domoticz: update boost dependencies

domoticz only links to boost headers since boost version update to '1.89.0'.
Remove 'boost-system' from the dependencies and add boost as build
dependency.

Signed-off-by: Florian Eckert <[email protected]>

cloudflared: Update to 2025.10.0

Release note: https://github.com/cloudflare/cloudflared/releases/tag/2025.10.0

Signed-off-by: Tianling Shen <[email protected]>

openlist: Update to 4.1.4

Release note: https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.4

Signed-off-by: Tianling Shen <[email protected]>

v2rayA: Update to 2.2.7.3

Release note:
- https://github.com/v2rayA/v2rayA/releases/tag/v2.2.7.2
- https://github.com/v2rayA/v2rayA/releases/tag/v2.2.7.3

Signed-off-by: Tianling Shen <[email protected]>

v2ray-core: Update to 5.40.0

Release note: https://github.com/v2fly/v2ray-core/releases/tag/v5.40.0

Signed-off-by: Tianling Shen <[email protected]>

yq: Update to 4.48.1

Release note: https://github.com/mikefarah/yq/releases/tag/v4.48.1

Signed-off-by: Tianling Shen <[email protected]>

travelmate: release 2.2.0

- drop iwinfo, use iw/ip instead
- support passive wlan scanning (active scanning is still the default)
- drop qrencode, use the LuCI internal qrcode js library instead
- more vpn fixes
- various LuCI changes/enhancements
- fix #27599
- disable proactive scanning in the default config

Signed-off-by: Dirk Brenken <[email protected]>

v2ray-geodata: Update to latest version

Update all geodata.

Signed-off-by: Tianling Shen <[email protected]>

jool: update package flags to build `nonshared`

* currently the package is build with the latest kernel version in a branch
* if package version is bumped if can no longer be installed on older point releases as userland and kmod does not match

Signed-off-by: Goetz Goerisch <[email protected]>

lttng-tools: update to 2.13.15

Seems to fix compilation with MIPS.

Signed-off-by: Rosen Penev <[email protected]>

ruby: update to 3.4.6

Ruby 3.4.6 is a routine update that includes bug fixes.

Changelog: https://github.com/ruby/ruby/releases/tag/v3_4_6
Signed-off-by: Luiz Angelo Daros de Luca <[email protected]>

fluent-bit: update to 4.1.1

- Add newly libsasl2 dependency

Build system: aarch64
Build-tested: mediatek/filogic
Run-tested: mediatek/filogic

Signed-off-by: Biao Zhu <[email protected]>

lrzsz: fix compilation with gcc15

Add gnu11 to fix compilation. Support for the latest standard takes too
much patching.

Signed-off-by: Rosen Penev <[email protected]>

lcdproc: fiz compilation with gcc15

__GNU__LIBRARY needs to be defined for a proper definition.

Signed-off-by: Rosen Penev <[email protected]>

lm-sensors: packaging isaset and isadump

Also packages isaset and isadump for x86 target only:

isadump:
Is a small helper program to examine registers visible through the ISA bus.

isaset:
Is a small helper program to set registers visible through the ISA bus.

Signed-off-by: Florian Eckert <[email protected]>

stubby: reduce idle_timeout as recommended upstream

Reduce idle_timeout parameter from 10s to 9s as recommended upstream
Add a pointer to upstream documentation

Ref: https://github.com/getdnsapi/stubby/blob/7f07bde70ecb9b53fb5fed765725cef6492daf5c/stubby.yml.example#L249
Signed-off-by: Andris PE <[email protected]>

fish: update to 4.1.2

This release fixes several regressions in 4.1.0, including:
- Fixed spurious error output when completing remote file paths for scp
- Fixed the alt-l binding for formatting ls output
- Fixed multiline prompt redraw issues with focus events
- Fixed Midnight Commander compatibility issues
- Fixed Zellij escape key processing
- Fixed web-based configuration tool issue
- Fixed pasting into fish -c read

Signed-off-by: 董昊 (Dong, Hao) <[email protected]>

openssh: update to 10.1p1

Changelog: https://www.openssh.com/txt/release-10.1

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <[email protected]>

base16384: update to version 2.3.2

Release notes:
https://github.com/fumiama/base16384/releases/tag/v2.3.2

Signed-off-by: Josef Schlehofer <[email protected]>

gnunet: update to version 0.25.1

GNUnet 0.25 dropped the autotools based build system and now requires
being built with Meson. As expected there are some cross-compiling
related issues which have been fixed using downstream patches by now.

v0.25.1:
  - transport: hotfix incorrect communicator key derivations
  - tests: make failing tests work again
  - util: Change to assigned HPKE codepoint for DHKEM+Elligator. See https://www.iana.org/assignments/hpke/
  - fs: service failed to start because of PILS addition

v0.25.0:
  - util: Removed authkem from HPKE implementation as it is going to be removed from the RFC9180bis spec and is unused in GNUnet anyway.
  - core: New AKE implementation.
  - pils: New service.
  - gns: Various improvements to performance and DNS migration tooling.
  - build: Retired autotools.

Signed-off-by: Daniel Golle <[email protected]>

snort3: update dependencies after package renames

The gperftools and vectorscan packages have been simplified by removing
their -runtime and -headers splits. Update snort3 to use the new package
names.

Signed-off-by: Josef Schlehofer <[email protected]>

vectorscan: remove vectorscan-headers package and add ABI version

The vectorscan-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).

- Rename vectorscan-runtime to vectorscan to simplify things
- Add ABI_VERSION:=5 to track library soname versioning

Signed-off-by: Josef Schlehofer <[email protected]>

gperftools: remove gperftools-headers package

The gperftools-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).

- Remove gperftools-headers package
- Rename gperftools-runtime to gperftools
- Add ABI_VERSION for tracking ABI changes

While looking for e.g. on repology, there is only gperftools package [1]
and not gperftools-runtime and gperftools-headers.

[1] https://repology.org/project/gperftools/versions

Signed-off-by: Josef Schlehofer <[email protected]>

adblock-fast: bugfixes

* bugfix: remove IPKG_INSTROOT check
* bugfix: do not attempt to download config update if package is disabled

Signed-off-by: Stan Grishin <[email protected]>

https-dns-proxy: bugfix: remove IPKG_INSTROOT check

Signed-off-by: Stan Grishin <[email protected]>

pbr: update to 1.2.0-r2

Makefile:
* stop shipping/dealing with the firewall hotplug (obsolete)
* install a third user-script (dnsprefetch) by @betonmischer

Config:
* remove obsolete options
* include the new user script

Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* rename options to better reflect their function:
  * procd_lan_device to lan_device
  * procd_wan_interface to uplink_interface
  * procd_wan6_interface to uplink_interface6
  * procd_wan6_metric to uplink_interface6_metric
  * wan_ip_rules_priority to uplink_ip_rules_priority
  * wan_mark to uplink_mark
* visually separate run-time variables from variables loaded from config options
* use ${IPKG_INSTROOT} when sourcing files
* fix typo in str_to_dnsmasq_nftset()
* use pidof to kill dnsmasq in dnsmasq_kill()
* add helper function uci_add_list_if_new()
* add helper function uci_changes()
* add helper function ubus() so that service delete does not produce "Command not found"
* implement the dnsmasq features check similar to dnsmasq init script
* add get_url() function similar to luci package
* add/modify error and warning messages
* change how mktemp is used for more reliable file creation
* unset non-true boolean package config options on load for easier checks later
* improve handling of nft/nft set options
* fewer calls to resolver() and resolver() optimization to speed up the service
* use softlinks instead of duplicating dnsmasq nftset files into each instance
* prevent duplication of dnsmasq nftset elements
* option to target a specific dest dns port in DNS policies
* bugfix: more reliable interface reloads
* display README links to errors/warnings sections if any errors/warnings discovered

Uci-defaults:
* transition from old options to new ones

Signed-off-by: Stan Grishin <[email protected]>

gperftools: include headers in the staging_dir

This fixes version detection issues when other packages (like snort3)
try to find the tcmalloc library using CMake's find_package(). Without
the headers in the staging directory, CMake cannot read the version
information from tcmalloc.h, resulting in empty version strings.

Fixes:
Found TCMalloc: /builder/staging_dir/target-x86_64_musl/usr/lib/libtcmalloc.so (found version "")

Signed-off-by: Josef Schlehofer <[email protected]>

snort3: enable/disable options based on package availability

This simplifies checks enabling/disabling features, if packages are present
instead of having checks for specific architectures.

TCMALLOC_LIBRARIES is removed as it's auto-detected, unlike vectorscan
which requires explicit HS_INCLUDE_DIRS.

Fixes: 126364e105fbcfde0617f58c39048c7d56c17a06 ("snort3: refactor architecture-specific dependencies and CMake options")
Signed-off-by: Josef Schlehofer <[email protected]>

lua-cjson: bump minimum cmake version to 3.10

Starting cmake 4.0, anything under 3.5 produces an error, see
https://cmake.org/cmake/help/latest/command/cmake_minimum_required.html#policy-version

Use a patch instead of CMAKE_OPTIONS so we don't forget to remove this hack.

Signed-off-by: Etienne Champetier <[email protected]>

https-dns-proxy: update to 2025.10.07-r1

Makefile:
* update to latest upstream: https://github.com/aarond10/https_dns_proxy/commit/7b27ecd5598d03bbe79651cc80efca886d433cd9
* update version, release
* drop CONFIGURE_ARGS as the build is curl-independent
* update the link to the documentation

README:
* add small README with the link to documentation

Config:
* rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning
* add heartbeat_domain, heartbeat_sleep_timeout, heartbeat_wait_timeout options
* add default user, group and listen_addr options to the main config
* drop the user, group and listen_addr options from the instance configs

Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* new options handling where the global config options can be used for instance options
* some renaming of global/instance variables due to abovementioned redesign
* new open port detection, no longer relying on netstat
* new uci_changes() logic where it returns 0 or 1 instead of text
* new append_parm logic for not adding default value options to CLI
* new boolean options handling logic
* move config loading to load_package_config() function
* new logic for calling procd_set_config_changed firewall based solely on "$force_dns"
* source network.sh based on "${IPKG_INSTROOT}" path
* rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning
* rename use_http1 to force_http1
* rename use_ipv6_resolvers_only to force_ipv6_resolvers

Uci-defaults:
* migrate to new option names

Signed-off-by: Stan Grishin <[email protected]>

netatalk: fix config/uci files handling in all variants

Config/uci files were not being included in -full variant.
Config files were also being lost in firmware upgrades for all variants.
Both issues fixed, including correct file permissions for config files.

Signed-off-by: Antonio Pastor <[email protected]>

adblock-fast: update to 1.2.0-r20

Config file:
* add debug_init_script and debug_performance options
* remove led (default should be empty) option
* remove procd_boot_delay (obsolete) option

Init Script:
* reinstate IPKG_INSTROOT check
* change capitalization in status messages
* unset default value for led option on load_package_config
* bugfix: unset bool options which are later checked for non-empty
* bugfix: create compressed cache only if block-file exists
* adjust errors output/storing errors for later display in multuple cases
* produce information about cache/compressed cache files in service
  status output when service is stopped
* attempt to create compressed cache in service_started only if block-
  file exists
* bugfix: run service_started from the dl command (to create compressed
  cache file)
* rename StripToDomains variables for readability
* improve open port detection

Uci-Defaults:
* improve readability of debug options migration

Signed-off-by: Stan Grishin <[email protected]>

acme: version bump

* Bump acme-common to 1.5.0
  * New `abort` command added and logging behaviour improved
* Bump acme-acmesh to 3.1.1-r4
  * Fix logging and support killing from procd (`stop` and `abort`) via SIGTERM

Signed-off-by: Aditya Bhargava <[email protected]>

acme.sh: add `abort` service command and improve interactive messages

For runs started interactively, improve messaging and allow a run to be
aborted with `service acme abort`.

Signed-off-by: Aditya Bhargava <[email protected]>

acme.sh: move to procd to ensure logging gets to syslog

acme.sh error output never made it to the syslog, so:
* Add procd setup to catch stderr
* Make sure a message goes to syslog if acme.sh dies due to SIGINT

Signed-off-by: Aditya Bhargava <[email protected]>

snort3: depend on libtirpc only for musl builds

The libtirpc package is only needed when building with musl, as glibc
includes the required RPC functionality. This change makes libtirpc a
conditional dependency and adjusts the build flags accordingly.

Building with x86_64-glibc:
...
Feature options:
    DAQ Modules:    Dynamic
    libatomic:      User-specified
    Hyperscan:      ON
    ICONV:          ON
    Libunwind:      OFF
    LZMA:           ON
    RPC DB:         Built-in
    SafeC:          OFF
    TCMalloc:       ON
    JEMalloc:       OFF
    UUID:           ON
    NUMA:           OFF
    LibML:          OFF
...

Building with aarch64_cortex-a76_musl:
...
Feature options:
    DAQ Modules:    Dynamic
    libatomic:      User-specified
    Hyperscan:      ON
    ICONV:          ON
    Libunwind:      OFF
    LZMA:           ON
    RPC DB:         TIRPC
    SafeC:          OFF
    TCMalloc:       ON
    JEMalloc:       OFF
    UUID:           ON
    NUMA:           OFF
    LibML:          OFF
...

Build system: x86/64
Build-tested: x86/64-glibc, bcm27flogic/xiaomi_redmi-router-ax6000-ubootmod (for musl)
Run-tested: x86/64-glibc

Signed-off-by: John Audia <[email protected]>

cjson: bump minimum cmake version to 3.10

Starting cmake 4.0, anything under 3.5 produces an error, see
https://cmake.org/cmake/help/latest/command/cmake_minimum_required.html#policy-version

Use a patch instead of CMAKE_OPTIONS so we don't forget to remove this hack.

Signed-off-by: Etienne Champetier <[email protected]>

lzo: adjust for cmake 4.x compatibility

Patch CMakeLists.txt to fulfill cmake 4.0 requirements
of cmake_minimum_required being at least 3.5 and in future 3.10.

Signed-off-by: Hannu Nyman <[email protected]>

nlbwmon: adjust for cmake 4.x compatibility

New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.

Signed-off-by: Hannu Nyman <[email protected]>

ddns-scripts: fixed ovh dns record update

OVH changed its API to update DNS records. It now requires HTTP Basic
Authorization header. As such the default ddns-script method to update
the DNS record is failing. The fix is to move DNS record updates into
its own script/package.

Signed-off-by: David Andreoletti <[email protected]>

haproxy: update to v3.2.6

- Fixes CVE-2025-11230
- Updated haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-3.2.git;a=shortlog

Signed-off-by: Christian Lachner <[email protected]>

sqlite3: fix line editing in sqlite3-cli

- fix building sqlite3-cli with readline and libedit
- add linenoise line editing option. This adds 12k to the size of the
  bare sqlite3-cli, but doesn't add any extra dependencies
- make linenoise the default choice as the most space conserving but
  still convenient variant
- bump PKG_RELEASE

Signed-off-by: Maxim Storchak <[email protected]>

linenoise: add package

Add the linenoise line editing package.
It's a compact embedded replacement for readline and libedit.
It will be used in sqlite3-cli initially, but other packages
that support it, may follow.

Signed-off-by: Maxim Storchak <[email protected]>

mariadb: update to 11.8.3

Update to the latest version in 11.8 stable branch.

See https://mariadb.org/11-8-lts-released/ for main changes.

Signed-off-by: Michal Hrusecky <[email protected]>

phantap: bump minimum cmake version to 3.10

Starting cmake 4.0, anything under 3.5 produces an error, see
https://cmake.org/cmake/help/latest/command/cmake_minimum_required.html#policy-version

Signed-off-by: Etienne Champetier <[email protected]>

lua-eco: update to 3.13.0

changelog: https://github.com/zhaojh329/lua-eco/releases/tag/v3.13.0

Signed-off-by: Jianhui Zhao <[email protected]>

docker-compose: Update to version 2.40.0

Release notes:
https://github.com/docker/compose/releases/tag/v2.40.0

Signed-off-by: Javier Marcet <[email protected]>

ddns-scripts-cloudflare: document API Token auth in comments
adjust comments documenting the already supported API Token auth
adjust comments with URLs that changed in the meantime
adjust comment regarding CF API documentation URL, points to the scripts relevant DNS section

Signed-off-by: Dominic Greenberg <[email protected]>

cgi-io: update to Git HEAD (2025-10-04)

d4b9fb115c3d build: require CMake >= 3.10 due to dropped legacy support

Signed-off-by: Hauke Mehrtens <[email protected]>

usteer: update to Git HEAD (2025-10-04)

e218150979b4 remote: close file on usteer_init_local_id fread fail
1d6524c6e6b5 build: require CMake >= 3.10 due to dropped legacy support

Signed-off-by: Hauke Mehrtens <[email protected]>

ksmbd-tools: bump to 3.5.4

The major changes are:
 - Add max ip connections parameter. (ready for future upstream fix) at the moment is reverted by: https://github.com/openwrt/openwrt/commit/18bdeda0113d28170a20e550f45641450089a070
 - unlock follow symlinks parameter to support symlink.
 - send bind_interfaces_only parameter to ksmbd.

Signed-off-by: Andrea Pesaresi <[email protected]>

mariadb: add unconditional dependency on libaio

MariaDB now depends on libaio even when uring is enabled.

Signed-off-by: Michal Hrusecky <[email protected]>

poemgr: update to latest HEAD

17771dd poemgr: Add support for Plasma Cloud PSX28
530433d poemgr: Add support for RTL8239 PSE solution
8821bad poemgr: Add support for Plasma Cloud PSX8/PSX10
ab466a7 poemgr: Add support for IP8008 PSE chip
7863fa8 poemgr: Add support to display POE output type
d81ac54 poemgr: Add support to export port specific device specific metrics
497a9d9 openwrt: Sync with packages feed Makefile
5033450 pd69104: Avoid resource leaks (memory, fds) on init failure

Signed-off-by: Sven Eckelmann <[email protected]>

multi-arch-test-build: run it only after the Formality check succeeds

Most of the time, when people contribute to the repository for the first time
 (or after a longer break), the multi-arch-test-build passes, but the
formality check fails and requires the contributor to make some changes.

This creates unnecessary load on the CI/CD, since the multi-arch-test-build
runs again even though it already passed, while other PRs are waiting for a runner.
Hopefully, this change will help decrease the waiting time.

Proposed changes:

- Run the formality check first, and only trigger the package tests afterwards.
This can be done using needs: https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idneeds

- Merge formal.yml into multi-arch-test-build.yml so that needs can be used.

Signed-off-by: Josef Schlehofer <[email protected]>

snort3: refactor architecture-specific dependencies and CMake options

1. Enabled hyperscan/vectorscan together with adding dependency only for x86_64 and aarch64.
2. Disabled tmalloc (from gperftools package) for powerpc and mips.

By doing this refactor, snort3 is going to be available for more OpenWrt devices
(as it was in the past) as currently it was compiled only for x86_x64 and aarch64 by mistake.

Fixes: 257e2fc38aa694604e7be9e70e58082037133434 ("snort3: fix logic in gpertools-runtime depends")
Signed-off-by: Josef Schlehofer <[email protected]>

yt-dlp: update to version 2025.9.26

Release notes:
https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.23
https://github.com/yt-dlp/yt-dlp/releases/tag/2025.09.26

Signed-off-by: Josef Schlehofer <[email protected]>

python-trove-classifiers: bump to 2025.9.11.17

Adds classifier for Python 3.15.
More details can be found in their tags:
https://github.com/pypa/trove-classifiers/releases

Signed-off-by: George Sapkin <[email protected]>

clamav: all; init; add only non-empty parameters

Gate all parameters behind -n, a not-empty check. Prevents failed starts
where daemons expect a value for a parameter.

Closes #27430
Tested-on: 24.10.3
Signed-off-by: Paul Donald <[email protected]>

openvpn: add peer-fingerprint support

This lets the --peer-fingerprint openvpn option be parsed which requires
a client TLS certificate fingerprint (colon separated SHA256 hash) to
match one specified in the option argument, during authentication.

Signed-off-by: Ben Kibbey <[email protected]>

tor: update to version 0.4.8.18

Release notes:
https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.18/ChangeLog

Signed-off-by: Josef Schlehofer <[email protected]>

gzip: update to version 1.14

Add TARGET_CFLAGS += -std=gnu17
to fix following error discovered by CI/CD:
2025-09-30T23:53:47.3168066Z In file included from gzip.c:66:
2025-09-30T23:53:47.3189341Z gzip.c:131:34: error: expected declaration specifiers or '...' before numeric constant
2025-09-30T23:53:47.3190258Z   131 | # define BUFFER_ALIGNED alignas (4096)
2025-09-30T23:53:47.3190760Z       |                                  ^~~~
2025-09-30T23:53:47.3191259Z gzip.h:108:39: note: in definition of macro 'DECLARE'
2025-09-30T23:53:47.3191864Z   108 | #  define DECLARE(type, array, size)  type array[size]
2025-09-30T23:53:47.3192411Z       |                                       ^~~~
2025-09-30T23:53:47.3192942Z gzip.c:135:13: note: in expansion of macro 'BUFFER_ALIGNED'
2025-09-30T23:53:47.3193587Z   135 | DECLARE(uch BUFFER_ALIGNED, inbuf,  INBUFSIZ +INBUF_EXTRA);
2025-09-30T23:53:47.3194137Z       |             ^~~~~~~~~~~~~~
2025-09-30T23:53:47.3194752Z gzip.c:131:34: error: expected declaration specifiers or '...' before numeric constant
2025-09-30T23:53:47.3195442Z   131 | # define BUFFER_ALIGNED alignas (4096)
2025-09-30T23:53:47.3195880Z       |                                  ^~~~
2025-09-30T23:53:47.3196330Z gzip.h:108:39: note: in definition of macro 'DECLARE'
2025-09-30T23:53:47.3197297Z   108 | #  define DECLARE(type, array, size)  type array[size]
2025-09-30T23:53:47.3197829Z       |                                       ^~~~
2025-09-30T23:53:47.3198342Z gzip.c:136:13: note: in expansion of macro 'BUFFER_ALIGNED'
2025-09-30T23:53:47.3199113Z   136 | DECLARE(uch BUFFER_ALIGNED, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
2025-09-30T23:53:47.3199957Z       |             ^~~~~~~~~~~~~~
2025-09-30T23:53:47.3200589Z gzip.c:131:34: error: expected declaration specifiers or '...' before numeric constant
2025-09-30T23:53:47.3201250Z   131 | # define BUFFER_ALIGNED alignas (4096)
2025-09-30T23:53:47.3201688Z       |                                  ^~~~
2025-09-30T23:53:47.3202128Z gzip.h:108:39: note: in definition of macro 'DECLARE'
2025-09-30T23:53:47.3202665Z   108 | #  define DECLARE(type, array, size)  type array[size]
2025-09-30T23:53:47.3203150Z       |                                       ^~~~
2025-09-30T23:53:47.3203642Z gzip.c:138:13: note: in expansion of macro 'BUFFER_ALIGNED'
2025-09-30T23:53:47.3204203Z   138 | DECLARE(uch BUFFER_ALIGNED, window, 2L*WSIZE);
2025-09-30T23:53:47.3204684Z       |             ^~~~~~~~~~~~~~

- Release announcement:
https://lists.gnu.org/archive/html/info-gnu/2025-04/msg00007.html

Signed-off-by: Josef Schlehofer <[email protected]>

uwsgi: update to version 2.0.30

It fixes GCC15 build errors.

Release notes:
https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.27.html
https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.28.html
https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.29.html
https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.30.html

Signed-off-by: Nikita Solianik <[email protected]>

acme-acme.sh: support listen_port option

acme.sh supports --httpport and --tlsport options to be used
together with --standalone and --alpn modes respectively.

This is useful if we're behind a reverse proxy or smth like that
or if we cannot bind to standard 80 or 443 port for some other
reason.

This change makes listen_port from configuration to be passed as
either --httpport or --tlsport

Signed-off-by: Vladimir Kochnev <[email protected]>

acme-acme.sh: declare staging_moved variable

It's possible that staging_moved variable is undeclared while being
accessed. Lets explicitly declare it.

Signed-off-by: Vladimir Kochnev <[email protected]>

acme-common: support listen_port option

listen_port option allows to redefine the default 80/443 port
used in standalone/alpn challenges.

It's also useful for other types of challenges which require
accepting a connection on some TCP port so we need to expose
it via nft as well.

Signed-off-by: Vladimir Kochnev <[email protected]>

adguardhome: bump to 0.107.67

Changelog: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.67
Signed-off-by: George Sapkin <[email protected]>

libcbor: update to 0.13.0

Update to version 0.13.0 that provides compatibility with cmake 4.0.
(new cmake version require at least cmake 3.5 requirement declared
in CMakeLists.txt)

* remove the temporary patch for CMakeLists.txt

Signed-off-by: Hannu Nyman <[email protected]>

python-urllib3: update to 2.5.0

Changelogs can be found in https://github.com/urllib3/urllib3/releases.

Signed-off-by: Wei-Ting Yang <[email protected]>

python-packaging: update to 25.0

Changelogs can be found in https://github.com/pypa/packaging/releases.

Signed-off-by: Wei-Ting Yang <[email protected]>

syncthing: bump to 2.0.10

Changelog: https://github.com/syncthing/syncthing/releases/tag/v2.0.10
Signed-off-by: George Sapkin <[email protected]>

gitlab-runner: drop unmaintained package here

Unfortunately, this package has not been well maintained since 2021,
when Jan left CZ.NIC. Its usage on OpenWrt devices is limited.

It is a very specific package,
and I believe there will not be enough users
 to maintain it, as no one from the community has stepped up to update it.

Running it on a dedicated server makes sense, but on OpenWrt?
Maybe only on x86_64 and aarch64 devices, as they are significantly more powerful.

Signed-off-by: Josef Schlehofer <[email protected]>

elektra: drop package

libelektra [1] was archived on 16th February 2025.
The latest release was in 2023.

In https://github.com/openwrt/packages/pull/24775#issuecomment-2285683663
it was suggested to drop this package. So, lets drop it

[1] https://github.com/ElektraInitiative/libelektra

Signed-off-by: Josef Schlehofer <[email protected]>

netbird: update to 0.58.2

changelog: https://github.com/netbirdio/netbird/releases/tag/v0.58.2

Signed-off-by: Wesley Gimenes <[email protected]>

telegraf: update to 1.36.2

- Update Telegraf to v1.36.2
- Remove HOME environment variable in service file

Signed-off-by: Niklas Thorild <[email protected]>

syslog-ng: update to version 4.10.1

Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.1

Signed-off-by: Josef Schlehofer <[email protected]>

apache: update to version 2.4.65

Fixes CVEs:
- CVE-2025-54090
- CVE-2025-53020
- CVE-2025-49812
- CVE-2025-49630
- CVE-2025-23048
- CVE-2024-47252
- CVE-2024-43394
- CVE-2024-43204
- CVE-2024-42516

More details can be found in
https://downloads.apache.org/httpd/CHANGES_2.4

Signed-off-by: Josef Schlehofer <[email protected]>

msmtp: update to version 1.8.31

Release notes:
https://marlam.de/msmtp/news/

Signed-off-by: Josef Schlehofer <[email protected]>

mariadb: update to version 11.4.8

Release notes:
https://mariadb.com/docs/release-notes/community-server/mariadb-11-4-series/mariadb-11.4.8-release-notes

Refreshed patch

Signed-off-by: Josef Schlehofer <[email protected]>

python-hatchling: update to version 1.27.0

Release notes:
https://github.com/pypa/hatch/releases/tag/hatchling-v1.27.0

Signed-off-by: Josef Schlehofer <[email protected]>

tailscale: update to 1.88.3

Changelog: https://tailscale.com/changelog#2025-09-25

Signed-off-by: Sandro Jäckel <[email protected]>

umurmur: update to version 0.3.1

Makefile changes
----------------

1. The location of uMurmur binary was changed to /sbin
in release 0.3.1. See release notes [1]

2. I need to specify location of the library file instead of
the directory.

Fixes:
CMake Warning at src/CMakeLists.txt:44 (target_link_libraries):
  Target "umurmurd" requests linking to directory
  "/build/staging_dir/target-powerpc_8548_musl/usr/lib".
  Targets may link only to libraries.  CMake is dropping the item.

CMake Warning at src/CMakeLists.txt:44 (target_link_libraries):
  Target "umurmurd" requests linking to directory
  "/build/staging_dir/target-powerpc_8548_musl/usr/lib".
  Targets may link only to libraries.  CMake is dropping the item.

Because of these two warnings, the build fails with
undefined references to
protobuf-c symbols (e.g. protobuf_c_message_get_packed_size).

Patches
-------

Removed all of them, because they are included in
the upstream source code.

[1] https://github.com/umurmur/umurmur/releases/tag/v0.3.1

Signed-off-by: Josef Schlehofer <[email protected]>

xmlrpc-c: [Security] Remove obsolete "-internal" variant

Closes #26263
Remove myself as maintainer

Signed-off-by: Ted Hess <[email protected]>

nfs-kernel-server: fix recursive Kconfig dependencies

Move CONFLICTS definition to the respective v4 packages to avoid
creating a recursive dependency.

Fixes: ee3b06e42 ("nfs-kernel-server: provide a NFSv3 and NFSv4 daemon")
Fixes: #27555
Signed-off-by: Daniel Golle <[email protected]>

v2ray-core: Update to 5.39.0

Release note: https://github.com/v2fly/v2ray-core/releases/tag/v5.39.0

Signed-off-by: Tianling Shen <[email protected]>

cloudflared: Update to 2025.9.1

Release note: https://github.com/cloudflare/cloudflared/releases/tag/2025.9.1

Signed-off-by: Tianling Shen <[email protected]>

rclone: Update to 1.71.1

Release note: https://github.com/rclone/rclone/releases/tag/v1.71.1

Signed-off-by: Tianling Shen <[email protected]>

owntone: update to 29.0

Changes available at https://github.com/owntone/owntone-server/releases/tag/29.0

Added libmount dependency ref. bullet 4 in the ChangeLog

Signed-off-by: Espen Jürgensen <[email protected]>

openvswitch: add missing dependency

This resolves this failure observed when building on a 6.12 kernel:

Package kmod-openvswitch is missing dependencies for the following libraries:
psample.ko

The psample module is provided by kmod-sched-act-sample.

Closes: https://github.com/openwrt/packages/issues/26571
Signed-off-by: Mathew McBride <[email protected]>

unbound: update to 1.24.0

latest upstream 09182024

Signed-off-by: Eric Luehrsen <[email protected]>

openvpn: bump `PKG_RELEASE`

Although recent updates were made, the `PKG_RELEASE` bump was missed.

Signed-off-by: Wesley Gimenes <[email protected]>

boost: fix PKG_SOURCE_URL

boostorg.jfrog.io is no longer available for download, so remove it.
use archives.boost.io (fastly cdn) to download first.

Signed-off-by: Andy Chiang <[email protected]>

adblock-fast: update to 1.2.0

Makefile:
* update version/release
Init Script:
* boot up reliability improvements:
  - change START from 50 to 20 to ensure procd_add_raw_trigger works on boot
  - better logic of checking/using the cache/compressed cache on boot
* new dnsmasq handling/integration logic:
  - new logic for checking dnsmasq functionality (similar to dnsmasq init script)
  - instead of copying/duplicating adblock-fast files per specified dnsmasq instance, create one file
    and add softlinks to it for specified dnsmasq instances and make sure it's in the instance's addnmounts
  - update dnsmasqConfFile, dnsmasqIpsetFile and dnsmasqNftsetFile to point to the same filename as the
    logic for integrating with dnsmasq is the same for those options
  - get the confdir for specified dnsmasq instances via ubus info/config file since the config_get is broken
    between releases by https://github.com/openwrt/openwrt/pull/14975
  - update clean-up procedures for other dns backend settings to properly clean up when switching away from
    dnsmasq.conf, dnsmasq.ipset, dnsmasq.nftset where the new logic is used
  - remove obsolete outputDnsmasqFileList variable and logic of building and using it
  - only create compressed cache in service_started after successful resolver restart with the block-file
* new package config / environment loading logic
  - switch away from using `load_validate_config` to start functions to loading package config "manually"
  - unset boolean variables which are non-true on package config load
  - switch checking values of such variables from `-eq 0` to empty/non-empty
* debugging improvements:
  - rename debug option to debug_init_script and proc_debug to debug_performance
  - output performance debug info to log only when debug_performance is set
* miscellaneous changes:
  - move best dl tool detection into its own function for reuse in adb_config_update
  - change uci_changes function to return 0/1 instead of the text of changes
  - improve mktemp calls reliability by creating the file and not using `-u` anymore
  - add remove_cache/remove_gzip calls to adb_file function
  - better readability of the start_serice logic determining the action
  - change flock value from 207 to 209 to avoid collisions with pbr
  - temporarily switch namespaces when using jshn functions to avoid collisions with PROCD
  - move from using spaces to tabs in indentation in code
  - prevent Command Not Found message on uninstall
  - remove unneeded IPKG_INSTROOT check in the init script
  - update all sourcing instructions to include IPKG_INSTROOT in the path
Uci-defaults script:
* transition old debug and proc_debug options to debug_init_script/debug_performance

Signed-off-by: Stan Grishin <[email protected]>

fail2ban: bump to 1.1.0

fail2ban changes:
- nftables support (iptables dependency removed)
- python3 support (old package patches removed)
- Upstream patches backports:
  - filter.d/dropbear.conf: failregex extended to match different format of "Exit before auth" message
  - cherry-pick from debian: debian default banactions are nftables, systemd backend for sshd
- Removed unresponsive/unreachable maintainer.

Fixes: https://github.com/openwrt/packages/issues/23015 ("fail2ban: very old version")
Signed-off-by: Andrey Zotikov <[email protected]>

ovpn-dco: bump version to 0.2.20250801

Fix version number for timer API changes

Signed-off-by: Andy Chiang <[email protected]>

ovpn-dco: fix package dependencies

add kmod-crypto-chacha20poly1305 kmod-crypto-lib-chacha20 kmod-crypto-lib-poly1305 for chacha20

Signed-off-by: Andy Chiang <[email protected]>

giflib: Add Gentoo patch to fix various CVEs

Fixes:
    CVE-2022-28506
    CVE-2023-48161
    CVE-2024-45993
    CVE-2025-31344

Remove myself as maintainer

Signed-off-by: Ted Hess <[email protected]>

owut: update to 2025.09.27

Bug fixes:
    efahl/owut@f049043ed721 owut: use installed SSL certs instead of default

Signed-off-by: Eric Fahlgren <[email protected]>

expat: upgrade to 2.7.3

Upstream changelog: https://github.com/libexpat/libexpat/blob/R_2_7_3/expat/Changes

Signed-off-by: Ted Hess <[email protected]>

i2pd: update to 2.58.0

* Updating package to 2.58.0
* Update patch for i2pd.conf

Signed-off-by: David Yang <[email protected]>

gperftools: make libunwind dependency conditional

Make libunwind support optional depending on package availability.

Previously, gperftools unconditionally enabled libunwind as
mandatory dependency, which led to build failures on architectures where
libunwind is not provided.

Signed-off-by: Josef Schlehofer <[email protected]>