Bug-fix release (2026-04-24).
Changes:
- Fix: kallsyms on powerpc64 with ABI V1
- fix: ASoC: soc-dapm: move struct snd_soc_dapm_context (v7.0)
- fix: adjust range in btrfs probe for v6.18.14
Reference: https://lttng.org/files/lttng-modules/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove obsolete patches:
- 010-compat-off64_t-is-not-defined-by-musl.patch: the patched files
(src/common/compat/compat-fcntl.c and src/common/compat/fcntl.h)
no longer exist in 2.15.0
- 020-fix-lttng-tools-fails-to-compile-with-libxml2-2-14-0.patch: the
encode_string() function was refactored in 2.15.0 to use
xmlCharEncInFunc() instead of handler->input(), so the fix is no
longer needed
Add musl compatibility fixes in Build/Prepare via sed:
- Remove :: global-namespace qualifier from TFD_CLOEXEC in timerfd.hpp;
musl defines it as an octal literal so ::TFD_CLOEXEC is invalid C++
- Same fix for EPOLL_CLOEXEC in poller.cpp
- Relax static_assert in consumer.hpp from __cplusplus == 201103L to
>= 201103L; SDK builds with C++17
Add missing +libstdcpp to DEPENDS (lttng-tools links libstdc++.so.6).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 2.13.9 to 2.15.0 (skips 2.14.x stable series).
Highlights of the 2.14/2.15 series:
- C++ header compatibility improvements (tracepoint API usable from C++)
- liblttng-ust-tracepoint split into its own shared library
- Add liblttng-ust-fd, liblttng-ust-fork helper libraries
- Ring buffer API cleanup and modernisation
- Drop internal libcompat layer
Patch update:
- 100-no-tests.patch: adjust hunk offset from line 7 to line 9; the
tests/ entry in SUBDIRS moved down two lines in Makefile.am
Reference: https://lttng.org/files/lttng-ust/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Upstream release 28.5 (2026-04-23), patch release for OTP 28.
Applications updated:
- erl_interface-5.7: new --{enable,disable}-use-embedded-3pp-alternatives
configure option; allows using system zstd, zlib, ryu, openssl, tcl
instead of bundled copies (default: zlib uses OS version if available)
- erts-16.4: fixed bug in enif_make_map_from_arrays for arrays with >= 33
keys (duplicates could produce broken maps); fixed Unicode handling in
erl.exe args_file on Windows
- mnesia-4.25.3: bug fixes
- ssl-11.6: bug fixes
Highlight: new "Secure Coding Guidelines" document added to Design
Principles describing how to write secure Erlang code.
Reference: https://github.com/erlang/otp/releases/tag/OTP-28.5
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Version 8.2604.0 follows the YYYYMM.x versioning scheme (April 2026).
The 8.2604.0 release enables --enable-impstats-push by default, which
requires protobuf-c-compiler (protoc-c). Since we don't ship
protobuf-c in the SDK environment and the impstats push feature is
not essential for typical OpenWrt use, disable it explicitly with
--disable-impstats-push.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
- added opt-in protection against access points with locally-administered (LAA) BSSIDs
- added a special trm_maxretry value '0', enabling unlimited connection retries
- removed obsolete connection-tracking functions (too many uci updates/flash wear)
- all runtime files now live under a single /var/run/travelmate/ directory
- various code cleanups & fixes
- LuCI: made the new UCI option 'trm_eviltwin' available
- LuCI: more cleanups
- readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
mptcpd is the only consumer of libell; bump PKG_RELEASE so the
package is rebuilt against ell 0.83 once that update lands.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update LVM2 from 2.03.33 to 2.03.40, bundled libdm from 1.02.207 to
1.02.209.
LVM2 highlights since 2.03.33:
2.03.40 (28th April 2026):
* Many bug fixes and memory/lock leak fixes throughout the
tree (vgcreate, vgmerge, vgimportclone, pvscan, raid, dmeventd,
pvmove, lvmpolld).
* Validate area_count and metadata sizes to prevent overflows.
* Fix percent_check threshold stuck above 100% in dmeventd
thin/vdo plugins.
* Pre-create udev cookie before critical section to avoid
resume failures.
2.03.39 (13th March 2026):
* Support --interval +N to delay first poll in pvmove and lvpoll.
* Add atomic leases using Compare and Write (CAW) to lvmlockd.
* Add lvm-index(7), lvm-categories(7), lvm-args(7) man pages.
* Show active cache mode in kernel table line (lvs -o kernel_cache_mode).
* Switch from internal device_mapper library to libdm.
2.03.34 - 2.03.38:
* Persistent reservation support on a VG; VG attr character + pr
field on vgs reflecting persistent reservation status.
* dmeventd: restart with no monitored devices, no actions on
removed devices.
* Various filter, integrity, cache, raid and pvmove fixes.
libdm changes since 1.02.207 (1.02.208 / 1.02.209) consist purely
of internal cleanups and version bumps; no user-visible changes
documented in WHATS_NEW_DM.
Link: https://gitlab.com/lvmteam/lvm2/-/blob/v2_03_40/WHATS_NEW
Link: https://gitlab.com/lvmteam/lvm2/-/blob/v2_03_40/WHATS_NEW_DM
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stable bug-fix release. All users of cryptsetup 2.8.x must upgrade.
Changes since 2.8.4:
* Fix FileVault (fvault2) metadata parsing crash with crafted images.
Reported by David Pokora (Trail of Bits/Anthropic).
* Fix reading FileVault image metadata from incorrect image offset.
* OpenSSL backend: increase the number of allowed threads to 64
(workaround for parallel Argon2 PBKDF deadlock).
* Fix LUKS2 reencryption lock name when the device is being reencrypted.
* Check UUID of the resumed device to match UUID stored in metadata.
* Add a specific error for failed detached header allocation.
* Fix tests not to use aes-generic kernel cipher name (Linux 7.0+).
* Fix OpenSSL crypto backend if built with LibreSSL.
* Several compatibility fixes to the alternative Meson configuration.
* Various code fixes based on AI-assisted reviews (memory wiping,
error paths, integrity sector overflow, device-mapper flags, ...).
Link: https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.8.6/docs/v2.8.6-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
A substantial release with many new features and module format
fixes since 4.6.3.
Highlights:
* Increase maximum sampling rate (XMP_MAX_SRATE) to 768000.
* xmp_seek_time now always seeks; new xmp_seek_time_frame for
frame-accurate seeking.
* New tempo factor APIs: xmp_set_tempo_factor_relative,
xmp_get_tempo_factor, xmp_get_tempo_factor_relative.
* New API define XMP_FORMAT_32BIT to enable 32-bit integer output.
* New API defines XMP_INST_NO_DEFAULT_PAN, XMP_MARK_SKIP,
XMP_MARK_END.
* Add support for Pack-Ice depacking and Software Visions DMF
(Apocalypse Abyss MOD variant).
* Internal module time/duration calculations now use doubles.
* Numerous bug fixes across MOD, XM, S3M, IT, RTM, MED, Funktracker,
Imago Orpheus IMF, Liquid Tracker LIQ, DigiBooster Pro, IMS and
other formats: sample default panning/volume corrections, effect
memory and translation fixes, note edge cases.
Link: https://github.com/libxmp/libxmp/blob/libxmp-4.7.0/docs/Changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.25.1:
* Fixed the OpenSL and JACK backends.
* Fixed WASAPI and CoreAudio capture.
* Fixed building the OSS backend with OSS v4.
* Fixed a debug assertion with HRTF enabled.
* Fixed an STL hardening assertion in the polyphase resampler.
* Added a new stereo-encoding option for Tetraphonic Surround Matrix
Encoding.
1.25.0:
* Updated library codebase to C++20.
* Fixed alcIsExtensionPresent to do a case-insensitive compare.
* Fixed potential noise when switching reverbs.
* Fixed reverb panning with certain output modes.
* Fixed retrieving the alGetProcAddressDirect extension function.
* Fixed negative source offsets with a callback buffer.
* Added build options for STL hardening (default ON for performant checks).
* Added support for fourth-order ambisonics.
* Added support for CAF files to the Wave Writer backend.
* Added optional support for C++20 modules.
* Updated alsoft-config to Qt6.
* Changed default period size to 512 sample frames.
Link: https://github.com/kcat/openal-soft/blob/1.25.1/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes in 0.1.7 (2025-04-07):
* Drop the autotools build system
* Unbreak the CI
* Prevent a crash on disconnect
* Fix building with glibc >= 2.43
* Fix the eavesdrop filtering to prevent message interception
Link: https://github.com/flatpak/xdg-dbus-proxy/blob/0.1.7/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 0.4.16:
0.4.18 (2026-02-16):
* Support for RSA-PSS and RSA-OAEP using keys retrieved using the
PKCS11_get_private_key() libp11 API and the PKCS#11 provider.
* Improved test coverage.
0.4.17 (2026-02-01):
* Ed25519 and Ed448 support (PKCS#11 v3.2).
* Fixed OPENSSL_NO_EC builds.
* Reverted RSA public exponent change from PR #474.
* Fixed crash on module initialization failures.
* Ignoring trailing newlines in pin-source files.
* Initial build fixes for the upcoming OpenSSL 4.x.
Drop the now obsolete 001-fix-install.patch which has been merged
upstream.
Link: https://github.com/OpenSC/libp11/blob/libp11-0.4.18/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Release 5.9.0 (January 16, 2026):
* added: new feature to wvtag to copy tags from one WavPack file
to another
* improved: minor tweaks to the new DNS (dynamic noise shaping)
algorithm
* improved: better handling of specific non-standard WAV and AIFF
files
* improved: added CI (GitHub Actions) and fixed a few minor build
issues
* fixed: --pause option failed in many situations (Windows-only)
* fixed: issues related to encoding from an unknown length
(e.g., pipes)
* fixed: several fuzzer-revealed issues related to multithreading
* fixed: potential buffer overruns in WavpackOpenRawDecoder()
Link: https://github.com/dbry/WavPack/blob/5.9.0/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Major version jump from 1.17.1 to 3.3.2.
libjwt 3.x is a substantial rewrite:
* New backend abstraction supporting OpenSSL, GnuTLS and MbedTLS
crypto libraries (selected at build time).
* New JWK and JWKS APIs for key handling with full RFC 7517 support.
* Improved error handling and reporting.
* EdDSA signature support (Ed25519, Ed448).
* Optional libcurl integration for fetching JWKS from a URL.
* Many API additions while keeping backwards-compatible semantics
for the most common HMAC/RSA/ECDSA operations.
Force OpenSSL backend (-DWITH_GNUTLS=OFF -DWITH_MBEDTLS=OFF) since
libopenssl is already a dependency, avoiding pulling in libgnutls.
Disable -DWITH_TESTS=OFF since the testsuite is not relevant for
embedded targets.
Link: https://github.com/benmcollins/libjwt/releases/tag/v3.3.2
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, release 3
- update PKG_RELEASE to 3
files/etc/init.d/https-dns-proxy:
- refactor nftable rules to explicitly add and flush the table and
chains instead of block replacement
- make nftable `delete table` call silent in `notrack_nft remove`
- update `notrack_nft remove` to check for absence of nftable table
instead of just checking the file
- ensure `notrack_nft remove` sets _error=1 on failure
- ignore dnsmasq instances with port 0 in
`dnsmasq_instance_append_force_dns_port`
tests/run_tests.sh:
- add test case to ensure dnsmasq port 0 is ignored
- update `notrack_nft remove` test to confirm success when both file
and table are absent
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Changes from 5.3.x to 5.4.0:
* Use Mike Haertel's MinRX regular expression matcher by default.
The old regex and dfa engines are still available.
* New @nsinclude directive: like @include but doesn't reset
the namespace to "awk".
* lshift()/rshift() return 0 when shifting more bits than in uintmax_t.
* Persistent memory: store meta-info in backing file; warn on
version mismatch; allow dynamic extensions with persistent memory.
* ordchr extension now supports multibyte / wide characters.
* length(array) is no longer an extension (POSIX 2024); --posix
no longer rejects it and --lint no longer warns.
* --traditional rationalised to match BWK awk behaviour.
* Assertions are now enabled in the C code.
* Hexadecimal floating-point values may now be used in source,
strtonum() and -n/--non-decimal-data option.
* UDP networking support is now deprecated, will be removed in 6.0.
* Reading regular disk input files is somewhat faster (no timeout check).
* Various bug fixes.
Link: https://git.savannah.gnu.org/cgit/gawk.git/plain/NEWS?h=gawk-5.4.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Major version update from 17.5 to 18.3.
PostgreSQL 18 (released September 2025) brings:
* Asynchronous I/O (AIO) for shared buffers, sequential scans,
bitmap heap scans and pg_prewarm.
* Skip scans for B-tree indexes.
* Performance improvements for partition pruning.
* Logical replication: improved replication of generated columns,
protocol version 5.
* Native UUIDv7 support.
* Larger I/O for sequential and parallel scans.
* Concurrent reindex of partitioned tables.
* pg_dump: --filter for selective dumps.
* Numerous SQL/JSON improvements.
* New built-in role pg_signal_autovacuum_worker.
18.3 is the third maintenance release with bug fixes since 18.0.
Drop the now obsolete pg_config_ext.h copy in Build/InstallDev: this
header has been removed upstream in PostgreSQL 18.
Link: https://www.postgresql.org/docs/release/18.0/
Link: https://www.postgresql.org/docs/release/18.3/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump from 2.4.123 to current upstream stable. Required by recent
Mesa, weston, wlroots and other graphics-stack consumers
(wlroots 0.20+ explicitly requires libdrm >= 2.4.129).
Link: https://dri.freedesktop.org/libdrm/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2026-04-06: Version 7.5.5
* New option --error-binary: Return an error if a
binary file is skipped.
* Fix: dos2unix error on empty input. The problem was introduced
in version 7.5.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
0.11.2 (CVE-2026-41163):
* In setuid mode, don't run the low-privileged parts of the setup
as dumpable, as that allows it to be ptraced which can lead to problems.
* New build option -Dsupport_setuid, which if set to false (the default)
disables the support for setuid.
0.11.1:
* Reset disposition of SIGCHLD, restoring normal subprocess management
if bwrap was run from a process that was ignoring that signal.
* Don't ignore --userns 0, --userns2 0 or --pidns 0 if used.
* Fix grammar in an error message and a broken link in the documentation.
Link: https://github.com/containers/bubblewrap/blob/v0.11.2/NEWS.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Maintainer: Rob White rob@blue-wave.net
Compile tested: All
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, mips_24kc,
aarch64_cortex-a53; On 24.10, 25.12 and master/snapshot.
Description: wifi-chipset-detect (1.0.0)
This is a new package that reports in json format the chipset
and driver capabilities of installed wireless hardware.
Developed originally for use where Captive Portal
and Mesh Backhaul networks are being built.
It provides a stand alone script to detect details of the physical
wireless hardware without requiring the radios to be enabled.
There are no dependencies over and above the basic OpenWrt flash image.
It is based on functionality built into the OpenNDS and Mesh11sd packages.
The json formatted output is displayed on the terminal screen.
It is also written to the file /tmp/wifidetect.
This version does not require the Captive Portal
or Mesh network to be running.
Full details can be seen here:
https://github.com/openNDS/wifi-chipset-detect
Signed-off-by: Rob White <rob@blue-wave.net>
Changelog:
- Fix MMDB_open incorrectly rejecting databases with 0-element
map/array fields at the end of metadata (v1.13.3)
- Fix compilation conflict with bswap32/bswap64 macros on macOS 26
Tahoe (v1.13.2)
- Fix validation and edge-case handling in database open path (v1.12.x)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog:
- Security: reject unescaped control characters in JSON strings
- Security: fix use-after-free in Reader::parse()
- Add std::string_view support in the Value API
- Fix string_view ABI mismatch between library and consumers
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update bsbf-resources to the GIT HEAD of 2026-05-06.
- Remove bsbf-route as bsbf-mptcp now includes the functionality it
provides.
- Remove bsbf-plpmtu as that functionality is now provided with the
plp-mtu-discovery package.
- Remove bsbf-tcp-in-udp as it's not a production-ready solution as it is.
- Add bsbf-client-web.
- Update the dependencies of bsbf-mptcp to curl, fping, ip-full, and
mptcpize.
- Remove files/etc/config/bsbf-mptcp as that functionality is now provided
using the /etc/bsbf/bsbf-mptcp-subflow-backup file.
- Remove files/etc/hotplug.d/iface/99-bsbf-mptcp as that functionality is
now provided by the bsbf-mptcp service.
- Update the dependencies of bsbf-bonding to bsbf-client-web, bsbf-mptcp,
bsbf-rate-limiting, and xray-core.
- Get rid of fw4 dependency and 99-bsbf-bonding.nft in favour of
resources-client/bsbf_bonding.nft. Add a oneshot service to apply it at
boot.
- Move from bsbf-openwrt-resources to bsbf-resources directory as we now
install resources-client/xray.json and resources-client/bsbf_bonding.nft.
- Add the bsbf-bonding command.
- Run `bsbf-bonding --enable` at the end on the uci-defaults script.
- Add the tc package as a dependency for bsbf-rate-limiting.
Fixes: https://github.com/openwrt/packages/issues/29306
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The current check would match a uci device section that doesn't say if the
interface is a bridge. Check that the type option is bridge to address
this.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Alexandru Ardelean