Removed upstreamed patches:
- 001-50658-test-Enable-to-switch-between-C-UTF-8-locales-.patch
- 002-51723-migrate-pcre-module-to-pcre2.patch
- 005-51877-do-not-build-pcre-module-if-pcre2-config-is-no.patch
- 006-52383-Avoid-incompatible-pointer-types-in-terminfo-g.patch
Remaining patches automatically rebased and filenames renumbered.
Changelog:
Incompatibilities
- PCRE support is now PCRE2.
Changes
- POSIX real-time signals (SIGRTMIN etc) are now supported by the kill and trap builtins, TRAP* functions, and the signals parameter, where available.
- The kill builtin learnt a new option -q to send the signal via sigqueue(3) along with an arbitrary integer value, where available.
- The kill builtin also learnt a new -L option to print a list of all known signal numbers and their names.
-The new completion helper _as_if can be used to complete one command as if it were another command with particular arguments.
Signed-off-by: John Audia <therealgraysky@proton.me>
The wheel's /usr/bin/readelf.py collides with binutils' /usr/bin/readelf
and gets its shebang stripped by CompileAll + DeleteSourceFiles. Rename
to pyreadelf via the Py3Package install hook, matching Fedora's package.
Also depend on python3-asyncio and python3-codecs: elftools.construct.debug
imports pdb, and Python 3.14's pdb pulls in asyncio (via _pyrepl) and
unicodedata (via _pyrepl.utils) at import time.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
pyelftools 0.32 ships a PEP 517 build that requires setuptools as its
backend, so -m build fails with "BackendUnavailable: Cannot import
'setuptools.build_meta'" when only build, installer and wheel are staged.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
PlatformIO's SCons builder loads its tool modules at the start of
'pio run', including platformio/builder/tools/piosize.py which imports
elftools.elf. python-platformio's HOST_BUILD_DEPENDS already lists
python-pyelftools/host so it is installed alongside platformio in
staging_dir/hostpkg, but the dependency does not always reach
meshtasticd's compile step via that indirect chain, leading to:
ModuleNotFoundError: No module named 'elftools'
File ".../site-packages/platformio/builder/tools/piosize.py", line 22:
from elftools.elf.descriptions import describe_sh_flags
Declare python-pyelftools/host directly in meshtasticd's build deps so
the host install is guaranteed before 'pio run' is invoked.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
zipmerge and zipcmp prints version on -V,
but ziptool does not offer version number in any output.
Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The asciidoc/a2x toolchain bundled with newer Python (3.14) is
incompatible with jose's docbook XSL configuration, causing the
build to fail with xsltproc returning non-zero status while
processing 'jose.1.xml'.
Since the man pages are not strictly required for OpenWrt (and
typically stripped from the final image anyway), unconditionally
disable a2x detection in meson.build via a disabler() so that the
'mans' list stays empty regardless of host tooling.
Link: https://github.com/latchset/jose
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Package the libdrm test programs which are useful when debugging
video output issues: drmdevice, modetest, modeprint, proptest, vbltest
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 'gl_api' meson option was left at its 'auto' default, so the
GL plugin probed for desktop OpenGL. OpenWrt's Mesa is built with
-Dglx=disabled and -Dglvnd=disabled on every target, so it ships
no linkable desktop-GL library (no libGL.so, no gl.pc) - desktop
GL is only reachable through EGL. With nothing to satisfy the
probe in the sysroot, meson's cc.find_library('GL') fallback
escaped into the build host's /usr/lib and, on a host that has a
desktop libGL installed, put that foreign library on the link
line, breaking the cross link with:
mold: fatal: /usr/lib/libGL.so: incompatible file type:
riscv64 is expected but got x86_64
Pin -Dgl_api=gles2 and -Dgl_platform=egl to match what Mesa
actually provides (libGLESv2 + libEGL). This is correct on every
target, including x86_64: the desktop-GL link path was never
functional on OpenWrt and only ever "succeeded" by picking up a
host library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently if a dynamic interface changes (VLAN, tunnel, etc)
that Kea is listening on, it needs to be told externally to
restart. The re-detect option avoids this.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
3.0.3 is a security/vulnerability release on the stable 3.0 series.
Notable fixes since 3.0.2:
* **CVE-2026-3608** — A large number of bracket pairs in a JSON payload
sent to any endpoint caused a stack overflow during recursive parsing.
The exploit does not need a syntactically valid command, so it bypasses
RBAC and the command filters on the High-Availability endpoints
(upstream #4275 / #4288 / #4387).
* Null dereference when configuring the Control Agent with a socket
entry that lacks the mandatory ``socket-name`` is now caught
(#4388, #4365).
* UNIX command sockets are created group-writable so Stork 2.4.0+ and
other tooling using the configured group can talk to the daemon
(#4398, #4260).
Upstream's release notes flag "no incompatible changes" and "no known
issues" for this bump.
All current patches still apply cleanly.
Release notes:
https://ftp.isc.org/isc/kea/3.0.3/Kea-3.0.3-ReleaseNotes.txt
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Tracing Transmission 4.11 showed the Transmission is started to use
the pwritev2 syscall for better write performance.
Add pwritev2 and preadv2 (which may be used as well, and anyway
doesn't hurt) to the list of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
- Add bracketed paste folding
- Add test for ANSI CSI escape sequences in the prompt.
- Treat ANSI CSI escape sequences as zero-width in utf8StrWidth().
- Fix tab handling when no completion is available.
- Fix ARM unsigned char warning.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
aiosignal is a small aio-libs helper that provides a Signal class for
fan-out of coroutine callbacks. Its only practical use is as a runtime
dependency of aiohttp, which is not packaged in this repository, and no
other package here declares aiosignal as a runtime or build dependency.
Drop the package; users who pull in aiohttp via pip on the target will
get aiosignal as a transitive dependency anyway.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Smoke-test each subpackage with a real code path (config validators,
helper script sourcing, Python interpreter / module imports, hook .so
/ UCI file presence) instead of relying on the generic --version probe.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
kea-admin and kea-shell were shipped without their helper script
and Python modules respectively, leaving both non-functional. Ship
the missing files, add +python3-light +python3-urllib +python3-openssl
to kea-shell, and rewrite its meson-baked host-absolute shebang and
sys.path.append to the on-target /usr/bin/python3 + $(PYTHON3_PKG_DIR).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Exercise anyio end-to-end with the structured-concurrency example
from the upstream "Creating and managing tasks" docs: spawn 5 child
tasks via create_task_group(), each appending to a shared list, then
verify all completed.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Previous test.sh only confirmed the import smoke check. Add a $2
version check, assert MODE_* constants are distinct ints, and exercise
the loader's error paths (missing file, non-MMDB temp file).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
maxminddb 3.x switched to PEP 517 with build-system.requires including
setuptools-scm, so the wheel build now fails with "ERROR Missing
dependencies: setuptools-scm". Wire it into PKG_BUILD_DEPENDS and bump.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
zipp is a small backport / forward-port of zipfile.Path, originally
useful when zipfile.Path was new in stdlib (Python 3.8). With the
python3 package now tracking 3.14, zipfile.Path covers what
zipp.Path exposes, and no other package in this repository declares
zipp as a runtime or build dependency.
Drop the package to remove the dead weight; users who still need it
can install it via pip on the target.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
None of the shipped binaries (mdnsd, dns-sd, mDNSClient/Net/Proxy*,
mDNSResponder) print the package version, so the generic probe always
fails. Add a test-version.sh exiting 0 for the three subpackages.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
alsa-lib ships only a shared library and aserver has no --version, so
neither can satisfy the generic version probe. Add a test-version.sh
that exits 0 for both arms and exits 1 for unknown subpackages.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Commit 1ea43c352 ("kea: fix kea-libs dependencies") replaced the
direct +log4cplus dependency on kea-libs with the virtual name
+log4cplus-any. With only one log4cplus implementation in the feed,
nothing actually PROVIDES log4cplus-any other than the auto-generated
"package name + -any" alias on log4cplus itself.
apk treats `-any`-suffixed names as ambiguous virtuals that the
admin must resolve explicitly, even when only one provider exists,
and refuses to install:
ERROR: unable to select packages:
log4cplus-any (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: log4cplus
required by: kea-libs-3.0.2-r7[log4cplus-any]
That bubbles up to every kea subpackage runtime test in CI
(kea-admin, kea-ctrl, every kea-dhcp* and kea-hook-*) and fails
the multi-arch test build with exit code 3.
Switch back to +log4cplus directly; the +libstdcpp addition from
that earlier commit stays — it was the genuinely useful part of
the change. Bump PKG_RELEASE for the redo.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Snapshot builds for i386_pentium-mmx (and presumably every other
target now that Boost 1.91 has been bumped in the feed) fail with::
src/lib/dns/rdataclass.cc:1401:5: error: 'BOOST_STATIC_ASSERT'
was not declared in this scope; did you mean
'BOOST_HAS_STATIC_ASSERT'?
1401 | BOOST_STATIC_ASSERT(sizeof(numdata_) ==
``BOOST_STATIC_ASSERT`` lives in ``<boost/static_assert.hpp>``. In
earlier Boost releases it was reachable through any number of
transitive includes pulled in by Kea's other DNS headers; in 1.91
those transitive paths have been pruned, so call sites must include
the declaring header explicitly. ``050-boost-static-assert.patch``
already does this for ``src/lib/log/logger_level_impl.cc``;
``src/lib/dns/rdataclass.cc`` uses the same macro at SOA::getMinimum()
to size-check ``numdata_`` and was missed.
Extend the existing patch with the matching include in rdataclass.cc.
Same fix shape as the earlier hunk; no behavioural change.
Build log:
https://downloads.openwrt.org/snapshots/faillogs/i386_pentium-mmx/packages/kea/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Cover each user-facing subpackage with a real functional check instead
of relying solely on the CI's generic --version probe:
- knot: knotc conf-check on a minimal YAML server config
- knot-dig: kdig -h (CLI parser smoke check)
- knot-host: khost -h
- knot-nsupdate: feed 'quit' through the REPL
- knot-zonecheck: validate a minimal example.com zone file end to end
- knot-keymgr: initialise a KASP DB in a temp directory
knot-libs, knot-libzscanner, and knot-tests are library/harness
subpackages; the generic ELF/SONAME checks already cover them.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The RRL module's kru.inc.c has a `static_assert(ATOMIC_CHAR16_T_LOCK_FREE
== 2, ...)` that breaks the build on any target whose toolchain does
not advertise lock-free 16-bit atomics (e.g. ARMv5 arm926ej-s).
Upstream considers the assertion non-essential and plans to drop it;
they recommended a patch over a Makefile-level RRL disable. Bump
PKG_RELEASE for the patch swap.
Suggested-by: Daniel Salzman <daniel.salzman@nic.cz>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Removing the ncursesw path from include avoids seeing the wide-char
version of ncurses, so the host build picks up the narrow static lib
that the OpenWrt SDK stages. To keep that pin from leaking back in
through other curses headers the build host may have under
/usr/include, also force every header check in Python's configure.ac
AC_CHECK_HEADERS(curses.h ncurses.h ncursesw/ncurses.h
ncursesw/curses.h ncursesw/panel.h panel.h) line to "no" via cached
ac_cv_header_* variables.
The narrow ncursesw_* trio was enough on the original reporter's
host; Jan Kardell's review of the first cut hit a build where
`/usr/include/curses.h` and `/usr/include/ncurses.h` from the
distro's libncurses-dev were still being picked up. Adding the
non-wide entries (and panel.h for symmetry, in case a host also
ships /usr/include/panel.h alone) makes the override insensitive to
whichever curses dev packages the host distro happens to provide.
Reported-by: Jan Kardell <jan.kardell@telliq.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
libtheora's configure probes the host assembler for NEON support
rather than the target CPU, so on pre-ARMv7 (arm926ej-s, etc.) it
falsely succeeds and the build emits NEON the CPU can't execute.
Force --disable-asm only when the ARM target's TARGET_CFLAGS does
not advertise armv7 or armv8, so cortex-a* keeps the NEON path.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This is the latest 3.14.x point release with assorted bug fixes
from upstream. PYTHON3_PIP_VERSION is bumped from 26.0.1 to 26.1.1
to match the pip wheel bundled in the 3.14.5 source tarball; the
host build's ensurepip lookup of pip-$(PYTHON3_PIP_VERSION).whl
otherwise fails. The set of OpenWrt-side patches still applies
against the new source; only quilt context-line offsets needed
refreshing for the patches that touch Makefile.pre.in.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Resolves several security issues:
- CVE-2026-3592: Limit resolver server list size.
- CVE-2026-3039: Fix GSS-API resource leak.
- CVE-2026-5950: Avoid unbounded recursion loop.
- CVE-2026-5947: Fix crash in resolver when SIG(0)-signed responses are
received under load.
- CVE-2026-3593: Add system test for HTTP/2 SETTINGS frame flood.
- CVE-2026-5946: Disable recursion, UPDATE, and NOTIFY for non-IN views.
Complete list of changes is available upstream at
https://ftp.isc.org/isc/bind9/9.20.23/doc/arm/html/changelog.html
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
hingbong
John Audia
W. Michael Petullo
Alexandru Ardelean
Roc Lai
Michael Heimpold
Daniel Golle
Philip Prindeville
Maxim Storchak
Hannu Nyman
George Sapkin
Noah Meyerhans