Update GnuPG to the current upstream stable release. As listed at
https://gnupg.org/download/, the 2.5.x series is currently 'stable'
while 2.4.x is 'oldstable' (LTS).
Highlights of changes since 2.4.8:
* New OpenPGP key formats: Curve25519 and Curve448 (RFC9580)
* SHA3 family signature support
* Kyber post-quantum hybrid keys
* KEM (Key Encapsulation Mechanism) operations
* dirmngr: improved LDAP and HTTP keyserver support
* scdaemon: better support for new smartcard tokens
* Many bug fixes and security improvements
Link: https://dev.gnupg.org/source/gnupg/browse/master/NEWS
Link: https://gnupg.org/download/release_notes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 1.6.7:
* Fix double increment in DN parser while counting hexdigits.
* Fix a memory leak in the BER decoder's error handling.
* Fix an assertion failure in the OCSP code.
* Support SHA256 based CertIDs in OCSP.
* Use nonstring attribute for gcc-15.
* Remove remaining WindowsCE support.
Link: https://dev.gnupg.org/source/libksba/browse/master/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.4 (13 February 2026):
- pcsc_scan: use different variables for spin running and state
- pcsc_scan: give some time to the spinner thread in spin_start()
- Various ga workflow improvements (Windows artifact upload, etc.)
Link: https://pcsc-tools.apdu.fr/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2.4.1 (1 January 2026):
- Add backward version support on the client side
- Add backward version support on the server side
- hotplug libudev: rescan the USB bus with "pcscd --hotplug"
- fix a value in pcscd.service systemd file
- meson: install systemd files even if libsystemd is not used
2.4.0 (19 October 2025):
- Run pcscd under a pcscd user instead of root when using systemd
- Set PIDFile in systemd service file
- Protect contextMapList modifications using a mutex
- meson: fix libpcsclite.pc, respect default_library option
Link: https://pcsclite.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
0.27.0 includes a number of CVE fixes and many improvements:
Security fixes (0.27.0):
* CVE-2025-13763: Uninitialized memory uses detected by fuzzers
* CVE-2025-49010: Write beyond buffer bounds in GET RESPONSE APDU
* CVE-2025-66215: Write beyond buffer bounds in oberthur driver
* CVE-2025-66038: Read beyond buffer bounds in PIV historical bytes
* CVE-2025-66037: Buffer overrun while parsing SPKI
General improvements:
* Added support for PKCS#11 3.2 in tools and pkcs11-spy/p11test
* Added support for Ed448, X448 mechanisms; improved Edwards and
Montgomery key support.
* Support CKA_PUBKEY_KEY_INFO PKCS#11 attribute.
* Remove obsolete tokend support.
* Correctly detect OS-level FIPS mode in OpenSSL automatically.
* Added support for Brainpool twisted curves.
* EsteID: EstEID 2025, FinEID 4.0/4.1, Latvian IDEMIA Cosmo X & 8.2.
* D-Trust Card 5.1 & 5.4 with PIN change/unblock.
* Belpic: support for belpic applet version 1.8.
* Many other card-specific improvements (OpenPGP, PIV, ...).
0.27.1 is a bug-fix release for infrastructure issues.
Link: https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.1 (4 February 2026):
- Add support of: ACS APG8201-B2, BUDGET E-ID BUD001, CHERRY Smart
Board 1150, CryptnoxCR CryptnoxCR, Diebold Nixdorf PN7362au CCID,
FT BioPass FIDO2 Pro, Nitrokey Nitrokey Passkey
- Add SCARD_CTL_CODE(3601): USB path of the reader
- Some other minor improvements
1.7.0 (2 October 2025):
- Add support of: GIGA-TMS NFC CCID Reader, Identiv SmartOS Reader,
SEC1210URT, TOKEN2 FIDO2 Security Key (multiple variants),
TOKEN2 Molto2 (older version), VIX TECHNOLOGY SECURE READER
- Remove support of SIMHUB pcsc reader
- Give pcscd group permission to CCID devices in udev rule
- Avoid a timeout issue with the Thales Fusion NFC reader
- Provide the option to synchronize the 2 interfaces of a SEC1210
- Some other minor improvements
Link: https://ccid.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update spans 2.4.7 -> 2.5.4. Highlights:
* 2.5.x: Major version with API additions for handling sequencer
client unregistration, MIDI file reading flexibility, soundfont
selectors and sample tuning improvements.
* Various bug fixes for SF3 voice handling, reverb engine
stability, GM/GS/XT mode reset behaviour and audio drivers
(PortAudio, SDL2, Pulseaudio, JACK, OPL).
* Build system fixes including CMake updates and new toolchain
compatibility.
fluidsynth >= 2.5 requires GCEM (a header-only constexpr math
library) at build time. Build-depend on the new 'gcem' package,
which installs the headers and CMake config files into staging
where find_package(GCEM REQUIRED) picks them up. This replaces
upstream's git-submodule / CMake-time-download fallback, neither
of which is acceptable in OpenWrt's offline build model.
gcem is header-only (INTERFACE-only CMake target), so there is
no shared library to link against; the dependency exists at
build time only, expressed as PKG_BUILD_DEPENDS:=gcem.
Link: https://github.com/FluidSynth/fluidsynth/releases/tag/v2.5.4
Link: https://github.com/FluidSynth/fluidsynth/wiki/ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
GCE-Math (Generalized Constant Expression Math) is a templated C++
library enabling compile-time computation of mathematical functions.
It is a header-only library, so this package is BUILDONLY:=1; the
headers and CMake config files land in staging_dir for consumers to
pick up via find_package(GCEM).
Needed as a build dependency for fluidsynth >= 2.5, whose upstream
build expects gcem at configure time and (absent a system copy)
falls back to a CMake-time download from GitHub - which breaks in
offline / restricted-network build environments such as the OpenWrt
CI.
Pinned to commit 012ae73c (2024-04-28), the revision referenced by
fluidsynth 2.5.x's bundled FindGCEM.cmake / git submodule.
CMAKE_POLICY_VERSION_MINIMUM=3.5 is set because upstream's
CMakeLists.txt declares cmake_minimum_required(VERSION 3.1), which
trips current CMake's deprecated-policy guard.
Link: https://github.com/kthohr/gcem
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update from 1.28.1, spanning the 1.29.x, 1.30.x and 1.31.x release
series.
Highlights:
* 1.31.0: New 'high-resolution scroll' API and per-device button
debouncing improvements; tablet pad mode support reworked.
* 1.30.0: Added support for new touchpad and tablet device quirks;
improved gesture detection on multi-touch devices.
* 1.29.0: New configuration knobs for trackpoint acceleration and
improved palm detection.
* Continuous bug fixes and updated device quirks throughout.
Link: https://gitlab.freedesktop.org/libinput/libinput/-/tags/1.31.1
Link: https://wayland.freedesktop.org/libinput/doc/latest/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Starlette is a lightweight ASGI framework/toolkit, which is ideal for
building async web services in Python.
Signed-off-by: George Sapkin <george@sapk.in>
Lightweight JSON-RPC 2.0 protocol implementation and asynchronous server
powered by asyncio. This library is a successor of json-rpc and written
by the same team.
Signed-off-by: George Sapkin <george@sapk.in>
Update bsbf-resources to the GIT HEAD of 2026-05-11.
- Do not add more than 8 WANs with files/etc/uci-defaults/99-bsbf-bonding.
- resources-client/bsbf_bonding.nft now destroys the bsbf_bonding table
before adding it. Therefore, no need to delete the table anymore. And use
the destroy command to successfully exit even when the table doesn't exist.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Add the network entries that bsbf-autoconf-cellular and bsbf-autoconf-dhcp
create, to the firewall wan zone.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
jsoncpp 1.9.7 added std::string_view overloads for Value::get() and
Value::operator[], but these are only compiled when C++17 is active.
Building with the default C++11 standard leaves those symbols out of
the library, causing link failures for consumers that include the
headers with C++17 enabled (e.g. upmpdcli 1.9.17, domoticz 2025.2).
Add -Dcpp_std=c++17 to the meson args so the string_view API is
available in the installed library.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The recent commit 048a5088c5 updated
scons to 4.10.1, but neglected to correct a version related path in
a patch. This fixes that oversight, so that scons hostpkg builds
again. Also, fix up fuzz in the patches.
Signed-off-by: Russell Senior <russell@personaltelco.net>
micropython-lib is a companion repository to micropython, versioned in
lockstep. Both are now at 1.28.0 (released 2026-04-06).
The 001-build-unix-ffi.patch remains needed as the upstream has not yet
incorporated the --unix-ffi argument into the tools/build.py script.
test.sh:
- micropython-lib: verify stdlib-replacement modules (collections,
functools, base64) can be imported via the /usr/lib/micropython path
- micropython-lib-unix: verify the micropython-unix wrapper script exists
and that sqlite3/select are importable via the unix-ffi path
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 1.27.0:
- New machine.CAN class with bindings for the stm32 port; support across
all ports to follow
- machine.PWM support added to stm32 and alif ports, completing coverage
of all Tier 1/2 MCU-based ports
- Template strings (t-strings, PEP 750) added at the "full feature" level
- weakref module added with weakref.ref and weakref.finalize classes
- f-strings now support nested f-strings within expressions
- Optimisations to native emitter; new RISC-V Zcmp arch flag for RV32
- extmod.mk: add extmod/machine_can.c (shifts the mbedtls hunk by 1 line;
update 040-extmod-use-external-mbedtls.patch accordingly)
micropython-lib is updated in lockstep in a separate commit.
Ref: https://github.com/micropython/micropython/releases/tag/v1.28.0
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Commit 537c2a631 ("treewide: avoid deref symlinks when installing .so")
intended to avoid duplicating .so* files, but this package actually
relies on install dereferencing the file that matches the SONAME
version, to avoid installing unnecessary symlinks.
Fixes: https://github.com/openwrt/packages/issues/29387
Fixes: 537c2a631 ("treewide: avoid deref symlinks when installing .so")
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
When a contributor pushes a new commit to an open PR, the previous
Test and Build run is no longer informative and only consumes a
runner slot that the new run could use. Add a concurrency group
keyed on the workflow name and ref so a fresh push cancels the
prior in-progress run for the same PR.
Since this workflow only triggers on pull_request, the ref is
always refs/pull/<num>/merge (unique per PR), so cancel-in-progress
can be set unconditionally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Bug-fix release. Fixes 20+ bugs and includes some performance
improvements. All users are encouraged to upgrade.
Highlights (all platforms):
* Fixed a 4.1.0 bug that failed to report some filesystem errors
to RPC clients querying free space.
* Fixed a 4.1.0 bug that kept a torrent's updated queue position
from being shown.
* Fixed a 4.1.0 bug that caused torrents' queuing order to
sometimes be lost between sessions.
* Hardened .torrent parsing by exiting sooner if 'pieces' has
an invalid size.
* Reverted a 4.1.0 RPC change that broke some 3rd party code by
returning floats rather than integers for speed limit fields.
* Fixed crash when pausing a torrent and editing its tracker
list at the same time.
* Fixed 4.1.0 crash on arm32 by switching crc32 libraries to
Mark Adler's crcany.
* Require UTF-8 filenames in .torrent files (per BitTorrent spec).
* Fixed crash when parsing a .torrent file with a bad 'pieces' key.
* Fixed potential fd leak when launching scripts on POSIX systems.
* Changed network traffic algorithm to spread bandwidth more
evenly amongst peers.
Link: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Patch release fixing build system issues with the 2.0.0 release.
2.0.0 introduced API changes including:
* Version macros for detection of incompatible API / version
* size_t as argument to allow longer base64 encoded strings
* Configurable line break functionality
* Flags field for encoder
* Helpers to calculate required output buffer maximum lengths
* Switched in-/out-pointers to void*
Link: https://github.com/libb64/libb64/blob/v2.0.0.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump from 2.82.0 to the current upstream stable. Required by GTK
4.22 and other recent GNOME-stack consumers (gtk 4.22 requires
glib >= 2.84).
Refresh 006-c99.patch for upstream context shift; the patch
forces HAVE_C99_SNPRINTF/VSNPRINTF and HAVE_UNIX98_PRINTF to
true when cross-compiling, since upstream now only does that
implicitly for the darwin/iOS/tvOS triplet.
Link: https://gitlab.gnome.org/GNOME/glib/-/tags/2.88.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Flup was heavily used in downstream distribution (Turris OS)
for their Web UI - reForis. Since there are no other
dependent packages in this repository, Flup is no longer needed.
The package appears to be abandoned and is no longer maintained
The latest version dates back to 2009.
It was previously required for Seafile.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The upstream repository was renamed from checksec.sh to checksec and the
main script was renamed from checksec to checksec.bash (still installed as
/usr/bin/checksec). The checksec_automator subpackage was removed upstream,
so drop it. Update PKG_NAME accordingly and adjust the install rule.
Changelog: https://github.com/slimm609/checksec/releases/tag/3.1.0
Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update test.sh to use $2 (positional version argument) instead of the
$PKG_VERSION environment variable, and add a check that the alternative
binary /usr/libexec/less-gnu is present.
Changelog: https://www.greenwoodsoftware.com/less/news.692.html
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove <linux/prctl.h> from backend.c via Build/Prepare sed: both
<linux/prctl.h> and <sys/prctl.h> define struct prctl_mm_map in newer
musl toolchains, causing a redefinition build error. sys/prctl.h alone
provides everything fio needs.
Changelog: https://github.com/axboe/fio/blob/fio-3.42/HOWTO.rst
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Bug-fix release (2026-04-24).
Changes:
- Fix: kallsyms on powerpc64 with ABI V1
- fix: ASoC: soc-dapm: move struct snd_soc_dapm_context (v7.0)
- fix: adjust range in btrfs probe for v6.18.14
Reference: https://lttng.org/files/lttng-modules/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Daniel Golle