The engine configuration directory was moved to /etc/ssl/modules.cnf.d/,
but the gost_engine package was using /etc/ssl/engines.cnf.d/ by
mistake.
Fixes: 3b2fcd6b2 ("gost_engine: adapt to new engine build config")
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
It seems that PR #24113 introduced incorrect hashes for multiple packages.
So, lets fix all of them at once.
Signed-off-by: Robert Marko <robimarko@gmail.com>
* switch back to using tar.gz archives, switch to xz was
probably unnecessary and the previous problem building
from the tagged release gz was probably cache-related
* drop maintainership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
GCC 14 does not like 1 as the second parameter to calloc.
Clean up definition to avoid using PKG_SOURCE_DATE and to just use
PKG_VERSION.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
3.6 removed mbedtls_x509_get_cert into private header, redefined it in resonable place to temperatly fix it, and make it not depend on mbedtls_version_C. everything is upstreamed so won't need when upstrea release 4.3.4
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Now that all in-tree users (avrdude and openocd) are capable to use
libgpiod v2 API, we can finally update libgpiod to the newer version.
While at, introduce the C++ wrapper as new package.
The Python package now uses OpenWrt's Python build infrastructure.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This package is no longer actively maintained as it reached
End-of-Life. [1] All new projects should use PCRE2.
OpenWrt wants to be minimalistic and we migrated many packages
from PCRE to PCRE2 huge thanks belong to @Ansuel (Christian Marangi),
who worked with several open-source projects to migrate it to PCRE2 [2].
This means that on routers, we don't need to have installed two libraries
(pcre and pcre2) side by side.
[1] https://www.pcre.org/
[2] https://github.com/openwrt/packages/issues/22006
Fixes: https://github.com/openwrt/packages/issues/22006
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: 5d273f0f5f ("zlog: fix version for APK")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: cb9fcdab8a ("libqmi: add missing PKG_VERSION for APK ")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: 6efdaecf5b ("libmbim: add missing PKG_VERSION for APK")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: 0c13c5e3c8 ("faad2: fix version for APK")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Unicode® ICU 75 updates to CLDR 45 (beta blog) locale data with new locales and various additions and corrections. C++ code now requires C++17 and is being made more robust.
The CLDR MessageFormat 2.0 specification is now in technology preview, together with a corresponding update of the ICU4J (Java) tech preview and a new ICU4C (C++) tech preview.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
For the InstallDev target, the pkg-config should point to the glib2 host
tools for glib_compile_resources, gdbus_codegen, glib_genmarshal and
glib_mkenums instead of pointing to the targets ones as they are
unusable by the host machine (due to crosscompiling)
Fix the pkg-config to reference the host tools by replaying the entry
and use the prefix_hostpkg variable provided by our pkg-config.
Link: https://github.com/openwrt/packages/pull/23881
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* switch back to using tar.gz archives, switch to xz was
probably unnecessary and the previous problem building
from the tagged release gz was probably cache-related
* drop maintainership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
All patches automatically refreshed.
The most important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:
- CVE-2024-28834 / GNUTLS-SA-2023-12-04
A vulnerability was found that the deterministic ECDSA code leaks
bit-length of random nonce which allows for full recovery of the
private key used after observing a few hundreds to a few thousands of
signatures on known messages, due to the application of lattice
techniques.
The issue was reported in the issue tracker as [#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516).
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
When validating a certificate chain with more then 16 certificates
GnuTLS applications crash with an assertion failure.
The issue was reported in the issue tracker as [#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527) and [#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525).
Augmented copy/extract from upstream's NEWS file since GnuTLS 3.8.3:
- Version 3.8.5 (released 2024-04-04)
- libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
- libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
- libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See [#1535](https://gitlab.com/gnutls/gnutls/-/issues/1535) and [!1827](https://gitlab.com/gnutls/gnutls/-/merge_requests/1827).
- build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of `nettle_rsa_compute_root_tr()`.
- API and ABI modifications:
- `GNUTLS_PKCS_PBES1_DES_SHA1`: New enum member of `gnutls_pkcs_encrypt_flags_t`.
- Version 3.8.4 (released 2024-03-18)
- libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a `gnutls_x509_spki_t` object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
- libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis ([#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516)).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
- libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff ([#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525))
and yixiangzhike ([#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527)).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
- libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
- build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
- API and ABI modifications:
- `gnutls_x509_spki_get_rsa_oaep_params`: New function.
- `gnutls_x509_spki_set_rsa_oaep_params`: New function.
- `GNUTLS_PK_RSA_OAEP`: New enum member of `gnutls_pk_algorithm_t`.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass. This patch hacks
the file to set to the correct value.
Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216https://github.com/intel/hyperscan/issues/431
Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Manage the activation of Apple iOS devices
There have been no releases since 2020-06-16.
Use the latest git 6925d58ef7994168fb9585aa6f48421149982329
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
There have been no releases since 2020-06-16.
Update to the latest git 5f083426b4ede24b2576f3a56eaf8ac3632c02f7
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Josef Schlehofer