cspell.json was accidentally include in a previous commit, so remove it.
VARIANT is to be used in package definitions, and BUILD_VARIANT
for checking which VARIANT is currently being built. BUILD_VARIANT was
incorrectly used in a package definition, so we fix that.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 0a897f7042)
The last PR (https://github.com/openwrt/packages/pull/28370) missed
including two needed changes, and had a minor packaging Makefile
mistake.
The Zabbix Agent needs to drop privileges to the zabbix-agent user.
Similarly, if run as root (not the default), the Zabbix server needs to
drop privileges to the zabbix-server user.
There are also, in the Makefile, three instances of using BUILD_VARIANT
instead of VARIANT in package definitions.
So we fix those issues.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit a2685bfad2)
For items which are only copied from the source code, avoid the
prepare, configure, and compile steps, while preserving the special
behaviour of the mac80211 addon, which has a unique prepare and
compile.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 8ab5a3d7c3)
Avoid unnecessary duplication on zabbix-agentd package definitions by
using a common zabbix-agentd/Default and extending it for different
zabbix-agentd flavours.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit f798e17379)
For security, per upstream recommendations, use a separate user for the
agent daemon and the server daemon.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 907e9c6b1e)
Bump Zabbix to the latest released 7.0.x LTS version.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 1f3251545d)
Adds an initscript for zabbix_server, and related helper files
+ uses a zabbix_server uci conf to enable/disable startup
+ updates the default zabbix_server.conf to work with initscript
+ add a sysctl.d conf to set max-files more appropriate for zabbix_server
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit ffdb7209a4)
Addresses the issue pointed out in #28165, which is that zabbix_agentd
always creates a PidFile and has no option to disable PidFile creation.
Therefore update the configuration file to default to create a PidFile
where we want it.
Close#28165
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 1ff6a92251)
Only show zabbix-server-frontend if the build dependency 'PACKEGE_php8' is
fulfilled. This means that 'zabbix-server-frotend' can only be selected if
PHP has also been enabled for building.
This change is needed to fix the following recursive dependency warning.
error: recursive dependency detected!
symbol PACKAGE_php8 is selected by PACKAGE_zabbix-server-frontend
symbol PACKAGE_zabbix-server-frontend depends on PHP8_DOM
symbol PHP8_DOM depends on PACKAGE_php8
For a resolution refer to Documentation/kbuild/kconfig-language.rst
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit dec74a7985)
Update to version 1.9.5
* Use upstream meson.build file, as they now support meson
* patch it locally to continue using static glib linking
* Disable numa, systemd and thermal functions via meson options
* Resurrect the patch to silence repetitive EINVAL warnings.
(patch was used with 1.9.3, but was not needed with 1.9.4)
Related discussion in upstream issue 336 and 349
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 99076937b1)
Fix compiling bundled Kerberos library on several 32-bit architectures
by linking with libatomic.
Disable kernel keyring being picked up from a dirty buildbot
environment.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 34f1c5e370)
* add an option dnsmasq_validity_check to enable removal of invalid
domains from the final dnsmasq files
* renamed option sanity_check to dnsmasq_sanity_check
* better names for Format Filters and Parse Filters variables
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit e714c02b3e)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
libtatsu is a dependency only for libimobiledevice-utils
the library itself does not use it during build, and is a
core component for iPhone tethering, while the utils are optional
move the dependency to the utils, to reduce the build size:
libtatsu depends on libcurl, which is compiled with a TLS library,
so users of prebuilt packages are forced to install both
OpenSSL and mbed TLS. This patch removes the unnecessary dependency.
Fixes: https://github.com/openwrt/packages/issues/28427
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Move version definition to a helper file so multiple versions can be
easily defined using it.
Variables HOST_GO_VARS, PKG_GO_ASMFLAGS, PKG_GO_GCFLAGS,
PKG_GO_INSTALL_ARGS, PKG_GO_LDFLAGS, PKG_GO_VARS, and
PKG_GO_ZBOOTSTRAP_MODS are defined using conditional variable
assignment and can be overridden for each go version.
Link: https://github.com/openwrt/packages/pull/28309
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 8958c991c9)
Add versioned package for 1.25 to enable having multiple host go
versions side by side.
Set default version to 1.25 in golang-values.mk
Add unversioned dummy package to allow go-based packages to continue
using the default go host version. Packages can use it by specifying:
PKG_BUILD_DEPENDS:=golang/host
or use a specific version out of the ones that are available in that
branch by specifying:
PKG_BUILD_DEPENDS:=golang1.25/host
Host go is exposed to each package through PATH set in
GO_PKG_BUILD_CONFIG_VARS and GO_PKG_VARS.
Target go is installed through alternatives with the default version
having higher priority.
Newer versions can reuse older ones as bootstraps by setting
GO_BOOTSTRAP_VERSION package variable to older version, e.g.:
GO_BOOTSTRAP_VERSION:=1.24
All subpackages provide suffix-less names, e.g. golang, golang-src, etc.
Default versions are marked as default variants.
Link: https://github.com/openwrt/packages/pull/28309
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit ca501ee61e)
* add interface information to the dns report
* support multiple tcpdump interfaces ('any') in the dns report properly
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 808b3e368b)
This software seems no longer maintained by upstream.
The latest upstream release is 16 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 260378b731)
This software seems no longer maintained by upstream.
Both PKG_SOURCE_URL and URL are dead, and
no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 2804ff509b)
This software seems no longer maintained.
The latest upstream commit is 11 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 5f88ca4aad)
The domains list which this script uses isn't
updated for 5 years. We can use adblock related
packages instead of this script, so let's drop this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 88a5c2cc28)
This software seems no longer maintained.
The latest upstream commit is 11 years ago,
and upstream repo has been archived.
No package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 670f4c023e)
It seems this software is no longer maintained.
The last upstream commit is 8 years ago.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit b0b7e0bc32)
It seems this software is no longer maintained.
- The latest upstream commit is 5 years ago.
- Official domain name has been suspended.
No packages depend on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit d29dd8e025)
It seems this software is no longer maintained.
The last upstream commit is 4 years ago, and
this software only supports obsolete setup.py.
Users should use supported similar softwares, such
as speedtest-go in packages repo.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit 7eea92b91c)
- align the config option names
- re-order the configuration options
- add some help text
- drop obsolete notes regarding older PHP versions and obsolete CONFLICT
- remove (meanwhile) unrecognized configure options
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 551e00c8fc)
* Add a needed BUILD_DEPENDENCY on icu package, when PHP8_INTL is
defined.
* Make PHP8_DOM selecting PHP8_LIBXML instead of depending on it.
* PHP8_INTL does not depend on PHP8_GETTEXT, it builds also
without gettext.
* Always show option for choosing PHP8_FULLUCIDATA
* For php8-cgi, php-cli, etc, a libstdcpp dependency is only gained
when PHP8_INTL is selected, therefore update those conditional depends.
As some combinations of these changes can change the binaries output,
PKG_RELEASE has been bumped.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit f8b8ce62c5)
Add more menuconfig help text descriptions, and
convert some mixed tabs and spaces to spaces.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 1a01a175fa)
xmlreader was selecting package php8-mod-dom as well as depending on
PHP8_DOM, while php8-mod-dom also depended on PHP8_DOM (and therefore
selected PHP8_DOM when php8-mod-dom was selected). This is a Kconfig
recursive dependency, so break the recursion by noting that because
php8-mod-xmlreader selects php8-mod-dom, PHP8_DOM is a transitive
depends, so php8-mod-xmlreader should not depend on PHP8_DOM itself.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 247c1a1964)
Switch to a single CONFIG_ per line, and alphabetize.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 8d7faa245a)
The php8 Makefile is already quite large. To improve readability, move
config section to a separate 'Config.in' file. To ensure that the PHP8
option is only saved in '.config' if PHP8 has been selected for building. A
depends on 'PACKAGE_php8' is added to the configuration option in the
'Config.in' file.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 74a3da92b2)
Fixes security issues:
- CVE-2025-13878: Malformed BRID and HHIT records could trigger an
assertion failure.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 7b25d573e2)
Package is not being used anywhere and the version in the repo has not
been updated in over four years.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit ac5a4f132a)
* fixed a potential deadlock during startup, when dns reporting is disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 9df8a2b58c)
cp, install, and mv no longer enter an infinite loop copying sparse files
with SEEK_HOLE. E.g., this was seen on ext4 when copying sparse files with
extents that are being actively updated, and copy offload is not being used.
See also:
bd528f9234
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
(cherry picked from commit 1938656f70)
Release notes:
https://lists.gnu.org/archive/html/coreutils-announce/2025-09/msg00000.htmlhttps://lists.gnu.org/archive/html/coreutils-announce/2025-11/msg00000.html
- Drop chcon and runcon as they require SELinux support and cannot be built from
coreutils 9.9 when configured with --without-selinux.
- Add libgmp dependency for coreutils-basenc to fix missing libgmp.so.10.
- Switch to -std=gnu17 to avoid build failure.
```
lib/openat-die.c: In function 'openat_save_fail':
lib/openat-die.c:37:3: error: format not a string literal and no format arguments [-Werror=format-security]
37 | error (exit_failure, errnum,
| ^~~~~
lib/openat-die.c: In function 'openat_restore_fail':
lib/openat-die.c:56:3: error: format not a string literal and no format arguments [-Werror=format-security]
56 | error (exit_failure, errnum,
| ^~~~~
```
- Refresh patch.
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
(cherry picked from commit 3f2fbc888e)
* rework DNS reporting: more reliable, more information (request type), better performance
* fixed minor issues
* readme update
* LuCI: added new DNS page (incl. Allowed/Blocked canvas)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 81891964ed)
HOST BUILD ONLY
Update to 22.22.0
This is a security release.
Notable Changes
(CVE-2025-59465) add TLSSocket default error handler
(CVE-2025-55132) disable futimes when permission model is enabled
lib,permission:
(CVE-2025-55130) require full read and write to symlink APIs
src:
(CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
src,lib:
(CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
tls:
(CVE-2026-21637) route callback exceptions through error handlers
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 3cb4028f46)
