sing-box: update to 1.11.8

2026-01-27 18:19:53 +00:00 · 2025-04-19 16:11:05 +08:00
29 changed files with 278 additions and 1333 deletions
--- a/.github/workflows/Auto
+++ b/.github/workflows/Auto
@@ -1,119 +0,0 @@
-#
-# Copyright (c) 2025-2026 LWB1978 <https://github.com/lwb1978>
-# Description: Auto Cache Software Release JSONs
-#
-name: Auto Cache Software Release JSONs
-
-on:
-  schedule:
-    - cron: '0 */2 * * *'
-  workflow_dispatch:
-
-env:
-  TZ: Asia/Shanghai
-
-jobs:
-  cache_json:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Initialization environment
-        run: |
-          sudo timedatectl set-timezone "$TZ"
-
-      - name: Install GitHub CLI
-        run: sudo apt-get update && sudo apt-get install -y gh
-
-      - name: Fetch GitHub release JSONs
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mkdir -p output old_json
-
-          declare -A repos
-          repos["geoview"]="snowie2000/geoview"
-          repos["chinadns-ng"]="zfl9/chinadns-ng"
-          repos["xray"]="XTLS/Xray-core"
-          repos["sing-box"]="SagerNet/sing-box"
-          repos["hysteria"]="HyNetwork/hysteria"
-
-          echo "Downloading previous api-cache release assets (if exists)..."
-          gh release download api-cache --dir old_json --pattern "*.json" || echo "No previous release found"
-
-          for name in "${!repos[@]}"; do
-            repo="${repos[$name]}"
-            echo "Processing $name from $repo ..."
-
-            for t in release pre-release; do
-              old="old_json/${name}-${t}-api.json"
-              if [ -f "$old" ]; then
-                cp "$old" "output/${name}-${t}-api.json.bak"
-              fi
-            done
-
-            curl -sL "https://api.github.com/repos/$repo/releases/latest" -o "output/${name}-release-api.json"
-            curl -sL "https://api.github.com/repos/$repo/releases?per_page=1" -o "output/${name}-pre-release-api.json"
-
-            for t in release pre-release; do
-              file="output/${name}-${t}-api.json"
-
-              TAG_NAME=$(grep -oP '"tag_name": "\K[^"]+' "$file" || true)
-
-              if [ -z "$TAG_NAME" ]; then
-                echo "❌ ${file} No tag_name, restore old files..."
-                rm -f "$file"
-
-                if [ -f "${file}.bak" ]; then
-                  mv "${file}.bak" "$file"
-                fi
-              else
-                echo "✅ ${file} Verification successful, delete bak."
-                rm -f "${file}.bak"
-              fi
-            done
-          done
-
-      - name: Check output directory
-        id: check_output
-        run: |
-          if [ -z "$(ls -A output 2>/dev/null)" ]; then
-            echo "empty=true" >> $GITHUB_OUTPUT
-            echo "⚠️ The output directory is empty, and subsequent Upload/Release steps will be skipped."
-          else
-            echo "empty=false" >> $GITHUB_OUTPUT
-            echo "✔ The output directory contains files."
-          fi
-
-      - name: Delete old release and tag
-        if: steps.check_output.outputs.empty == 'false'
-        run: |
-          gh release delete api-cache --cleanup-tag -y || echo "No existing release to delete."
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Upload to release
-        if: steps.check_output.outputs.empty == 'false'
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: api-cache
-          name: Software Release API Cache
-          files: output/*.json
-          body: |
-            This release contains cached GitHub Release API JSON data for several software projects.  
-            It is used by the PassWall (and PassWall2) update component to reduce reliance on GitHub's rate-limited API (60 requests per IP per hour).  
-            
-            **Please do not download it – it is of no use to you.**
-            **请不要下载它，因为它对你没有任何用处。**
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Delete workflow runs
-        uses: Mattraks/delete-workflow-runs@main
-        with:
-          token: ${{ github.token }}
-          repository: ${{ github.repository }}
-          retain_days: 0
-          keep_minimum_runs: 5
-          delete_workflow_pattern: 'Auto Cache Software Release JSONs'
--- a/.github/workflows/Auto
+++ b/.github/workflows/Auto
@@ -22,7 +22,7 @@ env:

 jobs:
  job_auto_compile:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
    name: test build (${{ matrix.platform }})
    strategy:
      fail-fast: false
@@ -135,17 +135,10 @@ jobs:

    - name: Initialization ${{ matrix.platform }} compile environment
      run: |
-        sudo -E rm -rf /usr/share/dotnet /etc/mysql /etc/php /usr/local/lib/android
+        sudo -E rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d /usr/local/lib/android
        echo "install packages!!!!!!"
        sudo -E apt-get -qq update
-        sudo -E apt-get -qq install ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
-            bzip2 ccache clang cmake cpio curl device-tree-compiler ecj fastjar flex gawk gettext gcc-multilib \
-            g++-multilib git gnutls-dev gperf haveged help2man intltool lib32gcc-s1 libc6-dev-i386 libelf-dev \
-            libglib2.0-dev libgmp3-dev libltdl-dev libmpc-dev libmpfr-dev libncurses-dev libpython3-dev \
-            libreadline-dev libssl-dev libtool libyaml-dev libz-dev lld llvm lrzsz mkisofs msmtp nano \
-            ninja-build p7zip p7zip-full patch pkgconf python3 python3-pip python3-ply python3-docutils \
-            python3-pyelftools qemu-utils re2c rsync scons squashfs-tools subversion swig texinfo uglifyjs \
-            upx-ucl unzip vim wget xmlto xxd zlib1g-dev zstd
+        sudo -E apt-get -qq install build-essential clang flex bison g++ gawk gcc-multilib g++-multilib gettext git libncurses-dev libssl-dev python3-distutils python3-setuptools rsync swig unzip zlib1g-dev file wget
        sudo -E apt-get -qq autoremove --purge
        sudo -E apt-get -qq clean

@@ -163,44 +156,17 @@ jobs:
    - name: ${{ matrix.platform }} feeds configuration packages
      run: |
        cd sdk
-        cat > feeds.conf.default << EOF
-        src-git passwall_packages https://github.com/${{ env.packages }}.git;main
-        src-git base https://github.com/openwrt/openwrt.git;openwrt-${{ matrix.sdk_ver }}
-        src-git packages https://github.com/openwrt/packages.git;openwrt-${{ matrix.sdk_ver }}
-        src-git luci https://github.com/openwrt/luci.git;openwrt-${{ matrix.sdk_ver }}
-        src-git routing https://github.com/openwrt/routing.git;openwrt-${{ matrix.sdk_ver }}
-        src-git telephony https://github.com/openwrt/telephony.git;openwrt-${{ matrix.sdk_ver }}
-        EOF
+        echo "src-git base https://github.com/openwrt/openwrt.git;openwrt-${{ matrix.sdk_ver }}" > feeds.conf
+        echo "src-git packages https://github.com/openwrt/packages.git;openwrt-${{ matrix.sdk_ver }}" >> feeds.conf
+        echo "src-git luci https://github.com/openwrt/luci.git;openwrt-${{ matrix.sdk_ver }}" >> feeds.conf
+        echo "src-git routing https://git.openwrt.org/feed/routing.git;openwrt-${{ matrix.sdk_ver }}"  >> feeds.conf
+        echo "src-git passwall_packages https://github.com/${{ env.packages }}.git;main" >> feeds.conf

        ./scripts/feeds update -a
-        ./scripts/feeds install -a
+        ./scripts/feeds install -a -f -p passwall_packages

-        #--------------------------------------begin_patches------------------------------------------
-        echo "Start applying the patch"
-
-
-        rm -rf temp_resp
-        git clone -b master --single-branch https://github.com/openwrt/packages.git temp_resp
-        echo "update golang version"
        rm -rf feeds/packages/lang/golang
-        cp -r temp_resp/lang/golang feeds/packages/lang
-        echo "update rust version"
-        rm -rf feeds/packages/lang/rust
-        cp -r temp_resp/lang/rust feeds/packages/lang
-        rm -rf temp_resp
-
-        git clone -b main --single-branch https://github.com/openwrt/openwrt.git temp_resp
-        cp -f temp_resp/scripts/patch-kernel.sh scripts/
-        rm -rf temp_resp
-
-
-        echo "fixed rust host build error"
-        sed -i 's/--set=llvm\.download-ci-llvm=false/--set=llvm.download-ci-llvm=true/' feeds/packages/lang/rust/Makefile
-        grep -q -- '--ci false \\' feeds/packages/lang/rust/Makefile || sed -i '/x\.py \\/a \        --ci false \\' feeds/packages/lang/rust/Makefile
-
-
-        echo "Patch application completed"
-        #--------------------------------------end_patches--------------------------------------------
+        git clone https://github.com/sbwml/packages_lang_golang -b 24.x feeds/packages/lang/golang

        echo "CONFIG_ALL_NONSHARED=n" > .config
        echo "CONFIG_ALL_KMODS=n" >> .config
--- a/.github/workflows/Auto
+++ b/.github/workflows/Auto
@@ -30,7 +30,7 @@ env:

 jobs:
  job_init:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@main
@@ -57,7 +57,7 @@ jobs:
  job_auto_update_packages:
    if: ${{ always() }}
    needs: job_init
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
    name: Auto-update-${{ matrix.pakcages }} 
    strategy:
      fail-fast: false
@@ -212,9 +212,9 @@ jobs:
            hash_head: \  HASH:=
            version_line:
            hash_line: 21
-            release_api_command: curl -sL "https://api.github.com/repos/Loyalsoldier/geoip/releases" | jq -r 'map(select(.prerelease|not)) | first | .tag_name' | sed -e 's/.*v//'
-            prerelease_api_command: curl -sL "https://api.github.com/repos/Loyalsoldier/geoip/releases" | jq -r 'first | .tag_name' | sed -e 's/.*v//'
-            release_download_url: https://github.com/Loyalsoldier/geoip/releases/download/
+            release_api_command: curl -sL "https://api.github.com/repos/v2fly/geoip/releases" | jq -r 'map(select(.prerelease|not)) | first | .tag_name' | sed -e 's/.*v//'
+            prerelease_api_command: curl -sL "https://api.github.com/repos/v2fly/geoip/releases" | jq -r 'first | .tag_name' | sed -e 's/.*v//'
+            release_download_url: https://github.com/v2fly/geoip/releases/download/
            file_name: /geoip.dat

          - pakcages: v2ray-geosite
@@ -223,10 +223,10 @@ jobs:
            hash_head: \  HASH:=
            version_line:
            hash_line: 30
-            release_api_command: curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases" | jq -r 'map(select(.prerelease|not)) | first | .tag_name' | sed -e 's/.*v//'
-            prerelease_api_command: curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases" | jq -r 'first | .tag_name' | sed -e 's/.*v//'
-            release_download_url: https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/
-            file_name: /geosite.dat
+            release_api_command: curl -sL "https://api.github.com/repos/v2fly/domain-list-community/releases" | jq -r 'map(select(.prerelease|not)) | first | .tag_name' | sed -e 's/.*v//'
+            prerelease_api_command: curl -sL "https://api.github.com/repos/v2fly/domain-list-community/releases" | jq -r 'first | .tag_name' | sed -e 's/.*v//'
+            release_download_url: https://github.com/v2fly/domain-list-community/releases/download/
+            file_name: /dlc.dat

          # - pakcages: dns2tcp
          #   folder: dns2tcp
@@ -344,35 +344,20 @@ jobs:
      - name: Create Pull Request
        id: cpr
        if: steps.check.outputs.status == 'success' && steps.check.outputs.New_PKG_VERSION != '' && steps.update.outputs.branch_exists == '' && !cancelled()
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          branch="patches-${{ matrix.pakcages }}-${{ steps.update.outputs.version }}"
-          title="${{ matrix.pakcages }}: update to ${{ steps.update.outputs.version }}"
-          EXISTING=$(gh pr list \
-            --state open \
-            --base main \
-            --json number,title \
-            --jq ".[] | select(.title == \"$title\") | .number" \
-            || echo "")
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "${{ matrix.pakcages }}: update to ${{ steps.update.outputs.version }}"
+          committer: smallprogram <smallprogram@foxmail.com>
+          author: smallprogram <smallprogram@foxmail.com>
+          signoff: false
+          branch: patches-${{ matrix.pakcages }}-${{ steps.update.outputs.version }}
+          base: main
+          delete-branch: true
+          body: |
+            ${{ matrix.pakcages }}: update to ${{ steps.update.outputs.version }}
+          title: "${{ matrix.pakcages }}: update to ${{ steps.update.outputs.version }}"
+          labels: |
+            automated-pr
+          draft: false

-          if [ -n "$EXISTING" ]; then
-            echo "Duplicate PR with title '$TITLE' already exists: #$EXISTING"
-          else
-            git config --global user.email "smallprogram@foxmail.com"
-            git config --global user.name "smallprogram"
-
-            
-            echo "No duplicate found, will create PR."
-            git checkout -b "$branch"
-            git add .
-            git commit -m "${{ matrix.pakcages }}: update to ${{ steps.update.outputs.version }}"
-            git push origin $branch
-
-            gh pr create \
-            --title "$title" \
-            --body "$title" \
-            --base main \
-            --head "$branch" \
-            --label "automated-pr"
-          fi
--- a/.github/workflows/Close
+++ b/.github/workflows/Close
@@ -7,7 +7,7 @@ jobs:
  stale:
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/stale@v10
+      - uses: actions/stale@v7.0.0
        with:
          stale-issue-message: "Stale Issue"
          stale-pr-message: "Stale PR"
--- a/chinadns-ng/Makefile
+++ b/chinadns-ng/Makefile
@@ -1,64 +1,64 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=chinadns-ng
-PKG_VERSION:=2025.08.09
+PKG_VERSION:=2025.03.27
 PKG_RELEASE:=1

 ifeq ($(ARCH),aarch64)
  ifeq ($(BOARD),rockchip)
    PKG_ARCH:=chinadns-ng+wolfssl@aarch64-linux-musl@generic+v8a@fast+lto
-    PKG_HASH:=3fe0217615dd7060b7287d2b6b31d2a0b364137398bfb335a03bead322eac716
+    PKG_HASH:=2b3f77f1526da452c1884119dd01176a7964e0d3544b9fc624f67b2a7760613d
  else
    PKG_ARCH:=chinadns-ng+wolfssl_noasm@aarch64-linux-musl@generic+v8a@fast+lto
-    PKG_HASH:=42ddd494200ec6d88b35902927688d316bc23e06e6c08d9e01eb2412196ab845
+    PKG_HASH:=0d6f5f742a3c81f907639b5e1ef2b727870f7aafc67010728e88a7968079b9c0
  endif
 else ifeq ($(ARCH),arm)
  ifeq ($(CONFIG_arm_v6),y)
    PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v6+soft_float@fast+lto
-    PKG_HASH:=0a401d1dc11129481b2baf86f847d55d66bd7e725cba4bf57875fdad27ef0052
+    PKG_HASH:=2d972e864a90d1c5e7c874e8ff1f1229fddc03e869c7be9f3b4bf4347a7f150a
  else ifeq ($(CONFIG_arm_v7),y)
    ifeq ($(CONFIG_HAS_FPU),y)
      PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabihf@generic+v7a@fast+lto
-      PKG_HASH:=dfa1f6ba80fb0925613822f4c4e00df8da68e7b8b772048d26a0d1a9d07d346b
+      PKG_HASH:=77faf3fea926752e2ab54a4d32b3de1c29ada8e075921a0e5bb219285d34d938
    else
      PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v6+soft_float@fast+lto
-      PKG_HASH:=0a401d1dc11129481b2baf86f847d55d66bd7e725cba4bf57875fdad27ef0052
+      PKG_HASH:=2d972e864a90d1c5e7c874e8ff1f1229fddc03e869c7be9f3b4bf4347a7f150a
    endif
  else
    PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v5te+soft_float@fast+lto
-    PKG_HASH:=dc104953fcd95c1c98b7b2b54b0b6731565e0650f81230e6de127a486803f42f
+    PKG_HASH:=7414c31064f36fe3357e9bd14e537a23b38174c8d2de76c60869cb51085afd99
  endif
 else ifeq ($(ARCH),mips)
  PKG_ARCH:=chinadns-ng+wolfssl@mips-linux-musl@mips32+soft_float@fast+lto
-  PKG_HASH:=b610821a8f61b0ed3c8c7e82e10d401348a9de17f900988589024a37c4099c8e
+  PKG_HASH:=b8ae32305069cccf01ef2704633ab326d69bd8ef7cfb71a30722d71e9cd6787e
 else ifeq ($(ARCH),mipsel)
  ifeq ($(CONFIG_HAS_FPU),)
    PKG_ARCH:=chinadns-ng+wolfssl@mipsel-linux-musl@mips32+soft_float@fast+lto
-    PKG_HASH:=760544a88724e3b1b9eac79c9400231e81aa8786f8f00a979229e175811ffe6d
+    PKG_HASH:=f12ce9b5227fefbf82401bd22379a52f2ec157c7cbe7e7dbdd2c0b2599e3a323
  else
    PKG_ARCH:=chinadns-ng+wolfssl@mipsel-linux-musl@mips32@fast+lto
-    PKG_HASH:=ec547c31a884e0967437ceb90a5c270864efe81b0e40939e0ec2810c7bfd6653
+    PKG_HASH:=7cf942d7fac3cf1f86295ee1af8a724065c6ab6595ca084cbd9f5ecc34e32483
  endif
 else ifeq ($(ARCH),mips64)
  PKG_ARCH:=chinadns-ng+wolfssl@mips64-linux-musl@mips64+soft_float@fast+lto
-  PKG_HASH:=2d0fce18a7ef1d74fdc12738767e66998a52c2b30d8790da760933853fe8726e
+  PKG_HASH:=658d2f46caad44ba731193380b06faaeaa82501766584a6208ec4ff54d9b16e5
 else ifeq ($(ARCH),mips64el)
  PKG_ARCH:=chinadns-ng+wolfssl@mips64el-linux-musl@mips64+soft_float@fast+lto
-  PKG_HASH:=a301d8d200d06582c60bbe0e487a28f5b41e6f0997a548cf882a7b078dab089c
+  PKG_HASH:=f2f5617e0348ef621e2cb41ed6c56d6911ae5d21e68cc9063b69ce99c1f54938
 else ifeq ($(ARCH),i386)
  ifneq ($(CONFIG_TARGET_x86_geode)$(CONFIG_TARGET_x86_legacy),)
    PKG_ARCH:=chinadns-ng+wolfssl@i386-linux-musl@i686@fast+lto
-    PKG_HASH:=85e057dd0a0e8913b30471737436ab8b71834c494ed9f9e53544261b1ffdc8d6
+    PKG_HASH:=d9d0c3c38ca5b3ac266ae5753a0d87b37f571a6e2a8806699f858ad348afbf5e
  else
    PKG_ARCH:=chinadns-ng+wolfssl@i386-linux-musl@pentium4@fast+lto
-    PKG_HASH:=2d0f1a05c82f2e21e71a6618c7f1d2e7f46aa6a21535d774d517e87ec00c989b
+    PKG_HASH:=dd54f258239f9b868c67ec4e18de074706f8b852796bfd61178f2cd145d17ff6
  endif
 else ifeq ($(ARCH),x86_64)
  PKG_ARCH:=chinadns-ng+wolfssl@x86_64-linux-musl@x86_64@fast+lto
-  PKG_HASH:=842ea4e9816efd91d39bc76ead5c4a42e79011757e37c521b4270b675cfcb30c
+  PKG_HASH:=37b337f1006b85176840f1b82508731a292751d1ee94bb3791578d04d63f856f
 else ifeq ($(ARCH),riscv64)
  PKG_ARCH:=chinadns-ng+wolfssl@riscv64-linux-musl@baseline_rv64@fast+lto
-  PKG_HASH:=7056f47f4d6b20109e007792694dc83e5eac44c9265d7be20f6dc10375b35a9b
+  PKG_HASH:=8bf3e88c78f537595651cb1ad40196c36d4bf5c1796ff70990523784409f8155
 else
  PKG_HASH:=dummy
 endif
@@ -79,7 +79,7 @@ define Package/chinadns-ng
  SUBMENU:=IP Addresses and Names
  TITLE:=ChinaDNS next generation, refactoring with epoll and ipset.
  URL:=https://github.com/zfl9/chinadns-ng
-  DEPENDS:=@(aarch64||arm||i386||mips||mipsel||mips64||mips64el||x86_64||riscv64)
+  DEPENDS:=@(aarch64||arm||i386||mips||mipsel||mips64||mips64el||x86_64||riscv64) +ipset
 endef

 define Build/Compile
--- a/dns2socks/Makefile
+++ b/dns2socks/Makefile
@@ -8,8 +8,8 @@ PKG_NAME:=dns2socks
 PKG_VERSION:=2.1
 PKG_RELEASE:=2

-PKG_SOURCE:=SourceCode.zip
-PKG_SOURCE_URL:=https://github.com/xiaorouji/openwrt-passwall-packages/releases/download/dns2socks
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
+PKG_SOURCE_URL:=@SF/dns2socks/SourceCode.zip?
 PKG_SOURCE_DATE:=2020-02-18
 PKG_HASH:=406b5003523577d39da66767adfe54f7af9b701374363729386f32f6a3a995f4

--- a/geoview/Makefile
+++ b/geoview/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=geoview
-PKG_VERSION:=0.2.2
+PKG_VERSION:=0.1.5
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/snowie2000/geoview/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=3cdec7da60d5ec84f71e086fdc77f43287d064371f51d49bcfe09abd50604343
+PKG_HASH:=06d3dc1e67de452086a6e8ee477cbfab0f73ff19effeefdf652be0fb62e55348

 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
--- a/hysteria/Makefile
+++ b/hysteria/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=hysteria
-PKG_VERSION:=2.6.5
+PKG_VERSION:=2.6.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/apernet/hysteria/tar.gz/app/v$(PKG_VERSION)?
-PKG_HASH:=21a04ef8ce640d7c60c3b8678500b6e6481862d9af62f9ce2663b772211718d0
+PKG_HASH:=21955752d4a9fcbe42cde9e491421b67144e0070cba184884ad7f8d4ff1f48de
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-app-v$(PKG_VERSION)

 PKG_LICENSE:=MIT
--- a/microsocks/Makefile
+++ b/microsocks/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=microsocks
 PKG_VERSION:=1.0.5
-PKG_RELEASE:=2
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)?
@@ -25,7 +25,7 @@ define Package/microsocks
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=Web Servers/Proxies
-  TITLE:=Tiny, portable SOCKS5 server. Support forwarding rules
+  TITLE:=Tiny, portable SOCKS5 server
  URL:=https://github.com/rofl0r/microsocks
  DEPENDS:=+libpthread
 endef
@@ -33,7 +33,6 @@ endef
 define Package/microsocks/description
  A SOCKS5 service that you can run on your remote boxes to tunnel connections
  through them, if for some reason SSH doesn't cut it for you.
-  This version supports forwarding rules.
 endef

 define Package/microsocks/install
--- a/microsocks/patches/100-Add-SOCKS5-forwarding-rules-support.patch
+++ b/microsocks/patches/100-Add-SOCKS5-forwarding-rules-support.patch
@@ -1,428 +0,0 @@
--- a/sockssrv.c
-+++ b/sockssrv.c
-@@ -33,8 +33,10 @@
- #include <arpa/inet.h>
- #include <errno.h>
- #include <limits.h>
-+#include <sys/time.h>
- #include "server.h"
- #include "sblist.h"
-+#define MICROSOCKS_VERSION "1.0.5-forward"
- 
- /* timeout in microseconds on resource exhaustion to prevent excessive
-    cpu usage. */
-@@ -71,6 +73,7 @@
- static pthread_rwlock_t auth_ips_lock = PTHREAD_RWLOCK_INITIALIZER;
- static const struct server* server;
- static union sockaddr_union bind_addr = {.v4.sin_family = AF_UNSPEC};
-+static sblist *fwd_rules;
- 
- enum socksstate {
- 	SS_1_CONNECTED,
-@@ -97,6 +100,17 @@
- 	EC_ADDRESSTYPE_NOT_SUPPORTED = 8,
- };
- 
-+struct fwd_rule {
-+	char *match_name;
-+	short match_port;
-+	char *auth_buf; /* Username/Password request buffer (RFC-1929) */
-+	size_t auth_len;
-+	char *upstream_name;
-+	short upstream_port;
-+	char *req_buf; /* Client Connection Request buffer to send to upstream */
-+	size_t req_len;
-+};
-+
- struct thread {
- 	pthread_t pt;
- 	struct client client;
-@@ -116,6 +130,109 @@
- static void dolog(const char* fmt, ...) { }
- #endif
- 
-+static int upstream_handshake(const struct fwd_rule* rule, unsigned char *client_buf, size_t client_buf_len, 
-+							int client_fd, int upstream_fd, unsigned short client_port) {
-+	unsigned char sbuf[512];
-+	ssize_t r;
-+
-+	if(rule->auth_buf) {
-+		unsigned char handshake[4] = {5, 2, 0, 2};
-+		if (write(upstream_fd, handshake, 4) != 4) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+	} else {
-+		unsigned char handshake[3] = {5, 1, 0};
-+		if (write(upstream_fd, handshake, 3) != 3) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+	}
-+
-+	if (read(upstream_fd, sbuf, 2) != 2 || sbuf[0] != 5) {
-+		close(upstream_fd);
-+		return -1;
-+	}
-+
-+	if (sbuf[1] == 2) {
-+		if (!rule->auth_buf) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+		if (write(upstream_fd, rule->auth_buf, rule->auth_len) != (ssize_t)rule->auth_len) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+		if (read(upstream_fd, sbuf, 2) != 2 || sbuf[0] != 1 || sbuf[1] != 0) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+	} else if (sbuf[1] != 0) {
-+		close(upstream_fd);
-+		return -1;
-+	}
-+
-+	if (write(upstream_fd, client_buf, client_buf_len) != (ssize_t)client_buf_len) {
-+		close(upstream_fd);
-+		return -1;
-+	}
-+
-+	size_t total = 0;
-+	size_t need = 4;
-+
-+	while (total < need) {
-+		r = read(upstream_fd, sbuf + total, need - total);
-+		if (r <= 0) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+		total += r;
-+	}
-+
-+	if (sbuf[1] != 0) {
-+		close(upstream_fd);
-+		return -sbuf[1];
-+	}
-+
-+	size_t need_more = 0;
-+	switch (sbuf[3]) {
-+		case 1:
-+			need_more = 4 + 2;
-+			break;
-+		case 4:
-+			need_more = 16 + 2;
-+			break;
-+		case 3:
-+			r = read(upstream_fd, sbuf + total, 1);
-+			if (r != 1) {
-+				close(upstream_fd);
-+				return -1;
-+			}
-+			total += r;
-+			need_more = sbuf[4] + 2;
-+			break;
-+		default:
-+			close(upstream_fd);
-+			return -EC_ADDRESSTYPE_NOT_SUPPORTED;
-+	}
-+
-+	while (total < need + need_more) {
-+		r = read(upstream_fd, sbuf + total, (need + need_more) - total);
-+		if (r <= 0) {
-+			close(upstream_fd);
-+			return -1;
-+		}
-+		total += r;
-+	}
-+
-+	if (write(client_fd, sbuf, total) != (ssize_t)total) {
-+		close(upstream_fd);
-+		return -1;
-+	}
-+
-+	return upstream_fd;
-+}
-+
- static struct addrinfo* addr_choose(struct addrinfo* list, union sockaddr_union* bindaddr) {
- 	int af = SOCKADDR_UNION_AF(bindaddr);
- 	if(af == AF_UNSPEC) return list;
-@@ -125,7 +242,9 @@
- 	return list;
- }
- 
-static int connect_socks_target(unsigned char *buf, size_t n, struct client *client) {
-+static int connect_socks_target(unsigned char *buf, size_t n, struct client *client, int *used_rule) {
-+	*used_rule = 0;
-+
- 	if(n < 5) return -EC_GENERAL_FAILURE;
- 	if(buf[0] != 5) return -EC_GENERAL_FAILURE;
- 	if(buf[1] != 1) return -EC_COMMAND_NOT_SUPPORTED; /* we support only CONNECT method */
-@@ -158,6 +277,29 @@
- 	}
- 	unsigned short port;
- 	port = (buf[minlen-2] << 8) | buf[minlen-1];
-+
-+	size_t i;
-+	struct fwd_rule *rule = NULL;
-+	char original_name[256];
-+	unsigned short original_port = port;
-+	strncpy(original_name, namebuf, sizeof(original_name) - 1);
-+	original_name[sizeof(original_name) - 1] = '\0';
-+	if(fwd_rules) {
-+		for(i=0;i<sblist_getsize(fwd_rules);++i) {
-+			struct fwd_rule* r = (struct fwd_rule*)sblist_get(fwd_rules, i);
-+			int name_match = (r->match_name[0]=='\0' || strcmp(r->match_name, namebuf) == 0);
-+			int port_match = (r->match_port == 0 || r->match_port == port);
-+			if(name_match && port_match) {
-+				rule = r;
-+				*used_rule = 1;
-+				strncpy(namebuf, r->upstream_name, sizeof(namebuf)-1);
-+				namebuf[sizeof(namebuf)-1] = '\0';
-+				port = r->upstream_port;
-+				break;
-+			}
-+		}
-+	}
-+
- 	/* there's no suitable errorcode in rfc1928 for dns lookup failure */
- 	if(resolve(namebuf, port, &remote)) return -EC_GENERAL_FAILURE;
- 	struct addrinfo* raddr = addr_choose(remote, &bind_addr);
-@@ -186,6 +328,11 @@
- 			return -EC_GENERAL_FAILURE;
- 		}
- 	}
-+
-+	struct timeval tv = {5, 0};
-+	setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (const char*)&tv, sizeof(tv));
-+	setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (const char*)&tv, sizeof(tv));
-+
- 	if(SOCKADDR_UNION_AF(&bind_addr) == raddr->ai_family &&
- 	   bindtoip(fd, &bind_addr) == -1)
- 		goto eval_errno;
-@@ -198,9 +345,22 @@
- 		af = SOCKADDR_UNION_AF(&client->addr);
- 		void *ipdata = SOCKADDR_UNION_ADDRESS(&client->addr);
- 		inet_ntop(af, ipdata, clientname, sizeof clientname);
-		dolog("client[%d] %s: connected to %s:%d\n", client->fd, clientname, namebuf, port);
-+		if (rule) {
-+			dolog("client[%d] %s: %s:%d -> via %s:%d\n", client->fd, clientname, original_name, original_port, rule->upstream_name, rule->upstream_port);
-+		} else {
-+			dolog("client[%d] %s: connected to %s:%d\n", client->fd, clientname, namebuf, port);
-+		}
- 	}
-	return fd;
-+
-+	if (rule) {
-+		int result = upstream_handshake(rule, buf, n, client->fd, fd, original_port);
-+		if (result < 0) {
-+			close(fd);
-+			return result;
-+		}
-+		return result;
-+	}
-+    return fd;
- }
- 
- static int is_authed(union sockaddr_union *client, union sockaddr_union *authedip) {
-@@ -322,6 +482,7 @@
- 	ssize_t n;
- 	int ret;
- 	enum authmethod am;
-+	int used_rule = 0;
- 	t->state = SS_1_CONNECTED;
- 	while((n = recv(t->client.fd, buf, sizeof buf, 0)) > 0) {
- 		switch(t->state) {
-@@ -345,12 +506,14 @@
- 				}
- 				break;
- 			case SS_3_AUTHED:
-				ret = connect_socks_target(buf, n, &t->client);
-+				ret = connect_socks_target(buf, n, &t->client, &used_rule);
- 				if(ret < 0) {
- 					send_error(t->client.fd, ret*-1);
- 					return -1;
- 				}
-				send_error(t->client.fd, EC_SUCCESS);
-+				if (!used_rule) {
-+					send_error(t->client.fd, EC_SUCCESS);
-+				}
- 				return ret;
- 		}
- 	}
-@@ -382,11 +545,131 @@
- 	}
- }
- 
-+static short host_get_port(char *name) {
-+	int p,n;
-+	char *c;
-+	if((c = strrchr(name, ':')) && sscanf(c+1,"%d%n",&p, &n)==1 && n == (int)(strlen(c + 1)) && p >= 0 && p < USHRT_MAX)
-+		return (*c='\0'),(short)p;
-+	else
-+		return -1;
-+}
-+
-+static int fwd_rules_add(char *str) {
-+	char *match = NULL, *upstream = NULL, *remote = NULL;
-+	unsigned short match_port, upstream_port, remote_port;
-+	int ncred;
-+
-+	if(sscanf(str, "%m[^,],%n%m[^,],%ms\n", &match, &ncred, &upstream, &remote) != 3)
-+		return 1;
-+
-+	match_port = host_get_port(match);
-+	upstream_port = host_get_port(upstream);
-+	remote_port = host_get_port(remote);
-+
-+	if(match_port < 0 || upstream_port <= 0 || remote_port < 0) {
-+		free(match);
-+		free(upstream);
-+		free(remote);
-+		return 1;
-+	}
-+
-+	char *match_copy = strdup(match);
-+	char *upstream_copy = strdup(upstream);
-+	char *remote_copy = strdup(remote);
-+
-+	struct fwd_rule *rule = (struct fwd_rule*)malloc(sizeof(struct fwd_rule));
-+	if (!rule) {
-+		free(match_copy);
-+		free(upstream_copy);
-+		free(remote_copy);
-+		free(match);
-+		free(upstream);
-+		free(remote);
-+		return 1;
-+	}
-+
-+	if(strcmp(match_copy, "0.0.0.0") == 0 || strcmp(match_copy, "*") == 0) {
-+		free(match_copy);
-+		rule->match_name = strdup("");
-+	} else {
-+		rule->match_name = match_copy;
-+	}
-+	rule->match_port = match_port;
-+	rule->auth_buf = NULL;
-+	rule->auth_len = 0;
-+
-+	char *at_sign = strchr(upstream_copy, '@');
-+	if (at_sign) {
-+		*at_sign = '\0';
-+		char *auth_part = upstream_copy;
-+		char *host_part = at_sign + 1;
-+		char *colon = strchr(auth_part, ':');
-+		if (!colon) {
-+			free(rule);
-+			free(upstream_copy);
-+			free(remote_copy);
-+			free(match);
-+			free(upstream);
-+			free(remote);
-+			return 1;
-+		}
-+		*colon++ = '\0';
-+		char *username = auth_part;
-+		char *password = colon;
-+		size_t ulen = strlen(username);
-+		size_t plen = strlen(password);
-+		if (ulen > 255 || plen > 255) {
-+			free(rule);
-+			free(upstream_copy);
-+			free(remote_copy);
-+			free(match);
-+			free(upstream);
-+			free(remote);
-+			return 1;
-+		}
-+		rule->auth_len = 1 + 1 + ulen + 1 + plen;
-+		rule->auth_buf = malloc(rule->auth_len);
-+		rule->auth_buf[0] = 1;
-+		rule->auth_buf[1] = ulen;
-+		memcpy(&rule->auth_buf[2], username, ulen);
-+		rule->auth_buf[2 + ulen] = plen;
-+		memcpy(&rule->auth_buf[3 + ulen], password, plen);
-+		rule->upstream_name = strdup(host_part);
-+		rule->upstream_port = upstream_port;
-+		/* hide from ps */
-+		memset(str+ncred, '*', ulen+1+plen);
-+	} else {
-+		rule->upstream_name = strdup(upstream_copy);
-+		rule->upstream_port = upstream_port;
-+	}
-+
-+	free(upstream_copy);
-+	short rlen = strlen(remote_copy);
-+	rule->req_len = 3 + 1 + 1 + rlen + 2;
-+	rule->req_buf = (char*)malloc(rule->req_len);
-+	rule->req_buf[0] = 5;
-+	rule->req_buf[1] = 1;
-+	rule->req_buf[2] = 0;
-+	rule->req_buf[3] = 3;
-+	rule->req_buf[4] = rlen;
-+	memcpy(&rule->req_buf[5], remote_copy, rlen);
-+	unsigned short rport = remote_port ? remote_port : 0;
-+	rule->req_buf[5 + rlen]     = (rport >> 8) & 0xFF;
-+	rule->req_buf[5 + rlen + 1] = (rport & 0xFF);
-+	free(remote_copy);
-+	sblist_add(fwd_rules, rule);
-+	free(match);
-+	free(upstream);
-+	free(remote);
-+
-+	return 0;
-+}
-+
- static int usage(void) {
- 	dprintf(2,
- 		"MicroSocks SOCKS5 Server\n"
- 		"------------------------\n"
-		"usage: microsocks -1 -q -i listenip -p port -u user -P pass -b bindaddr -w ips\n"
-+		"usage: microsocks -1 -q -i listenip -p port -u user -P pass -b bindaddr -w ips -f fwdrule\n"
- 		"all arguments are optional.\n"
- 		"by default listenip is 0.0.0.0 and port 1080.\n\n"
- 		"option -q disables logging.\n"
-@@ -401,6 +684,12 @@
- 		" this is handy for programs like firefox that don't support\n"
- 		" user/pass auth. for it to work you'd basically make one connection\n"
- 		" with another program that supports it, and then you can use firefox too.\n"
-+		"option -f specifies a forwarding rule of the form\n"
-+		"  match_name:match_port,[user:password@]upstream_name:upstream_port,remote_name:remote_port\n"
-+		" this will cause requests that /match/ to be renamed to /remote/\n"
-+		" and sent to the /upstream/ SOCKS5 proxy server.\n"
-+		" this option may be specified multiple times.\n"
-+		"option -V prints version information and exits.\n"
- 	);
- 	return 1;
- }
-@@ -416,7 +705,7 @@
- 	const char *listenip = "0.0.0.0";
- 	char *p, *q;
- 	unsigned port = 1080;
-	while((ch = getopt(argc, argv, ":1qb:i:p:u:P:w:")) != -1) {
-+	while((ch = getopt(argc, argv, ":1qb:i:p:u:P:w:f:V")) != -1) {
- 		switch(ch) {
- 			case 'w': /* fall-through */
- 			case '1':
-@@ -456,11 +745,20 @@
- 			case 'p':
- 				port = atoi(optarg);
- 				break;
-+			case 'f':
-+				if(!fwd_rules)
-+					fwd_rules = sblist_new(sizeof(struct fwd_rule), 16);
-+				if(fwd_rules_add(optarg))
-+					return dprintf(2, "error: could not parse forwarding rule %s\n", optarg), 1;
-+				break;
- 			case ':':
- 				dprintf(2, "error: option -%c requires an operand\n", optopt);
- 				/* fall through */
- 			case '?':
- 				return usage();
-+			case 'V':
-+				dprintf(1, "MicroSocks %s\n", MICROSOCKS_VERSION);
-+				return 0;
- 		}
- 	}
- 	if((auth_user && !auth_pass) || (!auth_user && auth_pass)) {
--- a/naiveproxy/Makefile
+++ b/naiveproxy/Makefile
@@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=naiveproxy
-PKG_VERSION:=143.0.7499.109
-PKG_RELEASE:=2
+PKG_VERSION:=135.0.7049.38
+PKG_RELEASE:=1

 ARCH_PREBUILT:=$(ARCH_PACKAGES)

@@ -25,47 +25,47 @@ PKG_SOURCE:=naiveproxy-v$(PKG_VERSION)-$(PKG_RELEASE)-openwrt-$(ARCH_PREBUILT).t
 PKG_SOURCE_URL:=https://github.com/klzgrad/naiveproxy/releases/download/v$(PKG_VERSION)-$(PKG_RELEASE)/

 ifeq ($(ARCH_PREBUILT),aarch64_cortex-a53)
-  PKG_HASH:=e5eec05d7e799c4b6f93adb02129246142a88e427d76d6275a0312872031a1db
+  PKG_HASH:=7711d714d9cec37eac9048a59fc0d1fa7c7bc0a637018c9b2e419c43368e3c53
 else ifeq ($(ARCH_PREBUILT),aarch64_cortex-a72)
-  PKG_HASH:=ca7975f7b711d1936d44b7a3676d4ddec59dd84339da0e28aa8bbc1fa738523a
+  PKG_HASH:=44253ecd8cb7c62ffd948901a1191ca2c1b65430ec19253322c5935551e13b7c
 else ifeq ($(ARCH_PREBUILT),aarch64_generic)
-  PKG_HASH:=a4b34126901ad577a018332dd8cfa015ca5de1dcbbcf445465fb5a89a29a6b29
+  PKG_HASH:=7ba36313b0485d0bbb7d95debcd90a8add2d6ae40e756c702542fc64dc1e9c12
 else ifeq ($(ARCH_PREBUILT),arm_arm1176jzf-s_vfp)
-  PKG_HASH:=ec0a9a76bc51d7608897db9d87c3e52a889989856b3456cf1b35c4a42891fc40
+  PKG_HASH:=15e33c0368cf8adca8dade760e1d65307f93ea3a7f9e83aa6fe8ab6410578c0e
 else ifeq ($(ARCH_PREBUILT),arm_arm926ej-s)
-  PKG_HASH:=bdd03cdec1f7215369cafdc7922f3d78ecd570a59d5cd04e829cab33c6dbc68e
+  PKG_HASH:=c7cca2201b9a582fb674984cf9521c237fa9ff8f5e8fbe6323d4be34b684c85e
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a15_neon-vfpv4)
-  PKG_HASH:=fce86759321a06cc373ceef1a38fee456cf0383cc466a3762671b9a0fc4e13ba
+  PKG_HASH:=474e3227c6bb0271e4d9e9a11f02bbf3a96171abbfad710b764a4cbf01276c39
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a5_vfpv4)
-  PKG_HASH:=3bb0eef45955ccb656c0b074db40024e35a96c0588250534d25468242b21e067
+  PKG_HASH:=d8267795f9221e3c9ef1194f67b5c132e61236135ba9f5130666782e6cb3b00e
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a7)
-  PKG_HASH:=42c95ce44d9abb1472f4817b5839252fc418cecd3b1d683a0211ca98e7e9a21f
+  PKG_HASH:=519d116bea3d19ef3f9da782d2066c09cb4b9fcc1494f9bc2450f65e5d5895b7
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a7_neon-vfpv4)
-  PKG_HASH:=7222d40cc5b0f29e5858e6023e713cc69174672b2489a8c8525d031822b38230
+  PKG_HASH:=e2d8748b13867f9c0f9007b4570bdf2466d4717ed5fe112cdd5c5745dd9cda88
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a7_vfpv4)
-  PKG_HASH:=1c15ceeb689d686e198afd0c1bb72b6c54ef89bde5b347205d6c2cedf359f37a
+  PKG_HASH:=ee74875fa83dac7b79ea2945ee3320bd1b5c974b38e528217e8db514dfd4f015
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a8_vfpv3)
-  PKG_HASH:=a5f370df608aba401cb5a761c17f994d27d1a912be1aa9c7bcc0417314ecfb62
+  PKG_HASH:=415aa150b519949cd89b0c8c22ba10681de2bfcd78894830e270c83412f247a7
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a9)
-  PKG_HASH:=f5df82bd5d3a45e8869026977c2d30bac6ccc258dadb7046e3306d4e54395741
+  PKG_HASH:=62c9b107c4cef346de3d7f81fc39e37356b7635b7c86c2e5628a7c79d852f6e7
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a9_neon)
-  PKG_HASH:=7600df27693dda5f43c7d38715b9d4664db77ed4488c77da822c690cb28fcf90
+  PKG_HASH:=8e7b251f880f7249138c93b623c82037ea03a4e91cfad0a127d2f0860363ade6
 else ifeq ($(ARCH_PREBUILT),arm_cortex-a9_vfpv3-d16)
-  PKG_HASH:=c010124d705e19da53e0df4658c23a5ad0ff71e89f8819e01f9e7011160042fa
+  PKG_HASH:=83a8f4333c8a0ce14348d461a6f1b2e55078a2afb5cfa937b5141dd58f700c1c
 else ifeq ($(ARCH_PREBUILT),arm_mpcore)
-  PKG_HASH:=6ccbf7cf6b17b4cf4ab7b29b12a279b1fc79257f2fc569e81a5af6bda18819f4
+  PKG_HASH:=c9d88844b79d77ba387275f707896df6f0ddb109eed15461f169b4193f55f5ae
 else ifeq ($(ARCH_PREBUILT),arm_xscale)
-  PKG_HASH:=5367433f1759aa0b947f6180c9d1944205629d7829db9f3466bd38d40da57ae0
+  PKG_HASH:=d27f2d18fd5ce59c78af7f879d300e0700de05672cfb6265d252a4a7197a4df1
 else ifeq ($(ARCH_PREBUILT),mipsel_24kc)
-  PKG_HASH:=444a59288e3e7e80b2ca04fb4d6fb9a046a624cb01a9cea2314834c736561433
+  PKG_HASH:=054b2e9989ae30fbfc2ca4f69e1df686433a604d0c55827e6eb478b902d02cd1
 else ifeq ($(ARCH_PREBUILT),mipsel_mips32)
-  PKG_HASH:=fa568b8a8ed8505a99d5ca30568cbdb2539cc48d218c338a321fba116632daa1
+  PKG_HASH:=c6e7015b2e900e94244e66118b2b3c7c9f5ff5e0257311625497e7dc133a1071
 else ifeq ($(ARCH_PREBUILT),riscv64)
-  PKG_HASH:=13c1a43e58cef7219baf828250afb9390fd2ed9379d30f7d7b182db61492fe69
+  PKG_HASH:=7a9a49046672eced503fb9adf8fcb0e158ffd01e8856123e04a1400c57be81b0
 else ifeq ($(ARCH_PREBUILT),x86)
-  PKG_HASH:=8088dd1ea80321109248f68f6f1a7c45f5b4dc0982992aabde725c3503a5b442
+  PKG_HASH:=ddf4599057756bb77e560454eb7b62591077af731f06baff4491f07a7bf59c57
 else ifeq ($(ARCH_PREBUILT),x86_64)
-  PKG_HASH:=5681e13c833757cfb5769755fd93d1906c47448af190585067bde9de590bdb2e
+  PKG_HASH:=41b982201463ebca5aac999efc80484d6261ddcd5763a69e078c1e41fb427ef6
 else
  PKG_HASH:=dummy
 endif
--- a/naiveproxy/files/naiveproxy.init
+++ b/naiveproxy/files/naiveproxy.init
@@ -1,28 +1,34 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2021 ImmortalWrt

+. /lib/functions.sh
+. /lib/functions/procd.sh
+
 USE_PROCD=1
+
 START=99
+STOP=10

-NAME="naiveproxy"
-
-start_service() {
-	config_load "$NAME"
-	config_get_bool "enable" "config" "enable" "0"
-	[ "$enable" -eq "1" ] || return 1
-
+init_conf() {
+	config_load "naiveproxy"
+	config_get "enable" "config" "enable" "0"
 	config_get "listen_addr" "config" "listen_addr"
 	config_get "server_addr" "config" "server_addr"
 	config_get "extra_argument" "config" "extra_argument"
+}
+
+start_service() {
+	init_conf
+	[ "${enable}" == "1" ] || return 0

 	procd_open_instance naiveproxy

 	procd_set_param command naive
-	procd_append_param command --listen="$listen_addr"
-	procd_append_param command --proxy="$server_addr"
-	[ -n "$extra_argument" ] && procd_append_param command $extra_argument
+	procd_append_param command --listen="${listen_addr}"
+	procd_append_param command --proxy="${server_addr}"
+	[ -n "${extra_argument}" ] && procd_append_param command "${extra_argument}"

-	procd_set_param respawn
+	procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
 	procd_set_param limits core="unlimited"
 	procd_set_param stdout 1
 	procd_set_param stderr 1
@@ -30,6 +36,12 @@ start_service() {
 	procd_close_instance
 }

-service_triggers() {
-        procd_add_reload_trigger "$NAME"
+reload_service()
+{
+	stop
+	start
+}
+
+service_triggers() {
+        procd_add_reload_trigger "naiveproxy"
 }
--- a/shadow-tls/Makefile
+++ b/shadow-tls/Makefile
@@ -1,43 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0-only
-#
-# Copyright (C) 2025 ImmortalWrt.org
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=shadow-tls
-PKG_VERSION:=0.2.25
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/ihciah/shadow-tls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=1d1d436734823ba0302de6e91883ed892ea710769c722a139990194ff5837224
-
-PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
-PKG_LICENSE:=MIT
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_BUILD_DEPENDS:=rust/host
-PKG_BUILD_PARALLEL:=1
-
-include $(INCLUDE_DIR)/package.mk
-include $(TOPDIR)/feeds/packages/lang/rust/rust-package.mk
-
-define Package/shadow-tls
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=Web Servers/Proxies
-  TITLE:=A proxy to expose real tls handshake to the firewall
-  URL:=https://github.com/ihciah/shadow-tls
-  DEPENDS:=@(aarch64||arm||x86_64)
-endef
-
-define Package/shadow-tls/description
-  A proxy to expose real tls handshake to the firewall.
-
-  It works like trojan but it does not require signing certificate.
-  The firewall will see real tls handshake with valid certificate
-  that you choose.
-endef
-
-$(eval $(call RustBinPackage,shadow-tls))
-$(eval $(call BuildPackage,shadow-tls))
--- a/shadow-tls/patches/010-Fix-reading-WildcardSNI-from-sip003_arg-115.patch
+++ b/shadow-tls/patches/010-Fix-reading-WildcardSNI-from-sip003_arg-115.patch
@@ -1,23 +0,0 @@
-From 045014130570dd23d5a9cce124b78b2bb1ddaf5f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E1=A1=A0=E1=A0=B5=E1=A1=A0=E1=A1=B3=20=E1=A1=A0=E1=A0=B5?=
- =?UTF-8?q?=E1=A1=A0=20=E1=A0=AE=E1=A0=A0=E1=A0=A8=E1=A1=A9=E1=A0=8B?=
- =?UTF-8?q?=E1=A0=A0=E1=A0=A8?=
- <125150101+UjuiUjuMandan@users.noreply.github.com>
-Date: Thu, 24 Apr 2025 22:39:07 +0000
-Subject: [PATCH] Fix reading WildcardSNI from sip003_arg (#115)
-
---
- src/main.rs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/src/main.rs
-+++ b/src/main.rs
-@@ -269,7 +269,7 @@ pub(crate) fn get_sip003_arg() -> Option
-         let tls_addrs = parse_server_addrs(tls_addr)
-             .expect("tls param parse failed(like tls=xxx.com:443 or tls=yyy.com:1.2.3.4:443;zzz.com:443;xxx.com)");
-         let wildcard_sni =
-            WildcardSNI::from_str(opts.get("tls").map(AsRef::as_ref).unwrap_or_default(), true)
-+            WildcardSNI::from_str(opts.get("wildcard-sni").map(AsRef::as_ref).unwrap_or("off"), true)
-                 .expect("wildcard_sni format error");
-         Args {
-             cmd: crate::Commands::Server {
--- a/shadow-tls/patches/011-fix-use-tls1-2-only-website-for-tls12-test-suites-129.patch
+++ b/shadow-tls/patches/011-fix-use-tls1-2-only-website-for-tls12-test-suites-129.patch
@@ -1,230 +0,0 @@
-From 02dd0bc7bae8a2011729f95021690e694fd8e43e Mon Sep 17 00:00:00 2001
-From: V <vendettareborn@proton.me>
-Date: Fri, 25 Apr 2025 18:27:13 +0200
-Subject: [PATCH] fix: use tls1.2 only website for tls12 test suites (#129)
-
-* fix: use tls1.2 only website for tls12 test suites
---
- src/helper_v2.rs |  2 ++
- src/main.rs      | 12 +++++++-----
- src/sip003.rs    |  6 +++---
- src/util.rs      |  2 +-
- tests/tls12.rs   | 32 ++++++++++++++++----------------
- 5 files changed, 29 insertions(+), 25 deletions(-)
-
--- a/src/helper_v2.rs
-+++ b/src/helper_v2.rs
-@@ -26,6 +26,7 @@ use crate::util::prelude::*;
- 
- pub(crate) const HMAC_SIZE_V2: usize = 8;
- 
-+#[allow(unused)]
- pub(crate) trait HashedStream {
-     fn hash_stream(&self) -> [u8; 20];
- }
-@@ -98,6 +99,7 @@ impl<S> HashedWriteStream<S> {
-         })
-     }
- 
-+    #[allow(unused)]
-     pub(crate) fn hash(&self) -> [u8; 20] {
-         self.hmac
-             .borrow()
--- a/src/main.rs
-+++ b/src/main.rs
-@@ -252,7 +252,7 @@ pub(crate) fn get_sip003_arg() -> Option
-     let opts: HashMap<_, _> = opts.into_iter().collect();
- 
-     let threads = opts.get("threads").map(|s| s.parse::<u8>().unwrap());
-    let v3 = opts.get("v3").is_some();
-+    let v3 = opts.contains_key("v3");
-     let passwd = opts
-         .get("passwd")
-         .expect("need passwd param(like passwd=123456)");
-@@ -262,15 +262,17 @@ pub(crate) fn get_sip003_arg() -> Option
-         v3,
-         ..Default::default()
-     };
-    let args = if opts.get("server").is_some() {
-+    let args = if opts.contains_key("server") {
-         let tls_addr = opts
-             .get("tls")
-             .expect("tls param must be specified(like tls=xxx.com:443)");
-         let tls_addrs = parse_server_addrs(tls_addr)
-             .expect("tls param parse failed(like tls=xxx.com:443 or tls=yyy.com:1.2.3.4:443;zzz.com:443;xxx.com)");
-        let wildcard_sni =
-            WildcardSNI::from_str(opts.get("wildcard-sni").map(AsRef::as_ref).unwrap_or("off"), true)
-                .expect("wildcard_sni format error");
-+        let wildcard_sni = WildcardSNI::from_str(
-+            opts.get("wildcard-sni").map(AsRef::as_ref).unwrap_or("off"),
-+            true,
-+        )
-+        .expect("wildcard_sni format error");
-         Args {
-             cmd: crate::Commands::Server {
-                 listen: format!("{ss_remote_host}:{ss_remote_port}"),
--- a/src/sip003.rs
-+++ b/src/sip003.rs
-@@ -6,7 +6,7 @@ pub fn parse_sip003_options(s: &str) ->
-     let mut i = 0;
-     while i < s.len() {
-         // read key
-        let (offset, key) = index_unescaped(&s[i..], &[b'=', b';']).context("read key")?;
-+        let (offset, key) = index_unescaped(&s[i..], b"=;").context("read key")?;
-         if key.is_empty() {
-             bail!("empty key in {}", &s[i..]);
-         }
-@@ -21,7 +21,7 @@ pub fn parse_sip003_options(s: &str) ->
-         // skip equals
-         i += 1;
-         // read value
-        let (offset, value) = index_unescaped(&s[i..], &[b'=', b';']).context("read value")?;
-+        let (offset, value) = index_unescaped(&s[i..], b"=;").context("read value")?;
-         i += offset;
-         opts.push((key, value));
-         // Skip the semicolon.
-@@ -36,7 +36,7 @@ fn index_unescaped(s: &str, term: &[u8])
- 
-     while i < s.len() {
-         let mut b: u8 = s.as_bytes()[i];
-        if term.iter().any(|&e| b == e) {
-+        if term.contains(&b) {
-             break;
-         }
-         if b == b'\\' {
--- a/src/util.rs
-+++ b/src/util.rs
-@@ -599,7 +599,7 @@ pub(crate) async fn resolve(addr: &str)
-     addr_iter.next().ok_or_else(|| {
-         std::io::Error::new(
-             std::io::ErrorKind::InvalidInput,
-            format!("unable to resolve addr: {}", addr),
-+            format!("unable to resolve addr: {addr}"),
-         )
-     })
- }
--- a/tests/tls12.rs
-+++ b/tests/tls12.rs
-@@ -4,7 +4,7 @@ use shadow_tls::{RunningArgs, TlsAddrs,
- mod utils;
- use utils::*;
- 
-// handshake: bing.com(tls1.2 only)
-+// handshake: badssl.com(tls1.2 only)
- // data: captive.apple.com:80
- // protocol: v2
- #[test]
-@@ -12,7 +12,7 @@ fn tls12_v2() {
-     let client = RunningArgs::Client {
-         listen_addr: "127.0.0.1:30000".to_string(),
-         target_addr: "127.0.0.1:30001".to_string(),
-        tls_names: TlsNames::try_from("bing.com").unwrap(),
-+        tls_names: TlsNames::try_from("badssl.com").unwrap(),
-         tls_ext: TlsExtConfig::new(None),
-         password: "test".to_string(),
-         nodelay: true,
-@@ -22,7 +22,7 @@ fn tls12_v2() {
-     let server = RunningArgs::Server {
-         listen_addr: "127.0.0.1:30001".to_string(),
-         target_addr: "captive.apple.com:80".to_string(),
-        tls_addr: TlsAddrs::try_from("bing.com").unwrap(),
-+        tls_addr: TlsAddrs::try_from("badssl.com").unwrap(),
-         password: "test".to_string(),
-         nodelay: true,
-         fastopen: true,
-@@ -31,7 +31,7 @@ fn tls12_v2() {
-     test_ok(client, server, CAPTIVE_HTTP_REQUEST, CAPTIVE_HTTP_RESP);
- }
- 
-// handshake: bing.com(tls1.2 only)
-+// handshake: badssl.com(tls1.2 only)
- // data: captive.apple.com:80
- // protocol: v3 lossy
- #[test]
-@@ -39,7 +39,7 @@ fn tls12_v3_lossy() {
-     let client = RunningArgs::Client {
-         listen_addr: "127.0.0.1:30002".to_string(),
-         target_addr: "127.0.0.1:30003".to_string(),
-        tls_names: TlsNames::try_from("bing.com").unwrap(),
-+        tls_names: TlsNames::try_from("badssl.com").unwrap(),
-         tls_ext: TlsExtConfig::new(None),
-         password: "test".to_string(),
-         nodelay: true,
-@@ -49,7 +49,7 @@ fn tls12_v3_lossy() {
-     let server = RunningArgs::Server {
-         listen_addr: "127.0.0.1:30003".to_string(),
-         target_addr: "captive.apple.com:80".to_string(),
-        tls_addr: TlsAddrs::try_from("bing.com").unwrap(),
-+        tls_addr: TlsAddrs::try_from("badssl.com").unwrap(),
-         password: "test".to_string(),
-         nodelay: true,
-         fastopen: true,
-@@ -58,7 +58,7 @@ fn tls12_v3_lossy() {
-     utils::test_ok(client, server, CAPTIVE_HTTP_REQUEST, CAPTIVE_HTTP_RESP);
- }
- 
-// handshake: bing.com(tls1.2 only)
-+// handshake: badssl.com(tls1.2 only)
- // data: captive.apple.com:80
- // protocol: v3 strict
- // v3 strict cannot work with tls1.2, so it must fail
-@@ -68,7 +68,7 @@ fn tls12_v3_strict() {
-     let client = RunningArgs::Client {
-         listen_addr: "127.0.0.1:30004".to_string(),
-         target_addr: "127.0.0.1:30005".to_string(),
-        tls_names: TlsNames::try_from("bing.com").unwrap(),
-+        tls_names: TlsNames::try_from("badssl.com").unwrap(),
-         tls_ext: TlsExtConfig::new(None),
-         password: "test".to_string(),
-         nodelay: true,
-@@ -78,7 +78,7 @@ fn tls12_v3_strict() {
-     let server = RunningArgs::Server {
-         listen_addr: "127.0.0.1:30005".to_string(),
-         target_addr: "captive.apple.com:80".to_string(),
-        tls_addr: TlsAddrs::try_from("bing.com").unwrap(),
-+        tls_addr: TlsAddrs::try_from("badssl.com").unwrap(),
-         password: "test".to_string(),
-         nodelay: true,
-         fastopen: true,
-@@ -87,8 +87,8 @@ fn tls12_v3_strict() {
-     utils::test_ok(client, server, CAPTIVE_HTTP_REQUEST, CAPTIVE_HTTP_RESP);
- }
- 
-// handshake: bing.com(tls1.2 only)
-// data: bing.com:443
-+// handshake: badssl.com(tls1.2 only)
-+// data: badssl.com:443
- // protocol: v2
- // Note: v2 can not defend against hijack attack.
- // Here hijack means directly connect to the handshake server.
-@@ -98,8 +98,8 @@ fn tls12_v3_strict() {
- fn tls12_v2_hijack() {
-     let client = RunningArgs::Client {
-         listen_addr: "127.0.0.1:30006".to_string(),
-        target_addr: "bing.com:443".to_string(),
-        tls_names: TlsNames::try_from("bing.com").unwrap(),
-+        target_addr: "badssl.com:443".to_string(),
-+        tls_names: TlsNames::try_from("badssl.com").unwrap(),
-         tls_ext: TlsExtConfig::new(None),
-         password: "test".to_string(),
-         nodelay: true,
-@@ -109,7 +109,7 @@ fn tls12_v2_hijack() {
-     test_hijack(client);
- }
- 
-// handshake: bing.com(tls1.2 only)
-+// handshake: badssl.com(tls1.2 only)
- // data: captive.apple.com:80
- // protocol: v3 lossy
- // (v3 strict can not work with tls1.2)
-@@ -121,8 +121,8 @@ fn tls12_v2_hijack() {
- fn tls12_v3_lossy_hijack() {
-     let client = RunningArgs::Client {
-         listen_addr: "127.0.0.1:30007".to_string(),
-        target_addr: "bing.com:443".to_string(),
-        tls_names: TlsNames::try_from("bing.com").unwrap(),
-+        target_addr: "badssl.com:443".to_string(),
-+        tls_names: TlsNames::try_from("badssl.com").unwrap(),
-         tls_ext: TlsExtConfig::new(None),
-         password: "test".to_string(),
-         nodelay: true,
--- a/shadow-tls/patches/100-update-monoio.patch
+++ b/shadow-tls/patches/100-update-monoio.patch
@@ -1,117 +0,0 @@
--- a/Cargo.lock
-+++ b/Cargo.lock
-@@ -1,6 +1,6 @@
- # This file is automatically @generated by Cargo.
- # It is not intended for manual editing.
-version = 3
-+version = 4
- 
- [[package]]
- name = "aho-corasick"
-@@ -224,14 +224,13 @@ dependencies = [
- 
- [[package]]
- name = "flume"
-version = "0.10.14"
-+version = "0.11.1"
- source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1657b4441c3403d9f7b3409e47575237dac27b1b5726df654a6ecbf92f0f7577"
-+checksum = "da0e4dd2a88388a1f4ccc7c9ce104604dab68d9f408dc34cd45823d5a9069095"
- dependencies = [
-  "futures-core",
-  "futures-sink",
-  "nanorand",
- "pin-project",
-  "spin 0.9.8",
- ]
- 
-@@ -393,9 +392,9 @@ dependencies = [
- 
- [[package]]
- name = "memchr"
-version = "2.6.4"
-+version = "2.7.5"
- source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167"
-+checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0"
- 
- [[package]]
- name = "memoffset"
-@@ -420,9 +419,9 @@ dependencies = [
- 
- [[package]]
- name = "monoio"
-version = "0.2.0"
-+version = "0.2.2"
- source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c91a9bcc2622991bc92f3b6d7dc495329c4863e4dc530d1748529b009bb2170a"
-+checksum = "fd5be7ef0eea41e4e5b30fe55aa6fd15288c415118bcdceadd52fd3656816cc7"
- dependencies = [
-  "auto-const-array",
-  "bytes",
-@@ -430,9 +429,11 @@ dependencies = [
-  "fxhash",
-  "io-uring",
-  "libc",
-+ "memchr",
-  "mio",
-  "monoio-macros",
-  "nix 0.26.4",
-+ "once_cell",
-  "pin-project-lite",
-  "socket2",
-  "threadpool",
-@@ -538,26 +539,6 @@ source = "registry+https://github.com/ru
- checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
- 
- [[package]]
-name = "pin-project"
-version = "1.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fda4ed1c6c173e3fc7a83629421152e01d7b1f9b7f65fb301e490e8cfc656422"
-dependencies = [
- "pin-project-internal",
-]
-
-[[package]]
-name = "pin-project-internal"
-version = "1.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
- name = "pin-project-lite"
- version = "0.2.13"
- source = "registry+https://github.com/rust-lang/crates.io-index"
--- a/Cargo.toml
-+++ b/Cargo.toml
-@@ -10,7 +10,7 @@ repository = "https://github.com/ihciah/
- version = "0.2.25"
- 
- [dependencies]
-monoio = { version = "0.2.0", features = ["sync"] }
-+monoio = { version = "=0.2.2", features = ["sync"] }
- monoio-rustls-fork-shadow-tls = { version = "0.3.0-mod.2" }
- rustls-fork-shadow-tls = { version = "0.20.9-mod.2", default-features = false }
- 
--- a/src/lib.rs
-+++ b/src/lib.rs
-@@ -1,5 +1,3 @@
-#![feature(impl_trait_in_assoc_type)]
-
- mod client;
- mod helper_v2;
- mod server;
--- a/src/main.rs
-+++ b/src/main.rs
-@@ -1,5 +1,3 @@
-#![feature(type_alias_impl_trait)]
-
- use std::{collections::HashMap, path::PathBuf, process::exit};
- 
- use clap::{Parser, Subcommand, ValueEnum};
--- a/shadowsocks-libev/Makefile
+++ b/shadowsocks-libev/Makefile
@@ -20,7 +20,8 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
 PKG_SOURCE_DATE:=2025-1-20
 PKG_SOURCE_VERSION:=9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6
-PKG_MIRROR_HASH:=b56d015394a3217750ec232570e012461a30af17de20d5598c3b026c8fcaa5b5
+PKG_MIRROR_HASH:=575b21803b28db8ab59ecbdb2cf21c4282881507b3a4267cc24f55bad12819cb
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz

 PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>

--- a/shadowsocks-rust/Makefile
+++ b/shadowsocks-rust/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.24.0
+PKG_VERSION:=1.23.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/shadowsocks/shadowsocks-rust/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=a89865d1c5203de1b732017dd032e85f943d1592e8d3152eb7d2c4f3fca387bf
+PKG_HASH:=13307594159cfe23f91e69c8b08ba7a41a17a2f36a4bfb3821476026f7518cac

 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MIT
--- a/shadowsocksr-libev/Makefile
+++ b/shadowsocksr-libev/Makefile
@@ -14,7 +14,8 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev
 PKG_SOURCE_DATE:=2018-03-07
 PKG_SOURCE_VERSION:=d63ff863800a5645aca4309d5dd5962bd1e95543
-PKG_MIRROR_HASH:=146fa4511a52da2aaa1e11ea0294cfb450e62643156c5da3b10e037ef43961f6
+PKG_MIRROR_HASH:=34308ed827a5dd4f4e35619914102d55b00604faa44fda051d1d25fb4a319325
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz

 PKG_LICENSE:=GPL-3.0
 PKG_LICENSE_FILES:=LICENSE
--- a/simple-obfs/Makefile
+++ b/simple-obfs/Makefile
@@ -1,9 +1,6 @@
 #
 # Copyright (C) 2017-2019 Jian Chang <aa65535@live.com>
 #
-# Copyright (C) 2021 ImmortalWrt
-# <https://immortalwrt.org>
-#
 # This is free software, licensed under the GNU General Public License v3.
 # See /LICENSE for more information.
 #
@@ -12,49 +9,55 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=simple-obfs
 PKG_VERSION:=0.0.5
-PKG_RELEASE:=3
+PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/shadowsocks/simple-obfs.git
-PKG_SOURCE_DATE:=2019-08-17
+PKG_MIRROR_HASH:=ea8f2b9825bbb87d5d860524e29bade265141687338db2dbf7ecd32690cf02fc
 PKG_SOURCE_VERSION:=486bebd9208539058e57e23a12f23103016e09b4
-PKG_MIRROR_HASH:=bc97eba511b86a089ab4bcf0ac78d9e4a39c59046d5cde77b79a118245daa0ba
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz

 PKG_LICENSE:=GPL-3.0-or-later
-PKG_LICENSE_FILES:=LICENSE
+PKG_LICENSE_FILES:=COPYING LICENSE
 PKG_MAINTAINER:=Jian Chang <aa65535@live.com>

-PKG_BUILD_DEPENDS:=libev
-PKG_FIXUP:=autoreconf
-PKG_BUILD_PARALLEL:=1
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION)
+
 PKG_INSTALL:=1
+PKG_FIXUP:=autoreconf
+PKG_USE_MIPS16:=0
+PKG_BUILD_FLAGS:=no-mips16
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_DEPENDS:=libev
+
+PKG_CONFIG_DEPENDS:= CONFIG_SIMPLE_OBFS_STATIC_LINK

 include $(INCLUDE_DIR)/package.mk

-define Package/simple-obfs/template
+define Package/simple-obfs
 	SECTION:=net
 	CATEGORY:=Network
 	TITLE:=Simple-obfs
 	URL:=https://github.com/shadowsocks/simple-obfs
-	DEPENDS:=+libpthread +libev
+	DEPENDS:=+libpthread +!SIMPLE_OBFS_STATIC_LINK:libev
 endef

-define Package/simple-obfs-client
-	$(call Package/simple-obfs/template)
-	TITLE+= (client)
-	PROVIDES:=simple-obfs
-endef
+Package/simple-obfs-server = $(Package/simple-obfs)

-define Package/simple-obfs-server
-	$(call Package/simple-obfs/template)
-	TITLE+= (server)
+define Package/simple-obfs-server/config
+menu "Simple-obfs Compile Configuration"
+	depends on PACKAGE_simple-obfs || PACKAGE_simple-obfs-server
+	config SIMPLE_OBFS_STATIC_LINK
+		bool "enable static link libraries."
+		default n
+endmenu
 endef

 define Package/simple-obfs/description
-	Simple-obfs is a simple obfusacting tool, designed as plugin server of shadowsocks.
+Simple-obfs is a simple obfusacting tool, designed as plugin server of shadowsocks.
 endef

-Package/simple-obfs-client/description = $(Package/simple-obfs/description)
 Package/simple-obfs-server/description = $(Package/simple-obfs/description)

 CONFIGURE_ARGS += \
@@ -62,15 +65,21 @@ CONFIGURE_ARGS += \
 	--disable-documentation \
 	--disable-assert

-define Package/simple-obfs-client/install
+ifeq ($(CONFIG_SIMPLE_OBFS_STATIC_LINK),y)
+	CONFIGURE_ARGS += \
+		--with-ev="$(STAGING_DIR)/usr" \
+		LDFLAGS="-Wl,-static -static -static-libgcc"
+endif
+
+define Package/simple-obfs/install
 	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/obfs-local $(1)/usr/bin/obfs-local
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/obfs-local $(1)/usr/bin
 endef

 define Package/simple-obfs-server/install
 	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/obfs-server $(1)/usr/bin/obfs-server
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/obfs-server $(1)/usr/bin
 endef

-$(eval $(call BuildPackage,simple-obfs-client))
+$(eval $(call BuildPackage,simple-obfs))
 $(eval $(call BuildPackage,simple-obfs-server))
--- a/simple-obfs/patches/001-convert-arguments-of-isdigit-to-int.patch
+++ b/simple-obfs/patches/001-convert-arguments-of-isdigit-to-int.patch
@@ -1,22 +0,0 @@
-From bc8014cd6637798ee96b9394c716eff46115c002 Mon Sep 17 00:00:00 2001
-From: DDoSolitary <DDoSolitary@gmail.com>
-Date: Thu, 12 Mar 2020 12:15:37 +0800
-Subject: [PATCH] Convert arguments of isdigit to int.
-
---
- src/utils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/utils.c b/src/utils.c
-index 67cc250..514a001 100644
--- a/src/utils.c
-+++ b/src/utils.c
-@@ -92,7 +92,7 @@ int
- ss_isnumeric(const char *s) {
-     if (!s || !*s)
-         return 0;
-    while (isdigit(*s))
-+    while (isdigit((int)*s))
-         ++s;
-     return *s == '\0';
- }
--- a/sing-box/Makefile
+++ b/sing-box/Makefile
@@ -1,132 +1,141 @@
-# SPDX-License-Identifier: GPL-3.0-only
 #
-# Copyright (C) 2022-2023 ImmortalWrt.org
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#

 include $(TOPDIR)/rules.mk

 PKG_NAME:=sing-box
-PKG_VERSION:=1.12.14
+PKG_VERSION:=1.11.8
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=f19761d09f88e2d33aadfdb3c4ff471654f34b28561826e4786b9859654ca887
+PKG_HASH:=de797c9e848c9c3a6f99cd779b442a4e856a7f267e514cfc8169f95baf48dadd

 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
-
-PKG_CONFIG_DEPENDS:= \
-	CONFIG_SING_BOX_BUILD_ACME \
-	CONFIG_SING_BOX_BUILD_CLASH_API \
-	CONFIG_SING_BOX_BUILD_DHCP \
-	CONFIG_SING_BOX_BUILD_EMBEDDED_TOR \
-	CONFIG_SING_BOX_BUILD_GRPC \
-	CONFIG_SING_BOX_BUILD_GVISOR \
-	CONFIG_SING_BOX_BUILD_QUIC \
-	CONFIG_SING_BOX_BUILD_TAILSCALE \
-	CONFIG_SING_BOX_BUILD_UTLS \
-	CONFIG_SING_BOX_BUILD_V2RAY_API \
-	CONFIG_SING_BOX_BUILD_WIREGUARD

 PKG_BUILD_DEPENDS:=golang/host
 PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
 PKG_BUILD_FLAGS:=no-mips16

 GO_PKG:=github.com/sagernet/sing-box
 GO_PKG_BUILD_PKG:=$(GO_PKG)/cmd/sing-box
-GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=$(PKG_VERSION)
+GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=v$(PKG_VERSION)

 include $(INCLUDE_DIR)/package.mk
 include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk

-define Package/sing-box
+define Package/$(PKG_NAME)
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=Web Servers/Proxies
-  TITLE:=The universal proxy platform
-  URL:=https://sing-box.sagernet.org/
+  TITLE:=The universal proxy platform.
+  URL:=https://sing-box.sagernet.org
  DEPENDS:=$(GO_ARCH_DEPENDS) \
    +ca-bundle \
    +kmod-inet-diag \
    +kmod-netlink-diag \
-    +SING_BOX_BUILD_GVISOR:kmod-tun
-  USERID:=sing-box=5566:sing-box=5566
+    +kmod-tun
 endef

-define Package/sing-box/description
-  Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks,
-  ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
+define Package/$(PKG_NAME)/description
+  Sing-box is a universal proxy platform which supports hysteria, SOCKS,
+  Shadowsocks, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
 endef

-define Package/sing-box/config
-  if PACKAGE_sing-box
-    config SING_BOX_BUILD_ACME
-    bool "Build with ACME TLS certificate issuer support"
-    default y
+GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=1

-    config SING_BOX_BUILD_CLASH_API
-    bool "Build with Clash API support"
-    default y
+define Package/$(PKG_NAME)/config
+  menu "Customizing build tags"
+    depends on PACKAGE_sing-box

-    config SING_BOX_BUILD_DHCP
-    bool "Build with DHCP support"
+    config SING_BOX_WITH_ACME
+      bool "Build with ACME TLS certificate issuer support"
+      default n

-    config SING_BOX_BUILD_EMBEDDED_TOR
-    bool "Build with embedded Tor support"
-    depends on BROKEN
+    config SING_BOX_WITH_CLASH_API
+      bool "Build with Clash API support (EXPERIMENTAL!!!)"
+      default y

-    config SING_BOX_BUILD_GRPC
-    bool "Build with standard gPRC support"
-    help
-      Standard gRPC has good compatibility but poor performance.
+    config SING_BOX_WITH_DHCP
+      bool "Build with DHCP support"
+      default y

-    config SING_BOX_BUILD_GVISOR
-    bool "Build with gVisor support"
-    default y
+    config SING_BOX_WITH_ECH
+      bool "Build with TLS ECH extension support"
+      default y

-    config SING_BOX_BUILD_QUIC
-    bool "Build with QUIC support"
-    default y
-    help
-      Required by HTTP3 DNS transports, Naive inbound,
-      Hysteria inbound / outbound, and v2ray QUIC transport.
+    config SING_BOX_WITH_GRPC
+      bool "Build with standard gRPC support"
+      default n
+      help
+      sing-box has better performance gun-lite gRPC built-in by default.
+      This standard gRPC has better compatibility but poor performance.

-    config SING_BOX_BUILD_TAILSCALE
-    bool "Build with Tailscale support"
-    default y
+    config SING_BOX_WITH_GVISOR
+      bool "Build with gVisor support"
+      default y

-    config SING_BOX_BUILD_UTLS
-    bool "Build with uTLS support"
-    default y
+    config SING_BOX_WITH_QUIC
+      bool "Build with QUIC support"
+      default y
+      help
+        Required by HTTP3 DNS transports, Naive inbound,
+        Hysteria inbound / outbound, and v2ray QUIC transport.

-    config SING_BOX_BUILD_V2RAY_API
-    bool "Build with V2Ray API support"
+    config SING_BOX_WITH_REALITY_SERVER
+      bool "Build with reality TLS server support"
+      default n

-    config SING_BOX_BUILD_WIREGUARD
-    bool "Build with WireGuard support"
-    default y
-  endif
+    config SING_BOX_WITH_UTLS
+      bool "Build with uTLS support"
+      default y
+
+    config SING_BOX_WITH_V2RAY_API
+      bool "Build with V2Ray API support (EXPERIMENTAL!!!)"
+      default n
+
+    config SING_BOX_WITH_WIREGUARD
+      bool "Build with WireGuard support"
+      default y
+
+  endmenu
 endef

+PKG_CONFIG_DEPENDS:= \
+	CONFIG_SING_BOX_WITH_ACME \
+	CONFIG_SING_BOX_WITH_CLASH_API \
+	CONFIG_SING_BOX_WITH_DHCP \
+	CONFIG_SING_BOX_WITH_ECH \
+	CONFIG_SING_BOX_WITH_GRPC \
+	CONFIG_SING_BOX_WITH_GVISOR \
+	CONFIG_SING_BOX_WITH_QUIC \
+	CONFIG_SING_BOX_WITH_REALITY_SERVER \
+	CONFIG_SING_BOX_WITH_UTLS \
+	CONFIG_SING_BOX_WITH_V2RAY_API \
+	CONFIG_SING_BOX_WITH_WIREGUARD
+
 GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \
-	$(if $(CONFIG_SING_BOX_BUILD_ACME),with_acme) \
-	$(if $(CONFIG_SING_BOX_BUILD_CLASH_API),with_clash_api) \
-	$(if $(CONFIG_SING_BOX_BUILD_DHCP),with_dhcp) \
-	$(if $(CONFIG_SING_BOX_BUILD_EMBEDDED_TOR),with_embedded_tor) \
-	$(if $(CONFIG_SING_BOX_BUILD_GRPC),with_grpc) \
-	$(if $(CONFIG_SING_BOX_BUILD_GVISOR),with_gvisor) \
-	$(if $(CONFIG_SING_BOX_BUILD_QUIC),with_quic) \
-	$(if $(CONFIG_SING_BOX_BUILD_TAILSCALE),with_tailscale) \
-	$(if $(CONFIG_SING_BOX_BUILD_UTLS),with_utls) \
-	$(if $(CONFIG_SING_BOX_BUILD_V2RAY_API),with_v2ray_api) \
-	$(if $(CONFIG_SING_BOX_BUILD_WIREGUARD),with_wireguard) \
+	$(if $(CONFIG_SING_BOX_WITH_ACME),with_acme) \
+	$(if $(CONFIG_SING_BOX_WITH_CLASH_API),with_clash_api) \
+	$(if $(CONFIG_SING_BOX_WITH_DHCP),with_dhcp) \
+	$(if $(CONFIG_SING_BOX_WITH_ECH),with_ech) \
+	$(if $(CONFIG_SING_BOX_WITH_GRPC),with_grpc) \
+	$(if $(CONFIG_SING_BOX_WITH_GVISOR),with_gvisor) \
+	$(if $(CONFIG_SING_BOX_WITH_QUIC),with_quic) \
+	$(if $(CONFIG_SING_BOX_WITH_REALITY_SERVER),with_reality_server) \
+	$(if $(CONFIG_SING_BOX_WITH_UTLS),with_utls) \
+	$(if $(CONFIG_SING_BOX_WITH_V2RAY_API),with_v2ray_api) \
+	$(if $(CONFIG_SING_BOX_WITH_WIREGUARD),with_wireguard) \
 ))

-define Package/sing-box/conffiles
+define Package/$(PKG_NAME)/conffiles
 endef

-define Package/sing-box/install
+define Package/$(PKG_NAME)/install
 	$(call GoPackage/Package/Install/Bin,$(1))
 endef

--- a/tcping/Makefile
+++ b/tcping/Makefile
@@ -1,36 +1,46 @@
-# SPDX-License-Identifier: GPL-3.0-only
 #
-# Copyright (C) 2021 ImmortalWrt.org
+# Copyright (C) 2014 OpenWrt-dist
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#

 include $(TOPDIR)/rules.mk

+
 PKG_NAME:=tcping
 PKG_VERSION:=0.3
 PKG_RELEASE:=1

-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/Lienol/tcping.git
-PKG_SOURCE_DATE:=2020-07-04
-PKG_SOURCE_VERSION:=db9101834732dac9aaa59dbb7fb9c74612dbf723
-PKG_MIRROR_HASH:=36776bf64c41d0c2c2aeb79525499532831133f7b5e174fc51e9e2d7202d5776
-
 PKG_LICENSE:=GPL-2.0-only
 PKG_LICENSE_FILES:=license.txt

-PKG_BUILD_PARALLEL:=1
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/Lienol/tcping
+PKG_MIRROR_HASH:=79414cd8e1d124422a36b8fe36a1f296b7d9bde99807b2c90ad81bbd65e200e0
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=db9101834732dac9aaa59dbb7fb9c74612dbf723
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)

 include $(INCLUDE_DIR)/package.mk

 define Package/tcping
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=tcping measures the latency of a tcp-connection
-  URL:=https://github.com/jlyo/tcping
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=tcping measures the latency of a tcp-connection
+	URL:=https://github.com/jlyo/tcping
+endef
+
+define Package/tcping/description
+endef
+
+define Package/tcping/conffiles
 endef

 define Package/tcping/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tcping $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tcping $(1)/usr/sbin
 endef

 $(eval $(call BuildPackage,tcping))
--- a/trojan-plus/Makefile
+++ b/trojan-plus/Makefile
@@ -14,7 +14,8 @@ PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/peter-tank/trojan-plus.git
 PKG_SOURCE_DATE:=2020-09-06
 PKG_SOURCE_VERSION:=a6394cdd718669b0c7491493a78e61f6f0f899b3
-PKG_MIRROR_HASH:=0bc832390044668dc163e9fec3c6cf7ac3037dc30a706e94292d974446c43d97
+PKG_MIRROR_HASH:=2d37d09fe6d39d7981116ad387706f58f2b30b74a34e27fc5608f267dacc9208
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz

 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=openssl
@@ -25,7 +26,6 @@ PKG_MAINTAINER:=Trojan-Plus-Group

 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
-include ./boost-version.mk

 TARGET_CXXFLAGS += -Wall -Wextra
 TARGET_CXXFLAGS += $(FPIC)
@@ -59,8 +59,7 @@ define Package/trojan-plus
 	URL:=https://github.com/Trojan-Plus-Group/trojan-plus
 	DEPENDS:= \
 		+libpthread +libstdcpp +libopenssl \
-		+boost +boost-program_options \
-		$(if $(filter y,$(NEED_BOOST_SYSTEM)),,+boost-system)
+		+boost +boost-system +boost-program_options
 endef

 define Package/trojan-plus/install
--- a/trojan-plus/boost-version.mk
+++ b/trojan-plus/boost-version.mk
@@ -1,12 +0,0 @@
-# boost-version.mk
-BOOST_MAKEFILE := $(firstword $(shell find -L $(TOPDIR) -type f -path "*/boost/Makefile"))
-
-BOOST_PKG_VERSION := $(shell grep '^PKG_VERSION:=' $(BOOST_MAKEFILE) | head -n1 | cut -d= -f2)
-
-BOOST_VER_MAJOR := $(word 1,$(subst ., ,$(BOOST_PKG_VERSION)))
-BOOST_VER_MINOR := $(word 2,$(subst ., ,$(BOOST_PKG_VERSION)))
-BOOST_VER_PATCH := $(word 3,$(subst ., ,$(BOOST_PKG_VERSION)))
-
-BOOST_VERSION_CODE := $(shell echo $$(($(BOOST_VER_MAJOR)*100000 + $(BOOST_VER_MINOR)*100 + $(BOOST_VER_PATCH))))
-
-NEED_BOOST_SYSTEM := $(if $(shell [ $(BOOST_VERSION_CODE) -ge 108900 ] && echo y),y,n)
--- a/trojan-plus/patches/002-Fix-boost1.89-build.patch
+++ b/trojan-plus/patches/002-Fix-boost1.89-build.patch
@@ -1,52 +0,0 @@
--- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -184,26 +184,45 @@ endif()
- set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
- 
- if (ANDROID)
-    set(ANDROID_MY_LIBS ${PROJECT_SOURCE_DIR}/trojan-plus-android-libs) 
-+    set(ANDROID_MY_LIBS ${PROJECT_SOURCE_DIR}/trojan-plus-android-libs)
-+
-+    find_path(BOOST_INCLUDE_DIR
-+        NAMES boost/version.hpp
-+        HINTS ${ANDROID_MY_LIBS}/include
-+    )
-+
-     set(ANDROID_MY_LIBS_LIBRARIES 
-         ${ANDROID_MY_LIBS}/lib/${ANDROID_ABI}/libssl.a 
-         ${ANDROID_MY_LIBS}/lib/${ANDROID_ABI}/libcrypto.a
-        ${ANDROID_MY_LIBS}/lib/${ANDROID_ABI}/libboost_system.a
-         ${ANDROID_MY_LIBS}/lib/${ANDROID_ABI}/libboost_program_options.a)
- 
-+    if(BOOST_INCLUDE_DIR)
-+        file(STRINGS "${BOOST_INCLUDE_DIR}/boost/version.hpp" BOOST_VERSION_LINE REGEX "^#define BOOST_VERSION ")
-+        string(REGEX REPLACE "^#define BOOST_VERSION ([0-9]+)" "\\1" BOOST_VERSION ${BOOST_VERSION_LINE})
-+
-+        if(${BOOST_VERSION} VERSION_LESS 108900)
-+            list(APPEND ANDROID_MY_LIBS_LIBRARIES ${ANDROID_MY_LIBS}/lib/${ANDROID_ABI}/libboost_system.a)
-+        endif()
-+    endif()
-+
-     set(OPENSSL_VERSION 1.1.1)
- 
-     include_directories(${ANDROID_MY_LIBS}/include)
-     target_link_libraries(trojan ${ANDROID_MY_LIBS_LIBRARIES})
- else()
-    find_package(Boost 1.66.0 REQUIRED COMPONENTS system program_options)
-+    find_package(Boost 1.66.0 REQUIRED)
-+    if (Boost_MAJOR_VERSION LESS_EQUAL 1 AND Boost_MINOR_VERSION LESS 89)
-+        find_package(Boost 1.66.0 REQUIRED COMPONENTS system program_options)
-+    else()
-+        find_package(Boost 1.66.0 REQUIRED COMPONENTS program_options)
-+    endif()
-     include_directories(${Boost_INCLUDE_DIR})
-     target_link_libraries(trojan ${Boost_LIBRARIES})
-     if(MSVC)
-         add_definitions(-DBOOST_DATE_TIME_NO_LIB)
-     endif()
- 
-    find_package(OpenSSL 1.1.0 REQUIRED)
-+    find_package(OpenSSL 1.1.1 REQUIRED)
-     include_directories(${OPENSSL_INCLUDE_DIR})
-     target_link_libraries(trojan ${OPENSSL_LIBRARIES})
- endif()
--- a/v2ray-geodata/Makefile
+++ b/v2ray-geodata/Makefile
@@ -5,29 +5,29 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=v2ray-geodata
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)

 PKG_LICENSE_FILES:=LICENSE
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>

 include $(INCLUDE_DIR)/package.mk

-GEOIP_VER:=202512180020
+GEOIP_VER:=202504050136
 GEOIP_FILE:=geoip.dat.$(GEOIP_VER)
 define Download/geoip
-  URL:=https://github.com/Loyalsoldier/geoip/releases/download/$(GEOIP_VER)/
+  URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/
  URL_FILE:=geoip.dat
  FILE:=$(GEOIP_FILE)
-  HASH:=63c20c159aeec8a13d61be9b89d0d1c82fecf4675f1c177db67e97477c89199d
+  HASH:=735786c00694313090c5d525516463836167422b132ce293873443613b496e92
 endef

-GEOSITE_VER:=202512202213
-GEOSITE_FILE:=geosite.dat.$(GEOSITE_VER)
+GEOSITE_VER:=20250405160157
+GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
 define Download/geosite
-  URL:=https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$(GEOSITE_VER)/
-  URL_FILE:=geosite.dat
+  URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
+  URL_FILE:=dlc.dat
  FILE:=$(GEOSITE_FILE)
-  HASH:=3f43687438bde815719ce0bcd9ed21c7fa807b69caa98ee1c7d6ed8954a8ff1a
+  HASH:=bf18a50193c260b5913af089394e49ca92967a1bb416d1e8e651667985e018bc
 endef

 define Package/v2ray-geodata/template
--- a/v2ray-plugin/Makefile
+++ b/v2ray-plugin/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=v2ray-plugin
-PKG_VERSION:=5.41.0
+PKG_VERSION:=5.25.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/teddysun/v2ray-plugin/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=75d83f24e60fb7e71e7774732f6ebcfbc00a1b3ae27f4702f75afb14055ce606
+PKG_HASH:=64d2cc376c16ade97b8e2cce69e0c98d74f530dcf8a30cf7d22255969ca5c10d

 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
--- a/xray-core/Makefile
+++ b/xray-core/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=Xray-core
-PKG_VERSION:=25.12.8
+PKG_VERSION:=25.3.31
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=d4519b2d9bb1871f4d7612aa7a8db1c451573b5a44ac824219bb44d63f404e61
+PKG_HASH:=681a4546b7c318e92243dfcea2fc3229714cb4e7a570dfcf73e935eb13c6078e

 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MPL-2.0