John Audia [Sun, 21 Jun 2026 10:18:22 +0000 (06:18 -0400)]
lxc: update to 7.0.0
Swtich to upstream recommended 7.0 LTS branch[1] which includes a fix
for CVE-2026-39402. Full changelog: https://github.com/lxc/lxc/releases/tag/v7.0.0
- Removed patches/021-remove-legacy-cgroup-support.patch due upstream
deprecated CGroupV1 support.
- Modified files/lxc-auto.init to remove the boot() function which mounted
legacy cgroup1 stuff as well. This PR will superceed
https://github.com/openwrt/packages/pull/27757 as a result.
- Added a version check script for the CI.
- Fix another CI failure with -Dmemfd-rexec=false
Note this release adds the ability to introduce landlock-sandboxing the
monitor process but that would depend on CONFIG_SECURITY_LANDLOCK in the
kernel. This can be added in a future PR if there is interest.
1. https://discuss.linuxcontainers.org/t/lxc-7-0-lts-has-been-released/26612#p-90585-support-and-upgrade-8
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <redacted>
Chester A. Unal [Sun, 21 Jun 2026 08:44:20 +0000 (09:44 +0100)]
bsbf-bonding: fix final wan interface check and delete wan quietly
The exit command was running unconditionally which broke the system
configuration. Fix that and simplify the wan interface check.
Run network.wan deletion quietly in case it doesn't exist.
Signed-off-by: Chester A. Unal <redacted>
Glenn Strauss [Thu, 18 Jun 2026 04:21:36 +0000 (00:21 -0400)]
lighttpd: update to lighttpd 1.4.84 release hash
Ref: https://www.lighttpd.net/2026/6/17/1.4.84/
Signed-off-by: Glenn Strauss <redacted>
dependabot[bot] [Sat, 20 Jun 2026 21:12:31 +0000 (21:12 +0000)]
ci: bump actions/checkout from 6 to 7
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <redacted>
Philip A. Prindeville [Sun, 14 Jun 2026 21:59:11 +0000 (15:59 -0600)]
treewide: musl-fts is only needed when using MUSL
Two packages (fluent-bit and nnn) don't properly gate musl-fts as
only required when using MUSL.
Signed-off-by: Philip A. Prindeville <redacted>
Wei-Ting Yang [Thu, 18 Jun 2026 04:34:14 +0000 (12:34 +0800)]
bash: update to 5.3 patch level 15
- Fix technically undefined behavior when comparing return value from
realloc to the original pointer
- Update mapfile patch 11, removing stray line and improving the
efficiency of the original fix
- Fix read builtin to avoid cases where -1 is used as an index into the
input buffer
Signed-off-by: Wei-Ting Yang <redacted>
Vladimir Ermakov [Fri, 19 Jun 2026 10:41:13 +0000 (12:41 +0200)]
coredns: update to 1.14.4
Changelog https://github.com/coredns/coredns/releases/tag/v1.14.4
Signed-off-by: Vladimir Ermakov <redacted>
Chester A. Unal [Thu, 18 Jun 2026 14:35:43 +0000 (15:35 +0100)]
bsbf-openwrt-resources: do not reload firewall
Firewall will be reloaded when there's ifup so don't reload it.
Signed-off-by: Chester A. Unal <redacted>
Chester A. Unal [Tue, 9 Jun 2026 19:06:14 +0000 (20:06 +0100)]
bsbf-resources: update to GIT HEAD of 2026-06-19
Update bsbf-resources to the GIT HEAD of 2026-06-19.
- files/etc/uci-defaults/99-bsbf-bonding:
- Simplify the script and make sure multiple wan interfaces are processed
properly.
- Use routing table 1 instead of 100.
- Make it able to install the bsbf-bonding package without needing
bsbf-client-openwrt-installer.
- files/usr/sbin/bsbf-bonding:
- Move uninstall functionality to makefile.
Signed-off-by: Chester A. Unal <redacted>
Stan Grishin [Sat, 16 May 2026 02:49:46 +0000 (02:49 +0000)]
https-dns-proxy: update to 2026.03.18-4
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
Robustify nftables notrack generation
- Bump PKG_RELEASE to 4.
- Add install rule to create /usr/share/nftables.d/ruleset-post.
files/etc/init.d/https-dns-proxy:
- Check if 'nft' command exists before generating rules.
- Add robust error handling for directory creation and file writing.
- Log errors when directory creation or file writing fails.
tests/run_tests.sh:
- Add test case for 'nft' binary absence, confirming no-op behavior.
- Add test case for mkdir failure during notrack rule generation.
Signed-off-by: Stan Grishin <redacted>
Dirk Brenken [Wed, 17 Jun 2026 18:58:27 +0000 (20:58 +0200)]
travelmate: update 2.4.6-2
harden captive portal auto-login script handling:
* enforce the login-script allowlist in the backend instead of the
LuCI frontend only: canonicalize the configured path via 'readlink -f'
(defeats ../ traversal and symlink-to-interpreter tricks) and require a
regular, executable /etc/travelmate/*.login file before running it
* run the script in a noglob subshell ('set -f') so attacker-influenceable
script_args can no longer expand globs into the trusted script; field
splitting (multiple args) is preserved
* writing into /etc/travelmate/ is not covered by the luci-app-travelmate
ACL, so this limits the root-executed script to admin-placed login scripts
and closes a delegated-ACL to root command execution path.
Signed-off-by: Dirk Brenken <redacted>
Christian Korber [Wed, 17 Jun 2026 07:16:30 +0000 (09:16 +0200)]
net-snmp: enable blumenthal-aes for SNMPv3 encryption
In order to use AES-192 and the like, it is necessary to enable
blumenthal-aes.
Blumenthal AES draft was not formalized in RFC but is
widely implemented by many vendors. It has strong encryption in
connection with SNMPv3.
Signed-off-by: Christian Korber <redacted>
Yanase Yuki [Tue, 16 Jun 2026 05:58:37 +0000 (14:58 +0900)]
libredblack: remove package
It seems this software is no longer maintained, because
the latest release is 23 years ago.
No package depends on this.
Signed-off-by: Yanase Yuki <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:31:20 +0000 (15:31 +0000)]
python-decorator: drop package
No longer needed by any package in the feed; jsonpath-ng was the
last consumer and no longer imports it.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:31:14 +0000 (15:31 +0000)]
python-ply: drop package
No longer needed by any package in the feed; jsonpath-ng (the last
consumer) vendors ply internally as jsonpath_ng._ply.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:31:10 +0000 (15:31 +0000)]
python-jsonpath-ng: drop ply, six and decorator dependencies
jsonpath-ng 1.8.0 vendors ply as jsonpath_ng._ply and no longer imports
six or decorator, so none are required at runtime.
It builds through the setuptools.build_meta legacy backend but never
declared setuptools as a build dependency; it was only present in the host
build env transitively via those packages' builds. Add python-setuptools/host
explicitly so the build no longer relies on that side effect.
The jsonpath_ng CLI takes a required expression argument and has no version
flag, so the generic version check cannot detect the package version from it.
Add a test-version.sh override and assert __version__ in test.sh instead,
mirroring python-jmespath.
Signed-off-by: Alexandru Ardelean <redacted>
Dirk Brenken [Tue, 16 Jun 2026 19:30:33 +0000 (21:30 +0200)]
travelmate: release 2.4.6-1
- fix uplink teardown for bssid-pinned stations
the new implementaion reads the sta object once and parses fields by name via jshn
(isolated namespace, single fork). Bug finder: @adam8833 (#29768)
- add a fork-free f_normbssid() helper and normalize all config-side bssids
to upper case before comparison (in f_getcfg(), covering all callers, and
on the direct scan comparisons in f_main()).
- LuCI: adds a normBssid() helper function as well
Signed-off-by: Dirk Brenken <redacted>
Michael Pfeifroth [Thu, 28 May 2026 09:10:11 +0000 (11:10 +0200)]
net-snmp: fix service not restarting on config change
snmpd generates its runtime configuration in /var/run/snmpd.conf from
UCI during start_service(). However, since the procd instance command
line never changes, procd does not detect that a restart is needed when
the UCI config is modified.
Add 'procd_set_param file /etc/config/snmpd' so procd tracks the config
file and restarts snmpd when it changes. Without this, 'reload_service'
(triggered by procd_add_reload_trigger) re-creates an identical instance
definition and procd skips the restart, leaving stale configuration
active.
This also fixes a usability issue with SNMPv3: when changing a user's
authentication or privacy algorithm, net-snmp must restart to re-derive
localized keys via createUser. Without the restart, the daemon keeps
using cached key material and authentication fails.
Tested with net-snmp 5.9.4 on OpenWrt (aarch64 and ppc64).
Signed-off-by: Michael Pfeifroth <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:20:53 +0000 (15:20 +0000)]
python-editables: drop package
No longer needed by any package in the feed; hatchling 1.27+ removed
it from install_requires.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:20:50 +0000 (15:20 +0000)]
python-hatchling: drop editables dependency
Upstream removed editables from install_requires in hatchling 1.27;
1.30.1 no longer needs it at runtime or build-time.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:18:41 +0000 (15:18 +0000)]
python-contextlib2: drop package
No longer needed by any package in the feed; only python-schema
depended on it and it was a Python <3.3 conditional shim.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 15:18:29 +0000 (15:18 +0000)]
python-schema: drop contextlib2 dependency
Upstream only requires contextlib2 on Python <3.3, so it is never
pulled in on a Python 3.14 runtime.
schema builds through the setuptools.build_meta legacy backend but never
declared setuptools as a build dependency; it was only present in the host
build env transitively via contextlib2's build. Add python-setuptools/host
explicitly so the build no longer relies on that side effect.
Signed-off-by: Alexandru Ardelean <redacted>
Jack Lovell [Sun, 31 May 2026 14:49:39 +0000 (15:49 +0100)]
ocserv: support custom server SSL certificate
Add UCI options for the path to the server's SSL certificate and
private key. This enables the use of a certificate provided by an
external certificate authority instead of the default self-signed
certificate.
The self-signed certificate is still produced if it doesn't already
exist, and is used by default. So this change should be transparent to
existing users.
Fixes #23099.
Signed-off-by: Jack Lovell <redacted>
Stan Grishin [Mon, 15 Jun 2026 01:42:31 +0000 (01:42 +0000)]
adblock-fast: update to 1.2.4-2
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.4
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.4
Description:
Update to 1.2.4
- Update PKG_VERSION to 1.2.4 and PKG_RELEASE to 2.
- Update documentation URL from melmac.ca to mossdef.org.
README.md:
- Update documentation URL from melmac.ca to mossdef.org.
files/etc/config/adblock-fast:
- Add default option `download_connect_timeout '10'`.
- Add default option `download_allow_insecure '1'`.
- Set default `parallel_downloads` to `8`.
- Remove commented `download_max_time` line.
files/etc/init.d/adblock-fast:
- Increment `initCompat` to 17.
- Add `download_connect_timeout`, `download_max_time`,
`download_allow_insecure` to config validation schema.
files/etc/uci-defaults/90-adblock-fast:
- Use `initCompat` from init script to stamp `config_compat`.
- Migrate `parallel_downloads` from boolean to numeric cap for compat < 15.
- Seed new `download_connect_timeout` from old `download_timeout`
for compat < 16.
- Add new `config_compat` and `config_version` stamping.
files/lib/adblock-fast/adblock-fast.uc:
- Increment package `compat` to 17.
- Introduce `task_slot_ram` for per-downloader memory budgeting.
- Add `download_connect_timeout`, `download_max_time`,
`download_allow_insecure` to `reload` triggers.
- Store `downloader` kind and track `_last_dl_timeout` status.
- Refine downloader detection: prefer curl, then uclient-fetch, then
GNU wget, finally generic wget.
- Update `curl` command flags for `--insecure`, `--connect-timeout`,
`--speed-limit`/`--speed-time`, `--max-time`.
- Update `uclient-fetch` flags for `--no-check-certificate`.
- Update `wget` flags for `--no-check-certificate`,
`--connect-timeout`, `--read-timeout`.
- Improve SSL support detection for uclient-fetch.
- Capture `curl` exit code 28 as a distinct timeout failure.
- Expand `get_text` cases for `errorDetectingFileType`,
`warningMissingRecommendedPackages` (args), `warningParallelDownloadsThrottled`,
`warningDownloadTimeout`.
- Allow `download_allow_insecure` for `get_url_filesize` calls.
- Set `download_allow_insecure` default to true in `config_schema`.
- Change `parallel_downloads` from boolean to integer `8` default in
`config_schema`.
- Add `download_connect_timeout` and `download_max_time` to `config_schema`.
- Read up to 4KB for `detect_file_type`.
- Improve `warningMissingRecommendedPackages` output: list missing
packages and use `apk` or `opkg` install command.
- Split `process_file_url` into parallelizable `prepare_file_url`
and serial `apply_result`, plus `emit_dl_line`.
- Implement memory-aware throttling for `parallel_downloads`.
- Revert to single `process_file_url` for serial uses and test runner.
- Correct `get_mem_available` to return current free memory only.
- Rename `get_mem_total` to `get_mem_available`.
Signed-off-by: Stan Grishin <redacted>
Jan Hák [Mon, 15 Jun 2026 09:14:01 +0000 (11:14 +0200)]
knot: update to version 3.5.5
Release notes: https://www.knot-dns.cz/2026-06-12-version-355.html
Signed-off-by: Jan Hák <redacted>
Glenn Strauss [Mon, 15 Jun 2026 02:30:43 +0000 (22:30 -0400)]
lighttpd: update to lighttpd 1.4.83 release hash
Ref: https://www.lighttpd.net/2026/6/14/1.4.83/
Signed-off-by: Glenn Strauss <redacted>
Jianhui Zhao [Sun, 14 Jun 2026 06:25:30 +0000 (14:25 +0800)]
lua-ffi: update to 1.3.0
changelog: https://github.com/zhaojh329/lua-ffi/releases/tag/v1.3.0
Signed-off-by: Jianhui Zhao <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 06:13:10 +0000 (09:13 +0300)]
python3: fix host PGO build failure on deep build paths
Python 3.14 made "forkserver" the default multiprocessing start method on
Linux, which binds an AF_UNIX socket under $TMPDIR during the PGO profile-run.
OpenWrt points TMPDIR at the deeply nested build tree, so the socket path can
exceed the 108-byte AF_UNIX limit and abort the host build with "AF_UNIX path
too long" in test_re (cpython#149527). Pin TMPDIR=/tmp for the host build.
Signed-off-by: Alexandru Ardelean <redacted>
Tianling Shen [Mon, 15 Jun 2026 03:37:09 +0000 (11:37 +0800)]
openlist: Update to 4.2.2
Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.2.2
Signed-off-by: Tianling Shen <redacted>
Tianling Shen [Mon, 15 Jun 2026 03:36:39 +0000 (11:36 +0800)]
rclone: Update to 1.74.3
Release note: https://github.com/rclone/rclone/releases/tag/v1.74.3
Signed-off-by: Tianling Shen <redacted>
Tianling Shen [Mon, 15 Jun 2026 03:36:18 +0000 (11:36 +0800)]
dnslookup: Update to 1.12.0
Release note: https://github.com/ameshkov/dnslookup/releases/tag/v1.12.0
Signed-off-by: Tianling Shen <redacted>
Tianling Shen [Mon, 15 Jun 2026 03:35:34 +0000 (11:35 +0800)]
cloudflared: Update to 2026.6.0
Release note: https://github.com/cloudflare/cloudflared/releases/tag/2026.6.0
Signed-off-by: Tianling Shen <redacted>
Philip Prindeville [Sun, 14 Jun 2026 21:26:42 +0000 (15:26 -0600)]
strongswan: invalid dpd_action value 'start' in IPsec swanctl.conf
Fixes issue #28583.
Signed-off-by: Philip Prindeville <redacted>
Philip Prindeville [Sun, 14 Jun 2026 19:06:24 +0000 (13:06 -0600)]
strongswan: update to 6.0.7
Security fix for a double-free in libstrongswan.
Signed-off-by: Philip Prindeville <redacted>
Tianling Shen [Mon, 15 Jun 2026 02:43:04 +0000 (10:43 +0800)]
cloudreve: exclude tests pkg
`pkg/request/ssrftest` is used for tests only and does not contain
real package, exclude it from build list.
Fixes: 7f5a269cf3a4 ("cloudreve: Update to 4.16.1")
Signed-off-by: Tianling Shen <redacted>
Carsten Schuette [Sat, 6 Jun 2026 09:54:13 +0000 (11:54 +0200)]
libwebsockets: bump to 4.5.8, add gcc15 workaround
libwebsockets: bump to 4.5.8, add gcc15 workaround
Signed-off-by: Carsten Schuette <redacted>
Dengfeng Liu [Sun, 14 Jun 2026 11:09:34 +0000 (19:09 +0800)]
xfrpc: update to 5.06.909
Updated from 4.04.856 to 5.06.909.
Changes:
- Switch from git clone to tarball download
- Add start_time/end_time scheduling support for tcp/http/https/socks5
- Add service_type validation for tcp (ssh/mstsc/rdp/vnc/telnet)
- Add iod proxy type support
- Add WAN up auto-restart trigger
- Add -s startup parameter
Signed-off-by: Dengfeng Liu <redacted>
nantayo [Sun, 14 Jun 2026 07:59:58 +0000 (15:59 +0800)]
podman: update to 5.8.3
- adjust makefile
- refresh patch
Signed-off-by: nantayo <redacted>
Til Kaiser [Wed, 7 Jan 2026 13:24:29 +0000 (14:24 +0100)]
ifstat: fix build with GCC 15
ifstat fails to build with GCC 15 due to an incorrect detection of the
signal handler return type.
The configure script shipped with ifstat uses an obsolete K&R-style
declaration:
void (*signal())();
With GCC 15 this causes the signal() return type check to incorrectly
assume 'int' instead of 'void'. As a result, the generated code defines
signal handlers returning int, which conflicts with struct sigaction
expecting a void (*)(int) handler and leads to a build failure:
assignment to 'void (*)(int)' from incompatible pointer type
'int (*)(int)'
Enable autoreconf during the build to regenerate the configure
script, which correctly detects the signal handler type and fixes
the compilation error.
Signed-off-by: Til Kaiser <redacted>
Yanase Yuki [Sat, 10 Jan 2026 08:04:19 +0000 (17:04 +0900)]
sysrepo: drop libredblack from dependencies
Only sysrepo version 0.x.x requires libredblack,
so current version of sysrepo doesn't depend on it.
Signed-off-by: Yanase Yuki <redacted>
John Audia [Fri, 29 Aug 2025 11:28:17 +0000 (07:28 -0400)]
memtest86plus: add new package
Add package for memtest86+ and ability to boot directly into it from
existing grub menu. Both legacy and EFI packages are available and each
will provide the needed memtest86+ images plus a postinst and postrm to
handle the grub.cfg menu entries.
The images are tiny, adding at worst 154 kB to the kernel partition.
I do not have x86 box for testing but the memtest86plus-efi package
works as expected on my test machine (ie booting into the image and the
setup and removal of the grub.cfg menu entry).
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc (Intel N150 based box)
Signed-off-by: John Audia <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 06:01:57 +0000 (09:01 +0300)]
jdcall: drop package
No longer needed.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 14 Jun 2026 05:48:14 +0000 (08:48 +0300)]
openpyxl: remove jdcal dependency
It's no longer needed since ~2021
https://foss.heptapod.net/openpyxl/openpyxl/-/merge_requests/393
Signed-off-by: Alexandru Ardelean <redacted>
George Sapkin [Sat, 13 Jun 2026 21:43:25 +0000 (00:43 +0300)]
yt-dlp: add version check override
Move version check to override script.
Signed-off-by: George Sapkin <redacted>
George Sapkin [Sat, 13 Jun 2026 16:52:12 +0000 (19:52 +0300)]
yt-dlp: bump to 2026.06.09
Fixes: CVE-2026-50019
Fixes: CVE-2026-50023
Fixes: CVE-2026-50574
Changes: https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09
Signed-off-by: George Sapkin <redacted>
Dengfeng Liu [Sun, 14 Jun 2026 07:49:01 +0000 (15:49 +0800)]
apfree-wifidog: update to 9.05.2872
Updated from 7.10.2082 to 9.05.2872.
Changes:
- Added new dependencies: libnftnl, libmnl, libbpf
- Removed obsolete wdping binary
- Added wifi-config and wifi-diag CGI tools
- Removed obsolete CMake patches (fixed upstream)
Signed-off-by: Dengfeng Liu <redacted>
Hannu Nyman [Sun, 14 Jun 2026 07:03:41 +0000 (10:03 +0300)]
collectd: ping - fix use-after-free when re-resolving a host
Add a patch fixing a possible crash, when a non-responding host is
tried to be pinged and retry attempts are limited by MaxMissed option.
> daemon.err: collectd[14133]: ping plugin: host 192.168.1.99 has not answered 3 PING requests, triggering resolve
> daemon.info: procd: Instance collectd::instance1 s in a crash loop 7 crashes, 3 seconds since last crash
Fixes: #29649
* upstream bug created: https://github.com/collectd/collectd/issues/4406
* older upstream bug: https://github.com/collectd/collectd/issues/3079
Signed-off-by: Hannu Nyman <redacted>
Alexandru Ardelean [Sat, 13 Jun 2026 16:47:17 +0000 (16:47 +0000)]
python-frozenlist: drop package
No longer needed by any package in the feed.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sat, 13 Jun 2026 16:47:13 +0000 (16:47 +0000)]
python-flit-scm: drop package
No longer needed by any package in the feed.
Signed-off-by: Alexandru Ardelean <redacted>
George Sapkin [Sat, 13 Jun 2026 16:38:55 +0000 (19:38 +0300)]
syncthing: bump to 2.1.1
Changes: https://github.com/syncthing/syncthing/releases/tag/v2.1.1
Signed-off-by: George Sapkin <redacted>
George Sapkin [Sat, 13 Jun 2026 13:30:55 +0000 (16:30 +0300)]
golang: bump 1.26 to 1.26.4
Fixes: CVE-2026-27145
Fixes: CVE-2026-42504
Fixes: CVE-2026-42507
Changes: https://github.com/golang/go/issues?q=milestone%3AGo1.26.4+label%3ACherryPickApproved
Signed-off-by: George Sapkin <redacted>
George Sapkin [Sat, 13 Jun 2026 14:48:05 +0000 (17:48 +0300)]
golang: use upstream build ID logic
Don't override the upstream build ID logic to hopefully improve
reproducibility.
Signed-off-by: George Sapkin <redacted>
Dirk Brenken [Sat, 13 Jun 2026 14:54:53 +0000 (16:54 +0200)]
adblock: readme update
* just a readme update without version bump
Signed-off-by: Dirk Brenken <redacted>
John Audia [Sat, 11 Apr 2026 19:42:30 +0000 (15:42 -0400)]
nfs-kernel-server: fix up init scripts and exports
Add post-release patch to fix musl builds:
250-fh_key_file-fix-missing-string.h-inclusion.patch
v3 init:
- Mirror upstream systemd service; use nfsdctl to manage the server
- Add /etc/nfs.conf to restrict to NFSv3 only:
% cat /proc/fs/nfsd/versions
+3 -4 -4.0 -4.1 -4.2
v4 init:
- Remove dead procd_append_param -F from nfsdcld instance
- Add respawn to nfsv4.exportd and rpc.idmapd; exclude nfsdcld as it
daemonizes and would spawn duplicates under procd respawn
- Remove unused NFSDCLD_PID variable; nfsdcld writes no pidfile
- Add status_service() using pgrep; procd permanently misreports
nfsdcld as stopped due to its daemonization behavior
exports:
- Supply unified /etc/exports covering both v3 and v4 syntax so the
file survives switching between package variants
Signed-off-by: John Audia <redacted>
John Audia [Sat, 11 Apr 2026 13:18:00 +0000 (09:18 -0400)]
nfs-kernel-server: update to 2.9.1
Update to 2.9.1 which includes a new dependency on libnl, see changelog.
Changelog: https://www.kernel.org/pub/linux/utils/nfs-utils/2.9.1/2.9.1-Changelog
This upstream release has some peculiar commits, including disabling NFS
v4.0 by default and cache up calls migrated from /proc to netlink. In my
testing, two parameters are needed to the nfsv4.init file in order to maintain
functionality. Without these changes, there's a 90-second period where the
shares are simply unavailable.
Note that this cannot be merged until the changes to libnl have been
merged first. See: https://github.com/openwrt/openwrt/pull/22889
Signed-off-by: John Audia <redacted>
Dirk Brenken [Fri, 12 Jun 2026 20:28:10 +0000 (22:28 +0200)]
banip: release 1.8.9-1
* f_conf: ignore empty UCI option values so they don't override sane defaults
* f_etag: strip CR in ETag header extraction (gsub(/[\r"]/,…)) — fixes empty-but-present etag
* f_fetch: validate ban_fetchretry
* fix feed padding in allowlistonly mode
* readme update
Signed-off-by: Dirk Brenken <redacted>
Alexandru Ardelean [Fri, 12 Jun 2026 04:22:13 +0000 (07:22 +0300)]
python-chardet: drop package
python-requests now uses charset-normalizer and nothing else in the
feed depends on it.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Fri, 12 Jun 2026 04:22:13 +0000 (07:22 +0300)]
python-requests: use charset-normalizer instead of chardet
Switch runtime and host build deps from chardet to charset-normalizer,
the mandatory charset-detection backend since requests 2.26. Extend
test.sh to cover the new backend and bump PKG_RELEASE.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Fri, 12 Jun 2026 04:22:13 +0000 (07:22 +0300)]
python-charset-normalizer: add host build
Add a HostBuild variant so it can be used as a /host build dependency,
mirroring python-certifi/idna/urllib3.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Thu, 11 Jun 2026 16:49:33 +0000 (19:49 +0300)]
python-toml: drop package
No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Thu, 11 Jun 2026 16:49:20 +0000 (19:49 +0300)]
python-pyparsing: drop package
No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Thu, 11 Jun 2026 16:47:09 +0000 (19:47 +0300)]
python-apipkg: drop package
No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.
Signed-off-by: Alexandru Ardelean <redacted>
John Audia [Wed, 10 Jun 2026 20:40:11 +0000 (16:40 -0400)]
shadow: reintroduce newgidmap and newuidmap
The lxc-unprivileged package depends on both newgidmap and newuidmap
if users are installing and setting it up for the first time.
dc52894
dropped both of the applets.
This change builds libusbid as a shared lib which builds a versioned
symbol which OpenWrt does not stage so build with --disable-shared
and --enable-static to avoid a failure.
Signed-off-by: John Audia <redacted>
John Audia [Wed, 10 Jun 2026 17:29:56 +0000 (13:29 -0400)]
dmidecode: update to 3.7
Upstream update.
Changelog from 3.5:
Version 3.7 (Thu Dec 18 2025)
- [COMPATIBILITY] Use binary unit prefixes.
- [COMPATIBILITY] Rename BIOS to Firmware.
- [PORTABILITY] Improve variable declarations.
- [PORTABILITY] Stop open-coding the u64 type.
- [PORTABILITY] Use unaligned memory accesses unconditionally.
- [PORTABILITY] No longer build with -Winline.
- Support for SMBIOS 3.8.0. This includes a new processor family.
- Support for SMBIOS 3.9.0. This includes chassis type name adjustments,
new rack attributes, slot ID for more slot types, and new memory device
form factors and types.
- Decode HPE OEM records 193, 195, 202, 211, 226, 229, 232 and 244.
- Update HPE OEM records 203, 216, 242 and 245.
- EDSFF slot names now include their .S/.L suffix.
Version 3.6 (Wed Apr 24 2024)
- [PORTABILITY] Use -DALIGNMENT_WORKAROUND on arm.
- [PORTABILITY] Read SMBIOS entry point via kenv on DragonFly BSD.
- Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
- Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
- Add bash completion.
- Decode HPE OEM records 197, 239 and 245.
- Implement options --list-strings and --list-types.
- Update HPE OEM records 203, 212, 216, 221, 233, 236, 237, 238 and 242.
- Update Redfish support.
- Bug fixes:
Fix option --from-dump for user root
Fix enabled slot characteristics not being printed
- Minor improvements:
Print slot width on its own line
Use standard strings for slot width
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <redacted>
Tianling Shen [Thu, 11 Jun 2026 07:50:13 +0000 (15:50 +0800)]
cloudreve: Update to 4.16.1
Changelog:
https://github.com/cloudreve/cloudreve/releases/tag/4.16.0
https://github.com/cloudreve/cloudreve/releases/tag/4.16.1
Signed-off-by: Tianling Shen <redacted>
Tianling Shen [Thu, 11 Jun 2026 06:51:21 +0000 (14:51 +0800)]
yq: backport upstream anchor fixes
bump go-yaml to fix !!merge tag regression.
Signed-off-by: Tianling Shen <redacted>
Florian Eckert [Thu, 2 Apr 2026 13:19:01 +0000 (15:19 +0200)]
flashrom: update to 1.7.0
* Upstream change data compression format form 'tar.bz2 to' tar.xz'
* Update MESON_ARGS variables
Signed-off-by: Florian Eckert <redacted>
Daniel Golle [Tue, 9 Jun 2026 06:57:59 +0000 (07:57 +0100)]
gpgme: update to version 2.1.0
New encryption result flags "is_de_vs" and "beta_compliance", a new
GPGME_DECRYPT_SESSION_HASH decryption flag and session_hash result
field, CMS signature attribute support via gpgme_sig_notation_add, a
new "export-filter" context flag, plus a gpgsm lockup fix and a
passphrase cancel handling fix.
https://gnupg.org/ftp/gcrypt/gpgme/
Signed-off-by: Daniel Golle <redacted>
Olekhov Vasilii [Fri, 15 May 2026 17:02:36 +0000 (20:02 +0300)]
lpac: fix env vars for lpac.sh wrapper
This patch fixes usage of `LPAC_QMI_DEV` and `LPAC_QMI_DEBUG`
environment variables.
OpenWRT upstream patch for `lpac` provides `uqmi` backend that uses these vars
instead of `LPAC_APDU_QMI_DEVICE` and `LPAC_APDU_QMI_DEBUG` respectively.
Added test-version.sh script since lpac version check is non-standart
Signed-off-by: Olekhov Vasilii <redacted>
Daniel Golle [Tue, 9 Jun 2026 03:42:02 +0000 (04:42 +0100)]
transmission: update to version 4.1.2
Bugfix release fixing 20+ bugs plus minor performance improvements,
notably a 4.1.0 duplicate HTTP announce fix and a fix for downloads
stalling at 99%.
Release notes: https://github.com/transmission/transmission/releases/tag/4.1.2
Drop 100-build-fix-external-project-builds-with-LTO-enabled-t.patch,
merged upstream as transmission/transmission#8369.
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 04:30:36 +0000 (05:30 +0100)]
libextractor: update to version 1.14
Maintenance release. Upstream ships no detailed changelog for this
release; see the GNU libextractor release listing.
https://ftp.gnu.org/gnu/libextractor/
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 07:01:15 +0000 (08:01 +0100)]
opentracker: update to latest git HEAD
1c7fac4 Reduce chance of collisions
ec74b83 Fix connection ids. They were broken for the last 14 years and never
used more than the remote ip as seed. Thanks to Tracy Rogers
https://erdgeist.org/gitweb/opentracker/
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 03:35:28 +0000 (04:35 +0100)]
debootstrap: update to version 1.0.144
Changelog (1.0.144):
* Bump Standards-version to 4.7.4
* Add Ubuntu Stonking symlink
https://metadata.ftp-master.debian.org/changelogs/main/d/debootstrap/debootstrap_1.0.144_changelog
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 04:02:53 +0000 (05:02 +0100)]
exfatprogs: update to version 1.4.1
1.4.0 adds exFAT partition table support (mkfs partition-table creation,
fsck --put-mbr/--clear-mbr), a user-supplied --upcase table option and
chdosattr/lsdosattr DOS-attribute utilities; 1.4.1 fixes missing headers
in the release tarball. The new MBR and foreign-filesystem detection
links libblkid and fts, so add +libblkid and +USE_MUSL:musl-fts.
https://github.com/exfatprogs/exfatprogs/releases/tag/1.4.0
https://github.com/exfatprogs/exfatprogs/releases/tag/1.4.1
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 06:44:37 +0000 (07:44 +0100)]
ccid: update to version 1.8.0
New reader support (GLSolutions NM61, Identiv uTrust FIDO2, Kensington
VeriMark NFC+, several Pol Henarejos Pico devices and more), removes the
16 reader limitation, and fixes crashes and race conditions in the
multi-slot code.
Upstream removes the autotools build system in favour of Meson, so port
the package to meson.mk and drop 010-macos.patch, which patched the now
removed configure.ac. The reader bundle install path is taken from
libpcsclite.pc usbdropdir (/usr/lib/pcsc/drivers, unchanged); udev rules
stay disabled as before.
https://ccid.apdu.fr/files/
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 04:44:52 +0000 (05:44 +0100)]
pcsc-tools: update to version 1.7.5
Adds new ATRs to the smartcard list, a Georgian translation and
minor README updates.
https://github.com/LudovicRousseau/pcsc-tools/releases/tag/1.7.5
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 04:44:31 +0000 (05:44 +0100)]
pcsc-lite: update to version 2.5.0
- Do not limit to 16 readers only
- Remove support of autotools
- Fix a crash when rescanning serial configs
- Fix a memory leak in Polkit
- tokenparser: avoid a crash with corrupted Info.plist files
https://pcsclite.apdu.fr/
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 07:13:24 +0000 (08:13 +0100)]
exim: update to version 4.99.4
Maintenance release on the 4.99 stable series.
https://github.com/Exim/exim/blob/exim-4.99.4/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 06:55:06 +0000 (07:55 +0100)]
libinput: update to version 1.31.3
Stable branch bugfix release.
https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.31.3
Signed-off-by: Daniel Golle <redacted>
Daniel Golle [Tue, 9 Jun 2026 06:52:57 +0000 (07:52 +0100)]
libwacom: update to version 2.19.0
Adds support for several new tablet devices and updates the device
database.
https://github.com/linuxwacom/libwacom/releases/tag/libwacom-2.19.0
Signed-off-by: Daniel Golle <redacted>
Bruno Marinier [Mon, 8 Jun 2026 19:25:29 +0000 (15:25 -0400)]
prometheus-node-exporter-lua: add unbound stats collector
- New unbound.lua exporter module for unbound stats
- Updated Makefile
Signed-off-by: Bruno Marinier <redacted>
Daniel Golle [Tue, 9 Jun 2026 04:04:49 +0000 (05:04 +0100)]
hiredis: update to version 1.4.0
Improvements include applying FD_CLOEXEC on sockets, a pure-C99 RESP3
double parser, C++ compatibility for sds.h, and a NULL check fix in
redisReconnect. Now requires CMake 3.15.
https://github.com/redis/hiredis/releases/tag/v1.4.0
Signed-off-by: Daniel Golle <redacted>
Tianling Shen [Wed, 10 Jun 2026 03:55:20 +0000 (11:55 +0800)]
yq: Update to 4.53.3
Notable changes: fixed nested inline YAML merge explode
Release note: https://github.com/mikefarah/yq/releases/tag/v4.53.3
Signed-off-by: Tianling Shen <redacted>
Seo Suchan [Sun, 7 Jun 2026 22:02:49 +0000 (07:02 +0900)]
rtl-sdr: add test.sh
although rtl-sdr doesn't print version, test at least if compiled binary runs
Written-by: Josef Schlehofer <redacted>
Test-by: Josef Schlehofer <redacted>
Suggested-by: Josef Schlehofer <redacted>
Signed-off-by: Seo Suchan <redacted>
Seo Suchan [Mon, 25 May 2026 07:53:43 +0000 (16:53 +0900)]
rtl-sdr: update to 2.0.2
bump version to 2.0.2, add version test override
Signed-off-by: Seo Suchan <redacted>
John Audia [Tue, 9 Jun 2026 12:18:00 +0000 (08:18 -0400)]
rsync: update to 3.4.4
Changelog: https://download.samba.org/pub/rsync/NEWS#3.4.4
Signed-off-by: John Audia <redacted>
Alexandru Ardelean [Sun, 7 Jun 2026 17:13:34 +0000 (20:13 +0300)]
python-incremental: add test-version.sh generic version-check override
The incremental CLI requires an "update" subcommand and prints a usage
error instead of a version for the flags the generic check probes, so it
fails generic tests (e.g. when python3 is bumped). Override it; test.sh
still covers functionality.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Sun, 7 Jun 2026 11:02:45 +0000 (14:02 +0300)]
python-automat: drop broken automat-visualize entry point
The package excludes automat/_visualize.py (it needs the optional graphviz
dependency), but the automat-visualize console script was still installed and
imports that module, so it failed at runtime and broke the CI generic test.
Skip the /usr/bin install so the package ships as a pure library.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Tue, 2 Jun 2026 21:12:59 +0000 (00:12 +0300)]
python-greenlet: bump to 3.5.1
Refresh sha256 from PyPI sdist.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Tue, 2 Jun 2026 21:12:59 +0000 (00:12 +0300)]
python-twisted: bump to 26.4.0
Refresh sha256 from PyPI sdist.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Tue, 2 Jun 2026 21:12:59 +0000 (00:12 +0300)]
python-s3transfer: bump to 0.18.0
Refresh sha256 from PyPI sdist.
Signed-off-by: Alexandru Ardelean <redacted>
Niklas Thorild [Mon, 8 Jun 2026 20:35:15 +0000 (22:35 +0200)]
telegraf: update to 1.39.0
- Update Telegraf to v1.39.0
Signed-off-by: Niklas Thorild <redacted>
Georgi Valkov [Tue, 9 Jun 2026 10:56:30 +0000 (13:56 +0300)]
rust: fix host build on x64 Darwin
rust/host fails to compile on macOS running on Intel x64
because the host target triple is autogenerated to be
'arm64-unknown-linux-'. Rust doesn't have such a target triple, thus the
build fails because there are no pre-built artefacts for bootstrapping.
Fix this by setting RUSTC_HOST_ARCH to 'x86_64-apple-darwin' in case
our host is HOST_ARCH=x86_64 and HOST_OS=Darwin.
This fix is based on the existing fix for Apple silicon [1].
Fixes:
File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/x.py", line 53, in <module>
bootstrap.main()
~~~~~~~~~~~~~~^^
File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 1418, in main
bootstrap(args)
~~~~~~~~~^^^^^^
File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 1366, in bootstrap
build.download_toolchain()
~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 697, in download_toolchain
download_component(download_info)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 529, in download_component
get(
~~~^
download_info.base_download_url,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...<3 lines>...
verbose=download_info.verbose,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 58, in get
raise RuntimeError(
...<6 lines>...
)
RuntimeError: src/stage0 doesn't contain a checksum for dist/2026-04-16/rust-std-1.95.0-x86_64-unknown-linux-darwin24.6.0.tar.xz. Pre-built artifacts might not be available for this target at this time, see https://doc.rust-lang.org/nightly/rustc/platform-support.html for more information.
[1] https://github.com/openwrt/packages/commit/
105fa3920e12f557bdf1fcbc566fc286fb53e319
Signed-off-by: Georgi Valkov <redacted>
Wei-Ting Yang [Tue, 9 Jun 2026 04:26:11 +0000 (12:26 +0800)]
bash: update to 5.3 patch level 12
- Fix loop in subshells calling wait builtin with inherited job list
- Fix mapfile problem when callback unsets the variable it is modifying
- Fix subshells inappropriately running the EXIT trap if they receive a
fatal signal before resetting traps
Signed-off-by: Wei-Ting Yang <redacted>
Seo Suchan [Sun, 7 Jun 2026 21:32:24 +0000 (06:32 +0900)]
luajit2: update test-version.sh to actual test
old just disabled version test, but as LuaJIt 2.1. part is stable.
So we can use that for test if luajit2 itself able to run.
Fixes: c7ca6d46f700 luajit2: ("add test-version.sh")
Suggested-by: Josef Schlehofer <redacted>
Signed-off-by: Seo Suchan <redacted>
Andy Chiang [Sun, 7 Jun 2026 03:06:48 +0000 (10:06 +0700)]
ddns-scripts: add fallback for default values
In luci, the `interface` value has `o.default = 'wan'` configured.
Due to a behavior fix in 'o.default', values matching the default are
no longer saved. Currently, this is workedaround by disabling
'o.rmempty' in luci, but handling this compatibility fallback on the
backend is a cleaner and superior approach.
Ref: https://github.com/openwrt/luci/commit/
b004197a277804ec0c8f092412b91c1d3e5936fa
Signed-off-by: Andy Chiang <redacted>
Andy Chiang [Sun, 7 Jun 2026 02:52:00 +0000 (09:52 +0700)]
ddns-scripts: fix log noise
When fetching the IP via a URL with `force_ipversion` enabled,
a `Busybox nslookup - no support to 'force IP Version' (ignored)`
log is generated periodically. This log is redundant, in this scenario
`force_ipversion` only affects the results fetched by wget/uclient-fetch/curl.
It is perfectly fine for nslookup to query both A/AAAA records simultaneously.
Signed-off-by: Andy Chiang <redacted>
Alexandru Ardelean [Tue, 2 Jun 2026 22:06:14 +0000 (01:06 +0300)]
python-psycopg2: bump to 2.9.12
Refresh sha256 from PyPI sdist.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Tue, 2 Jun 2026 22:06:14 +0000 (01:06 +0300)]
python-lxml: bump to 6.1.1
Refresh sha256 from PyPI sdist.
Signed-off-by: Alexandru Ardelean <redacted>
Alexandru Ardelean [Tue, 2 Jun 2026 22:06:14 +0000 (01:06 +0300)]
python-cython: bump to 3.2.5
Refresh sha256 from PyPI sdist.
Signed-off-by: Alexandru Ardelean <redacted>
git.99rst.org / openwrt-packages.git / log