The kernel knows about /sbin/request-key *at that path*, and the shipped
configuration file presumes that /sbin/key.dns_resolver and /bin/keyctl are the
correct paths.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
This commit updates boost to version 1.85.0
New available libraries:
* *Charconv:* A high quality implementation of <charconv> in C++11,
from Matt Borland. [2]
* *Scope:* A collection of scope guard utilities and a
unique_resource wrapper, from Andrey Semashev. [3]
More info about Boost 1.85.0 can be found at the usual place [1].
[1]: https://www.boost.org/users/history/version_1_85_0.html
[2]: https://www.boost.org/libs/charconv/
[3]: https://www.boost.org/libs/scope/
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
libfido2 is licensed under the BSD 2-clause license as per:
https://github.com/Yubico/libfido2/
Update package Makefile to correctly reflect this.
Signed-off-by: Rahul Thakur <rahul.thakur@iopsys.eu>
This release includes enhancements and bug fixes.
This release is ABI compatible with the previous release.
See: https://github.com/webmproject/libvpx/releases/tag/v1.14.1
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Update to latest version.
Changelog: https://github.com/snort3/libdaq/releases/tag/v3.0.15
,,_ -*> Snort++ <*-
o" )~ Version 3.1.84.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.15
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 10.42 2022-12-11
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-05-26
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
The engine configuration directory was moved to /etc/ssl/modules.cnf.d/,
but the gost_engine package was using /etc/ssl/engines.cnf.d/ by
mistake.
Fixes: 3b2fcd6b2 ("gost_engine: adapt to new engine build config")
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
It seems that PR #24113 introduced incorrect hashes for multiple packages.
So, lets fix all of them at once.
Signed-off-by: Robert Marko <robimarko@gmail.com>
* switch back to using tar.gz archives, switch to xz was
probably unnecessary and the previous problem building
from the tagged release gz was probably cache-related
* drop maintainership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
GCC 14 does not like 1 as the second parameter to calloc.
Clean up definition to avoid using PKG_SOURCE_DATE and to just use
PKG_VERSION.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
3.6 removed mbedtls_x509_get_cert into private header, redefined it in resonable place to temperatly fix it, and make it not depend on mbedtls_version_C. everything is upstreamed so won't need when upstrea release 4.3.4
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Now that all in-tree users (avrdude and openocd) are capable to use
libgpiod v2 API, we can finally update libgpiod to the newer version.
While at, introduce the C++ wrapper as new package.
The Python package now uses OpenWrt's Python build infrastructure.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This package is no longer actively maintained as it reached
End-of-Life. [1] All new projects should use PCRE2.
OpenWrt wants to be minimalistic and we migrated many packages
from PCRE to PCRE2 huge thanks belong to @Ansuel (Christian Marangi),
who worked with several open-source projects to migrate it to PCRE2 [2].
This means that on routers, we don't need to have installed two libraries
(pcre and pcre2) side by side.
[1] https://www.pcre.org/
[2] https://github.com/openwrt/packages/issues/22006
Fixes: https://github.com/openwrt/packages/issues/22006
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: 5d273f0f5f ("zlog: fix version for APK")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: cb9fcdab8a ("libqmi: add missing PKG_VERSION for APK ")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: 6efdaecf5b ("libmbim: add missing PKG_VERSION for APK")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Due to the change in the version description, the package must be
downloaded again. In addition, the standard compression method has changed
to zst. The checksum must therefore be recalculated.
Fixes: 0c13c5e3c8 ("faad2: fix version for APK")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Unicode® ICU 75 updates to CLDR 45 (beta blog) locale data with new locales and various additions and corrections. C++ code now requires C++17 and is being made more robust.
The CLDR MessageFormat 2.0 specification is now in technology preview, together with a corresponding update of the ICU4J (Java) tech preview and a new ICU4C (C++) tech preview.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
For the InstallDev target, the pkg-config should point to the glib2 host
tools for glib_compile_resources, gdbus_codegen, glib_genmarshal and
glib_mkenums instead of pointing to the targets ones as they are
unusable by the host machine (due to crosscompiling)
Fix the pkg-config to reference the host tools by replaying the entry
and use the prefix_hostpkg variable provided by our pkg-config.
Link: https://github.com/openwrt/packages/pull/23881
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* switch back to using tar.gz archives, switch to xz was
probably unnecessary and the previous problem building
from the tagged release gz was probably cache-related
* drop maintainership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
All patches automatically refreshed.
The most important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:
- CVE-2024-28834 / GNUTLS-SA-2023-12-04
A vulnerability was found that the deterministic ECDSA code leaks
bit-length of random nonce which allows for full recovery of the
private key used after observing a few hundreds to a few thousands of
signatures on known messages, due to the application of lattice
techniques.
The issue was reported in the issue tracker as [#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516).
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
When validating a certificate chain with more then 16 certificates
GnuTLS applications crash with an assertion failure.
The issue was reported in the issue tracker as [#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527) and [#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525).
Augmented copy/extract from upstream's NEWS file since GnuTLS 3.8.3:
- Version 3.8.5 (released 2024-04-04)
- libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
- libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
- libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See [#1535](https://gitlab.com/gnutls/gnutls/-/issues/1535) and [!1827](https://gitlab.com/gnutls/gnutls/-/merge_requests/1827).
- build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of `nettle_rsa_compute_root_tr()`.
- API and ABI modifications:
- `GNUTLS_PKCS_PBES1_DES_SHA1`: New enum member of `gnutls_pkcs_encrypt_flags_t`.
- Version 3.8.4 (released 2024-03-18)
- libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a `gnutls_x509_spki_t` object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
- libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis ([#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516)).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
- libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff ([#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525))
and yixiangzhike ([#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527)).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
- libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
- build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
- API and ABI modifications:
- `gnutls_x509_spki_get_rsa_oaep_params`: New function.
- `gnutls_x509_spki_set_rsa_oaep_params`: New function.
- `GNUTLS_PK_RSA_OAEP`: New enum member of `gnutls_pk_algorithm_t`.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass. This patch hacks
the file to set to the correct value.
Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216https://github.com/intel/hyperscan/issues/431
Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Manage the activation of Apple iOS devices
There have been no releases since 2020-06-16.
Use the latest git 6925d58ef7994168fb9585aa6f48421149982329
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
There have been no releases since 2020-06-16.
Update to the latest git 5f083426b4ede24b2576f3a56eaf8ac3632c02f7
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
update to v1.61.0
CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Maintainer: Stan Grishin <stangri@melmac.ca>
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Maintainer: Stan Grishin <stangri@melmac.ca>
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
This is a follow-up on the previous treewide refresh of hashes after move
to ZSTD by default for compressing tarballs, as it seems that somehow
CHECK_ALL missed couple of packages.
Fixes: 272f55e87f ("treewide: refresh hashes after move to use ZSTD as default")
Signed-off-by: Robert Marko <robimarko@gmail.com>
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
* update PKG_RELEASE to be apk-compatible
* update PKG_SOURCE/PKG_SOURCE_URL so that it builds
* drop dependency on libopenssl as other SSL libs start to support HTTP/3
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Latest update in 6c3db5d has switched build system to Meson,
which is broken on several non-SIMD platforms. Turns out,
Meson support is not yet stable enough in the upstream,
so we revert to autotools and drop meson-related patch.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Backport patch fixing compilation error for sa_data not well defined.
This is triggered only on platform that makes use of fortify string and
cause compilation error due to the fact that sa_data is not well defined
and his size is arbitrary.
Patch has been accepted in the PF_RING project and this is just a
backport.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Thread-caching malloc provided by this package improves snort3
performance. I have been running with this for over seven months
without issues. Avg CPU usage is down. Another user reported
higher throughput achieved with snort3 compiled with this on
samba transfers on system with CPU-limited snort performance.[1]
1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
There's some weird issue where -lpcre2 is not being passed. Fixes
vala/host which links to static libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.
Automatically detected ARM families:
- Cortex-A9 without NEON
- Cortex-A9 with NEON
- Cortex-A15
- Cortex-A53
- Cortex-A72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf6 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
So that we have a working ModemManager again and can look at the problem
revert the update to version 2.78.4 for now.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 08c7b0dfca.
efivar fails to build with mold linker, so it should
be opted out. I also added missing maintainer.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Marius Dinu