The log file path is hardcoded as $HOME/.local/state/btop.log, i.e. to the router’s flash storage rather than to tmpfs. This patch sets the log file path to /tmp/log/btop.log
Signed-off-by: XCas13 <xcas13@gmail.com>
(cherry picked from commit 7c3e376967)
2026-04-06: Version 7.5.5
* New option --error-binary: Return an error if a
binary file is skipped.
* Fix: dos2unix error on empty input. The problem was introduced
in version 7.5.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6536260c01)
Patch release fixing build system issues with the 2.0.0 release.
2.0.0 introduced API changes including:
* Version macros for detection of incompatible API / version
* size_t as argument to allow longer base64 encoded strings
* Configurable line break functionality
* Flags field for encoder
* Helpers to calculate required output buffer maximum lengths
* Switched in-/out-pointers to void*
Link: https://github.com/libb64/libb64/blob/v2.0.0.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3650172e26)
Bug-fix release. Fixes 20+ bugs and includes some performance
improvements. All users are encouraged to upgrade.
Highlights (all platforms):
* Fixed a 4.1.0 bug that failed to report some filesystem errors
to RPC clients querying free space.
* Fixed a 4.1.0 bug that kept a torrent's updated queue position
from being shown.
* Fixed a 4.1.0 bug that caused torrents' queuing order to
sometimes be lost between sessions.
* Hardened .torrent parsing by exiting sooner if 'pieces' has
an invalid size.
* Reverted a 4.1.0 RPC change that broke some 3rd party code by
returning floats rather than integers for speed limit fields.
* Fixed crash when pausing a torrent and editing its tracker
list at the same time.
* Fixed 4.1.0 crash on arm32 by switching crc32 libraries to
Mark Adler's crcany.
* Require UTF-8 filenames in .torrent files (per BitTorrent spec).
* Fixed crash when parsing a .torrent file with a bad 'pieces' key.
* Fixed potential fd leak when launching scripts on POSIX systems.
* Changed network traffic algorithm to spread bandwidth more
evenly amongst peers.
Link: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4216ad05af)
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, release 3
- update PKG_RELEASE to 3
files/etc/init.d/https-dns-proxy:
- refactor nftable rules to explicitly add and flush the table and
chains instead of block replacement
- make nftable `delete table` call silent in `notrack_nft remove`
- update `notrack_nft remove` to check for absence of nftable table
instead of just checking the file
- ensure `notrack_nft remove` sets _error=1 on failure
- ignore dnsmasq instances with port 0 in
`dnsmasq_instance_append_force_dns_port`
tests/run_tests.sh:
- add test case to ensure dnsmasq port 0 is ignored
- update `notrack_nft remove` test to confirm success when both file
and table are absent
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 4bac71e3cd)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
Fix nftables rule directory creation
- Bump PKG_RELEASE to 2.
files/etc/init.d/https-dns-proxy:
- Add 'mkdir -p' before writing nftables rules to ensure the parent
directory exists. This fixes an issue where the directory might not
exist on initial installation, causing errors.
tests/run_tests.sh:
- Add comprehensive regression tests for notrack_nft.
- Mock 'nft' to track invocations and control return codes for testing.
- Patch 'NOTRACK_NFT_FILE' to a test-specific path for isolated testing.
- Verify 'notrack_nft' correctly creates the parent directory if missing.
- Test content of generated nftables snippet, idempotence, and removal.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 3d9a73bd7e)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Fixes https://github.com/openwrt/packages/issues/27952
Update avahi from 0.8 to 0.9-rc4. The 0.9 development line accumulates
four years of bug and security fixes since the 0.8 release (2020-02-18).
Notable improvements in 0.9-rc4 over 0.8:
Security (all CVEs previously backported as patches, now removed):
- CVE-2023-38469: reject TXT records whose total rdata exceeds
AVAHI_DNS_RDATA_MAX, preventing heap-buffer reads under crafted mDNS
- CVE-2023-38470: ensure each DNS label is at least one byte, preventing
an infinite loop on malformed packets
- CVE-2023-38471: extract host name via avahi_unescape_label() before
generating an alternative to avoid operating on a raw escaped string
- CVE-2023-38472: check that rdata pointer is non-NULL before passing to
avahi_rdata_parse() from dbus-entry-group
- CVE-2023-38473: derive alternative host name from its unescaped form,
fixing incorrect hostname collision resolution with escaped labels
Bug fixes (previously backported):
- Fix NULL-pointer crashes in avahi_s_*_browser_new() (#175)
- Avoid infinite loop in avahi-daemon simple-protocol by handling
AVAHI_WATCH_HUP event in client_work
- Fix potential undefined behaviour in avahi_dns_packet_consume_uint32:
cast uint8_t operands to uint32_t before shifting
- Fix memory/CPU leak in the simple event loop: cleanup_watches() was
zeroing timeout_req_cleanup instead of watch_req_cleanup, so completed
watches were never removed from the linked list
- Emit D-Bus error reply when avahi-daemon cannot resolve a hostname or
service, rather than crashing with a NULL dereference
- Increase ini-file-parser line buffer from 256 to 1024 bytes to handle
longer configuration values without silent truncation
Other changes:
- P2P tunnel support: IFF_MULTICAST is no longer required for
point-to-point interfaces when allow-point-to-point=yes
- Runtime directory: configure.ac now derives the socket path from
${runstatedir} (defaults to ${localstatedir}/run), so the
explicit patch reverting the /run hardcoding is no longer needed
- Patch 010-pkgconfig.patch (pkgconfig prefix alignment) is retained
as it has not been merged upstream
Dropped patches (all merged upstream):
020-revert-runtime-dir-systemd-change.patch
100-p2p-no-iff_multicast-required.patch
200-Fix-NULL-pointer-crashes-from-175.patch
201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
204-Emit-error-if-requested-service-is-not-found.patch
205-conf-file-line-lengths.patch
300-CVE-2023-38469.patch through 304-CVE-2023-38473.patch
Library SONAMES unchanged: libavahi-common.so.3, libavahi-core.so.7,
libavahi-client.so.3 — no reverse dependency rebuilds required.
Disable libsystemd (not available on OpenWrt)
avahi 0.9-rc4 added --enable-libsystemd which defaults to enabled and
fails configure when libsystemd is not found via pkg-config. OpenWrt
does not provide libsystemd; disable it explicitly.
Also pass --with-systemdsystemunitdir=no to suppress the pkg-config
lookup for the systemd unit directory.
Drop po/ subdir from build
The 0.9-rc4 tarball is a raw git archive; po/Makefile.in.in is not
pre-generated as it was in the 0.8 release tarball. autopoint (from
gettext) is needed to install it, but is not available in the OpenWrt
SDK. Since OpenWrt does not use NLS translations, remove po/ from
SUBDIRS in Makefile.am to avoid the missing po/Makefile.in.in error
during configure.
In 0.9-rc4 the D-Bus system.d directory changed from
$(sysconfdir)/dbus-1/system.d to $(datadir)/dbus-1/system.d,
so avahi-dbus.conf is now installed under usr/share/dbus-1/system.d.
Update the install rule source path accordingly; keep the on-device
destination at /etc/dbus-1/system.d for compatibility.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 24c3026f94)
Rather than having a database selection for SQLITE which prevents
the server or frontend from building, we add a 'basic'
variant for the proxy which uses sqlite3, and have the database
Kconfig affect only the server and frontend.
* There are now only three variants:
1. full, which is the default. It includes the full monitoring feature
set currently available on openwrt, including netsnmp, curl-based
checks, and ldap. In addition these features, plus the choice of
database and ssl provider (or no ssl) are configuration options for
this variant.
2. basic, which provides basic functions with openssl support
3. no-configure, for packages which are not part of the main Zabbix
compile process (including the WebUI which only requires copying
files for use by a web server with PHP CGI support).
* Full is the default variant for agentd and proxy, which are the only
packages with a choice between full and basic. All other packages only
are part of one variant.
* Full variants are the base version of the packages (that is
zabbix-agentd is the 'full' version while zabbix-agentd-basic is the
core version). The proxy version is named zabbix-proxy-basic-sqlite to
announce that it is using the sqlite3 database and not a database
server.
* get and sender only build if at least one of agentd, server, or proxy
are built. Therefore prevent selection get or sender when they would not
build.
* Zabbix's use of NetSNMP requires that Zabbix be build with OpenSSL
* While we are here, enable support for dates after 2038 (64-bit time_t)
* https://github.com/openwrt/packages/pull/28585#issuecomment-3984978895
* we updated the name to reflect that it is for basic functionality
that can standalone, rather then being a core the other packages
build on.
* basic has been used rather than tiny or small since the sentence
'Provides only tiny/small functionality with SSL/TLS' in the
description, sounds strange, but using basic this reads properly.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit c98e9d68a0)
Using the php8 dependency allows use to go back to using the
+ZABBIX_POSTGRESQL:php8-mod-pgsql (and like dependency for
mysql/mariadb).
This has the benefit of being an apk dependency so the user does not
install the frontend without a php8 database module.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 4afdeb7d19)
We aren't using packages with the same name as the provides, so don't
use an virtual (@) provides for providing zabbix-get
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 696e549e9d)
For non-compiled package that are architecture independant, set
PKGARCH:=all.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 4635838819)
When selecting only a package of "no-configure" build variant, e.g.
CONFIG_PACKAGE_zabbix-frontend-server=y
but not any other zabbix package, then the build fails.
The sources are not extracted and the install fails finally with:
make[4]: Entering directory '/srv/openwrt/openwrt-2.git/build_dir/target-arm_arm926ej-s_musl_eabi/zabbix-no-configure/zabbix-7.0.22'
make[4]: *** No rule to make target 'install'. Stop.
make[4]: Leaving directory '/srv/openwrt.git/build_dir/target-arm_arm926ej-s_musl_eabi/zabbix-no-configure/zabbix-7.0.22'
make[3]: *** [Makefile:522: /srv/openwrt.git/build_dir/target-arm_arm926ej-s_musl_eabi/zabbix-no-configure/zabbix-7.0.22/.built] Error 2
This PR fixes this by always running the standard Prepare stage,
but skip the Install one when nothing needs to be compiled.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 849db7361d)
The error in the #24828 patch series left Kconfig recursive depedency
error on zabbix-frontend-server. We fix this by update the database
depedencies on zabbix-frontend-server. Now, you must select the PHP8
database module you want _before_ zabbix-frontend-server will be
visible in menuconfig.
This is not a big problem, because zabbix-frontend-server already
depends on having php8 slected before the frontend can be built.
Closes: #28458
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit ff7353dbbc)
Due to package renaming the selection of database for the server and
proxy was missing from the Kconfig menu. This caused build failures for
proxy and server.
We now fix that.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit b032682381)
Using line continuation (\\) in GNU Make \$(foreach ...) and
\$(call ...) resulted in the install section for many of the packages
not being defined. This resulted in 'skipping [package-name] no install
section' messages and no new package being generated.
We remove the line continuation from the parts foreach and call, in
ordeer to restore compilation and creation of packages.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 8bc0c6c7cf)
In preparation for further changes, deduplicate package definitions,
and reorganize them. At the same time make use of provides to ensure
both existing names are preserved, and that it is possible to be
specific about the variant of the package one wants.
Also, condense the package conffiles, install, postinst, etc handling.
This is more maintainable (less copy and paste and less to modify).
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 75146ea2be)
cspell.json was accidentally include in a previous commit, so remove it.
VARIANT is to be used in package definitions, and BUILD_VARIANT
for checking which VARIANT is currently being built. BUILD_VARIANT was
incorrectly used in a package definition, so we fix that.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 0a897f7042)
The last PR (https://github.com/openwrt/packages/pull/28370) missed
including two needed changes, and had a minor packaging Makefile
mistake.
The Zabbix Agent needs to drop privileges to the zabbix-agent user.
Similarly, if run as root (not the default), the Zabbix server needs to
drop privileges to the zabbix-server user.
There are also, in the Makefile, three instances of using BUILD_VARIANT
instead of VARIANT in package definitions.
So we fix those issues.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit a2685bfad2)
For items which are only copied from the source code, avoid the
prepare, configure, and compile steps, while preserving the special
behaviour of the mac80211 addon, which has a unique prepare and
compile.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 8ab5a3d7c3)
Avoid unnecessary duplication on zabbix-agentd package definitions by
using a common zabbix-agentd/Default and extending it for different
zabbix-agentd flavours.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit f798e17379)
For security, per upstream recommendations, use a separate user for the
agent daemon and the server daemon.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 907e9c6b1e)
Bump Zabbix to the latest released 7.0.x LTS version.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 1f3251545d)
Adds an initscript for zabbix_server, and related helper files
+ uses a zabbix_server uci conf to enable/disable startup
+ updates the default zabbix_server.conf to work with initscript
+ add a sysctl.d conf to set max-files more appropriate for zabbix_server
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit ffdb7209a4)
Addresses the issue pointed out in #28165, which is that zabbix_agentd
always creates a PidFile and has no option to disable PidFile creation.
Therefore update the configuration file to default to create a PidFile
where we want it.
Close#28165
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 1ff6a92251)
Only show zabbix-server-frontend if the build dependency 'PACKEGE_php8' is
fulfilled. This means that 'zabbix-server-frotend' can only be selected if
PHP has also been enabled for building.
This change is needed to fix the following recursive dependency warning.
error: recursive dependency detected!
symbol PACKAGE_php8 is selected by PACKAGE_zabbix-server-frontend
symbol PACKAGE_zabbix-server-frontend depends on PHP8_DOM
symbol PHP8_DOM depends on PACKAGE_php8
For a resolution refer to Documentation/kbuild/kconfig-language.rst
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit dec74a7985)
For zabbix-server-frontend, the absence of php8-mod-filter results in
many of the frontend's pages failing to render. Therefore add this
module as a frontend dependency.
Without php8-mod-openssl the frontend fails with:
[13-Dec-2025 18:47:25 UTC] PHP Fatal error: Uncaught Error: Call to
undefined function openssl_random_pseudo_bytes() in
/www/zabbix/include/classes/helpers/CEncryptHelper.php:89
Stack trace:
CEncryptHelper::generateKey()
thrown in /www/zabbix/include/classes/helpers/CEncryptHelper.php on
line 89
Therefore add php8-mod-openssl as a frontend dependency.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 33b868d540)
Remove warning disable. The issue was fixed in 7.1 and backported to
6.1.3
Remove atrac3 from patented list. It's no longer true and is already in
the non patented list.
Add missing upstream patch in 6.1.4 to fix x86 build.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 00f5b15311)
- update dependencies from perl to python
- support dropbear
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit b0a6a9147b)
Rsyncd only needs a subset of all capabilities so create
a dedicated user with these capabilities. This is better from both a
security and an isolation perspective than running as root.
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 2a7364534e)
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, improve nftables rules
- Update PKG_VERSION to 2026.03.18.
- Set PKG_RELEASE to 1.
- Update PKG_SOURCE_VERSION to 801881210ba8215dc9cd577222d8c10372423360.
- Update PKG_MIRROR_HASH to 4c356c19b62fc7bdef3a67fd678e48f3659d709da10517c2eadef76e3409f5ce.
files/etc/init.d/https-dns-proxy:
- Wrap the notrack chain in its own `inet https_dns_proxy_notrack`
table. A top-level `chain` outside any table is invalid nftables
syntax and is rejected on kernel 6.18+, breaking firewall load.
Fixesmossdef-org/https-dns-proxy#7.
- Syntax-check the generated snippet with `nft -c -f` after write
and report OK/FAIL on the start path.
- On remove, explicitly `nft delete table` in addition to removing
the snippet file, so the live ruleset is cleaned up immediately
rather than waiting for the next fw4 reload.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0d5f7a16c1)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This object class implements an asynchronous HTTP user agent
for the IO::Async framework in Perl, similar to LWP::UserAgent.
Signed-off-by: Jens Wagner <jens@wagner2013.de>
(cherry picked from commit 70f8dd8aa3)
This module extends existing IO::Async classes with
methods to allow the use of SSL or TLS-based connections
Required be e.g. Net::Async::HTTP to support https://
Signed-off-by: Jens Wagner <jens@wagner2013.de>
(cherry picked from commit c30cec8144)
Provides a central location for modules to report monitoring metrics.
Required e.g. by Net::Async::HTTP
Signed-off-by: Jens Wagner <jens@wagner2013.de>
(cherry picked from commit f9aada2b27)
Povides a deferred subroutine syntax for futures in Perl
Signed-off-by: Jens Wagner <jens@wagner2013.de>
(cherry picked from commit 62e5e1f82f)
(cherry picked from commit 3a2ce3480c)
Tianling Shen