adblock: update to 4.2.0

* new gawk dependency * full hagezi support (all 32 categories) * refine Stevenblack support * refine whitelist handling * fixed tcpdump command line for ports other than 53 (see #24685) Signed-off-by: Dirk Brenken <dev@brenken.org>
2024-08-09 16:59:49 +02:00 · 2024-08-09 16:59:49 +02:00 · 7b18f22e73
parent 4df02492c2
commit 7b18f22e73
6 changed files with 160 additions and 184 deletions
--- a/net/adblock/Makefile
+++ b/net/adblock/Makefile
@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=adblock
-PKG_VERSION:=4.1.5
-PKG_RELEASE:=11
+PKG_VERSION:=4.2.0
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

@ -17,7 +17,7 @@ define Package/adblock
 	SECTION:=net
 	CATEGORY:=Network
 	TITLE:=Powerful adblock script to block ad/abuse domains by using DNS
-	DEPENDS:=+jshn +jsonfilter +coreutils +coreutils-sort +ca-bundle +opkg
+	DEPENDS:=+jshn +jsonfilter +coreutils +coreutils-sort +gawk +ca-bundle +opkg
 	PKGARCH:=all
 endef

--- a/net/adblock/files/README.md
+++ b/net/adblock/files/README.md
@ -26,6 +26,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but
 | easyprivacy         |         | M    | tracking         | [Link](https://easylist.to)                                                       |
 | firetv_tracking     |         | S    | tracking         | [Link](https://github.com/Perflyst/PiHoleBlocklist)                               |
 | games_tracking      |         | S    | tracking         | [Link](https://www.gameindustry.eu)                                               |
+| hagezi              |         | VAR  | compilation      | [Link](https://github.com/hagezi/dns-blocklists)                                  |
 | hblock              |         | XL   | compilation      | [Link](https://hblock.molinero.dev)                                               |
 | lightswitch05       |         | XL   | compilation      | [Link](https://github.com/lightswitch05/hosts)                                    |
 | notracking          |         | XL   | tracking         | [Link](https://github.com/notracking/hosts-blocklists)                            |
@ -67,7 +68,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but
    • <b>S</b> (-10k), <b>M</b> (10k-30k) and <b>L</b> (30k-80k) should work for 128 MByte devices,  
    • <b>XL</b> (80k-200k) should work for 256-512 MByte devices,  
    • <b>XXL</b> (200k-) needs more RAM and Multicore support, e.g. x86 or raspberry devices.  
-    • <b>VAR</b> (50k-500k) variable size depending on the selection.  
+    • <b>VAR</b> (50k-900k) variable size depending on the selection.  
 * Zero-conf like automatic installation & setup, usually no manual changes needed
 * Simple but yet powerful adblock engine: adblock does not use error prone external iptables rulesets, http pixel server instances and things like that
 * Supports five different DNS backend formats: dnsmasq, unbound, named (bind), kresd or raw (e.g. used by dnscrypt-proxy)
@ -107,7 +108,6 @@ A lot of people already use adblocker plugins within their desktop browsers, but
 * A certificate store such as 'ca-bundle' or 'ca-certificates', as adblock checks the validity of the SSL certificates of all download sites by default
 * Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package
 * Optional DNS Query Report support: for DNS reporting you need to install the additional package 'tcpdump-mini' or 'tcpdump'
-* Optional support for gnu awk as alternative to the busybox default, install the additional package 'gawk'

 ## Installation & Usage
 * Update your local opkg repository (_opkg update_)
@ -324,4 +324,3 @@ No matter what you decide - thank you very much for your support!

 Have fun!  
 Dirk
-
--- a/net/adblock/files/adblock.categories
+++ b/net/adblock/files/adblock.categories
@ -1,19 +1,66 @@
-stb;fakenews;alternates/fakenews/hosts
-stb;fakenews-gambling;alternates/fakenews-gambling/hosts
-stb;fakenews-gambling-porn;alternates/fakenews-gambling-porn/hosts
-stb;fakenews-gambling-porn-social;alternates/fakenews-porn-social/hosts
-stb;fakenews-gambling-social;alternates/fakenews-gambling-social/hosts
-stb;fakenews-porn;alternates/fakenews-porn/hosts
-stb;fakenews-porn-social;alternates/fakenews-porn-social/hosts
-stb;fakenews-social;alternates/fakenews-social/hosts
-stb;gambling;alternates/gambling/hosts
-stb;gambling-porn;alternates/gambling-porn/hosts
-stb;gambling-porn-social;alternates/gambling-porn-social/hosts
-stb;gambling-social;alternates/gambling-social/hosts
-stb;porn;alternates/porn/hosts
-stb;porn-social;alternates/porn-social/hosts
-stb;social;alternates/social/hosts
+hag;multi-light;light-onlydomains.txt
+hag;multi-normal;multi-onlydomains.txt
+hag;multi-pro;pro-onlydomains.txt
+hag;multi-pro;pro.mini-onlydomains.txt
+hag;multi-pro.plus;pro.plus-onlydomains.txt
+hag;multi-pro.mini;pro.plus.mini-onlydomains.txt
+hag;multi-ultimate;ultimate-onlydomains.txt
+hag;multi-ultimate.mini;ultimate.mini-onlydomains.txt
+hag;threat-intelligence;tif-onlydomains.txt
+hag;threat-intelligence.medium;tif.medium-onlydomains.txt
+hag;threat-intelligence.mini;tif.mini-onlydomains.txt
+hag;anti.piracy;anti.piracy-onlydomains.txt
+hag;doh;doh-onlydomains.txt
+hag;doh-vpn-proxy-bypass;doh-vpn-proxy-bypass-onlydomains.txt
+hag;dyndns;dyndns-onlydomains.txt
+hag;fake;fake-onlydomains.txt
+hag;gambling;gambling-onlydomains.txt
+hag;gambling.medium;gambling.medium-onlydomains.txt
+hag;gambling.mini;gambling.mini-onlydomains.txt
+hag;hoster;hoster-onlydomains.txt
+hag;native.amazon;native.amazon-onlydomains.txt
+hag;native.apple;native.apple-onlydomains.txt
+hag;native.huawei;native.huawei-onlydomains.txt
+hag;native.lgwebos;native.lgwebos-onlydomains.txt
+hag;native.oppo-realme;native.oppo-realme-onlydomains.txt
+hag;native.tiktok;native.tiktok-onlydomains.txt
+hag;native.tiktok.extended;native.tiktok.extended-onlydomains.txt
+hag;native.vivo;native.vivo-onlydomains.txt
+hag;native.winoffice;native.winoffice-onlydomains.txt
+hag;native.xiaomi;native.xiaomi-onlydomains.txt
+hag;nosafesearch;nosafesearch-onlydomains.txt
+hag;popupads;popupads-onlydomains.txt
 stb;standard;hosts
+stb;standard-fakenews;alternates/fakenews/hosts
+stb;standard-fakenews-gambling;alternates/fakenews-gambling/hosts
+stb;standard-fakenews-gambling-porn;alternates/fakenews-gambling-porn/hosts
+stb;standard-fakenews-gambling-porn-social;alternates/fakenews-porn-social/hosts
+stb;standard-fakenews-gambling-social;alternates/fakenews-gambling-social/hosts
+stb;standard-fakenews-porn;alternates/fakenews-porn/hosts
+stb;standard-fakenews-porn-social;alternates/fakenews-porn-social/hosts
+stb;standard-fakenews-social;alternates/fakenews-social/hosts
+stb;standard-gambling;alternates/gambling/hosts
+stb;standard-gambling-porn;alternates/gambling-porn/hosts
+stb;standard-gambling-porn-social;alternates/gambling-porn-social/hosts
+stb;standard-gambling-social;alternates/gambling-social/hosts
+stb;standard-porn;alternates/porn/hosts
+stb;standard-porn-social;alternates/porn-social/hosts
+stb;standard-social;alternates/social/hosts
+stb;fakenews;alternates/fakenews-only/hosts
+stb;fakenews-gambling;alternates/fakenews-gambling-only/hosts
+stb;fakenews-gambling-porn;alternates/fakenews-gambling-porn-only/hosts
+stb;fakenews-gambling-porn-social;alternates/fakenews-porn-social-only/hosts
+stb;fakenews-gambling-social;alternates/fakenews-gambling-social-only/hosts
+stb;fakenews-porn;alternates/fakenews-porn-only/hosts
+stb;fakenews-porn-social;alternates/fakenews-porn-social-only/hosts
+stb;fakenews-social;alternates/fakenews-social-only/hosts
+stb;gambling;alternates/gambling-only/hosts
+stb;gambling-porn;alternates/gambling-porn-only/hosts
+stb;gambling-porn-social;alternates/gambling-porn-social-only/hosts
+stb;gambling-social;alternates/gambling-social-only/hosts
+stb;porn;alternates/porn-only/hosts
+stb;porn-social;alternates/porn-social-only/hosts
+stb;social;alternates/social-only/hosts
 utc;adult
 utc;agressif
 utc;arjel
--- a/net/adblock/files/adblock.init
+++ b/net/adblock/files/adblock.init
@ -12,7 +12,7 @@ extra_command "suspend" "Suspend adblock processing"
 extra_command "resume" "Resume adblock processing"
 extra_command "query" "<domain> Query active blocklists and backups for a specific domain"
 extra_command "report" "[[<cli>|<mail>|<gen>|<json>] [<top_count>] [<res_count>] [<search>]] Print DNS statistics with an optional search parameter"
-extra_command "list" "[<add>|<add_utc>|<add_eng>|<add_stb>|<remove>|<remove_utc>|<remove_eng>|<remove_stb>] <source(s)> List/Edit available sources"
+extra_command "list" "List available sources"
 extra_command "timer" "[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals"

 adb_init="/etc/init.d/adblock"
@ -71,117 +71,60 @@ report() {
 }

 list() {
-	local src_archive src_file src_enabled enabled name utc_list size focus descurl action="${1}"
+	local src_archive src_file src_enabled enabled name utc_list size focus descurl

-	if [ "${action%_*}" = "add" ] || [ "${action%_*}" = "remove" ]; then
-		shift
-		for name in "${@}"; do
-			case "${action}" in
-				"add")
-					if ! uci_get adblock global adb_sources | grep -q "${name}"; then
-						uci_add_list adblock global adb_sources "${name}"
-						printf "%s\n" "::: adblock source '${name}' added to config"
-					fi
-					;;
-				"remove")
-					if uci_get adblock global adb_sources | grep -q "${name}"; then
-						uci_remove_list adblock global adb_sources "${name}"
-						printf "%s\n" "::: adblock source '${name}' removed from config"
-					fi
-					;;
-				"add_utc")
-					if ! uci_get adblock global adb_utc_sources | grep -q "${name}"; then
-						uci_add_list adblock global adb_utc_sources "${name}"
-						printf "%s\n" "::: adblock utcapitole '${name}' added to config"
-					fi
-					;;
-				"remove_utc")
-					if uci_get adblock global adb_utc_sources | grep -q "${name}"; then
-						uci_remove_list adblock global adb_utc_sources "${name}"
-						printf "%s\n" "::: adblock utcapitole '${name}' removed from config"
-					fi
-					;;
-				"add_eng")
-					if ! uci_get adblock global adb_eng_sources | grep -q "${name}"; then
-						uci_add_list adblock global adb_eng_sources "${name}"
-						printf "%s\n" "::: adblock energized '${name}' added to config"
-					fi
-					;;
-				"remove_eng")
-					if uci_get adblock global adb_eng_sources | grep -q "${name}"; then
-						uci_remove_list adblock global adb_eng_sources "${name}"
-						printf "%s\n" "::: adblock energized '${name}' removed from config"
-					fi
-					;;
-				"add_stb")
-					if ! uci_get adblock global adb_stb_sources | grep -q "${name}"; then
-						uci_add_list adblock global adb_stb_sources "${name}"
-						printf "%s\n" "::: adblock stevenblack '${name}' added to config"
-					fi
-					;;
-				"remove_stb")
-					if uci_get adblock global adb_stb_sources | grep -q "${name}"; then
-						uci_remove_list adblock global adb_stb_sources "${name}"
-						printf "%s\n" "::: adblock stevenblack '${name}' removed from config"
-					fi
-					;;
-			esac
-		done
-		[ -n "$(uci -q changes adblock)" ] && { uci_commit adblock; "${adb_init}" start; }
-	else
-		src_archive="$(uci_get adblock global adb_srcarc "/etc/adblock/adblock.sources.gz")"
-		src_file="$(uci_get adblock global adb_srcfile "/tmp/adb_sources.json")"
-		src_enabled="$(uci -q show adblock.global.adb_sources)"
-		[ -r "${src_archive}" ] && zcat "${src_archive}" >"${src_file}" || printf "%s\n" "::: adblock source archive '${src_archive}' not found"
+	src_archive="$(uci_get adblock global adb_srcarc "/etc/adblock/adblock.sources.gz")"
+	src_file="$(uci_get adblock global adb_srcfile "/tmp/adb_sources.json")"
+	src_enabled="$(uci -q show adblock.global.adb_sources)"
+	[ -r "${src_archive}" ] && zcat "${src_archive}" >"${src_file}" || printf "%s\n" "::: adblock source archive '${src_archive}' not found"

-		if [ -r "${src_file}" ]; then
-			src_enabled="${src_enabled#*=}"
-			src_enabled="${src_enabled//\'}"
-			printf "%s\n" "::: Available adblock sources"
-			printf "%s\n" ":::"
-			printf "%-25s%-10s%-7s%-21s%s\n" "    Name" "Enabled" "Size" "Focus" "Info URL"
-			printf "%s\n" "    -------------------------------------------------------------------"
-			json_load_file "${src_file}"
-			json_get_keys keylist
-			for key in ${keylist}; do
-				json_select "${key}"
-				json_get_var size "size"
-				json_get_var focus "focus"
-				json_get_var descurl "descurl"
-				json_get_var url "url"
-				json_get_var rule "rule"
-				if [ -n "${url}" ] && [ -n "${rule}" ]; then
-					if printf "%s" "${src_enabled}" | grep -q "${key}"; then
-						enabled="x"
-					else
-						enabled=" "
-					fi
-					src_enabled="${src_enabled/${key}}"
-					printf "  + %-21s%-10s%-7s%-21s%s\n" "${key:0:20}" "${enabled}" "${size:0:3}" "${focus:0:20}" "${descurl:0:50}"
+	if [ -r "${src_file}" ]; then
+		src_enabled="${src_enabled#*=}"
+		src_enabled="${src_enabled//\'}"
+		printf "%s\n" "::: Available adblock sources"
+		printf "%s\n" ":::"
+		printf "%-25s%-10s%-7s%-21s%s\n" "    Name" "Enabled" "Size" "Focus" "Info URL"
+		printf "%s\n" "    -------------------------------------------------------------------"
+		json_load_file "${src_file}"
+		json_get_keys keylist
+		for key in ${keylist}; do
+			json_select "${key}"
+			json_get_var size "size"
+			json_get_var focus "focus"
+			json_get_var descurl "descurl"
+			json_get_var url "url"
+			json_get_var rule "rule"
+			if [ -n "${url}" ] && [ -n "${rule}" ]; then
+				if printf "%s" "${src_enabled}" | grep -q "${key}"; then
+					enabled="x"
 				else
-					src_enabled="${src_enabled} ${key}"
+					enabled=" "
 				fi
-				json_select ..
-			done
-			utc_list="$(uci_get adblock global adb_utc_sources "-")"
-			eng_list="$(uci_get adblock global adb_eng_sources "-")"
-			stb_list="$(uci_get adblock global adb_stb_sources "-")"
-			printf "%s\n" "    ---------------------------------------------------------------------------"
-			printf "  * %s\n" "Configured utcapitole categories: ${utc_list// /, }"
-			printf "  * %s\n" "Configured energized variants: ${eng_list// /, }"
-			printf "  * %s\n" "Configured stevenblack variants: ${stb_list// /, }"
-
-			if [ -n "${src_enabled// }" ]; then
-				printf "%s\n" "    ---------------------------------------------------------------------------"
-				printf "%s\n" "    Sources with invalid configuration"
-				printf "%s\n" "    ---------------------------------------------------------------------------"
-				for key in ${src_enabled}; do
-					printf "  - %s\n" "${key:0:20}"
-				done
+				src_enabled="${src_enabled/${key}}"
+				printf "  + %-21s%-10s%-7s%-21s%s\n" "${key:0:20}" "${enabled}" "${size:0:3}" "${focus:0:20}" "${descurl:0:50}"
+			else
+				src_enabled="${src_enabled} ${key}"
 			fi
-		else
-			printf "%s\n" "::: adblock source file '${src_file}' not found"
+			json_select ..
+		done
+		utc_list="$(uci_get adblock global adb_utc_sources "-")"
+		hag_list="$(uci_get adblock global adb_hag_sources "-")"
+		stb_list="$(uci_get adblock global adb_stb_sources "-")"
+		printf "%s\n" "    ---------------------------------------------------------------------------"
+		printf "  * %s\n" "Configured utcapitole categories: ${utc_list// /, }"
+		printf "  * %s\n" "Configured hagezi variants: ${hag_list// /, }"
+		printf "  * %s\n" "Configured stevenblack variants: ${stb_list// /, }"
+
+		if [ -n "${src_enabled// }" ]; then
+			printf "%s\n" "    ---------------------------------------------------------------------------"
+			printf "%s\n" "    Sources with invalid configuration"
+			printf "%s\n" "    ---------------------------------------------------------------------------"
+			for key in ${src_enabled}; do
+				printf "  - %s\n" "${key:0:20}"
+			done
 		fi
+	else
+		printf "%s\n" "::: adblock source file '${src_file}' not found"
 	fi
 }

--- a/net/adblock/files/adblock.sh
+++ b/net/adblock/files/adblock.sh
@ -11,7 +11,7 @@
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"

-adb_ver="4.1.5"
+adb_ver="4.2.0"
 adb_enabled="0"
 adb_debug="0"
 adb_forcedns="0"
@ -43,6 +43,8 @@ adb_dnsjail="${adb_dnsprefix}.jail"
 adb_srcarc="/etc/adblock/adblock.sources.gz"
 adb_srcfile="${adb_tmpbase}/adb_sources.json"
 adb_rtfile="${adb_tmpbase}/adb_runtime.json"
+adb_sort="$(command -v sort)"
+adb_awk="$(command -v gawk)"
 adb_loggercmd="$(command -v logger)"
 adb_dumpcmd="$(command -v tcpdump)"
 adb_lookupcmd="$(command -v nslookup)"
@ -126,7 +128,7 @@ f_load() {
 			f_log "info" "report directory '${adb_reportdir}' created"
 		fi
 		if [ -n "${adb_repiface}" ] && [ -d "${adb_reportdir}" ]; then
-			("${adb_dumpcmd}" -nn -p -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 &)
+			("${adb_dumpcmd}" --immediate-mode -nn -p -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 &)
 			bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')"
 		else
 			f_log "info" "Please set the name of the reporting network device 'adb_repiface' manually"
@ -181,8 +183,8 @@ f_conf() {
 			local value="${2}"
 			if [ "${option}" = "adb_sources" ]; then
 				eval "${option}=\"$(printf "%s" "${adb_sources}") ${value}\""
-			elif [ "${option}" = "adb_eng_sources" ]; then
-				eval "${option}=\"$(printf "%s" "${adb_eng_sources}") ${value}\""
+			elif [ "${option}" = "adb_hag_sources" ]; then
+				eval "${option}=\"$(printf "%s" "${adb_hag_sources}") ${value}\""
 			elif [ "${option}" = "adb_stb_sources" ]; then
 				eval "${option}=\"$(printf "%s" "${adb_stb_sources}") ${value}\""
 			elif [ "${option}" = "adb_utc_sources" ]; then
@ -261,8 +263,8 @@ f_dns() {
 				adb_dnsheader="${adb_dnsheader:-""}"
 				adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"local=/\"\$0\"/\"}'"}"
 				adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"local=/\"\$0\"/#\"}'"}"
-				adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"address=/\"\$0\"/\"item\"\"}'"}"
-				adb_dnsstop="${adb_dnsstop:-"address=/#/"}"
+				adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"address=/\"\$0\"/\"item\"\";print \"local=/\"\$0\"/\"}'"}"
+				adb_dnsstop="${adb_dnsstop:-"address=/#/\nlocal=/#/"}"
 				;;
 			"unbound")
 				adb_dnscachecmd="$(command -v unbound-control || printf "%s" "-")"
@ -498,7 +500,7 @@ f_count() {
 			[ -s "${adb_tmpfile}.${name}" ] && adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpfile}.${name}")"
 			;;
 		"whitelist")
-			[ -s "${adb_tmpdir}/tmp.raw.${name}" ] && { adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpdir}/tmp.raw.${name}")"; rm -f "${adb_tmpdir}/tmp.raw.${name}"; }
+			[ -s "${adb_tmpdir}/tmp.raw.${name}" ] && { adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpdir}/tmp.raw.${name}")"; : >"${adb_tmpdir}/tmp.raw.${name}"; }
 			;;
 		"safesearch")
 			[ -s "${adb_tmpdir}/tmp.safesearch.${name}" ] && adb_cnt="$(wc -l 2>/dev/null <"${adb_tmpdir}/tmp.safesearch.${name}")"
@ -680,7 +682,7 @@ f_list() {
 					eval "${adb_dnsdenyip}" "${adb_tmpdir}/tmp.raw.${src_name}" >>"${adb_tmpdir}/tmp.add.${src_name}"
 					out_rc="${?}"
 				fi
-				rm -f "${adb_tmpdir}/tmp.raw.${src_name}"
+				: >"${adb_tmpdir}/tmp.raw.${src_name}"
 			fi
 			;;
 		"blacklist" | "whitelist")
@ -696,24 +698,24 @@ f_list() {
 				"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "${adb_tmpdir}/tmp.deduplicate.${src_name}" >"${adb_tmpdir}/tmp.raw.${src_name}"
 				"${adb_sort}" ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null >"${adb_tmpfile}.${src_name}"
 				out_rc="${?}"
-				rm -f "${adb_tmpdir}/tmp.raw.${src_name}"
+				: > "${adb_tmpdir}/tmp.raw.${src_name}"
 			elif [ "${src_name}" = "whitelist" ] && [ -f "${adb_whitelist}" ]; then
 				rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
 				printf "%s\n" "${adb_lookupdomain}" | "${adb_awk}" "${rset}" >"${adb_tmpdir}/tmp.raw.${src_name}"
 				"${adb_awk}" "${rset}" "${adb_whitelist}" >>"${adb_tmpdir}/tmp.raw.${src_name}"
 				out_rc="${?}"
 				if [ "${out_rc}" = "0" ]; then
-					rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{gsub(\"\\\\.\",\"\\\\.\",\$1);print tolower(\"^(|.*\\\\.)\"\$1\"$\")}"
+					rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}"
 					"${adb_awk}" "${rset}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.rem.${src_name}"
 					out_rc="${?}"
 					if [ "${out_rc}" = "0" ] && [ "${adb_dnsallow}" != "1" ]; then
 						eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.add.${src_name}"
 						out_rc="${?}"
 						if [ "${out_rc}" = "0" ] && [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then
-							: >"${adb_jaildir}/${adb_dnsjail}"
+							rm -f "${adb_jaildir}/${adb_dnsjail}"
 							[ -n "${adb_dnsheader}" ] && printf "%b" "${adb_dnsheader}" >>"${adb_jaildir}/${adb_dnsjail}"
 							cat "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_jaildir}/${adb_dnsjail}"
-							printf "%s\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}"
+							printf "%b\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}"
 						fi
 					fi
 				fi
@ -800,12 +802,12 @@ f_list() {
 				[ "${adb_dns}" = "named" ] && array="${safe_cname}" || array="${safe_ips}"
 				for item in ${array}; do
 					if ! eval "${adb_dnssafesearch}" "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" >>"${adb_tmpdir}/tmp.safesearch.${src_name}"; then
-						rm -f "${adb_tmpdir}/tmp.safesearch.${src_name}"
+						: >"${adb_tmpdir}/tmp.safesearch.${src_name}"
 						break
 					fi
 				done
 				out_rc="${?}"
-				rm -f "${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
+				: >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}"
 			fi
 			;;
 		"backup")
@ -882,16 +884,20 @@ f_list() {
 # top level domain compression
 #
 f_tld() {
-	local cnt cnt_tld source="${1}" temp_tld="${1}.tld"
+	local cnt cnt_tld cnt_rem source="${1}" temp_tld="${1}.tld"

 	if "${adb_awk}" '{if(NR==1){tld=$NF};while(getline){if(index($NF,tld".")==0){print tld;tld=$NF}}print tld}' "${source}" |
 		"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${temp_tld}"; then
-		mv -f "${temp_tld}" "${source}"
-		cnt_tld="$(wc -l 2>/dev/null <"${source}")"
-	else
-		rm -f "${temp_tld}"
+		cnt_tld="$(wc -l 2>/dev/null <"${temp_tld}")"
+		if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ]; then
+			"${adb_awk}" 'NR==FNR{del[$0];next};!($0 in del)' "${adb_tmpdir}/tmp.rem.whitelist" "${temp_tld}" >"${source}"
+			cnt_rem="$(wc -l 2>/dev/null <"${source}")"
+		else
+			mv -f "${temp_tld}" "${source}"
+		fi
 	fi
-	f_log "debug" "f_tld    ::: source: ${source}, cnt: ${adb_cnt:-"-"}, cnt_tld: ${cnt_tld:-"-"}"
+	: > "${temp_tld}"
+	f_log "debug" "f_tld    ::: source: ${source}, cnt: ${adb_cnt:-"-"}, cnt_tld: ${cnt_tld:-"-"}, cnt_rem: ${cnt_rem:-"-"}"
 }

 # suspend/resume adblock processing
@ -1185,13 +1191,7 @@ f_main() {
 						f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}, log: ${src_log:-"-"}"
 					fi
 					if [ "${src_rc}" = "0" ] && [ -s "${src_tmpload}" ]; then
-						if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ]; then
-							"${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
-								grep -Evf "${adb_tmpdir}/tmp.rem.whitelist" | "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
-						else
-							"${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
-								"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
-						fi
+						"${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" | "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
 						: >"${src_tmpload}"
 						"${adb_sort}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null >"${src_tmpfile}"
 						src_rc="${?}"
@ -1202,7 +1202,7 @@ f_main() {
 						elif [ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ]; then
 							f_log "info" "archive preparation of '${src_name}' failed, categories: ${src_cat:-"-"}, entries: ${src_entries}, rc: ${src_rc}"
 							f_list restore
-							rm -f "${src_tmpfile}"
+							: >"${src_tmpfile}"
 						fi
 					elif [ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ]; then
 						f_log "info" "archive extraction of '${src_name}' failed, categories: ${src_cat:-"-"}, entries: ${src_entries}, rc: ${src_rc}"
@ -1211,11 +1211,11 @@ f_main() {
 				) &
 			fi
 		else
-			if [ "${src_name}" = "energized" ] && [ -n "${adb_eng_sources}" ]; then
-				src_cat="${adb_eng_sources}"
-			elif [ "${src_name}" = "stevenblack" ] && [ -n "${adb_stb_sources}" ]; then
+			if [ "${src_name}" = "stevenblack" ] && [ -n "${adb_stb_sources}" ]; then
 				src_cat="${adb_stb_sources}"
-			elif { [ "${src_name}" = "energized" ] && [ -z "${adb_eng_sources}" ]; } ||
+			elif [ "${src_name}" = "hagezi" ] && [ -n "${adb_hag_sources}" ]; then
+				src_cat="${adb_hag_sources}"
+			elif { [ "${src_name}" = "hagezi" ] && [ -z "${adb_hag_sources}" ]; } ||
 				{ [ "${src_name}" = "stevenblack" ] && [ -z "${adb_stb_sources}" ]; }; then
 				continue
 			fi
@ -1234,13 +1234,8 @@ f_main() {
 					fi
 				done
 				if [ "${src_rc}" = "0" ] && [ -s "${src_tmpload}" ]; then
-					if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ]; then
-						"${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
-							grep -Evf "${adb_tmpdir}/tmp.rem.whitelist" | "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
-					else
-						"${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
-							"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
-					fi
+					"${adb_awk}" "${src_rset}" "${src_tmpload}" | sed "s/\r//g" |
+						"${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${src_tmpsort}"
 					: >"${src_tmpload}"
 					"${adb_sort}" ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null >"${src_tmpfile}"
 					src_rc="${?}"
@ -1251,7 +1246,7 @@ f_main() {
 					elif [ "${adb_backup}" = "1" ] && [ "${adb_action}" != "start" ]; then
 						f_log "info" "preparation of '${src_name}' failed, rc: ${src_rc}"
 						f_list restore
-						rm -f "${src_tmpfile}"
+						: >"${src_tmpfile}"
 					fi
 				else
 					src_log="$(printf "%s" "${src_log}" | "${adb_awk}" '{ORS=" ";print $0}')"
@ -1305,7 +1300,7 @@ f_report() {
 		for file in "${adb_reportdir}/adb_report.pcap"*; do
 			(
 				if [ "${adb_repiface}" = "any" ]; then
-					"${adb_dumpcmd}" "${resolve}" -tttt -r "${file}" 2>/dev/null |
+					"${adb_dumpcmd}" "${resolve}" --immediate-mode -T domain -tttt -r "${file}" 2>/dev/null |
 					"${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? | Flags /&&/ A[A]*\? |NXDomain|0\.0\.0\.0|[0-9]\/[0-9]\/[0-9]/{sub(/\.[0-9]+$/,"",$6);
 						type=substr($(NF-1),length($(NF-1)));
 						if(type=="."&&$(NF-2)!="CNAME")
@ -1314,7 +1309,7 @@ f_report() {
 							{if($(NF-1)~/[0-9]\/[0-9]\/[0-9]/||$(NF-1)=="0.0.0.0"){type="NX"}else{type="OK"};domain=""};
 						printf "%08d\t%s\t%s\t%s\t%-25s\t%s\n",$9,type,$1,substr($2,1,8),$6,domain}' >>"${report_raw}"
 				else
-					"${adb_dumpcmd}" "${resolve}"  -tttt -r "${file}" 2>/dev/null |
+					"${adb_dumpcmd}" "${resolve}" --immediate-mode -T domain -tttt -r "${file}" 2>/dev/null |
 					"${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? | Flags /&&/ A[A]*\? |NXDomain|0\.0\.0\.0|[0-9]\/[0-9]\/[0-9]/{sub(/\.[0-9]+$/,"",$4);
 						type=substr($(NF-1),length($(NF-1)));
 						if(type=="."&&$(NF-2)!="CNAME")
@ -1458,21 +1453,6 @@ else
 	f_log "err" "system libraries not found"
 fi

-# awk check
-#
-adb_awk="$(command -v gawk)"
-if [ ! -x "${adb_awk}" ]; then
-	adb_awk="$(command -v awk)"
-	[ ! -x "${adb_awk}" ] && f_log "err" "awk not found or not executable"
-fi
-
-# sort check
-#
-adb_sort="$(command -v sort)"
-if [ ! -x "${adb_sort}" ] || ! "${adb_sort}" --version 2>/dev/null | grep -q "coreutils"; then
-	f_log "err" "coreutils sort not found or not executable"
-fi
-
 # handle different adblock actions
 #
 f_load
--- a/net/adblock/files/adblock.sources
+++ b/net/adblock/files/adblock.sources
@ -117,6 +117,13 @@
 		"size": "XL",
 		"focus": "compilation",
 		"descurl": "https://hblock.molinero.dev"
+	},
+	"hagezi": {
+		"url": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/",
+		"rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}",
+		"size": "VAR",
+		"focus": "compilation",
+		"descurl": "https://github.com/hagezi/dns-blocklists"
 	},
 	 "lightswitch05": {
 		"url": "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt",