The binary does not report the OpenWrt package version (2023.06.11~ab78c48f);
override the generic version check with test-version.sh.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The git archive hash changed due to .gitattributes normalization in the
upstream repository. Update PKG_MIRROR_HASH to the current value.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Major version jump from 1.1.1 covering the 1.2.x - 1.9.x series.
Highlights:
- portmap: implement netfilter (nft) backend; bandwidth: optimization
- bridge: support "vlanTrunk" property and DAD/PVID support
- macvlan: support "linkInContainer" mode
- ipvlan: support "linkInContainer" mode
- dhcp: support DHCP option 121 classless static routes
- host-local: handle ranges with single IP
- firewall: support "ingressPolicy" with iptables and nftables
- tuning: allow specifying tx queue length
- Go module bumps including security fixes
- Minimum Go version: 1.23
Link: https://github.com/containernetworking/plugins/releases/tag/v1.9.1
Link: https://github.com/containernetworking/plugins/blob/v1.9.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update PKG_SOURCE_VERSION to 8a4db579f5c88af5a0d036fad34bddc9c1f703f3
(latest upstream main).
oci-runtime-tools is a rolling release without versioned upstream
releases. The new commit brings updated runtime-spec dependencies
and bug fixes accumulated since November 2024.
Link: https://github.com/opencontainers/runtime-tools/compare/f7e3563b...8a4db579
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update the build flags to the new spelling required by fish.
The groff directory no longer exists, and the manual pages are never
built, so there's no need to remove them.
The MIPS patch was cherry-picked from upstream and can be dropped.
Signed-off-by: David Adam <zanchey@ucc.gu.uwa.edu.au>
Some SDK/host GCC configurations, when meson invokes cc.preprocess() to
expand fcobjshash.gperf.h, produce output that includes predefined macro
dumps (e.g. #define __STDC__ 1) alongside linemarker lines. The upstream
cutout.py script, which strips CUT_OUT_BEGIN/END-delimited sections from
the preprocessed output before feeding it to gperf, passes these lines
through verbatim into fcobjshash.gperf.
gperf then copies them into the declarations section of fcobjshash.h.
When fcobjs.c includes fcobjshash.h, the compiler encounters #define
redefinitions and stray # tokens, causing a build failure.
Fix cutout.py to skip any line starting with # (C preprocessor
linemarkers and predefined macro definitions) before writing to the
output gperf file.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
1.3.2 (2026-03-09):
* fsck.exfat: add an option to show a progress bar
* mkfs.exfat: discard blocks prior to write outs by default
* mkfs.exfat: add a read-after-write verification for the VBR
* exfatprogs: adjust utility exit codes
* dump.exfat: handle paths including '.', '..', and repeated '/'
* fsck.exfat: convert 0x80 entries into deleted file entries
1.3.1 (2025-12-15):
* fsck.exfat: support repairing the allocation bitmap size
* exfatprogs: temporarily disable building defrag.exfat (data loss)
* libexfat: fix a NULL pointer dereference in read_file_dentry_set()
1.3.0 (2025-10-15):
* defrag.exfat: new tool to defragment an exFAT filesystem
* mkfs.exfat: minimize zero-out initialization in quick format mode
* fsck.exfat: set the entry after an unused entry as unused
* Various bug fixes
Link: https://github.com/exfatprogs/exfatprogs/blob/1.3.2/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update GnuPG to the current upstream stable release. As listed at
https://gnupg.org/download/, the 2.5.x series is currently 'stable'
while 2.4.x is 'oldstable' (LTS).
Highlights of changes since 2.4.8:
* New OpenPGP key formats: Curve25519 and Curve448 (RFC9580)
* SHA3 family signature support
* Kyber post-quantum hybrid keys
* KEM (Key Encapsulation Mechanism) operations
* dirmngr: improved LDAP and HTTP keyserver support
* scdaemon: better support for new smartcard tokens
* Many bug fixes and security improvements
Link: https://dev.gnupg.org/source/gnupg/browse/master/NEWS
Link: https://gnupg.org/download/release_notes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.4 (13 February 2026):
- pcsc_scan: use different variables for spin running and state
- pcsc_scan: give some time to the spinner thread in spin_start()
- Various ga workflow improvements (Windows artifact upload, etc.)
Link: https://pcsc-tools.apdu.fr/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2.4.1 (1 January 2026):
- Add backward version support on the client side
- Add backward version support on the server side
- hotplug libudev: rescan the USB bus with "pcscd --hotplug"
- fix a value in pcscd.service systemd file
- meson: install systemd files even if libsystemd is not used
2.4.0 (19 October 2025):
- Run pcscd under a pcscd user instead of root when using systemd
- Set PIDFile in systemd service file
- Protect contextMapList modifications using a mutex
- meson: fix libpcsclite.pc, respect default_library option
Link: https://pcsclite.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
0.27.0 includes a number of CVE fixes and many improvements:
Security fixes (0.27.0):
* CVE-2025-13763: Uninitialized memory uses detected by fuzzers
* CVE-2025-49010: Write beyond buffer bounds in GET RESPONSE APDU
* CVE-2025-66215: Write beyond buffer bounds in oberthur driver
* CVE-2025-66038: Read beyond buffer bounds in PIV historical bytes
* CVE-2025-66037: Buffer overrun while parsing SPKI
General improvements:
* Added support for PKCS#11 3.2 in tools and pkcs11-spy/p11test
* Added support for Ed448, X448 mechanisms; improved Edwards and
Montgomery key support.
* Support CKA_PUBKEY_KEY_INFO PKCS#11 attribute.
* Remove obsolete tokend support.
* Correctly detect OS-level FIPS mode in OpenSSL automatically.
* Added support for Brainpool twisted curves.
* EsteID: EstEID 2025, FinEID 4.0/4.1, Latvian IDEMIA Cosmo X & 8.2.
* D-Trust Card 5.1 & 5.4 with PIN change/unblock.
* Belpic: support for belpic applet version 1.8.
* Many other card-specific improvements (OpenPGP, PIV, ...).
0.27.1 is a bug-fix release for infrastructure issues.
Link: https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1.7.1 (4 February 2026):
- Add support of: ACS APG8201-B2, BUDGET E-ID BUD001, CHERRY Smart
Board 1150, CryptnoxCR CryptnoxCR, Diebold Nixdorf PN7362au CCID,
FT BioPass FIDO2 Pro, Nitrokey Nitrokey Passkey
- Add SCARD_CTL_CODE(3601): USB path of the reader
- Some other minor improvements
1.7.0 (2 October 2025):
- Add support of: GIGA-TMS NFC CCID Reader, Identiv SmartOS Reader,
SEC1210URT, TOKEN2 FIDO2 Security Key (multiple variants),
TOKEN2 Molto2 (older version), VIX TECHNOLOGY SECURE READER
- Remove support of SIMHUB pcsc reader
- Give pcscd group permission to CCID devices in udev rule
- Avoid a timeout issue with the Thales Fusion NFC reader
- Provide the option to synchronize the 2 interfaces of a SEC1210
- Some other minor improvements
Link: https://ccid.apdu.fr/files/ChangeLog
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The upstream repository was renamed from checksec.sh to checksec and the
main script was renamed from checksec to checksec.bash (still installed as
/usr/bin/checksec). The checksec_automator subpackage was removed upstream,
so drop it. Update PKG_NAME accordingly and adjust the install rule.
Changelog: https://github.com/slimm609/checksec/releases/tag/3.1.0
Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update test.sh to use $2 (positional version argument) instead of the
$PKG_VERSION environment variable, and add a check that the alternative
binary /usr/libexec/less-gnu is present.
Changelog: https://www.greenwoodsoftware.com/less/news.692.html
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove <linux/prctl.h> from backend.c via Build/Prepare sed: both
<linux/prctl.h> and <sys/prctl.h> define struct prctl_mm_map in newer
musl toolchains, causing a redefinition build error. sys/prctl.h alone
provides everything fio needs.
Changelog: https://github.com/axboe/fio/blob/fio-3.42/HOWTO.rst
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update LVM2 from 2.03.33 to 2.03.40, bundled libdm from 1.02.207 to
1.02.209.
LVM2 highlights since 2.03.33:
2.03.40 (28th April 2026):
* Many bug fixes and memory/lock leak fixes throughout the
tree (vgcreate, vgmerge, vgimportclone, pvscan, raid, dmeventd,
pvmove, lvmpolld).
* Validate area_count and metadata sizes to prevent overflows.
* Fix percent_check threshold stuck above 100% in dmeventd
thin/vdo plugins.
* Pre-create udev cookie before critical section to avoid
resume failures.
2.03.39 (13th March 2026):
* Support --interval +N to delay first poll in pvmove and lvpoll.
* Add atomic leases using Compare and Write (CAW) to lvmlockd.
* Add lvm-index(7), lvm-categories(7), lvm-args(7) man pages.
* Show active cache mode in kernel table line (lvs -o kernel_cache_mode).
* Switch from internal device_mapper library to libdm.
2.03.34 - 2.03.38:
* Persistent reservation support on a VG; VG attr character + pr
field on vgs reflecting persistent reservation status.
* dmeventd: restart with no monitored devices, no actions on
removed devices.
* Various filter, integrity, cache, raid and pvmove fixes.
libdm changes since 1.02.207 (1.02.208 / 1.02.209) consist purely
of internal cleanups and version bumps; no user-visible changes
documented in WHATS_NEW_DM.
Link: https://gitlab.com/lvmteam/lvm2/-/blob/v2_03_40/WHATS_NEW
Link: https://gitlab.com/lvmteam/lvm2/-/blob/v2_03_40/WHATS_NEW_DM
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stable bug-fix release. All users of cryptsetup 2.8.x must upgrade.
Changes since 2.8.4:
* Fix FileVault (fvault2) metadata parsing crash with crafted images.
Reported by David Pokora (Trail of Bits/Anthropic).
* Fix reading FileVault image metadata from incorrect image offset.
* OpenSSL backend: increase the number of allowed threads to 64
(workaround for parallel Argon2 PBKDF deadlock).
* Fix LUKS2 reencryption lock name when the device is being reencrypted.
* Check UUID of the resumed device to match UUID stored in metadata.
* Add a specific error for failed detached header allocation.
* Fix tests not to use aes-generic kernel cipher name (Linux 7.0+).
* Fix OpenSSL crypto backend if built with LibreSSL.
* Several compatibility fixes to the alternative Meson configuration.
* Various code fixes based on AI-assisted reviews (memory wiping,
error paths, integrity sector overflow, device-mapper flags, ...).
Link: https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.8.6/docs/v2.8.6-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes in 0.1.7 (2025-04-07):
* Drop the autotools build system
* Unbreak the CI
* Prevent a crash on disconnect
* Fix building with glibc >= 2.43
* Fix the eavesdrop filtering to prevent message interception
Link: https://github.com/flatpak/xdg-dbus-proxy/blob/0.1.7/NEWS
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes from 5.3.x to 5.4.0:
* Use Mike Haertel's MinRX regular expression matcher by default.
The old regex and dfa engines are still available.
* New @nsinclude directive: like @include but doesn't reset
the namespace to "awk".
* lshift()/rshift() return 0 when shifting more bits than in uintmax_t.
* Persistent memory: store meta-info in backing file; warn on
version mismatch; allow dynamic extensions with persistent memory.
* ordchr extension now supports multibyte / wide characters.
* length(array) is no longer an extension (POSIX 2024); --posix
no longer rejects it and --lint no longer warns.
* --traditional rationalised to match BWK awk behaviour.
* Assertions are now enabled in the C code.
* Hexadecimal floating-point values may now be used in source,
strtonum() and -n/--non-decimal-data option.
* UDP networking support is now deprecated, will be removed in 6.0.
* Reading regular disk input files is somewhat faster (no timeout check).
* Various bug fixes.
Link: https://git.savannah.gnu.org/cgit/gawk.git/plain/NEWS?h=gawk-5.4.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2026-04-06: Version 7.5.5
* New option --error-binary: Return an error if a
binary file is skipped.
* Fix: dos2unix error on empty input. The problem was introduced
in version 7.5.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
0.11.2 (CVE-2026-41163):
* In setuid mode, don't run the low-privileged parts of the setup
as dumpable, as that allows it to be ptraced which can lead to problems.
* New build option -Dsupport_setuid, which if set to false (the default)
disables the support for setuid.
0.11.1:
* Reset disposition of SIGCHLD, restoring normal subprocess management
if bwrap was run from a process that was ignoring that signal.
* Don't ignore --userns 0, --userns2 0 or --pidns 0 if used.
* Fix grammar in an error message and a broken link in the documentation.
Link: https://github.com/containers/bubblewrap/blob/v0.11.2/NEWS.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update from 1.27.0 to 1.28.0, tracking the MicroPython 1.28.0 release.
Add version check to test.sh using importlib.metadata to verify the
installed package version matches the expected version string.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 6.10.1 to 6.19.0. Notable changes:
- 6.19.0: fix log sunit automatic configuration in mkfs; fix data
corruption bug in libxfs_file_write; fix various memory leaks; improve
realtime subvolume info in xfs_io statfs
- 6.18.0: adjust nr_zones for zoned filesystems on conventional devices
in mkfs; fix xfs_logprint pointer bugs; fix mdrestore superblock length
check; add 2025 LTS config
- 6.16.0: atomic write enhancements for maximum atomic write limits at
mount time; refactor log recovery infrastructure; remove experimental
warnings from xfs_scrub
- 6.13.0: comprehensive metadata directory support in xfs_repair, xfs_db,
and mkfs; realtime group support with new RT group structures; quota
inodes use metadata directory infrastructure; realtime space quotas
- 6.12.0: realtime device support in xfs_db; file range commit ioctls
with atomic write statx fields; modernize perag lookup to xarray;
require -std=gnu11 for compilation
Add test.sh to verify xfs-mkfs and xfs-fsck report the correct version
and xfs-admin/xfs-growfs produce expected help output.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
MinOZW does not implement any --version flag, so skip the generic
version check. Just verify the binary is present and executable.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
boost::asio::post() without an explicit executor fails to compile with
Boost >= 1.82 due to changes in the executor model: bare lambdas no
longer have an implicit system executor that satisfies the
blocking.never requirement.
Pass io_context_ explicitly as the first argument so the handler is
dispatched on the correct io_context thread, which is the original
intent of the call (making stop() safe to call from any thread).
Add test.sh
domoticz is a daemon requiring a database and network port; it does not
implement a --version flag. Verify the binary is present and executable.
Disable LTO to fix link failure on i386 with musl fortify
Suggested via https://github.com/openwrt/packages/pull/29239
Also tested.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
update to version v4.10, disable building gnulib-tests to avoid
compilation errors.
Add --disable-xattr to CONFIGURE_ARGS to avoid linking an unneeded
dependency.
Changes in sed since v4.9, from NEWS:
** Bug fixes
sed 's/a/b/g' (and other global substitutions) now works on input
lines longer than 2GB. Previously, matches beyond the 2^31 byte offset
would evoke a "panic" (exit 4).
[bug present since the beginning]
'sed --follow-symlinks -i' no longer has a TOCTOU race that could let
an attacker swap a symlink between resolution and open, causing sed to
read attacker-chosen content and write it to the original target.
[bug introduced in sed 4.1e]
sed no longer falsely matches when back-references are combined with
optional groups (.?) and the $ anchor. For example, this no longer
falsely matches the empty string at beginning of line:
$ echo ab | sed -E 's/^(.?)(.?).?\2\1$/X/'
Xab
[bug present since "the beginning"]
In --posix mode, sed no longer mishandles backslash escapes (\n,
\t, \a, etc.) after a named character class like [[:alpha:]].
For example, 's/^A\n[[:alpha:]]\n*/XXX/' would fail to match the
trailing newline, treating \n as a literal backslash and an 'n'
rather than a newline. This happened when an earlier backslash
escape in the same regex had already been converted, shifting the
in-place normalization buffer.
[bug introduced in sed 4.9]
sed --debug no longer crashes when a label (":") command is compiled
before the --debug option is processed, e.g., sed -f<(...) --debug.
[bug introduced in sed 4.7 with --debug]
sed no longer rejects the documented GNU extension 'a**' (equivalent
to 'a*') in Basic Regular Expression (BRE) mode. Previously, this
worked only with -E (ERE mode), even though grep has always accepted
it in BRE mode.
[bug present since "the beginning"]
sed no longer rejects "\c[" in regular expressions
[bug present since the beginning]
'sed --follow-symlinks -i' no longer mishandles an operand that is a
short symbolic link to a long symbolic link to a file.
[bug introduced in sed 4.9]
Fix some some longstanding but unlikely integer overflows.
Internally, 'sed' now more often prefers signed integer arithmetic,
which can be checked automatically via 'gcc -fsanitize=undefined'.
** Changes in behavior
In the default C locale, diagnostics now quote 'like this' (with
apostrophes) instead of `like this' (with a grave accent and an
apostrophe). This tracks the GNU coding standards.
'sed --posix' now warns about uses of backslashes in the 's' command
that are handled by GNU sed but are not portable to other
implementations.
** Build-related
builds no longer fail on platforms without the <getopt.h> header or
getopt_long function.
[bug introduced in sed 4.9]
Signed-off-by: Russell Senior <russell@personaltelco.net>
zstdgrep and zstdless are shell script wrappers that do not output a
version string, so the generic CI version check fails for them. Add a
test.sh case that verifies they are present and executable instead.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
dbus-utils utilities do not implement --version so the generic CI
version check fails for them. Add a test.sh case that verifies the
binaries are present and executable instead.
dbus-utils: dbus-monitor, dbus-send, dbus-test-tool
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Several bluez utilities do not implement --version so the generic CI
version check fails for them. Add test.sh cases that verify the
binaries are present and executable instead.
bluez-daemon: obexd
bluez-utils: bdaddr, ciptool, hciattach, hciconfig, l2ping, l2test, rctest
bluez-utils-extra: gatttool
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes in 3.10:
- general bug fixes from libsepol (bounds statements in optional
blocks, type attribute handling in role-types rule, NULL dereference
and use-after-free fixes)
- treewide: add .clang-format configuration file
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes in 3.10:
- python/sepolicy: add support for DNF5
- sandbox/seunshare: replace system() with execv() to prevent shell
injection vulnerability
- seunshare: always use translations when printing
- setfiles: add -A option to disable SELINUX_RESTORECON_ADD_ASSOC
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The generic CI test fails for /usr/bin/attr because that binary does
not implement --version. getfattr and setfattr do, so test those for
the version string and only verify attr is present and executable.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Jens Wagner