From 093678ce6f13593e5930f49d306eb62bbd18e086 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 12 Apr 2023 16:21:19 +0800
Subject: [PATCH] update 2023-04-12 16:21:19

---
 luci-app-memos/Makefile                       |   2 +-
 .../etc/uci-defaults/luci-app-memos-fix-bug1  |  20 +++
 .../root/usr/libexec/istorec/memos.sh         |   2 +-
 luci-app-passwall/Makefile                    |   4 +-
 .../model/cbi/passwall/client/acl_config.lua  |  12 +-
 .../model/cbi/passwall/client/global.lua      |   3 +
 .../root/usr/share/passwall/app.sh            | 125 +++++++++---------
 .../usr/share/passwall/helper_dnsmasq_add.lua |  15 ++-
 luci-app-store/Makefile                       |   4 +-
 9 files changed, 109 insertions(+), 78 deletions(-)
 create mode 100644 luci-app-memos/root/etc/uci-defaults/luci-app-memos-fix-bug1

diff --git a/luci-app-memos/Makefile b/luci-app-memos/Makefile
index 6e63e1c17..9bac7e38b 100644
--- a/luci-app-memos/Makefile
+++ b/luci-app-memos/Makefile
@@ -2,7 +2,7 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.0.1-20230108
+PKG_VERSION:=1.0.2-20230412
 PKG_RELEASE:=
 
 LUCI_TITLE:=LuCI support for Memos
diff --git a/luci-app-memos/root/etc/uci-defaults/luci-app-memos-fix-bug1 b/luci-app-memos/root/etc/uci-defaults/luci-app-memos-fix-bug1
new file mode 100644
index 000000000..2c68e0901
--- /dev/null
+++ b/luci-app-memos/root/etc/uci-defaults/luci-app-memos-fix-bug1
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [[ "`docker container inspect -f '{{ (index .Mounts 0).Destination }}' memos`" = "/config" ]]; then
+    echo "fix script bug"
+    config_path="`docker container inspect -f '{{ (index .Mounts 0).Source }}' memos`"
+    echo "backup old data"
+    if [[ -z "$config_path" ]]; then
+        docker start memos 2>/dev/null
+        docker exec memos cp -a /var/opt/memos/. /config/
+        docker stop memos 2>/dev/null
+    else
+        mkdir -p "$config_path"
+        docker stop memos 2>/dev/null
+        docker cp -a memos:/var/opt/memos/. "${config_path%/}/"
+    fi
+    echo "remove old container"
+    docker rm -f memos
+    echo "you should deploy later"
+fi
+exit 0
diff --git a/luci-app-memos/root/usr/libexec/istorec/memos.sh b/luci-app-memos/root/usr/libexec/istorec/memos.sh
index 78fe5e4c3..629143ea9 100755
--- a/luci-app-memos/root/usr/libexec/istorec/memos.sh
+++ b/luci-app-memos/root/usr/libexec/istorec/memos.sh
@@ -23,7 +23,7 @@ do_install() {
   [ -z "$http_port" ] && http_port=5230
 
   local cmd="docker run --restart=unless-stopped -d \
-    -v \"$config:/config\" \
+    -v \"$config:/var/opt/memos\" \
     --dns=172.17.0.1 \
     -p $http_port:5230 "
 
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index ce6748d75..fe78fc951 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.63
-PKG_RELEASE:=5
+PKG_VERSION:=4.64-1
+PKG_RELEASE:=
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index d557d12f7..93d7c73b0 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -313,7 +313,17 @@ if has_chnlist then
 	.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
 	.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
 	.. "</ul>"
-	when_chnroute_default_dns:depends("tcp_proxy_mode", "chnroute")
+	local _depends = {
+		{ dns_mode = "dns2socks" },
+		{ dns_mode = "xray" }
+	}
+	for i, d in ipairs(_depends) do
+		d["tcp_proxy_mode"] = "chnroute"
+		if api.is_finded("chinadns-ng") then
+			d["chinadns_ng"] = false
+		end
+		when_chnroute_default_dns:depends(d)
+	end
 end
 
 return m
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 1e568e68c..97fd8997c 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -389,6 +389,9 @@ if has_chnlist then
 	.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
 	.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
 	.. "</ul>"
+	if api.is_finded("chinadns-ng") then
+		when_chnroute_default_dns:depends("chinadns_ng", false)
+	end
 end
 
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 138d251bf..76fbb8948 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -401,6 +401,40 @@ run_dns2socks() {
 	ln_run "$(first_type dns2socks)" "dns2socks${flag}" $log_file ${_extra_param} "${socks_address}:${socks_port}" "${dns}" "${listen_address}:${listen_port}"
 }
 
+run_chinadns_ng() {
+	local _listen_port _dns_china _dns_trust _chnlist _gfwlist _no_ipv6_rules _log_path _no_logic_log
+	eval_set_val $@
+	
+	local _LOG_FILE=$LOG_FILE
+	[ -n "$_no_logic_log" ] && LOG_FILE="/dev/null"
+
+	echolog "  | - (chinadns-ng) 最高支持4级域名过滤..."
+
+	local _default_tag
+	local _extra_param=""
+	[ -n "$_chnlist" ] && {
+		[ -s "${RULES_PATH}/chnlist" ] && {
+			local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
+			cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
+			_extra_param="${_extra_param} -m ${_chnlist_file} -M -a"
+		}
+	}
+	
+	([ -n "$_chnlist" ] || [ -n "$_gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
+		local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
+		cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
+		_extra_param="${_extra_param} -g ${_gfwlist_file}"
+		#当只有使用gfwlist模式时设置默认DNS为本地直连
+		[ -n "$_gfwlist" ] && [ -z "$_chnlist" ] && _default_tag="chn"
+	}
+	[ -n "$_default_tag" ] && _extra_param="${_extra_param} -d ${_default_tag}"
+
+	_log_path="/dev/null"
+	ln_run "$(first_type chinadns-ng)" chinadns-ng "$_log_path" -v -b 127.0.0.1 -l "${_listen_port}" ${_dns_china:+-c "${_dns_china}"} ${_dns_trust:+-t "${_dns_trust}"} ${_extra_param} -f ${_no_ipv6_rules:+-N=${_no_ipv6_rules}}
+	echolog "  + 过滤服务：ChinaDNS-NG(:${_listen_port})：国内DNS：${_dns_china}，可信DNS：${_dns_trust}"
+	LOG_FILE=${_LOG_FILE}
+}
+
 run_socks() {
 	local flag node bind socks_port config_file http_port http_config_file relay_port log_file
 	eval_set_val $@
@@ -1153,41 +1187,21 @@ start_dns() {
 	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 要求代理 DNS 请求，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"
 
 	[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && {
-		china_ng_listen_port=$(expr $dns_listen_port + 1)
-		china_ng_listen="127.0.0.1#${china_ng_listen_port}"
-		china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
-		china_ng_gfw="${TUN_DNS}"
-		echolog "  | - (chinadns-ng) 最高支持4级域名过滤..."
-
-		local china_ng_extra_param=""
-		[ -n "$chnlist" ] && {
-			[ -s "${RULES_PATH}/chnlist" ] && {
-				local chnlist_file="${TMP_PATH}/chinadns_chnlist"
-				cp -a "${RULES_PATH}/chnlist" "${chnlist_file}"
-				china_ng_extra_param="${china_ng_extra_param} -m ${chnlist_file} -M"
-			}
-			#当使用中国列表外时的默认DNS
-			[ "$WHEN_CHNROUTE_DEFAULT_DNS" = "remote" ] && china_ng_default_tag="gfw"
-			[ "$WHEN_CHNROUTE_DEFAULT_DNS" = "direct" ] && china_ng_default_tag="chn"
-		}
-
-		([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
-			local gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
-			cp -a "${RULES_PATH}/gfwlist" "${gfwlist_file}"
-			china_ng_extra_param="${china_ng_extra_param} -g ${gfwlist_file}"
-			#当只有使用gfwlist模式时设置默认DNS为本地直连
-			[ -n "$gfwlist" ] && [ -z "$chnlist" ] && china_ng_default_tag="chn"
-		}
-		[ -n "$china_ng_default_tag" ] && china_ng_extra_param="${china_ng_extra_param} -d ${china_ng_default_tag}"
-
-		local log_path="${TMP_PATH}/chinadns-ng.log"
-		log_path="/dev/null"
 		[ "$FILTER_PROXY_IPV6" = "1" ] && {
-			noipv6="-N=gt"
+			local _no_ipv6_rules="gt"
 			DNSMASQ_FILTER_IPV6=0
 		}
-		ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${china_ng_extra_param} -f ${noipv6}
-		echolog "  + 过滤服务：ChinaDNS-NG(:${china_ng_listen_port})：国内DNS：${china_ng_chn}，可信DNS：${china_ng_gfw}"
+		local china_ng_listen_port=$(expr $dns_listen_port + 1)
+		local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
+		run_chinadns_ng \
+			_listen_port=${china_ng_listen_port} \
+			_dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
+			_dns_trust="${TUN_DNS}" \
+			_chnlist="${chnlist}" \
+			_gfwlist="${gfwlist}" \
+			_no_ipv6_rules="${_no_ipv6_rules}" \
+			_log_path="${TMP_PATH}/chinadns-ng.log"
+
 		WHEN_CHNROUTE_DEFAULT_DNS="chinadns_ng"
 	}
 
@@ -1327,39 +1341,23 @@ acl_app() {
 
 							local _dnsmasq_filter_ipv6=$filter_proxy_ipv6
 							[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && {
-								chinadns_port=$(expr $chinadns_port + 1)
-								_china_ng_listen="127.0.0.1#${chinadns_port}"
-								local _china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
-								local _china_ng_gfw="127.0.0.1#${_dns_port}"
-
-								local _china_ng_extra_param=""
-								[ "$tcp_proxy_mode" = "chnroute" ] && {
-									[ -s "${RULES_PATH}/chnlist" ] && {
-										local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
-										cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
-										_china_ng_extra_param="${_china_ng_extra_param} -m ${_chnlist_file} -M"
-									}
-									#当使用中国列表外时的默认DNS
-									[ "$when_chnroute_default_dns" = "remote" ] && _china_ng_default_tag="gfw"
-									[ "$when_chnroute_default_dns" = "direct" ] && _china_ng_default_tag="chn"
-								}
-
-								([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
-									local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
-									cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
-									_china_ng_extra_param="${_china_ng_extra_param} -g ${_gfwlist_file}"
-									#当使用gfwlist模式时设置默认DNS为本地直连
-									[ "$tcp_proxy_mode" = "gfwlist" ] && _china_ng_default_tag="chn"
-								}
-								[ -n "$_china_ng_default_tag" ] && _china_ng_extra_param="${_china_ng_extra_param} -d ${_china_ng_default_tag}"
-
-								#local _china_ng_log_file="${TMP_ACL_PATH}/${sid}/chinadns-ng.log"
-								local _china_ng_log_file="/dev/null"
 								[ "$filter_proxy_ipv6" = "1" ] && {
-									local _china_ng_noipv6="-N=gt"
+									local _no_ipv6_rules="gt"
 									_dnsmasq_filter_ipv6=0
 								}
-								ln_run "$(first_type chinadns-ng)" chinadns-ng "$_china_ng_log_file" -v -b 0.0.0.0 -l "${chinadns_port}" ${_china_ng_chn:+-c "${_china_ng_chn}"} ${_china_ng_gfw:+-t "${_china_ng_gfw}"} ${_china_ng_extra_param} -f ${_china_ng_noipv6}
+								chinadns_port=$(expr $chinadns_port + 1)
+								_china_ng_listen="127.0.0.1#${chinadns_port}"
+
+								run_chinadns_ng \
+									_listen_port=${chinadns_port} \
+									_dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
+									_dns_trust="127.0.0.1#${_dns_port}" \
+									_chnlist=$(echo "${tcp_proxy_mode}" | grep "chnroute") \
+									_gfwlist=$(echo "${tcp_proxy_mode}" | grep "gfwlist") \
+									_no_ipv6_rules="${_no_ipv6_rules}" \
+									_log_path="${TMP_ACL_PATH}/${sid}/chinadns-ng.log" \
+									_no_logic_log=1
+
 								when_chnroute_default_dns="chinadns_ng"
 							}
 
@@ -1502,7 +1500,7 @@ acl_app() {
 			[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
 			unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
 			unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
-			unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _china_ng_noipv6 _china_ng_extra_param _dnsmasq_filter_ipv6
+			unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_rules _china_ng_extra_param _dnsmasq_filter_ipv6
 			unset redirect_dns_port
 		done
 		unset socks_port redir_port dns_port dnsmasq_port chinadns_port
@@ -1519,7 +1517,6 @@ start() {
 	if [ "$use_nft" == 1 ] && [ -z "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
 		echolog "Dnsmasq软件包不满足nftables透明代理要求，如需使用请确保dnsmasq版本在2.87以上并开启nftset支持。"
 	elif [ "$use_nft" == 1 ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
-		echolog "使用nftables进行透明代理，一些不支持nftables的组件如chinadns-ng等可能不会正常工作。"
 		USE_TABLES="nftables"
 		nftflag=1
 	elif [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ]; then
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
index 22359b94f..667d6ca80 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@@ -317,14 +317,15 @@ if not fs.access(CACHE_DNS_PATH) then
 
 		if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then
 			fwd_dns = LOCAL_DNS
-			local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
-			for line in string.gmatch(chnlist_str, "[^\r\n]+") do
-				if line ~= "" then
-					if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
-						fwd_dns = nil
+			if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
+				fwd_dns = nil
+			else
+				local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+				for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+					if line ~= "" then
+						set_domain_dns(line, fwd_dns)
+						set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
 					end
-					set_domain_dns(line, fwd_dns)
-					set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
 				end
 			end
 			log(string.format("  - 中国域名表(chnroute)：%s", fwd_dns or "默认"))
diff --git a/luci-app-store/Makefile b/luci-app-store/Makefile
index 965fc8625..60cc55831 100644
--- a/luci-app-store/Makefile
+++ b/luci-app-store/Makefile
@@ -16,8 +16,8 @@ PKG_VERSION:=0.1.13-2
 PKG_RELEASE:=
 
 ISTORE_UI_VERSION:=0.1.12
-ISTORE_UI_RELEASE:=5
-PKG_HASH:=23279d9fa532bbe6a66c4523cfee617d098a6e9a797e4c7e5c07c52b04434047
+ISTORE_UI_RELEASE:=6
+PKG_HASH:=bf43aef8b6635f7ad0de132cacdd8486ed8e4e33eeb0ae05be2ce56ab8aaff5e
 
 PKG_SOURCE_URL_FILE:=v$(ISTORE_UI_VERSION)-$(ISTORE_UI_RELEASE).tar.gz
 PKG_SOURCE:=istore-ui-$(PKG_SOURCE_URL_FILE)