dnsdist: update to 1.9.10

fixes CVE-2025-30193

Signed-off-by: Peter van Dijk <[email protected]>

tor-hs: bump version to 0.1.0

Add me as a second maintainer.
Remove outdated README.md but put a link to a Wiki instead.
Use Onion Service instead of Hidden Service.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: keep /etc/tor config folder

Mark the /etc/tor folder to keep during sysupgrade.
The folder contains hidden_services folder with keys.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: put torrc_generated into in-memory folder /var/run/

On each tor-hs service restart it generates a config file /etc/tor/torrc_generated.
The /etc/ is stored on a disk and kills it and slow.

Instead create a dedicated tor service Runtime Dir in the temp /var/run/.
It will be accessible only to the tor user.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: create hs folder only if not exists

Previously the chown/chmod was performed each time even if the folder already existed.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: add validation

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: Use config_get_bool for enable_hs

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: reformat and cleanup

Remove unused description.
Quote variables.
Use hostname_file variable.
Remove unnecessary quotes around "common".
Use echo -n to truncate a TORRC_FILE.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: cleanup tor-hs.conf

Replace boolean "true"/"false" with more frequently used 1/0.
This may avoid configuration mistakes which is critical for Tor.
The Luci app anyway will set it as 1/0.

Make sections named. This is not required but again safes from mistakes when executing uci command.

Uncomment sections but disable them by default.
Then in a Luci app a user can quickly figure out what to change.
Ideally a user may just enable the config and start using it.

In the nextcloud config use a single 80 instead of 80;80.
This simpler configuration is now supported.

Instead of "Hidden service" the Tor team now uses "Onion service".

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: tor-hs.init skip onion service when Name empty

The Name is used as a HS folder name and can't be empty.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: tor-hs.init remove unused clean_hs()

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: tor-hs.init handle_hs_ports_conf split ports

Using substring instead of awk.
It changes behaviour when only one port is specified.
Previously:
value="80" => public="80" local=""
Now:
value="80" => public="80" local="80"

It simplifies configuration of one-to-one ports.

Signed-off-by: Sergey Ponomarev <[email protected]>

tor-hs: tor-hs.init handle_hs_ports_conf: remove unused name var

Signed-off-by: Sergey Ponomarev <[email protected]>

admin/syslog-ng: fix PKG_CPE_ID

oneidentity:syslog-ng is a better CPE ID than balabit:syslog-ng as
this CPE ID has the latest CVEs (whereas balabit:syslog-ng only
has a CVE from 2000):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:oneidentity:syslog-ng

Fixes: 5f07bb10948f6ebdf83470c3437c3072aab982e3 (syslog-ng: update to version 3.19.1)
Signed-off-by: Fabrice Fontaine <[email protected]>

fscrypt: add new package

Fscrypt is a high-level tool for the management of Linux native
filesystem encryption. fscrypt manages metadata, key generation, key
wrapping, PAM integration, and provides a uniform interface for creating
and modifying encrypted directories.

Upstream url: https://github.com/google/fscrypt/blob/master/README.md

Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712

Signed-off-by: John Audia <[email protected]>

treewide: assign some PKG_CPE_IDs

Assign some PKG_CPE_IDs to enhance CVE coverage.

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=aardvark-dns
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=alpine_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=boringssl
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ecdsautils
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=file_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=knot_resolver
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=libwrap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=lsof_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nfdump
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nlnetlabs%20name_server_daemon
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=rclone
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=setserial
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tang_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tesseract_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tmate-ssh-server
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ttyd
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=uw-imap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=v2ray-core
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=zstandard

Signed-off-by: Wei-Ting Yang <[email protected]>

jool: update to 4.1.14

Changelog: https://github.com/NICMx/Jool/releases/tag/v4.1.14

Signed-off-by: Goetz Goerisch <[email protected]>

smartdns: Update to version 46.1

Change package source to github codeload.

Trim "Release" prefix from upstream versioning
to make it at least somewhat semantic compliant.

Add two additional folders and two default
config files based on upstream changes.

Signed-off-by: Jonathan Smith <[email protected]>

netbird: update to 0.44.0

changelog: https://github.com/netbirdio/netbird/releases/tag/v0.44.0

Signed-off-by: Wesley Gimenes <[email protected]>

semodule-utils: update to 3.8.1

Update to latest 3.8.1 version.

Signed-off-by: Robert Marko <[email protected]>

selinux-python: update to 3.8.1

Update to latest 3.8.1 version and drop upstreamed patch[1].

[1] https://github.com/SELinuxProject/selinux/commit/1a29c28afbb96b1e47001dc3dde38c4b6bd9da22

Signed-off-by: Robert Marko <[email protected]>

python-semanage: update to 3.8.1

Update to latest 3.8.1 version and backport a patch to fix compilation[1].

[1] https://github.com/SELinuxProject/selinux/commit/a339594da6f027aed5d66ec6798a3d732df235e4

Signed-off-by: Robert Marko <[email protected]>

python-selinux: update to 3.8.1

Bump to latest 3.8.1 version.
Import the required backported patches from libselinux.

Signed-off-by: Robert Marko <[email protected]>

lm-sensors: update to v3.6.2

Change source URL to reflect active mirror as old one has not been
updated in ~4 years and bump to latest upstream release.

% sensors --version
sensors version 3.6.2 with libsensors version 3.6.2

Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64

Signed-off-by: John Audia <[email protected]>

iperf3: update to 3.19

Updates iperf3 to the latest upstream release, 3.19

Changelog: https://github.com/esnet/iperf/releases/tag/3.19

Signed-off-by: Dane Murphy <[email protected]>

fx: update to 36.0.2

Signed-off-by: Fabian Lipken <[email protected]>

alpine: fix compilation with GCC14

Wrong function prototypes.

Signed-off-by: Rosen Penev <[email protected]>

rtorrent: update to 0.15.3

Rebase patch.

Signed-off-by: Rosen Penev <[email protected]>

libtorrent: update to 0.15.3

Add patch to allow rtorrent to link statically.

Aligned is no longer needed with C++17.

Signed-off-by: Rosen Penev <[email protected]>

bind: bump to 9.20.8

Signed-off-by: Philip Prindeville <[email protected]>

lua-openssl: bump to 0.10.0-0

Update lua-openssl to 0.10.0-0 fix compilation.

Signed-off-by: Robert Marko <[email protected]>

strongswan: swanctl: Add support for send_certreq

Support the [send_certreq] connection configuration option to disable
offering trusted root CA certificates and reduce the size of the initial
IKE packets.

This work is based on a patch by @aleks-mariusz in
https://forum.openwrt.org/t/confusion-regarding-setting-up-ikev2-vpn-service-with-strongswan-using-ipsec-and-swanctl/169587/9

[send_certreq]: https://docs.strongswan.org/docs/latest/swanctl/swanctlConf.html#_connections

Signed-off-by: Kevin Locke <[email protected]>

zabbix: update to 7.0.12
also fix build error

Signed-off-by: Thlv Alivs <[email protected]>

strongswan: mark UCI plugin as broken

UCI plugin in strongswan has been broken for years, and now its causing
strongswan to fail compilation.

So, instead of the whole strongswan package to be failing and missing from
feeds simply make UCI plug depend on @BROKEN.

Signed-off-by: Robert Marko <[email protected]>

tcp_wrappers: update patches for gcc14

The portable way is to use `socklen_t`. This fixes both glibc and
musl based builds.

Signed-off-by: Matthew Cather <[email protected]>

owut: update to 2025.05.12

Bug fixes:
    efahl/owut@8353c4e9e255 argparse: add a file path parser type
    efahl/owut@724c990d6cc0 owut: avoid redirects on upstream queries

Signed-off-by: Eric Fahlgren <[email protected]>

php8: adapt test.sh for upcoming opkg -> apk transition

We used to rely on opkg to install the CLI tool for testing
PHP modules, but when opkg is not available anymore, we have to
use apk. The (simple) switch logic assumes, that only one
of both package manager tools is installed.

Signed-off-by: Michael Heimpold <[email protected]>

php8: update to 8.4.7

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.4.7

Signed-off-by: Michael Heimpold <[email protected]>

cloudflared: Update to 2025.5.0

Signed-off-by: Tianling Shen <[email protected]>

dnsproxy: Update to 0.75.5

Add sysctl conf to increase UDP send/receive buffers for QUIC-GO.
Same as a920f9ec9caf ("adguardhome: increase UDP send/receive buffers").

Signed-off-by: Tianling Shen <[email protected]>

wifi-presence: fix reading mqttID from config

Typo error in mqttID config value

Signed-off-by: Clair-Loup Sergent <[email protected]>

perl: do not set LD_LIBRARY_PATH for cross compile

We don't want to set LD_LIBRARY_PATH to a directory filled with target
libraries when running a host perl. When the host and target
architecture are the same, some libraries will be loaded from this
path, resulting in the build to break because of glibc/musl mismatch.

Reported-by: John Audia <[email protected]>
Fixes: e7b5a35e5caa ("perl: drop 110-always_use_miniperl.patch")
Signed-off-by: Matthias Schiffer <[email protected]>

fx: update to 36.0.1

Signed-off-by: Fabian Lipken <[email protected]>

xtables-addons: remove not needed iptables install dependency for RTSP helpers

The RTSP conntrack and nat does not dependent on iptables, but only on
nf_conntrack and nf_nat. The RTSP conntrack module is used as a helper in
firewall4 [1]. Previously, it was not possible to install RTSP kernel module
without also installing the not needed iptables modules. However, as firewall4
is based on nftables and not on iptables, this dependency is not necessary.

[1] https://github.com/openwrt/firewall4/blob/master/root/usr/share/firewall4/helpers#L89

Signed-off-by: Florian Eckert <[email protected]>

modemmanager: backport fixes for version 1.24.0

The following commits were added shortly after the release of Modemmanager
version '1.24.0'.

Patch: 0002-modem-helpers-cinterion-allow-spaces-in-SXRAT-test-r.patch
Backport: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/commit/6b6997362b5530708725c16c80ef36cd21609f20
Issue: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/974

Patch: 0003-modem-helpers-fix-checking-of-CDMA-EVDO-access-techn.patch
Backport: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/commit/9e205f47847ab9ef5887b79c077ef8468d769af0
Issue: no

Patch: 0004-iface-modem-voice-recheck-call-state-polling-when-ca.patch
Backport: https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/commit/92e666e1c92c205e896552604e717d5b39528ae3
Issue: no

Signed-off-by: Florian Eckert <[email protected]>

netbird: update to 0.43.3

changelog: https://github.com/netbirdio/netbird/releases/tag/v0.43.3

Signed-off-by: Wesley Gimenes <[email protected]>

net/bcp38: Add cgnat shared space to bcp38 list

Add CG-NAT address space to non-routable list
Mmake dhcp filter stricter

Signed-off-by: Andris PE <[email protected]>

mstflint: update to 4.32.0

This commit updates the mstflint package to
the latest 4.32.0 release.

It also includes a patch to fix a musl build error that
has been merged into the upstream development branch [1],
but is not yet part of any official release.

Obsolete patches have been removed,
as they are now included in this version.

Additionally, three new binaries introduced
in 4.32.0 have been added to the package.

[1] https://github.com/Mellanox/mstflint/pull/1239

Signed-off-by: Til Kaiser <[email protected]>

numpy: bump to version 2.2.5

Also needing to treat 'incompatible-pointer-types' as warnings.

Signed-off-by: Alexandru Ardelean <[email protected]>

django-restframework: bump to version 3.16.0

Signed-off-by: Alexandru Ardelean <[email protected]>

python-evdev: bump to version 1.9.2

Signed-off-by: Alexandru Ardelean <[email protected]>

python-lxml: bump to version 5.4.0

Signed-off-by: Alexandru Ardelean <[email protected]>

pytz: bump to version 2025.2

Signed-off-by: Alexandru Ardelean <[email protected]>

adblock-fast: improve the processing of combined list

Signed-off-by: Nikolay Manev <[email protected]>
adblock-fast: modify gawk statement

Signed-off-by: Nikolay Manev <[email protected]>

https-dns-proxy: update to 2025.05.11

* update to 2025.05.11 from upstream: https://github.com/aarond10/https_dns_proxy/commit/a34e20d6e24df603427d91bac8f58c2d3a8aa0a6
* update default config with default value for procd_fw_src_interfaces

Signed-off-by: Stan Grishin <[email protected]>

ffmpeg: add libatomic dependency

Some platforms lack builtin atomics and use libatomic. Add it.

Backport various patches to fix some warnings.

Signed-off-by: Rosen Penev <[email protected]>

acme-acmesh: Bump to v3.1.1

Signed-off-by: Toke Høiland-Jørgensen <[email protected]>

stress-ng: bump to version 0.19.00

For MIPS and PowerPC, we need to disable atomics.
Otherwise we get linker errors with them.

Signed-off-by: Alexandru Ardelean <[email protected]>

yq: Update to 4.45.4

Signed-off-by: Tianling Shen <[email protected]>

dnsproxy: Update to 0.75.4

Signed-off-by: Tianling Shen <[email protected]>

btop: Update to 1.4.3

Signed-off-by: Tianling Shen <[email protected]>

libs/libuv: fix PKG_CPE_ID

libuv:libuv is a better CPE ID than libuv_project:libuv as this CPE ID
has the latest CVEs (whereas libuv_project:libuv only has a CVE from
2015):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libuv:libuv

Fixes: f8ecbf529bad57970e4ff8f90484ba58d06b4a39 (libuv: update to 1.32.0)
Signed-off-by: Fabrice Fontaine <[email protected]>

lang/tcl: fix PKG_CPE_ID

tcl:tcl is a better CPE ID than tcl_tk:tcl_tk as this CPE ID has the
latest CVE (whereas tcl_tk:tcl_tk only has CVEs up to 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tcl:tcl

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <[email protected]>

utils/logrotate: fix PKG_CPE_ID

logrotate_project:logrotate is a better CPE ID than gentoo:logrotate as
this CPE ID has the latest CVE (whereas gentoo:logrotate only has CVEs
up to 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:logrotate_project:logrotate

Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <[email protected]>

wiki: openwrt naming fixes and contribution improvement

Signed-off-by: Sander Schutten <[email protected]>

strongswan: preserve changed configuration files

After reinstalling the packages with the preserved configuration files
after a sysupgrade, the reinstalled package config files overwrite what
is on disk rather than being placed as conf-opkg. Defining these config
files will preserve them appropriately.

Signed-off-by: Joel Low <[email protected]>

smartmontools: update to 7.5

Signed-off-by: Maxim Storchak <[email protected]>

pdns: update to 4.9.5

Signed-off-by: Peter van Dijk <[email protected]>

open-vm-tools: update to 12.5.0

for detailed change log, please refer to:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.0/open-vm-tools/ChangeLog

Signed-off-by: Tan Zien <[email protected]>

tvheadend: update to 2024-11-12, new options, patch for bug #26422

Changes:
- update to git master 2024-11-12 (dev stalled since then)
- patch for OpenWrt bug #26422 / tvheadend bug #1786
- Options removed:
  - imagecache = tvheadend doesn't support disabling it anymore
- Options added:
  - detailed (but slow) memory utilization reporting
  - Timeshift (default on)
  - tsfile (currently bugged in tvheadend, commented out / always on)
  - HDHomeRun server emulation (default on)
  - Digital Devices DVB CI descrambling cards (default off)
- RegEx options cleaned up, PCRE2 is the new default.
- Some help text improved

Signed-off-by: Marius Dinu <[email protected]>

adblock-fast: Fixed non-printable characters and bump PKG_VERSION

Signed-off-by: Nikolay Manev <[email protected]>

libpng: Update to 1.6.48

Update libpng to version 1.6.48.

Signed-off-by: Hannu Nyman <[email protected]>

libpng: Revert "libpng: add symlink to debug library" as unnecessary

This reverts commit 5313dd9be from PR #25324 , related to #25323 and
https://github.com/openwrt/openwrt/pull/16899

The additional symlink libpng16.so -> libpng16d.so is now unnecessary as
OpenWrt main repo PR https://github.com/openwrt/openwrt/pull/18709
commit https://github.com/openwrt/openwrt/commit/703e7d2d5b58e68528cb5fadfc1185bd3904b3d9
changed the cmake build type from 'Debug' to 'RelWithDebInfo', which
causes libpng .so to be compiled with the normal name libpng16.so
(instead of the debug-styled libpng16d.so).

Signed-off-by: Hannu Nyman <[email protected]>

nfs-kernel-server: update to v2.8.3

Update to v2.8.3
Removed upstreamed: 210-patch-for-broken-libnfsimapd-static-and-regex-plugins.patch
Added: 210-nfsdctl.c-add-missing-basename.patch

Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64

Signed-off-by: John Audia <[email protected]>

nfs-kernel-server: update to v2.8.2

Update to latest release and change URL to official upstream mirror.

Removed upstreamed patch: 130-musl-svcgssd-sysconf.patch

Added new patch to correct host build error as we do not build with
gss enabled anyway: 100-fix-host-build.patch

Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712

Signed-off-by: John Audia <[email protected]>

unbound: update to 1.23.0

Signed-off-by: Eric Luehrsen <[email protected]>

syncthing: add discovery and relay descriptions

Signed-off-by: George Sapkin <[email protected]>

syncthing: bump to 1.29.6

- chore(lib): expose model methods to obtain progress
- feat(gui): explanation to options enabled or disabled per folder type
- fix(gui): validate device ID in canonical form
- fix(config): remove discontinued primary STUN server
- fix(stun): better error handling
- chore(config): remove discontinued secondary STUN servers
- chore(fs): speed up case normalization
- build(deps): update dependencies
- feat(fs, config): add support for custom filesystem type construction
- build: replace underscore in Debian version
- chore(model): add metric for total number of conflicts
- fix(config): properly apply defaults when reading folder configuration
- fix(config): zero filesystemtype is "basic"
- build: push artifacts to Azure
- chore(config): resolve primary STUN servers via SRV record
- chore(fs): changes to allow Filesystem to be implemented externally
- fix(strings): differentiate setup(n) and set(v) up
- fix(gui): mark unseen disconnected devices as inactive
- fix(syncthing): use separate lock file instead of locking the
  certificate
- feat(api, gui): allow authentication bypass for metrics
- chore: add missing copyright in new files from infra branch
- fix(osutil): give threads same I/O priority on Linux
- chore(syncthing): remove support for TLS 1.2 sync connections
- chore(gui): update dependency copyrights, add script for periodic
  maintenance
- chore(api): log X-Forwarded-For
- feat(config): add option for audit file
- chore(gui): use go list --deps for dependency list
- fix(strelaysrv): make the session limiter session-dependent

Changelog: https://github.com/syncthing/syncthing/compare/v1.29.5...v1.29.6
Signed-off-by: George Sapkin <[email protected]>

yq: Update to 4.45.3

Signed-off-by: Tianling Shen <[email protected]>

cloudflared: Update to 2025.4.2

Signed-off-by: Tianling Shen <[email protected]>

v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <[email protected]>

v2ray-core: Update to 5.31.0

Signed-off-by: Tianling Shen <[email protected]>

xray-core: Update to 25.4.30

Signed-off-by: Tianling Shen <[email protected]>

rclone: Update to 1.69.2

Signed-off-by: Tianling Shen <[email protected]>

netbird: update to 0.43.2

changelog: https://github.com/netbirdio/netbird/releases/tag/v0.43.2

Signed-off-by: Wesley Gimenes <[email protected]>

pbr: bugfix: no errors on negated values

* do not display errors on negated values
* improved output in verbose mode

Signed-off-by: Stan Grishin <[email protected]>

golang: bump to 1.24.3

go1.24.3 (released 2025-05-06) includes security fixes to the os
package, as well as bug fixes to the runtime, the compiler, the linker,
the go command, and the crypto/tls and os packages.

Link: https://github.com/golang/go/issues?q=milestone%3AGo1.24.2+label%3ACherryPickApproved
Signed-off-by: George Sapkin <[email protected]>

libfmt: bump to version 11.2.0

Signed-off-by: Othmar Truniger <[email protected]>

perl: fix parallel build race condition in target build

We have received reports of builds of perl occasionally failing when
building with many parallel jobs, with a log like the following:

    LD_LIBRARY_PATH=[...]/perl/perl-5.40.0 ./miniperl -Ilib make_ext.pl \
        dist/constant/pm_to_blib  MAKE="make" LIBPERL_A=libperl.so
    File/Path.pm did not return a true value at [...]/hostpkg/usr/lib/perl5/5.40.0/ExtUtils/MakeMaker.pm line 13.
    BEGIN failed--compilation aborted at [...]/hostpkg/usr/lib/perl5/5.40.0/ExtUtils/MakeMaker.pm line 13.
    Compilation failed in require at Makefile.PL line 3.
    BEGIN failed--compilation aborted at Makefile.PL line 3.
    Unsuccessful Makefile.PL(dist/constant): code=65280 at make_ext.pl line 532.

The failing extension (dist/constant in the above log) would differ
between runs.

The cause of the issue is the `-Ilib` in the command line of miniperl.
In the host build, `./miniperl -I lib` will use the following include
path:

    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/AutoLoader/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/dist/Carp/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/dist/PathTools
    [..]/build_dir/hostpkg/perl/perl-5.40.0/dist/PathTools/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-Install/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-MakeMaker/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-Manifest/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/File-Path/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/ext/re
    [..]/build_dir/hostpkg/perl/perl-5.40.0/dist/Term-ReadLine/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/dist/Exporter/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/ext/File-Find/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/Text-Tabs/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/dist/constant/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/version/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/Getopt-Long/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/Text-ParseWords/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/cpan/ExtUtils-PL2Bat/lib
    [..]/build_dir/hostpkg/perl/perl-5.40.0/lib
    .

Various dependencies of the extension build scripts (Makefile.PL) -
including File-Path, which failed to be loaded in the error log - are
included in the path by buildcustomize.pl, as these extensions are only
installed to `lib` as the build proceeds.

However, in a target build, miniperl is just a symlink to the previously
built host perl. As the host perl does not implicitly load
`buildcustomize.pl`, we get the following include path for
`./miniperl -Ilib`:

    lib
    [..]/staging_dir/hostpkg/usr/lib/perl5/site_perl/5.40.0/x86_64-linux
    [..]/staging_dir/hostpkg/usr/lib/perl5/site_perl/5.40.0
    [..]/staging_dir/hostpkg/usr/lib/perl5/5.40.0/x86_64-linux
    [..]/staging_dir/hostpkg/usr/lib/perl5/5.40.0

The host perl's install location is used as the default include path
which provides File-Path etc. for the target build; however, as more
and more libraries get installed into `lib` during the extension build,
they may get loaded from there instead, as `lib` is at the beginning of
the include path. When multiple extensions are built in parallel, a
Makefile.PL may attempt to load File/Path from `lib` after the file has
been created, but before its contents have been written fully, resulting
in the build to fail.

In fact, we should not load anything from `lib` during the target build,
as it is the staging directory for the target, including native
extensions built for the target architecture - with one exception: The
build scripts expect to find target information in the `Config` module,
so simply removing `lib` from the include path completely would break
the build.

Solve the issue by creating an alternative lib directory `lib_build`,
symlinking `Config.pm` and its dependencies in it, and replacing the
`-Ilib` argument with `-Ilib_build` using a wrapper script around the
host perl executable. This is similar to the approach seen in perl's own
obsolete/broken cross compile scripts (`Cross/Makefile`).

Signed-off-by: Matthias Schiffer <[email protected]>

perl: drop 110-always_use_miniperl.patch

The patch was introduced in commit 4c57844f0f04 ("lang/perl: Add hack to
make perl always use miniperl during build"), but it is not actually
necessary. By setting $perl to a non-empty value (using 'perl' as is
common on desktop distros), the logic works as intended and selects the
correct perl binary for host and target builds.

As miniperl just symlinks to host perl for target builds, the main
effect of this change is not unconditionally passing `-Ilib -I.`
anymore. This seems like a good thing; host libraries should be used
with host perl by default.

Signed-off-by: Matthias Schiffer <[email protected]>

perl: replace 910-miniperl-needs-inc-dot.patch with smaller scope fix

The patch was first introduced in commit 4a94479f9652 ("perl: update to
5.26.1") to fix the target build when the host perl has
default_inc_excludes_dot enabled. It just added back the `-I`. to every
call of miniperl; this solution is questionable however, as it adds `.` to
the beginning of the search path, not as a final fallback like perl did
before default_inc_excludes_dot (and like miniperl does).

It is also not necessary - only two scripts, write_buildcustomize.pl and
configpm, expect to be able to include a file from `.` (in both cases a
file the script just generated). Just fix the two scripts instead.

Signed-off-by: Matthias Schiffer <[email protected]>

zstd: update to v1.5.7

Signed-off-by: Nikolay Manev <[email protected]>

libtirpc: fix host build via std=c99

Fix compilation with gcc 14 by applying the -std=c99 flag

Closes #26445

Signed-off-by: John Audia <[email protected]>

sqlite3: add legacy SONAME

With no SONAME set, when linking against the full library path, that
path will be used. But if SONAME is set, it will be used instead.

Set --soname=legacy to add a SONAME to the library to allow projects
that use full path to link correctly.

Link: https://sqlite.org/src/forumpost/5a3b44f510df8ded
Fixes: https://github.com/openwrt/packages/issues/26449
Signed-off-by: George Sapkin <[email protected]>

aria2: fix aira2-openssl install failed

Description: fix in full compile a firmware

    pkg_hash_check_unresolved: cannot find dependency aria2-openssl for aria2
    pkg_hash_fetch_best_installation_candidate: Packages for aria2 found, but incompatible with the architectures configured
    satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-app-aria2:
    aria2-openssl
    opkg_install_cmd: Cannot install package luci-app-aria2.

Signed-off-by: Lunatic Kochiya <[email protected]>

adblock: update 4.4.1-2

* init improvements
* jail mode fixes and improvements
* small code cleanups
* update the readme

Signed-off-by: Dirk Brenken <[email protected]>

btop: Update to 1.4.2

Update alias command.

Signed-off-by: Tianling Shen <[email protected]>

clixon: Update to 7.4.0

Signed-off-by: Philip Prindeville <[email protected]>

cligen: Update to 7.4.0

Signed-off-by: Philip Prindeville <[email protected]>

lvm2: build without libnvme

Instead of depending on libnvme always build without support for
libnvme.

Signed-off-by: Daniel Golle <[email protected]>