The upstream repository was renamed from checksec.sh to checksec and the
main script was renamed from checksec to checksec.bash (still installed as
/usr/bin/checksec). The checksec_automator subpackage was removed upstream,
so drop it. Update PKG_NAME accordingly and adjust the install rule.
Changelog: https://github.com/slimm609/checksec/releases/tag/3.1.0
Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update test.sh to use $2 (positional version argument) instead of the
$PKG_VERSION environment variable, and add a check that the alternative
binary /usr/libexec/less-gnu is present.
Changelog: https://www.greenwoodsoftware.com/less/news.692.html
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove <linux/prctl.h> from backend.c via Build/Prepare sed: both
<linux/prctl.h> and <sys/prctl.h> define struct prctl_mm_map in newer
musl toolchains, causing a redefinition build error. sys/prctl.h alone
provides everything fio needs.
Changelog: https://github.com/axboe/fio/blob/fio-3.42/HOWTO.rst
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update LVM2 from 2.03.33 to 2.03.40, bundled libdm from 1.02.207 to
1.02.209.
LVM2 highlights since 2.03.33:
2.03.40 (28th April 2026):
* Many bug fixes and memory/lock leak fixes throughout the
tree (vgcreate, vgmerge, vgimportclone, pvscan, raid, dmeventd,
pvmove, lvmpolld).
* Validate area_count and metadata sizes to prevent overflows.
* Fix percent_check threshold stuck above 100% in dmeventd
thin/vdo plugins.
* Pre-create udev cookie before critical section to avoid
resume failures.
2.03.39 (13th March 2026):
* Support --interval +N to delay first poll in pvmove and lvpoll.
* Add atomic leases using Compare and Write (CAW) to lvmlockd.
* Add lvm-index(7), lvm-categories(7), lvm-args(7) man pages.
* Show active cache mode in kernel table line (lvs -o kernel_cache_mode).
* Switch from internal device_mapper library to libdm.
2.03.34 - 2.03.38:
* Persistent reservation support on a VG; VG attr character + pr
field on vgs reflecting persistent reservation status.
* dmeventd: restart with no monitored devices, no actions on
removed devices.
* Various filter, integrity, cache, raid and pvmove fixes.
libdm changes since 1.02.207 (1.02.208 / 1.02.209) consist purely
of internal cleanups and version bumps; no user-visible changes
documented in WHATS_NEW_DM.
Link: https://gitlab.com/lvmteam/lvm2/-/blob/v2_03_40/WHATS_NEW
Link: https://gitlab.com/lvmteam/lvm2/-/blob/v2_03_40/WHATS_NEW_DM
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stable bug-fix release. All users of cryptsetup 2.8.x must upgrade.
Changes since 2.8.4:
* Fix FileVault (fvault2) metadata parsing crash with crafted images.
Reported by David Pokora (Trail of Bits/Anthropic).
* Fix reading FileVault image metadata from incorrect image offset.
* OpenSSL backend: increase the number of allowed threads to 64
(workaround for parallel Argon2 PBKDF deadlock).
* Fix LUKS2 reencryption lock name when the device is being reencrypted.
* Check UUID of the resumed device to match UUID stored in metadata.
* Add a specific error for failed detached header allocation.
* Fix tests not to use aes-generic kernel cipher name (Linux 7.0+).
* Fix OpenSSL crypto backend if built with LibreSSL.
* Several compatibility fixes to the alternative Meson configuration.
* Various code fixes based on AI-assisted reviews (memory wiping,
error paths, integrity sector overflow, device-mapper flags, ...).
Link: https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.8.6/docs/v2.8.6-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes in 0.1.7 (2025-04-07):
* Drop the autotools build system
* Unbreak the CI
* Prevent a crash on disconnect
* Fix building with glibc >= 2.43
* Fix the eavesdrop filtering to prevent message interception
Link: https://github.com/flatpak/xdg-dbus-proxy/blob/0.1.7/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes from 5.3.x to 5.4.0:
* Use Mike Haertel's MinRX regular expression matcher by default.
The old regex and dfa engines are still available.
* New @nsinclude directive: like @include but doesn't reset
the namespace to "awk".
* lshift()/rshift() return 0 when shifting more bits than in uintmax_t.
* Persistent memory: store meta-info in backing file; warn on
version mismatch; allow dynamic extensions with persistent memory.
* ordchr extension now supports multibyte / wide characters.
* length(array) is no longer an extension (POSIX 2024); --posix
no longer rejects it and --lint no longer warns.
* --traditional rationalised to match BWK awk behaviour.
* Assertions are now enabled in the C code.
* Hexadecimal floating-point values may now be used in source,
strtonum() and -n/--non-decimal-data option.
* UDP networking support is now deprecated, will be removed in 6.0.
* Reading regular disk input files is somewhat faster (no timeout check).
* Various bug fixes.
Link: https://git.savannah.gnu.org/cgit/gawk.git/plain/NEWS?h=gawk-5.4.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2026-04-06: Version 7.5.5
* New option --error-binary: Return an error if a
binary file is skipped.
* Fix: dos2unix error on empty input. The problem was introduced
in version 7.5.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
0.11.2 (CVE-2026-41163):
* In setuid mode, don't run the low-privileged parts of the setup
as dumpable, as that allows it to be ptraced which can lead to problems.
* New build option -Dsupport_setuid, which if set to false (the default)
disables the support for setuid.
0.11.1:
* Reset disposition of SIGCHLD, restoring normal subprocess management
if bwrap was run from a process that was ignoring that signal.
* Don't ignore --userns 0, --userns2 0 or --pidns 0 if used.
* Fix grammar in an error message and a broken link in the documentation.
Link: https://github.com/containers/bubblewrap/blob/v0.11.2/NEWS.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update from 1.27.0 to 1.28.0, tracking the MicroPython 1.28.0 release.
Add version check to test.sh using importlib.metadata to verify the
installed package version matches the expected version string.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 6.10.1 to 6.19.0. Notable changes:
- 6.19.0: fix log sunit automatic configuration in mkfs; fix data
corruption bug in libxfs_file_write; fix various memory leaks; improve
realtime subvolume info in xfs_io statfs
- 6.18.0: adjust nr_zones for zoned filesystems on conventional devices
in mkfs; fix xfs_logprint pointer bugs; fix mdrestore superblock length
check; add 2025 LTS config
- 6.16.0: atomic write enhancements for maximum atomic write limits at
mount time; refactor log recovery infrastructure; remove experimental
warnings from xfs_scrub
- 6.13.0: comprehensive metadata directory support in xfs_repair, xfs_db,
and mkfs; realtime group support with new RT group structures; quota
inodes use metadata directory infrastructure; realtime space quotas
- 6.12.0: realtime device support in xfs_db; file range commit ioctls
with atomic write statx fields; modernize perag lookup to xarray;
require -std=gnu11 for compilation
Add test.sh to verify xfs-mkfs and xfs-fsck report the correct version
and xfs-admin/xfs-growfs produce expected help output.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
MinOZW does not implement any --version flag, so skip the generic
version check. Just verify the binary is present and executable.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
boost::asio::post() without an explicit executor fails to compile with
Boost >= 1.82 due to changes in the executor model: bare lambdas no
longer have an implicit system executor that satisfies the
blocking.never requirement.
Pass io_context_ explicitly as the first argument so the handler is
dispatched on the correct io_context thread, which is the original
intent of the call (making stop() safe to call from any thread).
Add test.sh
domoticz is a daemon requiring a database and network port; it does not
implement a --version flag. Verify the binary is present and executable.
Disable LTO to fix link failure on i386 with musl fortify
Suggested via https://github.com/openwrt/packages/pull/29239
Also tested.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
update to version v4.10, disable building gnulib-tests to avoid
compilation errors.
Add --disable-xattr to CONFIGURE_ARGS to avoid linking an unneeded
dependency.
Changes in sed since v4.9, from NEWS:
** Bug fixes
sed 's/a/b/g' (and other global substitutions) now works on input
lines longer than 2GB. Previously, matches beyond the 2^31 byte offset
would evoke a "panic" (exit 4).
[bug present since the beginning]
'sed --follow-symlinks -i' no longer has a TOCTOU race that could let
an attacker swap a symlink between resolution and open, causing sed to
read attacker-chosen content and write it to the original target.
[bug introduced in sed 4.1e]
sed no longer falsely matches when back-references are combined with
optional groups (.?) and the $ anchor. For example, this no longer
falsely matches the empty string at beginning of line:
$ echo ab | sed -E 's/^(.?)(.?).?\2\1$/X/'
Xab
[bug present since "the beginning"]
In --posix mode, sed no longer mishandles backslash escapes (\n,
\t, \a, etc.) after a named character class like [[:alpha:]].
For example, 's/^A\n[[:alpha:]]\n*/XXX/' would fail to match the
trailing newline, treating \n as a literal backslash and an 'n'
rather than a newline. This happened when an earlier backslash
escape in the same regex had already been converted, shifting the
in-place normalization buffer.
[bug introduced in sed 4.9]
sed --debug no longer crashes when a label (":") command is compiled
before the --debug option is processed, e.g., sed -f<(...) --debug.
[bug introduced in sed 4.7 with --debug]
sed no longer rejects the documented GNU extension 'a**' (equivalent
to 'a*') in Basic Regular Expression (BRE) mode. Previously, this
worked only with -E (ERE mode), even though grep has always accepted
it in BRE mode.
[bug present since "the beginning"]
sed no longer rejects "\c[" in regular expressions
[bug present since the beginning]
'sed --follow-symlinks -i' no longer mishandles an operand that is a
short symbolic link to a long symbolic link to a file.
[bug introduced in sed 4.9]
Fix some some longstanding but unlikely integer overflows.
Internally, 'sed' now more often prefers signed integer arithmetic,
which can be checked automatically via 'gcc -fsanitize=undefined'.
** Changes in behavior
In the default C locale, diagnostics now quote 'like this' (with
apostrophes) instead of `like this' (with a grave accent and an
apostrophe). This tracks the GNU coding standards.
'sed --posix' now warns about uses of backslashes in the 's' command
that are handled by GNU sed but are not portable to other
implementations.
** Build-related
builds no longer fail on platforms without the <getopt.h> header or
getopt_long function.
[bug introduced in sed 4.9]
Signed-off-by: Russell Senior <russell@personaltelco.net>
zstdgrep and zstdless are shell script wrappers that do not output a
version string, so the generic CI version check fails for them. Add a
test.sh case that verifies they are present and executable instead.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
dbus-utils utilities do not implement --version so the generic CI
version check fails for them. Add a test.sh case that verifies the
binaries are present and executable instead.
dbus-utils: dbus-monitor, dbus-send, dbus-test-tool
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Several bluez utilities do not implement --version so the generic CI
version check fails for them. Add test.sh cases that verify the
binaries are present and executable instead.
bluez-daemon: obexd
bluez-utils: bdaddr, ciptool, hciattach, hciconfig, l2ping, l2test, rctest
bluez-utils-extra: gatttool
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes in 3.10:
- general bug fixes from libsepol (bounds statements in optional
blocks, type attribute handling in role-types rule, NULL dereference
and use-after-free fixes)
- treewide: add .clang-format configuration file
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes in 3.10:
- python/sepolicy: add support for DNF5
- sandbox/seunshare: replace system() with execv() to prevent shell
injection vulnerability
- seunshare: always use translations when printing
- setfiles: add -A option to disable SELINUX_RESTORECON_ADD_ASSOC
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The generic CI test fails for /usr/bin/attr because that binary does
not implement --version. getfattr and setfattr do, so test those for
the version string and only verify attr is present and executable.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Add --no-build-isolation to PYTHON_SETUP_ARGS. Without it, pip creates
an isolated build environment which fails during cross-compilation
because _sysconfigdata is missing for the target arch.
Add test.sh verifying python3-sepolgen module loads correctly and
selinux-audit2allow binary is functional.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Seems a lot of packages are just getting abandoned by people.
Will pick these up and see them through.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The link flag makes the main program depend on liblua in official
package feeds, even if collectd-mod-lua is not installed.
The plugin is already linked against liblua.so, so this can be removed.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
[added PKG_RELEASE bump]
Watchcat was failing to restart layer-3 interfaces when in mode
'restart_iface'. The previously attempted fix made the situation
worse in that it resulted in layer 2 interfaces also failing to
start.
This was because we are passed the interface name (e.g. eth0,
l2p0, or br-lan), but ifup needs the logical network (e.g. 'lan'
which corresponds to the network device).
Update to use find_config from /lib/network/config.sh to find the
logical network from the interface name, and use ifup on the
logical network to restart the underlying interface(s) associated
with the logical network.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Wei-Ting Yang