Changes in 0.1.7 (2025-04-07):
* Drop the autotools build system
* Unbreak the CI
* Prevent a crash on disconnect
* Fix building with glibc >= 2.43
* Fix the eavesdrop filtering to prevent message interception
Link: https://github.com/flatpak/xdg-dbus-proxy/blob/0.1.7/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 0.4.16:
0.4.18 (2026-02-16):
* Support for RSA-PSS and RSA-OAEP using keys retrieved using the
PKCS11_get_private_key() libp11 API and the PKCS#11 provider.
* Improved test coverage.
0.4.17 (2026-02-01):
* Ed25519 and Ed448 support (PKCS#11 v3.2).
* Fixed OPENSSL_NO_EC builds.
* Reverted RSA public exponent change from PR #474.
* Fixed crash on module initialization failures.
* Ignoring trailing newlines in pin-source files.
* Initial build fixes for the upcoming OpenSSL 4.x.
Drop the now obsolete 001-fix-install.patch which has been merged
upstream.
Link: https://github.com/OpenSC/libp11/blob/libp11-0.4.18/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Release 5.9.0 (January 16, 2026):
* added: new feature to wvtag to copy tags from one WavPack file
to another
* improved: minor tweaks to the new DNS (dynamic noise shaping)
algorithm
* improved: better handling of specific non-standard WAV and AIFF
files
* improved: added CI (GitHub Actions) and fixed a few minor build
issues
* fixed: --pause option failed in many situations (Windows-only)
* fixed: issues related to encoding from an unknown length
(e.g., pipes)
* fixed: several fuzzer-revealed issues related to multithreading
* fixed: potential buffer overruns in WavpackOpenRawDecoder()
Link: https://github.com/dbry/WavPack/blob/5.9.0/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Major version jump from 1.17.1 to 3.3.2.
libjwt 3.x is a substantial rewrite:
* New backend abstraction supporting OpenSSL, GnuTLS and MbedTLS
crypto libraries (selected at build time).
* New JWK and JWKS APIs for key handling with full RFC 7517 support.
* Improved error handling and reporting.
* EdDSA signature support (Ed25519, Ed448).
* Optional libcurl integration for fetching JWKS from a URL.
* Many API additions while keeping backwards-compatible semantics
for the most common HMAC/RSA/ECDSA operations.
Force OpenSSL backend (-DWITH_GNUTLS=OFF -DWITH_MBEDTLS=OFF) since
libopenssl is already a dependency, avoiding pulling in libgnutls.
Disable -DWITH_TESTS=OFF since the testsuite is not relevant for
embedded targets.
Link: https://github.com/benmcollins/libjwt/releases/tag/v3.3.2
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, release 3
- update PKG_RELEASE to 3
files/etc/init.d/https-dns-proxy:
- refactor nftable rules to explicitly add and flush the table and
chains instead of block replacement
- make nftable `delete table` call silent in `notrack_nft remove`
- update `notrack_nft remove` to check for absence of nftable table
instead of just checking the file
- ensure `notrack_nft remove` sets _error=1 on failure
- ignore dnsmasq instances with port 0 in
`dnsmasq_instance_append_force_dns_port`
tests/run_tests.sh:
- add test case to ensure dnsmasq port 0 is ignored
- update `notrack_nft remove` test to confirm success when both file
and table are absent
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Changes from 5.3.x to 5.4.0:
* Use Mike Haertel's MinRX regular expression matcher by default.
The old regex and dfa engines are still available.
* New @nsinclude directive: like @include but doesn't reset
the namespace to "awk".
* lshift()/rshift() return 0 when shifting more bits than in uintmax_t.
* Persistent memory: store meta-info in backing file; warn on
version mismatch; allow dynamic extensions with persistent memory.
* ordchr extension now supports multibyte / wide characters.
* length(array) is no longer an extension (POSIX 2024); --posix
no longer rejects it and --lint no longer warns.
* --traditional rationalised to match BWK awk behaviour.
* Assertions are now enabled in the C code.
* Hexadecimal floating-point values may now be used in source,
strtonum() and -n/--non-decimal-data option.
* UDP networking support is now deprecated, will be removed in 6.0.
* Reading regular disk input files is somewhat faster (no timeout check).
* Various bug fixes.
Link: https://git.savannah.gnu.org/cgit/gawk.git/plain/NEWS?h=gawk-5.4.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Major version update from 17.5 to 18.3.
PostgreSQL 18 (released September 2025) brings:
* Asynchronous I/O (AIO) for shared buffers, sequential scans,
bitmap heap scans and pg_prewarm.
* Skip scans for B-tree indexes.
* Performance improvements for partition pruning.
* Logical replication: improved replication of generated columns,
protocol version 5.
* Native UUIDv7 support.
* Larger I/O for sequential and parallel scans.
* Concurrent reindex of partitioned tables.
* pg_dump: --filter for selective dumps.
* Numerous SQL/JSON improvements.
* New built-in role pg_signal_autovacuum_worker.
18.3 is the third maintenance release with bug fixes since 18.0.
Drop the now obsolete pg_config_ext.h copy in Build/InstallDev: this
header has been removed upstream in PostgreSQL 18.
Link: https://www.postgresql.org/docs/release/18.0/
Link: https://www.postgresql.org/docs/release/18.3/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump from 2.4.123 to current upstream stable. Required by recent
Mesa, weston, wlroots and other graphics-stack consumers
(wlroots 0.20+ explicitly requires libdrm >= 2.4.129).
Link: https://dri.freedesktop.org/libdrm/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2026-04-06: Version 7.5.5
* New option --error-binary: Return an error if a
binary file is skipped.
* Fix: dos2unix error on empty input. The problem was introduced
in version 7.5.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
0.11.2 (CVE-2026-41163):
* In setuid mode, don't run the low-privileged parts of the setup
as dumpable, as that allows it to be ptraced which can lead to problems.
* New build option -Dsupport_setuid, which if set to false (the default)
disables the support for setuid.
0.11.1:
* Reset disposition of SIGCHLD, restoring normal subprocess management
if bwrap was run from a process that was ignoring that signal.
* Don't ignore --userns 0, --userns2 0 or --pidns 0 if used.
* Fix grammar in an error message and a broken link in the documentation.
Link: https://github.com/containers/bubblewrap/blob/v0.11.2/NEWS.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Maintainer: Rob White rob@blue-wave.net
Compile tested: All
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, mips_24kc,
aarch64_cortex-a53; On 24.10, 25.12 and master/snapshot.
Description: wifi-chipset-detect (1.0.0)
This is a new package that reports in json format the chipset
and driver capabilities of installed wireless hardware.
Developed originally for use where Captive Portal
and Mesh Backhaul networks are being built.
It provides a stand alone script to detect details of the physical
wireless hardware without requiring the radios to be enabled.
There are no dependencies over and above the basic OpenWrt flash image.
It is based on functionality built into the OpenNDS and Mesh11sd packages.
The json formatted output is displayed on the terminal screen.
It is also written to the file /tmp/wifidetect.
This version does not require the Captive Portal
or Mesh network to be running.
Full details can be seen here:
https://github.com/openNDS/wifi-chipset-detect
Signed-off-by: Rob White <rob@blue-wave.net>
Changelog:
- Fix MMDB_open incorrectly rejecting databases with 0-element
map/array fields at the end of metadata (v1.13.3)
- Fix compilation conflict with bswap32/bswap64 macros on macOS 26
Tahoe (v1.13.2)
- Fix validation and edge-case handling in database open path (v1.12.x)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog:
- Security: reject unescaped control characters in JSON strings
- Security: fix use-after-free in Reader::parse()
- Add std::string_view support in the Value API
- Fix string_view ABI mismatch between library and consumers
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update bsbf-resources to the GIT HEAD of 2026-05-06.
- Remove bsbf-route as bsbf-mptcp now includes the functionality it
provides.
- Remove bsbf-plpmtu as that functionality is now provided with the
plp-mtu-discovery package.
- Remove bsbf-tcp-in-udp as it's not a production-ready solution as it is.
- Add bsbf-client-web.
- Update the dependencies of bsbf-mptcp to curl, fping, ip-full, and
mptcpize.
- Remove files/etc/config/bsbf-mptcp as that functionality is now provided
using the /etc/bsbf/bsbf-mptcp-subflow-backup file.
- Remove files/etc/hotplug.d/iface/99-bsbf-mptcp as that functionality is
now provided by the bsbf-mptcp service.
- Update the dependencies of bsbf-bonding to bsbf-client-web, bsbf-mptcp,
bsbf-rate-limiting, and xray-core.
- Get rid of fw4 dependency and 99-bsbf-bonding.nft in favour of
resources-client/bsbf_bonding.nft. Add a oneshot service to apply it at
boot.
- Move from bsbf-openwrt-resources to bsbf-resources directory as we now
install resources-client/xray.json and resources-client/bsbf_bonding.nft.
- Add the bsbf-bonding command.
- Run `bsbf-bonding --enable` at the end on the uci-defaults script.
- Add the tc package as a dependency for bsbf-rate-limiting.
Fixes: https://github.com/openwrt/packages/issues/29306
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The current check would match a uci device section that doesn't say if the
interface is a bridge. Check that the type option is bridge to address
this.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
Fix nftables rule directory creation
- Bump PKG_RELEASE to 2.
files/etc/init.d/https-dns-proxy:
- Add 'mkdir -p' before writing nftables rules to ensure the parent
directory exists. This fixes an issue where the directory might not
exist on initial installation, causing errors.
tests/run_tests.sh:
- Add comprehensive regression tests for notrack_nft.
- Mock 'nft' to track invocations and control return codes for testing.
- Patch 'NOTRACK_NFT_FILE' to a test-specific path for isolated testing.
- Verify 'notrack_nft' correctly creates the parent directory if missing.
- Test content of generated nftables snippet, idempotence, and removal.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
unbound-control-setup is a shell script that generates TLS certificates
for unbound-control; it does not print a version string. The generic CI
test framework cannot verify the version via the binary, causing the
"No executables in the package provided version" failure.
Add a package-specific test.sh that:
- tests unbound-daemon version via 'unbound -V' and config file presence
- tests libunbound shared library presence
- tests unbound-anchor/-checkconf/-control/-host binaries run and
respond to -h without starting the daemon
- tests unbound-control-setup as an installed, executable shell script
containing expected keywords (no version check)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
aserver does not implement --version so the generic CI version check
fails for it. Add a test.sh case that verifies it is present and
executable instead.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Drop 020-string-view.patch: mpd 0.23.17 uses std::string_view directly
in src/tag/GenParseName.cxx, making the patch redundant.
Changes since 0.23.16:
- Optimize the "albumart" command to send larger chunks when available
- Explicitly disallow 'idle' and 'noidle' commands in command lists
- Require libnfs 4.0 or later for NFS storage support
- Trigger inotify database update after symlink creation
- Prefer FFmpeg over sndfile and audiofile for DTS-WAV support
- Add support for libfmt 11.1
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 6.2.1:
- Build without expat by default (switch to picoxml)
- Fix build errors with -Dipv6=false option (issue #142)
- Check size of POST upload data and response data against
g_maxContentLength; change default from 16k to 2MB
- Use IPv6 socket when looking for an available port with IPv6 enabled
- Fix MHD start error handling to not delete minisocket array prematurely
- Remove code assuming different v4/v6 listening ports
- Add per-subsystem debug logging control via environment variable
- SSDP code cleanups and header removal
- Fix win32 compile issue (setsockopt args)
- Avoid leaking private headers to consumers via meson build
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Security fixes:
- Fix MSL/SVG parsers to use libxml2 SAX handlers, removing archaic
cruft with potential security issues
- Fix JP2 Jasper max_samples calculation to avoid DoS via huge images
- Apply image dimension resource limits and fix heap write overflow in JXL
- Fix WPG palette buffer allocation (SF bug #750)
- Fix ColorFloodfillImage() to error when clip-mask is present
Bug fixes:
- Fix JPEG CMYK inversion regression introduced in 1.3.43
- Re-implement PNG8 writer with correct indexed-color and binary transparency
- Re-write HEIF reader (AVIF, HEIC) based on heif_image_get_plane_readonly2(),
adding deep image support and YCbCr/monochrome output
- Fix Hull transform arithmetic overflow regression from Oct 2023
- Fix -crop percentage tiling regression
- Re-enable EXPERIMENTAL_EXIF_TAGS by default with known issues fixed
- Fix Magick++ thread safety regression since 2003 (pthreads support)
New features:
- Add support for newer Artifex urw-base35-fonts (OpenType and Type 1)
- Add ImagesResource limit to control simultaneous loaded images
- Add EXIF Version 3.0 decoding and validation
- Add preliminary MP4 coder with HEIF sequence support
- Require C99 compiler compatibility in build infrastructure
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The test only checked for .so file existence, which is already
verified by the generic tests (symlink validity + linked libraries).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 4.0.1 to 4.10.1. Notable changes across releases:
- 4.10.1: switch to cProfile (profile module deprecated in Python 3.15);
fix Literal membership tests and sequence type handling
- 4.10.0: fix MSVC initialization delays in GitHub Actions; fix variant
directory components in CompilationDatabase; improve Ninja quoting
- 4.9.0: drop Python 3.6 support; add comprehensive type hints for Node
classes; add clang/clang++ to default tool search order; support binary
and octal integer constants in C preprocessor
- 4.8.0: replace black/flake8 with ruff; add MSVC_TOOLSET_VERSION,
MSVC_SDK_VERSION, MSVC_SPECTRE_LIBS construction variables
- 4.7.0: make NewParallel scheduler the default; CacheDir writes execute
in parallel outside taskmaster critical section; add Python 3.13 support
- 4.6.0: add Visual Studio 2026 and ARM64 host configuration support;
enhanced type hints throughout Environment and Node classes
- 4.5.0: add ValidateOptions(); refactor Taskmaster into a package;
migrate to Python's logging module; extend ninja tool with daemon support
- 4.4.0: add MSVC_USE_SETTINGS and multiple MSVC configuration variables;
implement global policy settings for MSVC version handling
- 4.3.0: add SConsEnvironmentError exception; improved MSVC detection;
Python 3.12 compatibility fixes
- 4.2.0: Performance improvements in Node processing; improved MSVC
support for VS 2022; better parallel build handling
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 17.00.0004 (2024-12-09) to 18.00.0001 (2026-03-23).
This is a major version bump to the 18.x series, aligning with
PostgreSQL 18 support. Switch from a fixed git commit to the
18.00.0001 tagged release.
Add test.sh to verify the psqlodbca and psqlodbcw shared libraries
are present after installation.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 1.27.0 to 1.28.0, tracking the MicroPython 1.28.0 release.
Add version check to test.sh using importlib.metadata to verify the
installed package version matches the expected version string.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 6.10.1 to 6.19.0. Notable changes:
- 6.19.0: fix log sunit automatic configuration in mkfs; fix data
corruption bug in libxfs_file_write; fix various memory leaks; improve
realtime subvolume info in xfs_io statfs
- 6.18.0: adjust nr_zones for zoned filesystems on conventional devices
in mkfs; fix xfs_logprint pointer bugs; fix mdrestore superblock length
check; add 2025 LTS config
- 6.16.0: atomic write enhancements for maximum atomic write limits at
mount time; refactor log recovery infrastructure; remove experimental
warnings from xfs_scrub
- 6.13.0: comprehensive metadata directory support in xfs_repair, xfs_db,
and mkfs; realtime group support with new RT group structures; quota
inodes use metadata directory infrastructure; realtime space quotas
- 6.12.0: realtime device support in xfs_db; file range commit ioctls
with atomic write statx fields; modernize perag lookup to xarray;
require -std=gnu11 for compilation
Add test.sh to verify xfs-mkfs and xfs-fsck report the correct version
and xfs-admin/xfs-growfs produce expected help output.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Daniel Golle