git.openwrt.org Git - feed/packages.git/log

ruby: update to 4.0.0

Ruby 4.0 introduces "Ruby Box" and "ZJIT", and adds many improvements.
- Introduce experimental ZJIT compiler
- Improve YJIT performance and memory usage
- Add experimental Ruby Boxes object layout optimization
- VM and GC performance improvements
- Ractor runtime and scheduling enhancements
- Update language syntax and semantics (*nil behavior, logical operator parsing)
- Add Array#rfind and optimized Array#find
- Improve Binding API and implicit parameter access
- Extend Enumerator.produce with size keyword
- Enhance ArgumentError diagnostics with caller/callee context
- Add Fiber#raise(cause:)
- IO.select accepts Float::INFINITY timeout
- Improve Kernel#inspect extensibility
- Add Math.log1p and Math.expm1
- Promote Pathname and Set to core classes
- Extend Ractor API (join, value, lifecycle helpers)
- Fix endless and infinite Range behavior
- Define new top-level Ruby module
- Update Unicode to 17.0 and extend String strip methods
- Update bundled gems (RubyGems, Bundler, IRB, etc.)

Packaging changes:
- Include license files for all packages
- As ruby set moved into core, ruby-set is gone.
  ruby-setsubclasscompact was added to include the set subclass
  compatible layer
- Added conditional libatomic dependency for libruby
- YJIT and ZJIT are not built when cross-compiling (almost always for
  openwrt, even when archs matches). However, the Makefile is ready for
  both when upstream adds that feature. Config entries are marked as
  BROKEN for now.

Changelog: https://github.com/ruby/ruby/compare/v3_4_0...v4.0.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

boost: updates package to version 1.90.0

This commit updates boost to version 1.90.0

New libraries in this release:
* OpenMethod [2]: Open-(multi-)methods in C++17 and above, from
Jean-Louis Leroy.

More info about Boost 1.90.0 can be found at the usual place [1].

[1]: https://www.boost.org/users/history/version_1_90_0.html
[2]: https://www.boost.org/libs/openmethod

Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>

tcpreplay: add libbpf dependency

Since compiling tcpbridge requires linking libbpf.so.1, compiling tcpbridge first may result in compilation failure, like:
Package tcpbridge is missing dependencies for the following libraries: libbpf.so.1

The simplest way to solve it is to add libbpf dependency in Makefile

Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>

luajit2: add riscv64 support

This adds support RISC-V64 to luajit2 by backporting
https://redirect.github.com/openresty/luajit2/pull/236

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

openlist: Update to 4.1.8

Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.8

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

monit: update to 5.35.2

Changelog: https://mmonit.com/monit/changes/

Signed-off-by: Yaroslav Petrov <info@lank.me>

sing-box: update to 1.12.14

changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.14

Signed-off-by: xiao bo <peterwillcn@gmail.com>

python-aio-mqtt-mod: update to 0.4.0

Add support of building against python 3.12+
Replace imp module with importlib

Full changelog:
https://github.com/devbis/aio-mqtt/compare/0.3.4...0.4.0

Signed-off-by: Ivan Belokobylskiy <belokobylskij@gmail.com>

tree: add LICENSE and LICENSE files

Add license information and the upstream project URL.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

dnslookup: Update to 1.11.2

Release note: https://github.com/ameshkov/dnslookup/releases/tag/v1.11.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

libmodbus: update to 3.1.11

fixes float endianness issues in 3.1.8.

I use a small, custom application to convert data from my
electricity meter into Modbus format for my inverter and wallbox.
I developed this program against an earlier version of libmodbus
on x86, and it ran flawlessly on my ath79 router (big endian).
After migrating to a Mediatek router (little endian), the program
only outputted huge, meaningless values. However, it ran perfectly
fine on my x86 system (little endian), which is running Fedora
with libmodbus v3.1.11.

I then found several bug reports and the changelogs for libmodbus 3.1.11
that described and resolved my problem. So update openwrt to 3.1.11.

Signed-off-by: Stefan Hellermann <stefan@the2masters.de>

softethervpn5: rearrange patches

Provide space for upstream/pending patches.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>

coreutils: update to 9.9

Release notes:
https://lists.gnu.org/archive/html/coreutils-announce/2025-09/msg00000.html
https://lists.gnu.org/archive/html/coreutils-announce/2025-11/msg00000.html

- Drop chcon and runcon as they require SELinux support and cannot be built from
  coreutils 9.9 when configured with --without-selinux.
- Add libgmp dependency for coreutils-basenc to fix missing libgmp.so.10.
- Switch to -std=gnu17 to avoid build failure.
  ```
  lib/openat-die.c: In function 'openat_save_fail':
  lib/openat-die.c:37:3: error: format not a string literal and no format arguments [-Werror=format-security]
     37 |   error (exit_failure, errnum,
        |   ^~~~~
  lib/openat-die.c: In function 'openat_restore_fail':
  lib/openat-die.c:56:3: error: format not a string literal and no format arguments [-Werror=format-security]
     56 |   error (exit_failure, errnum,
        |   ^~~~~
  ```
- Refresh patch.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

coreutils: clean up Makefile

- Update copyright year.
- Sort DEPENDS lexicographically.
- Switch URL to HTTPS.
- Drop invalid configure option --enable-install-program=su.
  ```
  configure: WARNING: 'su' is not an optionally-installable program
  ```
- Drop unrecognized configure option --with-gmp.
  ```
  configure: WARNING: unrecognized options: --with-gmp
  ```

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

krant: drop maintainership

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>

freeradius3: bump to 3.2.8

Closes #28161

Resolves runtime openssl error

Patches refreshed

Signed-off-by: Paul Donald <newtwen+github@gmail.com>

ci: switch formal to an external action

Switch formal to use HyperStickler directly to test it in packages,
before introducing it into the main actions repo.

Link: https://github.com/marketplace/actions/hyperstickler
Signed-off-by: George Sapkin <george@sapk.in>

luci-app-watchcat: revert unnecessary quoting in init script

The quoting added in r18 for pinghosts is not needed. Multi-host support
remains fully functional, but the extra quotes caused inconsistent argument
handling between /etc/init.d/watchcat and /usr/bin/watchcat.sh,
especially for single-IP configurations.

This revert removes the unnecessary quoting in the init script and LUCI,
restoring consistent behavior while keeping multiple ping hosts supported.

Fixes: #28100 (watchcat: error if only one address is specified in pinghosts)
Signed-off-by: Ivan Diaz <diaz.it@icloud.com>

curl: enable wrongly disabled HTTP_AUTH

commit ea66e463cffc0811757eedee80889323ff66191c added a new config
option LIBCURL_HTTP_AUTH to enable or disable HTTP_AUTH support in
cURL. It defaulted the option to n (disabled).

However, prior to this change HTTP_AUTH was enabled for cURL, as the
configure script defaults to HTTP_AUTH enabled when it is not
explicitly disabled.

This impacts any consumer of cURL that uses HTTP_AUTH, including
authentication by username and password in the URL. (Confirmed via
run testing).

So we set the default for the option to y (enabled).

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

zabbix: tweak frontend dependencies

For zabbix-server-frontend, the absence of php8-mod-filter results in
many of the frontend's pages failing to render.  Therefore add this
module as a frontend dependency.

Without php8-mod-openssl the frontend fails with:

[13-Dec-2025 18:47:25 UTC] PHP Fatal error:  Uncaught Error: Call to
undefined function openssl_random_pseudo_bytes() in
/www/zabbix/include/classes/helpers/CEncryptHelper.php:89
Stack trace:
CEncryptHelper::generateKey()
  thrown in /www/zabbix/include/classes/helpers/CEncryptHelper.php on
  line 89

Therefore add php8-mod-openssl as a frontend dependency.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

ddns-scripts: add beget.com api support

The Beget API provider was implemented according to https://beget.com/en/kb/api/dns-administration-functions

Signed-off-by: Vladimir Tkachev <awesome149712@gmail.com>

vim: fix depends configuration

Due to the incorrect DEPENDS configuration, the vim-full and vim-fuller
packages won't show up in menuconfig if the vim-runtime package is not
selected. This happens because these packages depend on vim-runtime.

To fix this, add the '+' symbol to the DEPENDS line. This ensures that
when either vim-full or vim-fuller is selected, the vim-runtime package
(which is a dependency) will also be selected automatically.

Fixes: d1351b3 ("vim: fix config and runtime")
Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>

etebase: switch to nginx

All nginx variants provide ssl so switch from nginx-ssl to nginx.

Signed-off-by: George Sapkin <george@sapk.in>

nginx: fix provides

nginx modules must not provide nginx which causes them to not be able
to be installed alongside nginx due to the new apk provide fixes.

Remove PROVIDES from modules.

Remove nginx-ssl from PROVIDES as there is no non-ssl variant, i.e. all
version provide ssl.

Set nginx-ssl as the default variant.

Remove non-existent config value.

Signed-off-by: George Sapkin <george@sapk.in>

miniupnpd: update to 2.3.9 to fix issues, refresh building

- Update daemon to 2.3.9 to fix removal of nftables rules in
  `upnp_forward` and return the correct internal port; also resulted in
  the excessive opening of new ports. Accept interface names starting
  with digits
- Build from GitHub releases to get a reliable HTTPS server, as the
  HTTP-only/HTTPS mirror were only available ~85%/77% over 3 months
  https://redirect.github.com/miniupnp/miniupnp/issues/770
  https://stats.uptimerobot.com/DwGDxUB914
- Build daemon with `--disable-pppconn` to remove the old/IGDv1-only
  extra WANPPPConnection SSDP announcements workaround not included in
  other implementations since >15y
- Build daemon with `--vendorcfg` to allow customisation of the
  router/friendly name (+5 potential options) displayed in Windows
  Explorer, 384 bytes extra required on ARMv7 (binary)
- Remove old (iptables variant only) patches, as no longer needed
- Remove `clean_ruleset_interval/threshold` UCI config options as not
  standard/working since OpenWrt 22.03, as nftables not supported

Fixes: https://github.com/openwrt/openwrt/issues/18011
Fixes: https://github.com/openwrt/luci/issues/7759
Fixes: https://github.com/openwrt/packages/issues/26352
Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
[update fixes tag]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

sing-box: update to 1.12.13

changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.13

Signed-off-by: xiao bo <peterwillcn@gmail.com>

v4l2loopback: bump to 0.15.3

This is needed in order to build against the 6.18 kernel

Signed-off-by: John Audia <therealgraysky@proton.me>

openvpn: add missing options

Add missing options taken from the OpenVPN 2.6 manual.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

openvpn: remove vanished options

These options are no longer available in openvpn 2.6.x.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

unixodbc: re-enable autoreconf to fix host path leak

Without it the build fails for me with:
/usr/lib/libltdl.so: file not recognized: file format not recognized

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>

mstflint: update to 4.34.1-2

This commit updates the mstflint package
to the latest 4.34.1-2 release.

Release notes:
https://github.com/Mellanox/mstflint/releases/tag/v4.34.1-2

Signed-off-by: Til Kaiser <mail@tk154.de>

php8: update to 8.4.16

This fixes:
    - CVE-2025-14177
    - CVE-2025-14178
    - CVE-2025-14180

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.4.16

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

tar: fix circular dependency on xz

tar depended both on xz and xz-utils which xz already depended on.
Coupled with if PACKAGE_tar check it caused all packages that depended
on tar to have a circular Kconfig dependency. Remove the check and
dependency on xz-utils and leave xz one only.

Move libzstd dependency into DEPENDS.

Fixes: ad82c17 ("tar: fix EXTRA_DEPENDS")
Fixes: https://github.com/openwrt/packages/issues/28141
Signed-off-by: George Sapkin <george@sapk.in>

chicken-scheme: bump to 5.4.0

A patch is included in order to get the compiler (csc) to work properly
on the target device (comment in the OpenWRT package Makefile). csc,
chicken-install, chicken-status have been verified to work. What the
patch does is to remove -fmacro-prefix-map and -ldl in the strings that
are passed to gcc when the Scheme compiler runs. Without that, the
compiler will not run on the router. A longer description is in the
patch header.

Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>

chicken-scheme: split library and refactor

Split library into a separate package and refactor Makefile.

Strip all executable binaries without stripping the library that's
used by the compiler.

Add SPDX license identifier.

Signed-off-by: George Sapkin <george@sapk.in>

chicken-scheme: add CI test script

Check csi version and check if csc can compile a simple s-expression.

Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>

poemgr: Install default PSX10 + PSX28 configuration

The Plasma Cloud PSX10 and Plasma Cloud PSX28 are officially supported by
upstream main. Install their default configuration files to be able to use
poemgr on these devices out of the box.

Signed-off-by: Sven Eckelmann <se@simonwunderlich.de>

chicken-scheme: fix EXTRA_DEPENDS

EXTRA_DEPENDS should be used for version constraints. Change to DEPENDS.

Fixes: 6a559a9 ("chicken-scheme: version 5.2.0; include compiler")
Signed-off-by: George Sapkin <george@sapk.in>

tar: fix EXTRA_DEPENDS

EXTRA_DEPENDS should be used for version constraints. Change to DEPENDS.

Fixes: 488be84 ("utils/tar: Make compression, acl, and xattr support configuration options")
Fixes: 7a49296 ("utils/tar: Fix defaulting to selecting dependencies")
Signed-off-by: George Sapkin <george@sapk.in>

rlwrap: add package

rlwrap is a 'readline wrapper', a small utility that uses the GNU
Readline library to allow the editing of keyboard input for any
command.
The input history is preserved even across different invocations,
history search and completion are supported

Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>

2to3: remove package

This package is only used by `fail2ban`. After updating `fail2ban` to
`1.1.0` (2a202b2091336cd04d58d797021e278ba9d3f5ae), the `2to3` package
is no longer needed. If required, anyone can reintroduce the package.

Signed-off-by: Wesley Gimenes <wehagy@proton.me>

php8: fix dependency of php8-mod-xmlreader to php8-mod-dom

When PHP8_DOM is enabled then xmlreader automatically gains a
dependency to php8-mod-dom, not only when the dom module
is actually built.

So fix it by declaring this dependency.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

netbird: update to 0.60.8 (breaking change)

Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.60.8

This is the first `netbird` release that introduces a breaking change[1].
Therefore, versions after the `0.60.x` will not be backported to
OpenWrt 24.10. They will be backported to OpenWrt 25.12, because that
release has not been officially launched yet.

By default netbird now creates/updates[2]
`/etc/ssh/ssh_config.d/99-netbird.conf` for use with `openssh-client`.
OpenWrt uses `dropbear`, and this behavior may cause storage wear.
This behavior has been disabled with `NB_DISABLE_SSH_CONFIG="1"`[3] in the
init file.

[1]: https://forum.netbird.io/t/netbird-v0-60-0-released/334#p-610-upgrade-compatibility-notes-4
[2]: https://docs.netbird.io/manage/peers/ssh#native-ssh-clients-open-ssh
[3]: https://github.com/netbirdio/netbird/blob/v0.60.8/client/ssh/config/manager.go#L167-L172

Signed-off-by: Wesley Gimenes <wehagy@proton.me>

netbird: update to 0.59.13

Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.59.13

Signed-off-by: Wesley Gimenes <wehagy@proton.me>

gstreamer1: fix compilation on armeb

The build fails on xscale because the dependency to libatomic.so.1 is
missing.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

jool: fix build for 6.18

Add backport to fix build against 6.18 kernel.

Signed-off-by: John Audia <therealgraysky@proton.me>

go2rtc: update to 1.9.13

- Update version
- No patch refresh needed

Changelog: https://github.com/AlexxIT/go2rtc/releases/tag/v1.9.13
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>

grep: update to 3.12

Changelog: https://lists.gnu.org/archive/html/info-gnu/2025-04/msg00008.html

Also skip building doc, tests, and gnulib-tests.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

uw-imap: drop package

Project URL doesn't load and the source hasn't received any updates in 7
years.

Fixes: https://github.com/openwrt/packages/issues/17097
Fixes: https://github.com/openwrt/packages/issues/28101
Signed-off-by: George Sapkin <george@sapk.in>

zabbix: transfer maintenance to myself

With previous maintainer's blessing:
https://github.com/openwrt/packages/pull/28041#issuecomment-3650645784

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

zabbix: update to 7.0.21 (lts)

Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.

Security fixes compared to 7.0.12 (most are frontend only):

* CVE-2025-27238: API hostprototype.get lists data to users with
  insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
  method user.get with param search:
  https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
  Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
  problem.view.refresh action:
  https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
  resource consumption: https://support.zabbix.com/browse/ZBX-27284

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

tailscale: update to 1.92.3

Changelog: https://tailscale.com/changelog#2025-12-16
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>

vim: add SPDX license identifier

Replace license header with SPDX license identifier.

Update copyright.

Signed-off-by: George Sapkin <george@sapk.in>

vim: fix config and runtime

- Install shared runtime for both full and fuller.
- Switch big to huge as big is just an alias to normal.
- Fix default config path for tiny variant.
- Use upstream default config for both full and fuller.
- Don't mark default config files for backup.
- Don't mix variant files.
- Mark fuller variant config files for backup.
- Update configure arguments and remove deprecated ones.
- Remove deprecated configuration variables.
- Improve descriptions.
- Fix the following error by installing the missing runtime files for
  full and correctly installing the default config for tiny:

  E1187: Failed to source defaults.vim

- Fix the following fuller error by installing the missing directory in
  runtime:

  Error detected while processing /usr/share/vim/vim91/plugin/netrwPlugin.vim:
  line    7:
  E919: Directory not found in 'packpath': "pack/*/opt/netrw"

Fixes: https://github.com/openwrt/packages/issues/20203
Fixes: https://github.com/openwrt/packages/issues/28104
Signed-off-by: George Sapkin <george@sapk.in>

docker-compose: update to version 5.0.0

Release notes:
https://github.com/docker/compose/releases/tag/v5.0.0

Signed-off-by: Javier Marcet <javier@marcet.info>

netwhere: remove package

It seems this software is no longer maintained.
The last upstream commit is 8 years ago.

Signed-off-by: Yanase Yuki <dev@zpc.st>

shairport-sync: enable Airplay 2 for -openssl only

https://github.com/mikebrady/shairport-sync/blob/master/
CONFIGURATION%20FLAGS.md#cryptography states that only the OpenSSL
cryptography backend is suitable for Airplay 2.

Further investigation revealed that the pair_ap module within
shairport-sync, which is needed for Airplay 2, does not have an Mbed TLS
backend.

Accordingly, this commit enables Airplay 2 only for the OpenSSL build.

This has the nice side effect that for Airplay 1 the -mini or -mbedtls
versions can be used without pulling in 6 MB of ffmepg libs.

Signed-off-by: Christian Beier <info@christianbeier.net>

ruby: update to 3.4.8

This release is a routine update that includes bug fixes.

Changelog: https://github.com/ruby/ruby/releases/tag/v3_4_8
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

irqbalance: Revert "irqbalance: update to 1.9.5"

This reverts commit 65d83de7f8b6969f1aa04895ddf20cc7ba690248.
Seems to cause trouble at least in ipq806x/R7800, so let's revert
for cautionary reasons.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

ddns-scripts: remove minimum 5 minute wait

To check if the update was successful.

Not all DDNS implementations have such huge latencies updating their services.

nsupdate for example, updates immediately and the update is immediately checkable.

Add new check_interval_min value to be able to set a check interval lower than the
previously hard-coded 5 minutes.

Fixes: #20564
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>

tailscale: update to 1.92.2

Changelog: https://tailscale.com/changelog#2025-12-10

Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>

ruby: update to 3.4.7

This release includes some general fixes and a uri gem security fix:

- CVE-2025-61594: URI Credential Leakage Bypass previous fixes

Changelog: https://github.com/ruby/ruby/releases/tag/v3_4_7
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

eza: update to 0.23.4

Changelogs:
0.23.1: https://github.com/eza-community/eza/releases/tag/v0.23.1
0.23.2: https://github.com/eza-community/eza/releases/tag/v0.23.2
0.23.3: https://github.com/eza-community/eza/releases/tag/v0.23.3
0.23.4: https://github.com/eza-community/eza/releases/tag/v0.23.4

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

croc: update to 10.3.1

Changelogs:
10.2.3: https://github.com/schollz/croc/releases/tag/v10.2.3
10.2.4: https://github.com/schollz/croc/releases/tag/v10.2.4
10.2.5: https://github.com/schollz/croc/releases/tag/v10.2.5
10.2.6: https://github.com/schollz/croc/releases/tag/v10.2.6
10.2.7: https://github.com/schollz/croc/releases/tag/v10.2.7
10.3.0: https://github.com/schollz/croc/releases/tag/v10.3.0
10.3.1: https://github.com/schollz/croc/releases/tag/v10.3.1

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

adblock: update 4.4.5-2

* fixed f_uci function
* fixed f_switch function, reported in the turris forum

Signed-off-by: Dirk Brenken <dev@brenken.org>

mstflint: update to 4.34.1-1

This commit updates the mstflint package
to the latest 4.34.1-1 release.

Signed-off-by: Til Kaiser <mail@tk154.de>

strongswan: update to 6.0.4

No significant functional changes.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

oor: remove package

It seems this software is no longer maintained.
- The latest upstream commit is 5 years ago.
- Official domain name has been suspended.

No packages depend on this.

Signed-off-by: Yanase Yuki <dev@zpc.st>

python3-speedtest-cli: remove package

It seems this software is no longer maintained.
The last upstream commit is 4 years ago, and
this software only supports obsolete setup.py.

Users should use supported similar softwares, such
as speedtest-go in packages repo.

Signed-off-by: Yanase Yuki <dev@zpc.st>

c-ares: bump to 1.34.6

This is a security release.

Security:
* CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-6hxc-62jh-p29v
* CVE-2025-62408. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-jq53-42q6-pqr5

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

tang: make sure output and errors are logged to system log

Currently, there is no logging at all, causing difficulties with
troubleshooting. Edit originally proposed by @q-b #26076
(comment) and implemented by @rugk #27401

Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>

php8: bump PKG_RELEASE

Bump PKG_RELEASE for previous two commits

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

php8: xml modules affect others

As with gettext modules described in #28078 and #28075, xml and dom
related module selection affects the dependencies of other packages.

Therefore, we invert the dependency logic:

PHP8_LIBXML and PHP8_DOM are are enabled by default and packages
which depend on libxml2 and --enable-dom=shared are not shown (and
the related configure args are disabled) if the config options are
not enabled.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

php8: module selection affects other sub-packages

Fixes: php8: global package dependency changes based on module
selection

Fixes: #28078
As described in #28078 and #28075,

Some binaries gain a dependency on libstdcpp when mod-gettext is included
in the build, however this was not explicitly declared, so packaging
fails with (e.g.):

Package php8-cgi is missing dependencies for the following libraries:
libstdc++.so.6

In contrast to #28075, this commit takes the approach:

* Make use of --with-gettext depend on a configure flag (enabled by
default, since that matches current full build behaviour)
* Make sub-packages which require --with-gettext depend on the
configure flag

This means that e.g. php-cgi would not have gettext support if the
configure flag was disabled, and e.g. php-mod-gettext and php-mod-intl
would not be selectable.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

zerotier: apply upstream license change to `MPL-2.0`

Upstream changed license to `MPL-2.0` for all except `nonfree/`. Building with `ZT_NONFREE=1` excludes these non-free code, make the result effectively under `MPL-2.0`. Read more at https://github.com/zerotier/ZeroTierOne/blob/1.16.0/RELEASE-NOTES.md#2025-08-21----version-1160

Signed-off-by: Mai Thanh Minh <thanhminh.mr@gmail.com>

net-snmp: fix literal string test in snmpd_sink_add

The function snmpd_sink_add() has a guard clause that tests the literal
string "section", not the variable value "$section".

The test `[ -n "section" ]` always evaluates to true because the string
literal "section" is non-empty, making the check useless.

This function is only called internally with hardcoded arguments, so the
bug has no actual impact currently. For the same reason, this change
should not break existing configurations. However, I think it should be
fixed so future callers do not have a false sense of security.

Signed-off-by: Eric McDonald <librick-openwrt@proton.me>

irqbalance: update to 1.9.5

Update irqbalance to version 1.9.5

* drop the original local meson patch, as meson is now properly adopted
  by upstream. But patch meson.build to keep glib2 library statically
  linked in order to avoid a dependency and indirect size increase.

* disable unnecessary functions via meson features settings
  (capng, numa, systemd, thermal, ui)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

qemu: update to 10.1.3

- Update version
- No patch refresh needed

Changelog: https://www.mail-archive.com/qemu-devel@nongnu.org/msg1156310.html

Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>

yq: Update to 4.50.1

Release note: https://github.com/mikefarah/yq/releases/tag/v4.50.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

xray-core: Update to 25.12.8

Release note: https://github.com/XTLS/Xray-core/releases/tag/v25.12.8

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

dnsproxy: Update to 0.78.2

Release note: https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.78.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

rclone: Update to 1.72.1

Release note: https://github.com/rclone/rclone/releases/tag/v1.72.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

ci: add more labels

Add 'Add package' label when a new Makefile is added or 'Drop package'
when a Makefile is deleted.

Label PRs to OpenWrt 25.12 branch.

Label CI-related PRs.

Signed-off-by: George Sapkin <george@sapk.in>

postgresql: fix missing symbols at runtime

Fixes pgsql-server: the setup fails for any folder
Fixes #27228

Sets postgresql-specific configure flags that configure cannot run-test
to determine their value. This fixes improperly linked files that
prevent database initialization (at least) from working on the device.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

adblock: release 4.4.5-1

* hardened the uci config parsing
* added a fast, flexible & secure domain validator function, it eliminates > 99 % of garbage inputs
  - Please note: the "rule" in the feed file now only includes parameters for the domain validator,
    see readme for details. Please nuke a custom feed file from former versions - they are no longer
    compatible
* readme update
* LuCI: fixed a minor issue in the logread template
* LuCI: adapted the rule select options in the custom feed editor to use the new domain validator

Signed-off-by: Dirk Brenken <dev@brenken.org>

lf: update to r40

https://github.com/gokcehan/lf/releases/tag/r40

Signed-off-by: Nate Robinson <nrobinson2000@me.com>

mox-pkcs11: add new package

Library for using built-in ECDSA key in devices based on Turris MOX for
PKCS11 authentication

Signed-off-by: Tomáš Macholda <tomas.macholda@nic.cz>

isc-dhcp: fix startup issues with RFC-1918 PTR RRs

If isc-dhcp gets restarted, it might have to deal with RFC-1918 zones
being previously populated by an earlier instance. In that case, we
need to know if we're modified versus initially adding the zones.

The special handling of RFC-1918 zones in Bind is quirky, and there
should be a patch soon to make it more friendly, but in the meantime
you might have to use:

disable-empty-zone 168.192.in-addr.arpa;

Or similar depending on which address block you poach.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

zoneinfo: updated to 2025c release

Updated package version and file hashes.

Signed-off-by: Vladimir Ulrich <admin@evl.su>

pbr: update to 1.2.1-r41

Remove many obsolete files.

Makefile:
* remove netifd-flavour related code
* remove trailing white spaces

Init-script:
* proper deletion of default network rules for IPv{4,6}
* fix netifd function error when IPv6 is enabled
* remove trailing white spaces

Signed-off-by: Stan Grishin <stangri@melmac.ca>

bind: manual fix for IPv6 server unreachable noise

Until we have a failsafe way of detecting no IPv6 internet
connectivity automatically, allow the users to set it
manually for now.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

watchcat: passing the interface in the ping_reboot

Although the watchcat_ping function also checked the iface variable, that
variable was never populated. As a result we could not check if there was
connectivity via a specific interface.

Signed-off-by: Vasileios Anagnostopoulos <anagnwstopoulos@hotmail.com>

cgi-io: update to Git 658b14bda (2025-12-11)

658b14b main: Add `stderr` option for cgi-exec to redirect stderr to stdout

Signed-off-by: Paul Donald <newtwen+github@gmail.com>

xl2tp: add PPP unnumbered support to proto handler

Adds the PPP unnumbered support from openwrt commit 48a95ef ("ppp :
Unnumbered support") to the xl2tp proto handler.

https://github.com/openwrt/openwrt/commit/48a95eff38ceaa13d497617ebd5e2201dd16ee77

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

python-urllib3: update to 2.6.1

Fix CVE-2025-66418 and CVE-2025-66471.

Full release notes:
https://github.com/urllib3/urllib3/releases/tag/2.6.0
https://github.com/urllib3/urllib3/releases/tag/2.6.1

Drop 001-setuptools-scm-upper-limit.patch as upstream now supports
setuptools-scm v9.x.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

domoticz: improve config, don't require telldus

Add support for configuring the -vhostname, as it helps to get the right
issuer into OAuth2 tokens. Also disable the mdns responder by default;
when we're running on OpenWrt we have better options that that. Clean
up the logging options, and also make it export $TZ to work around our
musl hack which otherwise opens and reads /etc/TZ thousands of times
a minute.

Also drop the telldus dependency. Domoticz will dlopen that at runtime
without having to have it present at build time at all, so it should
still work for users who install it.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

openzwave: update to 1.6.1965, disable downloads

The project is abandoned but until we get the ZWave-JS-UI node.js
montrosity running in OpenWrt, we need to keep using it. Update to
the last available version.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

owut: update to 2025.12.01

Bug fixes:
efahl/owut@4482dd097f48 owut: handle changes in a package's version number format

Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>

travelmate: release 2.3.0-1

* split travelmate.s in a new central travelmate function library (usr/lib/travelmate-functions.sh) plus
a smal service script (/usr/bin/travelmate-service.sh)
* the vpn-, mail- and login scripts are now using the central function library
* rework the ntp hotplug script
* harden the config parsing
* support the curl interface option to specify which network pathway is used for outgoing requests
* the travelmate status now includes the backend- and frontend version information
* LuCI: use a special travelmate interface, e.g. trm_wwan or use an existing wwan interface
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>

adguardhome: bump to 0.107.71

Changelog: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.71
Signed-off-by: George Sapkin <george@sapk.in>