[v2023.1.x] Update modules

8329130a7c2c tunneldigger: remove redundant package

0b19771fb2dd opennds: update to version 10.1.3
fa833a0d9764 CI: Sort build architectures in alphabetical order
191f6c042368 CI: add concurrency rules to skip redundant build
675248d9b7b3 CI: Do package run-tests only if target packages were built
4f115606ab18 CI: Run "apt-get update" before installing signify-openbsd
86f308dcc751 CI: Enable runtime_test for mips_24kc
ca620495d344 cache-domains: added pre-test.sh CI step
9f7ba4a4b502 CI: Add local feed for CI-built packages
ac03feb20f00 CI: Add --autoremove, ignore removal errors
9fb0ed26c4a3 CI: update build architectures
dce4a4ca524b ci: only comment AUTORELEASE deprecation if exists
42584b0cecae CI: deprecate $(AUTORELEASE) via comments
120bf3328431 ci: change default packages
8e68501e2e8f github-ci: error on any shell errors
b1ca335bf548 ci: update github actions to v3
fe557608333c ci: Use openwrt/gh-action-sdk@v5

a2fd53756b1c openvswitch: disable groff manpage check
a022b2132818 tunneldigger: set PKG_SOURCE_DATE
038bbe283e8b tunneldigger: add group option to UCI config
407f701652d7 netbird: update to 0.21.7
c36d37a3f48e netbird: update to 0.21.1
66fb7507ebad netbird: update to 0.14.5
337e8e623239 netbird: update to 0.14.4
a63c543adcf1 netbird: update to 0.14.3
bf9212c53e5c netbird: update to 0.14.2
0fcaf007685e netbird: new package
468916ac880c crowdsec: new upstream release version 1.5.4
ef3564dbe50c apfree-wifidog: Update to v6.08.1950
f19375014ee4 xfrpc: update to version 2.9.644
173990d6c0c0 git: update to version 2.34.8
0f8c27500519 samba4: update to 4.18.6
f583a17e1c59 czmq: drop libpcre dependency
312b26f641e7 mg: switch pcre to pcre2
1c6b81f3c13b msmtp: update to version 1.8.24
cafcd75d7ca1 postfix: Fix compile against glibc 2.36
2b8e549f8e76 glib2: disable gnulib printf
0d13ad10fd12 glib2: fix host build offline download
698f630627a4 fastd: update repository URL
3363e36066de libuecc: update repository URL
c289d3078c3b bind: update to version 9.18.18
07639142d84e rclone: Update to 1.64.0
724600576b23 samba4: update to 4.14.14 * update to 4.14.14 * fixes: CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-32742
944a3cf18fbd samba4: drop maintainership
368188b05f87 samba4: fix build on macos
0dab01d3988c emailrelay: update to v2.4.1
f5f990d7d78f alpine: disable parallel build
c9c122966a2b alpine: fix old URL
bcb03c07db8f ipfs-http-client: remove package
e02f8f507668 sudo: bump to verison 1.9.14p3
831382f190d1 sudo: bump to verison 1.9.14p1
be01aaea26c8 sudo: bump to verison 1.9.13p3
88016d54af58 sudo: bump to version 1.9.12p2
1d9c7f6ee9d8 sudo: bump to verison 1.9.12p1
40ad85df6064 sudo: bump to version 1.9.12
201a2d824741 sudo: don't build with MIPS16
b29c0e17e35f sudo: bump to verison 1.9.11p3
2d2dcf9b1b67 knot: update to version 3.3.1
e56dcfef59b4 libreswan: update to 4.12 fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
bbd131270567 libreswan: update to 4.11
b949001ea841 ffmpeg: update to version 5.1.3
52e318a15cb4 https-dns-proxy: improve boot up startup
8d617af751b0 unbound: update to version 1.17.1
f4c5b4389eef ffmpeg: update to 5.1.2
4e4e494a6ce0 ffmpeg: update to 5.1.1
d02538e0e958 python-sentry-sdk: Update to 1.29.2, update list of dependencies
f7560f489607 treewide: change my no longer used email
adad342905d4 curl: update to version 8.3.0
7564720af81c nextdns: Update to version 1.40.1
cda94a166025 openssh: update to 9.3p2
3013608d0177 openssh: sftp no longer needs crypto or zlib.
63593c9bf0ac openssh: Use CDN first for source downloads.
8669835b6269 openssh: preserve authorized_keys
b3704dc4ffa4 openssh: update to 9.3p1
5f181e80c22a openssh: actually build openssh-server-pam with pam support
004c7f3a444b openssh: update to 9.2p1
6fc31027dea5 openssh: update to 9.1p1
fb446ac437b9 openssh: update to 9.0p1 Remove upstreamed patches.
e51d6bbb1eba glib2: update to 2.74.0
37a240dcdd74 glib2: remove libiconv/host build dependency
6b5e69d11cab syslog-ng: update to version 4.3.1
ef6064771ba8 golang: Update to 1.19.13
99f9e68f7b4e python3: Update to 3.10.13
9f1f0665ca31 transmission: add syscalls to seccomp filter
f88ff7f8618d zerotier: update to 1.12.1
419374b40691 zerotier: do not allow executable stack
41048a79f9a6 zerotier: update to 1.10.4
1657fdb86992 vnstat2: update to version 2.11
fc76c3e9febf vnstat2: update to version 2.10
8819ac9f483d https-dns-proxy: fix dns resolution not working on boot
4e2cd2ced5ff wget: use pcre2
5800425cb080 knot-resolver: update to version 5.7.0
a8575f708487 knot: enable QUIC support
3159348b04cf knot: update to version 3.3.0
47e25fd7ac61 knot: update to version 3.2.9
94e1621abc7f knot: update to version 3.2.8
44650267386b knot: update to version 3.2.7
dca51049673e knot: update to version 3.2.6
981dbdf9c469 tmate: fix build against msgpack-c 6.0
6f180964af22 msgpack-c: Update to 6.0.0
6c43ff614cd8 tmate-ssh-server: fix build against msgpack-c 6.0
c30b1065767e tang: do not require bash and curl (backport from 23.05)
5918cb11432e tang: corrected hash for v14
e1a2aa82c93a natmap: update to 20230820
cb1b1ad98709 tang: updated to v14
68cae7981d75 tang: create user tang
ed5a5979ba58 tang: use sbin instead of libexec
a6265258f8fe tang: remove post-installation key generation
16391a06eb31 tang: updated to version 12

057bf8fc5f39 kernel: bump 5.10 to 5.10.197
35985454a603 kernel: bump 5.10 to 5.10.196
92a0dd2447bd ath79: fix packetloss on some WLR-7100
3fe2875378d3 x86: geode: fix hwrng register accesses
8da4e8fb5687 mt76: update to the latest version from the 22.03 branch
188c49b32112 kernel: bump 5.10 to 5.10.194
49639b2d6176 kernel: bump 5.10 to 5.10.192
aeb1221784c7 urngd: update to the latest master
687004139b1e uboot-bcm4908: update to the latest generic

[v2023.1.x]: patches: make D-Link DIR-860L B1 upgradable from swconfig to DSA

Rewrite the gluon-wan-dnsmasq initfile to use procd. This allows for
configuring restart handling by procd in case of a crash.

While at it, disable the caching feature optionally used for the regular
dnsmasq on the wan dnsmasq. This daemon is only for redirecting DNS
requests to use local network resolvers, not introducing caching.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 64a9478ab8f625ca73e94eb6450712b1cdef007f)

Co-authored-by: David Bauer <mail@david-bauer.net>

Support for upgrading the device from an swconfig based image to an
DSA based one was accidentally removed in 07e83438.

[Backport v2023.1.x] gluon-mesh-vpn-tunneldigger: tunneldigger-watchdog: remove broken restart check

[Backport v2023.1.x] docs: releases/v2023.1: add warning and known issue for v2021.1.x x86 upgrade

The tunneldigger init script has been migrated to procd, so there is no
PID file anymore. Remove the obsolete check altogether - it shouldn't
be needed anymore, as procd will take care of crashes of tunneldigger by
itself. This fixes the watchdog resetting tunneldigger every time it runs.

Closes #2977

(cherry picked from commit 7a43dabc)

(cherry picked from commit 60457be7)

Add a custom CSS class to support strike-through text without depending on
a specific theme.

(cherry picked from commit 7193ed0b)

Revert "x86: switch to EFI-compatible images"

This reverts commit 41b8ecd6.

Unbreak upgrades from OpenWrt 19.07 (Gluon 2021.1.x) by undoing the
partition table change.

It should be noted that the EFI images generated by OpenWrt are slightly
smaller than the non-EFI images for some reason (due to a smaller gap
between the boot and root partitions), so upgrading a VM created using a
Gluon 2023.1 (EFI) image to a newer non-EFI image will truncate the root
partition.

Linux will warn about the truncation on boot ("sda: p2 size 212992 extends
beyond EOD, truncated"), but it doesn't cause any other issues, as the
root partitions of x86 squashfs images are mostly empty, and the overlay
is created in the actual available space after the upgrade. The cosmetic
issue will go away as soon as we switch to EFI again (likely with Gluon
2023.2).

Closes #2967

[v2023.1.x]: modules: update to latest HEAD

7b3fd63 batman-adv: Fix lock assert after fragmentation change
12577be batman-adv: Merge bugfixes from 2023.2
3e10d07 mesh11sd: update to version 2.0.0
78ca8d3 nodogsplash: remove opennds from conflicts
1381661 nodogsplash: update to 5.0.1
5b34377 opennds: Release v10.1.2
6fbf3b0 opennds: Release v10.1.1

7b6f573fe strongswan: fix compilation against updated WolfSSL 5.6.3
201a7c81d net/mosquitto: bump to 2.0.17
fc4d143cf tunneldigger-broker: update to v0.4.0
be07e79e6 tunneldigger-broker: add rate-limit hook
930223cf4 tunneldigger-broker: add option to isolate bridge ports
855f7f0e0 tunneldigger-broker: update lib functions
e4224e3f7 tunneldigger-broker: update config file and init for v0.4.0
65f4d3a0b simple-adblock: bugfixes for uci_load_validate
addaa5e0b php8: update to 8.1.22
9ddc94bbe node: August 2023 Security Releases
af7b0f9ef simple-adblock: force_dns_port validation bugfix
af603bd12 v2fly-geodata: Update to latest version
9f8a40765 v2raya: Update to 2.1.0
9ebf145a1 cloudreve: Update to 3.8.1
bf65da62e i2pd: update to version 2.48.0
113a9fc19 golang: Update to 1.19.12
d321bf348 curl: update to 8.2.1

76b1e564d2 mt76: update to the latest version from the 22.03 branch
866badc361 kernel: bump 5.10 to 5.10.191
de29f15af1 openssl: bump to 1.1.1v
8c7b03a2e1 firmware: intel-microcode: update to 20230808
08a78203a8 linux-firmware: update to 20230804
68c6608c2d linux-firmware: update to 20230625
b62dacea14 mbedtls: Update to version 2.28.4
df994cce96 mbedtls: Update to version 2.28.3
c29390b0f3 lua: fix integer overflow in LNUM patch
503aa7f9fb dropbear: add ed25519 for failsafe key
681baab5a7 wolfssl: update to 5.6.3
1dbbd0fcf2 uhttpd: update to latest git HEAD
c1181a54b0 uhttpd: update to latest Git HEAD
419218af13 kernel: bump 5.10 to 5.10.190
59dce3b595 kernel: bump 5.10 to 5.10.189
f6b6d4b2f0 kernel: bump 5.10 to 5.10.188
77f7f69739 kernel: bump 5.10 to 5.10.187

[Backport v2023.1.x] docs: avoid DNS request loop

Fix the example config for the dns upstreams.

(cherry picked from commit ffeaf4451e7c79738dad66fb850fc0345578b050)

docs: add v2023.1 release notes

Signed-off-by: David Bauer <mail@david-bauer.net>

Signed-off-by: David Bauer <mail@david-bauer.net>

Dockerfile: update base to debian:bookworm-slim

Merge pull request #2923 from freifunk-gluon/dependabot/github_actions/korthout/backport-action-1.3.1

build(deps): bump korthout/backport-action from 1.2.0 to 1.3.1

Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.2.0 to 1.3.1.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.2.0...v1.3.1

)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

modules: update to latest HEAD

ath79-nand: (re)add ZyXEL NBG6716

ath79-generic: add support for Ubiquiti NanoBeam 5AC 19 (XC)

docs: ath79-nand: small adjustments

gluon-wan-dnsmasq: use cellular DNS servers

Use DNS servers received from the cellular provider for the WAN dnsmasq
instance.

This fixes resolving VPN endpoint DNS requests when using only cellular
uplink.

Signed-off-by: David Bauer <mail@david-bauer.net>

1a40d7c opennds: Release v10.1.0
faf2c32 bird2: bump to version 2.13.1

545165018 mg: bump to 7.3
29ef4d2e3 curl: update to 8.2.0
bc891685b https-dns-proxy: improve CLI messaging
8b97c69f4 simple-adblock: dnsmasq access bugfix & misc improvements
a04283af1 rclone: Update to 1.63.1
42ad39429 dnsproxy: Update to 0.52.0
0bba5b7ad cloudflared: Update to 2023.7.1
2631e0280 snowflake: update to 2.6.0
4e911ee6b golang: Update to 1.19.11
c59b975f2 banip: release 0.9.0-1
d31c3263c yq: Update to 4.34.2
3264af5e5 cloudflared: Update to 2023.7.0
0ed6605f6 php8: update to 8.1.21
ca2469882 rclone: Update to 1.63.0
b00b4518e rclone: Update to 1.62.2
5d8cb4785 dnsproxy: Update to 0.51.0
069b3a182 banip: update 0.8.9-4
92edb3e8b banip: update 0.8.9-3
5b806c5c7 banip: update 0.8.9-2
1691664f8 banip: release 0.8.9-1
f0ef3925d dnslookup: Update to 1.9.1
999c5b47a adblock: update to 4.1.5-8
b660c6e65 bind: bump to 9.18.16
1c066e61f banip: update 0.8.8-2
6e8e34b95 banip: release 0.8.8-1
fac9edfe4 banip: release 0.8.7-1

1ec274a204 bcm53xx: backport more DT changes queued for v6.6
c39a3f1b16 bcm53xx: add BCM53573 Ethernet fix sent upstream for v6.6
056742885e octeon: ubnt-edgerouter-4/6p: devicetree cleanup
4959dcd698 octeon: ubnt-edgerouter-e300: fix missing MTD partition
3c895dde79 octeon: ubnt-edgerouter-e300: fix LED settings
1c79f93819 ib: split out processing user provided packages
8a1ba96e2d sdk: rename README + update Makefile
cc54e19b20 build: fix generation of large .vdi images
a7867e0cb7 bcm53xx: backport DT changes queued for v6.6
e3d0c7097e bcm53xx: backport DT changes from v6.5
04b4d79b60 kernel: bgmac: fix regressed support for BCM53573 SoCs
cf256cf544 bcm47xx: fix bgmac MTU patch filename
e17f9fd0e8 bcm47xx: revert bgmac back to the old limited max frame size
80a6b0a917 ipq-wifi: fix upstream board-2.bin ZTE M289F snafu
fbc23f664d kernel: bump 5.10 to 5.10.186
0344144e77 kernel: bump 5.10 to 5.10.185