git.99rst.org Git - openwrt-packages.git/log

etherwake: human-readable section name in console output

Signed-off-by: Georgios Kontaxis <redacted>

etherwake: polish example configuration

Signed-off-by: Georgios Kontaxis <redacted>

etherwake: simplify password handling

Signed-off-by: Georgios Kontaxis <redacted>

etherwake: remove redundant 'pathes' option

Signed-off-by: Georgios Kontaxis <redacted>

etherwake: remove internal use of sudo

Signed-off-by: Georgios Kontaxis <redacted>

banip: update 1.8.9-2

default feed updates:
- urlhaus, urlvir, webclient: switched from in to out
  and added a tcp udp 80 443 port limit (destination feeds for LAN-initiated traffic)
- feodo, spamhaus, threat, threatview, proxy, tor, vpn, vpndc: switched from in to inout
- threatview: added url_6, as the source ships IPv4 and IPv6 in a single file
- country / asn: intentionally left on in; documented how to switch them to outbound/both
  for the recurring "block connections to country X" case
- readme update:
  - corrected the feed table to match the above,
  - removed the stale drop row (replaced by spamhaus),
  - and reworked the chain explanation to clarify the inbound-vs-outbound (source-IP vs destination-IP) model
  - significantly expanded the custom-feeds section (all JSON fields, rule parameters, etc.

Signed-off-by: Dirk Brenken <redacted>

lxc: update to 7.0.0

Swtich to upstream recommended 7.0 LTS branch[1] which includes a fix
for CVE-2026-39402. Full changelog: https://github.com/lxc/lxc/releases/tag/v7.0.0

- Removed patches/021-remove-legacy-cgroup-support.patch due upstream
deprecated CGroupV1 support.
- Modified files/lxc-auto.init to remove the boot() function which mounted
legacy cgroup1 stuff as well. This PR will superceed
https://github.com/openwrt/packages/pull/27757 as a result.
- Added a version check script for the CI.
- Fix another CI failure with -Dmemfd-rexec=false

Note this release adds the ability to introduce landlock-sandboxing the
monitor process but that would depend on CONFIG_SECURITY_LANDLOCK in the
kernel. This can be added in a future PR if there is interest.

1. https://discuss.linuxcontainers.org/t/lxc-7-0-lts-has-been-released/26612#p-90585-support-and-upgrade-8

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <redacted>

bsbf-bonding: fix final wan interface check and delete wan quietly

The exit command was running unconditionally which broke the system
configuration. Fix that and simplify the wan interface check.

Run network.wan deletion quietly in case it doesn't exist.

Signed-off-by: Chester A. Unal <redacted>

lighttpd: update to lighttpd 1.4.84 release hash

Ref: https://www.lighttpd.net/2026/6/17/1.4.84/
Signed-off-by: Glenn Strauss <redacted>

ci: bump actions/checkout from 6 to 7

Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <redacted>

treewide: musl-fts is only needed when using MUSL

Two packages (fluent-bit and nnn) don't properly gate musl-fts as
only required when using MUSL.

Signed-off-by: Philip A. Prindeville <redacted>

bash: update to 5.3 patch level 15

- Fix technically undefined behavior when comparing return value from
  realloc to the original pointer
- Update mapfile patch 11, removing stray line and improving the
  efficiency of the original fix
- Fix read builtin to avoid cases where -1 is used as an index into the
  input buffer

Signed-off-by: Wei-Ting Yang <redacted>

coredns: update to 1.14.4

Changelog https://github.com/coredns/coredns/releases/tag/v1.14.4

Signed-off-by: Vladimir Ermakov <redacted>

bsbf-openwrt-resources: do not reload firewall

Firewall will be reloaded when there's ifup so don't reload it.

Signed-off-by: Chester A. Unal <redacted>

bsbf-resources: update to GIT HEAD of 2026-06-19

Update bsbf-resources to the GIT HEAD of 2026-06-19.

- files/etc/uci-defaults/99-bsbf-bonding:
  - Simplify the script and make sure multiple wan interfaces are processed
    properly.
  - Use routing table 1 instead of 100.
  - Make it able to install the bsbf-bonding package without needing
    bsbf-client-openwrt-installer.

- files/usr/sbin/bsbf-bonding:
  - Move uninstall functionality to makefile.

Signed-off-by: Chester A. Unal <redacted>

https-dns-proxy: update to 2026.03.18-4

Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1

Description:
Robustify nftables notrack generation

  - Bump PKG_RELEASE to 4.
  - Add install rule to create /usr/share/nftables.d/ruleset-post.

files/etc/init.d/https-dns-proxy:
  - Check if 'nft' command exists before generating rules.
  - Add robust error handling for directory creation and file writing.
  - Log errors when directory creation or file writing fails.

tests/run_tests.sh:
  - Add test case for 'nft' binary absence, confirming no-op behavior.
  - Add test case for mkdir failure during notrack rule generation.

Signed-off-by: Stan Grishin <redacted>

travelmate: update 2.4.6-2

harden captive portal auto-login script handling:
* enforce the login-script allowlist in the backend instead of the
  LuCI frontend only: canonicalize the configured path via 'readlink -f'
  (defeats ../ traversal and symlink-to-interpreter tricks) and require a
  regular, executable /etc/travelmate/*.login file before running it
* run the script in a noglob subshell ('set -f') so attacker-influenceable
  script_args can no longer expand globs into the trusted script; field
  splitting (multiple args) is preserved
* writing into /etc/travelmate/ is not covered by the luci-app-travelmate
  ACL, so this limits the root-executed script to admin-placed login scripts
  and closes a delegated-ACL to root command execution path.

Signed-off-by: Dirk Brenken <redacted>

net-snmp: enable blumenthal-aes for SNMPv3 encryption

In order to use AES-192 and the like, it is necessary to enable
blumenthal-aes.

Blumenthal AES draft was not formalized in RFC but is
widely implemented by many vendors. It has strong encryption in
connection with SNMPv3.

Signed-off-by: Christian Korber <redacted>

libredblack: remove package

It seems this software is no longer maintained, because
the latest release is 23 years ago.
No package depends on this.

Signed-off-by: Yanase Yuki <redacted>

python-decorator: drop package

No longer needed by any package in the feed; jsonpath-ng was the
last consumer and no longer imports it.

Signed-off-by: Alexandru Ardelean <redacted>

python-ply: drop package

No longer needed by any package in the feed; jsonpath-ng (the last
consumer) vendors ply internally as jsonpath_ng._ply.

Signed-off-by: Alexandru Ardelean <redacted>

python-jsonpath-ng: drop ply, six and decorator dependencies

jsonpath-ng 1.8.0 vendors ply as jsonpath_ng._ply and no longer imports
six or decorator, so none are required at runtime.

It builds through the setuptools.build_meta legacy backend but never
declared setuptools as a build dependency; it was only present in the host
build env transitively via those packages' builds. Add python-setuptools/host
explicitly so the build no longer relies on that side effect.

The jsonpath_ng CLI takes a required expression argument and has no version
flag, so the generic version check cannot detect the package version from it.
Add a test-version.sh override and assert __version__ in test.sh instead,
mirroring python-jmespath.

Signed-off-by: Alexandru Ardelean <redacted>

travelmate: release 2.4.6-1

- fix uplink teardown for bssid-pinned stations
  the new implementaion reads the sta object once and parses fields by name via jshn
  (isolated namespace, single fork). Bug finder: @adam8833 (#29768)
- add a fork-free f_normbssid() helper and normalize all config-side bssids
  to upper case before comparison (in f_getcfg(), covering all callers, and
  on the direct scan comparisons in f_main()).
- LuCI:  adds a normBssid() helper function as well

Signed-off-by: Dirk Brenken <redacted>

net-snmp: fix service not restarting on config change

snmpd generates its runtime configuration in /var/run/snmpd.conf from
UCI during start_service(). However, since the procd instance command
line never changes, procd does not detect that a restart is needed when
the UCI config is modified.

Add 'procd_set_param file /etc/config/snmpd' so procd tracks the config
file and restarts snmpd when it changes. Without this, 'reload_service'
(triggered by procd_add_reload_trigger) re-creates an identical instance
definition and procd skips the restart, leaving stale configuration
active.

This also fixes a usability issue with SNMPv3: when changing a user's
authentication or privacy algorithm, net-snmp must restart to re-derive
localized keys via createUser. Without the restart, the daemon keeps
using cached key material and authentication fails.

Tested with net-snmp 5.9.4 on OpenWrt (aarch64 and ppc64).

Signed-off-by: Michael Pfeifroth <redacted>

python-editables: drop package

No longer needed by any package in the feed; hatchling 1.27+ removed
it from install_requires.

Signed-off-by: Alexandru Ardelean <redacted>

python-hatchling: drop editables dependency

Upstream removed editables from install_requires in hatchling 1.27;
1.30.1 no longer needs it at runtime or build-time.

Signed-off-by: Alexandru Ardelean <redacted>

python-contextlib2: drop package

No longer needed by any package in the feed; only python-schema
depended on it and it was a Python <3.3 conditional shim.

Signed-off-by: Alexandru Ardelean <redacted>

python-schema: drop contextlib2 dependency

Upstream only requires contextlib2 on Python <3.3, so it is never
pulled in on a Python 3.14 runtime.

schema builds through the setuptools.build_meta legacy backend but never
declared setuptools as a build dependency; it was only present in the host
build env transitively via contextlib2's build. Add python-setuptools/host
explicitly so the build no longer relies on that side effect.

Signed-off-by: Alexandru Ardelean <redacted>

ocserv: support custom server SSL certificate

Add UCI options for the path to the server's SSL certificate and
private key. This enables the use of a certificate provided by an
external certificate authority instead of the default self-signed
certificate.

The self-signed certificate is still produced if it doesn't already
exist, and is used by default. So this change should be transparent to
existing users.

Fixes #23099.

Signed-off-by: Jack Lovell <redacted>

adblock-fast: update to 1.2.4-2

Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.4
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.4

Description:
Update to 1.2.4

  - Update PKG_VERSION to 1.2.4 and PKG_RELEASE to 2.
  - Update documentation URL from melmac.ca to mossdef.org.

README.md:
  - Update documentation URL from melmac.ca to mossdef.org.

files/etc/config/adblock-fast:
  - Add default option `download_connect_timeout '10'`.
  - Add default option `download_allow_insecure '1'`.
  - Set default `parallel_downloads` to `8`.
  - Remove commented `download_max_time` line.

files/etc/init.d/adblock-fast:
  - Increment `initCompat` to 17.
  - Add `download_connect_timeout`, `download_max_time`,
    `download_allow_insecure` to config validation schema.

files/etc/uci-defaults/90-adblock-fast:
  - Use `initCompat` from init script to stamp `config_compat`.
  - Migrate `parallel_downloads` from boolean to numeric cap for compat < 15.
  - Seed new `download_connect_timeout` from old `download_timeout`
    for compat < 16.
  - Add new `config_compat` and `config_version` stamping.

files/lib/adblock-fast/adblock-fast.uc:
  - Increment package `compat` to 17.
  - Introduce `task_slot_ram` for per-downloader memory budgeting.
  - Add `download_connect_timeout`, `download_max_time`,
    `download_allow_insecure` to `reload` triggers.
  - Store `downloader` kind and track `_last_dl_timeout` status.
  - Refine downloader detection: prefer curl, then uclient-fetch, then
    GNU wget, finally generic wget.
  - Update `curl` command flags for `--insecure`, `--connect-timeout`,
    `--speed-limit`/`--speed-time`, `--max-time`.
  - Update `uclient-fetch` flags for `--no-check-certificate`.
  - Update `wget` flags for `--no-check-certificate`,
    `--connect-timeout`, `--read-timeout`.
  - Improve SSL support detection for uclient-fetch.
  - Capture `curl` exit code 28 as a distinct timeout failure.
  - Expand `get_text` cases for `errorDetectingFileType`,
    `warningMissingRecommendedPackages` (args), `warningParallelDownloadsThrottled`,
    `warningDownloadTimeout`.
  - Allow `download_allow_insecure` for `get_url_filesize` calls.
  - Set `download_allow_insecure` default to true in `config_schema`.
  - Change `parallel_downloads` from boolean to integer `8` default in
    `config_schema`.
  - Add `download_connect_timeout` and `download_max_time` to `config_schema`.
  - Read up to 4KB for `detect_file_type`.
  - Improve `warningMissingRecommendedPackages` output: list missing
    packages and use `apk` or `opkg` install command.
  - Split `process_file_url` into parallelizable `prepare_file_url`
    and serial `apply_result`, plus `emit_dl_line`.
  - Implement memory-aware throttling for `parallel_downloads`.
  - Revert to single `process_file_url` for serial uses and test runner.
  - Correct `get_mem_available` to return current free memory only.
  - Rename `get_mem_total` to `get_mem_available`.

Signed-off-by: Stan Grishin <redacted>

knot: update to version 3.5.5

Release notes: https://www.knot-dns.cz/2026-06-12-version-355.html

Signed-off-by: Jan Hák <redacted>

lighttpd: update to lighttpd 1.4.83 release hash

Ref: https://www.lighttpd.net/2026/6/14/1.4.83/
Signed-off-by: Glenn Strauss <redacted>

lua-ffi: update to 1.3.0

changelog: https://github.com/zhaojh329/lua-ffi/releases/tag/v1.3.0

Signed-off-by: Jianhui Zhao <redacted>

python3: fix host PGO build failure on deep build paths

Python 3.14 made "forkserver" the default multiprocessing start method on
Linux, which binds an AF_UNIX socket under $TMPDIR during the PGO profile-run.
OpenWrt points TMPDIR at the deeply nested build tree, so the socket path can
exceed the 108-byte AF_UNIX limit and abort the host build with "AF_UNIX path
too long" in test_re (cpython#149527). Pin TMPDIR=/tmp for the host build.

Signed-off-by: Alexandru Ardelean <redacted>

openlist: Update to 4.2.2

Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.2.2

Signed-off-by: Tianling Shen <redacted>

rclone: Update to 1.74.3

Release note: https://github.com/rclone/rclone/releases/tag/v1.74.3

Signed-off-by: Tianling Shen <redacted>

dnslookup: Update to 1.12.0

Release note: https://github.com/ameshkov/dnslookup/releases/tag/v1.12.0

Signed-off-by: Tianling Shen <redacted>

cloudflared: Update to 2026.6.0

Release note: https://github.com/cloudflare/cloudflared/releases/tag/2026.6.0

Signed-off-by: Tianling Shen <redacted>

strongswan: invalid dpd_action value 'start' in IPsec swanctl.conf

Fixes issue #28583.

Signed-off-by: Philip Prindeville <redacted>

strongswan: update to 6.0.7

Security fix for a double-free in libstrongswan.

Signed-off-by: Philip Prindeville <redacted>

cloudreve: exclude tests pkg

`pkg/request/ssrftest` is used for tests only and does not contain
real package, exclude it from build list.

Fixes: 7f5a269cf3a4 ("cloudreve: Update to 4.16.1")
Signed-off-by: Tianling Shen <redacted>

libwebsockets: bump to 4.5.8, add gcc15 workaround

libwebsockets: bump to 4.5.8, add gcc15 workaround

Signed-off-by: Carsten Schuette <redacted>

xfrpc: update to 5.06.909

Updated from 4.04.856 to 5.06.909.

Changes:
- Switch from git clone to tarball download
- Add start_time/end_time scheduling support for tcp/http/https/socks5
- Add service_type validation for tcp (ssh/mstsc/rdp/vnc/telnet)
- Add iod proxy type support
- Add WAN up auto-restart trigger
- Add -s startup parameter

Signed-off-by: Dengfeng Liu <redacted>

podman: update to 5.8.3
- adjust makefile
- refresh patch

Signed-off-by: nantayo <redacted>

ifstat: fix build with GCC 15

ifstat fails to build with GCC 15 due to an incorrect detection of the
signal handler return type.

The configure script shipped with ifstat uses an obsolete K&R-style
declaration:

  void (*signal())();

With GCC 15 this causes the signal() return type check to incorrectly
assume 'int' instead of 'void'. As a result, the generated code defines
signal handlers returning int, which conflicts with struct sigaction
expecting a void (*)(int) handler and leads to a build failure:

  assignment to 'void (*)(int)' from incompatible pointer type
  'int (*)(int)'

Enable autoreconf during the build to regenerate the configure
script, which correctly detects the signal handler type and fixes
the compilation error.

Signed-off-by: Til Kaiser <redacted>

sysrepo: drop libredblack from dependencies

Only sysrepo version 0.x.x requires libredblack,
so current version of sysrepo doesn't depend on it.

Signed-off-by: Yanase Yuki <redacted>

memtest86plus: add new package

Add package for memtest86+ and ability to boot directly into it from
existing grub menu. Both legacy and EFI packages are available and each
will provide the needed memtest86+ images plus a postinst and postrm to
handle the grub.cfg menu entries.

The images are tiny, adding at worst 154 kB to the kernel partition.

I do not have x86 box for testing but the memtest86plus-efi package
works as expected on my test machine (ie booting into the image and the
setup and removal of the grub.cfg menu entry).

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc (Intel N150 based box)

Signed-off-by: John Audia <redacted>

jdcall: drop package

No longer needed.

Signed-off-by: Alexandru Ardelean <redacted>

openpyxl: remove jdcal dependency

It's no longer needed since ~2021
https://foss.heptapod.net/openpyxl/openpyxl/-/merge_requests/393

Signed-off-by: Alexandru Ardelean <redacted>

yt-dlp: add version check override

Move version check to override script.

Signed-off-by: George Sapkin <redacted>

yt-dlp: bump to 2026.06.09

Fixes: CVE-2026-50019
Fixes: CVE-2026-50023
Fixes: CVE-2026-50574
Changes: https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09
Signed-off-by: George Sapkin <redacted>

apfree-wifidog: update to 9.05.2872

Updated from 7.10.2082 to 9.05.2872.

Changes:
- Added new dependencies: libnftnl, libmnl, libbpf
- Removed obsolete wdping binary
- Added wifi-config and wifi-diag CGI tools
- Removed obsolete CMake patches (fixed upstream)

Signed-off-by: Dengfeng Liu <redacted>

collectd: ping - fix use-after-free when re-resolving a host

Add a patch fixing a possible crash, when a non-responding host is
tried to be pinged and retry attempts are limited by MaxMissed option.

> daemon.err: collectd[14133]: ping plugin: host 192.168.1.99 has not answered 3 PING requests, triggering resolve
> daemon.info: procd: Instance collectd::instance1 s in a crash loop 7 crashes, 3 seconds since last crash

Fixes: #29649
* upstream bug created: https://github.com/collectd/collectd/issues/4406
* older upstream bug: https://github.com/collectd/collectd/issues/3079

Signed-off-by: Hannu Nyman <redacted>

python-frozenlist: drop package

No longer needed by any package in the feed.

Signed-off-by: Alexandru Ardelean <redacted>

python-flit-scm: drop package

No longer needed by any package in the feed.

Signed-off-by: Alexandru Ardelean <redacted>

syncthing: bump to 2.1.1

Changes: https://github.com/syncthing/syncthing/releases/tag/v2.1.1
Signed-off-by: George Sapkin <redacted>

golang: bump 1.26 to 1.26.4

Fixes: CVE-2026-27145
Fixes: CVE-2026-42504
Fixes: CVE-2026-42507
Changes: https://github.com/golang/go/issues?q=milestone%3AGo1.26.4+label%3ACherryPickApproved
Signed-off-by: George Sapkin <redacted>

golang: use upstream build ID logic

Don't override the upstream build ID logic to hopefully improve
reproducibility.

Signed-off-by: George Sapkin <redacted>

adblock: readme update

* just a readme update without version bump

Signed-off-by: Dirk Brenken <redacted>

nfs-kernel-server: fix up init scripts and exports

Add post-release patch to fix musl builds:
  250-fh_key_file-fix-missing-string.h-inclusion.patch

v3 init:
- Mirror upstream systemd service; use nfsdctl to manage the server
- Add /etc/nfs.conf to restrict to NFSv3 only:
  % cat /proc/fs/nfsd/versions
  +3 -4 -4.0 -4.1 -4.2

v4 init:
- Remove dead procd_append_param -F from nfsdcld instance
- Add respawn to nfsv4.exportd and rpc.idmapd; exclude nfsdcld as it
  daemonizes and would spawn duplicates under procd respawn
- Remove unused NFSDCLD_PID variable; nfsdcld writes no pidfile
- Add status_service() using pgrep; procd permanently misreports
  nfsdcld as stopped due to its daemonization behavior

exports:
- Supply unified /etc/exports covering both v3 and v4 syntax so the
  file survives switching between package variants

Signed-off-by: John Audia <redacted>

nfs-kernel-server: update to 2.9.1

Update to 2.9.1 which includes a new dependency on libnl, see changelog.

Changelog: https://www.kernel.org/pub/linux/utils/nfs-utils/2.9.1/2.9.1-Changelog

This upstream release has some peculiar commits, including disabling NFS
v4.0 by default and cache up calls migrated from /proc to netlink. In my
testing, two parameters are needed to the nfsv4.init file in order to maintain
functionality. Without these changes, there's a 90-second period where the
shares are simply unavailable.

Note that this cannot be merged until the changes to libnl have been
merged first. See: https://github.com/openwrt/openwrt/pull/22889

Signed-off-by: John Audia <redacted>

banip: release 1.8.9-1

* f_conf: ignore empty UCI option values so they don't override sane defaults
* f_etag: strip CR in ETag header extraction (gsub(/[\r"]/,…)) — fixes empty-but-present etag
* f_fetch: validate ban_fetchretry
* fix feed padding in allowlistonly mode
* readme update

Signed-off-by: Dirk Brenken <redacted>

python-chardet: drop package

python-requests now uses charset-normalizer and nothing else in the
feed depends on it.

Signed-off-by: Alexandru Ardelean <redacted>

python-requests: use charset-normalizer instead of chardet

Switch runtime and host build deps from chardet to charset-normalizer,
the mandatory charset-detection backend since requests 2.26. Extend
test.sh to cover the new backend and bump PKG_RELEASE.

Signed-off-by: Alexandru Ardelean <redacted>

python-charset-normalizer: add host build

Add a HostBuild variant so it can be used as a /host build dependency,
mirroring python-certifi/idna/urllib3.

Signed-off-by: Alexandru Ardelean <redacted>

python-toml: drop package

No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.

Signed-off-by: Alexandru Ardelean <redacted>

python-pyparsing: drop package

No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.

Signed-off-by: Alexandru Ardelean <redacted>

python-apipkg: drop package

No idea if this is used.
It's a pure python package.
No other packages depend on this.
Can be installed via pip on device.

Signed-off-by: Alexandru Ardelean <redacted>

shadow: reintroduce newgidmap and newuidmap

The lxc-unprivileged package depends on both newgidmap and newuidmap
if users are installing and setting it up for the first time. dc52894
dropped both of the applets.

This change builds libusbid as a shared lib which builds a versioned
symbol which OpenWrt does not stage so build with --disable-shared
and --enable-static to avoid a failure.

Signed-off-by: John Audia <redacted>

dmidecode: update to 3.7

Upstream update.

Changelog from 3.5:
Version 3.7 (Thu Dec 18 2025)
  - [COMPATIBILITY] Use binary unit prefixes.
  - [COMPATIBILITY] Rename BIOS to Firmware.
  - [PORTABILITY] Improve variable declarations.
  - [PORTABILITY] Stop open-coding the u64 type.
  - [PORTABILITY] Use unaligned memory accesses unconditionally.
  - [PORTABILITY] No longer build with -Winline.
  - Support for SMBIOS 3.8.0. This includes a new processor family.
  - Support for SMBIOS 3.9.0. This includes chassis type name adjustments,
    new rack attributes, slot ID for more slot types, and new memory device
    form factors and types.
  - Decode HPE OEM records 193, 195, 202, 211, 226, 229, 232 and 244.
  - Update HPE OEM records 203, 216, 242 and 245.
  - EDSFF slot names now include their .S/.L suffix.

Version 3.6 (Wed Apr 24 2024)
  - [PORTABILITY] Use -DALIGNMENT_WORKAROUND on arm.
  - [PORTABILITY] Read SMBIOS entry point via kenv on DragonFly BSD.
  - Support for SMBIOS 3.6.0. This includes new memory device types, new
    processor upgrades, and Loongarch support.
  - Support for SMBIOS 3.7.0. This includes new port types, new processor
    upgrades, new slot characteristics and new fields for memory modules.
  - Add bash completion.
  - Decode HPE OEM records 197, 239 and 245.
  - Implement options --list-strings and --list-types.
  - Update HPE OEM records 203, 212, 216, 221, 233, 236, 237, 238 and 242.
  - Update Redfish support.
  - Bug fixes:
    Fix option --from-dump for user root
    Fix enabled slot characteristics not being printed
  - Minor improvements:
    Print slot width on its own line
    Use standard strings for slot width

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <redacted>

cloudreve: Update to 4.16.1

Changelog:
https://github.com/cloudreve/cloudreve/releases/tag/4.16.0
https://github.com/cloudreve/cloudreve/releases/tag/4.16.1

Signed-off-by: Tianling Shen <redacted>

yq: backport upstream anchor fixes

bump go-yaml to fix !!merge tag regression.

Signed-off-by: Tianling Shen <redacted>

flashrom: update to 1.7.0

* Upstream change data compression format form 'tar.bz2 to' tar.xz'
* Update MESON_ARGS variables

Signed-off-by: Florian Eckert <redacted>

gpgme: update to version 2.1.0

New encryption result flags "is_de_vs" and "beta_compliance", a new
GPGME_DECRYPT_SESSION_HASH decryption flag and session_hash result
field, CMS signature attribute support via gpgme_sig_notation_add, a
new "export-filter" context flag, plus a gpgsm lockup fix and a
passphrase cancel handling fix.

https://gnupg.org/ftp/gcrypt/gpgme/
Signed-off-by: Daniel Golle <redacted>

lpac: fix env vars for lpac.sh wrapper

This patch fixes usage of `LPAC_QMI_DEV` and `LPAC_QMI_DEBUG`
environment variables.

OpenWRT upstream patch for `lpac` provides `uqmi` backend that uses these vars
instead of `LPAC_APDU_QMI_DEVICE` and `LPAC_APDU_QMI_DEBUG` respectively.

Added test-version.sh script since lpac version check is non-standart

Signed-off-by: Olekhov Vasilii <redacted>

transmission: update to version 4.1.2

Bugfix release fixing 20+ bugs plus minor performance improvements,
notably a 4.1.0 duplicate HTTP announce fix and a fix for downloads
stalling at 99%.

Release notes: https://github.com/transmission/transmission/releases/tag/4.1.2

Drop 100-build-fix-external-project-builds-with-LTO-enabled-t.patch,
merged upstream as transmission/transmission#8369.

Signed-off-by: Daniel Golle <redacted>

libextractor: update to version 1.14

Maintenance release. Upstream ships no detailed changelog for this
release; see the GNU libextractor release listing.

https://ftp.gnu.org/gnu/libextractor/
Signed-off-by: Daniel Golle <redacted>

opentracker: update to latest git HEAD

1c7fac4 Reduce chance of collisions
ec74b83 Fix connection ids. They were broken for the last 14 years and never
used more than the remote ip as seed. Thanks to Tracy Rogers

https://erdgeist.org/gitweb/opentracker/
Signed-off-by: Daniel Golle <redacted>

debootstrap: update to version 1.0.144

Changelog (1.0.144):
* Bump Standards-version to 4.7.4
* Add Ubuntu Stonking symlink

https://metadata.ftp-master.debian.org/changelogs/main/d/debootstrap/debootstrap_1.0.144_changelog
Signed-off-by: Daniel Golle <redacted>

exfatprogs: update to version 1.4.1

1.4.0 adds exFAT partition table support (mkfs partition-table creation,
fsck --put-mbr/--clear-mbr), a user-supplied --upcase table option and
chdosattr/lsdosattr DOS-attribute utilities; 1.4.1 fixes missing headers
in the release tarball. The new MBR and foreign-filesystem detection
links libblkid and fts, so add +libblkid and +USE_MUSL:musl-fts.

https://github.com/exfatprogs/exfatprogs/releases/tag/1.4.0
https://github.com/exfatprogs/exfatprogs/releases/tag/1.4.1
Signed-off-by: Daniel Golle <redacted>

ccid: update to version 1.8.0

New reader support (GLSolutions NM61, Identiv uTrust FIDO2, Kensington
VeriMark NFC+, several Pol Henarejos Pico devices and more), removes the
16 reader limitation, and fixes crashes and race conditions in the
multi-slot code.

Upstream removes the autotools build system in favour of Meson, so port
the package to meson.mk and drop 010-macos.patch, which patched the now
removed configure.ac. The reader bundle install path is taken from
libpcsclite.pc usbdropdir (/usr/lib/pcsc/drivers, unchanged); udev rules
stay disabled as before.

https://ccid.apdu.fr/files/
Signed-off-by: Daniel Golle <redacted>

pcsc-tools: update to version 1.7.5

Adds new ATRs to the smartcard list, a Georgian translation and
minor README updates.

https://github.com/LudovicRousseau/pcsc-tools/releases/tag/1.7.5
Signed-off-by: Daniel Golle <redacted>

pcsc-lite: update to version 2.5.0

- Do not limit to 16 readers only
- Remove support of autotools
- Fix a crash when rescanning serial configs
- Fix a memory leak in Polkit
- tokenparser: avoid a crash with corrupted Info.plist files

https://pcsclite.apdu.fr/
Signed-off-by: Daniel Golle <redacted>

exim: update to version 4.99.4

Maintenance release on the 4.99 stable series.

https://github.com/Exim/exim/blob/exim-4.99.4/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <redacted>

libinput: update to version 1.31.3

Stable branch bugfix release.

https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.31.3
Signed-off-by: Daniel Golle <redacted>

libwacom: update to version 2.19.0

Adds support for several new tablet devices and updates the device
database.

https://github.com/linuxwacom/libwacom/releases/tag/libwacom-2.19.0
Signed-off-by: Daniel Golle <redacted>

prometheus-node-exporter-lua: add unbound stats collector

- New unbound.lua exporter module for unbound stats
- Updated Makefile

Signed-off-by: Bruno Marinier <redacted>

hiredis: update to version 1.4.0

Improvements include applying FD_CLOEXEC on sockets, a pure-C99 RESP3
double parser, C++ compatibility for sds.h, and a NULL check fix in
redisReconnect. Now requires CMake 3.15.

https://github.com/redis/hiredis/releases/tag/v1.4.0
Signed-off-by: Daniel Golle <redacted>

yq: Update to 4.53.3

Notable changes: fixed nested inline YAML merge explode
Release note: https://github.com/mikefarah/yq/releases/tag/v4.53.3

Signed-off-by: Tianling Shen <redacted>

rtl-sdr: add test.sh

although rtl-sdr doesn't print version, test at least if compiled binary runs

Written-by: Josef Schlehofer <redacted>
Test-by: Josef Schlehofer <redacted>
Suggested-by: Josef Schlehofer <redacted>
Signed-off-by: Seo Suchan <redacted>

rtl-sdr: update to 2.0.2
bump version to 2.0.2, add version test override

Signed-off-by: Seo Suchan <redacted>

rsync: update to 3.4.4

Changelog: https://download.samba.org/pub/rsync/NEWS#3.4.4

Signed-off-by: John Audia <redacted>

python-incremental: add test-version.sh generic version-check override

The incremental CLI requires an "update" subcommand and prints a usage
error instead of a version for the flags the generic check probes, so it
fails generic tests (e.g. when python3 is bumped). Override it; test.sh
still covers functionality.

Signed-off-by: Alexandru Ardelean <redacted>

python-automat: drop broken automat-visualize entry point

The package excludes automat/_visualize.py (it needs the optional graphviz
dependency), but the automat-visualize console script was still installed and
imports that module, so it failed at runtime and broke the CI generic test.
Skip the /usr/bin install so the package ships as a pure library.

Signed-off-by: Alexandru Ardelean <redacted>

python-greenlet: bump to 3.5.1

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-twisted: bump to 26.4.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

python-s3transfer: bump to 0.18.0

Refresh sha256 from PyPI sdist.

Signed-off-by: Alexandru Ardelean <redacted>

telegraf: update to 1.39.0

- Update Telegraf to v1.39.0

Signed-off-by: Niklas Thorild <redacted>

rust: fix host build on x64 Darwin

rust/host fails to compile on macOS running on Intel x64
because the host target triple is autogenerated to be
'arm64-unknown-linux-'. Rust doesn't have such a target triple, thus the
build fails because there are no pre-built artefacts for bootstrapping.

Fix this by setting RUSTC_HOST_ARCH to 'x86_64-apple-darwin' in case
our host is HOST_ARCH=x86_64 and HOST_OS=Darwin.
This fix is based on the existing fix for Apple silicon [1].

Fixes:
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/x.py", line 53, in <module>
    bootstrap.main()
    ~~~~~~~~~~~~~~^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 1418, in main
    bootstrap(args)
    ~~~~~~~~~^^^^^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 1366, in bootstrap
    build.download_toolchain()
    ~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 697, in download_toolchain
    download_component(download_info)
    ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 529, in download_component
    get(
    ~~~^
        download_info.base_download_url,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ...<3 lines>...
        verbose=download_info.verbose,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/Volumes/pepe/py/openwrt/build_dir/target-x86_64_musl/host/rustc-1.96.0-src/src/bootstrap/bootstrap.py", line 58, in get
    raise RuntimeError(
    ...<6 lines>...
    )
RuntimeError: src/stage0 doesn't contain a checksum for dist/2026-04-16/rust-std-1.95.0-x86_64-unknown-linux-darwin24.6.0.tar.xz. Pre-built artifacts might not be available for this target at this time, see https://doc.rust-lang.org/nightly/rustc/platform-support.html for more information.

[1] https://github.com/openwrt/packages/commit/105fa3920e12f557bdf1fcbc566fc286fb53e319

Signed-off-by: Georgi Valkov <redacted>

bash: update to 5.3 patch level 12

- Fix loop in subshells calling wait builtin with inherited job list
- Fix mapfile problem when callback unsets the variable it is modifying
- Fix subshells inappropriately running the EXIT trap if they receive a
fatal signal before resetting traps

Signed-off-by: Wei-Ting Yang <redacted>