Add source packages and library to version check overrides.
Fixes: b5d3a38e ("python3: move version checks to override")
Signed-off-by: George Sapkin <george@sapk.in>
To find the correct network interface to create a network entry for, check
which driver is driving the network interface.
Restrict creating a network entry with DHCP client to network interfaces
driven by the cdc_ether, r8152, rndis_host, or ipheth driver.
Ensure UCI section name derived from interface name is proper.
Do not disable using DNS servers advertised by the ISP. This was a
requirement of bsbf-bonding. We can now do this as we transparently proxy
all DNS traffic to Xray which resolves queries.
Do not exit non-zero as it's useless.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Update bsbf-resources to the GIT HEAD of 2026-05-16.
- files/etc/uci-defaults/99-bsbf-bonding:
- Do not ever exit non-zero. It prevents the script from being deleted
after it's run.
- Fix creating a new wan zone.
- Do not disable using DNS servers advertised by the ISP. We can now do
this as we transparently proxy all DNS traffic to Xray which resolves
queries.
- files/usr/sbin/bsbf-bonding:
- Attempting to source a file that doesn't exist breaks the rest of the
script. Therefore, only source /etc/bsbf/bsbf-bonding.conf if it
exists. Then, print to stderr if the configuration is improper.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
This software is no longer maintained because upstream
repository has been archived by the owner.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
- gated f_load behind a ubus socket check at the end of adblock.sh
to harden against pre-ubus invocations
- added a 'adb_bver' fallback in f_log for invocation paths without prior f_load execution
- minor code improvements and fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
- gated config sanity checks at the end of banip-functions.sh
behind 'ban_action' to skip them on init script sourcing paths (enable/disable/help)
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'ban_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
so f_log has a valid 'ban_logcmd' available if the library check fails
- minor code improvements and fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
- gated config sanity checks at the end of travelmate-functions.sh
behind 'trm_action' to fix init script enable/disable/help paths
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'trm_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
so f_log has a valid 'trm_logcmd' available if the library check fails
- minor code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
captest, filecap, netcap and pscap (libcap-ng-bin) do not print the
package version string (0.8.4), causing generic version check failures
in CI.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The binary does not report the OpenWrt package version (2023.06.11~ab78c48f);
override the generic version check with test-version.sh.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The git archive hash changed due to .gitattributes normalization in the
upstream repository. Update PKG_MIRROR_HASH to the current value.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
When dnsmasq is disabled, /var/etc doesn't exist. minidlna start was then failing. Partially reverted commit 733aae9 which broke this.
Signed-off-by: Peter Maivald <plasticassius@gmail.com>
1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:
ValueError: Attempting to write <file> outside of the target directory
1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Major version jump from 1.1.1 covering the 1.2.x - 1.9.x series.
Highlights:
- portmap: implement netfilter (nft) backend; bandwidth: optimization
- bridge: support "vlanTrunk" property and DAD/PVID support
- macvlan: support "linkInContainer" mode
- ipvlan: support "linkInContainer" mode
- dhcp: support DHCP option 121 classless static routes
- host-local: handle ranges with single IP
- firewall: support "ingressPolicy" with iptables and nftables
- tuning: allow specifying tx queue length
- Go module bumps including security fixes
- Minimum Go version: 1.23
Link: https://github.com/containernetworking/plugins/releases/tag/v1.9.1
Link: https://github.com/containernetworking/plugins/blob/v1.9.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 0.25.1:
0.27.0:
* util: Removed GNUNET_CRYPTO_symmetric_derive_iv API
* util: Deprecate GNUNET_CRYPTO_symmetric_* APIs
* util: Revise GNUNET_CRYPTO_hkdf_* APIs for safe variadic
arguments. Fixes#10898
0.26.x:
* util: Revise crypto API to prevent misuse of key material
* util: Add various TIME related helper APIs
* pils: Ship missing header
* pq: fix NULL reporting in arrays
* pq: fix consistency check errors
* util: fix UTF-8 uppercase/lowercase conversion API insanity
0.25.2:
* build: Various build system and detection logic improvements
* reintroduce some flat file storages
Drop patches that have been merged upstream:
- 0001-meson-convert-SQLite-version-detection-to-compile-time
- 0002-meson-convert-cURL-version-detection-to-compile-time
- 0003-meson-convert-libsodium-version-detection-to-compile
- 0004-meson-convert-cURL-SSL-library-detection-to-compile
- 0007-namecache-install-sql-files
- 0008-namecache-build-flat-namecache-plugin
Refresh 0005-meson-detect-libcurl-gnutls.patch for the upstream
switch from cc.compiles to cc.run for the cURL SSL backend check.
Link: https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.27.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Upstream repository has been archived by the owner, so
this software is no longer maintained.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
It seems this software is no longer maintained, because
upstream repository has been deleted.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Update bsbf-resources to the GIT HEAD of 2026-05-14.
- Improve bsbf-bonding --uninstall logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
before acme is an empty package that depend either acme-acmesh or uacme.
but this boolean logic in depend ignored by apk itself.
let's make a virtual keyword
witch both acme.sh and uacme provides.
acme.sh is explicit default.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Update PKG_SOURCE_VERSION to 8a4db579f5c88af5a0d036fad34bddc9c1f703f3
(latest upstream main).
oci-runtime-tools is a rolling release without versioned upstream
releases. The new commit brings updated runtime-spec dependencies
and bug fixes accumulated since November 2024.
Link: https://github.com/opencontainers/runtime-tools/compare/f7e3563b...8a4db579
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tracks upstream curl 8.20.0 (April 2026 release).
Changes since 8.14.1 cover six upstream releases (8.15.0 - 8.20.0).
Highlights:
* async-thrdd: use thread queue for resolving
* build: make NTLM disabled by default
* lib: add thread pool and queue
* lib: drop support for < c-ares 1.16.0
* lib: make SMB support opt-in
* multi.h: add CURLMNWC_CLEAR_ALL
* rtmp: drop support
* cmake: drop support for CMake 3.17 and older
* Various TLS, HTTP/3, altsvc and resolver bug fixes.
Link: https://curl.se/changes.html#8_20_0
Link: https://github.com/curl/curl/blob/curl-8_20_0/RELEASE-NOTES
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update to latest upstream release.
Highlights of changes since 1.0.128:
* Added support for Debian 13 (trixie)
* Added support for many new Ubuntu releases (jammy through plucky)
* Improvements to keyring handling
* Various bug fixes and cleanups
Drop PKG_REAL_VERSION and the now-redundant PKG_BUILD_DIR override:
upstream and downstream versions match, so use PKG_VERSION directly
in PKG_SOURCE.
Link: https://salsa.debian.org/installer-team/debootstrap/-/blob/1.0.143/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 2023.4:
* Add automatic signing keys for trixie
* Add Debian Stable Release Key (13/trixie) (ID: 762F67A0B2C39DE4)
* Clean up maintscript removal of ancient archive certificates
* Get rid of team-members/ and signature verification
* Remove buster keys
* Rename keyrings from .gpg to .pgp
* Use OpenPGP instead of GnuPG when referring to the specification
Link: https://salsa.debian.org/release-team/debian-archive-keyring/-/blob/debian/2025.1/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4.99.3 (security release):
* Addresses EXIM-Security-2026-05-01.1: a remotely reachable
Use-After-Free vulnerability in Exim's BDAT (binary data
transmission) body parsing path when using the GnuTLS
backend. This can lead to heap corruption and potential code
execution. Affects 4.97 through 4.99.x when built with GnuTLS
support AND with STARTTLS and CHUNKING advertised.
Reported by xbow security.
Previous security releases folded into this bump:
4.99.2 (security release):
* Addresses Exim-Security-2026-04.1, covering 4 CVEs:
- CVE-2026-40684: Possible crash with malicious DNS data (musl libc)
- CVE-2026-40685: Possible OOB read/write on corrupt JSON in header
- CVE-2026-40686: Possible OOB read with large UTF8 trailing characters
- CVE-2026-40687: Possible OOB read/write with SPA authenticator
4.99.1 (security release):
* Re-incarnation of CVE-2025-26794, ports fixes from 4.98.1/4.98.2.
Link: https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
Link: https://git.exim.org/exim.git/blob/refs/tags/exim-4.99.3:/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
arm926ej-s (ARMv5) does not have native lock-free atomics and the
toolchain inserts calls to libatomic.so.1 for atomic operations.
The libgstreamer1 DEPENDS only listed armeb, powerpc, mips and mipsel
as needing libatomic, missing plain arm (little-endian 32-bit ARM).
Extend the condition to include arm so the package is properly
declared on all 32-bit ARM targets that require libatomic.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
perlbase-archive, perlbase-pod, and perlbase-test install Perl script
wrappers (ptar, pod2man, prove, etc.) that do not output the OpenWrt
package version string (5.40.0), causing generic version check failures
in CI.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 4.0.0:
- Add Zstandard decompression support for compressed web content
- Improve WolfSSL compatibility and SSL host name validation
- Improve IPv6 address support and Connection header handling
- Drop legacy pcre1 support; PCRE2 is now required
- Fix multiple memory leaks and socket leaks
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 26.1:
- Add SSL/TLS certificate validation for server-server links by default
(new SSLVerify option to disable)
- Add systemd sd_notify protocol support
- Add Autojoin option for automatic channel joining on connect
- Automatically maximize file descriptor limit at startup
- Add Docker/container documentation and Dockerfile
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
George Sapkin