From e36f9af3a5a2899dd0f48699c6cf4b46970041cd Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Thu, 9 Jul 2026 23:31:58 +0200 Subject: [PATCH 01/22] package/python3: add upstream security patches for CVE-2026-0864, CVE-2026-11972, CVE-2026-4360 & CVE-2026-15308 CVE-2026-0864: https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/ CVE-2026-11972: https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/ CVE-2026-4360: https://mail.python.org/archives/list/security-announce@python.org/thread/TWZW2PC2AZOV6FENIHFSRC63OM7MBGSB/ CVE-2026-15308: https://mail.python.org/archives/list/security-announce@python.org/thread/F6453LWKSHKCTWFLCOURWPLETNUIW2Z5/ Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- ...ormalize-all-line-endings-CR-CRLF-an.patch | 71 ++++++++ ...ake-tarfile._Stream.seek-break-at-EO.patch | 76 +++++++++ ...ass-filter_function-to-TarFile._extr.patch | 151 ++++++++++++++++++ ...ix-quadratic-complexity-in-increment.patch | 123 ++++++++++++++ package/python3/python3.mk | 12 ++ 5 files changed, 433 insertions(+) create mode 100644 package/python3/0012-3.14-gh-143927-Normalize-all-line-endings-CR-CRLF-an.patch create mode 100644 package/python3/0013-3.14-gh-151981-Make-tarfile._Stream.seek-break-at-EO.patch create mode 100644 package/python3/0014-3.14-gh-151987-Pass-filter_function-to-TarFile._extr.patch create mode 100644 package/python3/0015-3.14-gh-153030-Fix-quadratic-complexity-in-increment.patch diff --git a/package/python3/0012-3.14-gh-143927-Normalize-all-line-endings-CR-CRLF-an.patch b/package/python3/0012-3.14-gh-143927-Normalize-all-line-endings-CR-CRLF-an.patch new file mode 100644 index 00000000000..8c9b35a8d2e --- /dev/null +++ b/package/python3/0012-3.14-gh-143927-Normalize-all-line-endings-CR-CRLF-an.patch @@ -0,0 +1,71 @@ +From 71f2e02a52d47417a6fd69f456346cd8aa7aca98 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Wed, 24 Jun 2026 11:46:33 +0200 +Subject: [PATCH] [3.14] gh-143927: Normalize all line endings (CR, CRLF, and + LF) in configparser (GH-143929) (GH-152003) + +gh-143927: Normalize all line endings (CR, CRLF, and LF) in configparser (GH-143929) +(cherry picked from commit 5858e42c539dac8394636a6e9b30472b8994851f) + +Co-authored-by: Seth Larson + +Upstream: https://github.com/python/cpython/commit/71f2e02a52d47417a6fd69f456346cd8aa7aca98 +CVE: CVE-2026-0864 + +Signed-off-by: Bernd Kuhls +--- + Lib/configparser.py | 4 +++- + Lib/test/test_configparser.py | 11 +++++++++++ + .../2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst | 2 ++ + 3 files changed, 16 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst + +diff --git a/Lib/configparser.py b/Lib/configparser.py +index a53ac872764..3c452afe8ad 100644 +--- a/Lib/configparser.py ++++ b/Lib/configparser.py +@@ -992,7 +992,9 @@ def _write_section(self, fp, section_name, section_items, delimiter, unnamed=Fal + value = self._interpolation.before_write(self, section_name, key, + value) + if value is not None or not self._allow_no_value: +- value = delimiter + str(value).replace('\n', '\n\t') ++ # Convert all possible line-endings into '\n\t' ++ value = (delimiter + str(value).replace('\r\n', '\n') ++ .replace('\r', '\n').replace('\n', '\n\t')) + else: + value = "" + fp.write("{}{}\n".format(key, value)) +diff --git a/Lib/test/test_configparser.py b/Lib/test/test_configparser.py +index 8d8dd2a2bf2..4783943f71a 100644 +--- a/Lib/test/test_configparser.py ++++ b/Lib/test/test_configparser.py +@@ -526,6 +526,17 @@ def test_default_case_sensitivity(self): + cf.get(self.default_section, "Foo"), "Bar", + "could not locate option, expecting case-insensitive defaults") + ++ def test_crlf_normalization(self): ++ cf = self.newconfig({"key1": "a\nb","key2": "a\rb", "key3": "a\r\nb", "key4": "a\r\nb"}) ++ buf = io.StringIO() ++ cf.write(buf) ++ cf_str = buf.getvalue() ++ self.assertNotIn("\r", cf_str) ++ self.assertNotIn("\r\n", cf_str) ++ self.assertEqual(cf_str.count("\n"), 10) ++ self.assertEqual(cf_str.count("\n\t"), 4) ++ self.assertTrue(cf_str.endswith("\n\n")) ++ + def test_parse_errors(self): + cf = self.newconfig() + self.parse_error(cf, configparser.ParsingError, +diff --git a/Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst b/Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst +new file mode 100644 +index 00000000000..ca554997e5c +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst +@@ -0,0 +1,2 @@ ++Normalize all line endings (CR, CRLF, and LF) to LF+TAB when writing ++multi-line configparser values. +-- +2.47.3 + diff --git a/package/python3/0013-3.14-gh-151981-Make-tarfile._Stream.seek-break-at-EO.patch b/package/python3/0013-3.14-gh-151981-Make-tarfile._Stream.seek-break-at-EO.patch new file mode 100644 index 00000000000..7db9439639d --- /dev/null +++ b/package/python3/0013-3.14-gh-151981-Make-tarfile._Stream.seek-break-at-EO.patch @@ -0,0 +1,76 @@ +From e86666c9dd256d52d0fbef6feb1ea4a51768fdec Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Tue, 23 Jun 2026 15:46:18 +0200 +Subject: [PATCH] [3.14] gh-151981: Make tarfile._Stream.seek break at EOF + (GH-151982) (#151992) + +(cherry picked from commit f50bf13566189c8d0ce5a814f33eff3d89951896) + +Co-authored-by: Petr Viktorin +Co-authored-by: Stan Ulbrych + +Upstream: https://github.com/python/cpython/commit/e86666c9dd256d52d0fbef6feb1ea4a51768fdec +CVE: CVE-2026-11972 + +Signed-off-by: Bernd Kuhls +--- + Lib/tarfile.py | 4 +++- + Lib/test/test_tarfile.py | 16 ++++++++++++++++ + ...026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst | 2 ++ + 3 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index e6734db24f6..39b1cd6514c 100644 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -524,7 +524,9 @@ def seek(self, pos=0): + if pos - self.pos >= 0: + blocks, remainder = divmod(pos - self.pos, self.bufsize) + for i in range(blocks): +- self.read(self.bufsize) ++ data = self.read(self.bufsize) ++ if not data: ++ break + self.read(remainder) + else: + raise StreamError("seeking backwards is not allowed") +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index d974c7d46ec..8503024a690 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -4762,6 +4762,22 @@ def valueerror_filter(tarinfo, path): + with self.check_context(arc.open(errorlevel='boo!'), filtererror_filter): + self.expect_exception(TypeError) # errorlevel is not int + ++ @support.subTests('format', [tarfile.GNU_FORMAT, tarfile.PAX_FORMAT]) ++ def test_getmembers_big_size(self, format): ++ # gh-151981: A loop in seek() for streaming files tried to read the ++ # declared number of blocks even at EOF ++ tinfo = tarfile.TarInfo("huge-file") ++ tinfo.size = 1 << 64 ++ bio = io.BytesIO() ++ # Write header without data ++ bio.write(tinfo.tobuf(format)) ++ ++ # Reset & try to get contents ++ bio.seek(0) ++ with tarfile.open(fileobj=bio, mode="r|") as tar: ++ with self.assertRaises(tarfile.ReadError): ++ tar.getmembers() ++ + + class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase): + testdir = os.path.join(TEMPDIR, "testoverwrite") +diff --git a/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst b/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst +new file mode 100644 +index 00000000000..2123ab8e081 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst +@@ -0,0 +1,2 @@ ++In :mod:`tarfile`, seeking a stream now stops when end of the stream is ++reached. +-- +2.47.3 + diff --git a/package/python3/0014-3.14-gh-151987-Pass-filter_function-to-TarFile._extr.patch b/package/python3/0014-3.14-gh-151987-Pass-filter_function-to-TarFile._extr.patch new file mode 100644 index 00000000000..3b38594c758 --- /dev/null +++ b/package/python3/0014-3.14-gh-151987-Pass-filter_function-to-TarFile._extr.patch @@ -0,0 +1,151 @@ +From 5e0ef3f1afe892e4f64eb83368db57ac4c40cba0 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 29 Jun 2026 21:11:22 +0200 +Subject: [PATCH] [3.14] gh-151987: Pass filter_function to + `TarFile._extract_one()` during `.extract()` (GH-151988) (#152609) + +(cherry picked from commit 7ccdbaba2c54250a70d7f25632152df7655a5e0a) + +Co-authored-by: Petr Viktorin +Co-authored-by: Seth Michael Larson + +Upstream: https://github.com/python/cpython/commit/5e0ef3f1afe892e4f64eb83368db57ac4c40cba0 +CVE: CVE-2026-4360 + +Signed-off-by: Bernd Kuhls +--- + Lib/tarfile.py | 3 +- + Lib/test/test_tarfile.py | 92 +++++++++++++++++++ + ...-06-23-14-19-30.gh-issue-151987.8mNIMf.rst | 2 + + 3 files changed, 96 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2026-06-23-14-19-30.gh-issue-151987.8mNIMf.rst + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index cb09e307c46..d3c48999700 100644 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -2538,7 +2538,8 @@ def extract(self, member, path="", set_attrs=True, *, numeric_owner=False, + tarinfo, unfiltered = self._get_extract_tarinfo( + member, filter_function, path) + if tarinfo is not None: +- self._extract_one(tarinfo, path, set_attrs, numeric_owner) ++ self._extract_one(tarinfo, path, set_attrs, numeric_owner, ++ filter_function=filter_function) + + def _get_extract_tarinfo(self, member, filter_function, path): + """Get (filtered, unfiltered) TarInfos from *member* +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index 804c3e6d809..f3b61d9fbad 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -4470,6 +4470,98 @@ def test_chmod_outside_dir(self): + st_mode = cc.outerdir.stat().st_mode + self.assertNotEqual(st_mode & 0o777, 0o777) + ++ @symlink_test ++ @unittest.skipUnless(hasattr(os, 'chown'), "missing os.chown") ++ @unittest.skipUnless(hasattr(os, 'lchown'), "missing os.lchown") ++ @unittest.skipUnless(hasattr(os, 'geteuid'), "missing os.geteuid") ++ @support.subTests('link_type', (tarfile.SYMTYPE, tarfile.LNKTYPE)) ++ def test_chown_links_on_extract(self, link_type): ++ with ArchiveMaker() as arc: ++ arc.add("test.txt", ++ uid=1337, gid=1337, uname="", gname="", mode='-rwxr-xr-x') ++ arc.add("link", ++ type=link_type, ++ linkname='test.txt', ++ uid=1337, gid=1337, uname="", gname="", mode='-rwxr-xr-x') ++ ++ with ( ++ os_helper.temp_dir() as tmpdir, ++ arc.open() as tar, ++ unittest.mock.patch("os.chown") as mock_chown, ++ unittest.mock.patch("os.lchown") as mock_lchown, ++ unittest.mock.patch("os.geteuid") as mock_geteuid, ++ ): ++ # Set UID to 0 so chown() is attempted. ++ mock_geteuid.return_value = 0 ++ tar.extract("link", path=tmpdir, filter='data') ++ extract_path = os.path.join(tmpdir, "link") ++ ++ if link_type == tarfile.SYMTYPE: ++ mock_chown.assert_not_called() ++ mock_lchown.assert_called_once_with(extract_path, -1, -1) ++ else: ++ mock_chown.assert_has_calls([ ++ unittest.mock.call(extract_path, -1, -1), ++ unittest.mock.call(extract_path, -1, -1) ++ ]) ++ mock_lchown.assert_not_called() ++ ++ @symlink_test ++ @unittest.skipUnless(hasattr(os, 'chown'), "missing os.chown") ++ @unittest.skipUnless(hasattr(os, 'lchown'), "missing os.lchown") ++ @unittest.skipUnless(hasattr(os, 'geteuid'), "missing os.geteuid") ++ @support.subTests('link_type', (tarfile.SYMTYPE, tarfile.LNKTYPE)) ++ def test_chown_links_on_extractall(self, link_type): ++ with ArchiveMaker() as arc: ++ arc.add("test.txt", ++ uid=1337, gid=1337, uname="", gname="", mode='-rwxr-xr-x') ++ arc.add("link", ++ type=link_type, ++ linkname='test.txt', ++ uid=1337, gid=1337, uname="", gname="", mode='-rwxr-xr-x') ++ ++ with ( ++ os_helper.temp_dir() as tmpdir, ++ arc.open() as tar, ++ unittest.mock.patch("os.chown") as mock_chown, ++ unittest.mock.patch("os.lchown") as mock_lchown, ++ unittest.mock.patch("os.geteuid") as mock_geteuid, ++ ): ++ # Set UID to 0 so chown() is attempted. ++ mock_geteuid.return_value = 0 ++ tar.extractall(path=tmpdir, filter='data') ++ extract_link_path = os.path.join(tmpdir, "link") ++ extract_file_path = os.path.join(tmpdir, "test.txt") ++ ++ if link_type == tarfile.SYMTYPE: ++ mock_chown.assert_called_once_with(extract_file_path, -1, -1) ++ mock_lchown.assert_called_once_with(extract_link_path, -1, -1) ++ else: ++ mock_chown.assert_has_calls([ ++ unittest.mock.call(extract_file_path, -1, -1), ++ unittest.mock.call(extract_link_path, -1, -1) ++ ]) ++ mock_lchown.assert_not_called() ++ ++ def test_extract_filters_target(self): ++ # Test that when extract() falls back to extracting (rather than ++ # linking) a hardlink target, it filters the target. ++ with ArchiveMaker() as arc: ++ arc.add("target") ++ arc.add("link", hardlink_to="target") ++ def testing_filter(member, path): ++ if member.name == 'target': ++ # target: set read-only ++ return member.replace(mode=stat.S_IRUSR) ++ # link: don't overwrite the mode ++ return member.replace(mode=None) ++ tempdir = pathlib.Path(TEMPDIR) / 'extract' ++ with os_helper.temp_dir(tempdir), arc.open() as tar: ++ tar.extract("link", path=tempdir, filter=testing_filter) ++ path = tempdir / 'link' ++ if os_helper.can_chmod(): ++ self.assertFalse(path.stat().st_mode & stat.S_IWUSR) ++ + def test_link_fallback_normalizes(self): + # Make sure hardlink fallbacks work for non-normalized paths for all + # filters +diff --git a/Misc/NEWS.d/next/Security/2026-06-23-14-19-30.gh-issue-151987.8mNIMf.rst b/Misc/NEWS.d/next/Security/2026-06-23-14-19-30.gh-issue-151987.8mNIMf.rst +new file mode 100644 +index 00000000000..9eea7b32c4d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2026-06-23-14-19-30.gh-issue-151987.8mNIMf.rst +@@ -0,0 +1,2 @@ ++The :meth:`tarfile.TarFile.extract` method now applies the given filter when ++it extracts a link target from the archive as a fallback. +-- +2.47.3 + diff --git a/package/python3/0015-3.14-gh-153030-Fix-quadratic-complexity-in-increment.patch b/package/python3/0015-3.14-gh-153030-Fix-quadratic-complexity-in-increment.patch new file mode 100644 index 00000000000..e9c3f40cc0a --- /dev/null +++ b/package/python3/0015-3.14-gh-153030-Fix-quadratic-complexity-in-increment.patch @@ -0,0 +1,123 @@ +From 07efb08123ba9367a7107325adb9d5626dca1ca9 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Sat, 4 Jul 2026 20:08:05 +0200 +Subject: [PATCH] [3.14] gh-153030: Fix quadratic complexity in incremental + parsing in HTMLParser (GH-153031) (GH-153039) + +When an unterminated construct (e.g. a tag or comment) spanned many +feed() calls, rescanning the growing buffer and concatenating new data +onto it were both quadratic. New data is now accumulated in a list and +only joined and parsed once enough has piled up. +(cherry picked from commit bcf98ddbc40ec9b3ee87da0124a5660b19b7e606) + +Co-authored-by: Serhiy Storchaka +Co-authored-by: Claude Opus 4.8 + +Upstream: https://github.com/python/cpython/commit/07efb08123ba9367a7107325adb9d5626dca1ca9 +CVE: CVE-2026-15308 + +Signed-off-by: Bernd Kuhls +--- + Lib/html/parser.py | 32 +++++++++++++++++-- + Lib/test/test_htmlparser.py | 20 ++++++++++++ + ...-07-04-17-00-00.gh-issue-153030.RovkP6.rst | 3 ++ + 3 files changed, 53 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2026-07-04-17-00-00.gh-issue-153030.RovkP6.rst + +diff --git a/Lib/html/parser.py b/Lib/html/parser.py +index 38ddf9ef442..fbe0d3665e0 100644 +--- a/Lib/html/parser.py ++++ b/Lib/html/parser.py +@@ -157,6 +157,9 @@ def reset(self): + self.cdata_elem = None + self._support_cdata = True + self._escapable = True ++ self._pending = [] ++ self._pending_len = 0 ++ self._parse_threshold = 1 + super().reset() + + def feed(self, data): +@@ -165,11 +168,36 @@ def feed(self, data): + Call this as often as you want, with as little or as much text + as you want (may include '\n'). + """ +- self.rawdata = self.rawdata + data +- self.goahead(0) ++ # Accumulate new data in a list and only join and parse it once ++ # enough has piled up. Rescanning an unparsed buffer (e.g. an ++ # unterminated tag) and concatenating onto it on every call would ++ # both be quadratic in the input size. ++ self._pending_len += len(data) ++ if self._pending_len < self._parse_threshold: ++ self._pending.append(data) ++ else: ++ if not self._pending: ++ self.rawdata += data ++ else: ++ self._pending.append(data) ++ self.rawdata += ''.join(self._pending) ++ self._pending.clear() ++ self._pending_len = 0 ++ n = len(self.rawdata) ++ self.goahead(0) ++ if len(self.rawdata) < n: ++ # Some data was parsed; resume on the next call. ++ self._parse_threshold = 1 ++ else: ++ # Nothing was parsed; wait until the buffer doubles. ++ self._parse_threshold = len(self.rawdata) + + def close(self): + """Handle any buffered data.""" ++ if self._pending: ++ self.rawdata += ''.join(self._pending) ++ self._pending.clear() ++ self._pending_len = 0 + self.goahead(1) + + __starttag_text = None +diff --git a/Lib/test/test_htmlparser.py b/Lib/test/test_htmlparser.py +index 6b7624f1150..3fdaed4ff46 100644 +--- a/Lib/test/test_htmlparser.py ++++ b/Lib/test/test_htmlparser.py +@@ -1041,6 +1041,26 @@ def check(source): + check("") # comment ++ check("") # processing instruction ++ check("") # doctype ++ check("") # CDATA section ++ check("") # start tag ++ check("") # RAWTEXT element ++ + + class AttributesTestCase(TestCaseBase): + +diff --git a/Misc/NEWS.d/next/Security/2026-07-04-17-00-00.gh-issue-153030.RovkP6.rst b/Misc/NEWS.d/next/Security/2026-07-04-17-00-00.gh-issue-153030.RovkP6.rst +new file mode 100644 +index 00000000000..d1d60593f4b +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2026-07-04-17-00-00.gh-issue-153030.RovkP6.rst +@@ -0,0 +1,3 @@ ++Fixed quadratic complexity in incremental parsing of long unterminated ++constructs (such as tags or comments) in :class:`html.parser.HTMLParser`, ++which could be exploited for a denial of service. +-- +2.47.3 + diff --git a/package/python3/python3.mk b/package/python3/python3.mk index fabbdac3844..9a47a1f3065 100644 --- a/package/python3/python3.mk +++ b/package/python3/python3.mk @@ -16,6 +16,18 @@ PYTHON3_CPE_ID_PRODUCT = python # 0011-3.14-gh-151558-Fix-symlink-escape-via-tarfile-hardli.patch PYTHON3_IGNORE_CVES += CVE-2026-11940 +# 0012-3.14-gh-143927-Normalize-all-line-endings-CR-CRLF-an.patch +PYTHON3_IGNORE_CVES += CVE-2026-0864 + +# 0013-3.14-gh-151981-Make-tarfile._Stream.seek-break-at-EO.patch +PYTHON3_IGNORE_CVES += CVE-2026-11972 + +# 0014-3.14-gh-151987-Pass-filter_function-to-TarFile._extr.patch +PYTHON3_IGNORE_CVES += CVE-2026-4360 + +# 0015-3.14-gh-153030-Fix-quadratic-complexity-in-increment.patch +PYTHON3_IGNORE_CVES += CVE-2026-15308 + # This host Python is installed in $(HOST_DIR), as it is needed when # cross-compiling third-party Python modules. From 760f471db1857bbd33f338d58a2501a69680f6f3 Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Fri, 10 Jul 2026 15:04:07 +0300 Subject: [PATCH 02/22] package/socat: security bump to version 1.8.1.3 Fixes CVE-2026-56123: SOCKS5 client buffer overflow. Only signed char platforms are affected. http://www.dest-unreach.org/socat/CHANGES Signed-off-by: Baruch Siach Signed-off-by: Julien Olivain --- package/socat/socat.hash | 4 ++-- package/socat/socat.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/socat/socat.hash b/package/socat/socat.hash index 3a4eec60c1c..2fc8e408531 100644 --- a/package/socat/socat.hash +++ b/package/socat/socat.hash @@ -1,7 +1,7 @@ # From http://www.dest-unreach.org/socat/download.md5sum -md5 5456f0f0c5d4505b68edcb10e23ef128 socat-1.8.1.1.tar.bz2 +md5 1a5b8ddff793847d80aa100d54b7cf76 socat-1.8.1.3.tar.bz2 # From http://www.dest-unreach.org/socat/download.sha256sum -sha256 5ebc636b7f427053f98806696521653a614c7e06464910353cbf54e2327adc1b socat-1.8.1.1.tar.bz2 +sha256 25bc6476292b2e614220989c77b0b6fca87bb2525d9747b31a6639b1fb602418 socat-1.8.1.3.tar.bz2 # Locally calculated sha256 86e46422f9381b386bd2eb6606f9d6c3ff479f905660d0f318c571292ab304b8 README sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/socat/socat.mk b/package/socat/socat.mk index 3d40540599d..311bdfda3ab 100644 --- a/package/socat/socat.mk +++ b/package/socat/socat.mk @@ -4,7 +4,7 @@ # ################################################################################ -SOCAT_VERSION = 1.8.1.1 +SOCAT_VERSION = 1.8.1.3 SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2 SOCAT_SITE = http://www.dest-unreach.org/socat/download SOCAT_LICENSE = GPL-2.0 with OpenSSL exception From e33010926ccb94cfd4b8c635b56a3e287183c4bf Mon Sep 17 00:00:00 2001 From: Michael Nosthoff Date: Wed, 8 Jul 2026 09:23:52 +0200 Subject: [PATCH 03/22] package/fmt: fix 32-bit builds Provide a fallback when native __int128 is not available. Fixes: https://autobuild.buildroot.org/results/39df217ad5a1036d5e606ae0e8291d885e9d0e1a/ Signed-off-by: Michael Nosthoff Signed-off-by: Julien Olivain --- ...001-fix-fallback-uint128-bitwise-not.patch | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 package/fmt/0001-fix-fallback-uint128-bitwise-not.patch diff --git a/package/fmt/0001-fix-fallback-uint128-bitwise-not.patch b/package/fmt/0001-fix-fallback-uint128-bitwise-not.patch new file mode 100644 index 00000000000..123c43ab2ce --- /dev/null +++ b/package/fmt/0001-fix-fallback-uint128-bitwise-not.patch @@ -0,0 +1,42 @@ +From 588b3a0f8f6a8bcf2a959cae882d5b2703e86737 Mon Sep 17 00:00:00 2001 +From: Vinay Kumar +Date: Thu, 18 Jun 2026 12:22:12 +0530 +Subject: [PATCH] Fix fallback uint128 bitwise not (#4813) + +Upstream: https://github.com/fmtlib/fmt/commit/588b3a0f8f6a8bcf2a959cae882d5b2703e86737 +Signed-off-by: Michael Nosthoff +--- + include/fmt/format.h | 3 +++ + test/format-test.cc | 5 +++++ + 2 files changed, 8 insertions(+) + +diff --git a/include/fmt/format.h b/include/fmt/format.h +index 5044befdd863..570627922c62 100644 +--- a/include/fmt/format.h ++++ b/include/fmt/format.h +@@ -326,6 +326,9 @@ class uint128 { + -> uint128 { + return {lhs.hi_ & rhs.hi_, lhs.lo_ & rhs.lo_}; + } ++ friend constexpr auto operator~(const uint128& n) -> uint128 { ++ return {~n.hi_, ~n.lo_}; ++ } + friend FMT_CONSTEXPR auto operator+(const uint128& lhs, const uint128& rhs) + -> uint128 { + auto result = uint128(lhs); +diff --git a/test/format-test.cc b/test/format-test.cc +index 9a2258d5921f..8c2670a19fc3 100644 +--- a/test/format-test.cc ++++ b/test/format-test.cc +@@ -82,6 +82,11 @@ TEST(uint128_test, minus) { + EXPECT_EQ(n - 2, 40); + } + ++TEST(uint128_test, bitwise_not) { ++ auto n = ~uint128(0x123456789abcdef0, 0x0fedcba987654321); ++ EXPECT_EQ(n, uint128(0xedcba9876543210f, 0xf0123456789abcde)); ++} ++ + TEST(uint128_test, plus_assign) { + auto n = uint128(32); + n += uint128(10); From b4c690d22029fbba59d31d02fbf392d9f7cbe654 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 10 Jul 2026 09:19:59 +0200 Subject: [PATCH 04/22] package/libva: bump version to 2.24.1 https://github.com/intel/libva/blob/2.24.1/NEWS Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/libva/libva.hash | 2 +- package/libva/libva.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libva/libva.hash b/package/libva/libva.hash index 2d7e8b7ee8d..918230e1c06 100644 --- a/package/libva/libva.hash +++ b/package/libva/libva.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 b10aceb30e93ddf13b2030eb70079574ba437be9b3b76065caf28a72c07e23e7 libva-2.23.0.tar.gz +sha256 0b4a3649ee8d683b9cce2ef094df4fb039d276c0cef7e49337c43d3b297b9f42 libva-2.24.1.tar.gz sha256 c86a782ee845b52472dae9b9d79fb915d333628ac0efe49cdce63644814931de COPYING diff --git a/package/libva/libva.mk b/package/libva/libva.mk index f41a0c00ffc..9f044293d86 100644 --- a/package/libva/libva.mk +++ b/package/libva/libva.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBVA_VERSION = 2.23.0 +LIBVA_VERSION = 2.24.1 LIBVA_SITE = $(call github,intel,libva,$(LIBVA_VERSION)) LIBVA_LICENSE = MIT LIBVA_LICENSE_FILES = COPYING From 2612bf23e5ce52c5e877351c13121cc6e6c2275f Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 10 Jul 2026 09:20:00 +0200 Subject: [PATCH 05/22] package/libva-utils: bump version to 2.24.0 https://github.com/intel/libva-utils/blob/2.24.0/NEWS Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/libva-utils/libva-utils.hash | 2 +- package/libva-utils/libva-utils.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libva-utils/libva-utils.hash b/package/libva-utils/libva-utils.hash index 68886478657..d7b1a0789b6 100644 --- a/package/libva-utils/libva-utils.hash +++ b/package/libva-utils/libva-utils.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 fa7ff29847b55010fbbb775b35382f97f29b7b97abe9a2f6fb3e22b36db5440a libva-utils-2.23.0.tar.gz +sha256 bf959a1ced3cde8176a7ff50ad358ee98e93301ac068581a8b2617c5b83afcb3 libva-utils-2.24.0.tar.gz sha256 c6220c9f87832c27abcb8a32eafdd2823e13ce146b3ea63d5deae2a76798ef50 COPYING diff --git a/package/libva-utils/libva-utils.mk b/package/libva-utils/libva-utils.mk index 3fdb6bcf704..38dd14610c4 100644 --- a/package/libva-utils/libva-utils.mk +++ b/package/libva-utils/libva-utils.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBVA_UTILS_VERSION = 2.23.0 +LIBVA_UTILS_VERSION = 2.24.0 LIBVA_UTILS_SITE = $(call github,intel,libva-utils,$(LIBVA_UTILS_VERSION)) LIBVA_UTILS_LICENSE = MIT LIBVA_UTILS_LICENSE_FILES = COPYING From 9f469f24cbd947e1094483dde9038b82c9549d9c Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 10 Jul 2026 09:20:01 +0200 Subject: [PATCH 06/22] package/libvpl: bump version to 2.17.0 https://github.com/intel/libvpl/releases/tag/v2.17.0 Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/libvpl/libvpl.hash | 2 +- package/libvpl/libvpl.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libvpl/libvpl.hash b/package/libvpl/libvpl.hash index 08b2de31fcb..684de90837d 100644 --- a/package/libvpl/libvpl.hash +++ b/package/libvpl/libvpl.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 d60931937426130ddad9f1975c010543f0da99e67edb1c6070656b7947f633b6 libvpl-2.16.0.tar.gz +sha256 4de3e2faf1e8307fb282e4a43f443191810f6a6b0a484fffa7995ba1c814c6ec libvpl-2.17.0.tar.gz sha256 bf1cfac2e2792b6e1e995ce103d70796aecaf2ec7e4c5fe5474f7acec7b4a677 LICENSE diff --git a/package/libvpl/libvpl.mk b/package/libvpl/libvpl.mk index 4e3c4807cda..e5ab9ac8ee1 100644 --- a/package/libvpl/libvpl.mk +++ b/package/libvpl/libvpl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBVPL_VERSION = 2.16.0 +LIBVPL_VERSION = 2.17.0 LIBVPL_SITE = $(call github,intel,libvpl,v$(LIBVPL_VERSION)) LIBVPL_LICENSE = MIT LIBVPL_LICENSE_FILES = LICENSE From 4c2b9973818852bafc12526c80608cf2a22084bc Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 10 Jul 2026 09:20:02 +0200 Subject: [PATCH 07/22] package/intel-mediadriver: bump version to 26.2.4 https://github.com/intel/media-driver/releases/tag/intel-media-26.2.4 Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/intel-mediadriver/intel-mediadriver.hash | 2 +- package/intel-mediadriver/intel-mediadriver.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/intel-mediadriver/intel-mediadriver.hash b/package/intel-mediadriver/intel-mediadriver.hash index 6fbe8689ea1..99764cef985 100644 --- a/package/intel-mediadriver/intel-mediadriver.hash +++ b/package/intel-mediadriver/intel-mediadriver.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 2e10b1565f45fd2052c9704639bb6144fc56b21979039f3b44151dfe5b281e18 intel-media-26.2.3.tar.gz +sha256 a23185fca05c8fa8bdec09ea9ee8a20361163c87035ec978de4e2bb048a55534 intel-media-26.2.4.tar.gz sha256 74979d5aaee78b8da82e3aafd415a216b6131dfff6d95d6930927c8a4e3bded3 LICENSE.md diff --git a/package/intel-mediadriver/intel-mediadriver.mk b/package/intel-mediadriver/intel-mediadriver.mk index a197c2a6dee..6c77ef83a74 100644 --- a/package/intel-mediadriver/intel-mediadriver.mk +++ b/package/intel-mediadriver/intel-mediadriver.mk @@ -6,7 +6,7 @@ # based on https://software.intel.com/en-us/articles/build-and-debug-open-source-media-stack -INTEL_MEDIADRIVER_VERSION = 26.2.3 +INTEL_MEDIADRIVER_VERSION = 26.2.4 INTEL_MEDIADRIVER_SITE = https://github.com/intel/media-driver/archive INTEL_MEDIADRIVER_SOURCE= intel-media-$(INTEL_MEDIADRIVER_VERSION).tar.gz INTEL_MEDIADRIVER_LICENSE = MIT, BSD-3-Clause From b1329e7860f4004bcc998547ce3dc887dffe1da0 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 10 Jul 2026 09:20:03 +0200 Subject: [PATCH 08/22] package/intel-vpl-gpu-rt: bump version to 26.2.4 https://github.com/intel/vpl-gpu-rt/releases/tag/intel-onevpl-26.2.4 Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.hash | 2 +- package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.hash b/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.hash index 325ceff9ffd..ab25475be03 100644 --- a/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.hash +++ b/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 7cb0ce0c3b22e7f370053db5c363244feb8900fbd63da84f1e13f82776f8fddb intel-vpl-gpu-rt-26.2.3.tar.gz +sha256 c103d936d708a3910ef8572e9403aabf423197cfce6c8a6fcf870072b6564ada intel-vpl-gpu-rt-26.2.4.tar.gz sha256 c31c3cc5fd66d1250dbca1c3d9011a9f874537442ac71c8de80f2f0fed13f297 LICENSE diff --git a/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.mk b/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.mk index b2bef9c6dd1..3cdcb40d9a8 100644 --- a/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.mk +++ b/package/intel-vpl-gpu-rt/intel-vpl-gpu-rt.mk @@ -4,7 +4,7 @@ # ################################################################################ -INTEL_VPL_GPU_RT_VERSION = 26.2.3 +INTEL_VPL_GPU_RT_VERSION = 26.2.4 INTEL_VPL_GPU_RT_SITE = $(call github,intel,vpl-gpu-rt,intel-onevpl-$(INTEL_VPL_GPU_RT_VERSION)) INTEL_VPL_GPU_RT_LICENSE = MIT INTEL_VPL_GPU_RT_LICENSE_FILES = LICENSE From 138713f39a999c30adec7f2e2829aa67af87a110 Mon Sep 17 00:00:00 2001 From: Laurent Pinchart Date: Thu, 9 Jul 2026 01:35:32 +0300 Subject: [PATCH 09/22] package/libcamera: update source URL libcamera has moved for a while now to gitlab.freedesktop.org. The mirror on git.linuxtv.org is still active, but it isn't the canonical repository and has less bandwidth than freedesktop.org. Switch the libcamera source URL to gitlab.freedesktop.org. Signed-off-by: Laurent Pinchart Reviewed-by: Kieran Bingham [Julien: removed trailing slash in _SITE] Signed-off-by: Julien Olivain --- package/libcamera/libcamera.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/libcamera/libcamera.mk b/package/libcamera/libcamera.mk index 945207888ba..256909ebc80 100644 --- a/package/libcamera/libcamera.mk +++ b/package/libcamera/libcamera.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCAMERA_SITE = https://git.linuxtv.org/libcamera.git +LIBCAMERA_SITE = https://gitlab.freedesktop.org/camera/libcamera.git LIBCAMERA_VERSION = v0.7.1 LIBCAMERA_SITE_METHOD = git LIBCAMERA_DEPENDENCIES = \ From 92abb11ee4f574981eb194d283b97afad5dec004 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Thu, 9 Jul 2026 21:17:37 +0200 Subject: [PATCH 10/22] package/odhcp6c: bump version to git 10a52220ae https://github.com/openwrt/odhcp6c/compare/f19dd37fb467c9cf10cad57aefa0d048312d7dfd...10a52220aec9d45803518d8cc4d63e552484ed61 Removed patches which are included in this release. Please note that upstream committed https://git.openwrt.org/project/odhcp6c/commit/?id=10a52220aec9d45803518d8cc4d63e552484ed61 instead of patch 0001. Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- ...p6c-const-cast-for-c23-compatibility.patch | 102 ------------------ ...002-dhcpv6-use-stable-IAID-for-IA_NA.patch | 95 ---------------- package/odhcp6c/odhcp6c.hash | 2 +- package/odhcp6c/odhcp6c.mk | 2 +- 4 files changed, 2 insertions(+), 199 deletions(-) delete mode 100644 package/odhcp6c/0001-odhcp6c-const-cast-for-c23-compatibility.patch delete mode 100644 package/odhcp6c/0002-dhcpv6-use-stable-IAID-for-IA_NA.patch diff --git a/package/odhcp6c/0001-odhcp6c-const-cast-for-c23-compatibility.patch b/package/odhcp6c/0001-odhcp6c-const-cast-for-c23-compatibility.patch deleted file mode 100644 index cdb26a74342..00000000000 --- a/package/odhcp6c/0001-odhcp6c-const-cast-for-c23-compatibility.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 3b69378125aba61b3391bf5fe607983ce75b839c Mon Sep 17 00:00:00 2001 -From: Rosen Penev -Date: Wed, 8 Apr 2026 14:14:56 -0700 -Subject: [PATCH] odhcp6c: const cast for c23 compatibility - -strpbrk is now a macro that returns const based on the parameter. Cast -it away when we don't want const. - -Signed-off-by: Rosen Penev - -Upstream: https://github.com/openwrt/odhcp6c/pull/156 - -Signed-off-by: Bernd Kuhls ---- - src/config.c | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/config.c b/src/config.c -index 54e2d35..c1a3a99 100644 ---- a/src/config.c -+++ b/src/config.c -@@ -338,7 +338,7 @@ static int config_parse_opt_u8(const char *src, uint8_t **dst) - static int config_parse_opt_string(const char *src, uint8_t **dst, const bool array) - { - int o_len = 0; -- char *sep = strpbrk(src, ARRAY_SEP); -+ char *sep = strpbrk((char*)src, ARRAY_SEP); - - if (sep && !array) - return -1; -@@ -362,7 +362,7 @@ static int config_parse_opt_string(const char *src, uint8_t **dst, const bool ar - src = sep; - - if (sep) -- sep = strpbrk(src, ARRAY_SEP); -+ sep = strpbrk((char*)src, ARRAY_SEP); - } while (src); - - return o_len; -@@ -371,7 +371,7 @@ static int config_parse_opt_string(const char *src, uint8_t **dst, const bool ar - static int config_parse_opt_dns_string(const char *src, uint8_t **dst, const bool array) - { - int o_len = 0; -- char *sep = strpbrk(src, ARRAY_SEP); -+ char *sep = strpbrk((char*)src, ARRAY_SEP); - - if (sep && !array) - return -1; -@@ -399,7 +399,7 @@ static int config_parse_opt_dns_string(const char *src, uint8_t **dst, const boo - src = sep; - - if (sep) -- sep = strpbrk(src, ARRAY_SEP); -+ sep = strpbrk((char*)src, ARRAY_SEP); - } while (src); - - return o_len; -@@ -408,7 +408,7 @@ static int config_parse_opt_dns_string(const char *src, uint8_t **dst, const boo - static int config_parse_opt_ip6(const char *src, uint8_t **dst, const bool array) - { - int o_len = 0; -- char *sep = strpbrk(src, ARRAY_SEP); -+ char *sep = strpbrk((char*)src, ARRAY_SEP); - - if (sep && !array) - return -1; -@@ -433,7 +433,7 @@ static int config_parse_opt_ip6(const char *src, uint8_t **dst, const bool array - src = sep; - - if (sep) -- sep = strpbrk(src, ARRAY_SEP); -+ sep = strpbrk((char*)src, ARRAY_SEP); - } while (src); - - return o_len; -@@ -442,7 +442,7 @@ static int config_parse_opt_ip6(const char *src, uint8_t **dst, const bool array - static int config_parse_opt_user_class(const char *src, uint8_t **dst, const bool array) - { - int o_len = 0; -- char *sep = strpbrk(src, ARRAY_SEP); -+ char *sep = strpbrk((char*)src, ARRAY_SEP); - - if (sep && !array) - return -1; -@@ -471,7 +471,7 @@ static int config_parse_opt_user_class(const char *src, uint8_t **dst, const boo - src = sep; - - if (sep) -- sep = strpbrk(src, ARRAY_SEP); -+ sep = strpbrk((char*)src, ARRAY_SEP); - } while (src); - - return o_len; -@@ -555,7 +555,7 @@ int config_parse_opt(const char *opt) - struct odhcp6c_opt *dopt = NULL; - int ret = -1; - -- data = strpbrk(opt, ":"); -+ data = strpbrk((char*)opt, ":"); - if (!data) - return -1; - diff --git a/package/odhcp6c/0002-dhcpv6-use-stable-IAID-for-IA_NA.patch b/package/odhcp6c/0002-dhcpv6-use-stable-IAID-for-IA_NA.patch deleted file mode 100644 index fc70205cccb..00000000000 --- a/package/odhcp6c/0002-dhcpv6-use-stable-IAID-for-IA_NA.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 9a4d6fe802d21e4fc1b84f7d55b5c3c23e71d6ba Mon Sep 17 00:00:00 2001 -From: Paul Donald -Date: Thu, 18 Dec 2025 15:10:24 +0100 -Subject: [PATCH] dhcpv6: use stable IAID for IA_NA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -https://www.rfc-editor.org/rfc/rfc8415.html#section-12 - - ........ The IAID is chosen by the client. For any given use of an - IA by the client, the IAID for that IA MUST be consistent across - restarts of the DHCP client. The client may maintain consistency by - either storing the IAID in non-volatile storage or using an algorithm - that will consistently produce the same IAID as long as the - configuration of the client has not changed. - -Signed-off-by: Paul Donald -Link: https://github.com/openwrt/odhcp6c/pull/140 -Signed-off-by: Álvaro Fernández Rojas - -Upstream: https://github.com/openwrt/odhcp6c/commit/9a4d6fe802d21e4fc1b84f7d55b5c3c23e71d6ba - -Signed-off-by: Bernd Kuhls ---- - src/dhcpv6.c | 15 +++++++++++++-- - src/odhcp6c.h | 1 + - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/src/dhcpv6.c b/src/dhcpv6.c -index d8bb8be..97860b1 100644 ---- a/src/dhcpv6.c -+++ b/src/dhcpv6.c -@@ -262,6 +262,9 @@ static struct dhcpv6_stats dhcpv6_stats = {0}; - // config - static struct config_dhcp* config_dhcp = NULL; - -+// store unique ifname hash to use as IA->IAID -+static uint32_t ifname_hash_iaid = 0; -+ - static uint32_t ntohl_unaligned(const uint8_t *data) - { - uint32_t buf; -@@ -542,6 +545,12 @@ void dhcpv6_reset_stats(void) - memset(&dhcpv6_stats, 0, sizeof(dhcpv6_stats)); - } - -+uint32_t hash_ifname(const char *s) { -+ uint32_t h = 0; -+ while (*s) h = h * 31 + *s++; -+ return h; -+} -+ - int init_dhcpv6(const char *ifname) - { - config_dhcp = config_dhcp_get(); -@@ -566,6 +575,8 @@ int init_dhcpv6(const char *ifname) - if (ioctl(sock, SIOCGIFINDEX, &ifr) < 0) - goto failure; - -+ ifname_hash_iaid = hash_ifname(ifname); -+ - ifindex = ifr.ifr_ifindex; - - // Set the socket to non-blocking mode -@@ -838,7 +849,7 @@ static void dhcpv6_send(enum dhcpv6_msg req_msg_type, uint8_t trid[3], uint32_t - struct dhcpv6_ia_hdr hdr_ia_na = { - .type = htons(DHCPV6_OPT_IA_NA), - .len = htons(sizeof(hdr_ia_na) - DHCPV6_OPT_HDR_SIZE), -- .iaid = htonl(ifindex), -+ .iaid = htonl(ifname_hash_iaid), - .t1 = 0, - .t2 = 0, - }; -@@ -1392,7 +1403,7 @@ static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _o_unused const int rc, - continue; - - // Test ID -- if (ia_hdr->iaid != htonl(ifindex) && otype == DHCPV6_OPT_IA_NA) -+ if (ia_hdr->iaid != htonl(ifname_hash_iaid) && otype == DHCPV6_OPT_IA_NA) - continue; - - uint16_t code = DHCPV6_Success; -diff --git a/src/odhcp6c.h b/src/odhcp6c.h -index aa73bbc..c57f885 100644 ---- a/src/odhcp6c.h -+++ b/src/odhcp6c.h -@@ -540,6 +540,7 @@ struct odhcp6c_opt { - const char *str; - }; - -+uint32_t hash_ifname(const char *s); - int init_dhcpv6(const char *ifname); - int dhcpv6_get_ia_mode(void); - int dhcpv6_promote_server_cand(void); diff --git a/package/odhcp6c/odhcp6c.hash b/package/odhcp6c/odhcp6c.hash index 86c9c659c4b..1e0b829b7ad 100644 --- a/package/odhcp6c/odhcp6c.hash +++ b/package/odhcp6c/odhcp6c.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 e9cfddfcc12c4ca0bf8d8211bb72c7018c0e0f8da6903d680da122b4ce551c56 odhcp6c-f19dd37fb467c9cf10cad57aefa0d048312d7dfd-git4.tar.gz +sha256 d2f48c57adbe2c2304ca7a8900429797e46267c6f2e376ac0166fceb85095847 odhcp6c-10a52220aec9d45803518d8cc4d63e552484ed61-git4.tar.gz sha256 e6d6a009505e345fe949e1310334fcb0747f28dae2856759de102ab66b722cb4 COPYING diff --git a/package/odhcp6c/odhcp6c.mk b/package/odhcp6c/odhcp6c.mk index 92688b72376..b935596312e 100644 --- a/package/odhcp6c/odhcp6c.mk +++ b/package/odhcp6c/odhcp6c.mk @@ -4,7 +4,7 @@ # ################################################################################ -ODHCP6C_VERSION = f19dd37fb467c9cf10cad57aefa0d048312d7dfd +ODHCP6C_VERSION = 10a52220aec9d45803518d8cc4d63e552484ed61 ODHCP6C_SITE = https://git.openwrt.org/project/odhcp6c.git ODHCP6C_SITE_METHOD = git ODHCP6C_LICENSE = GPL-2.0 From c361afc1c3baa1fba3cfec57736d8eb8742492a4 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Wed, 8 Jul 2026 22:01:24 +0200 Subject: [PATCH 11/22] package/pahole: bump version to 1.31 https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/changes-v1.29?h=v1.31 https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/changes-v1.30?h=v1.31 https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/changes-v1.31?h=v1.31 Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/pahole/pahole.hash | 2 +- package/pahole/pahole.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/pahole/pahole.hash b/package/pahole/pahole.hash index efa12184687..f70ab020d73 100644 --- a/package/pahole/pahole.hash +++ b/package/pahole/pahole.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 9a319c214b38554be8430a672043d85735564e8e1e78db5a41cba7a03d038056 pahole-1.28.tar.gz +sha256 a0b9d79bdb8d3028a87afd402a61d0ff5b05c982b15f6bab1be08ca1662cd0e9 pahole-1.31.tar.gz sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING diff --git a/package/pahole/pahole.mk b/package/pahole/pahole.mk index 150373fd7e1..cf5bd584efb 100644 --- a/package/pahole/pahole.mk +++ b/package/pahole/pahole.mk @@ -4,7 +4,7 @@ # ################################################################################ -PAHOLE_VERSION = 1.28 +PAHOLE_VERSION = 1.31 PAHOLE_SITE = https://git.kernel.org/pub/scm/devel/pahole/pahole.git/snapshot HOST_PAHOLE_DEPENDENCIES = \ host-elfutils \ From b396091dbf55234ce9a9d7364dcce0bcb43e1d41 Mon Sep 17 00:00:00 2001 From: Dario Binacchi Date: Thu, 25 Jun 2026 17:00:12 +0200 Subject: [PATCH 12/22] package/babeld: bump to version 1.14 The removed patch has been merged [1]. Release notes: https://github.com/jech/babeld/blob/master/CHANGES [1] https://github.com/jech/babeld/commit/f8e5fbb33690b516b8516590def5136e6619de4c Signed-off-by: Dario Binacchi Signed-off-by: Julien Olivain --- .../babeld/0001-Fix-uclibc-build-issue.patch | 38 ------------------- package/babeld/babeld.hash | 2 +- package/babeld/babeld.mk | 2 +- 3 files changed, 2 insertions(+), 40 deletions(-) delete mode 100644 package/babeld/0001-Fix-uclibc-build-issue.patch diff --git a/package/babeld/0001-Fix-uclibc-build-issue.patch b/package/babeld/0001-Fix-uclibc-build-issue.patch deleted file mode 100644 index fb2f69e98bb..00000000000 --- a/package/babeld/0001-Fix-uclibc-build-issue.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f8e5fbb33690b516b8516590def5136e6619de4c Mon Sep 17 00:00:00 2001 -From: Dario Binacchi -Date: Tue, 17 Sep 2024 21:48:01 +0200 -Subject: [PATCH] Fix uclibc build issue - -This patch fixes the following compilation error raised by the bump to -version 1.13.1 in Buildroot [1] using uclibc as the C library for the -cross-compilation toolchain: - -net.c: In function 'babel_send': -net.c:199:27: error: 'IPV6_DONTFRAG' undeclared (first use in this function) - 199 | cmsg->cmsg_type = IPV6_DONTFRAG;; - -[1] https://patchwork.ozlabs.org/project/buildroot/patch/20240917201030.11583-1-dario.binacchi@amarulasolutions.com/ -Signed-off-by: Dario Binacchi -Upstream: https://github.com/jech/babeld/pull/121 ---- - net.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/net.c b/net.c -index 7a7b57844e6c..30de3dafe1d9 100644 ---- a/net.c -+++ b/net.c -@@ -37,6 +37,10 @@ THE SOFTWARE. - #include - #include - -+#if defined(__UCLIBC__) -+#include -+#endif -+ - #include "babeld.h" - #include "util.h" - #include "net.h" --- -2.43.0 - diff --git a/package/babeld/babeld.hash b/package/babeld/babeld.hash index ab2ffc6ef81..d24649dcd22 100644 --- a/package/babeld/babeld.hash +++ b/package/babeld/babeld.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 15f24d26da0ccfc073abcdef0309f281e4684f2aa71126f826572c4c845e8dd9 babeld-1.13.1.tar.gz +sha256 c4ed13c04880ccc3a85a99645dcb64134beac8ab0607fe32a4d07e1057ad73b7 babeld-1.14.tar.gz sha256 b415c41292cedef6c97b243609e50552887c29343566c639f23282d31efd2afd LICENCE diff --git a/package/babeld/babeld.mk b/package/babeld/babeld.mk index e9d20111f93..e20cadf9c03 100644 --- a/package/babeld/babeld.mk +++ b/package/babeld/babeld.mk @@ -4,7 +4,7 @@ # ################################################################################ -BABELD_VERSION = 1.13.1 +BABELD_VERSION = 1.14 BABELD_SITE = https://www.irif.fr/~jch/software/files BABELD_LICENSE = MIT BABELD_LICENSE_FILES = LICENCE From bb38f6f7208497cf5a4df922e833492001170111 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sun, 5 Jul 2026 20:18:34 +0200 Subject: [PATCH 13/22] package/jpeg-turbo: bump version to 3.2.0 https://github.com/libjpeg-turbo/libjpeg-turbo/blob/3.2.0/ChangeLog.md Updated license hash due to upstream commits: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/54bd58cc306301892f1cdc2a00da64576ad1e232 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/42b75222d502faff3316ea82083b873add354f06 Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/jpeg-turbo/jpeg-turbo.hash | 6 +++--- package/jpeg-turbo/jpeg-turbo.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/jpeg-turbo/jpeg-turbo.hash b/package/jpeg-turbo/jpeg-turbo.hash index 382f780f23e..40314214f97 100644 --- a/package/jpeg-turbo/jpeg-turbo.hash +++ b/package/jpeg-turbo/jpeg-turbo.hash @@ -1,5 +1,5 @@ -# From https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/3.1.4.1 -sha256 ecae8008e2cc9ade2f2c1bb9d5e6d4fb73e7c433866a056bd82980741571a022 libjpeg-turbo-3.1.4.1.tar.gz +# From https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/3.2.0 +sha256 6f30092cef9fb839779646608f4ee14ae3cbac989c47fa05e841b0841f09878e libjpeg-turbo-3.2.0.tar.gz # Locally computed -sha256 e10114e6e40f3d0311c401ca25245ac5ef459a43c20f976fd63f03e816f5741f LICENSE.md +sha256 ba6bceebcba0fdd35488477c2cca8c4632ce82c74dbfbc87d886ce6fc4433579 LICENSE.md sha256 75815e3bf6484201a3c3d17a1bbf10f2e8e3237f84df10a2357ea896db2a81d6 README.ijg diff --git a/package/jpeg-turbo/jpeg-turbo.mk b/package/jpeg-turbo/jpeg-turbo.mk index b00a71a2317..9a101107666 100644 --- a/package/jpeg-turbo/jpeg-turbo.mk +++ b/package/jpeg-turbo/jpeg-turbo.mk @@ -4,7 +4,7 @@ # ################################################################################ -JPEG_TURBO_VERSION = 3.1.4.1 +JPEG_TURBO_VERSION = 3.2.0 JPEG_TURBO_SOURCE = libjpeg-turbo-$(JPEG_TURBO_VERSION).tar.gz JPEG_TURBO_SITE = https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/$(JPEG_TURBO_VERSION) JPEG_TURBO_LICENSE = IJG (libjpeg), BSD-3-Clause (TurboJPEG), Zlib (SIMD) From f5b8983aadd3c5f43050962338cf7a0427df77dd Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sun, 5 Jul 2026 19:41:15 +0200 Subject: [PATCH 14/22] package/jansson: bump version to 2.15.1 https://github.com/akheron/jansson/blob/v2.15.1/CHANGES Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/jansson/jansson.hash | 4 ++-- package/jansson/jansson.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/jansson/jansson.hash b/package/jansson/jansson.hash index 747f9e4420b..af376253d46 100644 --- a/package/jansson/jansson.hash +++ b/package/jansson/jansson.hash @@ -1,3 +1,3 @@ -# From https://github.com/akheron/jansson/releases/tag/v2.15.0 -sha256 a7eac7765000373165f9373eb748be039c10b2efc00be9af3467ec92357d8954 jansson-2.15.0.tar.bz2 +# From https://github.com/akheron/jansson/releases/tag/v2.15.1 +sha256 f9aa4b3ec8496fee69db94f06f3d76fd4a26b012ee9bf1e917078c2cd2841881 jansson-2.15.1.tar.bz2 sha256 150d90904cd8de73609bb177b42edd3867b07b4b7b786dbba319f30de39fcda2 LICENSE diff --git a/package/jansson/jansson.mk b/package/jansson/jansson.mk index e60bb1aab69..29d43c9a0c7 100644 --- a/package/jansson/jansson.mk +++ b/package/jansson/jansson.mk @@ -4,7 +4,7 @@ # ################################################################################ -JANSSON_VERSION = 2.15.0 +JANSSON_VERSION = 2.15.1 JANSSON_SOURCE = jansson-$(JANSSON_VERSION).tar.bz2 JANSSON_SITE = \ https://github.com/akheron/jansson/releases/download/v$(JANSSON_VERSION) From 1d257e242c7fcbe6082d774602032e92b7a2c700 Mon Sep 17 00:00:00 2001 From: Giulio Benetti Date: Thu, 9 Jul 2026 14:24:06 +0200 Subject: [PATCH 15/22] package/wireshark: bump to v4.4.17 For more information on the version bump, see: - https://www.wireshark.org/docs/relnotes/wireshark-4.4.17.html Signed-off-by: Giulio Benetti Signed-off-by: Julien Olivain --- package/wireshark/wireshark.hash | 6 +++--- package/wireshark/wireshark.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash index 2c15d4f0f44..917ac47471c 100644 --- a/package/wireshark/wireshark.hash +++ b/package/wireshark/wireshark.hash @@ -1,6 +1,6 @@ -# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.16.txt -sha1 1424ea22b4959f94eb85c1fc3c510f281766144e wireshark-4.4.16.tar.xz -sha256 0bda0e34a4c5da72ea9009134d733783d08189c07462198e53a4f533fd1201fd wireshark-4.4.16.tar.xz +# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-4.4.17.txt +sha1 d46443d5bbca3580f944f3effcdfcc59e24eb7f4 wireshark-4.4.17.tar.xz +sha256 b89a8c60b9282f29be4db91437a6e969e61bc17e8c92ddd980cc38c7304dd772 wireshark-4.4.17.tar.xz # Locally calculated sha256 edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6 COPYING diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk index ab393b8a48b..1fd81515c14 100644 --- a/package/wireshark/wireshark.mk +++ b/package/wireshark/wireshark.mk @@ -4,7 +4,7 @@ # ################################################################################ -WIRESHARK_VERSION = 4.4.16 +WIRESHARK_VERSION = 4.4.17 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions WIRESHARK_LICENSE = wireshark license From c6fa81a18c8c78515e621c26122fa227e1556022 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Wed, 8 Jul 2026 21:53:57 +0200 Subject: [PATCH 16/22] package/dracut: bump version to 111 https://github.com/dracut-ng/dracut/blob/111/NEWS.md Removed patch which is included in this release. Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- ...event-find_binary-from-dropping-last.patch | 45 ------------------- package/dracut/dracut.hash | 2 +- package/dracut/dracut.mk | 2 +- 3 files changed, 2 insertions(+), 47 deletions(-) delete mode 100644 package/dracut/0001-fix-functions-prevent-find_binary-from-dropping-last.patch diff --git a/package/dracut/0001-fix-functions-prevent-find_binary-from-dropping-last.patch b/package/dracut/0001-fix-functions-prevent-find_binary-from-dropping-last.patch deleted file mode 100644 index ad312d0b855..00000000000 --- a/package/dracut/0001-fix-functions-prevent-find_binary-from-dropping-last.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 94c4274e32467235fb580a27ea182169f253ca5f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C3=A9o=20Pourrier?= -Date: Tue, 28 Apr 2026 17:23:23 +0200 -Subject: [PATCH] fix(functions): prevent find_binary from dropping last PATH - element -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When `read` encounters EOF before the delimiter, it returns a non-zero -exit status, causing the while loop to terminate immediately. As a result, -if the PATH string doesn't end with a colon, the very last directory in -PATH is ignored by find_binary(). - -This caused regressions on split-usr architectures where critical -binaries reside exclusively in /bin, and /bin happens to be -appended at the very end of the PATH by dracut.sh. - -Appending a virtual colon to the Here-String ensures the loop processes -all directories correctly. - -Fixes dracut-ng issue #1467 : https://github.com/dracut-ng/dracut-ng/issues/1467 - -Upstream: https://github.com/dracut-ng/dracut-ng/pull/2416 -Signed-off-by: Matéo Pourrier ---- - dracut-functions.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dracut-functions.sh b/dracut-functions.sh -index f430a28e..5046f45e 100755 ---- a/dracut-functions.sh -+++ b/dracut-functions.sh -@@ -94,7 +94,7 @@ find_binary() { - printf "%s\n" "${_path}" - return 0 - fi -- done <<< "$PATH" -+ done <<< "${PATH}:" - - [[ -n ${dracutsysrootdir-} ]] && return 1 - type -P "${1##*/}" --- -2.34.1 - diff --git a/package/dracut/dracut.hash b/package/dracut/dracut.hash index 3288ed6ad4b..1b5b3dce55c 100644 --- a/package/dracut/dracut.hash +++ b/package/dracut/dracut.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 0d357853f8cf2371d89a8ebcbbb1fd2c1c85a79d8866925fd7385eaeb20a27dc dracut-110.tar.gz +sha256 ca949190692e91611ef16ea3642c0f764f63948860f3f742524310728c991493 dracut-111.tar.gz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/dracut/dracut.mk b/package/dracut/dracut.mk index b40f618fe81..3a1c1567e85 100644 --- a/package/dracut/dracut.mk +++ b/package/dracut/dracut.mk @@ -4,7 +4,7 @@ # ################################################################################ -DRACUT_VERSION = 110 +DRACUT_VERSION = 111 DRACUT_SITE = $(call github,dracut-ng,dracut-ng,$(DRACUT_VERSION)) DRACUT_LICENSE = GPL-2.0 DRACUT_LICENSE_FILES = COPYING From 152e6abffa1635250dbf72f87a63843f1ac4c0a4 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sat, 4 Jul 2026 20:44:22 +0200 Subject: [PATCH 17/22] package/stellarium: bump version to 26.2 https://stellarium.org/release/2026/06/24/stellarium-26.2.html Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/stellarium/stellarium.hash | 6 +++--- package/stellarium/stellarium.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/stellarium/stellarium.hash b/package/stellarium/stellarium.hash index b3f2a9ec9f5..d0dd53f900b 100644 --- a/package/stellarium/stellarium.hash +++ b/package/stellarium/stellarium.hash @@ -1,8 +1,8 @@ # From https://github.com/Stellarium/stellarium/releases -sha256 578bada2531e39146ccefcf6a0d202867e403b559f54239e8db9f9c003e04443 stellarium-26.1.tar.xz -# From https://github.com/Stellarium/stellarium/blob/v26.1/CMakeLists.txt#L858 +sha256 9a068d00aac82151f2b24c7f278847a2f9416f31f17c0326fc56ee4cc4cb1aed stellarium-26.2.tar.xz +# From https://github.com/Stellarium/stellarium/blob/v26.2/CMakeLists.txt#L857 sha256 55d0111d48fb11883aaee91465e642b8b640775a4d6993c2d0e7a8092758ef21 release-0.5.2.tar.gz -# From https://github.com/Stellarium/stellarium/blob/v26.1/plugins/LensDistortionEstimator/src/CMakeLists.txt#L6 +# From https://github.com/Stellarium/stellarium/blob/v26.2/plugins/LensDistortionEstimator/src/CMakeLists.txt#L6 sha256 6e899e297485e457ec1bf84844de29921aeef674f9d5caf60277df45dca6ff76 v2.9.0.tar.gz # Locally computed sha256 3aeeb5bb98bf7041ab82cffe15efa28ac58ee2bdf162b71301f5c192be631259 COPYING diff --git a/package/stellarium/stellarium.mk b/package/stellarium/stellarium.mk index f36a3a14df7..a3ab725017e 100644 --- a/package/stellarium/stellarium.mk +++ b/package/stellarium/stellarium.mk @@ -4,7 +4,7 @@ # ################################################################################ -STELLARIUM_VERSION = 26.1 +STELLARIUM_VERSION = 26.2 STELLARIUM_SOURCE = stellarium-$(STELLARIUM_VERSION).tar.xz STELLARIUM_SITE = https://github.com/Stellarium/stellarium/releases/download/v$(STELLARIUM_VERSION) STELLARIUM_LICENSE = GPL-2.0+ From 053615b6a769826ff77dd0ccb1bef08a12943fdc Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sat, 4 Jul 2026 10:52:38 +0200 Subject: [PATCH 18/22] package/samba4: fix build on m68k samba4 uses very big switch statements, which causes the build to fail on m68k, because the offsets there are only 16-bit. We fix that by using -mlong-jump-table-offsets on m68k to use 32-bit offsets for switch statements, but this is only available starting with gcc 7 [0] [1]. Only one package selects samba4, mpd, but it already depends on gcc >= 12. As such, we do not need to propagate that new dependency. Fixes: https://autobuild.buildroot.net/results/b60/b606da691bb462879d4f9769928b5a40b9170837/ [0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c15 [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c16 Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/samba4/Config.in | 5 +++++ package/samba4/samba4.mk | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/package/samba4/Config.in b/package/samba4/Config.in index e1d3dd9bf7f..59f040e96ab 100644 --- a/package/samba4/Config.in +++ b/package/samba4/Config.in @@ -4,6 +4,10 @@ comment "samba4 needs a uClibc or glibc toolchain w/ wchar, dynamic library, NPT || BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS_NPTL depends on BR2_USE_MMU +comment "samba4 needs a toolchain w/ gcc >= 7" + depends on BR2_m68k + depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_7 + config BR2_PACKAGE_SAMBA4 bool "samba4" depends on BR2_USE_MMU # fork() @@ -12,6 +16,7 @@ config BR2_PACKAGE_SAMBA4 depends on !BR2_STATIC_LIBS # cmocka, python, gnutls depends on BR2_TOOLCHAIN_HAS_SYNC_4 depends on !BR2_TOOLCHAIN_USES_MUSL + depends on !BR2_m68k || BR2_TOOLCHAIN_GCC_AT_LEAST_7 # m68k needs gcc >= 7.x select BR2_PACKAGE_CMOCKA select BR2_PACKAGE_E2FSPROGS select BR2_PACKAGE_GNUTLS diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk index 2d6bc80b9ed..006fbff6c54 100644 --- a/package/samba4/samba4.mk +++ b/package/samba4/samba4.mk @@ -32,6 +32,11 @@ SAMBA4_CONF_ENV = \ XSLTPROC=false \ WAF_NO_PREFORK=1 +# m68k needs 32-bit offsets in switch tables to build +ifeq ($(BR2_m68k),y) +SAMBA4_CFLAGS += -mlong-jump-table-offsets +endif + SAMBA4_PYTHON = PYTHON="$(HOST_DIR)/bin/python3" ifeq ($(BR2_PACKAGE_PYTHON3),y) SAMBA4_PYTHON += PYTHON_CONFIG="$(STAGING_DIR)/usr/bin/python3-config" From f42ee2bef29857aabb787761ac6ee10eb2175fcc Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sat, 4 Jul 2026 10:52:39 +0200 Subject: [PATCH 19/22] package/samba4: bump version to 4.24.4 https://www.samba.org/samba/history/samba-4.24.4.html Signed-off-by: Bernd Kuhls Signed-off-by: Julien Olivain --- package/samba4/samba4.hash | 4 ++-- package/samba4/samba4.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash index 83e77f039b3..7c44ed747a5 100644 --- a/package/samba4/samba4.hash +++ b/package/samba4/samba4.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -# https://download.samba.org/pub/samba/stable/samba-4.24.3.tar.asc -sha256 4a5e0ed1ea192b798c873d9957c50a5767c10c2767cccb00d56ecc427e94f8e9 samba-4.24.3.tar.gz +# https://download.samba.org/pub/samba/stable/samba-4.24.4.tar.asc +sha256 df2c51ab4361ec626ab9988e5946efcca8465bc7afae834291d5558468265ff8 samba-4.24.4.tar.gz sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk index 006fbff6c54..d481f9d417f 100644 --- a/package/samba4/samba4.mk +++ b/package/samba4/samba4.mk @@ -4,7 +4,7 @@ # ################################################################################ -SAMBA4_VERSION = 4.24.3 +SAMBA4_VERSION = 4.24.4 SAMBA4_SITE = https://download.samba.org/pub/samba/stable SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz SAMBA4_INSTALL_STAGING = YES From 57795860f563b2e5cff37d1720a2bacf9c582336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= Date: Fri, 5 Jun 2026 11:43:06 +0200 Subject: [PATCH 20/22] package/p11-kit: enable host build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enable to build p11-kit on the host. This is to support enabling pkcs11 in host-gnutls. Signed-off-by: Vincent Stehlé Cc: Thomas Petazzoni Signed-off-by: Fiona Klute --- package/p11-kit/p11-kit.mk | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/package/p11-kit/p11-kit.mk b/package/p11-kit/p11-kit.mk index 68b18941839..4f4b76d543a 100644 --- a/package/p11-kit/p11-kit.mk +++ b/package/p11-kit/p11-kit.mk @@ -44,4 +44,13 @@ P11_KIT_CONF_OPTS += \ --without-libtasn1 endif +HOST_P11_KIT_DEPENDENCIES = host-pkgconf + +HOST_P11_KIT_CONF_OPTS = \ + --without-libffi \ + --without-trust-paths \ + --disable-trust-module \ + --without-libtasn1 + $(eval $(autotools-package)) +$(eval $(host-autotools-package)) From 6597563da7bb359eac57c8fb70e4efc3d6ef4c02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= Date: Fri, 5 Jun 2026 11:43:07 +0200 Subject: [PATCH 21/22] package/gnutls: add host support for pkcs11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Future U-Boot 2026.07 will build mkeficapsule with pkcs11 support. [1] This causes link errors with Buildroot, such as the following one: mkeficapsule.c:(.text.startup+0xcd3): undefined reference to `gnutls_pkcs11_init' (Other symbols the linker complains about are: gnutls_pkcs11_add_provider, gnutls_pkcs11_obj_list_import_url4, gnutls_x509_crt_import_pkcs11 and gnutls_pkcs11_deinit.) The following example commands can be used to reproduce the issue: make qemu_aarch64_ebbr_defconfig echo 'BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2026.07-rc3"' >>.config echo 'BR2_TARGET_UBOOT_NEEDS_GNUTLS=y' >>.config echo '# BR2_DOWNLOAD_FORCE_CHECK_HASHES is not set' >>.config make olddefconfig make uboot This commit adds the pkcs11 support for host-gnutls. In Buildroot, since host-gnutls is currently only needed by uboot (and other uboot derivatives such as uboot-tools) the pkcs11 support is added unconditionally to host-gnutls. Link: https://github.com/u-boot/u-boot/commit/0c716a157be460006a4b762625de329b5e36dbf9 [1] Signed-off-by: Vincent Stehlé Signed-off-by: Fiona Klute --- package/gnutls/gnutls.mk | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk index 6411a7d6211..ae1caaa221d 100644 --- a/package/gnutls/gnutls.mk +++ b/package/gnutls/gnutls.mk @@ -43,7 +43,8 @@ GNUTLS_CONF_ENV = gl_cv_socket_ipv6=yes \ gl_cv_func_gettimeofday_clobber=no GNUTLS_INSTALL_STAGING = YES -HOST_GNUTLS_DEPENDENCIES = host-pkgconf host-libtasn1 host-libunistring host-nettle +HOST_GNUTLS_DEPENDENCIES = host-pkgconf host-libtasn1 host-libunistring \ + host-nettle host-p11-kit HOST_GNUTLS_CONF_OPTS = \ --disable-doc \ --disable-libdane \ @@ -64,7 +65,7 @@ HOST_GNUTLS_CONF_OPTS = \ --disable-openssl-compatibility \ --without-brotli \ --without-idn \ - --without-p11-kit \ + --with-p11-kit \ --without-zlib \ --without-zstd From 29f09f3ac4284890eda4a13f3748cb59d390d410 Mon Sep 17 00:00:00 2001 From: Dario Binacchi Date: Thu, 9 Jul 2026 15:17:19 +0200 Subject: [PATCH 22/22] boot/uboot: bump to version 2026.07 Release announcement: https://lists.denx.de/pipermail/u-boot/2026-July/624082.html Changelog: https://github.com/u-boot/u-boot/compare/v2026.04...v2026.07 U-Boot 2026.07 adds PKCS#11 support to tools/mkeficapsule, which requires host-gnutls with PKCS#11 support. That was enabled in commit 6597563da7bb359eac57c8fb70e4efc3d6ef4c02. Signed-off-by: Dario Binacchi [Fiona: remove hidden option for p11-kit, update commit message accordingly] Tested-by: Fiona Klute Signed-off-by: Fiona Klute --- boot/uboot/Config.in | 6 +++--- boot/uboot/uboot.hash | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/uboot/Config.in b/boot/uboot/Config.in index 2d2c3f9d415..1eabd10407a 100644 --- a/boot/uboot/Config.in +++ b/boot/uboot/Config.in @@ -41,7 +41,7 @@ choice Select the specific U-Boot version you want to use config BR2_TARGET_UBOOT_LATEST_VERSION - bool "2026.04" + bool "2026.07" config BR2_TARGET_UBOOT_CUSTOM_VERSION bool "Custom version" @@ -85,7 +85,7 @@ endif config BR2_TARGET_UBOOT_VERSION string - default "2026.04" if BR2_TARGET_UBOOT_LATEST_VERSION + default "2026.07" if BR2_TARGET_UBOOT_LATEST_VERSION default BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE \ if BR2_TARGET_UBOOT_CUSTOM_VERSION default "custom" if BR2_TARGET_UBOOT_CUSTOM_TARBALL @@ -368,7 +368,7 @@ config BR2_TARGET_UBOOT_USE_BINMAN help Use binman tool for generation and signing of boot images. - https://docs.u-boot.org/en/v2026.04/develop/package/binman.html + https://docs.u-boot.org/en/v2026.07/develop/package/binman.html menu "U-Boot binary format" diff --git a/boot/uboot/uboot.hash b/boot/uboot/uboot.hash index 69164982560..e992835582d 100644 --- a/boot/uboot/uboot.hash +++ b/boot/uboot/uboot.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 ac7c04b8b7004923b00a4e5d6699c5df4d21233bac9fda690d8cfbc209fff2fd u-boot-2026.04.tar.bz2 +sha256 78e8bfc382fe388f9b55aa1daf8c563522a037779b5d4c349d1415e381f1243e u-boot-2026.07.tar.bz2 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 Licenses/gpl-2.0.txt