Major version jump from 1.1.1 covering the 1.2.x - 1.9.x series.
Highlights:
- portmap: implement netfilter (nft) backend; bandwidth: optimization
- bridge: support "vlanTrunk" property and DAD/PVID support
- macvlan: support "linkInContainer" mode
- ipvlan: support "linkInContainer" mode
- dhcp: support DHCP option 121 classless static routes
- host-local: handle ranges with single IP
- firewall: support "ingressPolicy" with iptables and nftables
- tuning: allow specifying tx queue length
- Go module bumps including security fixes
- Minimum Go version: 1.23
Link: https://github.com/containernetworking/plugins/releases/tag/v1.9.1
Link: https://github.com/containernetworking/plugins/blob/v1.9.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 0.25.1:
0.27.0:
* util: Removed GNUNET_CRYPTO_symmetric_derive_iv API
* util: Deprecate GNUNET_CRYPTO_symmetric_* APIs
* util: Revise GNUNET_CRYPTO_hkdf_* APIs for safe variadic
arguments. Fixes#10898
0.26.x:
* util: Revise crypto API to prevent misuse of key material
* util: Add various TIME related helper APIs
* pils: Ship missing header
* pq: fix NULL reporting in arrays
* pq: fix consistency check errors
* util: fix UTF-8 uppercase/lowercase conversion API insanity
0.25.2:
* build: Various build system and detection logic improvements
* reintroduce some flat file storages
Drop patches that have been merged upstream:
- 0001-meson-convert-SQLite-version-detection-to-compile-time
- 0002-meson-convert-cURL-version-detection-to-compile-time
- 0003-meson-convert-libsodium-version-detection-to-compile
- 0004-meson-convert-cURL-SSL-library-detection-to-compile
- 0007-namecache-install-sql-files
- 0008-namecache-build-flat-namecache-plugin
Refresh 0005-meson-detect-libcurl-gnutls.patch for the upstream
switch from cc.compiles to cc.run for the cURL SSL backend check.
Link: https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.27.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Upstream repository has been archived by the owner, so
this software is no longer maintained.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
It seems this software is no longer maintained, because
upstream repository has been deleted.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Update bsbf-resources to the GIT HEAD of 2026-05-14.
- Improve bsbf-bonding --uninstall logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
before acme is an empty package that depend either acme-acmesh or uacme.
but this boolean logic in depend ignored by apk itself.
let's make a virtual keyword
witch both acme.sh and uacme provides.
acme.sh is explicit default.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Update PKG_SOURCE_VERSION to 8a4db579f5c88af5a0d036fad34bddc9c1f703f3
(latest upstream main).
oci-runtime-tools is a rolling release without versioned upstream
releases. The new commit brings updated runtime-spec dependencies
and bug fixes accumulated since November 2024.
Link: https://github.com/opencontainers/runtime-tools/compare/f7e3563b...8a4db579
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tracks upstream curl 8.20.0 (April 2026 release).
Changes since 8.14.1 cover six upstream releases (8.15.0 - 8.20.0).
Highlights:
* async-thrdd: use thread queue for resolving
* build: make NTLM disabled by default
* lib: add thread pool and queue
* lib: drop support for < c-ares 1.16.0
* lib: make SMB support opt-in
* multi.h: add CURLMNWC_CLEAR_ALL
* rtmp: drop support
* cmake: drop support for CMake 3.17 and older
* Various TLS, HTTP/3, altsvc and resolver bug fixes.
Link: https://curl.se/changes.html#8_20_0
Link: https://github.com/curl/curl/blob/curl-8_20_0/RELEASE-NOTES
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update to latest upstream release.
Highlights of changes since 1.0.128:
* Added support for Debian 13 (trixie)
* Added support for many new Ubuntu releases (jammy through plucky)
* Improvements to keyring handling
* Various bug fixes and cleanups
Drop PKG_REAL_VERSION and the now-redundant PKG_BUILD_DIR override:
upstream and downstream versions match, so use PKG_VERSION directly
in PKG_SOURCE.
Link: https://salsa.debian.org/installer-team/debootstrap/-/blob/1.0.143/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 2023.4:
* Add automatic signing keys for trixie
* Add Debian Stable Release Key (13/trixie) (ID: 762F67A0B2C39DE4)
* Clean up maintscript removal of ancient archive certificates
* Get rid of team-members/ and signature verification
* Remove buster keys
* Rename keyrings from .gpg to .pgp
* Use OpenPGP instead of GnuPG when referring to the specification
Link: https://salsa.debian.org/release-team/debian-archive-keyring/-/blob/debian/2025.1/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4.99.3 (security release):
* Addresses EXIM-Security-2026-05-01.1: a remotely reachable
Use-After-Free vulnerability in Exim's BDAT (binary data
transmission) body parsing path when using the GnuTLS
backend. This can lead to heap corruption and potential code
execution. Affects 4.97 through 4.99.x when built with GnuTLS
support AND with STARTTLS and CHUNKING advertised.
Reported by xbow security.
Previous security releases folded into this bump:
4.99.2 (security release):
* Addresses Exim-Security-2026-04.1, covering 4 CVEs:
- CVE-2026-40684: Possible crash with malicious DNS data (musl libc)
- CVE-2026-40685: Possible OOB read/write on corrupt JSON in header
- CVE-2026-40686: Possible OOB read with large UTF8 trailing characters
- CVE-2026-40687: Possible OOB read/write with SPA authenticator
4.99.1 (security release):
* Re-incarnation of CVE-2025-26794, ports fixes from 4.98.1/4.98.2.
Link: https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
Link: https://git.exim.org/exim.git/blob/refs/tags/exim-4.99.3:/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
arm926ej-s (ARMv5) does not have native lock-free atomics and the
toolchain inserts calls to libatomic.so.1 for atomic operations.
The libgstreamer1 DEPENDS only listed armeb, powerpc, mips and mipsel
as needing libatomic, missing plain arm (little-endian 32-bit ARM).
Extend the condition to include arm so the package is properly
declared on all 32-bit ARM targets that require libatomic.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
perlbase-archive, perlbase-pod, and perlbase-test install Perl script
wrappers (ptar, pod2man, prove, etc.) that do not output the OpenWrt
package version string (5.40.0), causing generic version check failures
in CI.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 4.0.0:
- Add Zstandard decompression support for compressed web content
- Improve WolfSSL compatibility and SSL host name validation
- Improve IPv6 address support and Connection header handling
- Drop legacy pcre1 support; PCRE2 is now required
- Fix multiple memory leaks and socket leaks
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 26.1:
- Add SSL/TLS certificate validation for server-server links by default
(new SSLVerify option to disable)
- Add systemd sd_notify protocol support
- Add Autojoin option for automatic channel joining on connect
- Automatically maximize file descriptor limit at startup
- Add Docker/container documentation and Dockerfile
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 2.2.8:
- Fix crash related to FD_SET and socket timeout handling
- Fix build_absolute_url when if_indextoname() returns NULL
- Add support for C23 and glibc 2.43 string function signatures
- Improve poll() usage and C++ compiler compatibility
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes symlink traversal vulnerability (CVE-2025-26625) that allowed
writing files outside the repository on checkout/pull.
Other changes since 3.5.1:
- Add --refetch option to force re-download of LFS objects
- Add --json and --dry-run options for fetch operations
- Improve .netrc handling on Windows and macOS root CA support
- Upgrade to Go 1.25 (requires Linux kernel 3.2+)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
Switch mosh to -std=c++17 to fix compilation with newer Protobuf.
Link with libatomic necessary for MIPS and PowerPC.
Signed-off-by: George Sapkin <george@sapk.in>
Move existing protobuf package to protobuf-compat to support packages that
don't work with modern version of Protobuf.
Install headers and libraries into /usr/protobuf-compat so as not to
confuse other packages with duplicate headers, and to prevent paths
conflicts with non-compat Protobuf.
Install link protoc as protoc-compat.
Signed-off-by: George Sapkin <george@sapk.in>
zabbix-sender and zabbix-get are only build if agentd is built.
Therefore do not allow selection them if the full agentd is not
being built.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Update the build flags to the new spelling required by fish.
The groff directory no longer exists, and the manual pages are never
built, so there's no need to remove them.
The MIPS patch was cherry-picked from upstream and can be dropped.
Signed-off-by: David Adam <zanchey@ucc.gu.uwa.edu.au>
Some SDK/host GCC configurations, when meson invokes cc.preprocess() to
expand fcobjshash.gperf.h, produce output that includes predefined macro
dumps (e.g. #define __STDC__ 1) alongside linemarker lines. The upstream
cutout.py script, which strips CUT_OUT_BEGIN/END-delimited sections from
the preprocessed output before feeding it to gperf, passes these lines
through verbatim into fcobjshash.gperf.
gperf then copies them into the declarations section of fcobjshash.h.
When fcobjs.c includes fcobjshash.h, the compiler encounters #define
redefinitions and stray # tokens, causing a build failure.
Fix cutout.py to skip any line starting with # (C preprocessor
linemarkers and predefined macro definitions) before writing to the
output gperf file.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
1.3.2 (2026-03-09):
* fsck.exfat: add an option to show a progress bar
* mkfs.exfat: discard blocks prior to write outs by default
* mkfs.exfat: add a read-after-write verification for the VBR
* exfatprogs: adjust utility exit codes
* dump.exfat: handle paths including '.', '..', and repeated '/'
* fsck.exfat: convert 0x80 entries into deleted file entries
1.3.1 (2025-12-15):
* fsck.exfat: support repairing the allocation bitmap size
* exfatprogs: temporarily disable building defrag.exfat (data loss)
* libexfat: fix a NULL pointer dereference in read_file_dentry_set()
1.3.0 (2025-10-15):
* defrag.exfat: new tool to defragment an exFAT filesystem
* mkfs.exfat: minimize zero-out initialization in quick format mode
* fsck.exfat: set the entry after an unused entry as unused
* Various bug fixes
Link: https://github.com/exfatprogs/exfatprogs/blob/1.3.2/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Major version update from 1.24.2 to 2.0.1.
Major change: the C++ bindings (libgpgmepp), Qt bindings, and
Python bindings have been split off into separate packages
upstream. The libgpgmepp subpackage is dropped here too; consumers
that need C++ bindings will have to be ported once gpgme++ is
packaged separately.
Changes from 1.24.x -> 2.0.x:
* New gpgme_op_random_bytes / gpgme_op_random_value functions
to get cryptographically strong random data from gpg.
* New decrypt flag to skip actual decryption so that
information about recipients can be retrieved.
* New flag for key generation to mark a (sub)key as group owned.
* gpgme_signers_add: when key was retrieved with fingerprint!'!'
suffix, the requested subkey is used for signing.
* timestamp/expires fields changed from signed long to unsigned
long for better 32bit time_t support.
* Removed long-deprecated gpgme_attr_t enums and functions.
* Removed never-implemented GPGME_EXPORT_MODE_NOUID flag.
* Removed entire trustlist feature.
2.0.1:
* Adjust for changes to the posix test(1) command.
* Extend internal gpgsm_assuan_simple_command to consume diag
output (fixes possible lockup).
Drop --enable-languages=cpp from configure args (no longer
supported), Build/InstallDev no longer copies the C++ headers,
cmake bits or libgpgmepp shared library, and remove the
libgpgmepp Package definition.
Link: https://dev.gnupg.org/source/gpgme/browse/master/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update GnuPG to the current upstream stable release. As listed at
https://gnupg.org/download/, the 2.5.x series is currently 'stable'
while 2.4.x is 'oldstable' (LTS).
Highlights of changes since 2.4.8:
* New OpenPGP key formats: Curve25519 and Curve448 (RFC9580)
* SHA3 family signature support
* Kyber post-quantum hybrid keys
* KEM (Key Encapsulation Mechanism) operations
* dirmngr: improved LDAP and HTTP keyserver support
* scdaemon: better support for new smartcard tokens
* Many bug fixes and security improvements
Link: https://dev.gnupg.org/source/gnupg/browse/master/NEWS
Link: https://gnupg.org/download/release_notes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 1.6.7:
* Fix double increment in DN parser while counting hexdigits.
* Fix a memory leak in the BER decoder's error handling.
* Fix an assertion failure in the OCSP code.
* Support SHA256 based CertIDs in OCSP.
* Use nonstring attribute for gcc-15.
* Remove remaining WindowsCE support.
Link: https://dev.gnupg.org/source/libksba/browse/master/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.4 (13 February 2026):
- pcsc_scan: use different variables for spin running and state
- pcsc_scan: give some time to the spinner thread in spin_start()
- Various ga workflow improvements (Windows artifact upload, etc.)
Link: https://pcsc-tools.apdu.fr/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2.4.1 (1 January 2026):
- Add backward version support on the client side
- Add backward version support on the server side
- hotplug libudev: rescan the USB bus with "pcscd --hotplug"
- fix a value in pcscd.service systemd file
- meson: install systemd files even if libsystemd is not used
2.4.0 (19 October 2025):
- Run pcscd under a pcscd user instead of root when using systemd
- Set PIDFile in systemd service file
- Protect contextMapList modifications using a mutex
- meson: fix libpcsclite.pc, respect default_library option
Link: https://pcsclite.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
0.27.0 includes a number of CVE fixes and many improvements:
Security fixes (0.27.0):
* CVE-2025-13763: Uninitialized memory uses detected by fuzzers
* CVE-2025-49010: Write beyond buffer bounds in GET RESPONSE APDU
* CVE-2025-66215: Write beyond buffer bounds in oberthur driver
* CVE-2025-66038: Read beyond buffer bounds in PIV historical bytes
* CVE-2025-66037: Buffer overrun while parsing SPKI
General improvements:
* Added support for PKCS#11 3.2 in tools and pkcs11-spy/p11test
* Added support for Ed448, X448 mechanisms; improved Edwards and
Montgomery key support.
* Support CKA_PUBKEY_KEY_INFO PKCS#11 attribute.
* Remove obsolete tokend support.
* Correctly detect OS-level FIPS mode in OpenSSL automatically.
* Added support for Brainpool twisted curves.
* EsteID: EstEID 2025, FinEID 4.0/4.1, Latvian IDEMIA Cosmo X & 8.2.
* D-Trust Card 5.1 & 5.4 with PIN change/unblock.
* Belpic: support for belpic applet version 1.8.
* Many other card-specific improvements (OpenPGP, PIV, ...).
0.27.1 is a bug-fix release for infrastructure issues.
Link: https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle