qbee-agent: bump version to 2025.49

Bump version to 2025.49

Signed-off-by: Jon Henrik Bjørnstad <jonhenrik@qbee.io>

.devcontainer/devcontainer.json

@@ -0,0 +1,5 @@
+{
+  "image": "docker.io/openwrt/sdk",
+  "features": {
+  }
+}

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,92 @@
+name: Package Bug Report
+description: Report an issue with a package in this repository
+title: "<package-name>: <short description>"
+labels: [bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        # 📦 Package Details
+
+  - type: input
+    id: package-name
+    attributes:
+      label: Package Name
+      placeholder: e.g. iptables, curl, netdata
+    validations:
+      required: true
+
+  - type: input
+    id: maintainer
+    attributes:
+      label: Maintainer
+      description: |
+        Check the latest package commits and/or search the repo with the example below.\
+        ```<package-name>/makefile maintainer```
+      placeholder: (@username)
+    validations:
+      required: true
+
+  - type: input
+    id: openwrt-version
+    attributes:
+      label: OpenWrt Version
+      description: |
+        If you are unsure, use the command below.\
+        ```ubus call system board | jsonfilter -e '@.release.version'```
+      placeholder: e.g. 23.05.2 or SNAPSHOT
+    validations:
+      required: true
+
+  - type: input
+    id: target-subtarget
+    attributes:
+      label: OpenWrt Target/Subtarget
+      description: |
+        If you are unsure, use the command below.\
+        ```ubus call system board | jsonfilter -e '@.release.target'```
+      placeholder: e.g. ramips/mt76x8, ath79/generic
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps-to-reproduce
+    attributes:
+      label: Steps to Reproduce
+      description: Please list the steps that lead to the issue.
+      placeholder: |
+        1. Do this
+        2. Then this
+        3. Observe the issue
+
+        Try to avoid uploading screenshots, logs are preferred.
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual-behavior
+    attributes:
+      label: Actual Behaviour
+      description: What actually happened? Be as detailed as possible.
+      placeholder: A clear and concise description of what happened.
+    validations:
+      required: true
+
+  - type: markdown
+    attributes:
+      value: |
+        # ✅ Formalities
+
+        Before submitting this issue, please confirm the following:
+
+  - type: checkboxes
+    id: confirmations
+    attributes:
+      label: Confirmation Checklist
+      options:
+        - label: The package is maintained in this repository.
+          required: true
+        - label: I understand that issues related to [the base OpenWrt repository](https://github.com/openwrt/openwrt/issues) or [LuCI repository](https://github.com/openwrt/luci/issues) will be closed.
+          required: true
+        - label: I am reporting an issue for OpenWrt, not an unsupported fork.
+          required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: Feature request
+    url: https://forum.openwrt.org/c/feature-requests
+    about: The OpenWrt project relies on volunteers. While we appreciate feature requests, we might lack the manpower to handle them. Ideally, you get familiar with the codebase and attempt to contribute the feature yourself. We recommend to post in the forum, as this is the most likely place to receive feedback on feature requests.
+  - name: OpenWrt community
+    url: https://openwrt.org/contact
+    about: Consider reaching out to our community to get help. OpenWrt is a complex software project with many pitfalls; there is a good chance someone can help you solve your issue in no time.
+  - name: OpenWrt documentation
+    url: https://openwrt.org/docs/start
+    about: The OpenWrt documentation contains a lot of valuable information.

.github/issue_template

@@ -1,16 +0,0 @@
-Please make sure that the issue subject starts with `<package-name>: `
-
-Also make sure that the package is maintained in this repository and not in base which should be submitted at https://bugs.openwrt.org or in the LuCI repository which should be submitted at https://github.com/openwrt/luci/issues.
-
-Issues related to releases below 18.06 and forks are not supported or maintained and will be closed.
-
-# Issue template (remove lines from top till here)
-
-Maintainer: @\<github-user> (find it by checking history of the package Makefile)
-Environment: (put here arch, model, OpenWrt version)
-
-Description:
-
-```
-Format code blocks by wrapping them with pairs of ```
-```

.github/labeler.yml

@@ -0,0 +1,7 @@
+# branches
+"OpenWrt 23.05 (end of support)":
+- base-branch:
+  - "openwrt-23.05"
+"OpenWrt 24.10":
+- base-branch:
+  - "openwrt-24.10"

.github/pull_request_template

@@ -1,5 +0,0 @@
-Maintainer: me / @\<github-user> (find it by checking history of the package Makefile)
-Compile tested: (put here arch, model, OpenWrt version)
-Run tested: (put here arch, model, OpenWrt version, tests done)
-
-Description:

.github/pull_request_template.md

@@ -0,0 +1,32 @@
+## 📦 Package Details
+
+**Maintainer:** @<github-user>
+<sub>(You can find this by checking the history of the package `Makefile`.)</sub>
+
+**Description:**
+<!-- Briefly describe what this package does or what changes are introduced -->
+
+---
+
+## 🧪 Run Testing Details
+
+- **OpenWrt Version:**
+- **OpenWrt Target/Subtarget:**
+- **OpenWrt Device:**
+
+---
+
+## ✅ Formalities
+
+- [ ] I have reviewed the [CONTRIBUTING.md](https://github.com/openwrt/packages/blob/master/CONTRIBUTING.md) file for detailed contributing guidelines.
+
+### If your PR contains a patch:
+
+- [ ] It can be applied using `git am`
+- [ ] It has been refreshed to avoid offsets, fuzzes, etc., using
+  ```bash
+  make package/<your-package>/refresh V=s
+  ```
+- [ ] It is structured in a way that it is potentially upstreamable
+<sub>(e.g., subject line, commit description, etc.)</sub>
+<sub>We must try to upstream patches to reduce maintenance burden.</sub>

.github/workflows/Dockerfile

@@ -1,6 +0,0 @@
-ARG ARCH=x86-64
-FROM openwrt/rootfs:$ARCH
-
-ADD entrypoint.sh /entrypoint.sh
-
-CMD ["/entrypoint.sh"]

.github/workflows/check-apk-valid-version.yml

@@ -1,106 +0,0 @@
-name: Check APK compatible version/release
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, converted_to_draft, ready_for_review, edited]
-
-jobs:
-  build:
-    name: Check APK compatible version/release
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-
-    permissions:
-      pull-requests: write
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-
-      - name: Determine branch name
-        run: |
-          BRANCH="${GITHUB_BASE_REF#refs/heads/}"
-          echo "Building for $BRANCH"
-          echo "BRANCH=$BRANCH" >> $GITHUB_ENV
-
-      - name: Setup APK
-        run: |
-          wget -O $GITHUB_WORKSPACE/apk https://buildbot.aparcar.org/apk.static
-          chmod +x $GITHUB_WORKSPACE/apk
-
-      - name: Determine changed packages
-        run: |
-          RET=0
-          INCOMPATIBLE_VERSION=""
-
-          # only detect packages with changes
-          PKG_ROOTS=$(find . -name Makefile | \
-            grep -v ".*/src/Makefile" | \
-            sed -e 's@./\(.*\)/Makefile@\1/@')
-          CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH...)
-
-          for ROOT in $PKG_ROOTS; do
-            for CHANGE in $CHANGES; do
-              if [[ "$CHANGE" == "$ROOT"* ]]; then
-                PKG_RELEASE=$(grep -E '^PKG_RELEASE' "$ROOT/Makefile" | cut -f 2 -d '=')
-                if [ -n "$PKG_RELEASE" ]; then
-                  if [[ "$PKG_RELEASE" == '^[0-9]+$' ]]; then
-                    echo "PKG_RELEASE is not an integer: $PKG_RELEASE"
-                    INCOMPATIBLE_VERSION+=" $ROOT"
-                    break
-                  fi
-                fi
-                PKG_VERSION=$(grep -E '^PKG_VERSION' "$ROOT/Makefile" | cut -f 2 -d '=')
-                if [ -n "$PKG_VERSION" ]; then
-                  $GITHUB_WORKSPACE/apk version --quiet --check "$PKG_VERSION"
-                  if [[ "$?" -gt "0" ]]; then
-                    echo "PKG_VERSION is not compatible: $PKG_VERSION"
-                    INCOMPATIBLE_VERSION+=" $ROOT"
-                  fi
-                fi
-              fi
-            done
-          done
-
-          echo "Incompatible versions: $INCOMPATIBLE_VERSION"
-
-          if [ -n "$INCOMPATIBLE_VERSION" ]; then
-            RET=1
-            cat > "$GITHUB_WORKSPACE/pr_comment.md" << EOF
-          OpenWrt will change to the APK package manager which requires
-          deterministic verisons. Please make sure that **PKG_VERSION**
-          follows [Semantic Versioning](https://semver.org) or more specifically,
-          the [APK version scheme](https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/doc/apk-package.5.scd?ref_type=heads#L47).
-          If the version is based on a date, please use dots instead of dashes, i.e. **24.01.01**.
-
-          The **PKG_RELEASE** should be an integer and not contain any letters or special characters.
-
-          EOF
-
-          fi
-
-          for ROOT in $INCOMPATIBLE_VERSION; do
-            echo "  - ${ROOT}Makefile" >> "$GITHUB_WORKSPACE/pr_comment.md"
-          done
-
-          exit $RET
-
-      - name: Find Comment
-        uses: peter-evans/find-comment@v2
-        if: ${{ failure() }}
-        id: fc
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: "github-actions[bot]"
-
-      - name: Create or update comment
-        uses: peter-evans/create-or-update-comment@v2
-        if: ${{ failure() }}
-        with:
-          comment-id: ${{ steps.fc.outputs.comment-id }}
-          issue-number: ${{ github.event.pull_request.number }}
-          body-file: "pr_comment.md"
-          edit-mode: replace

.github/workflows/check-autorelease-deprecation.yml

@@ -1,91 +0,0 @@
-name: Check autorelease deprecation
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, converted_to_draft, ready_for_review, edited]
-
-jobs:
-  build:
-    name: Check autorelease deprecation
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-
-    permissions:
-      pull-requests: write
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-
-      - name: Determine branch name
-        run: |
-          BRANCH="${GITHUB_BASE_REF#refs/heads/}"
-          echo "Building for $BRANCH"
-          echo "BRANCH=$BRANCH" >> $GITHUB_ENV
-
-      - name: Determine changed packages
-        run: |
-          RET=0
-
-          # only detect packages with changes
-          PKG_ROOTS=$(find . -name Makefile | \
-            grep -v ".*/src/Makefile" | \
-            sed -e 's@./\(.*\)/Makefile@\1/@')
-          CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH...)
-
-          for ROOT in $PKG_ROOTS; do
-            for CHANGE in $CHANGES; do
-              if [[ "$CHANGE" == "$ROOT"* ]]; then
-                if grep -q '$(AUTORELEASE)' "$ROOT/Makefile"; then
-                  CONTAINS_AUTORELEASE+="$ROOT"
-                fi
-                break
-              fi
-            done
-          done
-
-          if [ -n "$CONTAINS_AUTORELEASE" ]; then
-            RET=1
-            cat > "$GITHUB_WORKSPACE/pr_comment.md" << EOF
-          Please do no longer set *PKG_RELEASE* to *AUTORELEASE* as the
-          feature is deprecated. Please use an integer instead. Below is a
-          list of affected packages including correct *PKG_RELEASE*:
-
-          EOF
-          fi
-
-          for ROOT in $CONTAINS_AUTORELEASE; do
-            echo -n "  - ${ROOT}Makefile: PKG_RELEASE:=" >> "$GITHUB_WORKSPACE/pr_comment.md"
-            last_bump="$(git log --pretty=format:'%h %s' "$ROOT" |
-              grep --max-count=1 -e ': [uU]pdate to ' -e ': [bB]ump to ' |
-              cut -f 1 -d ' ')"
-
-            if [ -n "$last_bump" ]; then
-              echo -n $(($(git rev-list --count "$last_bump..HEAD" "$ROOT") + 2)) >> "$GITHUB_WORKSPACE/pr_comment.md"
-            else
-              echo -n $(($(git rev-list --count HEAD "$ROOT") + 2)) >> "$GITHUB_WORKSPACE/pr_comment.md"
-            fi
-            echo >> "$GITHUB_WORKSPACE/pr_comment.md"
-          done
-
-          exit $RET
-
-      - name: Find Comment
-        uses: peter-evans/find-comment@v2
-        if: ${{ failure() }}
-        id: fc
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-
-      - name: Create or update comment
-        uses: peter-evans/create-or-update-comment@v2
-        if: ${{ failure() }}
-        with:
-          comment-id: ${{ steps.fc.outputs.comment-id }}
-          issue-number: ${{ github.event.pull_request.number }}
-          body-file: 'pr_comment.md'
-          edit-mode: replace

.github/workflows/entrypoint.sh

@@ -1,70 +0,0 @@
-#!/bin/sh
-
-# not enabling `errtrace` and `pipefail` since those are bash specific
-set -o errexit # failing commands causes script to fail
-set -o nounset # undefined variables causes script to fail
-
-echo "src/gz packages_ci file:///ci" >> /etc/opkg/distfeeds.conf
-
-FINGERPRINT="$(usign -F -p /ci/packages_ci.pub)"
-cp /ci/packages_ci.pub "/etc/opkg/keys/$FINGERPRINT"
-
-mkdir -p /var/lock/
-
-opkg update
-
-export CI_HELPER="/ci/.github/workflows/ci_helpers.sh"
-
-for PKG in /ci/*.ipk; do
-	tar -xzOf "$PKG" ./control.tar.gz | tar xzf - ./control
-	# package name including variant
-	PKG_NAME=$(sed -ne 's#^Package: \(.*\)$#\1#p' ./control)
-	# package version without release
-	PKG_VERSION=$(sed -ne 's#^Version: \(.*\)$#\1#p' ./control)
-	PKG_VERSION="${PKG_VERSION%-[!-]*}"
-	# package source containing test.sh script
-	PKG_SOURCE=$(sed -ne 's#^Source: \(.*\)$#\1#p' ./control)
-	PKG_SOURCE="${PKG_SOURCE#/feed/}"
-
-	echo
-	echo "Testing package $PKG_NAME in version $PKG_VERSION from $PKG_SOURCE"
-
-	if ! [ -d "/ci/$PKG_SOURCE" ]; then
-		echo "$PKG_SOURCE is not a directory"
-		exit 1
-	fi
-
-	PRE_TEST_SCRIPT="/ci/$PKG_SOURCE/pre-test.sh"
-	TEST_SCRIPT="/ci/$PKG_SOURCE/test.sh"
-
-	if ! [ -f "$TEST_SCRIPT" ]; then
-		echo "No test.sh script available"
-		continue
-	fi
-
-	export PKG_NAME PKG_VERSION
-
-	if [ -f "$PRE_TEST_SCRIPT" ]; then
-		echo "Use package specific pre-test.sh"
-		if sh "$PRE_TEST_SCRIPT" "$PKG_NAME" "$PKG_VERSION"; then
-			echo "Pre-test successful"
-		else
-			echo "Pre-test failed"
-			exit 1
-		fi
-	else
-		echo "No pre-test.sh script available"
-	fi
-
-	opkg install "$PKG"
-
-	echo "Use package specific test.sh"
-	if sh "$TEST_SCRIPT" "$PKG_NAME" "$PKG_VERSION"; then
-		echo "Test successful"
-	else
-		echo "Test failed"
-		exit 1
-	fi
-
-	opkg remove "$PKG_NAME" --force-removal-of-dependent-packages --force-remove --autoremove || true
-done

.github/workflows/formal.yml

@@ -1,63 +0,0 @@
-name: Test Formalities
-
-on:
-  pull_request:
-
-jobs:
-  build:
-    name: Test Formalities
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-
-      - name: Determine branch name
-        run: |
-          BRANCH="${GITHUB_BASE_REF#refs/heads/}"
-          echo "Building for $BRANCH"
-          echo "BRANCH=$BRANCH" >> $GITHUB_ENV
-
-      - name: Test formalities
-        run: |
-          source .github/workflows/ci_helpers.sh
-
-          RET=0
-          for commit in $(git rev-list HEAD ^origin/$BRANCH); do
-            info "=== Checking commit '$commit'"
-            if git show --format='%P' -s $commit | grep -qF ' '; then
-              err "Pull request should not include merge commits"
-              RET=1
-            fi
-
-            author="$(git show -s --format=%aN $commit)"
-            if echo $author | grep -q '\S\+\s\+\S\+'; then
-              success "Author name ($author) seems ok"
-            else
-              err "Author name ($author) need to be your real name 'firstname lastname'"
-              RET=1
-            fi
-
-            subject="$(git show -s --format=%s $commit)"
-            if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert ' -e '^CONTRIBUTING.md' -e '^README.md'; then
-              success "Commit subject line seems ok ($subject)"
-            else
-              err "Commit subject line MUST start with '<package name>: ' ($subject)"
-              RET=1
-            fi
-
-            body="$(git show -s --format=%b $commit)"
-            sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)"
-            if echo "$body" | grep -qF "$sob"; then
-              success "Signed-off-by match author"
-            else
-              err "Signed-off-by is missing or doesn't match author (should be '$sob')"
-              RET=1
-            fi
-          done
-
-          exit $RET

.github/workflows/labeler.yml

@@ -0,0 +1,21 @@
+name: 'Pull Request Labeler'
+on:
+  - pull_request_target
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+
+    name: Pull Request Labeler
+    runs-on: ubuntu-slim
+    steps:
+      - uses: actions/labeler@v6
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+          sync-labels: true

.github/workflows/multi-arch-test-build.yml

@@ -1,206 +1,45 @@
-name: Test Build
+name: Test and Build
 
 on:
   pull_request:
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+permissions:
+  contents: read
+  pull-requests: write
 
 jobs:
-  build:
-    name: Test ${{ matrix.arch }}
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - arch: aarch64_generic
-            target: armsr-armv8
-            runtime_test: true
+  formalities:
+    name: Test Formalities
+    uses: openwrt/actions-shared-workflows/.github/workflows/formal.yml@main
+    with:
+      post_comment: true
 
-          - arch: arm_cortex-a15_neon-vfpv4
-            target: armsr-armv7
-            runtime_test: true
-
-          - arch: arm_cortex-a9_vfpv3-d16
-            target: mvebu-cortexa9
-            runtime_test: false
-
-          - arch: i386_pentium-mmx
-            target: x86-geode
-            runtime_test: true
-
-          - arch: mips_24kc
-            target: ath79-generic
-            runtime_test: true
-
-          - arch: mipsel_24kc
-            target: mt7621
-            runtime_test: false
-
-          - arch: powerpc_464fp
-            target: apm821xx-nand
-            runtime_test: false
-
-          - arch: powerpc_8548
-            target: mpc85xx-p1010
-            runtime_test: false
-
-          - arch: riscv64_riscv64
-            target: sifiveu-generic
-            runtime_test: false
-
-          - arch: x86_64
-            target: x86-64
-            runtime_test: true
+  label_formality_status:
+    name: Add formality check labels
+    runs-on: ubuntu-slim
+    needs: formalities
+    if: always()
+    permissions:
+      pull-requests: write
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Add 'not following guidelines' label
+        if: needs.formalities.result == 'failure'
+        uses: buildsville/add-remove-label@v2.0.1
         with:
-          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: "not following guidelines"
+          type: add
 
-      - name: Determine branch name
-        run: |
-          BRANCH="${GITHUB_BASE_REF#refs/heads/}"
-          echo "Building for $BRANCH"
-          echo "BRANCH=$BRANCH" >> $GITHUB_ENV
-
-      - name: Determine changed packages
-        run: |
-          # only detect packages with changes
-          PKG_ROOTS=$(find . -name Makefile | \
-            grep -v ".*/src/Makefile" | \
-            sed -e 's@./\(.*\)/Makefile@\1/@')
-          CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH...)
-
-          for ROOT in $PKG_ROOTS; do
-            for CHANGE in $CHANGES; do
-              if [[ "$CHANGE" == "$ROOT"* ]]; then
-                PACKAGES+=$(echo "$ROOT" | sed -e 's@.*/\(.*\)/@\1 @')
-                break
-              fi
-            done
-          done
-
-          # fallback to test packages if nothing explicitly changes this is
-          # should run if other mechanics in packages.git changed
-          PACKAGES="${PACKAGES:-vim attendedsysupgrade-common bmon}"
-
-          echo "Building $PACKAGES"
-          echo "PACKAGES=$PACKAGES" >> $GITHUB_ENV
-
-      - name: Generate build keys
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y signify-openbsd
-          signify-openbsd -G -n -c 'DO NOT USE - OpenWrt packages feed CI' -p packages_ci.pub -s packages_ci.sec
-          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
-          echo "KEY_BUILD<<$EOF" >> $GITHUB_ENV
-          cat packages_ci.sec >> $GITHUB_ENV
-          echo "$EOF" >> $GITHUB_ENV
-
-      - name: Build
-        uses: openwrt/gh-action-sdk@v7
-        env:
-          ARCH: ${{ matrix.arch }}-${{ env.BRANCH }}
-          FEEDNAME: packages_ci
-          INDEX: 1
-          KEY_BUILD: ${{ env.KEY_BUILD }}
-          V: s
-
-      - name: Move created packages to project dir
-        if: always()
-        run: cp bin/packages/${{ matrix.arch }}/packages_ci/* . || true
-
-      - name: Collect metadata
-        if: always()
-        run: |
-          MERGE_ID=$(git rev-parse --short HEAD)
-          echo "MERGE_ID=$MERGE_ID" >> $GITHUB_ENV
-          echo "BASE_ID=$(git rev-parse --short HEAD^1)" >> $GITHUB_ENV
-          echo "HEAD_ID=$(git rev-parse --short HEAD^2)" >> $GITHUB_ENV
-          PRNUMBER=${GITHUB_REF_NAME%/merge}
-          echo "PRNUMBER=$PRNUMBER" >> $GITHUB_ENV
-          echo "ARCHIVE_NAME=${{matrix.arch}}-PR$PRNUMBER-$MERGE_ID" >> $GITHUB_ENV
-
-      - name: Generate metadata
-        if: always()
-        run: |
-          cat << _EOF_ > PKG-INFO
-          Metadata-Version: 2.1
-          Name: ${{env.ARCHIVE_NAME}}
-          Version: $BRANCH
-          Author: $GITHUB_ACTOR
-          Home-page: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/pull/$PRNUMBER
-          Download-URL: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
-          Summary: $PACKAGES
-          Platform: ${{ matrix.arch }}
-
-          Packages for OpenWrt $BRANCH running on ${{matrix.arch}}, built from PR $PRNUMBER
-          at commit $HEAD_ID, against $BRANCH at commit $BASE_ID, with merge SHA $MERGE_ID.
-
-          Modified packages:
-          _EOF_
-          for p in $PACKAGES
-          do
-            echo "  "$p >> PKG-INFO
-          done
-          echo >> PKG-INFO
-          echo Full file listing: >> PKG-INFO
-          ls -al *.ipk >> PKG-INFO || true
-          cat PKG-INFO
-
-      - name: Store packages
-        if: always()
-        uses: actions/upload-artifact@v4
+      - name: Remove 'not following guidelines' label
+        if: needs.formalities.result == 'success'
+        uses: buildsville/add-remove-label@v2.0.1
         with:
-          name: ${{env.ARCHIVE_NAME}}-packages
-          path: |
-            Packages
-            Packages.*
-            *.ipk
-            PKG-INFO
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: "not following guidelines"
+          type: remove
 
-      - name: Store logs
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{env.ARCHIVE_NAME}}-logs
-          path: |
-            logs/
-            PKG-INFO
-
-      - name: Remove logs
-        if: always()
-        run: sudo rm -rf logs/ || true
-
-      - name: Check if any packages were built
-        run: |
-          if [ -n "$(find . -maxdepth 1 -type f -name '*.ipk' -print -quit)" ]; then
-            echo "Found *.ipk files"
-            HAVE_IPKS=true
-          else
-            echo "No *.ipk files found"
-            HAVE_IPKS=false
-          fi
-          echo "HAVE_IPKS=$HAVE_IPKS" >> $GITHUB_ENV
-
-      - name: Register QEMU
-        if: ${{ matrix.runtime_test && fromJSON(env.HAVE_IPKS) }}
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y qemu-user-static binfmt-support
-          sudo update-binfmts --import
-
-      - name: Build Docker container
-        if: ${{ matrix.runtime_test && fromJSON(env.HAVE_IPKS) }}
-        run: |
-          docker build --platform linux/${{ matrix.arch }} -t test-container --build-arg ARCH .github/workflows/
-        env:
-          ARCH: ${{ matrix.arch }}-${{ env.BRANCH }}
-
-      - name: Test via Docker container
-        if: ${{ matrix.runtime_test && fromJSON(env.HAVE_IPKS) }}
-        run: |
-          docker run --platform linux/${{ matrix.arch }} --rm -v $GITHUB_WORKSPACE:/ci test-container
+  build:
+    name: Feeds Package Test Build
+    needs: formalities
+    uses: openwrt/actions-shared-workflows/.github/workflows/multi-arch-test-build.yml@main

CONTRIBUTING.md

@@ -11,31 +11,34 @@ guidelines:
   be updated regularly with supported versions.
 - Have no dependencies outside the OpenWrt core packages or this repository
   feed.
-- Have been tested to compile with the correct includes and dependencies.
-  Please also test with "Compile with full language support" found under
-  "General Build Settings" set if language support is relevant to your package.
-- Best of all -- it works as expected!
+- The compilation has been successfully tested with the appropriate includes and dependencies. 
+  Additionally, if language support is relevant to your package, please enable the "Compile with full language support" option found under "Global Build Settings" in "menuconfig" and conduct further tests.
+- Most important -- the packaged software is tested to work as expected!
 
 ## Package Sources (archives and repositories)
 
-- PKG_SOURCE should reference the smallest available archive. In order of
-  preference: xz (most compressed), bzip2, gz and zip. As a last resort,
-  downloads from source repositories can be used.
-- PKG_SOURCE_URL should link to an official release archive. Use of HTTPS:
-  is preferred. If a source archive is not available, a locally generated
+- <strong>PKG_SOURCE</strong> should reference the smallest available archive. In order of
+  preference: 
+  1. xz (most compressed), 
+  1. bzip2, gz and zip. 
+  1. As a last resort downloads from source repositories can be used.
+- <strong>PKG_SOURCE_URL</strong> should link to an official release archive. Use of `https://`
+  is preferred. 
+  
+  If a source archive is not available, a locally generated
   archive fetched using git, svn, cvs or in rare circumstances, hg or bzr.
 - Convenience macros for popular mirrors are defined. Using these macros will
   make your package downloads more robust by mapping to a list of possible
   source mirrors for archive availability.
-  - @SF - SourceForge (downloads.sourceforge.net) with 5 retries due to
+  - `@SF` - SourceForge (downloads.sourceforge.net) with 5 retries due to
     re-directs
-  - @GITHUB - GitHub (raw.githubusercontent.com) with 5 retries due to
+  - `@GITHUB` - GitHub (raw.githubusercontent.com) with 5 retries due to
     re-directs
-  - @GNU - 8 regional servers
-  - @GNOME - 8 regional servers
-  - @SAVANNAH - 8 regional servers
-  - @APACHE - 8 regional servers
-  - @KERNEL - Linux kernel archives & mirrors
+  - `@GNU` - 8 regional servers
+  - `@GNOME` - 8 regional servers
+  - `@SAVANNAH` - 8 regional servers
+  - `@APACHE` - 8 regional servers
+  - `@KERNEL` - Linux kernel archives & mirrors
 - Please _DO NOT_ use an archive which changes over time. A version labeled
   "latest" is not constant each download. Also, using the head of a branch will
   create unpredictable results which can be different each build.
@@ -47,17 +50,17 @@ guidelines:
   contract to OpenWrt. Assigning a Copyright to yourself or organization you
   represent is acceptable.
 - A (PKG\_)MAINTAINER definition listing either yourself and/or another person
-  responsible for this package (E.g.: PKG_MAINTAINER:= Joe D. Hacker
-  `<jdh@jdhs-email-provider.org`>). Listing multiple maintainers is encouraged in
+  responsible for this package (E.g.: `PKG_MAINTAINER:= Joe D. Hacker
+  <jdh@jdhs-email-provider.org>`). Listing multiple maintainers is encouraged in
   order to keep the package active and up-to-date. Leaving this blank will also
   be accepted, however the review process may not be as quick as one with a
   maintainer.
-- A PKG_LICENSE tag declaring the main license of the package.  (E.g.:
+- A <strong>PKG_LICENSE</strong> tag declaring the main license of the package.  (E.g.:
   PKG_LICENSE:=GPL-2.0-or-later) Please use SPDX identifiers if possible (see
   list at the bottom).
-- An optional PKG_LICENSE_FILES tag including the filenames of the
+- An optional <strong>PKG_LICENSE_FILES</strong> tag including the filenames of the
   license-files in the source-package.  (E.g.: PKG_LICENSE_FILES:=COPYING)
-- PKG_RELEASE should be initially set to 1 or reset to 1 if the software
+- <strong>PKG_RELEASE</strong> should be initially set to `1` or reset to `1` if the software
   version is changed. You should increment it if the package itself has
   changed. For example, modifying a support script, changing configure options
   like --disable_ or --enable\_ switches, or if you changed something in the
@@ -65,17 +68,17 @@ guidelines:
   correcting md5sums, changing mirror URLs, adding a maintainer field or updating
   a comment or copyright year in a Makefile do not require a change to
   PKG_RELEASE.
-- Avoid reuse of PKG_NAME in call, define and eval lines to improve
+- Avoid reuse of <strong>PKG_NAME</strong> in call, define and eval lines to improve
   readability.
 
 ### Commits in your pull-requests should
 
-- Have a useful commit subject prefixed with the package name (E.g.: "foopkg:
-  Add libzot dependency").
+- Have a useful commit subject prefixed with the package name (E.g.: `foopkg:
+  add libzot dependency`).
 - Include Signed-off-by tag in the commit comments.  See: [Sign your
   work](https://openwrt.org/submitting-patches#sign_your_work)
-- Author and sign-off must match and be a real name or known identity and
-  a real email address. GitHub private email addresses will not be accepted.
+- Author and sign-off must match and be a real name and real email address.
+  GitHub private email addresses will not be accepted.
 - Follow all [Submission Guidelines](https://openwrt.org/submitting-patches#submission_guidelines)
   requirements, including maximum characters per line.
 
@@ -119,7 +122,7 @@ commenting and amending the proposed changes.
 
 ## If you have commit access
 
-- Do NOT use git push --force.
+- Do NOT use `git push --force`.
 - Do NOT commit to other maintainer's packages without their consent.
 - Use Pull Requests if you are unsure and to suggest changes to other
   maintainers.
@@ -127,19 +130,19 @@ commenting and amending the proposed changes.
 ### Gaining commit access
 
 - We will gladly grant commit access to responsible contributors who have made
-  useful pull requests and / or feedback or patches to this repository or
+  useful pull requests and/or feedback or patches to this repository or
   OpenWrt in general. Please include your request for commit access in your next
   pull request or ticket.
 
 ## Release Branches
 
 - Old stable branches were named after the following pattern "for-XX.YY" (e.g.
-  for-14.07) before the LEDE split.  During the LEDE split there was only one
-  release branch with the name "lede-17.01".  After merging the LEDE fork with
+  for-14.07) before the LEDE split. During the LEDE split there was only one
+  release branch with the name "lede-17.01". After merging the LEDE fork with
   OpenWrt the release branches are named according to the following pattern
-  "openwrt-XX.YY" (e.g. openwrt-18.06).
+  "openwrt-XX.YY" (e.g. `openwrt-18.06`).
 - These branches are built with the respective OpenWrt release and are created
-  during the release stabilisation phase.
+  during the release stabilization phase.
 - Please ONLY cherry-pick or commit security and bug-fixes to these branches.
 - Do NOT add new packages and do NOT do major upgrades of packages here.
 - If you are unsure if your change is suitable, please use a pull request.

admin/atop/Makefile

@@ -4,14 +4,15 @@
 #
 
 include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/nls.mk
 
 PKG_NAME:=atop
+PKG_VERSION:=2.12.0
 PKG_RELEASE:=1
-PKG_VERSION:=2.11.0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.atoptool.nl/download/
-PKG_HASH:=9b94c666602efff7bf402ecce706c347f38c39cb63498f9d39626861e5646e20
+PKG_HASH:=0d09ecc90c14e6ef41c22e3c57c142c3e4fb9cf3c94379077a33c961d5343086
 
 PKG_MAINTAINER:=Toni Uhlig <matzeton@googlemail.com>
 PKG_LICENSE:=GPL-2.0-or-later
@@ -19,6 +20,7 @@ PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:atop_project:atop
 
 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
 
 define Package/atop
   SECTION:=admin

admin/bottom/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bottom
-PKG_VERSION:=0.9.7
+PKG_VERSION:=0.11.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ClementTsang/bottom/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=29c3f75323ae0245576ea23268bb0956757352bf3b16d05f511357655b9cc71e
+PKG_HASH:=0095ea9edb386ad7c49d845176314097713661d22ec42314e3be46426bc769ee
 
 PKG_MAINTAINER:=Luca Barbato <lu_zero@luminem.org>
 PKG_LICENSE:=MIT

admin/btop/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=btop
-PKG_VERSION:=1.4.0
+PKG_VERSION:=1.4.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=ac0d2371bf69d5136de7e9470c6fb286cbee2e16b4c7a6d2cd48a14796e86650
+PKG_HASH:=0ffe03d3e26a3e9bbfd5375adf34934137757994f297d6b699a46edd43c3fc02
 
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=Apache-2.0
@@ -47,6 +47,8 @@ define Package/btop/install
 
 	$(INSTALL_DIR) $(1)/etc/profile.d
 	$(CP) $(CURDIR)/files/btop.sh $(1)/etc/profile.d/
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(CP) $(CURDIR)/files/btop.uci $(1)/etc/uci-defaults/90-btop-migrate-alias
 endef
 
 $(eval $(call BuildPackage,btop))

admin/btop/files/btop.sh

@@ -1 +1 @@
-alias btop="btop --utf-force"
+alias btop="btop --force-utf"

admin/btop/files/btop.uci

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+grep -q "utf-force" "/etc/profile.d/btop.sh" && sed -i "s,utf-force,force-utf,g" "/etc/profile.d/btop.sh"
+
+exit 0

admin/debian-archive-keyring/Makefile

@@ -7,7 +7,7 @@ PKG_HASH:=6e93a87b9e50bd81518880ec07a62f95d7d8452f4aa703f5b0a3076439f1022c
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION)_all.deb
-PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/d/$(PKG_NAME)/
+PKG_SOURCE_URL:=https://ftp.debian.org/debian/pool/main/d/$(PKG_NAME)/
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>

admin/debootstrap/Makefile

@@ -9,10 +9,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=debootstrap
-PKG_VERSION:=1.0.128+nmu2+deb12u1
-PKG_RELEASE:=1
+PKG_REAL_VERSION:=1.0.128+nmu2+deb12u1
+PKG_VERSION:=1.0.128.2~deb121
+PKG_RELEASE:=2
 
-PKG_SOURCE:=$(PKG_NAME)-udeb_$(PKG_VERSION)_all.udeb
+PKG_SOURCE:=$(PKG_NAME)-udeb_$(PKG_REAL_VERSION)_all.udeb
 PKG_SOURCE_URL:=@DEBIAN/pool/main/d/debootstrap
 PKG_HASH:=4fa4ec7c144ed047c47d0d8eb9b91b56eaa9b2db2b52510777abbabf5965d268
 
@@ -20,6 +21,8 @@ PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 PKG_LICENSE:=Unique
 PKG_LICENSE_FILES:=debian/copyright
 
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REAL_VERSION)
+
 UNPACK_CMD=ar -p "$(DL_DIR)/$(PKG_SOURCE)" data.tar.xz | xzcat | tar -C $(1) -xf -
 
 include $(INCLUDE_DIR)/package.mk

admin/earlyoom/Makefile

@@ -0,0 +1,44 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=earlyoom
+PKG_VERSION:=1.9.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/rfjakob/earlyoom/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=b2fe5e1e071a5a000b22fb9602c068fd69d09c057f0ba972dfc5d85daf464b2a
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Alice H. <alice.hall0451+github@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/earlyoom
+  SECTION:=admin
+  CATEGORY:=Administration
+  TITLE:=Early OOM Daemon for Linux
+  URL:=https://github.com/rfjakob/earlyoom
+endef
+
+define Package/earlyoom/description
+  earlyoom checks the amount of available memory and swap at an adaptive
+  rate for up to 10 times per second. When both available memory and swap
+  are below threshold, it'll send SIGTERM or SIGKILL to the process with
+  the highest oom_score. Details about oom_score can be obtained at
+  https://man7.org/linux/man-pages/man5/proc_pid_oom_score.5.html
+endef
+
+MAKE_VARS += \
+	VERSION=v$(PKG_VERSION)
+
+define Package/earlyoom/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/earlyoom $(1)/usr/sbin/earlyoom
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) $(CURDIR)/files/earlyoom.config $(1)/etc/config/earlyoom
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) $(CURDIR)/files/earlyoom.init $(1)/etc/init.d/earlyoom
+endef
+
+$(eval $(call BuildPackage,earlyoom))

admin/earlyoom/files/earlyoom.config

@@ -0,0 +1,26 @@
+config earlyoom 'main'
+	option memory_term_percent '10'
+	option memory_kill_percent '5'
+	option swap_term_percent '10'
+	option swap_kill_percent '5'
+
+	option memory_term_kib '0'
+	option memory_kill_kib '0'
+	option swap_term_kib '0'
+	option swap_kill_kib '0'
+
+	option prefer_regex ''
+	option avoid_regex '^netifd|dropbear|dnsmasq|odhcpd|odhcp6c|hostapd|wpa_supplicant$'
+	option ignore_regex ''
+
+	option pre_script_path ''
+	option post_script_path ''
+
+	option report_interval '3600'
+
+	option debug_log '0'
+	option high_priority '1'
+	option kill_process_group '0'
+	option sort_by_rss '0'
+	option dry_run '0'
+	option syslog '1'

admin/earlyoom/files/earlyoom.init

@@ -0,0 +1,63 @@
+#!/bin/sh /etc/rc.common
+# shellcheck disable=SC3043
+
+START=50
+USE_PROCD=1
+
+start_service() {
+	config_load 'earlyoom'
+
+	for opt in memory_term_percent memory_kill_percent \
+		swap_term_percent swap_kill_percent memory_term_kib \
+		memory_kill_kib swap_term_kib swap_kill_kib prefer_regex \
+		avoid_regex ignore_regex report_interval \
+		pre_script_path post_script_path
+	do
+		local "$opt"
+		config_get "$opt" 'main' "$opt"
+	done
+
+	for opt in debug_log high_priority kill_process_group \
+		sort_by_rss dry_run syslog
+	do
+		local "$opt"
+		config_get_bool "$opt" 'main' "$opt" 0
+	done
+
+	procd_open_instance
+	procd_set_param command '/usr/sbin/earlyoom'
+	procd_set_param stderr 1
+	procd_set_param respawn
+
+	[ "$memory_term_percent" -gt '0' ] || [ "$memory_kill_percent" -gt '0' ] &&
+		procd_append_param command -m "$memory_term_percent","$memory_kill_percent"
+	[ "$swap_term_percent" -gt '0' ] || [ "$swap_kill_percent" -gt '0' ] &&
+		procd_append_param command -s "$swap_term_percent","$swap_kill_percent"
+
+	[ "$memory_term_kib" -gt '0' ] || [ "$memory_kill_kib" -gt '0' ] &&
+		procd_append_param command -M "$memory_term_kib","$memory_kill_kib"
+	[ "$swap_term_kib" -gt '0' ] || [ "$swap_kill_kib" -gt '0' ] &&
+		procd_append_param command -S "$swap_term_kib","$swap_kill_kib"
+	
+	[ -n "$prefer_regex" ] && procd_append_param command --prefer "$prefer_regex"
+	[ -n "$avoid_regex" ] && procd_append_param command --avoid "$avoid_regex"
+	[ -n "$ignore_regex" ] && procd_append_param command --ignore "$ignore_regex"
+
+	[ -x "$pre_script_path" ] && procd_append_param command -P "$pre_script_path"
+	[ -x "$post_script_path" ] && procd_append_param command -N "$post_script_path"
+
+	[ -n "$report_interval" ] && procd_append_param command -r "$report_interval"
+
+	[ "$debug_log" -eq '1' ] && procd_append_param command -d
+	[ "$high_priority" -eq '1' ] && procd_append_param command -p
+	[ "$kill_process_group" -eq '1' ] && procd_append_param command -g
+	[ "$sort_by_rss" -eq '1' ] && procd_append_param command --sort-by-rss
+	[ "$dry_run" -eq '1' ] && procd_append_param command --dryrun
+	[ "$syslog" -eq '1' ] && procd_append_param command --syslog
+
+	procd_close_instance
+}
+
+service_triggers() {
+	procd_add_reload_trigger 'earlyoom'
+}

admin/earlyoom/test.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+"$1" -v 2>&1 | grep "$2"

admin/fluent-bit/Makefile

@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fluent-bit
-PKG_VERSION:=3.1.3
+PKG_VERSION:=4.2.0
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/fluent/fluent-bit.git
 PKG_SOURCE_VERSION=v$(PKG_VERSION)
-PKG_MIRROR_HASH:=85b861693a9ed597e4e55e30330dd2fb96daa997eb71424a55ccc28de92eef78
+PKG_MIRROR_HASH:=cad2d94cf7a720a3910c781f80187e2c399aa8acbfa1046aa7445a4d1495fafd
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE
@@ -20,7 +20,8 @@ define Package/fluent-bit
   CATEGORY:=Administration
   TITLE:=Fast and Lightweight Logs and Metrics processor
   URL:=https://fluentbit.io/
-  DEPENDS:= +libyaml +libopenssl +libcurl +libatomic +musl-fts +flex +bison
+  DEPENDS:= +libyaml +libopenssl +libcurl +libstdcpp +libatomic +musl-fts +flex +bison \
+	    +libsasl2
 endef
 
 define Package/fluent-bit/description

admin/freeipmi/Makefile

@@ -0,0 +1,129 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=freeipmi
+PKG_VERSION:=1.6.15
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://ftp.gnu.org/gnu/$(PKG_NAME)
+PKG_HASH:=d6929c354639f5ce75b5b1897e8b366eb63625c23e5c4590a7aea034fe2b8caf
+PKG_LICENSE:=GPLv3
+PKG_LICENSE_FILES:=COPYING
+
+PKG_BUILD_DEPENDS:=!USE_GLIBC:argp-standalone
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libfreeipmi/Default
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=GNU implementation of the IPMI protocol
+  URL:=https://www.gnu.org/software/freeipmi/
+  MAINTAINER:=Bjørn Mork <bjorn@mork.no>
+endef
+
+define Package/libfreeipmi
+  $(call Package/libfreeipmi/Default)
+  DEPENDS:=+libgcrypt +libpthread
+  TITLE+= (libfreeipmi)
+endef
+
+define Package/libfreeipmi/description
+OpenIPMI, KCS, SMIC, SSIF, LAN drivers, and an IPMI API in a C Library.
+endef
+
+define Package/freeipmi-tools
+  $(call Package/libfreeipmi/Default)
+  DEPENDS:=+libipmiconsole +libipmidetect
+  TITLE+= (tools)
+endef
+
+define Package/freeipmi-tools/description
+Assorted IPMI-related tools:
+ * bmc-config - configure BMC values
+ * bmc-info - display BMC information
+ * ipmi-chassis - IPMI chassis management utility
+ * ipmi-fru - display FRU information
+ * ipmi-locate - IPMI probing utility
+ * ipmi-oem - IPMI OEM utility
+ * ipmi-pet - decode Platform Event Traps
+ * ipmi-raw - IPMI raw communication utility
+ * ipmi-sel - display SEL entries
+ * ipmi-sensors - display IPMI sensor information
+ * ipmi-sensors-config - configure sensors
+ * ipmiconsole - IPMI console utility
+ * ipmiping - send IPMI Get Authentication Capabilitiy request
+ * ipmipower - IPMI power control utility
+ * pef-config - configure PEF values
+ * rmcpping - send RMCP Ping to network hosts
+endef
+
+define Package/libipmiconsole
+  $(call Package/libfreeipmi/Default)
+  DEPENDS:=+libfreeipmi
+  TITLE+= (libipmiconsole)
+endef
+
+define Package/libipmiconsole/description
+A library for Serial-over-Lan (SOL).
+endef
+
+define Package/libipmidetect
+  $(call Package/libfreeipmi/Default)
+  DEPENDS:=+libfreeipmi
+  TITLE+= (libipmidetect)
+endef
+
+define Package/libipmidetect/description
+A library for IPMI node detection.
+endef
+
+CONFIGURE_ARGS += \
+	--disable-doc \
+	--disable-static
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
+endef
+
+define Package/libfreeipmi/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfreeipmi.so.* $(1)/usr/lib/
+endef
+
+define Package/freeipmi-tools/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/bmc-config $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/bmc-info $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-chassis $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-fru $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-locate $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-oem $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-pet $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-raw $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-sel $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-sensors $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-sensors-config $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmiping $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmi-pef-config $(1)/usr/sbin/pef-config
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rmcpping $(1)/usr/sbin/
+endef
+
+define Package/libipmiconsole/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipmiconsole.so.* $(1)/usr/lib/
+endef
+
+define Package/libipmidetect/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libipmidetect.so.* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libfreeipmi))
+$(eval $(call BuildPackage,freeipmi-tools))
+$(eval $(call BuildPackage,libipmiconsole))
+$(eval $(call BuildPackage,libipmidetect))

admin/freeipmi/patches/001-cross-compile-with-dev-urandom-support.patch

@@ -0,0 +1,34 @@
+From 0d0b768272e9a8b092826cc593a1cc6924d65995 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
+Date: Thu, 21 Sep 2023 15:46:57 +0200
+Subject: [PATCH] cross-compile with /dev/urandom support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The option to disable detection will also disable runtime support.
+Pretty useless...
+
+Shortcut this nonsense.  We do have /dev/random and /dev/urandom
+
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+---
+ configure.ac | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -763,11 +763,8 @@ AC_ARG_WITH([random-device],
+            ])
+ AC_MSG_RESULT([${ac_with_random_device=yes}])
+ 
+-if test x"${ac_with_random_device}" = xyes; then
+-   AC_CHECK_FILE([/dev/urandom], AC_DEFINE([HAVE_DEVURANDOM], [1], [Define that you found /dev/urandom]))
+-   AC_CHECK_FILE([/dev/random], AC_DEFINE([HAVE_DEVRANDOM], [1], [Define that you found /dev/random]))
+-fi
+-
++AC_DEFINE([HAVE_DEVURANDOM], [1], [Define that you found /dev/urandom])
++AC_DEFINE([HAVE_DEVRANDOM], [1], [Define that you found /dev/random])
+ 
+ dnl Option to install pkg-config support files
+ 

admin/freeipmi/patches/002-pthreads-stack-size.patch

@@ -0,0 +1,76 @@
+From 61795c19742a28af946647c7c3cea6ba0f6e5e61 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
+Date: Thu, 21 Sep 2023 15:39:31 +0200
+Subject: [PATCH] libipmiconsole: set minimum stacksize to avoid SEGFAULT with
+ musl
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+libipmiconsole SEGFAULTs with musl because the default stacksize
+is too small.
+
+This fix is inspired by
+
+  mail/sendmail/patches/102-pthreads-stack-size.patch
+
+having the following description:
+
+  "This patch increases the stack size for pthreads from 80 KB, the default
+   stack size for musl libc, to 2 MB. The default stack size for glibc is 8 MB.
+
+   OpenDKIM, an application that depends on libmilter, segfaults if the stack
+   size for pthreads is left unchanged at the musl default value of 80 KB.
+   Apparently, OpenDKIM allocates blocks of 64 KB multiple times, which causes
+   libmilter and therefore OpenDKIM to crash:
+   https://git.alpinelinux.org/cgit/aports/commit/?id=95724d1bd53ae87f72e6388cb7323dbd8f84be9d
+
+   This patch follows the patch suggested by an Alpine Linux user in bug report
+   above. Also, a bug report has been filed upstream:
+   https://sourceforge.net/p/opendkim/bugs/258/
+  "
+
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+---
+ libipmiconsole/ipmiconsole_engine.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/libipmiconsole/ipmiconsole_engine.c
++++ b/libipmiconsole/ipmiconsole_engine.c
+@@ -126,6 +126,8 @@ struct _ipmiconsole_poll_data {
+ 
+ #define IPMICONSOLE_PIPE_BUFLEN 1024
+ 
++#define IPMICONSOLE_MIN_STACKSIZE 2*1024*1024
++
+ static int
+ _ipmiconsole_garbage_collector_create (void)
+ {
+@@ -149,6 +151,13 @@ _ipmiconsole_garbage_collector_create (v
+       goto cleanup;
+     }
+ 
++  if ((perr = pthread_attr_setstacksize(&attr, IPMICONSOLE_MIN_STACKSIZE)))
++    {
++      IPMICONSOLE_DEBUG (("pthread_attr_setstacksize: %s", strerror (perr)));
++      errno = perr;
++      goto cleanup;
++    }
++
+   if ((perr = pthread_create (&thread, &attr, ipmiconsole_garbage_collector, NULL)))
+     {
+       IPMICONSOLE_DEBUG (("pthread_create: %s", strerror (perr)));
+@@ -1280,6 +1289,13 @@ ipmiconsole_engine_thread_create (void)
+     }
+   *index = console_engine_thread_count;
+ 
++  if ((perr = pthread_attr_setstacksize(&attr, IPMICONSOLE_MIN_STACKSIZE)))
++    {
++      IPMICONSOLE_DEBUG (("pthread_attr_setstacksize: %s", strerror (perr)));
++      errno = perr;
++      goto cleanup;
++    }
++
+   if ((perr = pthread_create (&thread, &attr, _ipmiconsole_engine, index)))
+     {
+       IPMICONSOLE_DEBUG (("pthread_create: %s", strerror (perr)));

admin/gkrellmd/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gkrellmd
-PKG_VERSION:=2.3.11
+PKG_VERSION:=2.4.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=gkrellm-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://gkrellm.srcbox.net/releases
-PKG_HASH:=1ee0643ed9ed99f88c1504c89d9ccb20780cf29319c904b68e80a8e7c8678c06
+PKG_HASH:=6f83665760b936ad4b55f9182b1ec7601faf38a0f25ea1e4bddc9965088f032d
 PKG_BUILD_DIR:=$(BUILD_DIR)/gkrellm-$(PKG_VERSION)
 
 PKG_MAINTAINER:=Peter Denison <openwrt@marshadder.org>

admin/htop/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=htop
-PKG_VERSION:=3.3.0
-PKG_RELEASE:=2
+PKG_VERSION:=3.4.1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/htop-dev/htop/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=1e5cc328eee2bd1acff89f860e3179ea24b85df3ac483433f92a29977b14b045
+PKG_HASH:=af9ec878f831b7c27d33e775c668ec79d569aa781861c995a0fbadc1bdb666cf
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING
@@ -63,7 +63,8 @@ CONFIGURE_ARGS += \
 	--disable-delayacct \
 	--disable-unicode \
 	--disable-unwind \
-	--disable-hwloc
+	--disable-hwloc \
+	--with-curses=ncursesw
 
 CONFIGURE_VARS += \
 	ac_cv_file__proc_stat=yes \

admin/iotop/Makefile

@@ -0,0 +1,45 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=iotop
+PKG_VERSION:=1.30
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/Tomas-M/iotop/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=862e3d3d0263e4171aa9c5aaed2dd7d76ca746afa58ecbb6eca002717e9fa240
+
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID=cpe:/a:iotop:iotop
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/iotop
+  SECTION:=admin
+  CATEGORY:=Administration
+  TITLE:=A top utility for IO
+  DEPENDS:=+libncurses @KERNEL_TASKSTATS
+  URL:=https://github.com/Tomas-M/iotop
+  PKG_MAINTAINER:=John Audia <therealgraysky@proton.me>
+endef
+
+define Package/iotop/description
+  Iotop identifies processes that use high amount of input/output
+  requests on your machine. It is similar to the well known top utility
+  but instead of showing you what consumes CPU the most, it lists
+  processes by their IO usage.
+endef
+
+define Build/Compile
+	$(MAKE) -C "$(PKG_BUILD_DIR)" \
+		CC="$(TARGET_CC)" \
+		CFLAGS="$(TARGET_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)"
+endef
+
+define Package/iotop/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/iotop $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,iotop))

admin/ipmitool/Makefile

@@ -8,16 +8,23 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ipmitool
-PKG_VERSION:=1.8.18
-PKG_RELEASE:=5
+PKG_VERSION:=1.8.19
+PKG_RELEASE:=3
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://codeberg.org/IPMITool/ipmitool
+PKG_SOURCE_VERSION:=IPMITOOL_$(subst .,_,$(PKG_VERSION))
+PKG_MIRROR_HASH:=a3f0d3510fc47cbfd752f58084a72a09d0d5b23113bd87bf78ee32e74adcb4bc
+
+PKG_MAINTAINER:=Alexander Couzens <lynxis@fe80.eu>
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:ipmitool_project:ipmitool
 
+PKG_FIXUP=autoreconf
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/ipmitool
@@ -26,7 +33,6 @@ define Package/ipmitool
   DEPENDS:=+libopenssl +libncurses +libreadline
   TITLE:=Command-line interface to IPMI-enabled devices
   URL:=https://github.com/ipmitool/ipmitool
-  MAINTAINER:=Alexander Couzens <lynxis@fe80.eu>
 endef
 
 define Package/ipmitool/Default/description
@@ -34,18 +40,20 @@ define Package/ipmitool/Default/description
 endef
 
 define Package/ipmitool/install
+	$(INSTALL_DIR) $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ipmitool $(1)/usr/bin/
 	$(INSTALL_DIR) $(1)/usr/sbin/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ipmievd $(1)/usr/sbin/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ipmitool $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipmievd $(1)/usr/sbin/
 endef
 
 CONFIGURE_ARGS += \
 	--enable-intf-lan \
 	--enable-intf-lanplus \
 	--enable-intf-serial \
-	--enable-intf-free \
+	--disable-intf-free \
 	--enable-intf-open \
 	--enable-intf-imb \
-	--enable-ipmishell
+	--enable-ipmishell \
+	--disable-registry-download
 
 $(eval $(call BuildPackage,ipmitool))

admin/ipmitool/patches/0001-Do-not-require-the-IANA-PEN-registry-file.patch

@@ -0,0 +1,103 @@
+From 26b088193a55624df4cbe2a0d33c7bba5bca108d Mon Sep 17 00:00:00 2001
+From: Vincent Fazio <vfazio@gmail.com>
+Date: Sat, 7 Jan 2023 21:02:48 -0600
+Subject: [PATCH] Do not require the IANA PEN registry file
+
+Previously, ipmitool would fail to run if the local copy of the IANA PEN
+registry could not be parsed.
+
+When the registry is not available the manufacturer will be "Unknown" but
+ipmitool will otherwise function so should not be considered fatal.
+
+Also, fix an issue with improperly handling the `oem_info_list_load`
+return value. Previously, in `ipmi_oem_info_init`, if `oem_info_list_load`
+returned a negative value due to the registry file not existing, an
+improper count would cause `oem_info_init_from_list` to aallocate a list
+that didn't encompass the full header/tail list.
+
+  IANA PEN registry open failed: No such file or directory
+    Allocating      3 entries
+    [     1] 16777214 | A Debug Assisting Company, Ltd.
+    [     0]  1048575 | Unspecified
+
+Now, use a signed int and ensure a valid count of loaded OEMs is used.
+
+Signed-off-by: Vincent Fazio <vfazio@gmail.com>
+---
+ include/ipmitool/ipmi_strings.h |  2 +-
+ lib/ipmi_main.c                 |  5 +----
+ lib/ipmi_strings.c              | 19 +++++--------------
+ 3 files changed, 7 insertions(+), 19 deletions(-)
+
+--- a/include/ipmitool/ipmi_strings.h
++++ b/include/ipmitool/ipmi_strings.h
+@@ -55,7 +55,7 @@ extern const struct valstr ipmi_integrit
+ extern const struct valstr ipmi_encryption_algorithms[];
+ extern const struct valstr ipmi_user_enable_status_vals[];
+ extern const struct valstr *ipmi_oem_info;
+-int ipmi_oem_info_init();
++void ipmi_oem_info_init();
+ void ipmi_oem_info_free();
+ 
+ extern const struct valstr picmg_frucontrol_vals[];
+--- a/lib/ipmi_main.c
++++ b/lib/ipmi_main.c
+@@ -853,10 +853,7 @@ ipmi_main(int argc, char ** argv,
+ 	}
+ 
+ 	/* load the IANA PEN registry */
+-	if (ipmi_oem_info_init()) {
+-		lprintf(LOG_ERR, "Failed to initialize the OEM info dictionary");
+-		goto out_free;
+-	}
++	ipmi_oem_info_init();
+ 
+ 	/* run OEM setup if found */
+ 	if (oemtype &&
+--- a/lib/ipmi_strings.c
++++ b/lib/ipmi_strings.c
+@@ -1719,39 +1719,30 @@ out:
+ 	return rc;
+ }
+ 
+-int ipmi_oem_info_init()
++void ipmi_oem_info_init()
+ {
+ 	oem_valstr_list_t terminator = { { -1, NULL}, NULL }; /* Terminator */
+ 	oem_valstr_list_t *oemlist = &terminator;
+ 	bool free_strings = true;
+-	size_t count;
+-	int rc = -4;
++	int count;
+ 
+ 	lprintf(LOG_INFO, "Loading IANA PEN Registry...");
+ 
+ 	if (ipmi_oem_info) {
+ 		lprintf(LOG_INFO, "IANA PEN Registry is already loaded");
+-		rc = 0;
+ 		goto out;
+ 	}
+ 
+-	if (!(count = oem_info_list_load(&oemlist))) {
+-		/*
+-		 * We can't identify OEMs without a loaded registry.
+-		 * Set the pointer to dummy and return.
+-		 */
+-		ipmi_oem_info = ipmi_oem_info_dummy;
+-		goto out;
++	if ((count = oem_info_list_load(&oemlist)) < 1) {
++		lprintf(LOG_WARN, "Failed to load entries from IANA PEN Registry");
++		count = 0;
+ 	}
+ 
+ 	/* In the array was allocated, don't free the strings at cleanup */
+ 	free_strings = !oem_info_init_from_list(oemlist, count);
+ 
+-	rc = IPMI_CC_OK;
+-
+ out:
+ 	oem_info_list_free(&oemlist, free_strings);
+-	return rc;
+ }
+ 
+ void ipmi_oem_info_free()

admin/ipmitool/patches/0001-ID-461-OpenSSL-1.1-compatibility-error-storage-size-.patch

@@ -1,99 +0,0 @@
-From b57487e360916ab3eaa50aa6d021c73b6337a4a0 Mon Sep 17 00:00:00 2001
-From: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
-Date: Wed, 30 Nov 2016 17:33:00 +0100
-Subject: [PATCH 1/4] ID:461 - OpenSSL 1.1 compatibility - "error: storage size
- of 'ctx' isn't known"
-
-In OpenSSL 1.1 EVP_CIPHER_CTX became opaque, cf. `man 3ssl EVP_EncryptInit`
-
-Fixes: ID:461
----
- src/plugins/lanplus/lanplus_crypt_impl.c | 28 ++++++++++++++--------------
- 1 file changed, 14 insertions(+), 14 deletions(-)
-
---- a/src/plugins/lanplus/lanplus_crypt_impl.c
-+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
-@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX ctx;
--	EVP_CIPHER_CTX_init(&ctx);
--	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+	EVP_CIPHER_CTX* ctx;
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 	
- 
- 	*bytes_written = 0;
-@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- 
- 
--	if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+	if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- 	{
- 		/* Error */
- 		*bytes_written = 0;
-@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	{
- 		uint32_t tmplen;
- 
--		if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
- 			*bytes_written = 0;
- 			return; /* Error */
-@@ -210,7 +210,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(&ctx);
-+			EVP_CIPHER_CTX_cleanup(ctx);
- 		}
- 	}
- }
-@@ -239,10 +239,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX ctx;
--	EVP_CIPHER_CTX_init(&ctx);
--	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(&ctx, 0);
-+	EVP_CIPHER_CTX* ctx;
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
- 
- 	if (verbose >= 5)
-@@ -266,7 +266,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- 
- 
--	if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
-+	if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
- 	{
- 		/* Error */
- 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
-@@ -277,7 +277,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 	{
- 		uint32_t tmplen;
- 
--		if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
-+		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
- 			char buffer[1000];
- 			ERR_error_string(ERR_get_error(), buffer);
-@@ -290,7 +290,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(&ctx);
-+			EVP_CIPHER_CTX_cleanup(ctx);
- 		}
- 	}
- 

admin/ipmitool/patches/0002-ID-461-Make-compiler-happier-about-changes-related-t.patch

@@ -1,31 +0,0 @@
-From 77fe5635037ebaf411cae46cf5045ca819b5c145 Mon Sep 17 00:00:00 2001
-From: Zdenek Styblik <stybla@turnovfree.net>
-Date: Sun, 15 Jan 2017 15:11:25 +0100
-Subject: [PATCH 2/4] ID:461 - Make compiler happier about changes related to
- OpenSSL 1.1
-
-Complaint was that ctx isn't initialized.
----
- src/plugins/lanplus/lanplus_crypt_impl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/src/plugins/lanplus/lanplus_crypt_impl.c
-+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
-@@ -164,7 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX* ctx;
-+	EVP_CIPHER_CTX *ctx = NULL;
- 	EVP_CIPHER_CTX_init(ctx);
- 	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- 	EVP_CIPHER_CTX_set_padding(ctx, 0);
-@@ -239,7 +239,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 							uint8_t       * output,
- 							uint32_t        * bytes_written)
- {
--	EVP_CIPHER_CTX* ctx;
-+	EVP_CIPHER_CTX *ctx = NULL;
- 	EVP_CIPHER_CTX_init(ctx);
- 	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- 	EVP_CIPHER_CTX_set_padding(ctx, 0);

admin/ipmitool/patches/0002-configure.ac-allow-disabling-registry-downloads.patch

@@ -0,0 +1,67 @@
+From be11d948f89b10be094e28d8a0a5e8fb532c7b60 Mon Sep 17 00:00:00 2001
+From: Vincent Fazio <vfazio@gmail.com>
+Date: Wed, 11 Jan 2023 22:55:51 -0600
+Subject: [PATCH] configure.ac: allow disabling registry downloads
+
+Some environments require reproducible builds. Since the IANA PEN
+registry is constantly updating and there is no snapshot available,
+installing ipmitool via `make install` is not reproducible.
+
+Provide a configure mechanism to disable the registry download/install..
+---
+ configure.ac | 30 ++++++++++++++++++++----------
+ 1 file changed, 20 insertions(+), 10 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -18,8 +18,6 @@ AC_PROG_LN_S
+ AC_PROG_MAKE_SET
+ AC_CHECK_PROG([RPMBUILD], [rpmbuild], [rpmbuild], [rpm])
+ AC_CHECK_PROG([SED], [sed], [sed])
+-AC_CHECK_PROG([WGET], [wget], [wget])
+-AC_CHECK_PROG([CURL], [curl], [curl])
+ 
+ AC_HEADER_STDC
+ AC_CHECK_HEADERS([stdlib.h string.h sys/ioctl.h sys/stat.h unistd.h paths.h])
+@@ -56,21 +54,33 @@ if test "x$exec_prefix" = "xNONE"; then
+ 	exec_prefix="$prefix"
+ fi
+ 
+-if test "x$WGET" = "x"; then
+-	if test "x$CURL" = "x"; then
++dnl allow enabling/disabling the fetching of the IANA PEN registry
++AC_ARG_ENABLE([registry-download],
++	[AC_HELP_STRING([--enable-registry-download],
++			[download/install the IANA PEN registry [default=yes]])],
++	[xenable_registry_download=$enableval],
++	[xenable_registry_download=yes])
++
++AM_CONDITIONAL([DOWNLOAD], [false])
++
++if test "x$xenable_registry_download" = "xyes"; then
++	AC_CHECK_PROG([WGET], [wget], [wget])
++	AC_CHECK_PROG([CURL], [curl], [curl])
++
++	if test "x$WGET" = "x" && test "x$CURL" = "x"; then
+ 		AC_MSG_WARN([** Neither wget nor curl could be found.])
+ 		AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !])
+ 	else
+-		DOWNLOAD="$CURL --location --progress-bar"
+ 		AM_CONDITIONAL([DOWNLOAD], [true])
++		if test "x$WGET" != "x"; then
++			DOWNLOAD="$WGET -c -nd -O -"
++		else
++			DOWNLOAD="$CURL --location --progress-bar"
++		fi
+ 	fi
+-else
+-	DOWNLOAD="$WGET -c -nd -O -"
+-	AM_CONDITIONAL([DOWNLOAD], [true])
+ fi
+ 
+-AC_MSG_WARN([** Download is:])
+-AC_MSG_WARN($DOWNLOAD)
++AC_MSG_WARN([** Download is: $DOWNLOAD])
+ AC_SUBST(DOWNLOAD, $DOWNLOAD)
+ 
+ dnl

admin/ipmitool/patches/0003-ID-480-ipmitool-coredumps-in-EVP_CIPHER_CTX_init.patch

@@ -1,48 +0,0 @@
-From f004b4b7197fc83e7d47ec8cbcaefffa9a922717 Mon Sep 17 00:00:00 2001
-From: Zdenek Styblik <stybla@turnovfree.net>
-Date: Sun, 12 Mar 2017 14:00:35 +0100
-Subject: [PATCH 3/4] ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
-
-IPMI tool coredumps due to changes introduced in ID:461. This shouldn't be
-surprise as a NULL pointer is passed to init. Commit addresses this issue by
-calling EVP_CIPHER_CTX_new() instead of EVP_CIPHER_CTX_init(), which is
-deprecated, and by checking return value of call to former function.
----
- src/plugins/lanplus/lanplus_crypt_impl.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
---- a/src/plugins/lanplus/lanplus_crypt_impl.c
-+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
-@@ -165,10 +165,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 							uint32_t        * bytes_written)
- {
- 	EVP_CIPHER_CTX *ctx = NULL;
--	EVP_CIPHER_CTX_init(ctx);
-+	ctx = EVP_CIPHER_CTX_new();
-+	if (ctx == NULL) {
-+		*bytes_written = 0;
-+		return;
-+	}
- 	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- 	EVP_CIPHER_CTX_set_padding(ctx, 0);
--	
- 
- 	*bytes_written = 0;
- 
-@@ -240,11 +243,14 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 							uint32_t        * bytes_written)
- {
- 	EVP_CIPHER_CTX *ctx = NULL;
--	EVP_CIPHER_CTX_init(ctx);
-+	ctx = EVP_CIPHER_CTX_new();
-+	if (ctx == NULL) {
-+		*bytes_written = 0;
-+		return;
-+	}
- 	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- 	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
--
- 	if (verbose >= 5)
- 	{
- 		printbuf(iv,  16, "decrypting with this IV");

admin/ipmitool/patches/0004-ID-480-Call-EVP_CIPHER_CTX_free-instead-of-EVP_CIPHE.patch

@@ -1,139 +0,0 @@
-From 1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1 Mon Sep 17 00:00:00 2001
-From: Holger Liebig <holger.liebig@ts.fujitsu.com>
-Date: Tue, 4 Apr 2017 20:43:05 +0200
-Subject: [PATCH 4/4] ID:480 - Call EVP_CIPHER_CTX_free() instead of
- EVP_CIPHER_CTX_cleanup()
-
-Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup() to fix memory
-leak.
----
- src/plugins/lanplus/lanplus_crypt_impl.c | 44 +++++++++++++++++---------------
- 1 file changed, 23 insertions(+), 21 deletions(-)
-
---- a/src/plugins/lanplus/lanplus_crypt_impl.c
-+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
-@@ -165,13 +165,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 							uint32_t        * bytes_written)
- {
- 	EVP_CIPHER_CTX *ctx = NULL;
--	ctx = EVP_CIPHER_CTX_new();
--	if (ctx == NULL) {
--		*bytes_written = 0;
--		return;
--	}
--	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
- 	*bytes_written = 0;
- 
-@@ -185,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 		printbuf(input, input_length, "encrypting this data");
- 	}
- 
-+	ctx = EVP_CIPHER_CTX_new();
-+	if (ctx == NULL) {
-+		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
-+		return;
-+	}
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
- 	/*
- 	 * The default implementation adds a whole block of padding if the input
-@@ -198,7 +199,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 	{
- 		/* Error */
- 		*bytes_written = 0;
--		return;
- 	}
- 	else
- 	{
-@@ -206,16 +206,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 
- 		if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
-+			/* Error */
- 			*bytes_written = 0;
--			return; /* Error */
- 		}
- 		else
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(ctx);
- 		}
- 	}
-+	/* performs cleanup and free */
-+	EVP_CIPHER_CTX_free(ctx);
- }
- 
- 
-@@ -243,13 +244,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 							uint32_t        * bytes_written)
- {
- 	EVP_CIPHER_CTX *ctx = NULL;
--	ctx = EVP_CIPHER_CTX_new();
--	if (ctx == NULL) {
--		*bytes_written = 0;
--		return;
--	}
--	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
--	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
- 	if (verbose >= 5)
- 	{
-@@ -258,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 		printbuf(input, input_length, "decrypting this data");
- 	}
- 
--
- 	*bytes_written = 0;
- 
- 	if (input_length == 0)
- 		return;
- 
-+	ctx = EVP_CIPHER_CTX_new();
-+	if (ctx == NULL) {
-+		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
-+		return;
-+	}
-+	EVP_CIPHER_CTX_init(ctx);
-+	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
-+	EVP_CIPHER_CTX_set_padding(ctx, 0);
-+
- 	/*
- 	 * The default implementation adds a whole block of padding if the input
- 	 * data is perfectly aligned.  We would like to keep that from happening.
-@@ -277,7 +279,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 		/* Error */
- 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
- 		*bytes_written = 0;
--		return;
- 	}
- 	else
- 	{
-@@ -285,20 +286,21 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 
- 		if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
- 		{
-+			/* Error */
- 			char buffer[1000];
- 			ERR_error_string(ERR_get_error(), buffer);
- 			lprintf(LOG_DEBUG, "the ERR error %s", buffer);
- 			lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
- 			*bytes_written = 0;
--			return; /* Error */
- 		}
- 		else
- 		{
- 			/* Success */
- 			*bytes_written += tmplen;
--			EVP_CIPHER_CTX_cleanup(ctx);
- 		}
- 	}
-+	/* performs cleanup and free */
-+	EVP_CIPHER_CTX_free(ctx);
- 
- 	if (verbose >= 5)
- 	{

admin/ipmitool/patches/0005-ipmitool-Fix-compile-with-deprecated-APIs-disabled.patch

@@ -1,42 +0,0 @@
-From cf39da53236abf02d39c6a98a645488933f3e861 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Tue, 21 Aug 2018 19:29:07 -0700
-Subject: [PATCH] ipmitool: Fix compile with deprecated APIs disabled.
-
-From the man page:
-
-EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result,
-EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared.
-EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset().
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/plugins/lanplus/lanplus_crypt_impl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/src/plugins/lanplus/lanplus_crypt_impl.c
-+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
-@@ -183,7 +183,11 @@ lanplus_encrypt_aes_cbc_128(const uint8_
- 		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
- 		return;
- 	}
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	EVP_CIPHER_CTX_init(ctx);
-+#else
-+	EVP_CIPHER_CTX_reset(ctx);
-+#endif
- 	EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- 	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 
-@@ -262,7 +266,11 @@ lanplus_decrypt_aes_cbc_128(const uint8_
- 		lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
- 		return;
- 	}
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	EVP_CIPHER_CTX_init(ctx);
-+#else
-+	EVP_CIPHER_CTX_reset(ctx);
-+#endif
- 	EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
- 	EVP_CIPHER_CTX_set_padding(ctx, 0);
- 

admin/ipmitool/patches/0006-CVE-2020-5208-fru-Fix-buffer-overflow-vulnerabilities.patch

@@ -1,123 +0,0 @@
-From 960dbb956d9f9cb05b719087faed53c88dc80956 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:33:59 +0000
-Subject: [PATCH 06/11] fru: Fix buffer overflow vulnerabilities
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `read_fru_area_section` function only performs size validation of
-requested read size, and falsely assumes that the IPMI message will not
-respond with more than the requested amount of data; it uses the
-unvalidated response size to copy into `frubuf`. If the response is
-larger than the request, this can result in overflowing the buffer.
-
-The same issue affects the `read_fru_area` function.
----
- lib/ipmi_fru.c | 33 +++++++++++++++++++++++++++++++--
- 1 file changed, 31 insertions(+), 2 deletions(-)
-
---- a/lib/ipmi_fru.c
-+++ b/lib/ipmi_fru.c
-@@ -615,7 +615,10 @@ int
- read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
- 			uint32_t offset, uint32_t length, uint8_t *frubuf)
- {
--	uint32_t off = offset, tmp, finish;
-+	uint32_t off = offset;
-+	uint32_t tmp;
-+	uint32_t finish;
-+	uint32_t size_left_in_buffer;
- 	struct ipmi_rs * rsp;
- 	struct ipmi_rq req;
- 	uint8_t msg_data[4];
-@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, s
- 
- 	finish = offset + length;
- 	if (finish > fru->size) {
-+		memset(frubuf + fru->size, 0, length - fru->size);
- 		finish = fru->size;
- 		lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
- 			"Adjusting to %d",
- 			offset + length, finish - offset);
-+		length = finish - offset;
- 	}
- 
- 	memset(&req, 0, sizeof(req));
-@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, s
- 		}
- 	}
- 
-+	size_left_in_buffer = length;
- 	do {
- 		tmp = fru->access ? off >> 1 : off;
- 		msg_data[0] = id;
-@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, s
- 		}
- 
- 		tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
-+		if(rsp->data_len < 1
-+		   || tmp > rsp->data_len - 1
-+		   || tmp > size_left_in_buffer)
-+		{
-+			printf(" Not enough buffer size");
-+			return -1;
-+		}
-+
- 		memcpy(frubuf, rsp->data + 1, tmp);
- 		off += tmp;
- 		frubuf += tmp;
-+		size_left_in_buffer -= tmp;
- 		/* sometimes the size returned in the Info command
- 		* is too large.  return 0 so higher level function
- 		* still attempts to parse what was returned */
-@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf *
- 			uint32_t offset, uint32_t length, uint8_t *frubuf)
- {
- 	static uint32_t fru_data_rqst_size = 20;
--	uint32_t off = offset, tmp, finish;
-+	uint32_t off = offset;
-+	uint32_t tmp, finish;
-+	uint32_t size_left_in_buffer;
- 	struct ipmi_rs * rsp;
- 	struct ipmi_rq req;
- 	uint8_t msg_data[4];
-@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf *
- 
- 	finish = offset + length;
- 	if (finish > fru->size) {
-+		memset(frubuf + fru->size, 0, length - fru->size);
- 		finish = fru->size;
- 		lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
- 			"Adjusting to %d",
- 			offset + length, finish - offset);
-+		length = finish - offset;
- 	}
- 
- 	memset(&req, 0, sizeof(req));
-@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf *
- 	if (fru->access && fru_data_rqst_size > 16)
- #endif
- 		fru_data_rqst_size = 16;
-+
-+	size_left_in_buffer = length;
- 	do {
- 		tmp = fru->access ? off >> 1 : off;
- 		msg_data[0] = id;
-@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf *
- 		}
- 
- 		tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
-+		if(rsp->data_len < 1
-+		   || tmp > rsp->data_len - 1
-+		   || tmp > size_left_in_buffer)
-+		{
-+			printf(" Not enough buffer size");
-+			return -1;
-+		}
- 		memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
- 		off += tmp;
-+		size_left_in_buffer -= tmp;
- 
- 		/* sometimes the size returned in the Info command
- 		* is too large.  return 0 so higher level function

admin/ipmitool/patches/0007-CVE-2020-5208-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch

@@ -1,43 +0,0 @@
-From 910e5782b7d9f222d4e34d3505d0d636ff757103 Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:44:18 +0000
-Subject: [PATCH 07/11] fru: Fix buffer overflow in ipmi_spd_print_fru
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `ipmi_spd_print_fru` function has a similar issue as the one fixed
-by the previous commit in `read_fru_area_section`. An initial request is
-made to get the `fru.size`, which is used as the size for the allocation
-of `spd_data`. Inside a loop, further requests are performed to get the
-copy sizes which are not checked before being used as the size for a
-copy into the buffer.
----
- lib/dimm_spd.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
---- a/lib/dimm_spd.c
-+++ b/lib/dimm_spd.c
-@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * in
- 	struct ipmi_rq req;
- 	struct fru_info fru;
- 	uint8_t *spd_data, msg_data[4];
--	int len, offset;
-+	uint32_t len, offset;
- 
- 	msg_data[0] = id;
- 
-@@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * in
- 		}
- 
- 		len = rsp->data[0];
-+		if(rsp->data_len < 1
-+		   || len > rsp->data_len - 1
-+		   || len > fru.size - offset)
-+		{
-+			printf(" Not enough buffer size");
-+			return -1;
-+		}
- 		memcpy(&spd_data[offset], rsp->data + 1, len);
- 		offset += len;
- 	} while (offset < fru.size);

admin/ipmitool/patches/0008-CVE-2020-5208-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch

@@ -1,43 +0,0 @@
-From 4f7778ed232a92bde388f38917b94f458a82c78e Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:51:49 +0000
-Subject: [PATCH 08/11] session: Fix buffer overflow in ipmi_get_session_info
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `ipmi_get_session_info` function does not properly check the
-response `data_len`, which is used as a copy size, allowing stack buffer
-overflow.
----
- lib/ipmi_session.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
---- a/lib/ipmi_session.c
-+++ b/lib/ipmi_session.c
-@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf
- 		}
- 		else
- 		{
--			memcpy(&session_info,  rsp->data, rsp->data_len);
--			print_session_info(&session_info, rsp->data_len);
-+			memcpy(&session_info,  rsp->data,
-+			       __min(rsp->data_len, sizeof(session_info)));
-+			print_session_info(&session_info,
-+			                   __min(rsp->data_len, sizeof(session_info)));
- 		}
- 		break;
- 		
-@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf
- 				break;
- 			}
- 
--			memcpy(&session_info,  rsp->data, rsp->data_len);
--			print_session_info(&session_info, rsp->data_len);
-+			memcpy(&session_info,  rsp->data,
-+			       __min(rsp->data_len, sizeof(session_info)));
-+			print_session_info(&session_info,
-+			                   __min(rsp->data_len, sizeof(session_info)));
- 			
- 		} while (i <= session_info.session_slot_count);
- 		break;

admin/ipmitool/patches/0009-CVE-2020-5208-channel-Fix-buffer-overflow.patch

@@ -1,32 +0,0 @@
-From 743dd4faa302f22950e4438cf684e1e398eb47eb Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 16:56:38 +0000
-Subject: [PATCH 09/11] channel: Fix buffer overflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `ipmi_get_channel_cipher_suites` function does not properly check
-the final response’s `data_len`, which can lead to stack buffer overflow
-on the final copy.
----
- lib/ipmi_channel.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
---- a/lib/ipmi_channel.c
-+++ b/lib/ipmi_channel.c
-@@ -413,7 +413,10 @@ ipmi_get_channel_cipher_suites(struct ip
- 			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
- 			return -1;
- 		}
--		if (rsp->ccode > 0) {
-+		if (rsp->ccode
-+		    || rsp->data_len < 1
-+		    || rsp->data_len > sizeof(uint8_t) + 0x10)
-+		{
- 			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
- 					val2str(rsp->ccode, completion_code_vals));
- 			return -1;

admin/ipmitool/patches/0010-CVE-2020-5208-lanp-Fix-buffer-overflows-in-get_lan_param_select.patch

@@ -1,83 +0,0 @@
-From e048e9c65a52f0879d482531e70735c1d314d43a Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 17:06:39 +0000
-Subject: [PATCH 10/11] lanp: Fix buffer overflows in get_lan_param_select
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Partial fix for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-The `get_lan_param_select` function is missing a validation check on the
-response’s `data_len`, which it then returns to caller functions, where
-stack buffer overflow can occur.
----
- lib/ipmi_lanp.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
---- a/lib/ipmi_lanp.c
-+++ b/lib/ipmi_lanp.c
-@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 		/* set new ipaddr */
- 		memcpy(data+3, temp, 4);
- 		printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert,
-@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 		/* set new macaddr */
- 		memcpy(data+7, temp, 6);
- 		printf("Setting LAN Alert %d MAC Address to "
-@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 
- 		if (strncasecmp(argv[1], "def", 3) == 0 ||
- 		    strncasecmp(argv[1], "default", 7) == 0) {
-@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 
- 		if (strncasecmp(argv[1], "on", 2) == 0 ||
- 		    strncasecmp(argv[1], "yes", 3) == 0) {
-@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 
- 		if (strncasecmp(argv[1], "pet", 3) == 0) {
- 			printf("Setting LAN Alert %d destination to PET Trap\n", alert);
-@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 
- 		if (str2uchar(argv[1], &data[2]) != 0) {
- 			lprintf(LOG_ERR, "Invalid time: %s", argv[1]);
-@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * in
- 		if (p == NULL) {
- 			return (-1);
- 		}
--		memcpy(data, p->data, p->data_len);
-+		memcpy(data, p->data, __min(p->data_len, sizeof(data)));
- 
- 		if (str2uchar(argv[1], &data[3]) != 0) {
- 			lprintf(LOG_ERR, "Invalid retry: %s", argv[1]);

admin/ipmitool/patches/0011-CVE-2020-5208-fru-sdr-Fix-id_string-buffer-overflows.patch

@@ -1,130 +0,0 @@
-From 98b47424cf548f58c4d295fa8235210406ea85ca Mon Sep 17 00:00:00 2001
-From: Chrostoper Ertl <chertl@microsoft.com>
-Date: Thu, 28 Nov 2019 17:13:45 +0000
-Subject: [PATCH 11/11] fru, sdr: Fix id_string buffer overflows
-
-Final part of the fixes for CVE-2020-5208, see
-https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
-
-9 variants of stack buffer overflow when parsing `id_string` field of
-SDR records returned from `CMD_GET_SDR` command.
-
-SDR record structs have an `id_code` field, and an `id_string` `char`
-array.
-
-The length of `id_string` is calculated as `(id_code & 0x1f) + 1`,
-which can be larger than expected 16 characters (if `id_code = 0xff`,
-then length will be `(0xff & 0x1f) + 1 = 32`).
-
-In numerous places, this can cause stack buffer overflow when copying
-into fixed buffer of size `17` bytes from this calculated length.
----
- lib/ipmi_fru.c |  2 +-
- lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++----------------
- 2 files changed, 25 insertions(+), 17 deletions(-)
-
---- a/lib/ipmi_fru.c
-+++ b/lib/ipmi_fru.c
-@@ -3062,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf,
- 		return 0;
- 
- 	memset(desc, 0, sizeof(desc));
--	memcpy(desc, fru->id_string, fru->id_code & 0x01f);
-+	memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
- 	desc[fru->id_code & 0x01f] = 0;
- 	printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
- 
---- a/lib/ipmi_sdr.c
-+++ b/lib/ipmi_sdr.c
-@@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct i
- 		return -1;
- 
- 	memset(desc, 0, sizeof (desc));
--	snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
-+	snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
- 
- 	if (verbose) {
- 		printf("Sensor ID              : %s (0x%x)\n",
-@@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct
- 		return -1;
- 
- 	memset(desc, 0, sizeof (desc));
--	snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
-+	snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
- 
- 	if (verbose == 0) {
- 		if (csv_output)
-@@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(st
- 	char desc[17];
- 
- 	memset(desc, 0, sizeof (desc));
--	snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
-+	snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
- 
- 	if (!verbose) {
- 		if (csv_output)
-@@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct
- 	char desc[17];
- 
- 	memset(desc, 0, sizeof (desc));
--	snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
-+	snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
- 
- 	if (!verbose) {
- 		if (csv_output)
-@@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct
- 
-    int rc =0;
-    char desc[17];
-+   const char *id_string;
-+   uint8_t id_code;
-    memset(desc, ' ', sizeof (desc));
- 
-    switch ( type) {
-       case SDR_RECORD_TYPE_FULL_SENSOR:
-       record.full = (struct sdr_record_full_sensor *) raw;
--      snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
--               (const char *)record.full->id_string);
-+      id_code = record.full->id_code;
-+      id_string = record.full->id_string;
-       break;
-+
-       case SDR_RECORD_TYPE_COMPACT_SENSOR:
-       record.compact = (struct sdr_record_compact_sensor *) raw	;
--      snprintf(desc, (record.compact->id_code & 0x1f)  +1, "%s",
--               (const char *)record.compact->id_string);
-+      id_code = record.compact->id_code;
-+      id_string = record.compact->id_string;
-       break;
-+
-       case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
-       record.eventonly  = (struct sdr_record_eventonly_sensor *) raw ;
--      snprintf(desc, (record.eventonly->id_code & 0x1f)  +1, "%s",
--               (const char *)record.eventonly->id_string);
--      break;            
-+      id_code = record.eventonly->id_code;
-+      id_string = record.eventonly->id_string;
-+      break;
-+
-       case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
-       record.mcloc  = (struct sdr_record_mc_locator *) raw ;
--      snprintf(desc, (record.mcloc->id_code & 0x1f)  +1, "%s",
--               (const char *)record.mcloc->id_string);		
-+      id_code = record.mcloc->id_code;
-+      id_string = record.mcloc->id_string;
-       break;
-+
-       default:
-       rc = -1;
--      break;
--   }   
-+   }
-+   if (!rc) {
-+       snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
-+   }
- 
--      lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
-+   lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
-    return rc;
- }
- 

admin/ipmitool/patches/0012-gcc10.patch

@@ -1,33 +0,0 @@
-From c3939dac2c060651361fc71516806f9ab8c38901 Mon Sep 17 00:00:00 2001
-From: Vaclav Dolezal <vdolezal@redhat.com>
-Date: Thu, 23 Jan 2020 11:26:32 +0100
-Subject: [PATCH] hpmfwupg: move variable definition to .c file
-
-Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
----
- include/ipmitool/ipmi_hpmfwupg.h | 2 +-
- lib/ipmi_hpmfwupg.c              | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
---- a/include/ipmitool/ipmi_hpmfwupg.h
-+++ b/include/ipmitool/ipmi_hpmfwupg.h
-@@ -800,7 +800,7 @@ typedef struct _VERSIONINFO {
- 	char descString[HPMFWUPG_DESC_STRING_LENGTH + 1];
- }VERSIONINFO, *PVERSIONINFO;
- 
--VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
-+extern VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
- 
- #define TARGET_VER (0x01)
- #define ROLLBACK_VER (0x02)
---- a/lib/ipmi_hpmfwupg.c
-+++ b/lib/ipmi_hpmfwupg.c
-@@ -58,6 +58,8 @@ ipmi_intf_get_max_request_data_size(stru
- 
- extern int verbose;
- 
-+VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX];
-+
- int HpmfwupgUpgrade(struct ipmi_intf *intf, char *imageFilename,
- 		int activate, int, int);
- int HpmfwupgValidateImageIntegrity(struct HpmfwupgUpgradeCtx *pFwupgCtx);

admin/muninlite/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=muninlite
 PKG_VERSION:=2.1.2
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/munin-monitoring/$(PKG_NAME)/releases/download/$(PKG_VERSION)/
@@ -37,12 +37,14 @@ endef
 define Package/muninlite/install
 	$(INSTALL_DIR) $(1)/usr/sbin/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/muninlite $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/munin/plugins
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/muninlite.conf $(1)/etc/munin/
 	$(INSTALL_DIR) $(1)/etc/xinetd.d
 	$(INSTALL_DATA) ./files/etc/xinetd.d/muninlite $(1)/etc/xinetd.d/
-	$(INSTALL_DIR) $(1)/etc/munin/plugins
 endef
 
 define Package/muninlite/conffiles
+/etc/munin/
 /etc/xinetd.d/muninlite
 endef
 

admin/muninlite/patches/001-ntpdate-fix-typo-on-graph-title.patch

@@ -0,0 +1,18 @@
+From 74927fc6e7d2b5475d4b8d4bc426b55d23c67be9 Mon Sep 17 00:00:00 2001
+From: "Kim B. Heino" <b@bbbs.net>
+Date: Sun, 22 Aug 2021 19:37:40 +0300
+Subject: [PATCH 1/5] ntpdate: fix typo on graph title
+
+---
+ plugins/ntpdate | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/plugins/ntpdate
++++ b/plugins/ntpdate
+@@ -1,5 +1,5 @@
+ config_ntpdate() {
+-  echo "graph_title NTP offset and dealy to peer $NTP_PEER"
++  echo "graph_title NTP offset and delay to peer $NTP_PEER"
+   echo "graph_args --base 1000 --vertical-label msec"
+   echo "graph_category time"
+   echo "offset.label Offset"

admin/muninlite/patches/002-plugin-ntpdate-tolerate-multiple-NTP-servers-e.g.-in.patch

@@ -0,0 +1,30 @@
+From a2f1745477e480f91bb68102308217eb95a063c7 Mon Sep 17 00:00:00 2001
+From: Lars Kruse <devel@sumpfralle.de>
+Date: Wed, 4 May 2022 14:52:44 +0200
+Subject: [PATCH 2/5] plugin ntpdate: tolerate multiple NTP servers (e.g. in a
+ pool)
+
+Previously multiple "server" lines were consumed, but the output of the
+awk filter lacked the line ending.  Thus the last numeric value of the
+previous "server" line was concatenated with the first numeric value of
+the following "server" line.  Thus multiple dots occurred in a single
+numeric value and parsing just failed.
+
+Thanks, glyndon!
+
+Closes: #16
+---
+ plugins/ntpdate | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/plugins/ntpdate
++++ b/plugins/ntpdate
+@@ -11,7 +11,7 @@ fetch_ntpdate() {
+   OFFSET=0
+   DELAY=0
+   if [ -n "$NTP_PEER" ] && [ -x "$NTPDATE" ]; then
+-    DATA=$("$NTPDATE" -q "$NTP_PEER" | awk '/^server.*offset/{gsub(/,/,""); printf "%s %s", ($6*1000), ($8*1000);}')
++    DATA=$("$NTPDATE" -q "$NTP_PEER" | awk '/^server.*offset/{gsub(/,/,""); printf "%s %s", ($6*1000), ($8*1000); exit;}')
+     OFFSET=$(echo "$DATA" | cut -d " " -f 1)
+     DELAY=$(echo "$DATA" | cut -d " " -f 2)
+   fi

admin/muninlite/patches/003-Improve-df.patch

@@ -0,0 +1,45 @@
+From f55b83fdbda8bbe65f27395fe55d75f6e9e845f2 Mon Sep 17 00:00:00 2001
+From: Daniel Alder <daald@users.noreply.github.com>
+Date: Wed, 13 Dec 2023 00:59:12 +0100
+Subject: [PATCH 3/5] Improve df
+
+Before, there were 1+n calls of df where n is the number of output values. I introduced some script magic to use the values from the
+first call. Motivation was, there was a very complex sed call which failed to process some of my df output lines. The new code is much
+safer.
+
+Actually, the original problem obviously was that the sed regex didn't cover capital letters which I had in my mountpoints.
+---
+ plugins/df | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+--- a/plugins/df
++++ b/plugins/df
+@@ -4,21 +4,19 @@ graph_args --upper-limit 100 -l 0
+ graph_vlabel %
+ graph_category disk
+ graph_info This graph shows disk usage on the machine."
+-  for PART in $(df -PT | grep '^/' | grep -vwE "$DF_IGNORE_FILESYSTEM_REGEX" | sed '/\/[a-z0-9]*$/!d;s/.* \([a-z0-9\/]\{1,\}\)$/\1/g')
++  df -PT | grep '^/' | grep -vwE "$DF_IGNORE_FILESYSTEM_REGEX" | while read dev type blocks used avail pct mp
+   do
+-    PINFO=$(df -P "$PART" | tail -1);
+-    PNAME=$(clean_fieldname "$(echo "$PINFO" | cut -d " " -f 1)")
+-    echo "$PNAME.label $PART"
+-    echo "$PNAME.info $PNAME -> $PART"
++    PNAME=$(clean_fieldname "$dev")
++    echo "$PNAME.label $mp"
++    echo "$PNAME.info $dev -> $mp"
+     echo "$PNAME.warning 92"
+     echo "$PNAME.critical 98"
+   done
+ }
+ fetch_df() {
+-  for PART in $(df -PT | grep '^/' | grep -vwE "$DF_IGNORE_FILESYSTEM_REGEX" | sed '/\/[a-z0-9]*$/!d;s/.* \([a-z0-9\/]\{1,\}\)$/\1/g')
++  df -PT | grep '^/' | grep -vwE "$DF_IGNORE_FILESYSTEM_REGEX" | while read dev type blocks used avail pct mp
+   do
+-    PINFO=$(df -P "$PART" | tail -1);
+-    PNAME=$(clean_fieldname "$(echo "$PINFO" | cut -d " " -f 1)")
+-    echo "$PNAME.value" "$(echo "$PINFO" | sed -e 's/\%//g' -e 's/  */ /g' | cut -d " " -f 5)"
++    PNAME=$(clean_fieldname "$dev")
++    echo "$PNAME.value" "${pct%\%}"
+   done
+ }

admin/muninlite/patches/004-Fix-previous-change.-The-key-for-config-and-values-w.patch

@@ -0,0 +1,31 @@
+From c2b8d7315d9c9c466537ef60dcdb5bd6733ea809 Mon Sep 17 00:00:00 2001
+From: Daniel Alder <daald@users.noreply.github.com>
+Date: Thu, 14 Dec 2023 13:26:47 +0100
+Subject: [PATCH 4/5] Fix previous change. The key for config and values was
+ the mountpoint
+
+I accidently changed this to dev. This also works but breaks existing history
+---
+ plugins/df | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/plugins/df
++++ b/plugins/df
+@@ -6,7 +6,7 @@ graph_category disk
+ graph_info This graph shows disk usage on the machine."
+   df -PT | grep '^/' | grep -vwE "$DF_IGNORE_FILESYSTEM_REGEX" | while read dev type blocks used avail pct mp
+   do
+-    PNAME=$(clean_fieldname "$dev")
++    PNAME=$(clean_fieldname "$mp")
+     echo "$PNAME.label $mp"
+     echo "$PNAME.info $dev -> $mp"
+     echo "$PNAME.warning 92"
+@@ -16,7 +16,7 @@ graph_info This graph shows disk usage o
+ fetch_df() {
+   df -PT | grep '^/' | grep -vwE "$DF_IGNORE_FILESYSTEM_REGEX" | while read dev type blocks used avail pct mp
+   do
+-    PNAME=$(clean_fieldname "$dev")
++    PNAME=$(clean_fieldname "$mp")
+     echo "$PNAME.value" "${pct%\%}"
+   done
+ }

admin/muninlite/patches/100-netstat-drop-netstat-s-dep-by-using-proc-net-snmp-da.patch

@@ -0,0 +1,88 @@
+From cd0d4478916ff203db1d3e403b99a58d60d7c5ec Mon Sep 17 00:00:00 2001
+From: Rany Hany <rany_hany@riseup.net>
+Date: Thu, 2 Jan 2025 14:26:07 +0200
+Subject: [PATCH 5/5] netstat: drop `netstat -s` dep by using `/proc/net/snmp`
+ data directly
+
+This allows the plugin to work under OpenWRT as the busybox netstat
+does not support `netstat -s`.
+
+Fixes: https://github.com/munin-monitoring/muninlite/issues/14
+Signed-off-by: Rany Hany <rany_hany@riseup.net>
+---
+ muninlite.in    |  2 +-
+ plugins/netstat | 54 +++++++++++++++++++++++++++++++++++++++++++------
+ 2 files changed, 49 insertions(+), 7 deletions(-)
+
+--- a/muninlite.in
++++ b/muninlite.in
+@@ -87,7 +87,7 @@ for PLUG in $PLUGINS; do
+       done
+       ;;
+     netstat)
+-      if netstat -s >/dev/null 2>&1; then
++      if [ -f /proc/net/snmp ]; then
+         RES="$RES netstat"
+       fi
+       ;;
+--- a/plugins/netstat
++++ b/plugins/netstat
+@@ -31,10 +31,52 @@ config_netstat() {
+   echo "established.info The number of currently open connections."
+ }
+ fetch_netstat() {
+-  NINFO=$(netstat -s | sed 's/ \{1,\}/ /g')
+-  echo "active.value" "$(echo "$NINFO" | grep "active connection" | cut -d " " -f 2)"
+-  echo "passive.value" "$(echo "$NINFO" | grep "passive connection" | cut -d " " -f 2)"
+-  echo "failed.value" "$(echo "$NINFO" | grep "failed connection" | cut -d " " -f 2)"
+-  echo "resets.value" "$(echo "$NINFO" | grep "connection resets" | cut -d " " -f 2)"
+-  echo "established.value" "$(echo "$NINFO" | grep "connections established" | cut -d " " -f 2)"
++  awk '
++    BEGIN {
++      TcpNR = -1
++      ActiveOpens = -1
++      PassiveOpens = -1
++      AttemptFails = -1
++      EstabResets = -1
++      CurrEstab = -1
++    }
++
++    /^Tcp: / {
++      if (++TcpNR == 0) {
++        for (i = 1; i <= NF; i++) {
++          if ($i == "ActiveOpens") {
++            ActiveOpens = i
++          } else if ($i == "PassiveOpens") {
++            PassiveOpens = i
++          } else if ($i == "AttemptFails") {
++            AttemptFails = i
++          } else if ($i == "EstabResets") {
++            EstabResets = i
++          } else if ($i == "CurrEstab") {
++            CurrEstab = i
++          }
++        }
++      } else if (TcpNR == 1) {
++        if (ActiveOpens < 1 || PassiveOpens < 1 || AttemptFails < 1 || EstabResets < 1 || CurrEstab < 1) {
++          TcpNR = -1
++        } else {
++          print "active.value " $ActiveOpens
++          print "passive.value " $PassiveOpens
++          print "failed.value " $AttemptFails
++          print "resets.value " $EstabResets
++          print "established.value " $CurrEstab
++        }
++      }
++    }
++
++    END {
++      if (TcpNR < 1) {
++        print "active.value 0"
++        print "passive.value 0"
++        print "failed.value 0"
++        print "resets.value 0"
++        print "established.value 0"
++      }
++    }
++  ' /proc/net/snmp
+ }

admin/muninlite/patches/200-Allow-customizing-the-list-of-monitored-network-inte.patch

@@ -0,0 +1,29 @@
+From c14b6ccaecba0a85fee0261774d31187a6c66f71 Mon Sep 17 00:00:00 2001
+From: Daniel Alder <daald@users.noreply.github.com>
+Date: Wed, 13 Dec 2023 15:16:20 +0100
+Subject: [PATCH 200/204] Allow customizing the list of monitored network
+ interfaces
+
+This is a simple way to customize the selection of network interfaces. If INTERFACE_NAMES_OVERRIDE is set in muninlite.conf, that list is used instead of auto-detection. As muninlite.conf
+itself is also a script, it is even possible to write a custom command.
+This feature is helpful in environments with virtual machines or containers, like docker or lxc where there are lots of br-*, veth*, lxcbr* etc interfaces where monitoring doesn't make much
+sense. I didn't find a way to reliably filter physical interfaces.
+---
+ muninlite.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/muninlite.in
++++ b/muninlite.in
+@@ -78,7 +78,11 @@ RES=""
+ for PLUG in $PLUGINS; do
+   case "$PLUG" in
+     if_|if_err_)
+-      interface_names=$(sed 's/^ *//; s/:.*$//; / /d; /^lo$/d' /proc/net/dev)
++      if [ -z "$INTERFACE_NAMES_OVERRIDE" ]; then
++        interface_names=$(sed 's/^ *//; s/:.*$//; / /d; /^lo$/d' /proc/net/dev)
++      else
++        interface_names="$INTERFACE_NAMES_OVERRIDE"
++      fi
+       for INTER in $interface_names; do
+         INTERRES=$(echo "$INTER" | sed -e 's/\./VLAN/' -e 's/\-/_/g')
+         RES="$RES ${PLUG}${INTERRES}"

admin/muninlite/patches/201-Add-examples-for-config-with-INTERFACE_NAMES_OVERRID.patch

@@ -0,0 +1,18 @@
+From 71cc9a81106dc2199e5686a54fcff7c0aff6ef5e Mon Sep 17 00:00:00 2001
+From: Daniel Alder <daald@users.noreply.github.com>
+Date: Wed, 13 Dec 2023 17:35:57 +0100
+Subject: [PATCH 201/204] Add examples for config with INTERFACE_NAMES_OVERRIDE
+
+---
+ muninlite.conf | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/muninlite.conf
++++ b/muninlite.conf
+@@ -1,3 +1,6 @@
+ # the following variables are added to the top of the assembled muninlite script
+ NTP_PEER="pool.ntp.org"
+ DF_IGNORE_FILESYSTEM_REGEX="(none|unknown|rootfs|iso9660|squashfs|udf|romfs|ramfs|debugfs|cgroup_root|devtmpfs)"
++
++#INTERFACE_NAMES_OVERRIDE="eth0"
++#INTERFACE_NAMES_OVERRIDE="$(sed 's/^ *//; s/:.*$//; / /d' /proc/net/dev | grep -P '^(eth|wlan|en)')"

admin/muninlite/patches/202-Fix-parameter-not-set-error.patch

@@ -0,0 +1,21 @@
+From 903869d10cd58891c77e9a633ab1fc5eb2710abb Mon Sep 17 00:00:00 2001
+From: Daniel Alder <daald@users.noreply.github.com>
+Date: Wed, 13 Dec 2023 17:43:24 +0100
+Subject: [PATCH 202/204] Fix "parameter not set" error
+
+./muninlite: 651: INTERFACE_NAMES_OVERRIDE: parameter not set
+---
+ muninlite.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/muninlite.in
++++ b/muninlite.in
+@@ -78,7 +78,7 @@ RES=""
+ for PLUG in $PLUGINS; do
+   case "$PLUG" in
+     if_|if_err_)
+-      if [ -z "$INTERFACE_NAMES_OVERRIDE" ]; then
++      if [ -z "${INTERFACE_NAMES_OVERRIDE:-}" ]; then
+         interface_names=$(sed 's/^ *//; s/:.*$//; / /d; /^lo$/d' /proc/net/dev)
+       else
+         interface_names="$INTERFACE_NAMES_OVERRIDE"

admin/muninlite/patches/203-Make-example-more-portable.patch

@@ -0,0 +1,18 @@
+From e0f0687247958a19911d0f874fd8bff3b50fbede Mon Sep 17 00:00:00 2001
+From: daald <daald@users.noreply.github.com>
+Date: Thu, 14 Dec 2023 02:29:15 +0100
+Subject: [PATCH 203/204] Make example more portable
+
+Co-authored-by: Kenyon Ralph <kenyon@kenyonralph.com>
+---
+ muninlite.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/muninlite.conf
++++ b/muninlite.conf
+@@ -3,4 +3,4 @@ NTP_PEER="pool.ntp.org"
+ DF_IGNORE_FILESYSTEM_REGEX="(none|unknown|rootfs|iso9660|squashfs|udf|romfs|ramfs|debugfs|cgroup_root|devtmpfs)"
+ 
+ #INTERFACE_NAMES_OVERRIDE="eth0"
+-#INTERFACE_NAMES_OVERRIDE="$(sed 's/^ *//; s/:.*$//; / /d' /proc/net/dev | grep -P '^(eth|wlan|en)')"
++#INTERFACE_NAMES_OVERRIDE="$(sed 's/^ *//; s/:.*$//; / /d' /proc/net/dev | grep -E '^(eth|wlan|en)')"

admin/muninlite/patches/204-Remove-example-code-as-requested.patch

@@ -0,0 +1,16 @@
+From 6f27355dc64ddc1ad9588f1402a21ad112bfbc01 Mon Sep 17 00:00:00 2001
+From: Daniel Alder <daald@users.noreply.github.com>
+Date: Fri, 15 Dec 2023 22:42:18 +0100
+Subject: [PATCH 204/204] Remove example code as requested
+
+---
+ muninlite.conf | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/muninlite.conf
++++ b/muninlite.conf
+@@ -3,4 +3,3 @@ NTP_PEER="pool.ntp.org"
+ DF_IGNORE_FILESYSTEM_REGEX="(none|unknown|rootfs|iso9660|squashfs|udf|romfs|ramfs|debugfs|cgroup_root|devtmpfs)"
+ 
+ #INTERFACE_NAMES_OVERRIDE="eth0"
+-#INTERFACE_NAMES_OVERRIDE="$(sed 's/^ *//; s/:.*$//; / /d' /proc/net/dev | grep -E '^(eth|wlan|en)')"

admin/openwisp-config/Makefile

@@ -5,14 +5,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwisp-config
-PKG_VERSION:=1.1.0
+PKG_VERSION:=1.2.0
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Federico Capoano <f.capoano@openwisp.io>
 PKG_LICENSE:=GPL-3.0-or-later
 
 PKG_SOURCE_URL:=https://github.com/openwisp/openwisp-config.git
-PKG_MIRROR_HASH:=c78dc17353c642a6f998531f18e20f0651f946d665506a000308e77c02324a79
+PKG_MIRROR_HASH:=30258c3ef4895fbf6e4fed8caee9d0dfbf05aebebd52604d75febac1a11d78bd
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=$(PKG_VERSION)
 
@@ -38,6 +38,7 @@ endef
 
 define Package/openwisp-config/conffiles
 /etc/config/openwisp
+/etc/openwisp/
 endef
 
 define Package/openwisp-config/install
@@ -45,20 +46,24 @@ define Package/openwisp-config/install
 		$(1)/usr/sbin \
 		$(1)/etc/init.d \
 		$(1)/etc/config \
-		$(1)/etc/openwisp \
-		$(1)/usr/lib/lua/openwisp
+		$(1)/usr/lib/openwisp-config \
+		$(1)/usr/lib/lua/openwisp \
+		$(1)/etc/hotplug.d/iface
 
 	$(INSTALL_BIN) \
 		$(PKG_BUILD_DIR)/openwisp-config/files/openwisp.agent \
-		$(1)/usr/sbin/openwisp_config
+		$(1)/usr/sbin/openwisp-config
 
 	$(INSTALL_BIN) \
 		$(PKG_BUILD_DIR)/openwisp-config/files/openwisp.init \
-		$(1)/etc/init.d/openwisp_config
+		$(1)/etc/init.d/openwisp-config
 
 	$(INSTALL_CONF) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.config \
 		$(1)/etc/config/openwisp
 
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/openwisp-config/files/openwisp.hotplug \
+		$(1)/etc/hotplug.d/iface/90-openwisp-config
+
 	$(INSTALL_BIN) \
 		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-reload-config \
 		$(1)/usr/sbin/openwisp-reload-config
@@ -95,7 +100,11 @@ define Package/openwisp-config/install
 		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-get-address.lua \
 		$(1)/usr/sbin/openwisp-get-address
 
-	$(CP) $(PKG_BUILD_DIR)/VERSION $(1)/etc/openwisp/
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-config/files/sbin/openwisp-get-random-number.lua \
+		$(1)/usr/sbin/openwisp-get-random-number
+
+	$(CP) $(PKG_BUILD_DIR)/VERSION $(1)/usr/lib/openwisp-config/
 endef
 
 $(eval $(call BuildPackage,openwisp-config))

admin/openwisp-monitoring/Config.in

@@ -0,0 +1,10 @@
+menu "netjson-monitoring Configuration"
+	depends on PACKAGE_netjson-monitoring
+
+config NETJSON_MONITORING_IWINFO
+	bool "Enable rpcd-mod-iwinfo"
+	default y
+	help
+	  Whether to include the rpcd-mod-iwinfo dependency (enabled by default).
+
+endmenu

admin/openwisp-monitoring/Makefile

@@ -5,15 +5,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwisp-monitoring
-PKG_VERSION:=0.2.0
+PKG_VERSION:=0.3.0
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Federico Capoano <support@openwisp.io>
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=LICENSE
 
+PKG_CONFIG_DEPENDS:=CONFIG_NETJSON_MONITORING_IWINFO
+
 PKG_SOURCE_URL:=https://github.com/openwisp/openwrt-openwisp-monitoring.git
-PKG_MIRROR_HASH:=6baad2b319cdc072a83547593b447e2c93c42fcdda386f5993c22b88ad991cdd
+PKG_MIRROR_HASH:=a7778b0de1b560abf5bf5b8e6e45313fe58309a66438f3c9e043adc8f0248c04
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=$(PKG_VERSION)
 PKGARCH:=all
@@ -30,14 +32,19 @@ define Package/openwisp-monitoring
 endef
 
 define Package/netjson-monitoring
-  TITLE:=NetJson Monitoring
+  TITLE:=NetJSON Monitoring
   CATEGORY:=Administration
   SECTION:=admin
   SUBMENU:=openwisp
-  DEPENDS:=+libubus-lua +lua-cjson +rpcd +rpcd-mod-iwinfo
+  DEPENDS:=+libubus-lua +lua-cjson +rpcd
+  DEPENDS+=+NETJSON_MONITORING_IWINFO:rpcd-mod-iwinfo
   URL:=http://openwisp.org
 endef
 
+define Package/netjson-monitoring/config
+  source "$(SOURCE)/Config.in"
+endef
+
 define Build/Compile
 endef
 
@@ -50,7 +57,7 @@ define Package/netjson-monitoring/install
 		$(1)/usr/sbin \
 		$(1)/usr/libexec \
 		$(1)/usr/lib/lua/openwisp-monitoring \
-		$(1)/etc/openwisp-monitoring
+		$(1)/usr/lib/openwisp-monitoring
 
 	$(INSTALL_BIN) \
 		$(PKG_BUILD_DIR)/openwisp-monitoring/files/sbin/netjson-monitoring.lua \
@@ -88,7 +95,12 @@ define Package/netjson-monitoring/install
 		$(PKG_BUILD_DIR)/openwisp-monitoring/files/lib/openwisp-monitoring/wifi.lua \
 		$(1)/usr/lib/lua/openwisp-monitoring/wifi.lua
 
-	$(CP) $(PKG_BUILD_DIR)/VERSION $(1)/etc/openwisp-monitoring/
+# Iwinfo is enabled by default unless specified otherwise
+ifeq ($(CONFIG_NETJSON_MONITORING_IWINFO), y)
+	$(CP) $(PKG_BUILD_DIR)/openwisp-monitoring/files/lib/openwisp-monitoring/iwinfo.lua $(1)/usr/lib/lua/openwisp-monitoring/iwinfo.lua
+endif
+
+	$(CP) $(PKG_BUILD_DIR)/VERSION $(1)/usr/lib/openwisp-monitoring/
 
 endef
 
@@ -97,7 +109,8 @@ define Package/openwisp-monitoring/install
 		$(1)/usr/sbin \
 		$(1)/etc/init.d \
 		$(1)/etc/config \
-		$(1)/etc/openwisp-monitoring
+		$(1)/usr/lib/openwisp-monitoring \
+		$(1)/etc/hotplug.d/openwisp
 
 	$(INSTALL_BIN) \
 		$(PKG_BUILD_DIR)/openwisp-monitoring/files/monitoring.agent \
@@ -107,6 +120,10 @@ define Package/openwisp-monitoring/install
 		$(PKG_BUILD_DIR)/openwisp-monitoring/files/monitoring.init \
 		$(1)/etc/init.d/openwisp-monitoring
 
+	$(INSTALL_BIN) \
+		$(PKG_BUILD_DIR)/openwisp-monitoring/files/openwisp-monitoring.hotplug \
+		$(1)/etc/hotplug.d/openwisp/openwisp-monitoring
+
 	$(INSTALL_CONF) \
 		$(PKG_BUILD_DIR)/openwisp-monitoring/files/monitoring.config \
 		$(1)/etc/config/openwisp-monitoring

admin/qbee-agent/Makefile

@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=qbee-agent
-PKG_VERSION:=2024.36
+PKG_VERSION:=2025.49
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/qbee-io/qbee-agent.git
-PKG_SOURCE_VERSION:=d52fb5e69b479550636570a2db6cebe06f5f129b
-PKG_MIRROR_HASH:=58b4e7b741754bf86d315eb32e43d4a8b80c8b8f5a95cf94b77f48c193385d60
+PKG_SOURCE_VERSION:=9493a57f7f4f2cb4c0db3dfd1812042b96479fc2
+PKG_MIRROR_HASH:=b07c3c51447da45d6139c305a0f92bcd85b502ab3cc2af0b8afb99f73ae43288
 
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE

admin/rsyslog/Makefile

@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rsyslog
-PKG_VERSION:=8.2408.0
+PKG_VERSION:=8.2506.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
 	https://fossies.org/linux/misc \
 	https://www.rsyslog.com/files/download/rsyslog
-PKG_HASH:=8bb2f15f9bf9bb7e635182e3d3e370bfc39d08bf35a367dce9714e186f787206
+PKG_HASH:=6d6fd0257c95e756765d4d585a833d54dd3a0e5eeb8308b862a81b368a74bb7b
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-3.0-or-later

admin/schroot/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=reschroot
 PKG_VERSION:=1.6.13
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeberg.org/shelter/reschroot/archive/release

admin/schroot/patches/020-gcc14.patch

@@ -15,7 +15,7 @@
              ${public_chroot_facet_cc_sources})
  target_link_libraries(sbuild
                        PRIVATE
-+		        Intl::Intl
++                        Intl::Intl
                          ${CMAKE_THREAD_LIBS_INIT}
                          ${PAM_LIBRARY}
                          ${UUID_LIBRARY}

admin/schroot/patches/040-boost-189.patch

@@ -0,0 +1,15 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -59,7 +59,11 @@ find_package(Threads REQUIRED)
+ 
+ include(FindBoost)
+ find_package(Boost REQUIRED
+-             COMPONENTS filesystem system iostreams program_options regex)
++             COMPONENTS filesystem iostreams program_options regex)
++if(Boost_MAJOR_VERSION EQUAL 1 AND Boost_MINOR_VERSION LESS 69)
++  list(APPEND BOOST_REQUIRED_COMPONENTS system)
++  find_package(Boost REQUIRED COMPONENTS ${BOOST_REQUIRED_COMPONENTS})
++endif()
+ 
+ # HEADER CHECKS
+ include(CheckIncludeFileCXX)

admin/schroot/patches/100-CMakeLists-update-min-version-to-3.10-for-CMake-4.0-.patch

@@ -0,0 +1,29 @@
+From de9b961c465d8d2a18334770857ae45115f02ab6 Mon Sep 17 00:00:00 2001
+From: Christian Marangi <ansuelsmth@gmail.com>
+Date: Mon, 24 Nov 2025 21:21:22 +0100
+Subject: [PATCH] CMakeLists: update min version to 3.10 for CMake >= 4.0
+ support
+
+Update minimum version of CMake to 3.10 for CMake >= 4.0 version
+support.
+
+New CMake require 3.5 as the minimum version with that increased to 3.10
+in the next CMake release.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ CMakeLists.txt | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -13,8 +13,7 @@
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ 
+-cmake_minimum_required(VERSION 2.8.12)
+-cmake_policy(VERSION 2.8.12)
++cmake_minimum_required(VERSION 3.10)
+ 
+ project(schroot)
+ 

admin/sudo/Makefile

@@ -8,19 +8,19 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sudo
-PKG_REALVERSION:=1.9.15p5
+PKG_REALVERSION:=1.9.17p2
 PKG_VERSION:=$(subst p,_p,$(PKG_REALVERSION))
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
 PKG_SOURCE_URL:=https://www.sudo.ws/dist
-PKG_HASH:=558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558
+PKG_HASH:=4a38a1ab3adb1199257edc2a7c4a2bd714665eb605b04368843b06dada2cfcfb
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REALVERSION)
 
 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
 
 PKG_LICENSE:=ISC
-PKG_LICENSE_FILES:=doc/LICENSE
+PKG_LICENSE_FILES:=LICENSE.md
 PKG_CPE_ID:=cpe:/a:sudo_project:sudo
 
 PKG_INSTALL:=1
@@ -34,6 +34,7 @@ define Package/sudo
   CATEGORY:=Administration
   TITLE:=Delegate authority to run commands
   URL:=https://www.sudo.ws/
+  DEPENDS:= +USE_GLIBC:libcrypt-compat
 endef
 
 define Package/sudo/description

admin/syslog-ng/Makefile

@@ -1,17 +1,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=syslog-ng
-PKG_VERSION:=4.7.1
-PKG_RELEASE:=1
+PKG_VERSION:=4.10.2
+PKG_RELEASE:=2
 
 PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
 PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING LGPL.txt GPL.txt
-PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
+PKG_CPE_ID:=cpe:/a:oneidentity:syslog-ng
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
-PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c
+PKG_HASH:=841503de6c2486e66fd08f0c62ac2568fc8ed1021297f855e8acd58ad7caff76
 
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
@@ -34,7 +34,8 @@ define Package/syslog-ng
   CATEGORY:=Administration
   TITLE:=A powerful syslog daemon
   URL:=https://www.syslog-ng.com/products/open-source-log-management/
-  DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +libdbi +libjson-c +libcurl +libuuid +SYSLOGNG_LOGROTATE:logrotate +LIBCURL_ZLIB:zlib
+  DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +libdbi +libjson-c +libcurl +libuuid +ivykis +SYSLOGNG_LOGROTATE:logrotate +LIBCURL_ZLIB:zlib
+  ALTERNATIVES:=300:/sbin/logread:/usr/libexec/logread.sh
 endef
 
 define Package/syslog-ng/description
@@ -90,12 +91,15 @@ CONFIGURE_ARGS +=  \
 	--disable-sql \
 	--disable-linux-caps \
 	--with-jsonc=system \
+	--with-ivykis=system \
 	--enable-cpp=no \
+	--disable-example-modules \
 	--enable-json=yes \
 	$(if $(CONFIG_LIBCURL_ZLIB),--enable-http=yes,--enable-http=no) \
 	--disable-smtp \
 	--disable-mqtt \
 	--disable-redis \
+	--disable-stackdump \
 	--disable-dependency-tracking \
 	--disable-python \
 	--disable-geoip2 \
@@ -123,8 +127,8 @@ define Package/syslog-ng/install
 	$(INSTALL_DATA) ./files/syslog-ng.conf $(1)/etc
 	touch $(1)/etc/syslog-ng.d/.keep
 
-	$(INSTALL_DIR) $(1)/sbin
-	$(INSTALL_BIN) ./files/logread $(1)/sbin
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) ./files/logread.sh $(1)/usr/libexec/logread.sh
 
 	$(INSTALL_DIR) $(1)/usr/share/syslog-ng/include/
 	$(CP) -r ./files/scl $(1)/usr/share/syslog-ng/include/

admin/syslog-ng/files/syslog-ng.conf

@@ -1,7 +1,7 @@
 # Collect all local logs into a single file /var/log/messages.
 # See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
 
-@version: 4.7
+@version: current
 @include "scl.conf"
 
 options {

admin/syslog-ng/test.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+syslog-ng --version | grep "$2"

admin/zabbix/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zabbix
-PKG_VERSION:=7.0.0
+PKG_VERSION:=7.0.12
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \
 	https://cdn.zabbix.com/zabbix/sources/oldstable/$(basename $(PKG_VERSION))/
-PKG_HASH:=520641483223f680ef6e685284b556ba34a496d886a38dc3bca085cde21031b1
+PKG_HASH:=6069ed604aa5e33fe631ccc68b782654a697071952a1cf365151655a0a122b05
 
 PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
 PKG_LICENSE:=AGPL-3.0-only
@@ -159,6 +159,7 @@ define Package/zabbix-server/Default
     @(!ZABBIX_SQLITE) \
     +libevent2 \
     +libevent2-pthreads \
+    +libevent2-extra \
     +fping
 endef
 
@@ -212,6 +213,7 @@ define Package/zabbix-proxy/Default
     +ZABBIX_SQLITE:libsqlite3 \
     +libevent2 \
     +libevent2-pthreads \
+    +libevent2-extra \
     +fping
 endef
 
@@ -277,9 +279,6 @@ ifeq ($(BUILD_VARIANT),gnutls)
 	CONFIGURE_ARGS+= --with-gnutls="$(STAGING_DIR)/usr"
 endif
 
-CONFIGURE_VARS += \
-	ac_cv_header_sys_sysinfo_h=no
-
 MAKE_FLAGS += ARCH="linux"
 
 define Package/zabbix/install/sbin

devel/cargo-c/Makefile

@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cargo-c
-PKG_VERSION:=0.9.32
+PKG_VERSION:=0.10.13
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/lu-zero/cargo-c/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=a96f3cc6c63d9901c9583083338d50b0132504bb067f68accc17f4116ed01f72
+PKG_HASH:=57dffba592179c7ca2b0322d28265b6962750eebb3a23b28ad677371cc10c36e
 
 PKG_MAINTAINER:=Luca Barbato <lu_zero@luminem.org>
 PKG_LICENSE:=MIT

devel/delve/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=delve
-PKG_VERSION:=1.22.1
+PKG_VERSION:=1.24.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/go-delve/delve/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=fe6f0d97c233d4f0f1ed422c11508cc57c14e9e0915f9a258f1912c46824cbfb
+PKG_HASH:=940fc50d6338dfe515982ac5fcc3247616f23e2652048ac4f2b439ebd51741c1
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE

devel/gcc/Makefile

@@ -55,8 +55,8 @@ ifeq ($(PKG_VERSION),13.3.0)
   PKG_HASH:=0845e9621c9543a13f484e94584a49ffc0129970e9914624235fc1d061a0c083
 endif
 
-ifeq ($(PKG_VERSION),14.2.0)
-	PKG_HASH:=a7b39bc69cbf9e25826c5a60ab26477001f7c08d85cec04bc0e29cabed6f3cc9
+ifeq ($(PKG_VERSION),14.3.0)
+	PKG_HASH:=e0dc77297625631ac8e50fa92fffefe899a4eb702592da5c32ef04e2293aca3a
 endif
 
 PATCH_DIR:=patches-$(GCC_MAJOR_VERSION).x

devel/gcc/patches-14.x/010-documentation.patch

@@ -12,7 +12,7 @@ Date:   Tue Feb 26 16:16:33 2013 +0000
 
 --- a/gcc/Makefile.in
 +++ b/gcc/Makefile.in
-@@ -3549,18 +3549,10 @@ doc/gcc.info: $(TEXI_GCC_FILES)
+@@ -3550,18 +3550,10 @@ doc/gcc.info: $(TEXI_GCC_FILES)
  doc/gccint.info: $(TEXI_GCCINT_FILES)
  doc/cppinternals.info: $(TEXI_CPPINT_FILES)
  

devel/gcc/patches-14.x/110-Fix-MIPS-PR-84790.patch

@@ -1,20 +0,0 @@
-Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84790.
-MIPS16 functions have a static assembler prologue which clobbers
-registers v0 and v1. Add these register clobbers to function call
-instructions.
-
---- a/gcc/config/mips/mips.cc
-+++ b/gcc/config/mips/mips.cc
-@@ -3227,6 +3227,12 @@ mips_emit_call_insn (rtx pattern, rtx or
-       emit_insn (gen_update_got_version ());
-     }
- 
-+  if (TARGET_MIPS16 && TARGET_USE_GOT)
-+    {
-+      clobber_reg (&CALL_INSN_FUNCTION_USAGE (insn), MIPS16_PIC_TEMP);
-+      clobber_reg (&CALL_INSN_FUNCTION_USAGE (insn), MIPS_PROLOGUE_TEMP (word_mode));
-+    }
-+
-   if (TARGET_MIPS16
-       && TARGET_EXPLICIT_RELOCS
-       && TARGET_CALL_CLOBBERED_GP)

devel/gcc/patches-14.x/230-musl_libssp.patch

@@ -1,6 +1,6 @@
 --- a/gcc/gcc.cc
 +++ b/gcc/gcc.cc
-@@ -985,7 +985,9 @@ proper position among the other output f
+@@ -989,7 +989,9 @@ proper position among the other output f
  #endif
  
  #ifndef LINK_SSP_SPEC

devel/gcc/patches-14.x/300-mips_Os_cpu_rtx_cost_model.patch

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/gcc/config/mips/mips.cc
 +++ b/gcc/config/mips/mips.cc
-@@ -20453,7 +20453,7 @@ mips_option_override (void)
+@@ -20447,7 +20447,7 @@ mips_option_override (void)
      flag_pcc_struct_return = 0;
  
    /* Decide which rtx_costs structure to use.  */

devel/gcc/patches-14.x/820-libgcc_pic.patch

@@ -31,7 +31,7 @@ Date:   Mon Oct 19 23:26:09 2009 +0000
  ifneq ($(LIBUNWIND),)
  all: libunwind$(SHLIB_EXT)
  libgcc_s$(SHLIB_EXT): libunwind$(SHLIB_EXT)
-@@ -1174,6 +1175,10 @@ install-shared:
+@@ -1177,6 +1178,10 @@ install-shared:
  	chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_eh.a
  	$(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_eh.a
  

devel/gcc/patches-14.x/830-aarch64-libatomic.patch

@@ -0,0 +1,32 @@
+libatomic: Do not enforce march on aarch64
+
+Inspired by The Yocto Project [1].
+
+[1] https://github.com/yoctoproject/poky/blob/51192a79f1717786dda42776f916c3d97ada7971/meta/recipes-devtools/gcc/gcc/0022-libatomic-Do-not-enforce-march-on-aarch64.patch
+
+Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
+
+ libatomic/Makefile.am | 1 -
+ libatomic/Makefile.in | 1 -
+ 2 files changed, 2 deletions(-)
+
+--- a/libatomic/Makefile.am
++++ b/libatomic/Makefile.am
+@@ -130,7 +130,6 @@ libatomic_la_LIBADD = $(foreach s,$(SIZE
+ ## On a target-specific basis, include alternates to be selected by IFUNC.
+ if HAVE_IFUNC
+ if ARCH_AARCH64_LINUX
+-IFUNC_OPTIONS	     = -march=armv8-a+lse
+ libatomic_la_LIBADD += $(foreach s,$(SIZES),$(addsuffix _$(s)_1_.lo,$(SIZEOBJS)))
+ 
+ endif
+--- a/libatomic/Makefile.in
++++ b/libatomic/Makefile.in
+@@ -452,7 +452,6 @@ M_SRC = $(firstword $(filter %/$(M_FILE)
+ libatomic_la_LIBADD = $(foreach s,$(SIZES),$(addsuffix \
+ 	_$(s)_.lo,$(SIZEOBJS))) $(am__append_1) $(am__append_2) \
+ 	$(am__append_3) $(am__append_4)
+-@ARCH_AARCH64_LINUX_TRUE@@HAVE_IFUNC_TRUE@IFUNC_OPTIONS = -march=armv8-a+lse
+ @ARCH_ARM_LINUX_TRUE@@HAVE_IFUNC_TRUE@IFUNC_OPTIONS = -march=armv7-a+fp -DHAVE_KERNEL64
+ @ARCH_I386_TRUE@@HAVE_IFUNC_TRUE@IFUNC_OPTIONS = -march=i586
+ @ARCH_X86_64_TRUE@@HAVE_IFUNC_TRUE@IFUNC_OPTIONS = -mcx16 -mcx16

devel/gcc/patches-14.x/920-specs_nonfatal_getenv.patch

@@ -7,7 +7,7 @@ Date:   Sat Apr 21 03:02:39 2012 +0000
 
 --- a/gcc/gcc.cc
 +++ b/gcc/gcc.cc
-@@ -10319,8 +10319,10 @@ getenv_spec_function (int argc, const ch
+@@ -10337,8 +10337,10 @@ getenv_spec_function (int argc, const ch
      }
  
    if (!value)

devel/gcc/patches-14.x/980-fix-build-error-with-Xcode-16.3.patch

@@ -0,0 +1,47 @@
+From 93954654b87552c4fe0273cab99d0f42f213f7f8 Mon Sep 17 00:00:00 2001
+From: Georgi Valkov <gvalkov@gmail.com>
+Date: Mon, 14 Apr 2025 15:45:59 +0300
+Subject: [PATCH] zlib: fix build error with Xcode 16.3
+
+Xcode 16.3 defines TARGET_OS_MAC, it was not defined in prior versions.
+zutil.h conditionally defines fdopen as NULL when this macro is defined,
+resulting in the following build error:
+
+/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/_stdio.h:318:7: error: expected identifier or '('
+  318 | FILE    *fdopen(int, const char *) __DARWIN_ALIAS_STARTING(__MAC_10_6, __IPHONE_2_0, __DARWIN_ALIAS(fdopen));
+      |          ^
+./zutil.h:147:33: note: expanded from macro 'fdopen'
+  147 | #        define fdopen(fd,mode) NULL /* No fdopen() */
+
+In Xcode 16.2 and earlier, TARGET_OS_MAC was not defined so this entire
+block was ignored, gcc and gdb used to compile and work fine.
+
+This may have been used for compatibility with older versions of macOS,
+but is no longer needed. By pure luck, the build worked fine for a long
+time, because it did not properly detect macOS.
+Fixed by removing the check for TARGET_OS_MAC.
+
+Note that since Xcode 16.3, an entire set of TARGET_OS macros
+are now defined, most of which are set to 0:
+TARGET_OS_LINUX 0
+TARGET_OS_MAC 1
+TARGET_OS_OSX 1
+
+[1] https://github.com/openwrt/openwrt/pull/18467
+
+Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
+---
+ zlib/zutil.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/zlib/zutil.h
++++ b/zlib/zutil.h
+@@ -130,7 +130,7 @@ extern z_const char * const z_errmsg[10]
+ #  endif
+ #endif
+ 
+-#if defined(MACOS) || defined(TARGET_OS_MAC)
++#if defined(MACOS)
+ #  define OS_CODE  7
+ #  ifndef Z_SOLO
+ #    if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os

devel/gitlab-runner/Makefile

@@ -1,54 +0,0 @@
-#
-# Copyright (C) 2020-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gitlab-runner
-PKG_VERSION:=16.0.2
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://gitlab.com/gitlab-org/gitlab-runner/-/archive/v$(PKG_VERSION)
-PKG_HASH:=f874b9babe21ae04007abfc901e9ad4c0c1ec22095d4de3e22e176914683cb5d
-
-PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
-PKG_LICENSE:=MIT
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_BUILD_DIR:=$(BUILD_DIR)/gitlab-runner-v$(PKG_VERSION)
-PKG_BUILD_DEPENDS:=golang/host
-PKG_BUILD_PARALLEL:=1
-PKG_BUILD_FLAGS:=no-mips16
-
-GO_PKG:=gitlab.com/gitlab-org/gitlab-runner
-GO_PKG_LDFLAGS_X:=$(GO_PKG)/common.VERSION=$(PKG_VERSION)
-
-include $(INCLUDE_DIR)/package.mk
-include ../../lang/golang/golang-package.mk
-
-define Package/gitlab-runner
-  SECTION:=devel
-  CATEGORY:=Development
-  TITLE:=Runner for CI/CD
-  URL:=https://docs.gitlab.com/runner
-  DEPENDS:=$(GO_ARCH_DEPENDS)
-endef
-
-define Package/gitlab-runner/description
-  GitLab Runner is an application that works with
-  GitLab CI/CD to run jobs in a pipeline.
-endef
-
-define Package/gitlab-runner/install
-	$(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
-	$(INSTALL_DIR) $(1)/usr/bin/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gitlab-runner $(1)/usr/bin/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gitlab-runner-helper $(1)/usr/bin/
-endef
-
-$(eval $(call GoBinPackage,gitlab-runner))
-$(eval $(call BuildPackage,gitlab-runner))

devel/gitlab-runner/patches/010-test.patch

@@ -1,11 +0,0 @@
---- a/common/buildtest/masking.go
-+++ b/common/buildtest/masking.go
-@@ -55,7 +55,7 @@ func RunBuildWithMasking(t *testing.T, c
- 
- 	buf.Finish()
- 
--	contents, err := buf.Bytes(0, math.MaxInt64)
-+	contents, err := buf.Bytes(0, math.MaxInt32)
- 	assert.NoError(t, err)
- 
- 	assert.NotContains(t, string(contents), "MASKED_KEY=MASKED_VALUE")

devel/gitlab-runner/test.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-gitlab-runner --version | grep "$PKG_VERSION"

devel/lpc21isp/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lpc21isp
 PKG_VERSION:=197
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 PKG_LICENSE:=LGPL-3.0-or-later
 PKG_LICENSE_FILES:=README gpl.txt lgpl-3.0.txt
 

devel/lpc21isp/patches/120-nanosleep.patch

@@ -1,12 +0,0 @@
---- a/lpc21isp.c
-+++ b/lpc21isp.c
-@@ -1130,7 +1130,8 @@ void ClearSerialPortBuffers(ISP_ENVIRONM
- */
- void Sleep(unsigned long MilliSeconds)
- {
--    usleep(MilliSeconds*1000); //convert to microseconds
-+    struct timespec m = { MilliSeconds / 1000 , (MilliSeconds % 1000 ) * 1000 * 1000};
-+    nanosleep(&m, &m); //convert to nanoseconds
- }
- #endif // defined COMPILE_FOR_LINUX
- 

devel/lttng-tools/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lttng-tools
-PKG_VERSION:=2.13.9
+PKG_VERSION:=2.13.15
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://lttng.org/files/$(PKG_NAME)/
-PKG_HASH:=8d94dc95b608cf70216b01203a3f8242b97a232db2e23421a2f43708da08f337
+PKG_HASH:=96ea42351ee112c19dad9fdc7aae93b583d9f1722b2175664a381d2d337703c4
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=LGPL-2.1 GPL-2.0

devel/lttng-tools/patches/020-fix-lttng-tools-fails-to-compile-with-libxml2-2-14-0.patch

@@ -0,0 +1,48 @@
+From 7d669a90212e105b0f669aa2ab38c987b187baab Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 21 May 2025 13:09:25 +0800
+Subject: [PATCH] fix lttng-tools fails to compile with libxml2 2.14.0+
+
+Description:
+| In file included from /srv/pokybuild/yocto-worker/qemux86-alt/build/build/tmp/work/core2-32-poky-linux/lttng-tools/2.13.15/recipe-sysroot/usr/include/libxml2/libxml/parser.h:25,
+|                  from ../../../../lttng-tools-2.13.15/src/common/config/session-config.c:29:
+| /srv/pokybuild/yocto-worker/qemux86-alt/build/build/tmp/work/core2-32-poky-linux/lttng-tools/2.13.15/recipe-sysroot/usr/include/libxml2/libxml/encoding.h:173:7: note: declared here
+|   173 |     } input XML_DEPRECATED_MEMBER;
+|       |       ^~~~~
+| ../../../../lttng-tools-2.13.15/src/common/config/session-config.c:432:15: error: called object is not a function or function pointer
+|   432 |         ret = handler->input(out_str, &out_len, (const xmlChar *) in_str, &in_len);
+|       |               ^~~~~~~
+| At top level:
+| cc1: note: unrecognized command-line option '-Wno-incomplete-setjmp-declaration' may have been intended to silence earlier diagnostics
+
+According to [1][2], the UTF-8 handler is
+```
+static xmlCharEncError
+UTF8ToUTF8(void *vctxt ATTRIBUTE_UNUSED,
+           unsigned char* out, int *outlen,
+           const unsigned char* in, int *inlen,
+           int flush ATTRIBUTE_UNUSED)
+```
+
+Update input.func with setting ATTRIBUTE_UNUSED params with NULL and 0
+
+[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/38f475072aefe032fff1dc058df3e56c1e7062fa
+[2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/69b83bb68e2a8ed0013f80c51b9a358714b00c9a#478024cc18a2cc8dbaed34076e9775f6827f413d_2188_2201
+
+Signed-off-by: Marko, Peter <Peter.Marko@siemens.com>
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ src/common/config/session-config.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/common/config/session-config.c
++++ b/src/common/config/session-config.c
+@@ -429,7 +429,7 @@ static xmlChar *encode_string(const char
+ 		goto end;
+ 	}
+ 
+-	ret = handler->input(out_str, &out_len, (const xmlChar *) in_str, &in_len);
++	ret = handler->input.func(NULL, out_str, &out_len, (const xmlChar *) in_str, &in_len, 0);
+ 	if (ret < 0) {
+ 		xmlFree(out_str);
+ 		out_str = NULL;

devel/make/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=make
 PKG_VERSION:=4.4.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=@GNU/make
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -35,6 +35,8 @@ define Package/make/description
   The Make package contains a tool to create executables from source files.
 endef
 
+TARGET_CFLAGS += -D__GNU_LIBRARY__
+
 define Package/make/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/make $(1)/usr/bin/

devel/patch/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=patch
-PKG_VERSION:=2.7.6
-PKG_RELEASE:=7
+PKG_VERSION:=2.8
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/patch
-PKG_HASH:=ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd
+PKG_HASH:=f87cee69eec2b4fcbf60a396b030ad6aa3415f192aa5f7ee84cad5e11f7f5ae3
 
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=COPYING

devel/patch/patches/010-CVE-2018-6951.patch

@@ -1,24 +0,0 @@
-From 9bf998b5fcbcde1dea0e472dc1538abb97e9012e Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Mon, 12 Feb 2018 16:48:24 +0100
-Subject: [PATCH] Fix segfault with mangled rename patch
-
-http://savannah.gnu.org/bugs/?53132
-* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
-for renames and copies (fix the existing check).
----
- src/pch.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode
-     if ((pch_rename () || pch_copy ())
- 	&& ! inname
- 	&& ! ((i == OLD || i == NEW) &&
--	      p_name[! reverse] &&
-+	      p_name[reverse] && p_name[! reverse] &&
-+	      name_is_valid (p_name[reverse]) &&
- 	      name_is_valid (p_name[! reverse])))
-       {
- 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

devel/patch/patches/020-CVE-2018-1000156.patch

@@ -1,189 +0,0 @@
-From b56779aed483f0036a32a65e62ab7b5e461b07cc Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 6 Apr 2018 12:14:49 +0200
-Subject: [PATCH] Fix arbitrary command execution in ed-style patches
- (CVE-2018-1000156)
-
-* src/pch.c (do_ed_script): Write ed script to a temporary file instead
-of piping it to ed: this will cause ed to abort on invalid commands
-instead of rejecting them and carrying on.
-* tests/ed-style: New test case.
-* tests/Makefile.am (TESTS): Add test case. (OPENWRT REMOVED)
----
- src/pch.c         | 89 +++++++++++++++++++++++++++++++++++------------
- tests/Makefile.am |  1 + (OPENWRT REMOVED)
- tests/ed-style    | 41 ++++++++++++++++++++++
- 3 files changed, 108 insertions(+), 23 deletions(-)
- create mode 100644 tests/ed-style
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -33,6 +33,7 @@
- # include <io.h>
- #endif
- #include <safe.h>
-+#include <sys/wait.h>
- 
- #define INITHUNKMAX 125			/* initial dynamic allocation size */
- 
-@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
-     static char const editor_program[] = EDITOR_PROGRAM;
- 
-     file_offset beginning_of_this_line;
--    FILE *pipefp = 0;
-     size_t chars_read;
-+    FILE *tmpfp = 0;
-+    char const *tmpname;
-+    int tmpfd;
-+    pid_t pid;
-+
-+    if (! dry_run && ! skip_rest_of_patch)
-+      {
-+	/* Write ed script to a temporary file.  This causes ed to abort on
-+	   invalid commands such as when line numbers or ranges exceed the
-+	   number of available lines.  When ed reads from a pipe, it rejects
-+	   invalid commands and treats the next line as a new command, which
-+	   can lead to arbitrary command execution.  */
-+
-+	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
-+	if (tmpfd == -1)
-+	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
-+	tmpfp = fdopen (tmpfd, "w+b");
-+	if (! tmpfp)
-+	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
-+      }
- 
--    if (! dry_run && ! skip_rest_of_patch) {
--	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
--	assert (! inerrno);
--	*outname_needs_removal = true;
--	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
--	sprintf (buf, "%s %s%s", editor_program,
--		 verbosity == VERBOSE ? "" : "- ",
--		 outname);
--	fflush (stdout);
--	pipefp = popen(buf, binary_transput ? "wb" : "w");
--	if (!pipefp)
--	  pfatal ("Can't open pipe to %s", quotearg (buf));
--    }
-     for (;;) {
- 	char ed_command_letter;
- 	beginning_of_this_line = file_tell (pfp);
-@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
- 	}
- 	ed_command_letter = get_ed_command_letter (buf);
- 	if (ed_command_letter) {
--	    if (pipefp)
--		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
-+	    if (tmpfp)
-+		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
- 		    write_fatal ();
- 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
- 	        p_pass_comments_through = true;
- 		while ((chars_read = get_line ()) != 0) {
--		    if (pipefp)
--			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
-+		    if (tmpfp)
-+			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
- 			    write_fatal ();
- 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
- 			break;
-@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char c
- 	    break;
- 	}
-     }
--    if (!pipefp)
-+    if (!tmpfp)
-       return;
--    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
--	|| fflush (pipefp) != 0)
-+    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
-+	|| fflush (tmpfp) != 0)
-       write_fatal ();
--    if (pclose (pipefp) != 0)
--      fatal ("%s FAILED", editor_program);
-+
-+    if (lseek (tmpfd, 0, SEEK_SET) == -1)
-+      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
-+
-+    if (! dry_run && ! skip_rest_of_patch) {
-+	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
-+	*outname_needs_removal = true;
-+	if (inerrno != ENOENT)
-+	  {
-+	    *outname_needs_removal = true;
-+	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
-+	  }
-+	sprintf (buf, "%s %s%s", editor_program,
-+		 verbosity == VERBOSE ? "" : "- ",
-+		 outname);
-+	fflush (stdout);
-+
-+	pid = fork();
-+	if (pid == -1)
-+	  pfatal ("Can't fork");
-+	else if (pid == 0)
-+	  {
-+	    dup2 (tmpfd, 0);
-+	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+	    _exit (2);
-+	  }
-+	else
-+	  {
-+	    int wstatus;
-+	    if (waitpid (pid, &wstatus, 0) == -1
-+	        || ! WIFEXITED (wstatus)
-+		|| WEXITSTATUS (wstatus) != 0)
-+	      fatal ("%s FAILED", editor_program);
-+	  }
-+    }
-+
-+    fclose (tmpfp);
-+    safe_unlink (tmpname);
- 
-     if (ofp)
-       {
---- /dev/null
-+++ b/tests/ed-style
-@@ -0,0 +1,41 @@
-+# Copyright (C) 2018 Free Software Foundation, Inc.
-+#
-+# Copying and distribution of this file, with or without modification,
-+# in any medium, are permitted without royalty provided the copyright
-+# notice and this notice are preserved.
-+
-+. $srcdir/test-lib.sh
-+
-+require cat
-+use_local_patch
-+use_tmpdir
-+
-+# ==============================================================
-+
-+cat > ed1.diff <<EOF
-+0a
-+foo
-+.
-+EOF
-+
-+check 'patch -e foo -i ed1.diff' <<EOF
-+EOF
-+
-+check 'cat foo' <<EOF
-+foo
-+EOF
-+
-+cat > ed2.diff <<EOF
-+1337a
-+r !echo bar
-+,p
-+EOF
-+
-+check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
-+?
-+Status: 2
-+EOF
-+
-+check 'cat foo' <<EOF
-+foo
-+EOF

devel/patch/patches/030-CVE-2018-6952.patch

@@ -1,25 +0,0 @@
-From 71607715f11c9875a5aaaf3240885c45f79138e9 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 17 Aug 2018 13:35:40 +0200
-Subject: [PATCH] Fix swapping fake lines in pch_swap
-
-* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
-blank line in the middle of a context-diff hunk: that empty line stays
-in the middle of the hunk and isn't swapped.
-
-Fixes: https://savannah.gnu.org/bugs/index.php?53133
----
- src/pch.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2115,7 +2115,7 @@ pch_swap (void)
-     }
-     if (p_efake >= 0) {			/* fix non-freeable ptr range */
- 	if (p_efake <= i)
--	    n = p_end - i + 1;
-+	    n = p_end - p_ptrn_lines;
- 	else
- 	    n = -i;
- 	p_efake += n;

devel/patch/patches/050-CVE-2019-13636.patch

@@ -1,101 +0,0 @@
-From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Mon, 15 Jul 2019 16:21:48 +0200
-Subject: Don't follow symlinks unless --follow-symlinks is given
-
-* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
-append_to_file): Unless the --follow-symlinks option is given, open files with
-the O_NOFOLLOW flag to avoid following symlinks.  So far, we were only doing
-that consistently for input files.
-* src/util.c (create_backup): When creating empty backup files, (re)create them
-with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
----
- src/inp.c  | 12 ++++++++++--
- src/util.c | 14 +++++++++++---
- 2 files changed, 21 insertions(+), 5 deletions(-)
-
---- a/src/inp.c
-+++ b/src/inp.c
-@@ -238,8 +238,13 @@ plan_a (char const *filename)
-     {
-       if (S_ISREG (instat.st_mode))
-         {
--	  int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
-+	  int flags = O_RDONLY | binary_transput;
- 	  size_t buffered = 0, n;
-+	  int ifd;
-+
-+	  if (! follow_symlinks)
-+	    flags |= O_NOFOLLOW;
-+	  ifd = safe_open (filename, flags, 0);
- 	  if (ifd < 0)
- 	    pfatal ("can't open file %s", quotearg (filename));
- 
-@@ -340,6 +345,7 @@ plan_a (char const *filename)
- static void
- plan_b (char const *filename)
- {
-+  int flags = O_RDONLY | binary_transput;
-   int ifd;
-   FILE *ifp;
-   int c;
-@@ -353,7 +359,9 @@ plan_b (char const *filename)
- 
-   if (instat.st_size == 0)
-     filename = NULL_DEVICE;
--  if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
-+  if (! follow_symlinks)
-+    flags |= O_NOFOLLOW;
-+  if ((ifd = safe_open (filename, flags, 0)) < 0
-       || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
-     pfatal ("Can't open file %s", quotearg (filename));
-   if (TMPINNAME_needs_removal)
---- a/src/util.c
-+++ b/src/util.c
-@@ -388,7 +388,7 @@ create_backup (char const *to, const str
- 
- 	  try_makedirs_errno = ENOENT;
- 	  safe_unlink (bakname);
--	  while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
-+	  while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
- 	    {
- 	      if (errno != try_makedirs_errno)
- 		pfatal ("Can't create file %s", quotearg (bakname));
-@@ -579,10 +579,13 @@ create_file (char const *file, int open_
- static void
- copy_to_fd (const char *from, int tofd)
- {
-+  int from_flags = O_RDONLY | O_BINARY;
-   int fromfd;
-   ssize_t i;
- 
--  if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
-+  if (! follow_symlinks)
-+    from_flags |= O_NOFOLLOW;
-+  if ((fromfd = safe_open (from, from_flags, 0)) < 0)
-     pfatal ("Can't reopen file %s", quotearg (from));
-   while ((i = read (fromfd, buf, bufsize)) != 0)
-     {
-@@ -625,6 +628,8 @@ copy_file (char const *from, char const
-   else
-     {
-       assert (S_ISREG (mode));
-+      if (! follow_symlinks)
-+	to_flags |= O_NOFOLLOW;
-       tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
- 			  to_dir_known_to_exist);
-       copy_to_fd (from, tofd);
-@@ -640,9 +645,12 @@ copy_file (char const *from, char const
- void
- append_to_file (char const *from, char const *to)
- {
-+  int to_flags = O_WRONLY | O_APPEND | O_BINARY;
-   int tofd;
- 
--  if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
-+  if (! follow_symlinks)
-+    to_flags |= O_NOFOLLOW;
-+  if ((tofd = safe_open (to, to_flags, 0)) < 0)
-     pfatal ("Can't reopen file %s", quotearg (to));
-   copy_to_fd (from, tofd);
-   if (close (tofd) != 0)

devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch

@@ -1,33 +0,0 @@
-From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 6 Apr 2018 19:36:15 +0200
-Subject: Invoke ed directly instead of using the shell
-
-* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
-command to avoid quoting vulnerabilities.
----
- src/pch.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
- 	    *outname_needs_removal = true;
- 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- 	  }
--	sprintf (buf, "%s %s%s", editor_program,
--		 verbosity == VERBOSE ? "" : "- ",
--		 outname);
- 	fflush (stdout);
- 
- 	pid = fork();
-@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
- 	else if (pid == 0)
- 	  {
- 	    dup2 (tmpfd, 0);
--	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+	    assert (outname[0] != '!' && outname[0] != '-');
-+	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
- 	    _exit (2);
- 	  }
- 	else