Update PKG_SOURCE_VERSION to 8a4db579f5c88af5a0d036fad34bddc9c1f703f3
(latest upstream main).
oci-runtime-tools is a rolling release without versioned upstream
releases. The new commit brings updated runtime-spec dependencies
and bug fixes accumulated since November 2024.
Link: https://github.com/opencontainers/runtime-tools/compare/f7e3563b...8a4db579
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tracks upstream curl 8.20.0 (April 2026 release).
Changes since 8.14.1 cover six upstream releases (8.15.0 - 8.20.0).
Highlights:
* async-thrdd: use thread queue for resolving
* build: make NTLM disabled by default
* lib: add thread pool and queue
* lib: drop support for < c-ares 1.16.0
* lib: make SMB support opt-in
* multi.h: add CURLMNWC_CLEAR_ALL
* rtmp: drop support
* cmake: drop support for CMake 3.17 and older
* Various TLS, HTTP/3, altsvc and resolver bug fixes.
Link: https://curl.se/changes.html#8_20_0
Link: https://github.com/curl/curl/blob/curl-8_20_0/RELEASE-NOTES
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update to latest upstream release.
Highlights of changes since 1.0.128:
* Added support for Debian 13 (trixie)
* Added support for many new Ubuntu releases (jammy through plucky)
* Improvements to keyring handling
* Various bug fixes and cleanups
Drop PKG_REAL_VERSION and the now-redundant PKG_BUILD_DIR override:
upstream and downstream versions match, so use PKG_VERSION directly
in PKG_SOURCE.
Link: https://salsa.debian.org/installer-team/debootstrap/-/blob/1.0.143/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 2023.4:
* Add automatic signing keys for trixie
* Add Debian Stable Release Key (13/trixie) (ID: 762F67A0B2C39DE4)
* Clean up maintscript removal of ancient archive certificates
* Get rid of team-members/ and signature verification
* Remove buster keys
* Rename keyrings from .gpg to .pgp
* Use OpenPGP instead of GnuPG when referring to the specification
Link: https://salsa.debian.org/release-team/debian-archive-keyring/-/blob/debian/2025.1/debian/changelog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4.99.3 (security release):
* Addresses EXIM-Security-2026-05-01.1: a remotely reachable
Use-After-Free vulnerability in Exim's BDAT (binary data
transmission) body parsing path when using the GnuTLS
backend. This can lead to heap corruption and potential code
execution. Affects 4.97 through 4.99.x when built with GnuTLS
support AND with STARTTLS and CHUNKING advertised.
Reported by xbow security.
Previous security releases folded into this bump:
4.99.2 (security release):
* Addresses Exim-Security-2026-04.1, covering 4 CVEs:
- CVE-2026-40684: Possible crash with malicious DNS data (musl libc)
- CVE-2026-40685: Possible OOB read/write on corrupt JSON in header
- CVE-2026-40686: Possible OOB read with large UTF8 trailing characters
- CVE-2026-40687: Possible OOB read/write with SPA authenticator
4.99.1 (security release):
* Re-incarnation of CVE-2025-26794, ports fixes from 4.98.1/4.98.2.
Link: https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/
Link: https://git.exim.org/exim.git/blob/refs/tags/exim-4.99.3:/doc/doc-txt/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
arm926ej-s (ARMv5) does not have native lock-free atomics and the
toolchain inserts calls to libatomic.so.1 for atomic operations.
The libgstreamer1 DEPENDS only listed armeb, powerpc, mips and mipsel
as needing libatomic, missing plain arm (little-endian 32-bit ARM).
Extend the condition to include arm so the package is properly
declared on all 32-bit ARM targets that require libatomic.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
perlbase-archive, perlbase-pod, and perlbase-test install Perl script
wrappers (ptar, pod2man, prove, etc.) that do not output the OpenWrt
package version string (5.40.0), causing generic version check failures
in CI.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 4.0.0:
- Add Zstandard decompression support for compressed web content
- Improve WolfSSL compatibility and SSL host name validation
- Improve IPv6 address support and Connection header handling
- Drop legacy pcre1 support; PCRE2 is now required
- Fix multiple memory leaks and socket leaks
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 26.1:
- Add SSL/TLS certificate validation for server-server links by default
(new SSLVerify option to disable)
- Add systemd sd_notify protocol support
- Add Autojoin option for automatic channel joining on connect
- Automatically maximize file descriptor limit at startup
- Add Docker/container documentation and Dockerfile
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 2.2.8:
- Fix crash related to FD_SET and socket timeout handling
- Fix build_absolute_url when if_indextoname() returns NULL
- Add support for C23 and glibc 2.43 string function signatures
- Improve poll() usage and C++ compiler compatibility
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes symlink traversal vulnerability (CVE-2025-26625) that allowed
writing files outside the repository on checkout/pull.
Other changes since 3.5.1:
- Add --refetch option to force re-download of LFS objects
- Add --json and --dry-run options for fetch operations
- Improve .netrc handling on Windows and macOS root CA support
- Upgrade to Go 1.25 (requires Linux kernel 3.2+)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
Switch mosh to -std=c++17 to fix compilation with newer Protobuf.
Link with libatomic necessary for MIPS and PowerPC.
Signed-off-by: George Sapkin <george@sapk.in>
Move existing protobuf package to protobuf-compat to support packages that
don't work with modern version of Protobuf.
Install headers and libraries into /usr/protobuf-compat so as not to
confuse other packages with duplicate headers, and to prevent paths
conflicts with non-compat Protobuf.
Install link protoc as protoc-compat.
Signed-off-by: George Sapkin <george@sapk.in>
zabbix-sender and zabbix-get are only build if agentd is built.
Therefore do not allow selection them if the full agentd is not
being built.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Update the build flags to the new spelling required by fish.
The groff directory no longer exists, and the manual pages are never
built, so there's no need to remove them.
The MIPS patch was cherry-picked from upstream and can be dropped.
Signed-off-by: David Adam <zanchey@ucc.gu.uwa.edu.au>
Some SDK/host GCC configurations, when meson invokes cc.preprocess() to
expand fcobjshash.gperf.h, produce output that includes predefined macro
dumps (e.g. #define __STDC__ 1) alongside linemarker lines. The upstream
cutout.py script, which strips CUT_OUT_BEGIN/END-delimited sections from
the preprocessed output before feeding it to gperf, passes these lines
through verbatim into fcobjshash.gperf.
gperf then copies them into the declarations section of fcobjshash.h.
When fcobjs.c includes fcobjshash.h, the compiler encounters #define
redefinitions and stray # tokens, causing a build failure.
Fix cutout.py to skip any line starting with # (C preprocessor
linemarkers and predefined macro definitions) before writing to the
output gperf file.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
1.3.2 (2026-03-09):
* fsck.exfat: add an option to show a progress bar
* mkfs.exfat: discard blocks prior to write outs by default
* mkfs.exfat: add a read-after-write verification for the VBR
* exfatprogs: adjust utility exit codes
* dump.exfat: handle paths including '.', '..', and repeated '/'
* fsck.exfat: convert 0x80 entries into deleted file entries
1.3.1 (2025-12-15):
* fsck.exfat: support repairing the allocation bitmap size
* exfatprogs: temporarily disable building defrag.exfat (data loss)
* libexfat: fix a NULL pointer dereference in read_file_dentry_set()
1.3.0 (2025-10-15):
* defrag.exfat: new tool to defragment an exFAT filesystem
* mkfs.exfat: minimize zero-out initialization in quick format mode
* fsck.exfat: set the entry after an unused entry as unused
* Various bug fixes
Link: https://github.com/exfatprogs/exfatprogs/blob/1.3.2/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Major version update from 1.24.2 to 2.0.1.
Major change: the C++ bindings (libgpgmepp), Qt bindings, and
Python bindings have been split off into separate packages
upstream. The libgpgmepp subpackage is dropped here too; consumers
that need C++ bindings will have to be ported once gpgme++ is
packaged separately.
Changes from 1.24.x -> 2.0.x:
* New gpgme_op_random_bytes / gpgme_op_random_value functions
to get cryptographically strong random data from gpg.
* New decrypt flag to skip actual decryption so that
information about recipients can be retrieved.
* New flag for key generation to mark a (sub)key as group owned.
* gpgme_signers_add: when key was retrieved with fingerprint!'!'
suffix, the requested subkey is used for signing.
* timestamp/expires fields changed from signed long to unsigned
long for better 32bit time_t support.
* Removed long-deprecated gpgme_attr_t enums and functions.
* Removed never-implemented GPGME_EXPORT_MODE_NOUID flag.
* Removed entire trustlist feature.
2.0.1:
* Adjust for changes to the posix test(1) command.
* Extend internal gpgsm_assuan_simple_command to consume diag
output (fixes possible lockup).
Drop --enable-languages=cpp from configure args (no longer
supported), Build/InstallDev no longer copies the C++ headers,
cmake bits or libgpgmepp shared library, and remove the
libgpgmepp Package definition.
Link: https://dev.gnupg.org/source/gpgme/browse/master/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update GnuPG to the current upstream stable release. As listed at
https://gnupg.org/download/, the 2.5.x series is currently 'stable'
while 2.4.x is 'oldstable' (LTS).
Highlights of changes since 2.4.8:
* New OpenPGP key formats: Curve25519 and Curve448 (RFC9580)
* SHA3 family signature support
* Kyber post-quantum hybrid keys
* KEM (Key Encapsulation Mechanism) operations
* dirmngr: improved LDAP and HTTP keyserver support
* scdaemon: better support for new smartcard tokens
* Many bug fixes and security improvements
Link: https://dev.gnupg.org/source/gnupg/browse/master/NEWS
Link: https://gnupg.org/download/release_notes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 1.6.7:
* Fix double increment in DN parser while counting hexdigits.
* Fix a memory leak in the BER decoder's error handling.
* Fix an assertion failure in the OCSP code.
* Support SHA256 based CertIDs in OCSP.
* Use nonstring attribute for gcc-15.
* Remove remaining WindowsCE support.
Link: https://dev.gnupg.org/source/libksba/browse/master/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.4 (13 February 2026):
- pcsc_scan: use different variables for spin running and state
- pcsc_scan: give some time to the spinner thread in spin_start()
- Various ga workflow improvements (Windows artifact upload, etc.)
Link: https://pcsc-tools.apdu.fr/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2.4.1 (1 January 2026):
- Add backward version support on the client side
- Add backward version support on the server side
- hotplug libudev: rescan the USB bus with "pcscd --hotplug"
- fix a value in pcscd.service systemd file
- meson: install systemd files even if libsystemd is not used
2.4.0 (19 October 2025):
- Run pcscd under a pcscd user instead of root when using systemd
- Set PIDFile in systemd service file
- Protect contextMapList modifications using a mutex
- meson: fix libpcsclite.pc, respect default_library option
Link: https://pcsclite.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
0.27.0 includes a number of CVE fixes and many improvements:
Security fixes (0.27.0):
* CVE-2025-13763: Uninitialized memory uses detected by fuzzers
* CVE-2025-49010: Write beyond buffer bounds in GET RESPONSE APDU
* CVE-2025-66215: Write beyond buffer bounds in oberthur driver
* CVE-2025-66038: Read beyond buffer bounds in PIV historical bytes
* CVE-2025-66037: Buffer overrun while parsing SPKI
General improvements:
* Added support for PKCS#11 3.2 in tools and pkcs11-spy/p11test
* Added support for Ed448, X448 mechanisms; improved Edwards and
Montgomery key support.
* Support CKA_PUBKEY_KEY_INFO PKCS#11 attribute.
* Remove obsolete tokend support.
* Correctly detect OS-level FIPS mode in OpenSSL automatically.
* Added support for Brainpool twisted curves.
* EsteID: EstEID 2025, FinEID 4.0/4.1, Latvian IDEMIA Cosmo X & 8.2.
* D-Trust Card 5.1 & 5.4 with PIN change/unblock.
* Belpic: support for belpic applet version 1.8.
* Many other card-specific improvements (OpenPGP, PIV, ...).
0.27.1 is a bug-fix release for infrastructure issues.
Link: https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.1 (4 February 2026):
- Add support of: ACS APG8201-B2, BUDGET E-ID BUD001, CHERRY Smart
Board 1150, CryptnoxCR CryptnoxCR, Diebold Nixdorf PN7362au CCID,
FT BioPass FIDO2 Pro, Nitrokey Nitrokey Passkey
- Add SCARD_CTL_CODE(3601): USB path of the reader
- Some other minor improvements
1.7.0 (2 October 2025):
- Add support of: GIGA-TMS NFC CCID Reader, Identiv SmartOS Reader,
SEC1210URT, TOKEN2 FIDO2 Security Key (multiple variants),
TOKEN2 Molto2 (older version), VIX TECHNOLOGY SECURE READER
- Remove support of SIMHUB pcsc reader
- Give pcscd group permission to CCID devices in udev rule
- Avoid a timeout issue with the Thales Fusion NFC reader
- Provide the option to synchronize the 2 interfaces of a SEC1210
- Some other minor improvements
Link: https://ccid.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update spans 2.4.7 -> 2.5.4. Highlights:
* 2.5.x: Major version with API additions for handling sequencer
client unregistration, MIDI file reading flexibility, soundfont
selectors and sample tuning improvements.
* Various bug fixes for SF3 voice handling, reverb engine
stability, GM/GS/XT mode reset behaviour and audio drivers
(PortAudio, SDL2, Pulseaudio, JACK, OPL).
* Build system fixes including CMake updates and new toolchain
compatibility.
fluidsynth >= 2.5 requires GCEM (a header-only constexpr math
library) at build time. Build-depend on the new 'gcem' package,
which installs the headers and CMake config files into staging
where find_package(GCEM REQUIRED) picks them up. This replaces
upstream's git-submodule / CMake-time-download fallback, neither
of which is acceptable in OpenWrt's offline build model.
gcem is header-only (INTERFACE-only CMake target), so there is
no shared library to link against; the dependency exists at
build time only, expressed as PKG_BUILD_DEPENDS:=gcem.
Link: https://github.com/FluidSynth/fluidsynth/releases/tag/v2.5.4
Link: https://github.com/FluidSynth/fluidsynth/wiki/ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
GCE-Math (Generalized Constant Expression Math) is a templated C++
library enabling compile-time computation of mathematical functions.
It is a header-only library, so this package is BUILDONLY:=1; the
headers and CMake config files land in staging_dir for consumers to
pick up via find_package(GCEM).
Needed as a build dependency for fluidsynth >= 2.5, whose upstream
build expects gcem at configure time and (absent a system copy)
falls back to a CMake-time download from GitHub - which breaks in
offline / restricted-network build environments such as the OpenWrt
CI.
Pinned to commit 012ae73c (2024-04-28), the revision referenced by
fluidsynth 2.5.x's bundled FindGCEM.cmake / git submodule.
CMAKE_POLICY_VERSION_MINIMUM=3.5 is set because upstream's
CMakeLists.txt declares cmake_minimum_required(VERSION 3.1), which
trips current CMake's deprecated-policy guard.
Link: https://github.com/kthohr/gcem
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update from 1.28.1, spanning the 1.29.x, 1.30.x and 1.31.x release
series.
Highlights:
* 1.31.0: New 'high-resolution scroll' API and per-device button
debouncing improvements; tablet pad mode support reworked.
* 1.30.0: Added support for new touchpad and tablet device quirks;
improved gesture detection on multi-touch devices.
* 1.29.0: New configuration knobs for trackpoint acceleration and
improved palm detection.
* Continuous bug fixes and updated device quirks throughout.
Link: https://gitlab.freedesktop.org/libinput/libinput/-/tags/1.31.1
Link: https://wayland.freedesktop.org/libinput/doc/latest/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle