git.99rst.org Git - openwrt-packages.git/log

node: bump to 22.22.2

This is a security release.
Notable Changes
* (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
* (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
* (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium
* (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
* (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
* (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
* (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low

Signed-off-by: Hirokazu MORIKAWA <redacted>

python-poetry-core: bump to 2.3.2

Changelog: https://github.com/python-poetry/poetry-core/releases/tag/2.3.2

Changes include:
- Fix handling of PEP 440 post-releases in version constraints
- Minor bug fixes and internal improvements

Add test.sh to validate basic version parsing and constraint evaluation.

Signed-off-by: Alexandru Ardelean <redacted>

python-setuptools: fix patch for 82.0.1

The 0001-distutils-use-python-sysroot.patch was written against an
older setuptools where the build_ext LIBDIR yield had less indentation.
In 82.0.1, a z/OS platform check wrapped the code adding an extra
indentation level. Regenerate the patch against the actual 82.0.1 source.

Signed-off-by: Alexandru Ardelean <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

python-cryptography: bump to 46.0.6

Starting with 46.x, cryptography switched its build backend from
setuptools-rust to maturin. Update PKG_BUILD_DEPENDS accordingly:
replace python-setuptools-rust/host with python-maturin/host and
python-setuptools/host (setuptools is still required by cffi).

Drop 001-Update-ouroboros.patch: the ouroboros crate is no longer a
dependency in 46.x, so the patch (which bumped it from 0.15 to 0.18
to fix RUSTSEC-2023-0042) no longer applies.

Signed-off-by: Alexandru Ardelean <redacted>

python-setuptools-rust: bump to 1.12.1

Required by python-maturin as a build dependency (maturin >= 1.12.6
requires setuptools-rust >= 1.11.0).

Signed-off-by: Alexandru Ardelean <redacted>

python-maturin: bump to 1.12.6

Needed by python-cryptography 46.x, which switched its build backend
from setuptools-rust to maturin (requires maturin >= 1.9.4).

Signed-off-by: Alexandru Ardelean <redacted>

python-setuptools: re-introduce patch from python3

When Python3 was updated via commit 97a92f2e7 , distutils was
disappeared from Python3 and moved to setuptools.
So that patch should have moved here as well.

This should fix all packages which still use the 'build_ext'
module from setuptools.

Signed-off-by: Alexandru Ardelean <redacted>

python3: merge python3-email into python3-urllib

As we're seeing in various test.sh scrip runs, importing 'email' fails
with not finding 'urllib' and vice-versa.

Then via a7e96ec91 ("python3-email: add python3-urllib as dependency")
I created a circular dependency.
So, might as well merge the two packages into one (named python3-urllib)
and updates all dependencies to pull python3-urllib.

Signed-off-by: Alexandru Ardelean <redacted>

fail2ban: drop python3-pkg-resources dependency

The python3-pkg-resources package does not exist in OpenWrt.
The only distutils/setuptools usage in fail2ban 1.1.0 is in
filterpyinotify.py and filtersystemd.py, both of which are
optional backends not available on OpenWrt. They are loaded
lazily via ImportError-guarded calls and the default auto
backend falls through to polling without them.

Also add test.sh with basic import and CLI smoke test.

Add me as maintainer.

Signed-off-by: Alexandru Ardelean <redacted>

setools: bump to 4.6.0

Fix dependency with python3-pkg-resources (it got removed).
And add test.sh

- Bump from 4.5.1 to 4.6.0
- Drop python3-pkg-resources dependency: setools uses
  'from importlib import resources as pkg_resources' which is stdlib,
  not the external pkg_resources package
- Update 010-no-gui.patch: pyproject.toml now manages script-files and
  package-data (was setup.py in 4.5.1); rewrite patch to target it
- Update 030-remove-host-paths.patch: lib_dirs now uses list[str] type
  hint; fix hunk header line numbers to match new upstream layout
- Add test.sh: verify core query classes (SELinuxPolicy, BoolQuery,
  TypeQuery, RoleQuery, UserQuery) are accessible

Signed-off-by: Alexandru Ardelean <redacted>

utils/beep: assign PKG_CPE_ID

cpe:/a:beep_project:beep is the correct CPE ID for beep:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:beep_project:beep

Indeed, spkr-beep is a fork of https://github.com/johnath/beep as
clearly stated in README.md: "This version of beep has been forked from
Johnathan Nightingales' original beep when johnath/beep#11 required
fixes in 2018, while Johnathan Nightingales' github.com/johnath/beep/
and johnath.com/beep/ was only maintained from around 2000 until around
2013.

So, it is still appropriate to use beep_project:beep CPE ID since the
code base remains the same and no new CPE has been assigned to the fork
(as there have been no new CVEs since 2018).

Signed-off-by: Fabrice Fontaine <redacted>

lua-eco: update to 3.17.0

changelog: https://github.com/zhaojh329/lua-eco/releases/tag/v3.17.0

Signed-off-by: Jianhui Zhao <redacted>

lmdb: update to 0.9.35

Changelog: https://git.openldap.org/openldap/openldap/-/raw/LMDB_0.9.35/libraries/liblmdb/CHANGES

Signed-off-by: Michał Kępień <redacted>

knot-resolver: drop LMDB build workaround

Drop the meson.build workaround needed before commit
8aa78ebebfb6727c46334a69e32fc76576376a09, which fixed the
underlying issue.

Link: https://github.com/openwrt/packages/pull/29047
Signed-off-by: Michał Kępień <redacted>

lmdb: set SONAME for liblmdb.so

The LMDB shared library (liblmdb.so) does not currently have a SONAME
set, which can cause issues when linking against it.  Specifically, when
an object is linked against the library using its absolute path (for
example, in Meson builds), that path (as seen in the build environment)
is stored in the resulting object's DT_NEEDED entry.  This can prevent
the library from being found during runtime linking.  Set the SONAME to
liblmdb.so to ensure proper runtime linking.

Signed-off-by: Michał Kępień <redacted>

python-trove-classifiers: bump to 2026.1.14.14

Changelog: https://github.com/pypa/trove-classifiers/blob/main/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-platformdirs: bump to 4.9.4

Changelog: https://github.com/platformdirs/platformdirs/blob/main/CHANGELOG.md
Signed-off-by: Alexandru Ardelean <redacted>

python-pyparsing: bump to 3.3.2

pyparsing also requires the 'unittest' module from the Python3 package.

Changelog: https://github.com/pyparsing/pyparsing/blob/master/CHANGES
Signed-off-by: Alexandru Ardelean <redacted>

python-typing-extensions: bump to 4.15.0

Changelog: https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
Signed-off-by: Alexandru Ardelean <redacted>

python-urllib3: relax setuptools-scm version constraint

urllib3 2.6.3 pyproject.toml pins setuptools-scm<10 but
python-setuptools-scm was recently bumped to 10.0.3, breaking
the build. Drop the upper bound via patch to allow building
with setuptools-scm 10.x.

Also add test.sh to verify core API imports, Retry/Timeout
configuration, and PoolManager creation.

Signed-off-by: Alexandru Ardelean <redacted>

python-pygments: bump to 2.20.0

Changes since 2.19.2:
- Added new Rell lexer; updated C++26 keywords, TOML 1.1.0,
Python t-strings and PHP magic constants in existing lexers
- Fixed catastrophic backtracking in Archetype and Lua lexers
- Performance improvements via entry point caching
- Dropped Python 3.8, added Python 3.14 support

Link: https://github.com/pygments/pygments/blob/master/CHANGES
Signed-off-by: Alexandru Ardelean <redacted>

python-dotenv: bump to 1.2.2

Changes since 1.0.1:
- Added support for Python 3.14 (including free-threaded build)
- CLI now forwards flags directly to commands
- Improved symlink handling with explicit follow_symlinks option
- Added FIFO file support on Unix systems
- Changed file mode preservation to maintain original permissions

Also add test.sh to verify dotenv_values parsing and load_dotenv.

Note: PyPI renamed the source tarball from python-dotenv-*.tar.gz
to python_dotenv-*.tar.gz; add PYPI_SOURCE_NAME accordingly.

Link: https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md
Signed-off-by: Alexandru Ardelean <redacted>

python-slugify: bump to 8.0.4

Changes since 8.0.1:
- Improved uppercase special character handling and text
normalization before unicode conversion
- Resolved pattern type issues
- Various bug fixes for robust character handling

Also add test.sh to verify slugification, unicode handling and
options like separator and max_length.

Link: https://github.com/un33k/python-slugify/blob/master/CHANGELOG.md
Signed-off-by: Alexandru Ardelean <redacted>

python-packaging: bump to 26.0

Changes since 25.0:
- Added support for PEP 751 (pylock files) and PEP 794 (import
name metadata); new metadata writing functionality
- Performance improvements: 3x speedup via regex caching, lazy
Version key calculation, accelerated canonicalize_name
- Refined PEP 440 prerelease handling and SpecifierSet matching
- Improved Marker and Requirement subclassing support

Link: https://github.com/pypa/packaging/blob/main/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-requests: bump to 2.33.1

Changes since 2.32.5:
- Security fix for CVE-2026-25645 in extract_zipped_paths utility
- Migrated to PEP 517 build system
- Added inline type hints throughout the library
- Fixed Content-Type header parsing for malformed values

Also add test.sh to verify core API imports and PreparedRequest.

Link: https://github.com/psf/requests/blob/main/HISTORY.md
Signed-off-by: Alexandru Ardelean <redacted>

fwupd: fix recursive dependency in Config.in

The fwupd Config.in menu depends on PACKAGE_fwupd-libs, making
FWUPD_PLUGIN_FLASHROM implicitly depend on PACKAGE_fwupd-libs.
But fwupd-libs has a conditional dependency on libflashrom gated
by FWUPD_PLUGIN_FLASHROM, creating a circular dependency.

Fix by removing the depends on PACKAGE_fwupd-libs guard from the
Config.in menu and moving DEPENDS from Package/fwupd/Default into
Package/fwupd-libs directly. The menu options are always visible
in menuconfig but only take effect when fwupd-libs is selected.

Co-developed-by: Florian Eckert <redacted>
Signed-off-by: Joshua Klinesmith <redacted>
Co-Authored-By: Claude Opus 4.6 (1M context) <redacted>

openvswitch: fix intree tunnel recursive dependency

Remove PROVIDES from all OVS kernel packages. The provider-
alternation logic in scripts/package-metadata.pl generates
recursive Kconfig dependencies when kmod-openvswitch-intree
provides kmod-openvswitch, because userspace packages
(openvswitch, ovsd, ovn-host) that +depend on kmod-openvswitch
get cross-referenced against the intree provider via
PACKAGE_<provider> < PACKAGE_<requester> conditions.

Verified locally: make defconfig produces zero OVS-related
recursive dependency errors with PROVIDES removed entirely.
The previous selective approach (keeping PROVIDES only for
openvswitch-intree) did not resolve the userspace recursion.

Users must install kmod-openvswitch-intree explicitly instead
of relying on provider alternation.

Fixes: openwrt/openwrt#22664
Signed-off-by: Joshua Klinesmith <redacted>
Co-Authored-By: Claude Opus 4.6 (1M context) <redacted>

python-pyrsistent: bump to 0.20.0

Changelog: https://github.com/tobgu/pyrsistent/blob/master/CHANGES.txt
Signed-off-by: Alexandru Ardelean <redacted>

python-docutils: bump to 0.22.4

Changelog: https://docutils.sourceforge.io/RELEASE-NOTES.html
Signed-off-by: Alexandru Ardelean <redacted>

python-aiosignal: bump to 1.4.0

Changelog: https://github.com/aio-libs/aiosignal/blob/master/CHANGES.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-rsa: bump to 4.9.1

Changelog: https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md
Signed-off-by: Alexandru Ardelean <redacted>

python-execnet: bump to 2.1.2

Changelog: https://github.com/pytest-dev/execnet/blob/main/CHANGELOG
Signed-off-by: Alexandru Ardelean <redacted>

python-markdown: bump to 3.10.2

Changelog: https://github.com/Python-Markdown/markdown/blob/master/docs/change_log/release-3.10.md
Signed-off-by: Alexandru Ardelean <redacted>

python-websocket-client: bump to 1.9.0

Changes since 1.7.0:
- v1.8.0: Add support for custom socket options and improved
proxy handling
- v1.9.0: Fix compatibility with Python 3.12+ deprecations
- Various bug fixes for connection handling and error reporting

Also add test.sh to verify version and core API imports.

Link: https://github.com/websocket-client/websocket-client/blob/master/ChangeLog
Signed-off-by: Alexandru Ardelean <redacted>

python-sqlparse: bump to 0.5.5

Changes since 0.4.4:
- v0.5.0: Improved handling of CTEs and window functions
- v0.5.0: Better token classification for SQL dialects
- v0.5.x: Various bug fixes for edge cases in formatting
and statement splitting

Also add test.sh to verify formatting, splitting, and parsing.

Link: https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG
Signed-off-by: Alexandru Ardelean <redacted>

python-cachetools: bump to 7.0.5

Changes since 5.3.1:
- v6.0: Drop Python 3.7 support; add Python 3.12/3.13
- v6.0: TTLCache now uses monotonic time for expiry
- v7.0: Cache classes are now generic (PEP 585 type hints)
- v7.0: New MRUCache (most-recently-used) eviction policy
- Various performance improvements across all cache types

Also add test.sh to verify LRU/LFU/TTL caches and @cached decorator.

Link: https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-sniffio: bump to 1.3.1

Changes since 1.3.0:
- Fix compatibility with Python 3.12+ by updating deprecated
asyncio internals usage

Also add test.sh to verify version and asyncio library detection.

Link: https://github.com/python-trio/sniffio/blob/master/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-jmespath: bump to 1.1.0

Changes since 1.0.1:
- Support for multi-select list/hash expressions with enhanced
function argument validation
- Minor performance improvements in expression parsing

Also add test.sh to verify field access, wildcards, and filters.

Link: https://github.com/jmespath/jmespath.py/blob/develop/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-decorator: bump to 5.2.1

Changes since 4.4.2:
- v5.x rewrites the implementation using the standard library
inspect module, dropping the code generation approach
- Signature preservation is now based on functools.wraps internals
- New contextmanager and asynccontextmanager decorator support
- Python 3.8+ required; Python 2 no longer supported

Also add test.sh to verify signature preservation and basic usage.

Link: https://github.com/micheles/decorator/blob/master/CHANGES.md
Signed-off-by: Alexandru Ardelean <redacted>

python3-email: add python3-urllib as dependency

In recent versions of Python, trying to include 'email' also pulls
in urllib from CPython.
So just add it as dependency.

Signed-off-by: Alexandru Ardelean <redacted>

python-tabulate: bump to 0.10.0

Changes since 0.9.0:
- New 'outline' table format
- Support for multi-line cell values in more formats
- Improved alignment for mixed-type columns
- Various bug fixes for edge cases in number formatting

Also add test.sh to verify version and basic table rendering.

Link: https://github.com/astanin/python-tabulate/blob/master/CHANGELOG
Signed-off-by: Alexandru Ardelean <redacted>

python-schema: bump to 0.7.8

Changes since 0.7.5:
- Fix handling of Optional keys with default values
- Improve error messages for nested schema failures
- Various bug fixes and compatibility improvements

Also add test.sh to verify version and data validation API.

Link: https://github.com/keleshev/schema/blob/master/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-schedule: bump to 1.2.2

Changes since 1.2.0:
- Fix compatibility with Python 3.12 deprecation of datetime.utcnow()
- Various minor bug fixes and improvements

Also add test.sh to verify version and core scheduling API.

Link: https://github.com/dbader/schedule/blob/master/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-iniconfig: bump to 2.3.0

Changes since 2.0.0:
- Improve error messages for invalid ini files
- Drop support for Python 3.7, add Python 3.12/3.13

Also add test.sh to verify version and basic INI parsing.

Link: https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG
Signed-off-by: Alexandru Ardelean <redacted>

stunnel: create PID directory before alt_config_file return

When alt_config_file is set, global_defs() returns before creating
the PID file directory. stunnel then fails to start because it
cannot write its PID file to the nonexistent directory.

Move the PID directory creation and ownership setup above the
alt_config_file early return so it runs regardless of config mode.

Fixes: openwrt/openwrt#28982
Signed-off-by: Joshua Klinesmith <redacted>
Co-Authored-By: Claude Opus 4.6 (1M context) <redacted>

telegraf: update to 1.38.2
- Update Telegraf to v1.38.2

Signed-off-by: Niklas Thorild <redacted>

bind: bump to 9.20.21

Fixes several security issues:

- CVE-2026-1519 Fix unbounded NSEC3 iterations when validating
  referrals to unsigned delegations.
- CVE-2026-3104 Fix memory leaks in code preparing DNSSEC proofs of
  non-existence.
- CVE-2026-3119 Prevent a crash in code processing queries containing
  a TKEY record.
- CVE-2026-3591 Fix a stack use-after-return flaw in SIG(0) handling
  code.

Signed-off-by: Noah Meyerhans <redacted>

owut: update to 2026.03.30

Bug fixes:
    efahl/owut@c243c697c723 owut: report only enabled branches and their data
    efahl/owut@f381ad78eca5 owut: handle true redirects
Enhancements:
    efahl/owut@670907a5081f owut: modernize what provides lookups
    efahl/owut@98471fa15682 owut: fix color of status message

Signed-off-by: Eric Fahlgren <redacted>

python-flask-socketio: bump to 5.6.1

Requires python-socketio >= 5.12.0 and python-engineio >= 4.11.0,
both bumped in preceding commits.

Also fix test.sh to use importlib.metadata for version check
since flask_socketio no longer exposes __version__ directly.

Link: https://github.com/miguelgrinberg/Flask-SocketIO/blob/main/CHANGES.md
Signed-off-by: Alexandru Ardelean <redacted>

python-socketio: bump to 5.16.1

Changes since 5.11.2:
- v5.12.0: Add Server.reason attribute for disconnect reason tracking
- v5.13+: Improved namespace and room management
- v5.16+: Fix compatibility with python-engineio 4.11+

Link: https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md
Signed-off-by: Alexandru Ardelean <redacted>

python-engineio: bump to 4.13.1

Changes since 4.5.1:
- v4.6+: Add support for WebTransport protocol
- v4.9+: Improved async task handling and cancellation
- v4.11.0: Required minimum for python-socketio 5.12+
- Various fixes for connection lifecycle and error handling

Also add test.sh to verify WSGI/ASGI app wrappers and server creation.

Link: https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md
Signed-off-by: Alexandru Ardelean <redacted>

python-simple-websocket: new package (1.1.0)

Simple WebSocket and WAMP client and server for Python.
Required by python-engineio 4.13.1 threading async_mode for
WebSocket transport support.

Link: https://github.com/miguelgrinberg/simple-websocket
Signed-off-by: Alexandru Ardelean <redacted>

python-wsproto: new package (1.3.2)

Pure-Python WebSocket protocol implementation, implements RFC6455
and RFC7692 (WebSocket Compression Extensions).
Required as a dependency of python-simple-websocket.

Link: https://github.com/python-hyper/wsproto
Signed-off-by: Alexandru Ardelean <redacted>

python-h11: new package (0.16.0)

Pure-Python, bring-your-own-I/O implementation of HTTP/1.1.
Required as a dependency of python-wsproto.

Link: https://github.com/python-hyper/h11
Signed-off-by: Alexandru Ardelean <redacted>

Flask: bump to 3.1.3; add test.sh

Changelog since 3.1.2:
- Fix security vulnerability GHSA-68rp-wp8r-4726: session now marked as
accessed for key-existence checks (in, len) to prevent timing attacks

Add python3-blinker as dependency (should have been there also in 3.1.2)

Add test.sh.

Full changelog: https://flask.palletsprojects.com/en/stable/changes/

Signed-off-by: Alexandru Ardelean <redacted>

python-blinker: new package (1.9.0)

Flask 3.x requires blinker for its signal system. Add python-blinker
1.9.0 as a new package.

blinker is a pure-Python package (flit-core build backend) with no
runtime dependencies.

Signed-off-by: Alexandru Ardelean <redacted>

python-wcwidth: drop package

There is no clear user for this package.
It's a pure-python package which could be installed via pip on a target.
Unless there is someone who comes forward and asks that we keep it,
I see no reason to keep it.

Signed-off-by: Alexandru Ardelean <redacted>

python-rtslib-fb: add some basic tests

These are a massive help for keeping things stable on the
mid-to-longterm when updating packages.
We might even feel comfortable partially automating the process.

Signed-off-by: Alexandru Ardelean <redacted>

python-pyudev: add some basic tests

These are a massive help for keeping things stable on the
mid-to-longterm when updating packages.
We might even feel comfortable partially automating the process.

Signed-off-by: Alexandru Ardelean <redacted>

python-rtslib-fb: add new package

rtslib-fb depends on pyudev and provides a Python API for configuring
the Linux LIO target subsystem.

Signed-off-by: Andreas Hirschauer <redacted>

python-pyudev: add new package

pyudev provides Python bindings for libudev.

Signed-off-by: Andreas Hirschauer <redacted>

yggdrasil: update to 0.5.13

Signed-off-by: Neil Alexander <redacted>

python-pyopenssl: bump to 26.0.0

Notable changes since 23.3.0:

v26.0.0:
- Drop Python 3.7 support
- Minimum cryptography version is now 46.0.0
- Security fix: properly raise an error if a DTLS cookie callback
  returned a cookie longer than DTLS1_COOKIE_LENGTH bytes, previously
  resulting in a buffer-overflow (CVE-2026-27459)
- Security fix: Context.set_tlsext_servername_callback now handles
  exceptions raised in the callback instead of silently swallowing
  them (CVE-2026-27448)
- Added support for using aws-lc instead of OpenSSL
- Added OpenSSL.SSL.Connection.get_group_name

v25.x:
- Added OpenSSL.SSL.Context.set_tls13_ciphersuites
- Added OpenSSL.SSL.Connection.set_info_callback
- Added OpenSSL.SSL.Context.clear_mode
- pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default
- typing-extensions added as a runtime dependency (for Python < 3.13)

Full changelog:
https://www.pyopenssl.org/en/stable/changelog.html

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

treewide: remove Jan Pavlinec as maintainer

Jan Pavlinec <redacted> is no longer maintaining
these packages. Remove him from the PKG_MAINTAINER field across
all affected packages.

Signed-off-by: Alexandru Ardelean <redacted>

python-referencing: bump to 0.37.0

Full changelog:
https://github.com/python-jsonschema/referencing/blob/main/CHANGELOG.rst

Signed-off-by: Alexandru Ardelean <redacted>

python-rpds-py: bump to 0.30.0

Required for Python 3.14 compatibility; rpds-py 0.10.6 predates
Python 3.14 support in PyO3 and causes a segfault at runtime.

Signed-off-by: Alexandru Ardelean <redacted>

python-build: bump to 1.4.2

Notable changes since 1.4.0:

v1.4.1:
- Allow setting build constraints
- Fix pip hack workaround

v1.4.2:
- Ensure the uv installer uses the current version of Python,
  avoiding an issue if UV_PYTHON is set
- Fix _has_valid_outer_pip returning True when pip is missing,
  causing build to try using a non-existent pip instead of
  falling back to virtualenv

Link: https://github.com/pypa/build/blob/main/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <redacted>

python-pytest: bump to 9.0.2

Changelog since 7.4.0:
- v8.1.0: Add namespace packages support; fine-grained verbosity control;
  improved --import-mode=importlib behavior
- v8.2.0: Add command-line argument files via @filename syntax; add
  PYTEST_VERSION env variable; requires pluggy>=1.5.0
- v8.3.0: Add --xfail-tb flag; marker keyword matching; --no-fold-skipped
  option; better virtual environment detection
- v8.4.0: Async tests without suitable plugin now fail (not warned);
  tests returning non-None values now fail; drop Python 3.8 support;
  add pytest.RaisesGroup for ExceptionGroup matching
- v9.0.0: Drop Python 3.9 support; subtest support via pytest.Subtests;
  native TOML config in [tool.pytest] table; strict mode options;
  PytestRemovedIn9Warning deprecations are now errors
- v9.0.1: Restore "raise unittest.SkipTest" support; disable terminal
  progress for iTerm2
- v9.0.2: Disable terminal progress by default; fix config.inicfg
  compatibility; fix quadratic-time behavior with unittest subtests

Add python3-pygments dependency (new requirement since 8.x).
Add test.sh.

Full changelog:
https://github.com/pytest-dev/pytest/releases

Signed-off-by: Alexandru Ardelean <redacted>

python-pygments: new package (2.19.2)

Pygments is a generic syntax highlighting library that supports over
500 languages and text formats. It is used by a wide range of tools
for terminal, HTML, and LaTeX output.

Added as a required dependency for python-pytest >= 7.x, which uses
Pygments to syntax-highlight code snippets in failure reports and
tracebacks.

The package uses hatchling as its build backend and has no runtime
dependencies beyond the Python standard library.

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

adblock-fast: update to 1.2.2-r16

* add: ucode-mod-uloop dependency
* add: parallel downloads using uloop
* fix: explicit allow for domains from allow-lists
* fix: get environment information for getInitStatus RPCD call
* add: update tests

Signed-off-by: Stan Grishin <redacted>

lua-eco: update to 3.16.0

changelog: https://github.com/zhaojh329/lua-eco/releases/tag/v3.16.0

Signed-off-by: Jianhui Zhao <redacted>

python-pluggy: bump to 1.6.0

Required by python-pytest >= 9.0.0, which needs pluggy >= 1.5.0.

v1.5.0 added support for deprecating specific hook parameters via
warn_on_impl_args (used by pytest 9.x hookspecs). Without this,
pytest fails to import with:
  TypeError: HookspecMarker.__call__() got an unexpected keyword
  argument 'warn_on_impl_args'

v1.6.0 changes:
- Drop Python 3.8 support
- Fix regression where get_result() on a failed Result caused the
  exception traceback to grow longer on each call
- Fix StopIteration passing through hook wrappers
- Fix Python 3.14 SyntaxWarning

Signed-off-by: Alexandru Ardelean <redacted>

python-setuptools-scm: bump to version 10.0.3

Seems they released a new version already.

Signed-off-by: Alexandru Ardelean <redacted>

python-vcs-versioning: add python-build/host dep

Fixes build errors.

Signed-off-by: Alexandru Ardelean <redacted>

tar: fix typo in LDFLAGS variable name

LDLAGS -> LDFLAGS, fixes linker flags not being passed correctly.

Fixes: 94e7fbdda ("tar: import from oldpackages and upgrade to 1.28")
Signed-off-by: Qin Guang <redacted>

openvpn: fix quoting and deprecated option filtering

This patch fixes two issues in the netifd protocol script:

1. Fix logic error in deprecated option filtering:
   Previously, ${f%%:*} was called before checking for the deprecated
   flag (:d). This stripped the suffix and made the check [ "${f#*:}" = "d" ]
   always fail. The cleaning of $f is now deferred until after this check.

2. Improve parameter quoting for specific options:
   - Adds single quotes to --push and --push-remove parameters to handle
     spaces (e.g., "route 10.0.0.0 255.255.255.0").
   - Unifies quoting for 'file' type options to improve shell safety.
   - Refactors the build logic using a case statement for better
     extensibility.

Signed-off-by: Chen Minqiang <redacted>

adblock: update 4.5.3-4

* harden adblock backend: removed all needless eval calls
* more fixes & optimizations
* LuCI: Allow dns instance selection for smartdns (not only for dnsmasq)
* LuCI: more fixes & optimizations
* readme update

Signed-off-by: Dirk Brenken <redacted>

v2ray-geodata: Update to latest version

Update all geodata.

Signed-off-by: Tianling Shen <redacted>

cloudflared: Update to 2026.3.0

2026.3.0
- 2026-03-05 TUN-10292: Add cloudflared management token command
- 2026-03-03 chore: Addressing small fixes and typos
- 2026-03-03 fix: Update go-sentry and go-oidc to address CVE's
- 2026-02-24 TUN-10258: add agents.md
- 2026-02-23 TUN-10267: Update mods to fix CVE GO-2026-4394
- 2026-02-20 TUN-10247: Update tail command to use /management/logs endpoint
- 2026-02-11 TUN-9858: Add more information to proxy-dns removal message

2026.2.0
- 2026-02-06 TUN-10216: TUN fix cloudflare vulnerabilities GO-2026-4340 and GO-2026-4341
- 2026-02-02 TUN-9858: Remove proxy-dns feature from cloudflared

Signed-off-by: Tianling Shen <redacted>

dnsproxy: Update to 0.81.0

Release note:
- https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.79.0
- https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.80.0
- https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.81.0

Signed-off-by: Tianling Shen <redacted>

rclone: Update to 1.73.3

Release note: https://rclone.org/changelog/#v1-73-3-2026-03-23

Signed-off-by: Tianling Shen <redacted>

v2ray-core: Update to 5.47.0

Release note: https://github.com/v2fly/v2ray-core/releases/tag/v5.47.0

Signed-off-by: Tianling Shen <redacted>

xray-core: Update to 26.2.6

Release note: https://github.com/XTLS/Xray-core/releases/tag/v26.2.6

Signed-off-by: Tianling Shen <redacted>

cloudreve: Update to 4.15.0

Changelog:
- https://github.com/cloudreve/cloudreve/releases/tag/4.10.0
- https://github.com/cloudreve/cloudreve/releases/tag/4.10.1
- https://github.com/cloudreve/cloudreve/releases/tag/4.11.0
- https://github.com/cloudreve/cloudreve/releases/tag/4.11.1
- https://github.com/cloudreve/cloudreve/releases/tag/4.12.1
- https://github.com/cloudreve/cloudreve/releases/tag/4.13.0
- https://github.com/cloudreve/cloudreve/releases/tag/4.14.0
- https://github.com/cloudreve/cloudreve/releases/tag/4.14.1
- https://github.com/cloudreve/cloudreve/releases/tag/4.15.0

Fixes: CVE-2026-25726
Signed-off-by: Tianling Shen <redacted>

python-poetry-core: bump to 2.3.1

Bump to latest available version.

Signed-off-by: Jean Thomas <redacted>

adblock-fast: update to 1.2.2-r14

* fix: ensure output in CLI in status and quick start commands
* fix: ensure relevant directories exist when using a (gzip) cache file on
first boot
* add: update functional tests

Signed-off-by: Stan Grishin <redacted>

python-pycparser: bump to 3.0

v3.0 removes the dependency on PLY by rewriting pycparser with a
hand-written lexer and recursive-descent parser for C. No API changes
or functionality changes - the same AST is produced as before.

Other changes:
- Drop EOL Python 3.8 and 3.9 support (minimum now 3.10)
- Add support for Python 3.14

Since PLY is no longer used:
- Remove python-ply from PKG_BUILD_DEPENDS and HOST_BUILD_DEPENDS
- Remove +python3-ply from package DEPENDS
- Remove 001-use-external-ply.patch (no longer needed)

Full release notes:
https://github.com/eliben/pycparser/releases/tag/release_v3.00

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

ddns-scripts: add netcup.com support

Add a new netcup DDNS provider using the netcup DNS api
(ccp.netcup.net) with API key authentication.

Configuration mapping:
* username  = netcup customer number
* password  = netcup API password
* param_enc = netcup API key (generated in the CCP)
* domain    = fully qualified subdomain to update  (e.g. home.example.de)
* param_opt = (optional) root/zone domain override (e.g. example.de)
              When omitted the root domain is derived by stripping the
              leftmost label from 'domain'. This only works correctly for
              a single subdomain level (e.g. "home.example.de").
              param_opt MUST be set explicitly in two cases:
              1. Deep subdomains: domain=test.internal.example.org
              2. ccSLD apex domains: domain=example.co.nz

Signed-off-by: Tim Flubshi <redacted>

bsbf-rate-limiting: add

Update bsbf-resources to the GIT HEAD of 2026-03-24. Add bsbf-rate-limiting
and make bsbf-bonding depend on bsbf-rate-limiting.

Signed-off-by: Chester A. Unal <redacted>

plp-mtu-discovery: update to GIT HEAD of 2026-03-16

Update plp-mtu-discovery to the GIT HEAD of 2026-03-16.

Signed-off-by: Chester A. Unal <redacted>

python-psutil: bump to 7.2.2

Notable changes since 5.9.5:

v6.0.0:
- process_iter() is now ~20x faster (no longer pre-emptively checks
  PID reuse); add process_iter.cache_clear() API
- Process.connections() renamed to Process.net_connections()
  (old name deprecated)
- disk_partitions() namedtuple drops maxfile/maxpath fields
- Support building with free-threaded CPython 3.13

v7.0.0:
- Drop Python 2.7 support

v7.2.0:
- New heap_info() and heap_trim() functions for native C heap allocator
  access (glibc, mimalloc, libmalloc)
- Tests are no longer part of the installed package

v7.2.2:
- [Linux] Process.wait() now uses pidfd_open() + poll() for waiting
  (no busy loop, faster response); requires Linux >= 5.3 + Python 3.9,
  falls back to polling otherwise
- [macOS/BSD] Process.wait() now uses kqueue() for waiting
- Various macOS memory leak and error handling fixes

Also refresh 100-fix-non-Linux-compile.patch for the updated setup.py
(noqa comment style changed; _compat imports removed upstream).
Add test.sh.

Full changelog:
https://github.com/giampaolo/psutil/blob/master/HISTORY.rst

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

django-restframework: bump to 3.17.0

v3.17.0 changes:
- Drop Python 3.9 support (minimum now 3.10)
- Drop deprecated coreapi support
- Add Python 3.14 support
- Add ability to specify output format for DurationField
- Add missing decorators: @versioning_class(), @content_negotiation_class(),
@metadata_class() for function-based views
- Support violation messages in UniqueConstraint

Full release notes:
https://github.com/encode/django-rest-framework/releases/tag/3.17.0

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

micropython: bump to 1.27.0

Also update micropython-lib to v1.27.0. Switch micropython-lib from a
git source to the release tarball from:
https://github.com/micropython/micropython-lib/releases/tag/v1.27.0

MPY_VERSION remains at 6, no ABI change.

Adjusted patches.

Signed-off-by: Alexandru Ardelean <redacted>

libvpx: update to 1.16.0

Update libvpx to v1.16.0 "Xenonetta Duck". Highlights include:
- Arm SVE2 and Neon optimizations for 12-tap filters.
- AVX512 implementations for Sum of Absolute Differences (SAD).
- Support for per-frame and per-spatial-layer PSNR calculation.
- ABI incompatible with the previous release.

Includes changes from intermediate releases:
- v1.15.2: Fixes CVE-2025-5283 (bug webm:413411335).
- v1.15.1: SO major version bump and changelog corrections.
- v1.15.0: New codec control for key frame filtering and RTC improvements.

Changelog: https://github.com/webmproject/libvpx/blob/v1.16.0/CHANGELOG
Signed-off-by: Luiz Angelo Daros de Luca <redacted>

ruby: update to 4.0.2

ruby 4.0.2 is a routine update that includes a bugfix in YJIT for
NoMethodError on Puma, along with other bugfixes.

ruby 4.0.1 includes a bugfix for spurious wakeup from Kernel#sleep when
subprocess exits in another thread, along with other bugfixes.

Link: https://www.ruby-lang.org/en/news/2026/03/16/ruby-4-0-2-released/
Changelog: https://github.com/ruby/ruby/releases/tag/v4.0.2
Link: https://www.ruby-lang.org/en/news/2026/01/13/ruby-4-0-1-released/
Changelog: https://github.com/ruby/ruby/releases/tag/v4.0.1
Signed-off-by: Luiz Angelo Daros de Luca <redacted>

net-snmp: add distro extend using /etc/os-release

Read PRETTY_NAME from /etc/os-release via /bin/sh for distro output.

Bump PKG_RELEASE to account for the package configuration change.

Signed-off-by: Kamil Bienkiewicz <redacted>

python-setuptools-scm: bump to 10.0.1

v10.0.0 is a major release with these key changes:
- Drop Python 3.8 and 3.9 support; minimum is now Python 3.10
- Depend on vcs-versioning for core version inference logic, allowing
  other build backends to reuse it without a setuptools dependency
- Version files (write_to, version_file) are now written to the build
  directory during build_py instead of the source tree during version
  inference, enabling builds from read-only source directories

v10.0.1 fixes the release pipeline tooling only (no functional changes).

Full release notes:
https://github.com/pypa/setuptools-scm/releases/tag/setuptools-scm-v10.0.0

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

python-vcs-versioning: add new package (version 1.0.1)

vcs-versioning provides the core VCS version inference logic that was
extracted from setuptools-scm into a standalone library. This enables
other build backends to use the same version inference without a
setuptools dependency.

Required as a new dependency for setuptools-scm >= 10.0.0.

Co-Authored-By: Claude Sonnet 4.6 <redacted>
Signed-off-by: Alexandru Ardelean <redacted>

python-chardet: bump to 7.2.0

Bump to 7.2.0.

Signed-off-by: Alexandru Ardelean <redacted>

python-more-itertools: drop package (no longer used)

Was needed by python-zipp
Right now, it's no longer needed, so it can be pulled by pip
on the device (if needed).

Signed-off-by: Alexandru Ardelean <redacted>