Tianling Shen [Sat, 20 Sep 2025 08:22:59 +0000 (16:22 +0800)]
microsocks: run as unprivileged user
Run the daemon as unprivileged user for better security.
Trim whitespaces while at it.
Signed-off-by: Tianling Shen <[email protected]>
Josef Schlehofer [Fri, 26 Sep 2025 18:32:43 +0000 (20:32 +0200)]
gperftools: enable it for mips*
It should be working for mips*,
so enable it and let's see. :-)
In the past, there were some issues related to mips,
when the package was added, but these days, it appears
that these issues are gone. More details
about those issues could be found in the GitHub pull request
when gperftools was added. Reference is in the Fixes tag.
Fixes: c1b4e80825d6855d66899dc32490b0ce9537aff5 ("gperftools: add new package")
Signed-off-by: Josef Schlehofer <[email protected]>
Peter van Dijk [Thu, 18 Sep 2025 09:18:00 +0000 (11:18 +0200)]
dnsdist: update to 2.0.1
fixes CVE-2025-4820, CVE-2025-4821, CVE-2025-7054
adds python-yaml/host build dep as the dnsdist configuration handling
is now (since 2.0.0) generated at build time
Signed-off-by: Peter van Dijk <[email protected]>
Roc Lai [Thu, 25 Sep 2025 22:37:20 +0000 (06:37 +0800)]
frp: bump to 0.65.0
Change log is available at: https://github.com/fatedier/frp/releases/tag/v0.65.0
Signed-off-by: Roc Lai <[email protected]>
Ray Wang [Sat, 23 Aug 2025 03:33:16 +0000 (11:33 +0800)]
natmap: update to
20250924
Upstream changelog:
https://github.com/heiher/natmap/releases/tag/
20250924
Signed-off-by: Ray Wang <[email protected]>
Othmar Truniger [Wed, 24 Sep 2025 14:45:25 +0000 (16:45 +0200)]
libfmt: bump to new upstream version 12.0.0
bump to new upstream relaese
Signed-off-by: Othmar Truniger <[email protected]>
Biao Zhu [Sat, 27 Sep 2025 03:12:00 +0000 (11:12 +0800)]
fluent-bit: update to 4.1.0
- Remove obsolete patch
Build system: aarch64
Build-tested: mediatek/filogic
Run-tested: mediatek/filogic
Signed-off-by: Biao Zhu <[email protected]>
Jan Hák [Thu, 25 Sep 2025 12:09:21 +0000 (14:09 +0200)]
knot: backport patch to fix linking with libhiredis
It was discovered that even while using ``--enable-redis=no``
and ``--disable-redis`` that it was still linking with libhiredis.
This avoids to picking up libhiredis as dependency:
```
Package knot is missing dependencies for the following libraries:
libhiredis.so.1.1.0
```
Fixes: cbbd2b5b3bd6df7e550b114cf1c9f8e0f5bc8616 ("knot: disable redis as it was enabled since 3.5.0 by default")
Signed-off-by: Jan Hák <[email protected]>
Vladimir Kochnev [Fri, 26 Sep 2025 10:59:11 +0000 (13:59 +0300)]
acme-acmesh: support TLS-ALPN-01 challenge
This change adds an ability to invoke acme.sh with --alpn option
invoking a TLS-ALPN-01 challenge on the 443 port.
Signed-off-by: Vladimir Kochnev <[email protected]>
Jan Hák [Thu, 25 Sep 2025 12:09:21 +0000 (14:09 +0200)]
knot: disable redis as it was enabled since 3.5.0 by default
By disabling redis, it is not possible to use redis database as zone storage
Signed-off-by: Jan Hák <[email protected]>
Josef Schlehofer [Fri, 26 Sep 2025 07:28:09 +0000 (09:28 +0200)]
vectorscan: drop custom DEPENDS_COMMON
There is no reason to have custom specific DEPENDS_COMMON,
I dropped it and added it to DEPENDS. Simplified, easier to read
and understand.
Signed-off-by: Josef Schlehofer <[email protected]>
Josef Schlehofer [Wed, 24 Sep 2025 19:17:27 +0000 (21:17 +0200)]
mpack: drop package
The package is ancient, old and not developed anymore.
Project URL on GitLab shows 404, I could find it on Debian GitLab [1].
[1] https://salsa.debian.org/debian/mpack
Signed-off-by: Josef Schlehofer <[email protected]>
Antonio Pastor [Mon, 15 Sep 2025 22:38:09 +0000 (18:38 -0400)]
netatalk: update to 4.3.2
Netatalk 4.3.x adds the option to use sqlite as a CNID DB. This
is now a config option for the full package.
(mysql is also an option but this has not been included here yet).
As CNID DB backends are now managed by the netatalk meta-daemon
the init script has been updated to use it instead of starting
afpd & dbd manually.
Cleaned up tab/space issues here and there.
Signed-off-by: Antonio Pastor <[email protected]>
Josef Schlehofer [Mon, 16 Jun 2025 09:49:34 +0000 (11:49 +0200)]
syslog-ng: update to version 4.10.0
Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.0
Makefile changes
----------------
1. Disable experimental feature: stackdump
due to issues, which were reported to upstream
2. Disabled example modules to avoid adding libstdc++.so.6 dependency
Fixes:
Package syslog-ng is missing dependencies for the following libraries:
libstdc++.so.6
Other changes
-------------
In syslog-ng 4.8.0, there was added possibility to use value "current"
as version in the config file, so use it, which confirm to use
the latest version instead of bumping the version in the file
manually.
Signed-off-by: Josef Schlehofer <[email protected]>
Josef Schlehofer [Thu, 25 Sep 2025 21:46:44 +0000 (23:46 +0200)]
syslog-ng: add runtime test
It adds a runtime test to verify that the compiled binary in
CI/CD runs without segfault and prints the version.
Signed-off-by: Josef Schlehofer <[email protected]>
Linus Kardell [Wed, 10 Sep 2025 09:59:17 +0000 (11:59 +0200)]
liburcu: correct licenses
I've listed what files contain each SPDX-License-Identifier, and tried
to classify their purpose as below:
- BSD-2-Clause: `tests/**` (tests)
- CC0-1.0: `extras/abi/**/*.xml` (documentation)
- CC-BY-4.0: `ChangeLog`, `**/*.md` (documentation)
- FSFAP: `m4/*.m4` (build system)
- GPL-2.0-only: `tests/**`, `extras/abi/dump_abi.sh` (tests,
documentation)
- GPL-2.0-or-later: `scripts/urcu-api-list.sh`, `tests/**` (tests,
documentation)
- GPL-2.0-or-later WITH Autoconf-exception-2.0: `m4/ae_pprint.m4` (build
system)
- GPL-2.0-or-later WITH LicenseRef-Autoconf-exception-macro: `m4/*.m4`
(build system)
- GPL-3.0-or-later: `tests/utils/tap.sh` (tests)
- LGPL-2.1-only: `configure.ac`, `include/**/*.h` (build system,
headers)
- LGPL-2.1-or-later: `doc/**`, `include/**/*.h`, `src/**/*.{c,h}`,
`tests/**`, (documentation, headers, source, tests)
- LicenseRef-Boehm-GC: `include/**/*.h`, `tests/common/thread-id.h`
(headers, documentation)
- MIT: `.gitignore`, `.gitreview`, `Makefile.am`, `bootstrap`, `doc/**`,
`extras/Makefile.am`, `include/Makefile.am`, `include/**/*.h`,
`src/**/*.{am,h,pc.in}`, `tests/**` (documentation, build system,
headers, source control)
Then in PKG_LICENSE I've included licenses which are used for headers,
source, or build system. I've also corrected PKG_LICENSE_FILES: license
texts are in the LICENSES directory, lgpl-relicensing ends with .md, and
I've added the overarching LICENSE.md.
Signed-off-by: Linus Kardell <[email protected]>
Linus Kardell [Tue, 9 Sep 2025 15:13:22 +0000 (17:13 +0200)]
yaml: correct PKG_LICENSE_FILES
Point to correct file name.
Signed-off-by: Linus Kardell <[email protected]>
Linus Kardell [Tue, 9 Sep 2025 15:12:52 +0000 (17:12 +0200)]
tiff: correct PKG_LICENSE_FILES
Point to correct file name.
Signed-off-by: Linus Kardell <[email protected]>
Maxim Storchak [Thu, 25 Sep 2025 09:38:21 +0000 (12:38 +0300)]
lvm2: disable readline and interactive shell
remove support of interactive mode in /sbin/lvm
Benefits:
- drop dependency on readline and ncurses (-700kb if there are no other users of these libs)
- shrink the lvm binary itself (-260k)
Drawback:
- lose interactive shell:
lvm> vgchange -ay
4 logical volume(s) in volume group "vg0" now active
lvm>
"lvm <subcommand> --params" and "<subcommand> --params" entry points are still available
Signed-off-by: Maxim Storchak <[email protected]>
Christian Korber [Wed, 24 Sep 2025 05:23:53 +0000 (07:23 +0200)]
ufp: update to 2025.09.23
Update to latest version, which enables ubus calls via uhttpd.
Signed-off-by: Christian Korber <[email protected]>
Josef Schlehofer [Wed, 24 Sep 2025 10:27:48 +0000 (12:27 +0200)]
nft-qos: drop it as it does not work
There are several issues opened in our repository:
https://github.com/openwrt/packages/issues/16007
https://github.com/openwrt/packages/issues/19833
https://github.com/openwrt/packages/issues/20498
https://github.com/openwrt/packages/issues/20899
https://github.com/openwrt/packages/issues/24027
https://github.com/openwrt/packages/issues/24147
https://github.com/openwrt/packages/issues/24149
Unfortunately, maintainer @rosysong appears to be gone
and his domain is not working anymore.
For such reason as it is not maintained since 2021, drop it.
Signed-off-by: Josef Schlehofer <[email protected]>
Josef Schlehofer [Wed, 24 Sep 2025 10:20:55 +0000 (12:20 +0200)]
dysk: drop unmaintained package here
This package was introduced in https://github.com/openwrt/packages/pull/22592
and it has not received any update in this repository despite
the upstream releases new versions.
Because, we dont have enough man power to keep it updated,
lets drop this.
Signed-off-by: Josef Schlehofer <[email protected]>
Josef Schlehofer [Sun, 15 Jun 2025 06:37:32 +0000 (08:37 +0200)]
treewide: drop anything related to uClibc
uClibc-ng was removed in 2020 from OpenWrt main repo [1].
These things are leftovers.
[1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=
63fb175203bbf3b336804587c2f5b3a2d8132ec1
Signed-off-by: Josef Schlehofer <[email protected]>
Jan Hák [Mon, 22 Sep 2025 13:21:21 +0000 (15:21 +0200)]
knot: update to version 3.5.0
Release notes: https://www.knot-dns.cz/2025-09-18-version-350.html
Patch from commit https://gitlab.nic.cz/knot/knot-dns/-/commit/
1297a6cc0fef21f35cfa517b5b55d94cd9cea41d
Signed-off-by: Jan Hák <[email protected]>
Aleksey Vasilenko [Tue, 23 Sep 2025 05:41:56 +0000 (08:41 +0300)]
sendmail: fix build on hosts with Berkley DB installed
Buildbot caught an error:
"Berkeley DB file locking needs flock() for version 5.x (and greater?)"
It is caused by leakage of host-installed Berkley DB into the build.
Since libmilter is not using the DB and because of convoluted build
process of sendmail, we do the workaround - define a macro which
prevents the error without affecting libmilter binary.
Also change source URL from FTP to HTTPS.
Signed-off-by: Aleksey Vasilenko <[email protected]>
Alexandru Ardelean [Tue, 23 Sep 2025 13:26:09 +0000 (16:26 +0300)]
tcpreplay: bump to version 4.5.2
This change bumps to version 4.5.2
Signed-off-by: Alexandru Ardelean <[email protected]>
Alexandru Ardelean [Mon, 22 Sep 2025 09:48:56 +0000 (12:48 +0300)]
stress-ng: bump to version 0.19.04
This change bumps the version of stress-ng to 0.19.04
Signed-off-by: Alexandru Ardelean <[email protected]>
Alexandru Ardelean [Tue, 23 Sep 2025 13:22:05 +0000 (16:22 +0300)]
squashfs-tools: bump to version 4.7.2
Contains backported patch '0001-print_pager-add-missing-includes.patch'
so we can remove it.
Signed-off-by: Alexandru Ardelean <[email protected]>
George Sapkin [Fri, 2 May 2025 14:29:44 +0000 (17:29 +0300)]
python-atomicwrites: drop package
- archived upstream
- drop confirmed by Python maintainer
- last local commit:
commit:
d5ac6e103eb11d29f4e822fadb727225e0e80992
Author: Jeffery To <
[email protected]>
Date: Mon, 24 Jul 2023 22:46:41 -0700
python-atomicwrites: Update to 1.4.1
Link: https://github.com/openwrt/packages/pull/26400#issuecomment-2848164601
Signed-off-by: George Sapkin <[email protected]>
George Sapkin [Sun, 27 Apr 2025 13:28:59 +0000 (16:28 +0300)]
temperusb: drop package
- unmaintained upstream
- drop confirmed by maintainer
- last local commit:
commit:
4ca726ae02d92e0ab061c4d2b26d3b31f84b71d9
Author: Samuel Progin <
[email protected]>
Date: Thu, 2 May 2019 21:46:30 +0200
temperusb: package upgrade
- no PKG_MAINTAINER in Makefile
Link: https://github.com/openwrt/packages/pull/26400#issuecomment-2847739732
Signed-off-by: George Sapkin <[email protected]>
George Sapkin [Sun, 27 Apr 2025 13:28:28 +0000 (16:28 +0300)]
dhcp-forwarder: drop package
- unmaintained upstream
- drop confirmed by maintainer
- last local commit:
commit:
4006865ae81b20b1793ae2a07db20235fefd2c71
Author: Etienne Champetier <
[email protected]>
Date: Tue, 29 Aug 2017 21:41:14 -0700
treewide: run "make check FIXUP=1"
Link: https://github.com/openwrt/packages/pull/26400#issuecomment-2848168367
Signed-off-by: George Sapkin <[email protected]>
George Sapkin [Sun, 27 Apr 2025 13:27:54 +0000 (16:27 +0300)]
libantlr3c: drop package
- unmaintained upstream
- drop confirmed by maintainer
- last local commit:
commit:
77519979190f1634ba35ec69ca18f42f0cc7db12
Author: Rosen Penev <
[email protected]>
Date: Sun, 8 Jul 2018 19:51:17 -0700
libantlr3c: Update to 3.4
Link: https://github.com/openwrt/packages/pull/26400#issuecomment-2848168367
Signed-off-by: George Sapkin <[email protected]>
George Sapkin [Sun, 27 Apr 2025 13:27:53 +0000 (16:27 +0300)]
intltool: drop package
- unmaintained upstream
- drop confirmed
- last local commit:
commit:
cea49c620dbd53e79d206d0eba7f0dbce92e2d2f
Author: Ansuel Smith <
[email protected]>
Date: Wed, 7 Aug 2019 13:42:26 +0200
intltool: fix broken compile on WSL
Link: https://github.com/openwrt/packages/pull/26400#issuecomment-2840303503
Signed-off-by: George Sapkin <[email protected]>
George Sapkin [Sun, 27 Apr 2025 13:27:05 +0000 (16:27 +0300)]
pkg-config: drop package
- unmaintained upstream
- drop confirmed by maintainer
- last local commit:
commit:
243a1a13241dffc3d8da2830d825cbc535c1e33d
Author: Rosen Penev <
[email protected]>
Date: Sat, 2 Nov 2019 11:14:50 -0700
pkg-config: Add CONFLICTS for pkgconf
Link: https://github.com/openwrt/packages/pull/26400#issuecomment-2848120084
Signed-off-by: George Sapkin <[email protected]>
Alexandru Ardelean [Mon, 22 Sep 2025 06:44:01 +0000 (09:44 +0300)]
numpy: bump to version 2.3.3
Bump the version number to 2.3.3
Signed-off-by: Alexandru Ardelean <[email protected]>
Alexandru Ardelean [Mon, 22 Sep 2025 06:42:46 +0000 (09:42 +0300)]
openblas: backport version of fix from upstream
From this PR:
https://github.com/OpenMathLib/OpenBLAS/pull/5442
Signed-off-by: Alexandru Ardelean <[email protected]>
Florian Eckert [Tue, 23 Sep 2025 07:51:13 +0000 (09:51 +0200)]
Revert "afraid.org-v2-token.json: Fix 404 on update"
This reverts commit
366629b117b49dab040b98dcb6433e4dc9772a36.
It has been determined that the URL currently in use points to v1. The
previously used URL remains valid and is correct. If someone requires the
v1 URL, a new provider must be created.
Signed-off-by: Florian Eckert <[email protected]>
Paul Donald [Thu, 18 Sep 2025 23:21:05 +0000 (01:21 +0200)]
ddns-scripts: stash the next check time
Calculating the next check time based on the last update time is not
very accurate if the next check is a large multiple forwards from the
last update time because the cumulative sleeps and wake times are not
exact but best effort of the OS. Other factors including clock-drift
give rise to a larger time discrepancy the further the next update is in
the future.
Stash the next check time which should be quite accurate since it's
only one sleep instance away. This is also for use in the GUI.
Tested on 24.10.2
Signed-off-by: Paul Donald <[email protected]>
Florian Maurer [Mon, 15 Sep 2025 19:22:49 +0000 (21:22 +0200)]
tunneldigger: add broker_selection option to expose load balancing capabilities
Using the broker_selection param makes it possible to decide by use (default),
always use the first available broker to connect or select a random broker
See also: https://github.com/wlanslovenija/tunneldigger/blob/
51a5e46ad143c92d2867835a563146ec4fbc6211/client/l2tp_client.c#L1331-L1333
Signed-off-by: Florian Maurer <[email protected]>
Moritz Warning [Thu, 18 Sep 2025 21:31:45 +0000 (23:31 +0200)]
zerotier: update to 1.16.0
Authored-by: Óscar García Amor <[email protected]>
Signed-off-by: Moritz Warning <[email protected]>
Tianling Shen [Mon, 22 Sep 2025 09:17:09 +0000 (17:17 +0800)]
btop: Update to 1.4.5
Release note: https://github.com/aristocratos/btop/releases/tag/v1.4.5
Signed-off-by: Tianling Shen <[email protected]>
Tianling Shen [Mon, 22 Sep 2025 09:16:47 +0000 (17:16 +0800)]
cloudflared: Update to 2025.9.0
Release note: https://github.com/cloudflare/cloudflared/releases/tag/2025.9.0
Signed-off-by: Tianling Shen <[email protected]>
Tianling Shen [Mon, 22 Sep 2025 09:16:21 +0000 (17:16 +0800)]
openlist: Update to 4.1.3
Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.3
Signed-off-by: Tianling Shen <[email protected]>
George Sapkin [Sun, 31 Aug 2025 17:20:15 +0000 (20:20 +0300)]
syncthing: bump to 2.0.9
Major version change that switches DB backend from
LevelDB to SQLite. Requires golang 1.24+.
- improve syncthing argument parsing to be more
robust
- remove unused and add updated config options
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.0
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.1
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.2
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.3
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.4
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.5
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.6
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.7
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.8
Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.9
Signed-off-by: George Sapkin <[email protected]>
wip
Signed-off-by: George Sapkin <[email protected]>
Nate Robinson [Sat, 20 Sep 2025 17:45:04 +0000 (13:45 -0400)]
lf: update to r38
https://github.com/gokcehan/lf/releases/tag/r38
Signed-off-by: Nate Robinson <[email protected]>
Stan Grishin [Wed, 13 Aug 2025 20:59:26 +0000 (20:59 +0000)]
unbound: update README
* add adblock-fast to the Ad Blocking segment
* fix grammar (Its -> It's)
* modify last paragraph of the instructions as they are specific to adblock
Signed-off-by: Stan Grishin <[email protected]>
Luiz Angelo Daros de Luca [Fri, 29 Aug 2025 19:01:54 +0000 (16:01 -0300)]
sane-backends: update to 1.4.0
Changelog: https://gitlab.com/sane-project/backends/-/releases/1.4.0
Signed-off-by: Luiz Angelo Daros de Luca <[email protected]>
Rosen Penev [Sat, 23 Aug 2025 02:22:08 +0000 (19:22 -0700)]
gphoto2: update to 2.5.32
Fixes compilation with GCC15.
Signed-off-by: Rosen Penev <[email protected]>
Rosen Penev [Sat, 23 Aug 2025 02:09:22 +0000 (19:09 -0700)]
libgphoto2: update to 2.5.32
Fixes compilation with GCC15.
Signed-off-by: Rosen Penev <[email protected]>
Fabrice Fontaine [Wed, 17 Sep 2025 06:58:04 +0000 (08:58 +0200)]
net/iputils: fix PKG_CPE_ID
iputils_project:iputils has been deprecated in favour of iputils:iputils
Signed-off-by: Fabrice Fontaine <[email protected]>
Fabrice Fontaine [Wed, 17 Sep 2025 12:17:22 +0000 (14:17 +0200)]
cjson: fix PKG_CPE_ID
cjson_project:cjson has been deprecated in favour of davegamble:cjson:
https://nvd.nist.gov/products/cpe/detail/
70BC45DA-D915-4A1D-96AF-
84A6CECEE148
Signed-off-by: Fabrice Fontaine <[email protected]>
Fabrice Fontaine [Wed, 17 Sep 2025 06:46:56 +0000 (08:46 +0200)]
python-cryptography: fix PKG_CPE_ID
cryptography_project:cryptography has been deprecated in favour of
cryptography.io:cryptography:
https://nvd.nist.gov/products/cpe/detail/
2EBA50FC-F3F9-40D5-82BD-
EFB67F761153
Signed-off-by: Fabrice Fontaine <[email protected]>
Fabrice Fontaine [Wed, 17 Sep 2025 06:41:22 +0000 (08:41 +0200)]
gnuplot: fix PKG_CPE_ID
gnuplot_project:gnuplot has been deprecated in favour of
gnuplot:gnuplot:
https://nvd.nist.gov/products/cpe/detail/
DB68C9F5-3330-4749-A6F5-
61FF041037CC
Signed-off-by: Fabrice Fontaine <[email protected]>
Fabrice Fontaine [Wed, 17 Sep 2025 06:24:11 +0000 (08:24 +0200)]
boinc: fix PKG_CPE_ID
rom_walton:boinc has been deprecated in favour of
universityofcalifornia:boinc_client:
https://nvd.nist.gov/products/cpe/detail/
DAC161C5-2154-44BF-916A-
EACB524E8B8F
Signed-off-by: Fabrice Fontaine <[email protected]>
Aleksey Vasilenko [Thu, 18 Sep 2025 22:02:16 +0000 (01:02 +0300)]
sendmail: update to 8.18.1
- Fix GCC 15 build with 2 patches from Gentoo [1][2]
- Refresh existing patch
- Extend 010-enable-nonroot-install.patch to remove "-o U -g G" from
more install targets (fixes 'invalid user buildbot' in CI)
[1]: https://github.com/gentoo/gentoo/blob/master/mail-mta/sendmail/files/sendmail-8.18.1-c23-sm_strtoll.patch
[2]: https://github.com/gentoo/gentoo/blob/master/mail-mta/sendmail/files/sendmail-8.18.1-c23-ctime.patch
Co-authored-by: W. Michael Petullo <[email protected]>
Signed-off-by: Aleksey Vasilenko <[email protected]>
John Audia [Thu, 4 Sep 2025 20:38:22 +0000 (16:38 -0400)]
snort3: add patch to unambiguously show vectorscan
When snort is run with the --version option, it advertises components'
versions in the output. Add a patch to modify the output to clearly
show vectorscan is in use.
Signed-off-by: John Audia <[email protected]>
John Audia [Tue, 2 Sep 2025 10:21:37 +0000 (06:21 -0400)]
snort3: replace hyperscan with vectorscan in deps
* Replacement of hyperscan-runtime reference with vectorscan-runtime
* Added support for all aarch64 targets which I believe is exhaustive
For x86 and x86/64, I found that vectorscan is truly a drop-in
replacement for hyperscan as assessed by speedtests with snort3 running
on my Intel N150 PC. CPU load during the test with each condition was
nearly saturating on a single core for both cases on a symmetrical
Gbps line.
Using: https://www.waveform.com/tools/bufferbloat in IPS mode:
Download speed w/ hyperscan: 950-960 Mbit/s (n=2)
Download speed w/ vectorscan: 942-960 Mbit/s (n=2)
Using: https://www.speedtest.net in IPS mode:
Download speed w/ hyperscan: 996-1002 Mbit/s (n=2)
Download speed w/ vectorscan: 993-988 Mbit/s (n=2)
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc (Intel N150 based box running snort3)
Signed-off-by: John Audia <[email protected]>
John Audia [Tue, 2 Sep 2025 18:02:58 +0000 (14:02 -0400)]
hyperscan: remove package
Remove hyperscan since Intel announced a proprietary/closed source
license beginning with hyperscan 5.5[1,2] and a general lock of support
for the 5.4.x branch which has not seen a commit since 19-Apr-2023[3].
1. https://networkbuilders.intel.com/docs/networkbuilders/accelerate-snort-performance-with-hyperscan-and-intel-xeon-processors-on-public-clouds-
1680176363.pdf
2. https://www.phoronix.com/news/Intel-Hyperscan-Now-Proprietary (and references therein)
3. intel/hyperscan@
bc3b191
Signed-off-by: John Audia <[email protected]>
John Audia [Tue, 9 Sep 2025 23:41:00 +0000 (19:41 -0400)]
snort3: remove hyperscan specific patch
Drop 100-remove-HAVE_HS_COMPILE_LIT-to-work-around-upstream-b.patch as
it was only needed to fix the build against hyperscan. Vectorscan
builds fine without it.
Signed-off-by: John Audia <[email protected]>
John Audia [Sun, 21 May 2023 12:04:37 +0000 (08:04 -0400)]
vectorscan: new package for speeding up regex ops
Vectorscan is fork of Hyperscan, a high-performance multiple regex
matching library. It follows the regular expression syntax of the
commonly-used libpcre library, but is a standalone library with
its own C API.
Currently ARM NEON/ASIMD and Power VSX are 100% functional. ARM
SVE2 support is in ongoing with access to hardware now. More
platforms will follow in the future.
The performance difference of snort3 compiled against this is
sizable for aarch64 confirmed on two different SoCs:
Test SoC #1 flogic/glinet_gl-mt6000
IDS mode:
Download speed wo/ vectorscan: 91.2 ±0.21 Mbit/s (n=3)
Download speed using vectorscan: 331.0 ±27.34 Mbit/s (n=3)
Gain of 3.6x
IPS mode:
Download speed wo/ vectorscan: 30.0 ±0.06 Mbit/s (n=3)
Download speed using vectorscan: 52.9 ±0.78 Mbit/s (n=3)
Gain of 1.8x
Notes:
* Data generated on snapshot build on 12-Apr-2024 using kernel
6.6.26, snort 3.1.84.0, vectorscan 5.4.11.
* Speedtest script hitting the same server.
* Snort rules file of was 37,917 lines/22 MB.
* In all cases, single core CPU saturation occurred which
speaks to the efficiency gains supplied by vectorscan.
Test Soc #2 bcm2712/RPi5B
IPS mode:
Download speed wo/ vectorscan: 164.3 ±0.64 Mbit/s (n=3)
Download speed using vectorscan: 232.8 ±0.26 Mbit/s (n=3)
Gain of 1.4x
Notes:
* Data generated on snapshot build on 13-Apr-2024 using kernel
6.1.86, snort 3.1.84.0, vectorscan 5.4.11.
* Google fiber speedtest (https://fiber.google.com/speedtest/)
hitting the same server.
* Snort rules contained 39,801 rules/22 MB.
* In all cases, single core CPU saturation occurred which
speaks to the efficiency gains supplied by vectorscan.
Build system: x86/64
Build-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc
Run-tested: flogic/glinet_gl-mt6000, bcm2712/RPi5B, x86/64-glibc (Intel N150 based box)
Co-authored-by: Tianling Shen <[email protected]>
Co-authored-by: Jeffery To <[email protected]>
Signed-off-by: John Audia <[email protected]>
David Härdeman [Thu, 18 Sep 2025 07:55:29 +0000 (09:55 +0200)]
bind: don't break IPv6 support
What started in #20183 as a attempt to clean up noise in the logfiles,
turned out to be causing denial-of-service for dual-stack and especially
IPv6-only environments.
Breaking core network functionality cannot possibly be less important
than cosmetic issues, and those affected by log spam can avoid it via
other means (e.g. "query-source-v6 none;" in named.conf).
There's no reliable heuristic for determining whether there's IPv6
connectivity at the time bind is started which will catch any and all
corner cases, as discussed in #26327.
So, remove this logic for now. If a suitable heuristic can be devised,
it can always be added in a subsequent patch, but I have my doubts.
(Also, quote one variable to make shellcheck happy)
Closes: #26327
Closes: #20468
Signed-off-by: David Härdeman <[email protected]>
Tianling Shen [Fri, 19 Sep 2025 07:46:51 +0000 (15:46 +0800)]
rust: Update to 1.90.0
Release note: https://blog.rust-lang.org/2025/09/18/Rust-1.90.0/
Signed-off-by: Tianling Shen <[email protected]>
Biao Zhu [Sun, 7 Sep 2025 12:23:25 +0000 (20:23 +0800)]
fluent-bit: update to 4.0.9
- Remove obsolete patch
- Add patch replace NPN with ALPN for client connections \
because the default OpenSSL library does not enable NPN.
- Add newly libstdcpp dependency
Build system: aarch64
Build-tested: mediatek/filogic
Run-tested: mediatek/filogic
Signed-off-by: Biao Zhu <[email protected]>
Luiz Angelo Daros de Luca [Sat, 8 Feb 2025 07:59:08 +0000 (04:59 -0300)]
ruby: update to 3.4.5
Ruby 3.4.0 is a major release that introduces several changes:
- Adds `it` block parameter reference
- Switches default parser to Prism
- Implements Happy Eyeballs Version 2 in the socket library
- Improves YJIT
- Adds Modular GC
- And more (see changelog for full details)
Subsequent minor releases include:
- 3.4.1: fixes version description
- 3.4.2: routine bugfix release
- 3.4.3: routine bugfix release
- 3.4.4: routine bugfix release (Linux-specific)
- 3.4.5: routine bugfix release, adds GCC 15 support
Packaging changes:
- (NEW) ruby-repl_type_completor (packaging the repl_type_completor gem)
- Refreshed package dependencies
- Updated `ruby_missingfiles` (detects unpacked files) to use `apk`
- Refactored `ruby_find_pkgsdeps` (detects inter-package dependencies)
to use the Ruby parser (Prism) instead of heuristic string matching
Changelog: https://www.ruby-lang.org/en/news/2024/12/25/ruby-3-4-0-released/
Signed-off-by: Luiz Angelo Daros de Luca <[email protected]>
Wesley Gimenes [Tue, 16 Sep 2025 00:48:12 +0000 (21:48 -0300)]
netbird: update to 0.57.1
changelog: https://github.com/netbirdio/netbird/releases/tag/v0.57.1
Signed-off-by: Wesley Gimenes <[email protected]>
Niklas Thorild [Thu, 14 Aug 2025 10:52:09 +0000 (12:52 +0200)]
dnscrypt-proxy2: update to version 2.1.14
- update dnscrypt-proxy2 to version 2.1.14
- add GO_PKG_INSTALL_EXTRA:= dnscrypt-proxy/static/ to fix build error
Contributed-by: @ScoutJamboree
Signed-off-by: Niklas Thorild <[email protected]>
George Sapkin [Wed, 17 Sep 2025 11:36:04 +0000 (14:36 +0300)]
adguardhome: bump to 0.107.66
Changelog: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.66
Signed-off-by: George Sapkin <[email protected]>
George Sapkin [Wed, 17 Sep 2025 11:49:13 +0000 (14:49 +0300)]
yt-dlp: bump to 2025.09.05
Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.08.27
Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.05
Signed-off-by: George Sapkin <[email protected]>
Ray Wang [Thu, 18 Sep 2025 00:41:00 +0000 (08:41 +0800)]
hev-socks5-server: update to 2.10.0
Upstream changelog:
https://github.com/heiher/hev-socks5-server/releases/tag/2.10.0
Signed-off-by: Ray Wang <[email protected]>
Stan Grishin [Tue, 16 Sep 2025 00:32:49 +0000 (00:32 +0000)]
adblock-fast: bugfix: dl command
* only test gzip existence and reset action/param on boot
Signed-off-by: Stan Grishin <[email protected]>
Ted Hess [Wed, 17 Sep 2025 17:20:39 +0000 (13:20 -0400)]
cmdpad: Remove from packages and move to packages-abondoned
Signed-off-by: Ted Hess <[email protected]>
Rosen Penev [Sat, 12 Jul 2025 03:21:11 +0000 (20:21 -0700)]
cmdpad: fix compilation with GCC 15
There's no parameter to this function.
Signed-off-by: Rosen Penev <[email protected]>
Sandro Jäckel [Fri, 12 Sep 2025 11:16:59 +0000 (13:16 +0200)]
tailscale: update to 1.88.1
Signed-off-by: Sandro Jäckel <[email protected]>
Tianling Shen [Wed, 17 Sep 2025 08:44:17 +0000 (16:44 +0800)]
xray-core: Update to 25.9.11
Release note: https://github.com/XTLS/Xray-core/releases/tag/v25.9.11
Signed-off-by: Tianling Shen <[email protected]>
Tianling Shen [Wed, 17 Sep 2025 08:43:54 +0000 (16:43 +0800)]
yq: Update to 4.47.2
Release note: https://github.com/mikefarah/yq/releases/tag/v4.47.2
Signed-off-by: Tianling Shen <[email protected]>
Niklas Thorild [Tue, 9 Sep 2025 09:50:10 +0000 (11:50 +0200)]
telegraf: update to 1.36.1
- Update Telegraf to v1.36.1
- Adjust "telegraf.conf" to new defaults
- Set HOME environment variable in service file
- Change maintainer
Signed-off-by: Niklas Thorild <[email protected]>
Tianling Shen [Tue, 16 Sep 2025 13:54:11 +0000 (21:54 +0800)]
cloudreve: Update to 4.8.0
Release note:
- https://github.com/cloudreve/cloudreve/releases/tag/4.7.0
- https://github.com/cloudreve/cloudreve/releases/tag/4.8.0
Signed-off-by: Tianling Shen <[email protected]>
Tianling Shen [Tue, 16 Sep 2025 13:50:06 +0000 (21:50 +0800)]
inih: Update to r62
Release note: https://github.com/benhoyt/inih/releases/tag/r62
Signed-off-by: Tianling Shen <[email protected]>
Dirk Brenken [Tue, 16 Sep 2025 16:29:45 +0000 (18:29 +0200)]
travelmate: release 2.1.4
- fixed telekom login script (#27072)
- fixed the connection tracking/f_net function,
to stabilize (vpn) connections (#27235)
- removed needless log message
Signed-off-by: Dirk Brenken <[email protected]>
Sandro Jäckel [Fri, 12 Sep 2025 14:05:35 +0000 (16:05 +0200)]
Javier Marcet [Thu, 11 Sep 2025 11:04:41 +0000 (13:04 +0200)]
docker-compose: Update to version 2.39.3
Release notes:
https://github.com/docker/compose/releases/tag/v2.39.3
Signed-off-by: Javier Marcet <[email protected]>
Wesley Gimenes [Tue, 16 Sep 2025 00:09:28 +0000 (21:09 -0300)]
port-mirroring: remove package
- The project was archived on Mar 22, 2024.
- The maintainer of the package and the upstream maintainer are the
same person, who has expressed their intention not to maintain the
package/project. See the quote[1] below:
> I haven't been maintaining this and I don't plan to spend any more
> time on it. Happy to hand it off, if someone is willing to take it on.
- The latest significant commit for the package (no treewide changes)
is commit
2c71d5bcd4e09b926d63d0fbba39534fd2c587f7 from Mar 29, 2020.
- The latest upstream commit[2] is from Mar 22, 2024, but it is a
documentation or cosmetic change. After this, the latest commits[3]
are from Apr 6, 2019.
[1]: https://github.com/openwrt/packages/pull/27398#issuecomment-
3250671659
[2]: https://github.com/mmaraya/port-mirroring/commit/
776fe2bb48333a0414fde609b1c63b11d298246b
[3]: https://github.com/mmaraya/port-mirroring/commit/
dcce6aeb0a977090ebd4a3c80a33df7715241f21
Closes: https://github.com/openwrt/packages/issues/27394
Signed-off-by: Wesley Gimenes <[email protected]>
Chris Swan [Mon, 15 Sep 2025 15:07:09 +0000 (16:07 +0100)]
csshnpd: bump to c1.0.16 release
Upstream release aligned to cJSON 1.7.19
Signed-off-by: Chris Swan <[email protected]>
xiao bo [Tue, 16 Sep 2025 00:02:21 +0000 (08:02 +0800)]
sing-box: update to 1.12.8
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.12.8
Signed-off-by: xiao bo <[email protected]>
Findlay Feng [Tue, 19 Aug 2025 06:45:38 +0000 (14:45 +0800)]
rp-pppoe: delete the file /etc/ppp/options
/etc/ppp/options is the configuration file for the ppp package.
rp-pppoe depends on the ppp package.
Signed-off-by: Findlay Feng <[email protected]>
Jianhui Zhao [Sat, 13 Sep 2025 05:26:48 +0000 (13:26 +0800)]
lua-eco: update to 3.12.0
A new module `shared` added since this version.
changelog: https://github.com/zhaojh329/lua-eco/releases/tag/v3.12.0
Signed-off-by: Jianhui Zhao <[email protected]>
John Audia [Sun, 14 Sep 2025 12:00:10 +0000 (08:00 -0400)]
nfs-kernel-server: update to v2.8.4
Update to v2.8.4
Shortlog:
Anna Schumaker (4):
rpcctl: Add support for `rpcctl switch add-xprt`
rpcctl: Display new rpc_clnt sysfs attributes
rpcctl: Add support for the xprtsec sysfs attribute
rpcctl: Rename {read,write}_addr_file()
Antonio Alvarez Feijoo (3):
nfsroot-generator: do not fail if nfsroot is not configured
systemd: Add a generator to mount /sysroot via NFSv4 in the initrd
systemd: Allow nfs-idmapd.service to be started without the server
Scott Mayhew (3):
rpc-statd.service: define dependency on both rpcbind.service and rpcbind.socket
nfsdctl: fix lockd config during autostart
nfsdctl: debug logging fixups
Steve Dickson (3):
Release: 2.8.4
configure.ac: AC_PROG_GCC_TRADITIONAL is obsolete.
nfsdctl: Warning Clean Up
zhangyaqi (2):
gssd:fix the possible buffer overflow in get_full_hostname
nfsdcld:Fix a memory leak
Thiago Becker (1):
nfsrahead: modify get_device_info logic
Yaakov Selkowitz (1):
Fix build with glibc-2.42
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <[email protected]>
Chris Swan [Wed, 10 Sep 2025 10:07:38 +0000 (11:07 +0100)]
cjson: update to 1.7.19
This is a bugfix release
Full release notes available at:
https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19
Signed-off-by: Chris Swan <[email protected]>
Szabolcs Hubai [Sat, 13 Sep 2025 21:47:52 +0000 (23:47 +0200)]
snapcast: fix PulseAudio
While testing my integration of Snapcast, I didn't test with CONFIG_ALL*
and CONFIG_BUILDBOT flags, but the buildbots did and failed with a lot
of undefined reference to PulseAudio.
Fix it with preventing PulseAudio detection.
While at it, prevent Avahi detection too to save more flash space.
These features will be available later, through flavours.
Fixes: https://github.com/openwrt/packages/pull/23956
Fixes: eeb8d131fc93 ("snapcast: add package snapserver and snapclient")
Signed-off-by: Szabolcs Hubai <[email protected]>
Glenn Strauss [Fri, 12 Sep 2025 22:05:57 +0000 (18:05 -0400)]
lighttpd: update to lighttpd 1.4.82 release hash
Ref: https://www.lighttpd.net/2025/9/12/1.4.82/
Signed-off-by: Glenn Strauss <[email protected]>
David Härdeman [Sun, 27 Jul 2025 20:33:38 +0000 (22:33 +0200)]
bind: fix build and bump PKG_RELEASE
bind9 builds for me on 24.10, but it doesn't build on master with or without my
patches.
The build already dies on the configure stage (without my patches applied),
because the autoconf magic manages to mix up the host gcc and the
cross-compiling gcc.
Removing PKG_FIXUP:=autoreconf from the Makefile fixes that, but compilation chokes later instead on libtool magic:
make[7]: Entering directory '/home/build/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/bind-9.20.11/bin/rndc'
...
/bin/bash ../../libtool --tag=CC --mode=link arm-openwrt-linux-muslgnueabi-gcc ...
libtool: link: arm-openwrt-linux-muslgnueabi-gcc ...
.../bin/ld.bfd: warning: libns-9.20.11.so, needed by ../../lib/isccfg/.libs/libisccfg.so, not found (try using -rpath or -rpath-link)
...
collect2: error: ld returned 1 exit status
Which I did a (compile-tested only) quick and dirty fix for.
Also, BUILD_CC isn't defined anywhere in the current bind sources, so I removed
that as well.
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sun, 3 Aug 2025 20:10:53 +0000 (22:10 +0200)]
isc-dhcp: create zones using rndc
This changes isc-dhcp's init script to create bind zones using the tools
bind provides for that scenario instead of crafting separate zone
configuration by hand.
At the same time, remove the use of /tmp/bind/named.conf.local and add
permissions for dynamic zone creation to bind.
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sun, 27 Jul 2025 01:50:50 +0000 (03:50 +0200)]
bind: update conffiles list
The previous patches removed a number of conffiles that weren't necessary,
meaning we can now assume that any changes or additional files in /etc/bind
are things that the user wants to keep.
Since /var/lib/bind is the standard location for longer-lived zone data
(i.e. not zones that secondary servers have obtained via XFER), we symlink
it to /etc/bind/zones so that it survives a sysupgrade.
Temporary files (such as XFER:ed zones for secondaries) stay in
/var/cache/bind.
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sun, 27 Jul 2025 01:47:56 +0000 (03:47 +0200)]
bind: update init script
Simplify the init script, removing some unnecessary subshells and make sure
that the end result is shellcheck clean.
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sun, 27 Jul 2025 01:02:31 +0000 (03:02 +0200)]
bind: use default rndc control channel
The present logic recreates what is already the default in bind [1], and writes
the rndc key twice to two different files. In addition, the rndc key is
regenerated every time bind is restarted. Simplify this by relying on the
default behaviour instead.
[1] https://bind9.readthedocs.io/en/latest/reference.html#controls-block-definition-and-usage
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sun, 27 Jul 2025 00:47:49 +0000 (02:47 +0200)]
bind: rename named.conf.example
The file actually gets installed as /etc/bind/named.conf, so rename the file to
clarify that.
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sun, 27 Jul 2025 00:34:12 +0000 (02:34 +0200)]
bind: remove bind.keys
First, the file is out-of-date.
Second, and more importantly, bind9 includes a compiled-in version which is
up-to-date (see https://www.isc.org/bind-keys/).
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sat, 26 Jul 2025 23:27:18 +0000 (01:27 +0200)]
bind: update db.root
The previous version was quite out of date.
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sat, 26 Jul 2025 23:12:52 +0000 (01:12 +0200)]
bind: remove obsolete zone files
Bind9 has native support for these zones via the "empty-zones yes" directive,
which is enabled by default.
(cf. https://salsa.debian.org/dns-team/bind9/-/commit/
bb1cda792b3ca03f61503be4f94c1f82d3392792)
Signed-off-by: David Härdeman <[email protected]>
David Härdeman [Sat, 26 Jul 2025 22:44:15 +0000 (00:44 +0200)]
bind: update wording in Config.in
And make it less imperative to match the tone of the rest of the configuration
directives. Also, fix a typo.
Signed-off-by: David Härdeman <[email protected]>
projects / feed / packages.git / log