HASH:=d9fd04acb4bd64f47a3a3e6a8d30ee1d0860221c5798ca528cf52260470b4155
+PKG_HASH:=df2bed363ac89ce5c776c02baa914fbf4b096e0b87cbf4347d1a48cb4d3b8428

 PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
 PKG_LICENSE:=MIT
@ -21,16 +21,19 @@ include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

 define Package/lua-eco
-  TITLE:=A Lua coroutine library
+  TITLE:=A Lua interpreter with a built-in libev event loop
  SECTION:=lang
  CATEGORY:=Languages
  SUBMENU:=Lua
  URL:=https://github.com/zhaojh329/lua-eco
-  DEPENDS:=+libev
+  DEPENDS:=+libev +liblua
 endef

 define Package/lua-eco/description
-  Lua-eco is a Lua coroutine library which was implemented based on IO event.
+  Lua-eco is a Lua interpreter with a built-in libev event loop. It makes all Lua code
+  running in Lua coroutines so code that does I/O can be suspended until data is ready.
+  This allows you write code as if you're using blocking I/O, while still allowing code
+  in other coroutines to run when you'd otherwise wait for I/O. It's kind of like Goroutines.
 endef

 define Package/lua-eco/Module
@ -42,63 +45,40 @@ define Package/lua-eco/Module
  DEPENDS:=+lua-eco $2
 endef

-Package/lua-eco-log=$(call Package/lua-eco/Module,Log utils)
-Package/lua-eco-sys=$(call Package/lua-eco/Module,System utils)
-Package/lua-eco-dns=$(call Package/lua-eco/Module,DNS)
-Package/lua-eco-socket=$(call Package/lua-eco/Module,Socket)
-Package/lua-eco-ssl=$(call Package/lua-eco/Module,SSL,\
-  @(PACKAGE_libopenssl||PACKAGE_libwolfssl||PACKAGE_libmbedtls) \
-  LUA_ECO_OPENSSL:libopenssl LUA_ECO_WOLFSSL:libwolfssl \
-  LUA_ECO_MBEDTLS:libmbedtls +LUA_ECO_MBEDTLS:zlib)
-Package/lua-eco-iw=$(call Package/lua-eco/Module,IW utils,+libmnl)
-Package/lua-eco-ip=$(call Package/lua-eco/Module,IP utils,+libmnl)
-Package/lua-eco-file=$(call Package/lua-eco/Module,File utils)
-Package/lua-eco-ubus=$(call Package/lua-eco/Module,Ubus,+libubus)
+Package/lua-eco-log=$(call Package/lua-eco/Module,log utils)
+Package/lua-eco-sys=$(call Package/lua-eco/Module,system utils)
+Package/lua-eco-file=$(call Package/lua-eco/Module,file utils)
+Package/lua-eco-base64=$(call Package/lua-eco/Module,base64)
+Package/lua-eco-sha1=$(call Package/lua-eco/Module,sha1)
+Package/lua-eco-socket=$(call Package/lua-eco/Module,socket,+lua-eco-file +lua-eco-sys)
+Package/lua-eco-dns=$(call Package/lua-eco/Module,dns,+lua-eco-socket +luabitop)
+Package/lua-eco-ssl=$(call Package/lua-eco/Module,ssl,\
+  +LUA_ECO_OPENSSL:libopenssl +LUA_ECO_WOLFSSL:libwolfssl \
+  +LUA_ECO_MBEDTLS:libmbedtls +LUA_ECO_MBEDTLS:zlib +lua-eco-socket)
+Package/lua-eco-ubus=$(call Package/lua-eco/Module,ubus,+libubus)
+Package/lua-eco-termios=$(call Package/lua-eco/Module,termios)
+Package/lua-eco-http=$(call Package/lua-eco/Module,http/https,+lua-eco-dns +lua-eco-ssl +lua-eco-log)
+Package/lua-eco-mqtt=$(call Package/lua-eco/Module,mqtt,+lua-eco-socket +lua-eco-dns +lua-mosquitto)
+Package/lua-eco-websocket=$(call Package/lua-eco/Module,websocket,+lua-eco-http +lua-eco-base64 +lua-eco-sha1)

 define Package/lua-eco-ssl/config
-    config LUA_ECO_DEFAULT_WOLFSSL
-	bool
-	default y if PACKAGE_libopenssl != y && \
-		     (PACKAGE_libwolfssl >= PACKAGE_libopenssl || \
-		      PACKAGE_libwolfsslcpu-crypto >= PACKAGE_libopenssl) && \
-		     (PACKAGE_libwolfssl >= PACKAGE_libmbedtls || \
-		      PACKAGE_libwolfsslcpu-crypto >= PACKAGE_libmbedtls)
+	choice
+		prompt "SSL Library"
+		default LUA_ECO_WOLFSSL

-    config LUA_ECO_DEFAULT_OPENSSL
-	bool
-	default y if !LUA_ECO_DEFAULT_WOLFSSL && \
-		     PACKAGE_libopenssl >= PACKAGE_libmbedtls
+		config LUA_ECO_OPENSSL
+			bool "OpenSSL"

-    config LUA_ECO_DEFAULT_MBEDTLS
-	bool
-	default y if !LUA_ECO_DEFAULT_WOLFSSL && \
-		     !LUA_ECO_DEFAULT_OPENSSL
+		config LUA_ECO_WOLFSSL
+			bool "wolfSSL"

-    choice
-	prompt "SSL Library"
-	default LUA_ECO_OPENSSL if LUA_ECO_DEFAULT_OPENSSL
-	default LUA_ECO_WOLFSSL if LUA_ECO_DEFAULT_WOLFSSL
-	default LUA_ECO_MBEDTLS if LUA_ECO_DEFAULT_MBEDTLS
-	config LUA_ECO_OPENSSL
-		bool "OpenSSL"
-		depends on PACKAGE_libopenssl
-	config LUA_ECO_WOLFSSL
-		bool "wolfSSL"
-		depends on PACKAGE_libwolfssl || PACKAGE_libwolfsslcpu-crypto
-	config LUA_ECO_MBEDTLS
-		bool "mbedTLS"
-		depends on PACKAGE_libmbedtls
-    endchoice
+		config LUA_ECO_MBEDTLS
+			bool "mbedTLS"
+	endchoice
 endef

 CMAKE_OPTIONS += \
-  -DECO_LOG_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-log),N,FF) \
-  -DECO_SYS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-sys),N,FF) \
-  -DECO_DNS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-dns),N,FF) \
-  -DECO_SOCKET_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-socket),N,FF) \
-  -DECO_IW_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-iw),N,FF) \
-  -DECO_IP_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ip),N,FF) \
-  -DECO_FILE_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-file),N,FF) \
+  -DPLATFORM="openwrt" \
  -DECO_UBUS_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ubus),N,FF) \
  -DECO_SSL_SUPPORT=O$(if $(CONFIG_PACKAGE_lua-eco-ssl),N,FF)

@ -113,32 +93,94 @@ ifneq ($(CONFIG_PACKAGE_lua-eco-ssl),)
 endif

 define Package/lua-eco/install
-	$(INSTALL_DIR) $(1)/usr/lib/lua
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/eco.so $(1)/usr/lib/lua
+	$(INSTALL_DIR) $(1)/usr/bin $(1)/usr/lib/lua/eco/core $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/eco $(1)/usr/bin
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/hex.lua $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/{time,bufio}.so $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{time,bufio,bit,sync}.lua $(1)/usr/lib/lua/eco
 endef

-define Package/lua-eco/Module/install  
+define Package/lua-eco-log/install
 	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$2.so $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/log.so $(1)/usr/lib/lua/eco
 endef

-Package/lua-eco-log/install=$(call Package/lua-eco/Module/install,$1,log)
-Package/lua-eco-sys/install=$(call Package/lua-eco/Module/install,$1,sys)
-Package/lua-eco-dns/install=$(call Package/lua-eco/Module/install,$1,dns)
-Package/lua-eco-socket/install=$(call Package/lua-eco/Module/install,$1,socket)
-Package/lua-eco-ssl/install=$(call Package/lua-eco/Module/install,$1,ssl)
-Package/lua-eco-iw/install=$(call Package/lua-eco/Module/install,$1,iw)
-Package/lua-eco-ip/install=$(call Package/lua-eco/Module/install,$1,ip)
-Package/lua-eco-file/install=$(call Package/lua-eco/Module/install,$1,file)
-Package/lua-eco-ubus/install=$(call Package/lua-eco/Module/install,$1,ubus)
+define Package/lua-eco-sys/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/sys.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/sys.so $(1)/usr/lib/lua/eco/core
+endef
+
+define Package/lua-eco-file/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/file.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/file.so $(1)/usr/lib/lua/eco/core
+endef
+
+define Package/lua-eco-base64/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/encoding
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/encoding/base64.so $(1)/usr/lib/lua/eco/encoding
+endef
+
+define Package/lua-eco-sha1/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/crypto
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/crypto/sha1.so $(1)/usr/lib/lua/eco/crypto
+endef
+
+define Package/lua-eco-socket/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/socket.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/socket.so $(1)/usr/lib/lua/eco/core
+endef
+
+define Package/lua-eco-dns/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/dns.lua $(1)/usr/lib/lua/eco
+endef
+
+define Package/lua-eco-ssl/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ssl.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ssl.so $(1)/usr/lib/lua/eco/core
+endef
+
+define Package/lua-eco-ubus/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco/core
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/ubus.lua $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/core/ubus.so $(1)/usr/lib/lua/eco/core
+endef
+
+define Package/lua-eco-http/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/{url,http}.lua $(1)/usr/lib/lua/eco
+endef
+
+define Package/lua-eco-mqtt/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/mqtt.lua $(1)/usr/lib/lua/eco
+endef
+
+define Package/lua-eco-websocket/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/websocket.lua $(1)/usr/lib/lua/eco
+endef
+
+define Package/lua-eco-termios/install
+	$(INSTALL_DIR) $(1)/usr/lib/lua/eco
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/lua/eco/termios.so $(1)/usr/lib/lua/eco
+endef

 $(eval $(call BuildPackage,lua-eco))
 $(eval $(call BuildPackage,lua-eco-log))
 $(eval $(call BuildPackage,lua-eco-sys))
-$(eval $(call BuildPackage,lua-eco-dns))
-$(eval $(call BuildPackage,lua-eco-socket))
-$(eval $(call BuildPackage,lua-eco-ssl))
-$(eval $(call BuildPackage,lua-eco-iw))
-$(eval $(call BuildPackage,lua-eco-ip))
 $(eval $(call BuildPackage,lua-eco-file))
+$(eval $(call BuildPackage,lua-eco-base64))
+$(eval $(call BuildPackage,lua-eco-sha1))
+$(eval $(call BuildPackage,lua-eco-socket))
+$(eval $(call BuildPackage,lua-eco-dns))
+$(eval $(call BuildPackage,lua-eco-ssl))
 $(eval $(call BuildPackage,lua-eco-ubus))
+$(eval $(call BuildPackage,lua-eco-http))
+$(eval $(call BuildPackage,lua-eco-mqtt))
+$(eval $(call BuildPackage,lua-eco-websocket))
+$(eval $(call BuildPackage,lua-eco-termios))
--- a/net/acme-common/Makefile
+++ b/net/acme-common/Makefile
@ -38,8 +38,6 @@ define Package/acme-common/install
 	$(INSTALL_DIR) $(1)/etc/ssl/acme
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/acme.config $(1)/etc/config/acme
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) ./files/acme.sh $(1)/usr/bin/acme
 	$(INSTALL_DIR) $(1)/usr/lib/acme
 	$(INSTALL_DATA) ./files/functions.sh $(1)/usr/lib/acme
 	$(INSTALL_BIN) ./files/acme-notify.sh $(1)/usr/lib/acme/notify
@ -50,15 +48,19 @@ define Package/acme-common/install
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/acme
 endef

-define Package/acme/postinst
+define Package/acme-common/postinst
 #!/bin/sh
-grep -q '/usr/bin/acme' /etc/crontabs/root 2>/dev/null && exit 0
-echo "0 0 * * * /usr/bin/acme get" >> /etc/crontabs/root
+if [ -z "$$IPKG_INSTROOT" ]; then
+	grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
+	echo "0 0 * * * /etc/init.d/acme start" >> /etc/crontabs/root
+fi
 endef

 define Package/acme-common/prerm
 #!/bin/sh
-sed -i '\|/usr/bin/acme|d' /etc/crontabs/root
+if [ -z "$$IPKG_INSTROOT" ]; then
+	sed -i '\|/etc/init.d/acme|d' /etc/crontabs/root
+fi
 endef

 define Build/Configure
--- a/net/acme-common/files/acme.init
+++ b/net/acme-common/files/acme.init
@ -1,9 +1,137 @@
 #!/bin/sh /etc/rc.common

-START=80
 USE_PROCD=1
+run_dir=/var/run/acme
+export CHALLENGE_DIR=$run_dir/challenge
+export CERT_DIR=/etc/ssl/acme
+NFT_HANDLE=
+HOOK=/usr/lib/acme/hook
+LOG_TAG=acme
+
+# shellcheck source=net/acme/files/functions.sh
+. "$IPKG_INSTROOT/usr/lib/acme/functions.sh"
+
+cleanup() {
+	log debug "cleaning up"
+	if [ -e $run_dir/lock ]; then
+		rm $run_dir/lock
+	fi
+	if [ "$NFT_HANDLE" ]; then
+		# $NFT_HANDLE contains the string 'handle XX' so pass it unquoted to nft
+		nft delete rule inet fw4 input $NFT_HANDLE
+	fi
+}
+
+load_options() {
+	section=$1
+
+	# compatibility for old option name
+	config_get_bool staging "$section" use_staging
+	if [ -z "$staging" ]; then
+		config_get_bool staging "$section" staging 0
+	fi
+	export staging
+	config_get calias "$section" calias
+	export calias
+	config_get dalias "$section" dalias
+	export dalias
+	config_get domains "$section" domains
+	export domains
+	export main_domain
+	main_domain="$(first_arg $domains)"
+	config_get keylength "$section" keylength ec-256
+	export keylength
+	config_get dns "$section" dns
+	export dns
+	config_get acme_server "$section" acme_server
+	export acme_server
+	config_get days "$section" days
+	export days
+	config_get standalone "$section" standalone 0
+	export standalone
+	config_get dns_wait "$section" dns_wait
+	export dns_wait
+
+	config_get webroot "$section" webroot
+	export webroot
+	if [ "$webroot" ]; then
+		log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR."
+	fi
+}
+
+first_arg() {
+	echo "$1"
+}
+
+get_cert() {
+	section=$1
+
+	config_get_bool enabled "$section" enabled 1
+	[ "$enabled" = 1 ] || return
+
+	load_options "$section"
+	if [ -z "$dns" ] && [ "$standalone" = 0 ]; then
+		mkdir -p "$CHALLENGE_DIR"
+	fi
+
+	if [ "$standalone" = 1 ] && [ -z "$NFT_HANDLE" ]; then
+		if ! NFT_HANDLE=$(nft -a -e insert rule inet fw4 input tcp dport 80 counter accept comment ACME | grep -o 'handle [0-9]\+'); then
+			return 1
+		fi
+		log debug "added nft rule: $NFT_HANDLE"
+	fi
+
+	load_credentials() {
+		eval export "$1"
+	}
+	config_list_foreach "$section" credentials load_credentials
+
+	"$HOOK" get
+}
+
+load_globals() {
+	section=$1
+
+	config_get account_email "$section" account_email
+	if [ -z "$account_email" ]; then
+		log err "account_email option is required"
+		exit 1
+	fi
+	export account_email
+
+	config_get state_dir "$section" state_dir
+	if [ "$state_dir" ]; then
+		log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in $CERT_DIR."
+		mkdir -p "$state_dir"
+	else
+		state_dir=/etc/acme
+	fi
+	export state_dir
+
+	config_get debug "$section" debug 0
+	export debug
+
+	# only look for the first acme section
+	return 1
+}
+
+start_service() {
+	mkdir -p $run_dir
+	exec 200>$run_dir/lock
+	if ! flock -n 200; then
+		log err "Another ACME instance is already running."
+		exit 1
+	fi
+
+	trap cleanup EXIT
+
+	config_load acme
+	config_foreach load_globals acme
+
+	config_foreach get_cert cert
+}

 service_triggers() {
 	procd_add_config_trigger config.change acme \
-		/usr/bin/acme get
+		/etc/init.d/acme start
 }
--- a/net/acme-common/files/acme.sh
+++ b/net/acme-common/files/acme.sh
@ -1,160 +0,0 @@
-#!/bin/sh
-# Wrapper for acme.sh to work on openwrt.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 3 of the License, or (at your option) any later
-# version.
-#
-# Authors: Toke Høiland-Jørgensen <toke@toke.dk>
-
-run_dir=/var/run/acme
-export CHALLENGE_DIR=$run_dir/challenge
-export CERT_DIR=/etc/ssl/acme
-NFT_HANDLE=
-HOOK=/usr/lib/acme/hook
-LOG_TAG=acme
-
-# shellcheck source=/dev/null
-. /lib/functions.sh
-# shellcheck source=net/acme/files/functions.sh
-. /usr/lib/acme/functions.sh
-
-cleanup() {
-	log debug "cleaning up"
-	if [ -e $run_dir/lock ]; then
-		rm $run_dir/lock
-	fi
-	if [ "$NFT_HANDLE" ]; then
-		# $NFT_HANDLE contains the string 'handle XX' so pass it unquoted to nft
-		nft delete rule inet fw4 input $NFT_HANDLE
-	fi
-}
-
-load_options() {
-	section=$1
-
-	# compatibility for old option name
-	config_get_bool staging "$section" use_staging
-	if [ -z "$staging" ]; then
-		config_get_bool staging "$section" staging 0
-	fi
-	export staging
-	config_get calias "$section" calias
-	export calias
-	config_get dalias "$section" dalias
-	export dalias
-	config_get domains "$section" domains
-	export domains
-	export main_domain
-	main_domain="$(first_arg $domains)"
-	config_get keylength "$section" keylength ec-256
-	export keylength
-	config_get dns "$section" dns
-	export dns
-	config_get acme_server "$section" acme_server
-	export acme_server
-	config_get days "$section" days
-	export days
-	config_get standalone "$section" standalone 0
-	export standalone
-	config_get dns_wait "$section" dns_wait
-	export dns_wait
-
-	config_get webroot "$section" webroot
-	export webroot
-	if [ "$webroot" ]; then
-		log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR."
-	fi
-}
-
-first_arg() {
-	echo "$1"
-}
-
-get_cert() {
-	section=$1
-
-	config_get_bool enabled "$section" enabled 1
-	[ "$enabled" = 1 ] || return
-
-	load_options "$section"
-	if [ -z "$dns" ] && [ "$standalone" = 0 ]; then
-		mkdir -p "$CHALLENGE_DIR"
-	fi
-
-	if [ "$standalone" = 1 ] && [ -z "$NFT_HANDLE" ]; then
-		if ! NFT_HANDLE=$(nft -a -e insert rule inet fw4 input tcp dport 80 counter accept comment ACME | grep -o 'handle [0-9]\+'); then
-			return 1
-		fi
-		log debug "added nft rule: $NFT_HANDLE"
-	fi
-
-	load_credentials() {
-		eval export "$1"
-	}
-	config_list_foreach "$section" credentials load_credentials
-
-	"$HOOK" get
-}
-
-load_globals() {
-	section=$1
-
-	config_get account_email "$section" account_email
-	if [ -z "$account_email" ]; then
-		log err "account_email option is required"
-		exit 1
-	fi
-	export account_email
-
-	config_get state_dir "$section" state_dir
-	if [ "$state_dir" ]; then
-		log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in $CERT_DIR."
-		mkdir -p "$state_dir"
-	else
-		state_dir=/etc/acme
-	fi
-	export state_dir
-
-	config_get debug "$section" debug 0
-	export debug
-
-	# only look for the first acme section
-	return 1
-}
-
-usage() {
-	cat <<EOF
-Usage: acme <command> [arguments]
-Commands:
-	get                issue or renew certificates
-EOF
-	exit 1
-}
-
-if [ ! -x "$HOOK" ]; then
-	log err "An ACME client like acme-acmesh or acme-uacme is required, which is not installed."
-	exit 1
-fi
-
-case $1 in
-get)
-	mkdir -p $run_dir
-	exec 200>$run_dir/lock
-	if ! flock -n 200; then
-		log err "Another ACME instance is already running."
-		exit 1
-	fi
-
-	trap cleanup EXIT
-
-	config_load acme
-	config_foreach load_globals acme
-
-	config_foreach get_cert cert
-	;;
-*)
-	usage
-	;;
-esac
--- a/net/acme-common/files/acme.uci-defaults
+++ b/net/acme-common/files/acme.uci-defaults
@ -1,4 +1,4 @@
 #!/bin/sh

-grep -q '/usr/bin/acme' /etc/crontabs/root 2>/dev/null && exit 0
-echo "0 0 * * * /usr/bin/acme get" >> /etc/crontabs/root
+grep -q '/etc/init.d/acme' /etc/crontabs/root 2>/dev/null && exit 0
+echo "0 0 * * * /etc/init.d/acme start" >>/etc/crontabs/root
--- a/net/acme-common/files/functions.sh
+++ b/net/acme-common/files/functions.sh
@ -1,7 +1,7 @@
 log() {
 	prio="$1"
 	shift
-	if [ "$prio" != debug ] || [ "$debug" = 0 ]; then
+	if [ "$prio" != debug ] || [ "$debug" = 1 ]; then
 		logger -t "$LOG_TAG" -s -p "daemon.$prio" -- "$@"
 	fi
 }
--- a/net/clamav/Makefile
+++ b/net/clamav/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=clamav
-PKG_VERSION:=0.104.2
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=0.104.4
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
-PKG_HASH:=3e45e46d9aaeb3a6956ed30376237ab7c4cd9573bc0f5d6fc15c588d30978d9d
+PKG_HASH:=8ac32e910aa744cc7f921c5122ba523ef1ffbbbf94545f94fc4a976b502be74b

 PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com> \
 		Lucian Cristian <lucian.cristian@gmail.com>
--- a/net/clamav/patches/100-cmake-fix-findcurses.patch
+++ b/net/clamav/patches/100-cmake-fix-findcurses.patch
@ -1,22 +0,0 @@
-From 0f03ec698e67ea3c0f21ba021c922146d5ad07b2 Mon Sep 17 00:00:00 2001
-From: Carlos Velasco <carlos.velasco@nimastelecom.com>
-Date: Thu, 4 Nov 2021 09:11:06 +0100
-Subject: [PATCH] CMake: Fix FindCurses.cmake try packate ncursesw if ncurses
- not found
-
-Change to pkg_search_module, first try to find ncurses pkg, if not found, then try with ncursesw pkg
---
- cmake/FindCURSES.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/cmake/FindCURSES.cmake
-+++ b/cmake/FindCURSES.cmake
-@@ -43,7 +43,7 @@ The following cache variables may also b
- 
- find_package(PkgConfig QUIET)
- # First try for NCurses
-pkg_check_modules(PC_NCurses QUIET ncurses)
-+pkg_search_module (PC_NCurses QUIET ncurses ncursesw)
- 
- find_path(NCURSES_INCLUDE_DIR
-   NAMES ncurses.h
--- a/net/cloudflared/Makefile
+++ b/net/cloudflared/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=cloudflared
-PKG_VERSION:=2023.2.1
+PKG_VERSION:=2023.3.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=468b0953eca6ab189859073067857062c91ed9adb18e12a43527e0dba3aa6409
+PKG_HASH:=90fad1f6eb59689e06d09837c5ec9a3e7e3d177fea15190027f60c5b9e7950be

 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
--- a/net/isc-dhcp/Makefile
+++ b/net/isc-dhcp/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=isc-dhcp
 UPSTREAM_NAME:=dhcp
 PKG_VERSION:=4.4.3
-PKG_RELEASE:=6
+PKG_RELEASE:=7

 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
--- a/net/isc-dhcp/files/dhcpd.init
+++ b/net/isc-dhcp/files/dhcpd.init
@ -364,7 +364,9 @@ gen_dhcp_subnet() {
 		echo " default-lease-time $leasetime;"
 		echo " max-lease-time $leasetime;"
 	fi
-	echo " option routers $gateway;"
+	if [ "$defaultroute" -eq 1 ] ; then
+		echo " option routers $gateway;"
+	fi
 	echo " option domain-name-servers $DNS;"
 	config_list_foreach "$cfg" "routes" append_routes
 	config_list_foreach "$cfg" "dhcp_option" append_dhcp_options
@ -374,7 +376,7 @@ gen_dhcp_subnet() {
 dhcpd_add() {
 	local cfg="$1" synthesize="$2"
 	local dhcp6range="::"
-	local dynamicdhcp end gateway ifname ignore leasetime limit net netmask
+	local dynamicdhcp defaultroute end gateway ifname ignore leasetime limit net netmask
 	local proto networkid start subnet
 	local IP NETMASK BROADCAST NETWORK PREFIX DNS START END

@ -404,6 +406,8 @@ dhcpd_add() {

 	config_get_bool dynamicdhcp "$cfg" "dynamicdhcp" 1

+	config_get_bool defaultroute "$cfg" "default_route" 1
+
 	dhcp_ifs="$dhcp_ifs $ifname"

 	eval "$(ipcalc.sh $subnet $start $limit)"
@ -512,8 +516,8 @@ update-optimization off;
 include "$session_key_file";

 zone $domain. {
-	primary 127.0.0.1;
-	key $session_key_name;
+ primary 127.0.0.1;
+ key $session_key_name;
 }

 EOF
@ -522,8 +526,8 @@ EOF
 			mynet="$(rev_str "$mynet" ".")"
 			cat <<EOF
 zone $mynet.in-addr.arpa. {
-	primary 127.0.0.1;
-	key $session_key_name;
+ primary 127.0.0.1;
+ key $session_key_name;
 }

 EOF
--- a/net/netbird/Makefile
+++ b/net/netbird/Makefile
@ -0,0 +1,51 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=netbird
+PKG_VERSION:=0.12.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=c88b65bb9358e5a6f9c34882e77a3414b02d4c5ac13b76fb2e60b952af6a18d7
+
+PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+GO_PKG:=github.com/netbirdio/netbird
+GO_PKG_BUILD_PKG:=$(GO_PKG)/client
+GO_PKG_LDFLAGS_X:=$(GO_PKG)/client/system.version=$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/netbird
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=VPN
+  TITLE:=Connect your devices into a single secure private WireGuard®-based mesh network
+  URL:=https://netbird.io
+  DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/netbird/description
+  NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create 
+  secure private networks for your organization or home.
+
+  It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN 
+  gateways, and so forth.
+endef
+
+define Package/netbird/install
+	$(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
+	$(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/client $(1)/usr/bin/netbird
+	$(INSTALL_BIN) ./files/netbird.init $(1)/etc/init.d/netbird
+endef
+
+$(eval $(call GoBinPackage,netbird))
+$(eval $(call BuildPackage,netbird))
--- a/net/netbird/files/netbird.init
+++ b/net/netbird/files/netbird.init
@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=10
+
+USE_PROCD=1
+
+start_service() {
+	procd_open_instance
+	procd_set_param command /usr/bin/netbird
+	procd_append_param command service run
+	procd_set_param pidfile /var/run/netbird.pid
+	procd_close_instance
+}
--- a/net/nfs-kernel-server/Makefile
+++ b/net/nfs-kernel-server/Makefile
@ -7,9 +7,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nfs-kernel-server
-PKG_VERSION:=2.5.4
-PKG_RELEASE:=5
-PKG_HASH:=546ce4b51eeebc66e354b6cc6ca0ce509437efbdef0caaf99389534eef0e598b
+PKG_VERSION:=2.6.2
+PKG_RELEASE:=1
+PKG_HASH:=26d46448982252e9e2c8346d10cf13e1143e7089c866f53e25db3359f3e9493c

 PKG_SOURCE_URL:=@SF/nfs
 PKG_SOURCE:=nfs-utils-$(PKG_VERSION).tar.xz
@ -150,6 +150,9 @@ HOST_CONFIGURE_VARS += \
 	ac_cv_header_blkid_blkid_h=yes \
 	ac_cv_lib_resolv___res_querydomain=yes \
 	ac_cv_func_prctl=yes \
+	ac_cv_sizeof_size_t=0 \
+	ac_cv_func_getrpcbynumber=yes \
+	ac_cv_func_getrpcbynumber_r=yes \
 	enable_ipv6=no \
 	GSSGLUE_CFLAGS=" " \
 	GSSGLUE_LIBS=" " \
--- a/net/nfs-kernel-server/patches/110-move-hardcoded-rundir.patch
+++ b/net/nfs-kernel-server/patches/110-move-hardcoded-rundir.patch
@ -3,7 +3,7 @@
@@ -64,7 +64,7 @@
 #define EVENT_BUFSIZE (1024 * EVENT_SIZE)
 
- #define RPCPIPE_DIR	"/var/lib/nfs/rpc_pipefs"
+ #define RPCPIPE_DIR	NFS_STATEDIR "/rpc_pipefs"
 -#define PID_FILE	"/run/blkmapd.pid"
 +#define PID_FILE	"/tmp/run/blkmapd.pid"
 
--- a/net/nfs-kernel-server/patches/130-musl-svcgssd-sysconf.patch
+++ b/net/nfs-kernel-server/patches/130-musl-svcgssd-sysconf.patch
@ -0,0 +1,144 @@
+--- a/support/nfsidmap/libnfsidmap.c
+++ b/support/nfsidmap/libnfsidmap.c
+@@ -452,11 +452,17 @@ int nfs4_init_name_mapping(char *conffil
+ 
+ 	nobody_user = conf_get_str("Mapping", "Nobody-User");
+ 	if (nobody_user) {
+-		size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+		long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+		size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETPW_R_SIZE_MAX*/
+ 		struct passwd *buf;
+ 		struct passwd *pw = NULL;
+ 		int err;
+ 
+		/*sysconf can return -1 when _SC_GETPW_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead
+		  to an integer overflow, which leads to a buffer overflow and crashes svcgssd */
+		if (scbuflen > 0)
+			buflen = (size_t)scbuflen;
+
+ 		buf = malloc(sizeof(*buf) + buflen);
+ 		if (buf) {
+ 			err = getpwnam_r(nobody_user, buf, ((char *)buf) + sizeof(*buf), buflen, &pw);
+@@ -473,11 +479,17 @@ int nfs4_init_name_mapping(char *conffil
+ 
+ 	nobody_group = conf_get_str("Mapping", "Nobody-Group");
+ 	if (nobody_group) {
+-		size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+		long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+		size_t buflen = 1024; /*value on my gentoo glibc system that has _SC_GETGR_R_SIZE_MAX*/
+ 		struct group *buf;
+ 		struct group *gr = NULL;
+ 		int err;
+ 
+		/*sysconf can return -1 when _SC_GETGR_R_SIZE_MAX is not defined, like on musl systems, if cast to size_t this will lead
+		  to an integer overflow, which leads to a buffer overflow and crashes svcgssd */
+		if (scbuflen > 0)
+			buflen = (size_t)scbuflen;
+
+ 		buf = malloc(sizeof(*buf) + buflen);
+ 		if (buf) {
+ 			err = getgrnam_r(nobody_group, buf, ((char *)buf) + sizeof(*buf), buflen, &gr);
+--- a/support/nfsidmap/static.c
+++ b/support/nfsidmap/static.c
+@@ -98,10 +98,14 @@ static struct passwd *static_getpwnam(co
+ {
+ 	struct passwd *pw;
+ 	struct pwbuf *buf;
+-	size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	size_t buflen = 1024;
+ 	char *localname;
+ 	int err;
+ 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
+ 	buf = malloc(sizeof(*buf) + buflen);
+ 	if (!buf) {
+ 		err = ENOMEM;
+@@ -149,10 +153,14 @@ static struct group *static_getgrnam(con
+ {
+ 	struct group *gr;
+ 	struct grbuf *buf;
+-	size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	size_t buflen = 1024;
+ 	char *localgroup;
+ 	int err;
+ 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
+ 	buf = malloc(sizeof(*buf) + buflen);
+ 	if (!buf) {
+ 		err = ENOMEM;
+--- a/support/nfsidmap/nss.c
+++ b/support/nfsidmap/nss.c
+@@ -91,9 +91,13 @@ static int nss_uid_to_name(uid_t uid, ch
+ 	struct passwd *pw = NULL;
+ 	struct passwd pwbuf;
+ 	char *buf;
+-	size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	size_t buflen = 1024;
+ 	int err = -ENOMEM;
+ 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
+ 	buf = malloc(buflen);
+ 	if (!buf)
+ 		goto out;
+@@ -119,9 +123,13 @@ static int nss_gid_to_name(gid_t gid, ch
+ 	struct group *gr = NULL;
+ 	struct group grbuf;
+ 	char *buf;
+-	size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	size_t buflen = 1024;
+ 	int err;
+ 
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+
+ 	if (domain == NULL)
+ 		domain = get_default_domain();
+ 
+@@ -192,12 +200,13 @@ static struct passwd *nss_getpwnam(const
+ {
+ 	struct passwd *pw;
+ 	struct pwbuf *buf;
+-	size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+	size_t buflen = 1024;
+ 	char *localname;
+ 	int err = ENOMEM;
+ 
+-	if (buflen > UINT_MAX)
+-		goto err;
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+ 
+ 	buf = malloc(sizeof(*buf) + buflen);
+ 	if (buf == NULL)
+@@ -301,7 +310,8 @@ static int _nss_name_to_gid(char *name,
+ 	struct group *gr = NULL;
+ 	struct group grbuf;
+ 	char *buf, *domain;
+-	size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	long scbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+	size_t buflen = 1024;
+ 	int err = -EINVAL;
+ 	char *localname = NULL;
+ 	char *ref_name = NULL;
+@@ -327,8 +337,8 @@ static int _nss_name_to_gid(char *name,
+ 	}
+ 
+ 	err = -ENOMEM;
+-	if (buflen > UINT_MAX)
+-		goto out_name;
+	if (scbuflen > 0)
+		buflen = (size_t)scbuflen;
+ 
+ 	do {
+ 		buf = malloc(buflen);
--- a/net/nfs-kernel-server/patches/200-fix-macos-build.patch
+++ b/net/nfs-kernel-server/patches/200-fix-macos-build.patch
@ -2,9 +2,9 @@ fix stat64 issue for modern macos versions (including macos arm64)

 --- a/tools/rpcgen/rpc_main.c
 +++ b/tools/rpcgen/rpc_main.c
-@@ -62,6 +62,12 @@
- #define EXTEND	1		/* alias for TRUE */
- #define DONT_EXTEND	0	/* alias for FALSE */
+@@ -68,6 +68,12 @@
+ # endif
+ #endif
 
 +#ifdef __APPLE__
 +# if __DARWIN_ONLY_64_BIT_INO_T
--- a/net/v2raya/Makefile
+++ b/net/v2raya/Makefile
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=v2rayA
 PKG_VERSION:=1.5.9.1698.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)?
--- a/net/v2raya/patches/010-fixed-for-Docker-Compose.patch
+++ b/net/v2raya/patches/010-fixed-for-Docker-Compose.patch
@ -1,46 +0,0 @@
-From 78336e55a31db578c139a5bb472aa0fc219c169d Mon Sep 17 00:00:00 2001
-From: Xiaoxu Guo <ftiasch0@gmail.com>
-Date: Thu, 4 Aug 2022 16:24:04 +0800
-Subject: [PATCH] fixed for Docker Compose
-
---
- service/core/iptables/tproxy.go | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
--- a/core/iptables/tproxy.go
-+++ b/core/iptables/tproxy.go
-@@ -65,6 +65,7 @@ iptables -w 2 -t mangle -A TP_PRE -p udp
- 
- iptables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark
- iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
-+iptables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN
- iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
- iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
- `
-@@ -123,6 +124,8 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud
- 
- ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark
- ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
-+ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
-+ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
- `
-@@ -156,7 +159,7 @@ ip6tables -w 2 -t mangle -A TP_MARK -j C
- 
- func (t *tproxy) GetCleanCommands() Setter {
- 	commands := `
-ip rule del fwmark 0x40/0xc0 table 100 
-+ip rule del fwmark 0x40/0xc0 table 100
- ip route del local 0.0.0.0/0 dev lo table 100
- 
- iptables -w 2 -t mangle -F TP_OUT
-@@ -172,7 +175,7 @@ iptables -w 2 -t mangle -X TP_MARK
- `
- 	if IsIPv6Supported() {
- 		commands += `
-ip -6 rule del fwmark 0x40/0xc0 table 100 
-+ip -6 rule del fwmark 0x40/0xc0 table 100
- ip -6 route del local ::/0 dev lo table 100
- 
- ip6tables -w 2 -t mangle -F TP_OUT
--- a/net/v2raya/patches/011-cleaned-up.patch
+++ b/net/v2raya/patches/011-cleaned-up.patch
@ -1,37 +0,0 @@
-From 0db405f50fd652d494f2066fc5e47c41666c96db Mon Sep 17 00:00:00 2001
-From: Xiaoxu Guo <ftiasch0@gmail.com>
-Date: Thu, 4 Aug 2022 16:32:42 +0800
-Subject: [PATCH] cleaned up
-
---
- service/core/iptables/tproxy.go | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
--- a/core/iptables/tproxy.go
-+++ b/core/iptables/tproxy.go
-@@ -124,7 +124,6 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud
- 
- ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark
- ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
-ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
-@@ -159,7 +158,7 @@ ip6tables -w 2 -t mangle -A TP_MARK -j C
- 
- func (t *tproxy) GetCleanCommands() Setter {
- 	commands := `
-ip rule del fwmark 0x40/0xc0 table 100
-+ip rule del fwmark 0x40/0xc0 table 100 
- ip route del local 0.0.0.0/0 dev lo table 100
- 
- iptables -w 2 -t mangle -F TP_OUT
-@@ -175,7 +174,7 @@ iptables -w 2 -t mangle -X TP_MARK
- `
- 	if IsIPv6Supported() {
- 		commands += `
-ip -6 rule del fwmark 0x40/0xc0 table 100
-+ip -6 rule del fwmark 0x40/0xc0 table 100 
- ip -6 route del local ::/0 dev lo table 100
- 
- ip6tables -w 2 -t mangle -F TP_OUT
--- a/net/v2raya/patches/012-improved.patch
+++ b/net/v2raya/patches/012-improved.patch
@ -1,38 +0,0 @@
-From 4a87a6fc9a17939cc0fc54058b2128b1f688045a Mon Sep 17 00:00:00 2001
-From: Xiaoxu Guo <ftiasch0@gmail.com>
-Date: Thu, 4 Aug 2022 22:56:46 +0800
-Subject: [PATCH] improved
-
---
- service/core/iptables/tproxy.go | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
--- a/core/iptables/tproxy.go
-+++ b/core/iptables/tproxy.go
-@@ -16,7 +16,7 @@ var Tproxy tproxy
- func (t *tproxy) AddIPWhitelist(cidr string) {
- 	// avoid duplication
- 	t.RemoveIPWhitelist(cidr)
-	pos := 5
-+	pos := 6
- 	if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed {
- 		pos += 3
- 	}
-@@ -65,7 +65,7 @@ iptables -w 2 -t mangle -A TP_PRE -p udp
- 
- iptables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark
- iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
-iptables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN
-+iptables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN
- iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
- iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
- `
-@@ -124,7 +124,7 @@ ip6tables -w 2 -t mangle -A TP_PRE -p ud
- 
- ip6tables -w 2 -t mangle -A TP_RULE -j CONNMARK --restore-mark
- ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
-ip6tables -w 2 -t mangle -A TP_RULE -i br+ -j RETURN
-+ip6tables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
- ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
- `
--- a/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch
+++ b/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch
@ -13,13 +13,13 @@ Subject: [PATCH] fix: we should skip interface ppp+ to avoid to break net
 func (t *tproxy) AddIPWhitelist(cidr string) {
 	// avoid duplication
 	t.RemoveIPWhitelist(cidr)
-	pos := 6
-+	pos := 8
+-	pos := 5
+	pos := 7
 	if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed {
 		pos += 3
 	}
-@@ -68,6 +68,8 @@ iptables -w 2 -t mangle -A TP_RULE -m ma
- iptables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN
+@@ -67,6 +67,8 @@ iptables -w 2 -t mangle -A TP_RULE -j CO
+ iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
 iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
 iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
 +iptables -w 2 -t mangle -A TP_RULE -i ppp+ -j RETURN
@ -27,8 +27,8 @@ Subject: [PATCH] fix: we should skip interface ppp+ to avoid to break net
 `
 	if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed {
 		commands += `
-@@ -127,6 +129,8 @@ ip6tables -w 2 -t mangle -A TP_RULE -m m
- ip6tables -w 2 -t mangle -A TP_RULE -i br-+ -j RETURN
+@@ -125,6 +127,8 @@ ip6tables -w 2 -t mangle -A TP_RULE -j C
+ ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN
 ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN
 ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN
 +ip6tables -w 2 -t mangle -A TP_RULE -i ppp+ -j RETURN
--- a/utils/open-vm-tools/Makefile
+++ b/utils/open-vm-tools/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=open-vm-tools
-PKG_VERSION:=12.0.0
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=12.1.5
+PKG_RELEASE:=1

-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-19345655.tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-20735119.tar.gz
 PKG_SOURCE_URL:=https://github.com/vmware/open-vm-tools/releases/download/stable-$(PKG_VERSION)
-PKG_HASH:=ea370217a213802f91b01231e28298bbe54134822351fb5cc70255d80ba0e775
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-19345655
+PKG_HASH:=72cb68c71c59fd429bcb357926f41f07e21c737a341534b707fc1df010ed4868
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-20735119

 PKG_LICENSE:=LGPL-2.1-or-later
 PKG_LICENSE_FILES:=LICENSE
@ -80,7 +80,8 @@ CONFIGURE_ARGS+= \
 	--without-gtk2 \
 	--without-gtk3 \
 	--without-xerces \
-	--enable-resolutionkms=no
+	--enable-resolutionkms=no \
+	--disable-glibc-check

 TARGET_LDFLAGS+=$(if $(ICONV_FULL),-liconv)

--- a/utils/open-vm-tools/patches/0002-off64_t.patch
+++ b/utils/open-vm-tools/patches/0002-off64_t.patch
@ -15,7 +15,7 @@ Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>

 --- a/lib/file/fileIOPosix.c
 +++ b/lib/file/fileIOPosix.c
-@@ -198,7 +198,7 @@ static AlignedPool alignedPool;
+@@ -203,7 +203,7 @@ static AlignedPool alignedPool;
  * are not available in any header file.
  */
 
--- a/utils/open-vm-tools/patches/0015-i386-time.patch
+++ b/utils/open-vm-tools/patches/0015-i386-time.patch
@ -1,73 +0,0 @@
-From 3f0580f2546de8be7acf1bc78a55a257bc638ebe Mon Sep 17 00:00:00 2001
-From: Bartosz Brachaczek <b.brachaczek@gmail.com>
-Date: Tue, 12 Nov 2019 14:31:08 +0100
-Subject: [PATCH] Make HgfsConvertFromNtTimeNsec aware of 64-bit time_t on i386
-
-I verified that this function behaves as expected on x86_64, i386 with
-32-bit time_t, and i386 with 64-bit time_t for the following values of
-ntTtime:
-
-UNIX_EPOCH-1, UNIX_EPOCH, UNIX_EPOCH+1, UNIX_S32_MAX-1, UNIX_S32_MAX,
-UNIX_S32_MAX+1, UNIX_S32_MAX*2+1
-
-I did not verify whether the use of Div643264 is optimal, performance
-wise.
---
- lib/hgfs/hgfsUtil.c | 34 +++++++++++++++++--------------
- 1 file changed, 19 insertions(+), 15 deletions(-)
-
--- a/lib/hgfs/hgfsUtil.c
-+++ b/lib/hgfs/hgfsUtil.c
-@@ -110,23 +110,21 @@ HgfsConvertFromNtTimeNsec(struct timespe
- 			  uint64 ntTime) // IN: Time in Windows NT format
- {
- #ifdef __i386__
-   uint32 sec;
-   uint32 nsec;
-+   uint64 sec64;
-+   uint32 sec32, nsec;
-+#endif
- 
-    ASSERT(unixTime);
-   /* We assume that time_t is 32bit */
-   ASSERT_ON_COMPILE(sizeof (unixTime->tv_sec) == 4);
- 
-   /* Cap NT time values that are outside of Unix time's range */
-+   if (sizeof (unixTime->tv_sec) == 4) {
-+      /* Cap NT time values that are outside of Unix time's range */
- 
-   if (ntTime >= UNIX_S32_MAX) {
-      unixTime->tv_sec = 0x7FFFFFFF;
-      unixTime->tv_nsec = 0;
-      return 1;
-+      if (ntTime >= UNIX_S32_MAX) {
-+         unixTime->tv_sec = 0x7FFFFFFF;
-+         unixTime->tv_nsec = 0;
-+         return 1;
-+      }
-    }
-#else
-   ASSERT(unixTime);
-#endif
- 
-    if (ntTime < UNIX_EPOCH) {
-       unixTime->tv_sec = 0;
-@@ -135,9 +133,15 @@ HgfsConvertFromNtTimeNsec(struct timespe
-    }
- 
- #ifdef __i386__
-   Div643232(ntTime - UNIX_EPOCH, 10000000, &sec, &nsec);
-   unixTime->tv_sec = sec;
-   unixTime->tv_nsec = nsec * 100;
-+   if (sizeof (unixTime->tv_sec) == 4) {
-+      Div643232(ntTime - UNIX_EPOCH, 10000000, &sec32, &nsec);
-+      unixTime->tv_sec = sec32;
-+      unixTime->tv_nsec = nsec * 100;
-+   } else {
-+      Div643264(ntTime - UNIX_EPOCH, 10000000, &sec64, &nsec);
-+      unixTime->tv_sec = sec64;
-+      unixTime->tv_nsec = nsec * 100;
-+   }
- #else
-    unixTime->tv_sec = (ntTime - UNIX_EPOCH) / 10000000;
-    unixTime->tv_nsec = ((ntTime - UNIX_EPOCH) % 10000000) * 100;
--- a/utils/open-vm-tools/patches/010-warnings.patch
+++ b/utils/open-vm-tools/patches/010-warnings.patch
@ -10,7 +10,7 @@
 
 --- a/lib/file/fileIOPosix.c
 +++ b/lib/file/fileIOPosix.c
-@@ -1741,7 +1741,7 @@ FileIOPreadvInternal(
+@@ -1746,7 +1746,7 @@ FileIOPreadvInternal(
        * the library horizon this can go away.
        */
       /* coverity[func_conv] */
@ -19,7 +19,7 @@
          fret = FileIOPreadvCoalesced(fd, entries, numEntries, offset,
                                       totalSize, &bytesRead);
          break;
-@@ -1882,7 +1882,7 @@ FileIOPwritevInternal(
+@@ -1887,7 +1887,7 @@ FileIOPwritevInternal(
        * the library horizon this can go away.
        */
       /* coverity[func_conv] */
--- a/utils/qemu/Makefile
+++ b/utils/qemu/Makefile
@ -9,10 +9,10 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=qemu
-PKG_VERSION:=6.2.0
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=7.2.0
+PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=68e15d8e45ac56326e0b9a4afa8b49a3dfe8aba3488221d098c84698bca65b45
+PKG_HASH:=5b49ce2687744dad494ae90a898c52204a3406e84d072482a1e1be854eeb2157
 PKG_SOURCE_URL:=http://download.qemu.org/
 PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=LICENSE tcg/LICENSE
@ -192,8 +192,8 @@ define qemu-target
    URL:=http://www.qemu.org
    DEPENDS:= +glib2 +libpthread +zlib +libbpf $(QEMU_DEPS_IN_HOST) $(qemu-target-$(1)-deps) \
 	+QEMU_UI_VNC:qemu-keymaps \
+	+QEMU_UI_VNC:libpng \
 	+QEMU_UI_VNC_JPEG:libjpeg \
-	+QEMU_UI_VNC_PNG:libpng \
 	+QEMU_UI_VNC_SASL:libsasl2 \
 	+QEMU_UI_SPICE:libspice-server \
 	+QEMU_DEV_USB:libusb-1.0 \
@ -246,11 +246,6 @@ config QEMU_UI_VNC_JPEG
 	default n
 	depends on QEMU_UI_VNC

-config QEMU_UI_VNC_PNG
-	bool "QEMU VNC png tight encoding support"
-	default n
-	depends on QEMU_UI_VNC
-
 config QEMU_UI_VNC_SASL
 	bool "QEMU VNC SASL auth support"
 	default n
@ -276,7 +271,6 @@ endef
 PKG_CONFIG_DEPENDS += \
 	CONFIG_QEMU_UI_VNC \
 	CONFIG_QEMU_UI_VNC_JPEG \
-	CONFIG_QEMU_UI_VNC_PNG \
 	CONFIG_QEMU_UI_VNC_SASL \
 	CONFIG_QEMU_UI_SPICE \
 	CONFIG_QEMU_DEV_USB \
@ -311,11 +305,8 @@ CONFIGURE_ARGS +=			\
 	--enable-vhost-crypto		\
 	--enable-vhost-kernel		\
 	--enable-vhost-net		\
-	--enable-vhost-scsi		\
 	--enable-vhost-user		\
-	--enable-vhost-user-fs		\
 	--enable-vhost-user-blk-server	\
-	--enable-vhost-vsock		\
 	--enable-vhost-vdpa		\

 # Image formats support
@ -335,7 +326,6 @@ CONFIGURE_ARGS +=			\
 	--disable-bsd-user		\
 	--disable-linux-user		\
 	--enable-system			\
-	--enable-slirp=system		\

 # accel
 CONFIGURE_ARGS +=			\
@ -356,7 +346,6 @@ CONFIGURE_ARGS +=			\
 	--disable-virglrenderer		\
 	--$(if $(CONFIG_QEMU_UI_VNC),enable,disable)-vnc			\
 	--$(if $(CONFIG_QEMU_UI_VNC_JPEG),enable,disable)-vnc-jpeg		\
-	--$(if $(CONFIG_QEMU_UI_VNC_PNG),enable,disable)-vnc-png		\
 	--$(if $(CONFIG_QEMU_UI_VNC_SASL),enable,disable)-vnc-sasl		\
 	--disable-vte			\
 	--enable-curses			\
@ -405,7 +394,6 @@ CONFIGURE_ARGS +=			\
 	--disable-libpmem		\
 	--disable-libssh		\
 	--$(if $(CONFIG_QEMU_DEV_USB),enable,disable)-libusb		\
-	--disable-libxml2		\
 	--disable-linux-aio		\
 	--disable-linux-io-uring	\
 	--disable-lzfse			\
@ -436,12 +424,12 @@ CONFIGURE_ARGS +=			\
 	--disable-werror		\
 	--disable-xen-pci-passthrough	\
 	--disable-xkbcommon		\
-	--disable-xfsctl		\
 	--disable-zstd			\
 	--disable-selinux		\
 	--disable-oss			\
 	--disable-alsa			\
 	--disable-pa			\
+	--disable-vduse-blk-export	\

 CONFIGURE_ARGS += --target-list='$(foreach target,$(qemu-target-list),$(if $(CONFIG_PACKAGE_qemu-$(target)),$(target)))'
 CONFIGURE_ARGS += $(if $(CONFIG_PACKAGE_qemu-ga),--enable-guest-agent)
--- a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch
+++ b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch
@ -11,12 +11,12 @@ OpenWrt base build system decide flavor of fortify_source to use

 --- a/configure
 +++ b/configure
-@@ -1194,6 +1194,8 @@ for opt do
+@@ -896,6 +896,8 @@ for opt do
   ;;
   --enable-jemalloc) meson_option_parse --enable-malloc=jemalloc jemalloc
   ;;
 +  --disable-fortify-source) fortify_source="no"
 +  ;;
   # everything else has the same name in configure and meson
-   --enable-* | --disable-*) meson_option_parse "$opt" "$optarg"
+   --*) meson_option_parse "$opt" "$optarg"
   ;;
--- a/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch
+++ b/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch
@ -1,25 +0,0 @@
-From 3f07c9cb96b361f07ce637088f818bbe0edbcde3 Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Fri, 7 Feb 2020 03:02:44 +0800
-Subject: [PATCH] configure: enable guest_agent no matter whether softmmu is
- enabled
-
-guest_agent as a tool to be run on guest machines does not depend on
-whether there is a softmmu is to be built at this configure/make run
-
-Fixes a512590 ("configure: qemu-ga is only needed with softmmu targets")
---
- configure | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/configure
-+++ b/configure
-@@ -3331,7 +3331,7 @@ fi
- # Probe for guest agent support/options
- 
- if [ "$guest_agent" != "no" ]; then
-  if [ "$softmmu" = no -a "$want_tools" = no ] ; then
-+  if [ "$guest_agent" = "" -a "$want_tools" = no ] ; then
-       guest_agent=no
-   elif [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" -o "$mingw32" = "yes" ] ; then
-       guest_agent=yes
--- a/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch
+++ b/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch
@ -1,64 +0,0 @@
-From 26dd9766757895c04b33a89865e3886f18146332 Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Sat, 24 Feb 2018 13:45:25 +0800
-Subject: [PATCH] disas: fix compilation failure when isnan is a macro
-
---
- disas/libvixl/vixl/utils.h | 16 +++++++++++-----
- 1 file changed, 11 insertions(+), 5 deletions(-)
-
--- a/disas/libvixl/vixl/utils.h
-+++ b/disas/libvixl/vixl/utils.h
-@@ -118,11 +118,17 @@ double double_pack(uint64_t sign, uint64
- // An fpclassify() function for 16-bit half-precision floats.
- int float16classify(float16 value);
- 
-+#ifdef isnan
-+#define isnan_ isnan
-+#else
-+#define isnan_ std::isnan
-+#endif
-+
- // NaN tests.
- inline bool IsSignallingNaN(double num) {
-   const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000);
-   uint64_t raw = double_to_rawbits(num);
-  if (std::isnan(num) && ((raw & kFP64QuietNaNMask) == 0)) {
-+  if (isnan_(num) && ((raw & kFP64QuietNaNMask) == 0)) {
-     return true;
-   }
-   return false;
-@@ -132,7 +138,7 @@ inline bool IsSignallingNaN(double num)
- inline bool IsSignallingNaN(float num) {
-   const uint32_t kFP32QuietNaNMask = 0x00400000;
-   uint32_t raw = float_to_rawbits(num);
-  if (std::isnan(num) && ((raw & kFP32QuietNaNMask) == 0)) {
-+  if (isnan_(num) && ((raw & kFP32QuietNaNMask) == 0)) {
-     return true;
-   }
-   return false;
-@@ -148,21 +154,21 @@ inline bool IsSignallingNaN(float16 num)
- 
- template <typename T>
- inline bool IsQuietNaN(T num) {
-  return std::isnan(num) && !IsSignallingNaN(num);
-+  return isnan_(num) && !IsSignallingNaN(num);
- }
- 
- 
- // Convert the NaN in 'num' to a quiet NaN.
- inline double ToQuietNaN(double num) {
-   const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000);
-  VIXL_ASSERT(std::isnan(num));
-+  VIXL_ASSERT(isnan_(num));
-   return rawbits_to_double(double_to_rawbits(num) | kFP64QuietNaNMask);
- }
- 
- 
- inline float ToQuietNaN(float num) {
-   const uint32_t kFP32QuietNaNMask = 0x00400000;
-  VIXL_ASSERT(std::isnan(num));
-+  VIXL_ASSERT(isnan_(num));
-   return rawbits_to_float(float_to_rawbits(num) | kFP32QuietNaNMask);
- }
- 
--- a/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch
+++ b/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch
@ -1,29 +0,0 @@
-From 905f3b7b6115f303f964b5aa1d3bc9bdae9d5bec Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Sat, 24 Feb 2018 13:46:31 +0800
-Subject: [PATCH] pc-bios: fix compilation when $(AS) is actually gcc driver
-
---
- pc-bios/optionrom/Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
--- a/pc-bios/optionrom/Makefile
-+++ b/pc-bios/optionrom/Makefile
-@@ -35,7 +35,7 @@ override CFLAGS += -m32 -include $(SRC_D
- endif
- 
- Wa = -Wa,
-override ASFLAGS += -32
-+override ASFLAGS += $(Wa)-32
- override CFLAGS += $(call cc-option, $(Wa)-32)
- 
- LD_I386_EMULATION ?= elf_i386
-@@ -44,7 +44,7 @@ override LDFLAGS = -m $(LD_I386_EMULATIO
- pvh.img: pvh.o pvh_main.o
- 
- %.o: %.S
-	$(call quiet-command,$(CPP) $(CPPFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@,"AS","$@")
-+	$(call quiet-command,$(CPP) $(CPPFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@ -x assembler -,"AS","$@")
- 
- %.o: %.c
- 	$(call quiet-command,$(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@,"CC","$@")
--- a/utils/qemu/patches/0007-qga-invoke-separate-applets-for-guest-shutdown-modes.patch
+++ b/utils/qemu/patches/0007-qga-invoke-separate-applets-for-guest-shutdown-modes.patch
@ -13,7 +13,7 @@ https://gitlab.alpinelinux.org/alpine/aports/commit/76b81b486480fd9c3294cd420bcf

 --- a/qga/commands-posix.c
 +++ b/qga/commands-posix.c
-@@ -84,6 +84,7 @@ static void ga_wait_child(pid_t pid, int
+@@ -74,6 +74,7 @@ static void ga_wait_child(pid_t pid, int
 void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp)
 {
     const char *shutdown_flag;
@ -21,25 +21,25 @@ https://gitlab.alpinelinux.org/alpine/aports/commit/76b81b486480fd9c3294cd420bcf
     Error *local_err = NULL;
     pid_t pid;
     int status;
-@@ -91,10 +92,13 @@ void qmp_guest_shutdown(bool has_mode, c
+@@ -95,10 +96,13 @@ void qmp_guest_shutdown(bool has_mode, c
     slog("guest-shutdown called, mode: %s", mode);
     if (!has_mode || strcmp(mode, "powerdown") == 0) {
-         shutdown_flag = "-P";
+         shutdown_flag = powerdown_flag;
 +        fallback_cmd = "/sbin/poweroff";
     } else if (strcmp(mode, "halt") == 0) {
-         shutdown_flag = "-H";
+         shutdown_flag = halt_flag;
 +        fallback_cmd = "/sbin/halt";
     } else if (strcmp(mode, "reboot") == 0) {
-         shutdown_flag = "-r";
+         shutdown_flag = reboot_flag;
 +        fallback_cmd = "/sbin/reboot";
     } else {
         error_setg(errp,
                    "mode is invalid (valid values are: halt|powerdown|reboot");
-@@ -111,6 +115,7 @@ void qmp_guest_shutdown(bool has_mode, c
- 
-         execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0",
-                "hypervisor initiated shutdown", (char *)NULL, environ);
-+        execle(fallback_cmd, fallback_cmd, (char*)NULL, environ);
+@@ -123,6 +127,7 @@ void qmp_guest_shutdown(bool has_mode, c
+         execl("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0",
+                "hypervisor initiated shutdown", (char *)NULL);
+ #endif
+        execl(fallback_cmd, fallback_cmd, (char*)NULL);
         _exit(EXIT_FAILURE);
     } else if (pid < 0) {
         error_setg_errno(errp, errno, "failed to create child process");
--- a/utils/qemu/patches/0010-no-tests.patch
+++ b/utils/qemu/patches/0010-no-tests.patch
@ -1,8 +1,8 @@
 --- a/meson.build
 +++ b/meson.build
-@@ -2619,10 +2619,6 @@ specific_ss.add_all(when: 'CONFIG_BSD_US
- linux_user_ss.add(files('thunk.c'))
- specific_ss.add_all(when: 'CONFIG_LINUX_USER', if_true: linux_user_ss)
+@@ -3142,10 +3142,6 @@ subdir('common-user')
+ subdir('bsd-user')
+ subdir('linux-user')
 
 -# needed for fuzzing binaries
 -subdir('tests/qtest/libqos')
@ -11,7 +11,7 @@
 # accel modules
 tcg_real_module_ss = ss.source_set()
 tcg_real_module_ss.add_all(when: 'CONFIG_TCG_MODULAR', if_true: tcg_module_ss)
-@@ -3107,10 +3103,6 @@ subdir('scripts')
+@@ -3633,10 +3629,6 @@ subdir('scripts')
 subdir('tools')
 subdir('pc-bios')
 subdir('docs')
--- a/utils/sed/Makefile
+++ b/utils/sed/Makefile
@ -29,7 +29,6 @@ define Package/sed
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=sed stream editor utility - full version
-  DEPENDS:=+libpcre
  URL:=https://www.gnu.org/software/sed/
  ALTERNATIVES:=300:/bin/sed:/usr/libexec/sed-gnu
 endef
--- a/utils/yq/Makefile
+++ b/utils/yq/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=yq
-PKG_VERSION:=4.31.1
+PKG_VERSION:=4.31.2
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=6481cd93fe9a773ea20f738a3340c88e691f3d073bc6d2fceee3f5b3867399fc
+PKG_HASH:=82d5ef2ab01bc5065e7efe671d92fb82e53f41dc67b04cab6c3b22fd144bd009

 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MIT