go1.22.6 (released 2024-08-06) includes fixes to the go command,
the compiler, the linker, the trace command, the covdata command,
and the bytes, go/types, and os/exec packages.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Run make depend before building perl. This fixes parallel build failures
on machines with a high number of cores.
Example error 1:
/bin/ln -s /build/staging_dir/hostpkg/usr/bin/generate_uudmap generate_uidmap
make[5]: ./generate_uudmap: Command not found
make[5]: *** [Makefile:321: bitcount.h] Error 127
Example error 2:
/bin/ln -s /build/staging_dir/hostpkg/usr/bin/generate_uudmap generate_udmap
./generate_uudmap uudmap.h bitcount.h mg_data.h
/bin/ln: failed to create symbolic link 'generate_uudmap': File exists
make[5]: *** [Makefile:325: generate_uudmap] Error 1
Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996953
Link: 366bc98c91
Closes: https://github.com/openwrt/packages/issues/8238
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Ruby 3.3.4 fixes a regression in Ruby 3.3.3 that dependencies are
missing in the gemspec of some bundled gems: net-pop, net-ftp, net-imap,
and prime. The fix allows Bundler to successfully install those gems on
platforms like Heroku. If your bundle install runs correctly now, you
may not have this issue. Other changes are mostly minor bug fixes.
See: https://www.ruby-lang.org/en/news/2024/07/09/ruby-3-3-4-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
When searching for readline, ncurses is needed, which can be ncursesw or
ncurses. Use pkgconfig to avoid the whole situation and simplify.
Also add readline/host as the OS one may be unusable.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Includes the serial module for luasockets (which is already being built)
in the final package. This allows using socket.select() on a serial port
(eg /dev/ttyACM0) which is the easiest way to use a serial-port with
coroutines.
Signed-off-by: Geoffrey Hausheer <rc2012@pblue.org>
go1.22.5 (2024-07-02) includes security fixes to the net/http package,
as well as bug fixes to the compiler, cgo, the go command, the linker,
the runtime, and the crypto/tls, go/types, net, net/http, and os/exec.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Currently, armv5 and armv6 targets are both using armv6 rustc.
Without this patch, rust programs in armv5 targets throw illegal instruction
error.
Signed-off-by: Lu jicong <jiconglu58@gmail.com>
Lua-ffi is a portable lightweight C FFI for Lua, based on libffi
and aiming to be mostly compatible with LuaJIT FFI, but written
from scratch in C language.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Ruby 3.3 adds a new parser named Prism, uses Lrama as a parser
generator, adds a new pure-Ruby JIT compiler named RJIT, and many
performance improvements especially YJIT.
See: https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/
The 3.3.1 release includes security fixes.
- CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
- CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
- CVE-2024-27280: Buffer overread vulnerability in StringIO
See: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/
The 3.3.2 release includes many bug-fixes.
See: https://www.ruby-lang.org/en/news/2024/05/30/ruby-3-3-2-released/
Packaging changes since 3.2.2:
- New packages: ruby-prism and ruby-rjit
- Added /usr/bin/rdbg to ruby-debug
- Added /usr/bin/syntax_suggest to ruby-syntax_suggest
The 3.3.3 release includes:
- RubyGems 3.5.11
- Bundler 2.5.11
- REXML 3.2.8
- strscan 3.0.9
- --dump=prism_parsetree is replaced by --parser=prism --dump=parsetree
- Invalid encoding symbols raise SyntaxError instead of EncodingError
- Memory leak fix in Ripper parsing
- Bugfixes for YJIT, **{}, Ripper.tokenize,
- RubyVM::InstructionSequence#to_binary, --with-gmp, and some build
environments
See: https://www.ruby-lang.org/en/news/2024/06/12/ruby-3-3-3-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
go1.22.4 (released 2024-06-04) includes
security fixes to the archive/zip and net/netip packages,
as well as bug fixes to the compiler,
the go command, the linker,
the runtime, and the os package.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Latest Erlang update incorrectly detects THP as always enabled,
which leads to segmentation fault on systems without transparent hugepages.
Here we manually override configure flag by checking actual option of target kernel.
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
This is an alternative approach to #24209. Instead of switching
to bundled/internal libgd, workaround the capability detection
by giving the information to the build system directly.
PHP's original approach does not work when cross-compiling,
but since it is known which features are enabled in OpenWrt's
build, we can directly enable these features here, too.
This is not that future prove, but should do the job for the
moment until a proper solution was discussed with upstream.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
go1.22.3 (released 2024-05-07) includes security fixes to the go command
and the net package, as well as bug fixes to the compiler, the runtime,
and the net/http package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
If the download directory is on another filesystem (NFS), then the
current implementation of bootstrapping rust fails. Because the 'syscall'
(rename) does not work on crossing filesystem boundary.
This chnage was already merged upstream to the github main rust repository.
rust-lang/rust#124975
The patch has been rebased so that it can be applied correctly.
No functional change.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Preparing to update icu4c to 75.
Created a patch for build errors in php-intl.
```
In file included from /mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/unistr.h:39,
from ext/intl/intl_convertcpp.h:22,
from ext/intl/intl_convertcpp.cpp:17:
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:29: error: 'enable_if_t' in namespace 'std' does not name a template type
133 | typename = std::enable_if_t<
| ^~~~~~~~~~~
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:24: note: 'std::enable_if_t' is only available from C++14 onwards
133 | typename = std::enable_if_t<
| ^~~
/mnt/node/openwrt/staging_dir/target-aarch64_generic_musl/usr/include/unicode/stringpiece.h:133:40: error: expected '>' before '<' token
133 | typename = std::enable_if_t<
| ^
```
The FreeBSD ports patch was used as a reference.
e680bd98d3
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Add new lua version 5.4 required by new version of nmap.
Patches are copied from lua 5.3.
- Readline patch has to be reworked as lua 5.4 now supports
no readline for Linux but still needs some tweaks for macOS
and bsd systems.
- Patch shared lib required some rework.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This is a security release.
Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Reverts [1] to resolve the following build error on macOS:
/Volumes/wrt3200/openwrt/staging_dir/hostpkg/usr/bin/perl installperl --destdir=/Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install
WARNING: You've never run 'make test' or some tests failed! (Installing anyway.)
/usr/bin/perl5.38.2
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: input file: /Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install/usr/bin/perl5.38.2 is not a Mach-O file
[1] 88efce3814
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Make the python-jinja2/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Make the python-yaml/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the
go command, the linker, and the encoding/gob, go/types,
net/http, and runtime/trace packages.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2
Find out more:
https://github.com/golang/go/issues?q=milestone%3AGo1.22.2
Signed-off-by: Shi JiaYang <shi05275@163.com>
Relevant changes since previous 3.9.13:
- FIXED: Fix crash serializing str introduced in 3.9.11
- FIXED: Implement recursion limit of 1024 on orjson.loads()
- FIXED: Use byte-exact read on str formatting SIMD path to avoid crash
- Build now depends on Rust 1.72 or later
- Support serializing numpy.float16 (numpy.half)
- sdist uses metadata 2.3 instead of 2.1
- Improve Windows PyPI builds
Signed-off-by: Timothy M. Ace <openwrt@timothyace.com>
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Go 1.22.1 contains the following security fixes:
- CVE-2024-24783:
crypto/x509: Verify panics on certificates with an unknown public key
algorithm
- CVE-2023-45290
net/http: memory exhaustion in Request.ParseMultipartForm
- CVE-2023-45289
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers
and cookies on HTTP redirect
- CVE-2024-24785
html/template: errors returned from MarshalJSON methods may break
template escaping
- CVE-2024-24784
net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.22.1https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Added a third bootstrap stage since go1.22 (and onwards) requires
at least go1.20.14 to build.[1]
[1]: https://go.dev/doc/go1.22#bootstrap
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof packages.
go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Most packages already use https URLs and for PHP and PECL
package downloads https is working properly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
fabe7500fb
While at it, add LICENSE.txt to PKG_LICENSE_FILES
Fixes: 784f2a519b (python-paho-mqtt: bump to version 1.6.1)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
b3b0cc8 version 0.2.2
85515cd roidmi: initial support for NEX2 Pro
62addc2 isort imports
8695649 README: update other govee to govee_ht
33f6ade ruuvitag: remove device class for counter
2099607 Rename key govee->govee_ht
12acacd codestyle updates
dbba43d ruuvitag: drop redundant import
84878e0 base: add and use HumidityTemperatureSensor
e9f0046 xiaomi_lywsd03_atc: make send_custom a class variable
2f4809a base: use lowercase for instance variable
5b1af17 govee: add manufacturer
7891691 ruuvitag: add manufacturer
cfd799b ruuvitag: remove inheritance from SubscribeAndSetDataMixin
7be28a1 codestyle updates
bffcf5e Add Govee H5074 temperature/humidity sensor support (#77)
Signed-off-by: Quintin Hill <stuff@quintin.me.uk>
Relevant changes since 3.9.10:
- Improve performance of serializing. str is significantly faster. Documents
using dict, list, and tuple are somewhat faster.
- FIXED: Minimal musllinux_1_1 build due to sporadic CI failure.
Signed-off-by: Timothy Ace <openwrt@timothyace.com>
Hirokazu MORIKAWA