Compile tested: OpenWRT-23.05-rc2, arm_cortex-a7_neon-vfpv4, mips_24kc
Run tested: arm_cortex-a7_neon-vfpv4 (Linksys MR8300), mips_24kc (tplink_archer-a7), OpenWrt 23.05-rc2)
* Update package nlohmannjson to version 3.11.2.
* Version 3.11.2 is source compatible with 3.10.2 so no package should fail to compile
* From version 3.11.2 on forward template declarations are collected in the file
json_fwd.hpp. The json.hpp still contains all template definitions.
Because in most compilation units of a software package only the file json_fwd.hpp
needs to be included, the compilation process is accelerated a lot.
Signed-off-by: Volker Christian <me@vchrist.at>
Executables depending on binary package libmagic segfault in case
package file is not installed. Libmagic needs file
/usr/share/misc/magic to not segfault. Thus, install
/usr/share/misc/magic along with libmagic and not with file.
Signed-off-by: Volker Christian <me@vchrist.at>
with gcc 13 libwebsockets fails with -Werror=enum-int-mismatch with both
SSL variants. These 2 patches work out that issue. Problem is mentioned
as a issue in openwrt/packages#20949 and instead of overriding issue
with appropriate CFLAGS, this approach was suggested for me as it's
been made as a PR (for openssl) at warmcat/libwebsockets#2824
Second patch for mbedtls, was made by me using same approach
as was used of openssl.
Eventually these propably will be merged into libwebsockets mainstream.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
The initial value takes 80kB of memory for each HTTP/2 connection
which is a lot on small devices. Using 8kB instead saves a fair
amount of memory without sacrificing performance.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
The map takes a fair amount of memory and the only consumer of this
library, dnsdist, does not need it.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
The only package using this library, dnsdist, does not require it
so let's save space and PSS memory.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
This is a security and bugfix release.
Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation
Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
1.45.0
* linux: introduce io_uring support
* src: add new metrics APIs
* unix,win: give thread pool threads an 8 MB stack
* win,unix: change execution order of timers
1.44.2
* loop: better align order-of-events behavior between platforms
* zos: fix fs event not fired if the watched file is moved/removed/recreated
* win: Fix pipe resource leak if closed during connect (and other bugs)
* zos: don't error when killing a zombie process
* macos: avoid posix_spawnp() cwd bug
* kqueue: skip EVFILT_PROC events when invalidating events for an fd.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Tests are breaking compilation for mipsel targets because of the removal
of the sysmips call. Let's just not build them.
While at it, remove patches from 1.1 version and move the current ones
to the default 'patches' directory.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
ICU 73.2 updates to CLDR 43.1 locale data. These are maintenance releases for ICU 73 and CLDR 43, with limited sets of bug fixes and no API or structural changes.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
A compiler bug (suspiciously) blocks gnulib compilation for
mipsel_24kc_24kf. While we had this patch to disable gnulib, it was
accidentally removed by 5d27631d9f. Add it
back to fix the long broken build for mipsel_24kc_24kf.
Fixes: #19511
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
Imported patches included in debian and other package.
* 200-Fix-NULL-pointer-crashes-from-175.patch
CVE-2021-3502
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
* 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
* 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly".
Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit.
* 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time.
* 204-Emit-error-if-requested-service-is-not-found.patch
It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.
* 205-conf-file-line-lengths.patch
Allow avahi-daemon.conf file to have lines longer than 256 characters (new limit 1024).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
From the documentation:
GNU MPC is a portable library written in C for arbitrary precision
arithmetic on complex numbers providing correct rounding. It implements
a multiprecision equivalent of the C99 standard. It builds upon the GNU
MP and the GNU MPFR libraries.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
From the documentation:
MPFR is a portable library written in C for arbitrary precision
arithmetic on floating-point numbers. It is based on the GNU MP library.
It aims to provide a class of floating-point numbers with precise
semantics.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Zabbix verifies the version of gnutls by search in the header gnutls.h.
This is done with 'cat' and 'egrep'. The problem here is now that the
preprocess definition did changed in gnutls.h, so the regex does not
match anymore.
The following error message acourse in the log:
> configure: error: GnuTLS library version requirement not met (>= 3.1.18)
To fix this backport an upstream patch to let the regex work again.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Backport an upstream fix to replace these old data types.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
pcre is no longer needed in the base repository. However, some packages
still rely on it in the packages and telephony feed.
Cross-reference to base repository:
e3e6652a550d ("pcre: move package to packages feed")
While working on it remove AUTORELEASE.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The package is needed by selinux, so it was moved to the base repository.
Remove it from openwrt packages feed.
Cross-reference:
c39b0646f3f2 ("pcre2: import pcre2 from packages feed")
Signed-off-by: Nick Hainke <vincent@systemli.org>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Fix compilation warning due to wrong cast.
In file included from ./include/linux/kernel.h:19,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:16:
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c: In function 'dmx_usb_write':
./include/linux/kern_levels.h:5:25: error: format '%d' expects argument of type 'int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Werror=format=]
5 | #define KERN_SOH "\001" /* ASCII Start Of Header */
| ^~~~~~
./include/linux/printk.h:422:25: note: in definition of macro 'printk_index_wrap'
422 | _p_func(_fmt, ##__VA_ARGS__); \
| ^~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:41:45: note: in expansion of macro 'printk'
41 | #define dbg(format, arg...) do { if (debug) printk(KERN_DEBUG __FILE__ ": " format "\n" , ## arg); } while (0)
| ^~~~~~
./include/linux/kern_levels.h:15:25: note: in expansion of macro 'KERN_SOH'
15 | #define KERN_DEBUG KERN_SOH "7" /* debug-level messages */
| ^~~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:41:52: note: in expansion of macro 'KERN_DEBUG'
41 | #define dbg(format, arg...) do { if (debug) printk(KERN_DEBUG __FILE__ ": " format "\n" , ## arg); } while (0)
| ^~~~~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:409:9: note: in expansion of macro 'dbg'
409 | dbg("%s - minor %d, count = %d", __FUNCTION__, dev->minor, count);
| ^~~
cc1: all warnings being treated as errors
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fix simple compilation warning with checking statically allocated
variables and missing fallthrough.
Fix compilation warning:
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'ring_release':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:5489:6: error: the comparison will always evaluate as 'true' for the address of 'name' will never be NULL [-Werror=address]
5489 | && pfr->zc_device_entry->zc_dev.dev->name) {
| ^~
In file included from ./include/linux/rtnetlink.h:7,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:84:
./include/linux/netdevice.h:1986:33: note: 'name' declared here
1986 | char name[IFNAMSIZ];
| ^~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'ring_bind':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:5620:18: error: the comparison will always evaluate as 'false' for the address of 'sa_data' will never be NULL [-Werror=address]
5620 | if(sa->sa_data == NULL)
| ^~
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:82:
./include/linux/socket.h:34:25: note: 'sa_data' declared here
34 | char sa_data[14]; /* 14 bytes of protocol address */
| ^~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'hash_pkt_cluster':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:3937:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
3937 | if(l3_proto == IPPROTO_TCP)
| ^
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:3944:3: note: here
3944 | case cluster_per_flow_2_tuple:
| ^~~~
cc1: all warnings being treated as errors
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Since a few days staging_dir/host/share/aclocal/ contains new m4 files
(libunistring-base.m4, libunistring-optional.m4, libunistring.m4 etc.)
that get applied during autoreconf. This changes the libunistring setup
enough that we run into problem (builds fail).
Load the libunistring-optional gnulib module in configure.ac to be able
to add/use the new configure switch "--with-included-libunistring".
This is at most a workaround. This should be followed up with gnutls
upstream to clean this up.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
When building with cmake we don't get libvorbis*.so.N which means that
some applications may fail to dynamically load libvorbis libraries.
This seems to be a problem specific to cmake (autotools builds work).
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
If buildsystem does not have a internet connection, then the build
fails. This is because of the fact, that glib2 is downloading and building
the missing dependencies during host compilation.
This cannot be allowed to happen. The package must also be built without
an internet connection.
Adding the missing host build dependency and removing the 'forcefallback'
fixes this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Fixes: https://github.com/openwrt/openwrt/issues/12542
The detailed list of changes follows:
* Version 3.8.0 (released 2023-02-09)
** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
** libgnutls: C++ library is now header only. All definitions from
gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++
interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
** libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
** libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. To enable back
support for it, supply --enable-heartbeat-support to configure
script.
** libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not up to
date with the latest TLS standards and its ciphersuites are based
on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
** libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
** guile: Guile-bindings removed.
They have been extracted into a separate project to reduce complexity
and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
** minitasn1: Upgraded to libtasn1 version 4.19.
** API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
Signed-off-by: Antonio Flores <antflores627@gmail.com>
Remove libxml2 that was moved into the main OpenWrt repo.
Commit in OpenWrt: 9b0b46985c112c664354dc745d8cfb313166744b
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Remove gperf that was moved into the main OpenWrt repo.
Commit in OpenWrt: 2070a2ca27bdb2b1e4e1587274e192e42f247516
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().
Use the latter since the return value is explicitely X509_free()ed
here, see [0].
[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html
Signed-off-by: Andre Heider <a.heider@gmail.com>
Do not build shared libraries to avoid host programs to dynamic link
libraries at non-standard paths.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Description:
It updates to CLDR 43 locale data with various additions and corrections.
ICU 73 improves Japanese and Korean short-text line breaking, reduces C++ memory use in date formatting, and promotes the Java person name formatter from tech preview to draft.
ICU 73 and CLDR 43 are minor releases, mostly focused on bug fixes and small enhancements. (The fall CLDR/ICU releases will update to Unicode 15.1 which is planned for September.)
ICU 73 updates to the time zone data version 2023c (2023-mar). Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
See commit 07730ff3 "treewide: add support for "lto" in PKG_BUILD_FLAGS"
on the main repository.
Note: Some packages only added `-flto` to CFLAGS and not LDFLAGS. This
fixes it and properly enables LTO.
Signed-off-by: Andre Heider <a.heider@gmail.com>
See commit da370098 "treewide: add support for "gc-sections" in
PKG_BUILD_FLAGS" on the main repository.
Note: This only touches packages which use all three parts
(-ffunction-sections, -fdata-sections and -Wl,--gc-sections) enabled by
this build flag. Some packages only use a subset, and these are left
unchanged for now.
Signed-off-by: Andre Heider <a.heider@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This adapts the package to the new include/openssl-module.mk, and
updated runtime configuration.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adapts the package to the new include/openssl-module.mk, and
updated runtime configuration.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
After recent autotools update, rpcsvc-proto no longer
compiles without autoreconf fixup because automake 1.15
is not found.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Allow build of libjpeg as a static library as well;
one is provided for libpng and possibly for other
formats as well.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
This adds a host build which can be used later by tools,
e.g. swig - which in turn is used by gensio package to
provide python bindings.
While at, switch back from $(AUTORELEASE).
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reverts commit 983835afe6.
I merged the library update to v2.0 to fast, it breaks openocd build
due to API change.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reverts commit 82ea104b97.
I merged the library update to v2.0 to fast, it breaks openocd build
due to API change.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
