The binary does not report the OpenWrt package version (2023.06.11~ab78c48f);
override the generic version check with test-version.sh.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The git archive hash changed due to .gitattributes normalization in the
upstream repository. Update PKG_MIRROR_HASH to the current value.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
When dnsmasq is disabled, /var/etc doesn't exist. minidlna start was then failing. Partially reverted commit 733aae9 which broke this.
Signed-off-by: Peter Maivald <plasticassius@gmail.com>
1.0.1 fixes a false-positive path-traversal check in destinations.py:
the 1.0.0 code used Path.resolve() to validate that each installed file
stays within the --destdir, but Path.resolve() follows symlinks.
OpenWrt's staging dir and toolchain directories contain many symlinks,
so resolved paths could escape the destdir comparison and trigger:
ValueError: Attempting to write <file> outside of the target directory
1.0.1 replaces Path.resolve() with os.path.abspath(), which normalises
the path without following symlinks, eliminating the false positive.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Major version jump from 1.1.1 covering the 1.2.x - 1.9.x series.
Highlights:
- portmap: implement netfilter (nft) backend; bandwidth: optimization
- bridge: support "vlanTrunk" property and DAD/PVID support
- macvlan: support "linkInContainer" mode
- ipvlan: support "linkInContainer" mode
- dhcp: support DHCP option 121 classless static routes
- host-local: handle ranges with single IP
- firewall: support "ingressPolicy" with iptables and nftables
- tuning: allow specifying tx queue length
- Go module bumps including security fixes
- Minimum Go version: 1.23
Link: https://github.com/containernetworking/plugins/releases/tag/v1.9.1
Link: https://github.com/containernetworking/plugins/blob/v1.9.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 0.25.1:
0.27.0:
* util: Removed GNUNET_CRYPTO_symmetric_derive_iv API
* util: Deprecate GNUNET_CRYPTO_symmetric_* APIs
* util: Revise GNUNET_CRYPTO_hkdf_* APIs for safe variadic
arguments. Fixes#10898
0.26.x:
* util: Revise crypto API to prevent misuse of key material
* util: Add various TIME related helper APIs
* pils: Ship missing header
* pq: fix NULL reporting in arrays
* pq: fix consistency check errors
* util: fix UTF-8 uppercase/lowercase conversion API insanity
0.25.2:
* build: Various build system and detection logic improvements
* reintroduce some flat file storages
Drop patches that have been merged upstream:
- 0001-meson-convert-SQLite-version-detection-to-compile-time
- 0002-meson-convert-cURL-version-detection-to-compile-time
- 0003-meson-convert-libsodium-version-detection-to-compile
- 0004-meson-convert-cURL-SSL-library-detection-to-compile
- 0007-namecache-install-sql-files
- 0008-namecache-build-flat-namecache-plugin
Refresh 0005-meson-detect-libcurl-gnutls.patch for the upstream
switch from cc.compiles to cc.run for the cURL SSL backend check.
Link: https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.27.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Upstream repository has been archived by the owner, so
this software is no longer maintained.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
It seems this software is no longer maintained, because
upstream repository has been deleted.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Update bsbf-resources to the GIT HEAD of 2026-05-14.
- Improve bsbf-bonding --uninstall logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
before acme is an empty package that depend either acme-acmesh or uacme.
but this boolean logic in depend ignored by apk itself.
let's make a virtual keyword
witch both acme.sh and uacme provides.
acme.sh is explicit default.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Update PKG_SOURCE_VERSION to 8a4db579f5c88af5a0d036fad34bddc9c1f703f3
(latest upstream main).
oci-runtime-tools is a rolling release without versioned upstream
releases. The new commit brings updated runtime-spec dependencies
and bug fixes accumulated since November 2024.
Link: https://github.com/opencontainers/runtime-tools/compare/f7e3563b...8a4db579
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tracks upstream curl 8.20.0 (April 2026 release).
Changes since 8.14.1 cover six upstream releases (8.15.0 - 8.20.0).
Highlights:
* async-thrdd: use thread queue for resolving
* build: make NTLM disabled by default
* lib: add thread pool and queue
* lib: drop support for < c-ares 1.16.0
* lib: make SMB support opt-in
* multi.h: add CURLMNWC_CLEAR_ALL
* rtmp: drop support
* cmake: drop support for CMake 3.17 and older
* Various TLS, HTTP/3, altsvc and resolver bug fixes.
Link: https://curl.se/changes.html#8_20_0
Link: https://github.com/curl/curl/blob/curl-8_20_0/RELEASE-NOTES
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update to latest upstream release.
Highlights of changes since 1.0.128:
* Added support for Debian 13 (trixie)
* Added support for many new Ubuntu releases (jammy through plucky)
* Improvements to keyring handling
* Various bug fixes and cleanups
Drop PKG_REAL_VERSION and the now-redundant PKG_BUILD_DIR override:
upstream and downstream versions match, so use PKG_VERSION directly
in PKG_SOURCE.
Link: https://salsa.debian.org/installer-team/debootstrap/-/blob/1.0.143/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 2023.4:
* Add automatic signing keys for trixie
* Add Debian Stable Release Key (13/trixie) (ID: 762F67A0B2C39DE4)
* Clean up maintscript removal of ancient archive certificates
* Get rid of team-members/ and signature verification
* Remove buster keys
* Rename keyrings from .gpg to .pgp
* Use OpenPGP instead of GnuPG when referring to the specification
Link: https://salsa.debian.org/release-team/debian-archive-keyring/-/blob/debian/2025.1/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4.99.3 (security release):
* Addresses EXIM-Security-2026-05-01.1: a remotely reachable
Use-After-Free vulnerability in Exim's BDAT (binary data
transmission) body parsing path when using the GnuTLS
backend. This can lead to heap corruption and potential code
execution. Affects 4.97 through 4.99.x when built with GnuTLS
support AND with STARTTLS and CHUNKING advertised.
Reported by xbow security.
Previous security releases folded into this bump:
4.99.2 (security release):
* Addresses Exim-Security-2026-04.1, covering 4 CVEs:
- CVE-2026-40684: Possible crash with malicious DNS data (musl libc)
- CVE-2026-40685: Possible OOB read/write on corrupt JSON in header
- CVE-2026-40686: Possible OOB read with large UTF8 trailing characters
- CVE-2026-40687: Possible OOB read/write with SPA authenticator
4.99.1 (security release):
* Re-incarnation of CVE-2025-26794, ports fixes from 4.98.1/4.98.2.
Link: https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
Link: https://git.exim.org/exim.git/blob/refs/tags/exim-4.99.3:/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
arm926ej-s (ARMv5) does not have native lock-free atomics and the
toolchain inserts calls to libatomic.so.1 for atomic operations.
The libgstreamer1 DEPENDS only listed armeb, powerpc, mips and mipsel
as needing libatomic, missing plain arm (little-endian 32-bit ARM).
Extend the condition to include arm so the package is properly
declared on all 32-bit ARM targets that require libatomic.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
perlbase-archive, perlbase-pod, and perlbase-test install Perl script
wrappers (ptar, pod2man, prove, etc.) that do not output the OpenWrt
package version string (5.40.0), causing generic version check failures
in CI.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 4.0.0:
- Add Zstandard decompression support for compressed web content
- Improve WolfSSL compatibility and SSL host name validation
- Improve IPv6 address support and Connection header handling
- Drop legacy pcre1 support; PCRE2 is now required
- Fix multiple memory leaks and socket leaks
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 26.1:
- Add SSL/TLS certificate validation for server-server links by default
(new SSLVerify option to disable)
- Add systemd sd_notify protocol support
- Add Autojoin option for automatic channel joining on connect
- Automatically maximize file descriptor limit at startup
- Add Docker/container documentation and Dockerfile
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 2.2.8:
- Fix crash related to FD_SET and socket timeout handling
- Fix build_absolute_url when if_indextoname() returns NULL
- Add support for C23 and glibc 2.43 string function signatures
- Improve poll() usage and C++ compiler compatibility
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes symlink traversal vulnerability (CVE-2025-26625) that allowed
writing files outside the repository on checkout/pull.
Other changes since 3.5.1:
- Add --refetch option to force re-download of LFS objects
- Add --json and --dry-run options for fetch operations
- Improve .netrc handling on Windows and macOS root CA support
- Upgrade to Go 1.25 (requires Linux kernel 3.2+)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
Switch mosh to -std=c++17 to fix compilation with newer Protobuf.
Link with libatomic necessary for MIPS and PowerPC.
Signed-off-by: George Sapkin <george@sapk.in>
Move existing protobuf package to protobuf-compat to support packages that
don't work with modern version of Protobuf.
Install headers and libraries into /usr/protobuf-compat so as not to
confuse other packages with duplicate headers, and to prevent paths
conflicts with non-compat Protobuf.
Install link protoc as protoc-compat.
Signed-off-by: George Sapkin <george@sapk.in>
zabbix-sender and zabbix-get are only build if agentd is built.
Therefore do not allow selection them if the full agentd is not
being built.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Update the build flags to the new spelling required by fish.
The groff directory no longer exists, and the manual pages are never
built, so there's no need to remove them.
The MIPS patch was cherry-picked from upstream and can be dropped.
Signed-off-by: David Adam <zanchey@ucc.gu.uwa.edu.au>
Alexandru Ardelean