git.openwrt.org Git - feed/packages.git/log

nginx: fix provides

nginx modules must not provide nginx which causes them to not be able
to be installed alongside nginx due to the new apk provide fixes.

Remove PROVIDES from modules.

Remove nginx-ssl from PROVIDES as there is no non-ssl variant, i.e. all
version provide ssl.

Set nginx-ssl as the default variant.

Remove non-existent config value.

Signed-off-by: George Sapkin <george@sapk.in>

miniupnpd: update to 2.3.9 to fix issues, refresh building

- Update daemon to 2.3.9 to fix removal of nftables rules in
  `upnp_forward` and return the correct internal port; also resulted in
  the excessive opening of new ports. Accept interface names starting
  with digits
- Build from GitHub releases to get a reliable HTTPS server, as the
  HTTP-only/HTTPS mirror were only available ~85%/77% over 3 months
  https://redirect.github.com/miniupnp/miniupnp/issues/770
  https://stats.uptimerobot.com/DwGDxUB914
- Build daemon with `--disable-pppconn` to remove the old/IGDv1-only
  extra WANPPPConnection SSDP announcements workaround not included in
  other implementations since >15y
- Build daemon with `--vendorcfg` to allow customisation of the
  router/friendly name (+5 potential options) displayed in Windows
  Explorer, 384 bytes extra required on ARMv7 (binary)
- Remove old (iptables variant only) patches, as no longer needed
- Remove `clean_ruleset_interval/threshold` UCI config options as not
  standard/working since OpenWrt 22.03, as nftables not supported

Fixes: https://github.com/openwrt/openwrt/issues/18011
Fixes: https://github.com/openwrt/luci/issues/7759
Fixes: https://github.com/openwrt/packages/issues/26352
Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
[update fixes tag]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

sing-box: update to 1.12.13

changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.13

Signed-off-by: xiao bo <peterwillcn@gmail.com>

v4l2loopback: bump to 0.15.3

This is needed in order to build against the 6.18 kernel

Signed-off-by: John Audia <therealgraysky@proton.me>

openvpn: add missing options

Add missing options taken from the OpenVPN 2.6 manual.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

openvpn: remove vanished options

These options are no longer available in openvpn 2.6.x.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

unixodbc: re-enable autoreconf to fix host path leak

Without it the build fails for me with:
/usr/lib/libltdl.so: file not recognized: file format not recognized

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>

mstflint: update to 4.34.1-2

This commit updates the mstflint package
to the latest 4.34.1-2 release.

Release notes:
https://github.com/Mellanox/mstflint/releases/tag/v4.34.1-2

Signed-off-by: Til Kaiser <mail@tk154.de>

php8: update to 8.4.16

This fixes:
    - CVE-2025-14177
    - CVE-2025-14178
    - CVE-2025-14180

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.4.16

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

tar: fix circular dependency on xz

tar depended both on xz and xz-utils which xz already depended on.
Coupled with if PACKAGE_tar check it caused all packages that depended
on tar to have a circular Kconfig dependency. Remove the check and
dependency on xz-utils and leave xz one only.

Move libzstd dependency into DEPENDS.

Fixes: ad82c17 ("tar: fix EXTRA_DEPENDS")
Fixes: https://github.com/openwrt/packages/issues/28141
Signed-off-by: George Sapkin <george@sapk.in>

chicken-scheme: bump to 5.4.0

A patch is included in order to get the compiler (csc) to work properly
on the target device (comment in the OpenWRT package Makefile). csc,
chicken-install, chicken-status have been verified to work. What the
patch does is to remove -fmacro-prefix-map and -ldl in the strings that
are passed to gcc when the Scheme compiler runs. Without that, the
compiler will not run on the router. A longer description is in the
patch header.

Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>

chicken-scheme: split library and refactor

Split library into a separate package and refactor Makefile.

Strip all executable binaries without stripping the library that's
used by the compiler.

Add SPDX license identifier.

Signed-off-by: George Sapkin <george@sapk.in>

chicken-scheme: add CI test script

Check csi version and check if csc can compile a simple s-expression.

Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>

poemgr: Install default PSX10 + PSX28 configuration

The Plasma Cloud PSX10 and Plasma Cloud PSX28 are officially supported by
upstream main. Install their default configuration files to be able to use
poemgr on these devices out of the box.

Signed-off-by: Sven Eckelmann <se@simonwunderlich.de>

chicken-scheme: fix EXTRA_DEPENDS

EXTRA_DEPENDS should be used for version constraints. Change to DEPENDS.

Fixes: 6a559a9 ("chicken-scheme: version 5.2.0; include compiler")
Signed-off-by: George Sapkin <george@sapk.in>

tar: fix EXTRA_DEPENDS

EXTRA_DEPENDS should be used for version constraints. Change to DEPENDS.

Fixes: 488be84 ("utils/tar: Make compression, acl, and xattr support configuration options")
Fixes: 7a49296 ("utils/tar: Fix defaulting to selecting dependencies")
Signed-off-by: George Sapkin <george@sapk.in>

rlwrap: add package

rlwrap is a 'readline wrapper', a small utility that uses the GNU
Readline library to allow the editing of keyboard input for any
command.
The input history is preserved even across different invocations,
history search and completion are supported

Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>

2to3: remove package

This package is only used by `fail2ban`. After updating `fail2ban` to
`1.1.0` (2a202b2091336cd04d58d797021e278ba9d3f5ae), the `2to3` package
is no longer needed. If required, anyone can reintroduce the package.

Signed-off-by: Wesley Gimenes <wehagy@proton.me>

php8: fix dependency of php8-mod-xmlreader to php8-mod-dom

When PHP8_DOM is enabled then xmlreader automatically gains a
dependency to php8-mod-dom, not only when the dom module
is actually built.

So fix it by declaring this dependency.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

netbird: update to 0.60.8 (breaking change)

Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.60.8

This is the first `netbird` release that introduces a breaking change[1].
Therefore, versions after the `0.60.x` will not be backported to
OpenWrt 24.10. They will be backported to OpenWrt 25.12, because that
release has not been officially launched yet.

By default netbird now creates/updates[2]
`/etc/ssh/ssh_config.d/99-netbird.conf` for use with `openssh-client`.
OpenWrt uses `dropbear`, and this behavior may cause storage wear.
This behavior has been disabled with `NB_DISABLE_SSH_CONFIG="1"`[3] in the
init file.

[1]: https://forum.netbird.io/t/netbird-v0-60-0-released/334#p-610-upgrade-compatibility-notes-4
[2]: https://docs.netbird.io/manage/peers/ssh#native-ssh-clients-open-ssh
[3]: https://github.com/netbirdio/netbird/blob/v0.60.8/client/ssh/config/manager.go#L167-L172

Signed-off-by: Wesley Gimenes <wehagy@proton.me>

netbird: update to 0.59.13

Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.59.13

Signed-off-by: Wesley Gimenes <wehagy@proton.me>

gstreamer1: fix compilation on armeb

The build fails on xscale because the dependency to libatomic.so.1 is
missing.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

jool: fix build for 6.18

Add backport to fix build against 6.18 kernel.

Signed-off-by: John Audia <therealgraysky@proton.me>

go2rtc: update to 1.9.13

- Update version
- No patch refresh needed

Changelog: https://github.com/AlexxIT/go2rtc/releases/tag/v1.9.13
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>

grep: update to 3.12

Changelog: https://lists.gnu.org/archive/html/info-gnu/2025-04/msg00008.html

Also skip building doc, tests, and gnulib-tests.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

uw-imap: drop package

Project URL doesn't load and the source hasn't received any updates in 7
years.

Fixes: https://github.com/openwrt/packages/issues/17097
Fixes: https://github.com/openwrt/packages/issues/28101
Signed-off-by: George Sapkin <george@sapk.in>

zabbix: transfer maintenance to myself

With previous maintainer's blessing:
https://github.com/openwrt/packages/pull/28041#issuecomment-3650645784

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

zabbix: update to 7.0.21 (lts)

Updates Zabbix to 7.0.21-r1 (latest 7.0 LTS version)

Note that for the frontend, clearing browser cache, cookies and other
site data for the zabbix frontend server may be necessary.

Security fixes compared to 7.0.12 (most are frontend only):

* CVE-2025-27238: API hostprototype.get lists data to users with
  insufficient authorization https://support.zabbix.com/browse/ZBX-26988
* CVE-2025-27236: User information disclosure via api_jsonrpc.php on
  method user.get with param search:
  https://support.zabbix.com/browse/ZBX-27060
* CVE-2025-27231: LDAP 'Bind password' field value can be leaked by a
  Zabbix Super Admin: https://support.zabbix.com/browse/ZBX-27062
* CVE-2025-49641: Insufficient permission check for the
  problem.view.refresh action:
  https://support.zabbix.com/browse/ZBX-27063
* CVE-2025-49643: Frontend DoS vulnerability due to asymmetric
  resource consumption: https://support.zabbix.com/browse/ZBX-27284

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

tailscale: update to 1.92.3

Changelog: https://tailscale.com/changelog#2025-12-16
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>

vim: add SPDX license identifier

Replace license header with SPDX license identifier.

Update copyright.

Signed-off-by: George Sapkin <george@sapk.in>

vim: fix config and runtime

- Install shared runtime for both full and fuller.
- Switch big to huge as big is just an alias to normal.
- Fix default config path for tiny variant.
- Use upstream default config for both full and fuller.
- Don't mark default config files for backup.
- Don't mix variant files.
- Mark fuller variant config files for backup.
- Update configure arguments and remove deprecated ones.
- Remove deprecated configuration variables.
- Improve descriptions.
- Fix the following error by installing the missing runtime files for
  full and correctly installing the default config for tiny:

  E1187: Failed to source defaults.vim

- Fix the following fuller error by installing the missing directory in
  runtime:

  Error detected while processing /usr/share/vim/vim91/plugin/netrwPlugin.vim:
  line    7:
  E919: Directory not found in 'packpath': "pack/*/opt/netrw"

Fixes: https://github.com/openwrt/packages/issues/20203
Fixes: https://github.com/openwrt/packages/issues/28104
Signed-off-by: George Sapkin <george@sapk.in>

docker-compose: update to version 5.0.0

Release notes:
https://github.com/docker/compose/releases/tag/v5.0.0

Signed-off-by: Javier Marcet <javier@marcet.info>

netwhere: remove package

It seems this software is no longer maintained.
The last upstream commit is 8 years ago.

Signed-off-by: Yanase Yuki <dev@zpc.st>

shairport-sync: enable Airplay 2 for -openssl only

https://github.com/mikebrady/shairport-sync/blob/master/
CONFIGURATION%20FLAGS.md#cryptography states that only the OpenSSL
cryptography backend is suitable for Airplay 2.

Further investigation revealed that the pair_ap module within
shairport-sync, which is needed for Airplay 2, does not have an Mbed TLS
backend.

Accordingly, this commit enables Airplay 2 only for the OpenSSL build.

This has the nice side effect that for Airplay 1 the -mini or -mbedtls
versions can be used without pulling in 6 MB of ffmepg libs.

Signed-off-by: Christian Beier <info@christianbeier.net>

ruby: update to 3.4.8

This release is a routine update that includes bug fixes.

Changelog: https://github.com/ruby/ruby/releases/tag/v3_4_8
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

irqbalance: Revert "irqbalance: update to 1.9.5"

This reverts commit 65d83de7f8b6969f1aa04895ddf20cc7ba690248.
Seems to cause trouble at least in ipq806x/R7800, so let's revert
for cautionary reasons.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

ddns-scripts: remove minimum 5 minute wait

To check if the update was successful.

Not all DDNS implementations have such huge latencies updating their services.

nsupdate for example, updates immediately and the update is immediately checkable.

Add new check_interval_min value to be able to set a check interval lower than the
previously hard-coded 5 minutes.

Fixes: #20564
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>

tailscale: update to 1.92.2

Changelog: https://tailscale.com/changelog#2025-12-10

Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>

ruby: update to 3.4.7

This release includes some general fixes and a uri gem security fix:

- CVE-2025-61594: URI Credential Leakage Bypass previous fixes

Changelog: https://github.com/ruby/ruby/releases/tag/v3_4_7
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

eza: update to 0.23.4

Changelogs:
0.23.1: https://github.com/eza-community/eza/releases/tag/v0.23.1
0.23.2: https://github.com/eza-community/eza/releases/tag/v0.23.2
0.23.3: https://github.com/eza-community/eza/releases/tag/v0.23.3
0.23.4: https://github.com/eza-community/eza/releases/tag/v0.23.4

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

croc: update to 10.3.1

Changelogs:
10.2.3: https://github.com/schollz/croc/releases/tag/v10.2.3
10.2.4: https://github.com/schollz/croc/releases/tag/v10.2.4
10.2.5: https://github.com/schollz/croc/releases/tag/v10.2.5
10.2.6: https://github.com/schollz/croc/releases/tag/v10.2.6
10.2.7: https://github.com/schollz/croc/releases/tag/v10.2.7
10.3.0: https://github.com/schollz/croc/releases/tag/v10.3.0
10.3.1: https://github.com/schollz/croc/releases/tag/v10.3.1

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

adblock: update 4.4.5-2

* fixed f_uci function
* fixed f_switch function, reported in the turris forum

Signed-off-by: Dirk Brenken <dev@brenken.org>

mstflint: update to 4.34.1-1

This commit updates the mstflint package
to the latest 4.34.1-1 release.

Signed-off-by: Til Kaiser <mail@tk154.de>

strongswan: update to 6.0.4

No significant functional changes.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

oor: remove package

It seems this software is no longer maintained.
- The latest upstream commit is 5 years ago.
- Official domain name has been suspended.

No packages depend on this.

Signed-off-by: Yanase Yuki <dev@zpc.st>

python3-speedtest-cli: remove package

It seems this software is no longer maintained.
The last upstream commit is 4 years ago, and
this software only supports obsolete setup.py.

Users should use supported similar softwares, such
as speedtest-go in packages repo.

Signed-off-by: Yanase Yuki <dev@zpc.st>

c-ares: bump to 1.34.6

This is a security release.

Security:
* CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-6hxc-62jh-p29v
* CVE-2025-62408. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-jq53-42q6-pqr5

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

tang: make sure output and errors are logged to system log

Currently, there is no logging at all, causing difficulties with
troubleshooting. Edit originally proposed by @q-b #26076
(comment) and implemented by @rugk #27401

Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>

php8: bump PKG_RELEASE

Bump PKG_RELEASE for previous two commits

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

php8: xml modules affect others

As with gettext modules described in #28078 and #28075, xml and dom
related module selection affects the dependencies of other packages.

Therefore, we invert the dependency logic:

PHP8_LIBXML and PHP8_DOM are are enabled by default and packages
which depend on libxml2 and --enable-dom=shared are not shown (and
the related configure args are disabled) if the config options are
not enabled.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

php8: module selection affects other sub-packages

Fixes: php8: global package dependency changes based on module
selection

Fixes: #28078
As described in #28078 and #28075,

Some binaries gain a dependency on libstdcpp when mod-gettext is included
in the build, however this was not explicitly declared, so packaging
fails with (e.g.):

Package php8-cgi is missing dependencies for the following libraries:
libstdc++.so.6

In contrast to #28075, this commit takes the approach:

* Make use of --with-gettext depend on a configure flag (enabled by
default, since that matches current full build behaviour)
* Make sub-packages which require --with-gettext depend on the
configure flag

This means that e.g. php-cgi would not have gettext support if the
configure flag was disabled, and e.g. php-mod-gettext and php-mod-intl
would not be selectable.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

zerotier: apply upstream license change to `MPL-2.0`

Upstream changed license to `MPL-2.0` for all except `nonfree/`. Building with `ZT_NONFREE=1` excludes these non-free code, make the result effectively under `MPL-2.0`. Read more at https://github.com/zerotier/ZeroTierOne/blob/1.16.0/RELEASE-NOTES.md#2025-08-21----version-1160

Signed-off-by: Mai Thanh Minh <thanhminh.mr@gmail.com>

net-snmp: fix literal string test in snmpd_sink_add

The function snmpd_sink_add() has a guard clause that tests the literal
string "section", not the variable value "$section".

The test `[ -n "section" ]` always evaluates to true because the string
literal "section" is non-empty, making the check useless.

This function is only called internally with hardcoded arguments, so the
bug has no actual impact currently. For the same reason, this change
should not break existing configurations. However, I think it should be
fixed so future callers do not have a false sense of security.

Signed-off-by: Eric McDonald <librick-openwrt@proton.me>

irqbalance: update to 1.9.5

Update irqbalance to version 1.9.5

* drop the original local meson patch, as meson is now properly adopted
  by upstream. But patch meson.build to keep glib2 library statically
  linked in order to avoid a dependency and indirect size increase.

* disable unnecessary functions via meson features settings
  (capng, numa, systemd, thermal, ui)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

qemu: update to 10.1.3

- Update version
- No patch refresh needed

Changelog: https://www.mail-archive.com/qemu-devel@nongnu.org/msg1156310.html

Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>

yq: Update to 4.50.1

Release note: https://github.com/mikefarah/yq/releases/tag/v4.50.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

xray-core: Update to 25.12.8

Release note: https://github.com/XTLS/Xray-core/releases/tag/v25.12.8

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

dnsproxy: Update to 0.78.2

Release note: https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.78.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

rclone: Update to 1.72.1

Release note: https://github.com/rclone/rclone/releases/tag/v1.72.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

ci: add more labels

Add 'Add package' label when a new Makefile is added or 'Drop package'
when a Makefile is deleted.

Label PRs to OpenWrt 25.12 branch.

Label CI-related PRs.

Signed-off-by: George Sapkin <george@sapk.in>

postgresql: fix missing symbols at runtime

Fixes pgsql-server: the setup fails for any folder
Fixes #27228

Sets postgresql-specific configure flags that configure cannot run-test
to determine their value. This fixes improperly linked files that
prevent database initialization (at least) from working on the device.

Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>

adblock: release 4.4.5-1

* hardened the uci config parsing
* added a fast, flexible & secure domain validator function, it eliminates > 99 % of garbage inputs
  - Please note: the "rule" in the feed file now only includes parameters for the domain validator,
    see readme for details. Please nuke a custom feed file from former versions - they are no longer
    compatible
* readme update
* LuCI: fixed a minor issue in the logread template
* LuCI: adapted the rule select options in the custom feed editor to use the new domain validator

Signed-off-by: Dirk Brenken <dev@brenken.org>

lf: update to r40

https://github.com/gokcehan/lf/releases/tag/r40

Signed-off-by: Nate Robinson <nrobinson2000@me.com>

mox-pkcs11: add new package

Library for using built-in ECDSA key in devices based on Turris MOX for
PKCS11 authentication

Signed-off-by: Tomáš Macholda <tomas.macholda@nic.cz>

isc-dhcp: fix startup issues with RFC-1918 PTR RRs

If isc-dhcp gets restarted, it might have to deal with RFC-1918 zones
being previously populated by an earlier instance. In that case, we
need to know if we're modified versus initially adding the zones.

The special handling of RFC-1918 zones in Bind is quirky, and there
should be a patch soon to make it more friendly, but in the meantime
you might have to use:

disable-empty-zone 168.192.in-addr.arpa;

Or similar depending on which address block you poach.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

zoneinfo: updated to 2025c release

Updated package version and file hashes.

Signed-off-by: Vladimir Ulrich <admin@evl.su>

pbr: update to 1.2.1-r41

Remove many obsolete files.

Makefile:
* remove netifd-flavour related code
* remove trailing white spaces

Init-script:
* proper deletion of default network rules for IPv{4,6}
* fix netifd function error when IPv6 is enabled
* remove trailing white spaces

Signed-off-by: Stan Grishin <stangri@melmac.ca>

bind: manual fix for IPv6 server unreachable noise

Until we have a failsafe way of detecting no IPv6 internet
connectivity automatically, allow the users to set it
manually for now.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

watchcat: passing the interface in the ping_reboot

Although the watchcat_ping function also checked the iface variable, that
variable was never populated. As a result we could not check if there was
connectivity via a specific interface.

Signed-off-by: Vasileios Anagnostopoulos <anagnwstopoulos@hotmail.com>

cgi-io: update to Git 658b14bda (2025-12-11)

658b14b main: Add `stderr` option for cgi-exec to redirect stderr to stdout

Signed-off-by: Paul Donald <newtwen+github@gmail.com>

xl2tp: add PPP unnumbered support to proto handler

Adds the PPP unnumbered support from openwrt commit 48a95ef ("ppp :
Unnumbered support") to the xl2tp proto handler.

https://github.com/openwrt/openwrt/commit/48a95eff38ceaa13d497617ebd5e2201dd16ee77

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

python-urllib3: update to 2.6.1

Fix CVE-2025-66418 and CVE-2025-66471.

Full release notes:
https://github.com/urllib3/urllib3/releases/tag/2.6.0
https://github.com/urllib3/urllib3/releases/tag/2.6.1

Drop 001-setuptools-scm-upper-limit.patch as upstream now supports
setuptools-scm v9.x.

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>

domoticz: improve config, don't require telldus

Add support for configuring the -vhostname, as it helps to get the right
issuer into OAuth2 tokens. Also disable the mdns responder by default;
when we're running on OpenWrt we have better options that that. Clean
up the logging options, and also make it export $TZ to work around our
musl hack which otherwise opens and reads /etc/TZ thousands of times
a minute.

Also drop the telldus dependency. Domoticz will dlopen that at runtime
without having to have it present at build time at all, so it should
still work for users who install it.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

openzwave: update to 1.6.1965, disable downloads

The project is abandoned but until we get the ZWave-JS-UI node.js
montrosity running in OpenWrt, we need to keep using it. Update to
the last available version.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

owut: update to 2025.12.01

Bug fixes:
efahl/owut@4482dd097f48 owut: handle changes in a package's version number format

Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>

travelmate: release 2.3.0-1

* split travelmate.s in a new central travelmate function library (usr/lib/travelmate-functions.sh) plus
a smal service script (/usr/bin/travelmate-service.sh)
* the vpn-, mail- and login scripts are now using the central function library
* rework the ntp hotplug script
* harden the config parsing
* support the curl interface option to specify which network pathway is used for outgoing requests
* the travelmate status now includes the backend- and frontend version information
* LuCI: use a special travelmate interface, e.g. trm_wwan or use an existing wwan interface
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>

adguardhome: bump to 0.107.71

Changelog: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.71
Signed-off-by: George Sapkin <george@sapk.in>

dnscrypt-proxy2: update to version 2.1.15

- update dnscrypt-proxy2 to version 2.1.15

Signed-off-by: Niklas Thorild <niklas@thorild.se>

multi-arch-test-build: disable comments and labels

Disable posting formality check status comments and adding related
labels while the security token is being figured out.

Link: https://github.com/openwrt/packages/pull/28011
Fixes: 2c558a8 ("ci: label formality failures")
Fixes: 7658669 ("multi-arch-test-build: post formal summaries to PR")
Signed-off-by: George Sapkin <george@sapk.in>

unbound: update to 1.24.2

Fixes: Possible Domain Hijacking via promiscuous NS Records (CVE-2025-11411)
Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
Upstream commit f6269baa605d31859f28770e01a24e3677e5f82c
https://github.com/NLnetLabs/unbound/commit/f6269baa605d31859f28770e01a24e3677e5f82c

Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>

unbound: minimal fix for odhcpd lease file parsing

Current odhcpd in master writes MAC addresses with colons in his lease file,
this new odhcpd format leads to a crash loop in unbound (if DHCPv4 to SLAAC is selected).

Just remove the colons, before the processing in slaac_eui64 begins, fixes #28032

Signed-off-by: Dirk Brenken <dev@brenken.org>

treewide: remove python3-distutils dependency

As the python3-distutils was dropped while bumping the version
to 3.13.9 via 97a92f2e7a77c39d087892f5c9a7350c31f3d65b, remove the
python3-distutils from all packages that are currently using it.

OpenWrt already uses recent enough releases of these packages
that have adapted to work without distutils, so the dependency
can be safely removed.

Signed-off-by: Til Kaiser <mail@tk154.de>

ptunnel-ng: remove package

It seems upstream author does not have
time to maintain this software anymore.
Please see v1.43 release note.

Signed-off-by: Yanase Yuki <dev@zpc.st>

qbee-agent: bump version to 2025.49

Bump version to 2025.49

Signed-off-by: Jon Henrik Bjørnstad <jonhenrik@qbee.io>

telegraf: set home variable in uci-defaults script

avoid a non-critical error caused by getent not being installed

Signed-off-by: Niklas Thorild <niklas@thorild.se>

telegraf: update to 1.37.0

- Update Telegraf to v1.37.0

Signed-off-by: Niklas Thorild <niklas@thorild.se>

modemmanager: allow empty initial EPS bearer APN

This commit removes the non-empty APN requirement for initial EPS
bearer. An empty APN value is valid and means that the modem will use a
network provided APN offered by the operator.

Signed-off-by: Simonas Tamošaitis <simsasss@gmail.com>

watchcat: set default value for mmifacename to prevent argument shift

Set mmifacename default to "null" instead of an empty string to avoid
argument displacement when the value is not defined. Also remove leftover
debug comments from previous commit.

Signed-off-by: Ivan Diaz <diaz.it@icloud.com>

watchcat: fix argument handling and allow multiple ping hosts

The backend now correctly supports multiple IP addresses and avoids
argument shifting when mmifacename is empty.

Signed-off-by: Ivan Diaz <diaz.it@icloud.com>

openconnect: fix off-by-one while condition

resolveip returns 0 on success. This means that the while loop
will just run until all tries are exhausted. But this was not
the intended behaviour.

Fixes: 20ea72607bbf ("openconnect: make host dependency more resilient")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

pbr: update to 1.2.1-r35

pbr 1.2.1-r35

Makefile:
* split uci-defaults into different purpose files
* add handling of netifd integration

Config:
* update with default values for all options (thanks @betonmischer86)

Init-script:
* add netifd integration handling
* add ip() function to emulate ip rule replace
* add netbird intrfaces support (thanks @egc112)
* reorganize loading/handling of options in load_package_config()
* improve display of interface triggers in service_triggers()
* remove chains cleanup from stop_service() due to exclusive use of fw4 nft files
* improve status_service() output
* drop input and postrouting as valid options for policy chain

Uci-defaults files:
* 91-pbr-nft: cosmetic improvements

Default nft files:
* drop use of input and postrouting chanins

Custom User files:
* dns-prefetch: functional improvements (thanks @betonmischer86)

Signed-off-by: Stan Grishin <stangri@melmac.ca>

prometheus-node-exporter-lua: remove zero values

depending on the configuration there may be multiple
interfaces creating multiple time series always
reporting 0 value. omiting them from the export saves
resources. most notably cpu. this is limited to
counter types

Signed-off-by: Markus Hube <markus.hube@t-online.de>

snapcast: update to v0.34.0

A straightforward update from 0.28.0 (2024-03-19, [1])
to 0.34.0 (2025-10-12, [2]) with almost 400 commits. [3]

Notable change is the configurable OpenSSL support (BUILD_WITH_SSL)
for both snapserver and snapclient.
They will be enabled once I introduce the flavours.

In the mean time upsteam moved to it's own organization. [4]

Upstream changelog:
https://github.com/snapcast/snapcast/blob/v0.34.0/changelog.md

[1]: https://github.com/snapcast/snapcast/releases/tag/v0.28.0
[2]: https://github.com/snapcast/snapcast/releases/tag/v0.34.0
[3]: https://github.com/snapcast/snapcast/compare/v0.28.0...v0.34.0
[4]: https://github.com/snapcast

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>

snapcast: define ALSA support explicitly

As Hannu Nyman pointed out, in some cases the build of the package is
able to fail:

Package snapserver is missing dependencies for the following libraries:
libasound.so.2

He said: on some build runs, alsa is built (as required by other
packages), and if it is built before snapcast, it may be detected,
if the feature is not explicitly disabled in CMakeLists.txt.

Also: "I think that you could drop that AUDIO_SUPPORT conditional.
AUDIO_SUPPORT is selected e.g. if USB_SUPPORT is selected,
so it is not that big restriction."

Suggested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>

snapcast: sort and reformat CMAKE_OPTIONS

Sort CMAKE_OPTIONS by alphabet and save a few bytes with tab character,
instead of repeating "CMAKE_OPTIONS +="

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>

vim: disable wayland to fix missing dependency

vim autodetects wayland if it's installed, but there's no dependency on
it which results in:

Package vim-full is missing dependencies for the following libraries:
libwayland-client.so.0

Fixes: 4406b79 ("vim: bump to 9.1.1918")
Signed-off-by: George Sapkin <george@sapk.in>

yt-dlp: bump to 2025.12.08

Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.12.08
Signed-off-by: George Sapkin <george@sapk.in>

udpspeeder: disable color in logging to prevent side effects in syslog

Fixes #26872 by passing --disable-color in init script

Signed-off-by: David Connolly <david@connol.ly>

vim: bump to 9.1.1918

Switch source to GitHub for the most recent releases.

Changes: https://github.com/vim/vim/compare/v9.1.0...v9.1.1918
Signed-off-by: George Sapkin <george@sapk.in>