nfs-kernel-server: update to 2.9.1

Update to 2.9.1 which includes a new dependency on libnl, see changelog.

Changelog: https://www.kernel.org/pub/linux/utils/nfs-utils/2.9.1/2.9.1-Changelog

This upstream release has some peculiar commits, including disabling NFS
v4.0 by default and cache up calls migrated from /proc to netlink. In my
testing, two parameters are needed to the nfsv4.init file in order to maintain
functionality. Without these changes, there's a 90-second period where the
shares are simply unavailable.

Note that this cannot be merged until the changes to libnl have been
merged first. See: https://github.com/openwrt/openwrt/pull/22889

Signed-off-by: John Audia <redacted>

banip: release 1.8.9-1

* f_conf: ignore empty UCI option values so they don't override sane defaults
* f_etag: strip CR in ETag header extraction (gsub(/[\r"]/,…)) — fixes empty-but-present etag
* f_fetch: validate ban_fetchretry
* fix feed padding in allowlistonly mode
* readme update

Signed-off-by: Dirk Brenken <redacted>

python-chardet: drop package

python-requests now uses charset-normalizer and nothing else in the
feed depends on it.

Signed-off-by: Alexandru Ardelean <redacted>

python-requests: use charset-normalizer instead of chardet

Switch runtime and host build deps from chardet to charset-normalizer,
the mandatory charset-detection backend since requests 2.26. Extend
test.sh to cover the new backend and bump PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <redacted>

python-charset-normalizer: add host build

Add a HostBuild variant so it can be used as a /host build dependency,
mirroring python-certifi/idna/urllib3.

Signed-off-by: Alexandru Ardelean <redacted>

python-toml: drop package

No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.

Signed-off-by: Alexandru Ardelean <redacted>

python-pyparsing: drop package

No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.

Signed-off-by: Alexandru Ardelean <redacted>

python-apipkg: drop package

No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.

Signed-off-by: Alexandru Ardelean <redacted>

shadow: reintroduce newgidmap and newuidmap

The lxc-unprivileged package depends on both newgidmap and newuidmap
if users are installing and setting it up for the first time. dc52894
dropped both of the applets.

This change builds libusbid as a shared lib which builds a versioned
symbol which OpenWrt does not stage so build with --disable-shared
and --enable-static to avoid a failure.

Signed-off-by: John Audia <redacted>

dmidecode: update to 3.7

Upstream update.

Changelog from 3.5:
Version 3.7 (Thu Dec 18 2025)
  - [COMPATIBILITY] Use binary unit prefixes.
  - [COMPATIBILITY] Rename BIOS to Firmware.
  - [PORTABILITY] Improve variable declarations.
  - [PORTABILITY] Stop open-coding the u64 type.
  - [PORTABILITY] Use unaligned memory accesses unconditionally.
  - [PORTABILITY] No longer build with -Winline.
  - Support for SMBIOS 3.8.0. This includes a new processor family.
  - Support for SMBIOS 3.9.0. This includes chassis type name adjustments,
    new rack attributes, slot ID for more slot types, and new memory device
    form factors and types.
  - Decode HPE OEM records 193, 195, 202, 211, 226, 229, 232 and 244.
  - Update HPE OEM records 203, 216, 242 and 245.
  - EDSFF slot names now include their .S/.L suffix.

Version 3.6 (Wed Apr 24 2024)
  - [PORTABILITY] Use -DALIGNMENT_WORKAROUND on arm.
  - [PORTABILITY] Read SMBIOS entry point via kenv on DragonFly BSD.
  - Support for SMBIOS 3.6.0. This includes new memory device types, new
    processor upgrades, and Loongarch support.
  - Support for SMBIOS 3.7.0. This includes new port types, new processor
    upgrades, new slot characteristics and new fields for memory modules.
  - Add bash completion.
  - Decode HPE OEM records 197, 239 and 245.
  - Implement options --list-strings and --list-types.
  - Update HPE OEM records 203, 212, 216, 221, 233, 236, 237, 238 and 242.
  - Update Redfish support.
  - Bug fixes:
    Fix option --from-dump for user root
    Fix enabled slot characteristics not being printed
  - Minor improvements:
    Print slot width on its own line
    Use standard strings for slot width

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <redacted>

cloudreve: Update to 4.16.1

Changelog:
https://github.com/cloudreve/cloudreve/releases/tag/4.16.0
https://github.com/cloudreve/cloudreve/releases/tag/4.16.1

Signed-off-by: Tianling Shen <redacted>

yq: backport upstream anchor fixes

bump go-yaml to fix !!merge tag regression.

Signed-off-by: Tianling Shen <redacted>

flashrom: update to 1.7.0

* Upstream change data compression format form 'tar.bz2 to' tar.xz'
* Update MESON_ARGS variables

Signed-off-by: Florian Eckert <redacted>

gpgme: update to version 2.1.0

New encryption result flags "is_de_vs" and "beta_compliance", a new
GPGME_DECRYPT_SESSION_HASH decryption flag and session_hash result
field, CMS signature attribute support via gpgme_sig_notation_add, a
new "export-filter" context flag, plus a gpgsm lockup fix and a
passphrase cancel handling fix.

https://gnupg.org/ftp/gcrypt/gpgme/
Signed-off-by: Daniel Golle <redacted>

lpac: fix env vars for lpac.sh wrapper

This patch fixes usage of `LPAC_QMI_DEV` and `LPAC_QMI_DEBUG`
environment variables.

OpenWRT upstream patch for `lpac` provides `uqmi` backend that uses these vars
instead of `LPAC_APDU_QMI_DEVICE` and `LPAC_APDU_QMI_DEBUG` respectively.

Added test-version.sh script since lpac version check is non-standart

Signed-off-by: Olekhov Vasilii <redacted>

transmission: update to version 4.1.2

Bugfix release fixing 20+ bugs plus minor performance improvements,
notably a 4.1.0 duplicate HTTP announce fix and a fix for downloads
stalling at 99%.

Release notes: https://github.com/transmission/transmission/releases/tag/4.1.2

Drop 100-build-fix-external-project-builds-with-LTO-enabled-t.patch,
merged upstream as transmission/transmission#8369.

Signed-off-by: Daniel Golle <redacted>

libextractor: update to version 1.14

Maintenance release. Upstream ships no detailed changelog for this
release; see the GNU libextractor release listing.

https://ftp.gnu.org/gnu/libextractor/
Signed-off-by: Daniel Golle <redacted>

opentracker: update to latest git HEAD

1c7fac4 Reduce chance of collisions
ec74b83 Fix connection ids. They were broken for the last 14 years and never
        used more than the remote ip as seed. Thanks to Tracy Rogers

https://erdgeist.org/gitweb/opentracker/
Signed-off-by: Daniel Golle <redacted>

debootstrap: update to version 1.0.144

Changelog (1.0.144):
  * Bump Standards-version to 4.7.4
  * Add Ubuntu Stonking symlink

https://metadata.ftp-master.debian.org/changelogs/main/d/debootstrap/debootstrap_1.0.144_changelog
Signed-off-by: Daniel Golle <redacted>

exfatprogs: update to version 1.4.1

1.4.0 adds exFAT partition table support (mkfs partition-table creation,
fsck --put-mbr/--clear-mbr), a user-supplied --upcase table option and
chdosattr/lsdosattr DOS-attribute utilities; 1.4.1 fixes missing headers
in the release tarball. The new MBR and foreign-filesystem detection
links libblkid and fts, so add +libblkid and +USE_MUSL:musl-fts.

https://github.com/exfatprogs/exfatprogs/releases/tag/1.4.0
https://github.com/exfatprogs/exfatprogs/releases/tag/1.4.1
Signed-off-by: Daniel Golle <redacted>

ccid: update to version 1.8.0

New reader support (GLSolutions NM61, Identiv uTrust FIDO2, Kensington
VeriMark NFC+, several Pol Henarejos Pico devices and more), removes the
16 reader limitation, and fixes crashes and race conditions in the
multi-slot code.

Upstream removes the autotools build system in favour of Meson, so port
the package to meson.mk and drop 010-macos.patch, which patched the now
removed configure.ac. The reader bundle install path is taken from
libpcsclite.pc usbdropdir (/usr/lib/pcsc/drivers, unchanged); udev rules
stay disabled as before.

https://ccid.apdu.fr/files/
Signed-off-by: Daniel Golle <redacted>

pcsc-tools: update to version 1.7.5

Adds new ATRs to the smartcard list, a Georgian translation and
minor README updates.

https://github.com/LudovicRousseau/pcsc-tools/releases/tag/1.7.5
Signed-off-by: Daniel Golle <redacted>

pcsc-lite: update to version 2.5.0

- Do not limit to 16 readers only
- Remove support of autotools
- Fix a crash when rescanning serial configs
- Fix a memory leak in Polkit
- tokenparser: avoid a crash with corrupted Info.plist files

https://pcsclite.apdu.fr/
Signed-off-by: Daniel Golle <redacted>

exim: update to version 4.99.4

Maintenance release on the 4.99 stable series.

https://github.com/Exim/exim/blob/exim-4.99.4/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <redacted>

libinput: update to version 1.31.3

Stable branch bugfix release.

https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.31.3
Signed-off-by: Daniel Golle <redacted>

libwacom: update to version 2.19.0

Adds support for several new tablet devices and updates the device
database.

https://github.com/linuxwacom/libwacom/releases/tag/libwacom-2.19.0
Signed-off-by: Daniel Golle <redacted>

prometheus-node-exporter-lua: add unbound stats collector

- New unbound.lua exporter module for unbound stats
- Updated Makefile

Signed-off-by: Bruno Marinier <redacted>

hiredis: update to version 1.4.0

Improvements include applying FD_CLOEXEC on sockets, a pure-C99 RESP3
double parser, C++ compatibility for sds.h, and a NULL check fix in
redisReconnect. Now requires CMake 3.15.

https://github.com/redis/hiredis/releases/tag/v1.4.0
Signed-off-by: Daniel Golle <redacted>

yq: Update to 4.53.3

Notable changes: fixed nested inline YAML merge explode
Release note: https://github.com/mikefarah/yq/releases/tag/v4.53.3

Signed-off-by: Tianling Shen <redacted>

rtl-sdr: add test.sh

although rtl-sdr doesn't print version, test at least if compiled binary runs

Written-by: Josef Schlehofer <redacted>
Test-by: Josef Schlehofer <redacted>
Suggested-by: Josef Schlehofer <redacted>
Signed-off-by: Seo Suchan <redacted>

rtl-sdr: update to 2.0.2
bump version to 2.0.2, add version test override

Signed-off-by: Seo Suchan <redacted>

rsync: update to 3.4.4

Changelog: https://download.samba.org/pub/rsync/NEWS#3.4.4

Signed-off-by: John Audia <redacted>

python-incremental: add test-version.sh generic version-check override

The incremental CLI requires an "update" subcommand and prints a usage
error instead of a version for the flags the generic check probes, so it
fails generic tests (e.g. when python3 is bumped). Override it; test.sh
still covers functionality.

Signed-off-by: Alexandru Ardelean <redacted>

python-automat: drop broken automat-visualize entry point

The package excludes automat/_visualize.py (it needs the optional graphviz
dependency), but the automat-visualize console script was still installed and
imports that module, so it failed at runtime and broke the CI generic test.
Skip the /usr/bin install so the package ships as a pure library.

Signed-off-by: Alexandru Ardelean <redacted>

python-greenlet: bump to 3.5.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-twisted: bump to 26.4.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-s3transfer: bump to 0.18.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

telegraf: update to 1.39.0

- Update Telegraf to v1.39.0

Signed-off-by: Niklas Thorild <redacted>

rust: fix host build on x64 Darwin

rust/host fails to compile on macOS running on Intel x64
because the host target triple is autogenerated to be
'arm64-unknown-linux-'. Rust doesn't have such a target triple, thus the
build fails because there are no pre-built artefacts for bootstrapping.

Fix this by setting RUSTC_HOST_ARCH to 'x86_64-apple-darwin' in case
our host is HOST_ARCH=x86_64 and HOST_OS=Darwin.
This fix is based on the existing fix for Apple silicon [1].

Fixes:
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/x.py", line 53, in <module>
    bootstrap.main()
    ~~~~~~~~~~~~~~^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 1418, in main
    bootstrap(args)
    ~~~~~~~~~^^^^^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 1366, in bootstrap
    build.download_toolchain()
    ~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 697, in download_toolchain
    download_component(download_info)
    ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 529, in download_component
    get(
    ~~~^
        download_info.base_download_url,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ...<3 lines>...
        verbose=download_info.verbose,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 58, in get
    raise RuntimeError(
    ...<6 lines>...
    )
RuntimeError: src/stage0 doesn't contain a checksum for dist/2026-04-16/rust-std-1.95.0-x86_64-unknown-linux-darwin24.6.0.tar.xz. Pre-built artifacts might not be available for this target at this time, see https://doc.rust-lang.org/nightly/rustc/platform-support.html for more information.

[1] https://github.com/openwrt/packages/commit/105fa3920e12f557bdf1fcbc566fc286fb53e319

Signed-off-by: Georgi Valkov <redacted>

bash: update to 5.3 patch level 12

- Fix loop in subshells calling wait builtin with inherited job list
- Fix mapfile problem when callback unsets the variable it is modifying
- Fix subshells inappropriately running the EXIT trap if they receive a
  fatal signal before resetting traps

Signed-off-by: Wei-Ting Yang <redacted>

luajit2: update test-version.sh to actual test

old just disabled version test, but as LuaJIt 2.1. part is stable.
So we can use that for test if luajit2 itself able to run.

Fixes: c7ca6d46f700 luajit2: ("add test-version.sh")
Suggested-by: Josef Schlehofer <redacted>
Signed-off-by: Seo Suchan <redacted>

ddns-scripts: add fallback for default values

In luci, the `interface` value has `o.default = 'wan'` configured.
Due to a behavior fix in 'o.default', values matching the default are
no longer saved. Currently, this is workedaround by disabling
'o.rmempty' in luci, but handling this compatibility fallback on the
backend is a cleaner and superior approach.

Ref: https://github.com/openwrt/luci/commit/b004197a277804ec0c8f092412b91c1d3e5936fa

Signed-off-by: Andy Chiang <redacted>

ddns-scripts: fix log noise

When fetching the IP via a URL with `force_ipversion` enabled,
a `Busybox nslookup - no support to 'force IP Version' (ignored)`
log is generated periodically. This log is redundant, in this scenario
`force_ipversion` only affects the results fetched by wget/uclient-fetch/curl.
It is perfectly fine for nslookup to query both A/AAAA records simultaneously.

Signed-off-by: Andy Chiang <redacted>

python-psycopg2: bump to 2.9.12

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-lxml: bump to 6.1.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-cython: bump to 3.2.5

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-awscli: fix stale assertion in test.sh

awscli 1.45.19 no longer exposes awscli.topics.TOPIC_TAGS, so the test
raised an AssertionError (silently, as the heredoc exit code was ignored).
Drop the brittle check and make the smoke test fail hard if the CLI driver
cannot be created.

Signed-off-by: Alexandru Ardelean <redacted>

python-rsa: add test-version.sh generic version-check override

The pyrsa-* command line tools use argparse and do not print the package
version with any of the flags probed by the CI generic version check, so it
reports "No executables in the package provided version" and fails. Add a
test-version.sh override; functionality remains covered by test.sh.

Signed-off-by: Alexandru Ardelean <redacted>

python-jmespath: install jp as a non-byte-compiled command

Upstream ships its jp command-line tool as a plain "jp.py" script. Under
that name OpenWrt byte-compiles it into a non-executable /usr/bin/jp.pyc
(and the -src package keeps a "#!/usr/bin/env python" jp.py, which has no
interpreter on OpenWrt), so it fails the CI generic executable check.

Install it as /usr/bin/jp instead: the missing .py extension stops it from
being byte-compiled and Python3/FixShebang rewrites the shebang to
/usr/bin/python3. Add a test-version.sh override since jp takes a required
expression argument and has no version flag for the generic check to probe.

Signed-off-by: Alexandru Ardelean <redacted>

python-awscli: bump to 1.45.19

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-boto3: bump to 1.43.19

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-botocore: bump to 1.43.19

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

numpy: bump to 2.4.6

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

taglib: bump to 2.3

Refresh sha256 from upstream release tarball.

Signed-off-by: Alexandru Ardelean <redacted>

ngtcp2: bump to 1.23.0

Refresh sha256 from upstream release tarball.

Signed-off-by: Alexandru Ardelean <redacted>

nghttp3: bump to 1.16.0

Refresh sha256 from upstream release tarball.

Signed-off-by: Alexandru Ardelean <redacted>

quickjs: add basic evaluation test

Add basic JS evaluation test and move version check to override.

Signed-off-by: George Sapkin <redacted>

quickjs: bump to 2026.06.04

Changes: https://bellard.org/quickjs/Changelog
Signed-off-by: George Sapkin <redacted>

onionshare-cli: drop dependency for python3-pysocks and python3-unidecode

- Python3-pysocks was removed as it was not maintained in commit 95fe4bf3327b316c9184f4f17e09266e979ecf17 ("python-pysocks: remove outdated and not maintained package")

- Python3-unidecode was removed in commit 09951a9cfdf47b560b5bd00db1dd92ceffd5724b ("python-unidecode: drop unmaintained package"), because there is no official support for Python 3.12 and it is still using setup.py, which is deprecated.

Fixes:
```
WARNING: Makefile 'package/feeds/packages/onionshare-cli/Makefile' has a dependency on 'python3-pysocks', which does not exist
WARNING: Makefile 'package/feeds/packages/onionshare-cli/Makefile' has a dependency on 'python3-unidecode', which does not exist
```

Signed-off-by: Josef Schlehofer <redacted>

perl: install libperl.so using $(INSTALL_BIN) to enable stripping

Install libperl.so with executable permissions (0755) instead of copying
it as-is.

This allows the OpenWrt build system to recognize the library as a binary and
automatically run the "strip" utility on it. Stripping removes unnecessary
debugging metadata and helper symbols that are only needed for development but
not for running Perl on the router.

This change reduces the installed size of libperl.so on the device:
- Before (not stripped): 3.7 MB (3,929,652 bytes)

```
root@turris:~# file /usr/lib/perl5/5.40/CORE/libperl.so
/usr/lib/perl5/5.40/CORE/libperl.so: ELF 32-bit MSB shared object, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked, with debug_info, not stripped
```

- After (stripped):     3.5 MB (3,674,081 bytes)

```
root@turris:~# file /usr/lib/perl5/5.40/CORE/libperl.so
/usr/lib/perl5/5.40/CORE/libperl.so: ELF 32-bit MSB shared object, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked, no section header
```

Saving ~255 KB of flash storage space on target devices.

Signed-off-by: Josef Schlehofer <redacted>

treewide: add or correct license information

Add or correct license information across multiple packages.

Signed-off-by: Wei-Ting Yang <redacted>

tor: update to 0.4.9.9 stable

Minor release, see the changelog [1] for what's new.

[1] https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.9.9/ChangeLog

Signed-off-by: Rui Salvaterra <redacted>

adguardhome: bump to 0.107.77

Changes: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.77
Signed-off-by: David Mandy <redacted>

python3: fix host python extension compilation on macOS

On macOS (Darwin) hosts, building host Python C extensions (such as Cython) using the '-shared' flag and linking against '-lpython3.x' causes the host Python interpreter to load a duplicate copy of the Python runtime. This leads to type checking mismatches and segmentation faults (SIGSEGV) when importing the compiled extension.

For example, running:
    ./staging_dir/hostpkg/bin/python3 -c "import Cython.Utils"
crashes with:
    Segmentation fault: 11

To build shared modules correctly on macOS, they must be compiled as bundles using the '-bundle -undefined dynamic_lookup' flags instead of '-shared', and they should not link against the Python library (no '-lpython3.x' in LDFLAGS).

Fix this by dynamically adjusting LDSHARED and LDFLAGS in python3-host.mk when the host OS is Darwin.

Signed-off-by: Josef Schlehofer <redacted>

privoxy: add support for https inspection

Creates CA and server cert for use with https inspection

Signed-off-by: Richard Schneidt <redacted>

openldap: add version check override

The slapd daemon uses -V, and ldapsearch uses -VV. The libopenldap
sub-package provides only shared libraries.

Signed-off-by: W. Michael Petullo <redacted>

openldap: update to 2.6.13

Upstream record of changes is available at
https://git.openldap.org/openldap/openldap.

Signed-off-by: W. Michael Petullo <redacted>

perl: fix version check in test-version.sh

Enable version checking for the main perl package.
Previously, the version check for perl was skipped. Add a check
that runs perl -v and verifies that the output matches PKG_VERSION.

Signed-off-by: Josef Schlehofer <redacted>

libxslt: add test-version.sh

xsltproc doesn't say it's own version but only dependcies it compiled on

Signed-off-by: Seo Suchan <redacted>

luajit2: add test-version.sh

luajit2 use build number at -v, but releases are named by date

Signed-off-by: Seo Suchan <redacted>

nginx: update to 1.30.2

Large version jump from 1.26.3 to 1.30.2
(upstream stable).
changelogs at https://nginx.org/en/CHANGES-1.30,
https://nginx.org/en/CHANGES-1.28 .include security fixs.

Signed-off-by: Seo Suchan <redacted>

python-orjson: update to 3.11.9

3.11.8 failed to build against the SDK's stable rust 1.96.0: build.rs enabled
orjson's "cold_path" cargo feature for rustc >= 1.95.0, activating an unstable
feature gate that errors with E0554. 3.11.9 drops it; plain version bump.

Signed-off-by: Alexandru Ardelean <redacted>

python-docutils: bump to 0.23

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-zope-interface: bump to 8.5

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-wheel: bump to 0.47.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

libexif: update 0.6.26

Upstream list of changes is available at
https://github.com/libexif/libexif/releases/tag/v0.6.26.

Signed-off-by: W. Michael Petullo <redacted>

nmap: update to version 7.99

- Patches automatically rebased
- Release notes: https://nmap.org/changelog.html#7.99
- Update Makefile due to ndiff dropped setup.py using pyproject.toml.
  Remove PYTHON3_PKG_FORCE_DISTUTILS_SETUP and set PYTHON3_PKG_WHEEL_NAME
  to match the ndiff package name rather than PKG_NAME (nmap).

Signed-off-by: John Audia <redacted>

liboqs: fix missing symbolic link installation

The current installation process fails to correctly install the
'liboqs.so' symbolic link due to an incorrect path syntax (extra dot).

This prevents other packages from linking against liboqs
(e.g., using -loqs) during development, which was discovered while
testing PQC key exchange implementations dependent on OQS.

Removes the trailing dot to ensure the symbolic link is preserved and
copied correctly to the destination directory.

Signed-off-by: Ho Kim <redacted>

iperf3: backport GSO/GRO fix for small packets

Backport GSO/GRO fix for packets smaller than 508 bytes.

Signed-off-by: Aleksander Jan Bajkowski <redacted>

libdmapsharing: update to 3.9.14

Fixes https://github.com/openwrt/packages/pull/29586.

Signed-off-by: W. Michael Petullo <redacted>

valkey: bump to 9.1.0

includes server security related releases.

Signed-off-by: Matthew Cather <redacted>

python-trove-classifiers: bump to 2026.6.1.19

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-platformdirs: bump to 4.10.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-idna: bump to 3.17

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

pymysql: bump to 1.2.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-pip: bump to 26.1.2

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-pyopenssl: bump to 26.2.0

Refresh sha256 from PyPI sdist. pyOpenSSL 26.2.0 dropped EC support
from the legacy crypto.PKey API (the call surfaces as "OpenSSL.crypto.Error:
No such key type"); drop the EC-key arm of test.sh accordingly. Upstream
points at the cryptography package for EC key generation.

Signed-off-by: Alexandru Ardelean <redacted>

libsml: update to 1.1.5

bump version to 1.1.5

Signed-off-by: Andy Voigt <redacted>

boinc: fix can't open /proc/stat

Add procfs to boinc jail to allow access /proc/stat

Add test.sh to test boinc package

Signed-off-by: Hector Espert <redacted>

nfdump: update to 1.7.8

Upstream list of changes is available at
https://github.com/phaag/nfdump/releases/tag/v1.7.8.

Signed-off-by: W. Michael Petullo <redacted>

libsoup3: make zstd optional, drop unused deps

Meson auto-detects zstd if staged by other builds.
So, we need to enforce it enabled/disabled via build options.

Drop libxml2 and libgnutls from DEPENDS.
They're not required in libsoup3.
Maybe they're left-overs from libsoup2.

Signed-off-by: Alexandru Ardelean <redacted>

python-build: bump to 1.5.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-poetry-core: bump to 2.4.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-hatchling: bump to 1.30.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-pika: bump to 1.4.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-starlette: bump to 1.2.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-uvicorn: bump to 0.48.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

django: bump to version 6.0.6

Fix CVE-2026-6873, CVE-2026-7666, CVE-2026-8404, CVE-2026-35193, and
CVE-2026-48587.

Full release notes:
https://docs.djangoproject.com/en/6.0/releases/6.0.6/

Signed-off-by: Wei-Ting Yang <redacted>

adblock: fix default values for ext. DNS resolver

- This fixes a breaking LuCI change (https://github.com/openwrt/luci/commit/974b5864e05ef30f38149389f15583c08bdd4eda)

Signed-off-by: Dirk Brenken <redacted>

adblock: release 4.5.6-1

- f_etag: strip CR in ETag header extraction (gsub(/[\r"]/,…)) — fixes empty-but-present etag
- f_etag: add feed_rm mode to drop a feed's etag entries; roll back the optimistically stored etag on failed downloads
- f_list/f_main: make restore-failure feed pruning subshell-safe via per-feed marker files
- f_jsnup: remove bogus trailing commas from the active_feeds array elements
- f_fetch: validate adb_fetchretry
- f_conf: ignore empty UCI option values so they don't override sane defaults
- f_report: add jclean() to strip control/quote/backslash from untrusted client/iface/domain fields
- LuCI: fix some cornercase issues
- update readme

Signed-off-by: Dirk Brenken <redacted>