Cleaned up configure arguments (alphabetized and sorted) and added some
new ones to help speed up compilation.
Disabled SSL support by default. SSLv2 and 3 have long been deprecated as
they are both insecure variants that currently hold less than 10% of total
encrypted traffic on the web.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Removed most patches as they are no longer necessary for compilation.
Added some compiler and linker flags to reduce size.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Revert the addition of build dependency in commit 2d1694ff7
to a non-existent host build of zlib.
The host build of zlib was removed already in April 2018 by
8dcd941d8b (diff-1ed408c61d79f9c6c5d197333e94ce8d)
which made zlib a build tool defined in /tools
The newly introduced build dependency causes always a warning like:
WARNING: Makefile 'package/feeds/packages/postgresql/Makefile'
has a build dependency on 'zlib/host', which does not exist
Not sure what was the error that 2d1694ff7 tried to fix,
but reference to a non-existent host build is not the solution.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
With crypt(3) password storage scheme enabled, OpenLDAP can receive and
store SHA-256 and SHA-512 password hashes from Samba AD-DC. Without
crypt(3), synchronization of passwords between Samba AD-DC (v4.5 and
above) and OpenLDAP requires use of cleartext passwords.
To use password hashes from Samba, OpenLDAP must be compiled with
--enable-crypt switch. This patch introduces a new configuration
parameter to enable the use of crypt(3) function by OpenLDAP.
Enabling crypt(3) increases the size of slapd binary by 12 bytes on
the x86_64 target and by only 4 bytes on the ipq806x target.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
If the cpp lib is added after pcre is first compiled, pcre will
not be reconfigured and the build will fail.
Fix this by always building the cpp parts.
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
spotted on buildbot trying postgresql/host build:
configure: error: zlib library not found
Fix this by adding zlib/host to HOST_BUILD_DEPENDS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Release 0.37.0 was not actually released. From the git log, there are
two functional changes about optimization by using float points directly
Bump version to 0.38.0
pixman: Use maximum precision for pixman-bits-image, v2.
Implement floating point gradient computation, v2.
build: Add meson files to EXTRA_DIST
editorconfig: use tabs for Makefiles
Merge remote-tracking branch 'origin/master'
Post release version bump to 37.1
gitlab-ci: Add meson build to pipeline test
meson: Add a meson build system
Add .editorconfig file
Bump version to 0.36.0
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This fixes compilation with glibc and uClibc for the included
sample programs as reported by builtbots for e.g. arc target:
-snip-
In file included from ../../upnp/inc/upnp.h:402:0,
from common/sample_util.h:49,
from common/sample_util.c:42:
../../upnp/inc/FileInfo.h:22:2: error: #error libupnp uses large file support, so users must do that, too
#error libupnp uses large file support, so users must do that, too
^~~~~
Makefile:577: recipe for target 'common/tv_ctrlpt-sample_util.o' failed
-snap-
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
libcgroup also contains cgroup-utils, which make it very handy to work
with user defined cgroups settings.
It let's you define cgroups in a json like config file and execute them on the cmdline.
Example:
/etc/cgroup.conf:
----------------
group lowbob {
cpu { cpu.shares="1"; }
cpuacct { cpuset.cpu = "0" }
memory { memory.limit_in_bytes = 10m; }
blkio { ... }
...
}
----------------
cgconfigparser -l /etc/cgroup.conf
cgexec -g cpu,memory,blkio:/lowbob cpuintense-task
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
This commit fixes the bug described in issue #8146 [1], where the
package fails to build if the boost package is selected without
selecting any of the internal non-header-only libraries.
[1]: https://github.com/openwrt/packages/issues/8146
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Disabled doc and valgrind tests to speed up compilation.
Added --disable-ld-version-script to reduce compiled size.
Added -Wl,--gc-sections to reduce compiled size.
From 28339 to 27700 bytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Disable debug to save some space: 163689 vs. 155034 bytes.
Add -Wl,--gc-sections. Down to 138627 bytes.
Miscellaneous cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove patches 001-fix-unused.patch and 002-replace-nitems.patch,
similar fixes to make libudev-fbsd compile were applied upstream.
Refresh remaining patches.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The inline if statement does not work correctly. Moved it to a more proper place.
Also changed the install to install the symlinks as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Instead of libextractor-1.8.tar.gz, the SHA-256 sum of
libextractor-1.8.tar.gz.sig was entered by accident.
Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reduces package size
175705 to 162704 bytes on mt7621
Also removed NTLM auth support. Brings size down to 161433
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Update to 0.9.62
Various cosmetic changes to Makefile
Fix variants and default to no ssl variant
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Remove FPIC as it is already default. Both fPIC and DPIC are passed.
Some extra configure arguments to speed up build times.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add keyctl binary, which can be used to add fscrypt support to ext4 and
other filesystems that support it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some of these were introduced after the Makefile was written. Adding them
guarentees fewer issues down the road.
Also did some small reorganization for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
classpath builds with -Wextra and, unless configured with
--disable-werror, -Werror. Since GCC 7 added -Wimplicit-fallthrough=3
to -Wextra we need to make it not an error for code that doesn't use
__attribute__((fallthrough)) yet.
Signed-off-by: Daniel Santos <daniel.santos@pobox.com>
Depends on PR #7126
With this change:
eb03aa43b9
boost iostreams supports zstd compression. If the zstd package is built
before boost, then the packaging step complains that libzstd.so is not
packaged.
Build Tested: PR #7876 used to fail CI without this, now it passes.
Signed-off-by: Amol Bhave <ambhave@fb.com>
Also drop the CVE patches which are already covered by this new release.
Compile tested for and run tested on mxs platform.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
libp11 uses OpenSSL's ENGINE quite extensively with seemingly no simple
way to disable it. Add it as a dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ENGINE support is needed for GOST, which is already disabled. However, it
is going to be disabled by default in a future update. This fixes the
compilation failure.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Upstream switched to GitHub for releases. Follow suit.
Rearranged Makefile quite a bit to be more similar to other projects.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_CPE_ID for proper CVE tracking.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The dependent packages fail to build when using uclibc++ due to some
missing feature. It's probably easy to add a fix but for right now, switch
back to fix compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit:
- adds support for parallel builds (the possibilities of building parts
of sqlite3 in parellel are limited, but there is no downside)
- adds a CVE/CPE ID
- Removes useless "=1" from -D[EFINES]
- Adds --disable-debug (default anyway, just makes it explicit), put
--disable-static-shell up top to sort the list alphabetically
- Saves one INSTALL_DIR line in the end
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
sqlite3 can use libedit, readline or disable command-line editing
support altogether. This commit adds a choice to menuselect.
The default is changed from readline to libedit, as the latter is
upstream's first choice and is also a bit smaller than readline.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Adds (most) configure switches to menuselect. The defaults are _not_
changed, meaning the default configuration itself remains the same.
This enables changing the configuration through menuselect and adds
flags that other packages may use.
Config.in is renamed to Config-lib.in in anticipation of a future commit
where the cli tool package also gets a file to source.
The variables also get a prefix change from SQLITE to SQLITE3 in case
there will be a new major release in the future that may coexist with
sqlite3.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Even if /etc/asound.conf isn't installed we should try to
preserve user configurations during sysupgrades
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Set platform specfic flags to avoid sqlite using built-in variants
Remove CONFIGURE_VARS, already properly set by toolchain
Change order of TARGET_CFLAGS to match upstream documentation
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
This patch updates OpenLDAP to 2.4.47, introduces new build
parameters and places openldap-server, openldap-utils and
libopenldap under a separate menu item in Network.
OpenLDAP is difficult to find in menuconfig at present. Making
a separate menu item for OpenLDAP for selection of packages and
enabling or disabling build parameters makes better sense.
To have access to the loglevel directive, OpenLDAP must be built
with debugging information. Having access to the loglevel directive
is essential during the initial configuration of OpenLDAP server.
International users may want to enable ICU support to have access
to international characters.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
This package update provides one new library:
-> Safe Numerics: A library for guaranteed correct integer arithmetic for
C++14 and later, from Robert Ramey [1].
Discontinued Libraries
-> Signals (v1) is now removed. Its removal was announced in 1.68 and its
deprecation was announced in 1.54. Boost 1.68 is the last release that
provides this library. Users are encouraged to use Signals2 instead.
The Boost community thanks Douglas Gregor for his work on Signals which
served its users well and which also inspired Signals2 [2].
More info can be found at the usual place [3].
[1] : https://www.boost.org/doc/libs/1_69_0/libs/safe_numerics/doc/html/index.html
[2] : https://www.boost.org/doc/libs/1_69_0/doc/html/signals2.html
[3] : https://www.boost.org/users/history/version_1_69_0.html
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:
https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
A remote code execution vuln has been found in sqlite. Infos available
here:
https://blade.tencent.com/magellan/index_en.html
sqlite 3.26.0 contains the fix.
This commit also changes source URL to https.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Move to new GitHub fork and switch to codeload tarballs.
Backported upstream patch to fix compilation.
Also update URL to fix uscan.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Copy vapi files to unversioned vala dir.
Added vala/host to PKG_BUILD_DEPENDS.
Removed TARGET_LDFLAGS
Removed copyright lines
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Save a copy of unixodbc_conf.h in STAGING_DIR to be used by host build.
Use STAGING_DIR/tmp/unixodbc instead of include.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Drops an openssl deprecation patch applied upstream.
Changes since 3.0.0, the following list of websocket related features:
* gzip+brotli compression in the webserver
* threadpools
* string tokenizers
* http reverse proxies
* managed disk cache
Full changes at https://libwebsockets.org/git/libwebsockets/tree/changelog?id=89eedcaa94e1c8a97ea3af10642fd224bcea068f#n4
Tested on ath79, and classic usage of libwebsockets to provide
websockets support to a C application.
Signed-off-by: Karl Palsson <karlp@etactica.com>
ac_cv_header_libunwind_h needs to be set to 0, as ac_cv_have_libunwind_h
overwritten based on the former's value.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The soname is not set to the full version, but only major.minor.
This uses libyaml-cpp.so.?.? to try to get it right.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Update to 10.03.0000.
--with-unixodbc should point to the odbc_config binary, not to the top
of the install directory $(STAGING_DIR)/usr.
Acked-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
bootstrapping.c:225:6: warning: implicit declaration of function 'blacklist_is_enabled' [-Wimplicit-function-declaration]
bootstrapping.c:226:3: warning: implicit declaration of function 'blacklist_blacklist_id'; did you mean 'dht_blacklisted'? [-Wimplicit-function-declaration]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For host compilation, the configure-generated config.h from the target
compilation is used in place of the host-generated file. When the
target package is compiled with clean-build, that file is gone. This
saves the file under $(STAGING_DIR), and fetch it from there.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
When copying config.h from PKG_BUILD_DIR to HOST_BUILD_DIR, LIB_PREFIX
is set to /usr/lib. Then when odbc_config is run, it reports /usr/lib
as the --lib-dir, and in --libs as well, and dependent packages may
fail. Set it to $(STAGING_DIR)/usr/lib to make it right.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
tiff 4.0.10 added two new compression codecs, ZSTD and WebP. If the
respective libraries are found, these codecs will be built. Currently
they're not built, because these libraries do not exist in OpenWrt.
This commit adds the configure switches to disable these codecs. It's
likely that any of these libs will make their way into OpenWrt sooner or
later, so this commit prevents the related build failures (missing
depends).
If there is a need to enable these codecs in tiff in the future, then
this can be done, obviously, but at least there will be no build failure
suprises in the meantime.
Also, this commit corrects the homepage of libtiff.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The lstopo utility has support for it. As ncurses is quite widespread,
might as well add support instead of patching it out.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Loudmouth enforces -Werror which errors on deprecated APIs.
Also switched to codeload for Makefile consistency between projects.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Buildbots are missing lex, which is normally a symlink to flex. This
solution is used elsewhere in the package but missing here.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
