From d7bd9d19d7c866c6a479246e7cdea77929113004 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 28 Sep 2023 23:36:39 +0800
Subject: [PATCH] update 2023-09-28 23:36:39

---
 luci-app-mosdns/Makefile                      |  2 +-
 .../luasrc/model/cbi/mosdns/basic.lua         |  4 +-
 luci-app-mosdns/po/zh-cn/mosdns.po            | 12 ++---
 luci-app-mosdns/root/etc/init.d/mosdns        |  9 ----
 tailscale/Makefile                            | 30 ++---------
 tailscale/files/tailscale.init                |  3 ++
 tailscale/patches/010-fake_iptables.patch     | 53 -------------------
 .../020-tailscaled_fake_iptables.patch        | 32 -----------
 .../030-default_to_netfilter_off.patch        | 11 ----
 vsftpd-alt/Makefile                           |  2 +-
 10 files changed, 17 insertions(+), 141 deletions(-)
 delete mode 100644 tailscale/patches/010-fake_iptables.patch
 delete mode 100644 tailscale/patches/020-tailscaled_fake_iptables.patch
 delete mode 100644 tailscale/patches/030-default_to_netfilter_off.patch

diff --git a/luci-app-mosdns/Makefile b/luci-app-mosdns/Makefile
index e3c4293a5..f76731f56 100644
--- a/luci-app-mosdns/Makefile
+++ b/luci-app-mosdns/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-mosdns
-PKG_VERSION:=1.5.11
+PKG_VERSION:=1.5.12
 PKG_RELEASE:=1
 
 LUCI_TITLE:=LuCI Support for mosdns
diff --git a/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua b/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
index 4184b9e22..7a1346539 100644
--- a/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
+++ b/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
@@ -120,12 +120,12 @@ o.rmempty = false
 o.default = false
 o:depends("configfile", "/etc/mosdns/config.yaml")
 
-o = s:taboption("advanced", Flag, "enable_http3_local", translate("Local DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for Local DNS, Upstream DNS server support is required (Experimental)"))
+o = s:taboption("advanced", Flag, "enable_http3_local", translate("China DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for China DNS, Upstream DNS server support is required (Experimental feature)"))
 o.rmempty = false
 o.default = false
 o:depends("custom_local_dns", "1")
 
-o = s:taboption("advanced", Flag, "enable_http3_remote", translate("Remote DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental)"))
+o = s:taboption("advanced", Flag, "enable_http3_remote", translate("Remote DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental feature)"))
 o.rmempty = false
 o.default = false
 o:depends("configfile", "/etc/mosdns/config.yaml")
diff --git a/luci-app-mosdns/po/zh-cn/mosdns.po b/luci-app-mosdns/po/zh-cn/mosdns.po
index 4b7e022f9..a4cc74c05 100644
--- a/luci-app-mosdns/po/zh-cn/mosdns.po
+++ b/luci-app-mosdns/po/zh-cn/mosdns.po
@@ -265,17 +265,17 @@ msgstr "禁用 TLS 证书"
 msgid "Disable TLS Servers certificate validation, Can be useful if system CA certificate expires or the system time is out of order"
 msgstr "禁用 TLS 服务器证书验证，当系统 CA 证书过期或系统时间错乱时，本选项可能会有用"
 
-msgid "Local DNS Enable HTTP/3"
-msgstr "本地 DNS 启用 HTTP/3"
+msgid "China DNS Enable HTTP/3"
+msgstr "国内 DNS 启用 HTTP/3"
 
-msgid "Enable DoH HTTP/3 protocol for Local DNS, Upstream DNS server support is required (Experimental)"
-msgstr "本地 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性，谨慎启用该功能）"
+msgid "Enable DoH HTTP/3 protocol for China DNS, Upstream DNS server support is required (Experimental feature)"
+msgstr "国内 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性功能）"
 
 msgid "Remote DNS Enable HTTP/3"
 msgstr "远程 DNS 启用 HTTP/3"
 
-msgid "Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental)"
-msgstr "远程 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性，谨慎启用该功能）"
+msgid "Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental feature)"
+msgstr "远程 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性功能）"
 
 msgid "Enable EDNS client subnet"
 msgstr "启用 EDNS 客户端子网"
diff --git a/luci-app-mosdns/root/etc/init.d/mosdns b/luci-app-mosdns/root/etc/init.d/mosdns
index 47158a8c9..f68378169 100755
--- a/luci-app-mosdns/root/etc/init.d/mosdns
+++ b/luci-app-mosdns/root/etc/init.d/mosdns
@@ -30,7 +30,6 @@ DUMP_FILE=/etc/mosdns/cache.dump
 DUMP_FILE_DEFAULT=/usr/share/mosdns/cache.dump
 DEFAULT_CONF=/usr/share/mosdns/default.yaml
 MOSDNS_SCRIPT=/usr/share/mosdns/mosdns.sh
-RULE_HOSTS=/etc/mosdns/rule/hosts.txt
 
 get_config() {
     config_get enabled $1 enabled 0
@@ -73,14 +72,6 @@ init_yaml() {
     # HTTP/3
     [ $enable_http3_local -eq 1 ] && enable_http3_local=true || enable_http3_local=false
     [ $enable_http3_remote -eq 1 ] && enable_http3_remote=true || enable_http3_remote=false
-    if [ $enable_http3_local = true ]; then
-        http3_dns=$(uci get mosdns.config.local_dns)
-        echo "$http3_dns" | grep -oE 'https?://[^/]+' | while read -r domain; do
-            address=$(nslookup "${domain#*://}" ${bootstrap_dns} | grep -A2 Name | grep Address | awk '{print $2}')
-            sed -i "/${domain#*://}/d" $RULE_HOSTS
-            [ -n "$address" ] && echo ${domain#*://} $address >> $RULE_HOSTS
-        done
-    fi
     # Write parameters
     [ "$custom_local_dns" -eq 1 ] && \
     local_dns=$($MOSDNS_SCRIPT dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: \"%s\"\n%s  bootstrap: '${bootstrap_dns}'\n%s  enable_pipeline: '${enable_pipeline}'\n%s  max_conns: '${max_conns}'\n%s  insecure_skip_verify: '${insecure_skip_verify}'\n%s  idle_timeout: '${idle_timeout}'\n%s  enable_http3: '${enable_http3_local}'\n",s,$i,s,s,s,s,s,s}' s='        ') || \
diff --git a/tailscale/Makefile b/tailscale/Makefile
index 0801da238..0a27398b8 100644
--- a/tailscale/Makefile
+++ b/tailscale/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tailscale
-PKG_VERSION:=1.44.0
+PKG_VERSION:=1.50.0
 PKG_RELEASE:=1
 
-PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=dc230cf3ac290140e573268a6e8f17124752ef064c8d3a86765a9dbb6f1bd354
+PKG_HASH:=a7e024577854c07b793c4bbd81a497250e6a1b4536e303351a388810f13b7316
 
 PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
@@ -63,29 +63,7 @@ Package/tailscaled/description:=$(Package/tailscale/description)
 
 define Package/tailscaled/conffiles
 /etc/config/tailscale
-/etc/tailscale/tailscaled.state
-endef
-
-GO_IPTABLES_VERSION:=0.6.0
-GO_IPTABLES_FILE:=$(PKG_NAME)-go-iptables-$(GO_IPTABLES_VERSION).tar.gz
-
-define Download/go-iptables
-  URL:=https://codeload.github.com/coreos/go-iptables/tar.gz/v$(GO_IPTABLES_VERSION)?
-  URL_FILE:=$(GO_IPTABLES_FILE)
-  FILE:=$(GO_IPTABLES_FILE)
-  HASH:=a784cc17fcb17879f073eae47bc4c2e899f59f6906dac5a0aa7a9cc9f95ea66d
-endef
-
-define Build/Prepare
-	$(PKG_UNPACK)
-	[ ! -d ./src/ ] || $(CP) ./src/. $(PKG_BUILD_DIR)
-	$(eval $(call Download,go-iptables))
-	( \
-		mkdir -p $(PKG_BUILD_DIR)/patched/ ; \
-		gzip -dc $(DL_DIR)/$(GO_IPTABLES_FILE) | $(HOST_TAR) -C $(PKG_BUILD_DIR)/patched $(TAR_OPTIONS) ; \
-		mv $(PKG_BUILD_DIR)/patched/go-iptables-$(GO_IPTABLES_VERSION) $(PKG_BUILD_DIR)/patched/go-iptables ; \
-	)
-	$(Build/Patch)
+/etc/tailscale/
 endef
 
 define Package/tailscale/install
diff --git a/tailscale/files/tailscale.init b/tailscale/files/tailscale.init
index 6548fa220..7d5f52134 100644
--- a/tailscale/files/tailscale.init
+++ b/tailscale/files/tailscale.init
@@ -23,6 +23,9 @@ start_service() {
   procd_open_instance
   procd_set_param command /usr/sbin/tailscaled
 
+  # starting with v1.48.1 ENV variable is required to enable autodetection of iptables / nftables
+  procd_set_param env TS_DEBUG_FIREWALL_MODE=auto
+
   # Set the port to listen on for incoming VPN packets.
   # Remote nodes will automatically be informed about the new port number,
   # but you might want to configure this in order to set external firewall
diff --git a/tailscale/patches/010-fake_iptables.patch b/tailscale/patches/010-fake_iptables.patch
deleted file mode 100644
index ca7086ed8..000000000
--- a/tailscale/patches/010-fake_iptables.patch
+++ /dev/null
@@ -1,53 +0,0 @@
---- a/go.mod
-+++ b/go.mod
-@@ -2,6 +2,8 @@ module tailscale.com
- 
- go 1.20
- 
-+replace github.com/coreos/go-iptables => ./patched/go-iptables
-+
- require (
- 	filippo.io/mkcert v1.4.4
- 	github.com/Microsoft/go-winio v0.6.1
---- a/patched/go-iptables/iptables/iptables.go
-+++ b/patched/go-iptables/iptables/iptables.go
-@@ -149,12 +149,39 @@ func New(opts ...option) (*IPTables, err
- 	return ipt, nil
- }
- 
-+func NewFake(opts ...option) (*IPTables, error) {
-+
-+	ipt := &IPTables{
-+		path:		   "/bin/false",
-+		proto:		   ProtocolIPv4,
-+		hasCheck:	   false,
-+		hasWait:	   false,
-+		waitSupportSecond: false,
-+		hasRandomFully:	   false,
-+		v1:		   0,
-+		v2:		   0,
-+		v3:		   0,
-+		mode:		   "legacy",
-+		timeout:	   0,
-+	}
-+
-+	for _, opt := range opts {
-+		opt(ipt)
-+	}
-+
-+	return ipt, nil
-+}
-+
- // New creates a new IPTables for the given proto.
- // The proto will determine which command is used, either "iptables" or "ip6tables".
- func NewWithProtocol(proto Protocol) (*IPTables, error) {
- 	return New(IPFamily(proto), Timeout(0))
- }
- 
-+func NewFakeWithProtocol(proto Protocol) (*IPTables, error) {
-+	return NewFake(IPFamily(proto), Timeout(0))
-+}
-+
- // Proto returns the protocol used by this IPTables.
- func (ipt *IPTables) Proto() Protocol {
- 	return ipt.proto
diff --git a/tailscale/patches/020-tailscaled_fake_iptables.patch b/tailscale/patches/020-tailscaled_fake_iptables.patch
deleted file mode 100644
index a4d54bdc6..000000000
--- a/tailscale/patches/020-tailscaled_fake_iptables.patch
+++ /dev/null
@@ -1,32 +0,0 @@
---- a/wgengine/router/router_linux.go
-+++ b/wgengine/router/router_linux.go
-@@ -129,7 +129,7 @@ func newUserspaceRouter(logf logger.Logf
- 
- 	ipt4, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
- 	if err != nil {
--		return nil, err
-+		ipt4, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv4)
- 	}
- 
- 	v6err := checkIPv6(logf)
-@@ -148,7 +148,7 @@ func newUserspaceRouter(logf logger.Logf
- 		// if unavailable. We want that to be a non-fatal error.
- 		ipt6, err = iptables.NewWithProtocol(iptables.ProtocolIPv6)
- 		if err != nil {
--			return nil, err
-+			ipt6, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv6)
- 		}
- 	}
- 
-@@ -1676,11 +1676,6 @@ func checkIPv6(logf logger.Logf) error {
- 		return fmt.Errorf("kernel doesn't support IPv6 policy routing: %w", err)
- 	}
- 
--	// Some distros ship ip6tables separately from iptables.
--	if _, err := exec.LookPath("ip6tables"); err != nil {
--		return err
--	}
--
- 	return nil
- }
- 
diff --git a/tailscale/patches/030-default_to_netfilter_off.patch b/tailscale/patches/030-default_to_netfilter_off.patch
deleted file mode 100644
index 1edd00225..000000000
--- a/tailscale/patches/030-default_to_netfilter_off.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/cmd/tailscale/cli/up.go
-+++ b/cmd/tailscale/cli/up.go
-@@ -147,7 +147,7 @@ func defaultNetfilterMode() string {
- 	if distro.Get() == distro.Synology {
- 		return "off"
- 	}
--	return "on"
-+	return "off"
- }
- 
- type upArgsT struct {
diff --git a/vsftpd-alt/Makefile b/vsftpd-alt/Makefile
index b94f7adf6..663cf02d4 100644
--- a/vsftpd-alt/Makefile
+++ b/vsftpd-alt/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vsftpd-alt
 PKG_VERSION:=3.0.5
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=vsftpd-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://security.appspot.com/downloads/