The MIPS variants (mips_24kc, mips_4kec, mipsel_24kc, mipsel_74kc) all
fail to compile preceph.c with an internal compiler error:
during RTL pass: reload
src/preceph.c:317:1: internal compiler error:
in lra_update_fp2sp_elimination, at lra-eliminations.cc:1416
This is a GCC LRA pass bug triggered when compiling with -mips16. Set
PKG_BUILD_FLAGS:=no-mips16 to strip the -mips16 / -minterlink-mips16
flags from CFLAGS for this package, matching the approach already used
by stress-ng for the same class of issue.
Bump PKG_RELEASE since only the build flags change.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
the original node_exporter exposes a node_os_info metric with a set of
data about the system [1] which is then used by several dashboards.
openwrt.lua already exposes OS info, but using the node_openwrt_info
metric requires changes to existing dashboards, and would require more
complex lookups when there are non-OpenWrt hosts in the overview too.
as we've already called ubus and fetched the data, we can expose it in
two formats easily.
[1] https://github.com/prometheus/node_exporter/blob/d6d0e710bb7daf07a2743fde060f0d5f32c565f3/collector/os_release.go#L190-L192
Signed-off-by: Evgeni Golov <evgeni@golov.de>
Handle cases where 'mac' is missing (nil), a single string,
or an array (table).
Additionally, add support for the 'duid' field.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Add a collector for the various fileystem metrics which matches the
node-exporter behaviour. This collector supports the following metrics:
* node_filesystem_size_bytes
* node_filesystem_free_bytes
* node_filesystem_avail_bytes
* node_filesystem_files
* node_filesystem_files_free
* node_filesystem_readonly
Signed-off-by: Will May <will.j.may@gmail.com>
Add a Prometheus collector for ModemManager that exports cellular modem
signal metrics via mmcli. Supports multiple modems (labeled by D-Bus
object path), exports overall signal quality and detailed per-technology
signal parameters (LTE, NR5G, UMTS, GSM, CDMA, ...).
Requires signal refresh to be enabled on the modem:
mmcli -m <id> --signal-setup=<interval_seconds>
Tested on: ath79/generic, GL.inet GL-X300B, OpenWrt 23.05.5
Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Jean-Laurent Girod <jeanlaurent.girod@icloud.com>
The same firmware image may be deployed on either bare metal device or
virtualized platforms (e.g., Proxmox VE).
On bare metal device, `qemu-ga` may still be started even though no
virtio-serial channel is available, resulting in repeated attempts to
access /dev/virtio-ports/org.qemu.guest_agent.0.
This causes continuous service respawning by procd and unnecessary log
spam.
This commit adds a pre-check for /dev/virtio-ports to avoid starting
`qemu-ga` when virtio-serial support is not present.
Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
vzlogger is a tool to read and log measurements of a wide variety of smart
meters and sensors to the volkszaehler.org middleware.
Signed-off-by: Andy Voigt <a.voigt@mailbox.org>
Large version jump from 4.8.1 to 4.19.4 (latest upstream LTS).
Build changes:
- Refresh patches/004-fix-su-controoling-term.patch: su.c moved the
ioctl() call from line 1122 to 1169 and changed (char *) 0 to
(char *) NULL; update patch context and re-canonicalise through
quilt (blank context line spacing).
- New CONFIGURE_ARGS:
* --disable-logind: 4.19.4 added an optional libsystemd-based
logind integration which OpenWrt doesn't ship.
* --without-libbsd: shadow's configure now hard-fails on missing
readpassphrase() unless libbsd is found; the in-tree
lib/readpassphrase.c fallback is enabled by --without-libbsd.
* --without-sssd: avoid dragging in an sssd build dep.
* --disable-subordinate-ids: 4.19.4 builds libsubid (subuid/subgid
runtime API) unconditionally when subids are enabled, and its
libtool -export-symbols-regex generates a version script that
binutils 2.40+ rejects against libxcrypt's versioned
crypt_checksalt@@XCRYPT_4.3 symbol. Disabling subordinate-ids
skips libsubid entirely; OpenWrt doesn't ship libsubid.
- Drop newgidmap, newuidmap, lastlog and groups from SHADOW_APPLETS:
newgidmap/newuidmap are only built when subordinate-ids are
enabled, lastlog defaults to disabled in 4.19.4, and the groups
binary was removed from shadow upstream (use coreutils).
Test coverage:
- Replace the per-applet --version check in test.sh with per-applet
functional tests:
pwck -> 'pwck -r' read-only consistency check; accept
non-zero exit since the CI container's /etc/passwd
trips minor warnings.
grpck -> 'grpck -r' read-only consistency check.
chage -> 'chage -l root' lists password aging info.
useradd -> 'useradd -D' dumps defaults without modifying state.
passwd -> 'passwd -S root' prints the password status line.
faillog -> create empty /var/log/faillog then 'faillog -a'
must emit a header line.
login/su -> PAM-interactive; presence covered by generic tests.
Other applets -> verify binary presence (CI's generic tests
already check stripped, no build paths, linked-libs).
- Add test-version.sh as a generic-version-check override: shadow
tools don't honour --version (only --help), so the framework's
probe finds no PKG_VERSION match in any binary and would otherwise
fail Generic tests for every sub-package.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 017 to 019. Version 019 dropped autoconf in favour of meson,
so switch to include/meson.mk and drop PKG_FIXUP:=autoreconf and the
autoconf CONFIGURE_ARGS.
The binary lsusb no longer reads usb.ids directly; it now queries the
udev hardware database. lsusb.py still searches /usr/share/hwdata/usb.ids
for device name resolution.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Stable bug-fix release in the 2.03.x series. The bundled
device-mapper library bumps from 1.02.209 to 1.02.215; track that
in PKG_VERSION_DM as well so the libdevmapper package shows the
correct upstream version.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
New stable release on the 2.5.x development series. Highlights from
upstream's NEWS:
* gpgsm: Implement GCM encryption.
* gpgsm: New option --attribute and server command SETATTR to
include arbitrary signed or unsigned attributes into a
signature. Requires libksba >= 1.7.0 (bumped to 1.8.0 in the
preceding commit).
* gpgsm: Introduce system attribute _signingCertificateV2.
* gpg: Fix wrong assertion failure which could very rarely occur
during key signature checking.
* gpg: Consider certify-only keys for revocation signature check.
* gpgsm: Fix possible double free in the CMS parser.
* gpgsm: Fix possible too early removal of ephemeral keys.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The binary does not report the OpenWrt package version (2023.06.11~ab78c48f);
override the generic version check with test-version.sh.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The git archive hash changed due to .gitattributes normalization in the
upstream repository. Update PKG_MIRROR_HASH to the current value.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Major version jump from 1.1.1 covering the 1.2.x - 1.9.x series.
Highlights:
- portmap: implement netfilter (nft) backend; bandwidth: optimization
- bridge: support "vlanTrunk" property and DAD/PVID support
- macvlan: support "linkInContainer" mode
- ipvlan: support "linkInContainer" mode
- dhcp: support DHCP option 121 classless static routes
- host-local: handle ranges with single IP
- firewall: support "ingressPolicy" with iptables and nftables
- tuning: allow specifying tx queue length
- Go module bumps including security fixes
- Minimum Go version: 1.23
Link: https://github.com/containernetworking/plugins/releases/tag/v1.9.1
Link: https://github.com/containernetworking/plugins/blob/v1.9.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update PKG_SOURCE_VERSION to 8a4db579f5c88af5a0d036fad34bddc9c1f703f3
(latest upstream main).
oci-runtime-tools is a rolling release without versioned upstream
releases. The new commit brings updated runtime-spec dependencies
and bug fixes accumulated since November 2024.
Link: https://github.com/opencontainers/runtime-tools/compare/f7e3563b...8a4db579
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update the build flags to the new spelling required by fish.
The groff directory no longer exists, and the manual pages are never
built, so there's no need to remove them.
The MIPS patch was cherry-picked from upstream and can be dropped.
Signed-off-by: David Adam <zanchey@ucc.gu.uwa.edu.au>
Some SDK/host GCC configurations, when meson invokes cc.preprocess() to
expand fcobjshash.gperf.h, produce output that includes predefined macro
dumps (e.g. #define __STDC__ 1) alongside linemarker lines. The upstream
cutout.py script, which strips CUT_OUT_BEGIN/END-delimited sections from
the preprocessed output before feeding it to gperf, passes these lines
through verbatim into fcobjshash.gperf.
gperf then copies them into the declarations section of fcobjshash.h.
When fcobjs.c includes fcobjshash.h, the compiler encounters #define
redefinitions and stray # tokens, causing a build failure.
Fix cutout.py to skip any line starting with # (C preprocessor
linemarkers and predefined macro definitions) before writing to the
output gperf file.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
1.3.2 (2026-03-09):
* fsck.exfat: add an option to show a progress bar
* mkfs.exfat: discard blocks prior to write outs by default
* mkfs.exfat: add a read-after-write verification for the VBR
* exfatprogs: adjust utility exit codes
* dump.exfat: handle paths including '.', '..', and repeated '/'
* fsck.exfat: convert 0x80 entries into deleted file entries
1.3.1 (2025-12-15):
* fsck.exfat: support repairing the allocation bitmap size
* exfatprogs: temporarily disable building defrag.exfat (data loss)
* libexfat: fix a NULL pointer dereference in read_file_dentry_set()
1.3.0 (2025-10-15):
* defrag.exfat: new tool to defragment an exFAT filesystem
* mkfs.exfat: minimize zero-out initialization in quick format mode
* fsck.exfat: set the entry after an unused entry as unused
* Various bug fixes
Link: https://github.com/exfatprogs/exfatprogs/blob/1.3.2/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update GnuPG to the current upstream stable release. As listed at
https://gnupg.org/download/, the 2.5.x series is currently 'stable'
while 2.4.x is 'oldstable' (LTS).
Highlights of changes since 2.4.8:
* New OpenPGP key formats: Curve25519 and Curve448 (RFC9580)
* SHA3 family signature support
* Kyber post-quantum hybrid keys
* KEM (Key Encapsulation Mechanism) operations
* dirmngr: improved LDAP and HTTP keyserver support
* scdaemon: better support for new smartcard tokens
* Many bug fixes and security improvements
Link: https://dev.gnupg.org/source/gnupg/browse/master/NEWS
Link: https://gnupg.org/download/release_notes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.4 (13 February 2026):
- pcsc_scan: use different variables for spin running and state
- pcsc_scan: give some time to the spinner thread in spin_start()
- Various ga workflow improvements (Windows artifact upload, etc.)
Link: https://pcsc-tools.apdu.fr/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2.4.1 (1 January 2026):
- Add backward version support on the client side
- Add backward version support on the server side
- hotplug libudev: rescan the USB bus with "pcscd --hotplug"
- fix a value in pcscd.service systemd file
- meson: install systemd files even if libsystemd is not used
2.4.0 (19 October 2025):
- Run pcscd under a pcscd user instead of root when using systemd
- Set PIDFile in systemd service file
- Protect contextMapList modifications using a mutex
- meson: fix libpcsclite.pc, respect default_library option
Link: https://pcsclite.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
0.27.0 includes a number of CVE fixes and many improvements:
Security fixes (0.27.0):
* CVE-2025-13763: Uninitialized memory uses detected by fuzzers
* CVE-2025-49010: Write beyond buffer bounds in GET RESPONSE APDU
* CVE-2025-66215: Write beyond buffer bounds in oberthur driver
* CVE-2025-66038: Read beyond buffer bounds in PIV historical bytes
* CVE-2025-66037: Buffer overrun while parsing SPKI
General improvements:
* Added support for PKCS#11 3.2 in tools and pkcs11-spy/p11test
* Added support for Ed448, X448 mechanisms; improved Edwards and
Montgomery key support.
* Support CKA_PUBKEY_KEY_INFO PKCS#11 attribute.
* Remove obsolete tokend support.
* Correctly detect OS-level FIPS mode in OpenSSL automatically.
* Added support for Brainpool twisted curves.
* EsteID: EstEID 2025, FinEID 4.0/4.1, Latvian IDEMIA Cosmo X & 8.2.
* D-Trust Card 5.1 & 5.4 with PIN change/unblock.
* Belpic: support for belpic applet version 1.8.
* Many other card-specific improvements (OpenPGP, PIV, ...).
0.27.1 is a bug-fix release for infrastructure issues.
Link: https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.1 (4 February 2026):
- Add support of: ACS APG8201-B2, BUDGET E-ID BUD001, CHERRY Smart
Board 1150, CryptnoxCR CryptnoxCR, Diebold Nixdorf PN7362au CCID,
FT BioPass FIDO2 Pro, Nitrokey Nitrokey Passkey
- Add SCARD_CTL_CODE(3601): USB path of the reader
- Some other minor improvements
1.7.0 (2 October 2025):
- Add support of: GIGA-TMS NFC CCID Reader, Identiv SmartOS Reader,
SEC1210URT, TOKEN2 FIDO2 Security Key (multiple variants),
TOKEN2 Molto2 (older version), VIX TECHNOLOGY SECURE READER
- Remove support of SIMHUB pcsc reader
- Give pcscd group permission to CCID devices in udev rule
- Avoid a timeout issue with the Thales Fusion NFC reader
- Provide the option to synchronize the 2 interfaces of a SEC1210
- Some other minor improvements
Link: https://ccid.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The upstream repository was renamed from checksec.sh to checksec and the
main script was renamed from checksec to checksec.bash (still installed as
/usr/bin/checksec). The checksec_automator subpackage was removed upstream,
so drop it. Update PKG_NAME accordingly and adjust the install rule.
Changelog: https://github.com/slimm609/checksec/releases/tag/3.1.0
Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update test.sh to use $2 (positional version argument) instead of the
$PKG_VERSION environment variable, and add a check that the alternative
binary /usr/libexec/less-gnu is present.
Changelog: https://www.greenwoodsoftware.com/less/news.692.html
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove <linux/prctl.h> from backend.c via Build/Prepare sed: both
<linux/prctl.h> and <sys/prctl.h> define struct prctl_mm_map in newer
musl toolchains, causing a redefinition build error. sys/prctl.h alone
provides everything fio needs.
Changelog: https://github.com/axboe/fio/blob/fio-3.42/HOWTO.rst
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Alexandru Ardelean