This reverts commit 5313dd9be from PR #25324 , related to #25323 and
https://github.com/openwrt/openwrt/pull/16899
The additional symlink libpng16.so -> libpng16d.so is now unnecessary as
OpenWrt main repo PR https://github.com/openwrt/openwrt/pull/18709
commit 703e7d2d5b
changed the cmake build type from 'Debug' to 'RelWithDebInfo', which
causes libpng .so to be compiled with the normal name libpng16.so
(instead of the debug-styled libpng16d.so).
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
With no SONAME set, when linking against the full library path, that
path will be used. But if SONAME is set, it will be used instead.
Set --soname=legacy to add a SONAME to the library to allow projects
that use full path to link correctly.
Link: https://sqlite.org/src/forumpost/5a3b44f510df8ded
Fixes: https://github.com/openwrt/packages/issues/26449
Signed-off-by: George Sapkin <george@sapk.in>
pupnp_project:pupnp is a better CPE ID than libupnp_project:libupnp as
this CPE ID has the latest CVEs from 2021 (whereas
libupnp_project:libupnp only has CVEs up to 2020):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️pupnp_project:pupnp
Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This commit updates boost to version 1.88.0
New libraries in this release:
* Hash2 [2]: An extensible hashing framework, from Peter Dimov and
Christian Mazakas.
* MQTT5 [3]: MQTT5 client library built on top of Boost.Asio, from Ivica
Siladić, Bruno Iljazović, and Korina Šimičević.
More info about Boost 1.88.0 can be found at the usual place [1].
[1]: https://www.boost.org/users/history/version_1_88_0.html
[2]: https://www.boost.org/libs/hash2/
[3]: https://www.boost.org/libs/mqtt5/
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Replace using the tar ball version with the actual upstream version in
PKG_VERSION for packaging, and move tar ball version to PKG_SRC_VERSION.
Suggested-by: Paul Donald <newtwen+github@gmail.com>
Suggested-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: George Sapkin <george@sapk.in>
Noteworthy changes in version 1.8 (2024-11-12) [C3/A3/R0]
----------------------------------------------
* Fix npth_cond_signal and npth_cond_broadcast on Windows. [T7386]
* New function npth_get_version. New macros NPTH_VERSION and
NPTH_VERSION_NUMBER.
* Fix INSERT_EXPOSE_RWLOCK_API for musl C library. [T5664]
* Add fallback implementation for POSIX semaphore API on macOS.
[T7057]
* Return a run-time error if npth_rwlock_timedrdlock is not
supported. [T7109]
Release-info: https://dev.gnupg.org/T7387
Noteworthy changes in version 1.7 (2024-02-23) [C2/A2/R0]
----------------------------------------------
* The npth-config command is not installed by default, because it is
now replaced by use of pkg-config/gpgrt-config with npth.pc.
Supply --enable-install-npth-config configure option, if needed.
* Support for legacy systems w/o pthread_rwlock_t support. [T4306]
* New functions npth_poll and npth_ppoll for Unix. [T5748]
* Fixes to improve support for 64 bit Windows.
* Fix declaration conflict using newer mingw versions. [T5889]
* Fix build problems on Solaris 11. [T4491]
* Fix detecting of the pthread library. [rPTH6629a4b801]
* Clean up handling of unsafe semaphores on AIX. [T6947]
* Link without -flat_namespace to support macOS 11. [T5610]
Release-info: https://dev.gnupg.org/T7010
OpenWrt package maintainer note:
* NPTH's buildsystem now requires the REAL_GNU_TARGET_NAME (ie. with the
libc being the suffix, eg. '*-musl' or '*-gnu') to be passed to
`configure`, override CONFIGURE_ARGS to do so.
* Switch to use pkg-config.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Release 1.6.7
build: Update autogen.sh and make SYSROOT available.
Allow for an empty Subject in certs.
Update gpg-error.m4.
Apply spell fixes from GnuPG.
m4: Update gpg-error.m4 from gpg-error master.
ksba.m4: Fix setting/using GPG_ERROR_CONFIG.
Fix the previous commit.
m4: Include _AM_PATH_GPGRT_CONFIG definition.
Use unsigned int for 1-bit flags.
Post release updates
Release 1.6.6
der-builder: Fix possible uninitialized variable.
Post release updates.
Release 1.6.5
Add Brainpool curve detection using parameters with compressed BP.
build: Remove HAVE_W32CE_SYSTEM.
doc: Minor style fixes.
build: Change the default for --with-libtool-modification.
build: New configure option --with-libtool-modification.
Post release updates
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Noteworthy changes in version 3.0.2 (2025-02-18) [C9/A0/R2]
------------------------------------------------
* Fix for FreeBSD to set the pid of assuan_peercred_t.
[rAdfa5e6532d]
* Use socklen_t for the length of socket address. [T5924]
* Fix errno setting on Widnows for assuan_sock_bind failure. [T7456]
* New assuan_sock_get_flag "w32_error" to get the actual Windows
error after a system call and not just the mapped errno. [T7456]
Release-info: https://dev.gnupg.org/T7163
Noteworthy changes in version 3.0.1 (2024-06-24) [C9/A0/R1]
------------------------------------------------
* Change Unix symbol versioning to help the Debian transitioning
process.
Release-info: https://dev.gnupg.org/T7163
Noteworthy changes in version 3.0.0 (2024-06-18) [C9/A0/R0]
------------------------------------------------
* API change: For new code, which uses libassuan with nPTH, please
use gpgrt_get_syscall_clamp and assuan_control, instead of the
system_hooks API. Use of ASSUAN_SYSTEM_NPTH is deprecated with new
API version 3. If it's really needed to keep using old
implementation of ASSUAN_SYSTEM_NPTH, you need to change your your
application code, to define
ASSUAN_REALLY_REQUIRE_V2_NPTH_SYSTEM_HOOKS before including
<assuan.h>. For an application which uses version 2 API
(NEED_LIBASSUAN_API=2 in its configure.ac), use of
ASSUAN_SYSTEM_NPTH is still supported. [T5914]
* New function assuan_control. [T6625]
* New function assuan_sock_accept. [T5925]
* New functions assuan_pipe_wait_server_termination and
assuan_pipe_kill_server to support abstraction of process. [T6487]
* Windows support for sendfd/recvfd. [T6236]
* Implement timeout in assuan_sock_connect_byname. [T3302]
* No support for WindowsCE, any more. [T6170]
* New socket flags "linger" and "reuseaddr". [rA87f92fe962]
* Interface changes relative to the 2.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
assuan_sock_accept NEW.
assuan_pipe_wait_server_termination NEW.
assuan_pipe_kill_server NEW.
assuan_sock_set_flag EXTENDED.
assuan_sock_get_flag EXTENDED.
Release-info: https://dev.gnupg.org/T7163
OpenWrt package maintainer note:
autotools is trying to be smart with detecting gpgrt-config, let's
try to be *even smarter* and force it to use the version in
STAGING_DIR...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Collected release notes since version 1.26.2:
libinput 1.28.1 is now available.
This release fixes two regressions:
After unplugging and re-plugging a tablet device, proximity events
toggled the tip on/off due to an uninitialized (== zero) pressure
range. Repeatedly unplugging also eventually triggered an bug
notification.
libinput debug-events failed to print pinch angle and rotation
And because the commits were already sitting on the branch, also
included is fixed handling of the tablet pad mode toggle buttons.
Instead of the previous heuristics we now let this be handled by
libwacom 2.15 (if available). Only three tablet devices have those
buttons and they're all getting old, so this is unlikely to affect a lot
of users.
libinput 1.28.0 is now available.
The big new feature in this release is three-finger drag for touchpads.
When enabled three fingers down on the touchpad will logically hold the
left mouse button down, any movement of the fingers then moves the
pointer for a drag. For some users this is a more precise and
easier-to-trigger interaction than e.g. tap-and-drag.
On tablets the pressure range is now correctly tracked per tablet.
Previously moving the same physical stylus between two tablets with
different pressure ranges caused the stylus to send incorrect pressure
data.
And then we have of course the usual collection of bug fixes and
device-specific quirks.
libinput 1.27.1 is now available.
This release fixes two regressions in the gesture state handling
introduced in 1.27.
It also removes an assert triggered by a finger count mismatch. That can
be triggered by a still-unclear-but-niche race condition. The assert
wasn't required for functionality so we simply skip over the issue now.
libinput replay has a slightly new output format and now supports Ctrl+C
to stop the currently replaying event sequence.
And then we have of course the usual collection of bug fixes and
device-specific quirks.
libinput debug-events --help and libinput debug-gui --help now print all
available configuration options too.
libinput 1.27 is now available.
In terms of new features we have a "sticky" mode for drag-locking.
Previously a tap-and-drag lock would always expire after a timeout, now
the button is held logically down until a completing tap. Desktop
environments are encouraged to use this as the default as it provides a
better experience for anyone with less-than-perfect dexterity. For
backwards-compatibility reasons libinput cannot easily change its
defaults without risking bugs in the callers.
For tablet pads we now support tablet pad mode groups for devices
without status LEDs as well, the previous implementation was tied to
LEDs which some devices like the XP Pen ACK05 remote don't have. Since
the mode is a software feature anyway tying it to LEDs is not necessary.
If a tablet is unknown to libwacom we now assume that it is a built-in
tablet. This matches the behavior of libwacom 2.11 but in our case the
only visible result is that the device now has the calibration
configuration available. Better to have it and not use it, as they say.
The available area on external tablets can be reduced via the new tablet
"area" configuration. Users can set a rectangle smaller than the
width/height of the tablet and input outside this rectangle will be
ignored.
For packagers: the check dependency is now optional, almost all tests
can now run without it.
And then we have of course the usual collection of bug fixes and
device-specific quirks.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Release 0.2.12
steam-deck: Add a deadzone for the sticks
meson: Fix build with pre-1.83.2 GIR
Post-release version bump to 0.2.12
Release 0.2.11
ci: Build flatpak bundles and make releases from that
Release 0.2.10
ci: Switch to F42
meson: Specify --doc-format for gir
event-mapping: Fix half-range abs to button mapping
evdev-mapping: Fix half-range mapping
contributing: Add a no-LLM statement
readme: Add CoC
hacking: Rename to CONTRIBUTING.md
device: Remove leftover code
Use non-gprefixed types where possible
Actually use config.h
event: Simplify enum definition
doc: Change Since versions
ci: Refresh pages after CI passes on main
version: Add runtime version checking too
version: Deprecate the old version symbols; add ones with the correct namespace
doc: Port to gi-docgen
Change Since versions to 0.2.10
evdev-backend: Ignore DualSense motion sensor and touchpad
event-mapping: Make hat to buttons mapping always emit button release
monitor: Avoid criticals when reloading mappings if hid devices are present
steam-deck-driver: Fix has_input() for qam and paddles
hid-backend: Bail if we failed to even open the device
mapping: Fix paddles for real this time
mapping: Fix keycodes for paddles
Introduce HID backend and Steam Deck HID driver
build: Depend on hidapi
Add ManetteDeviceType and manette_device_get_device_type()
device: Add supports_mapping()
Introduce groundwork for multiple device types and backends
Post-release bump to version 0.2.10
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Sat Apr 26 04:42:37 2025 +0100
2.80.1 - January 8, 2025
========================
- OpenSSL: fix crash in complete_handshake (!251, Dario Saccavino)
- OpenSSL: fix invalid free in openssl_get_binding_tls_server_end_point() (!255)
- TLS test should handle G_IO_ERROR_WOULD_BLOCK (!253, Richard Purdie and Alexander Kanavin)
- Updated translations
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
changes since 0.33:
* be more C99 compliant (Florian Weimer)
* add C++ convenience overloads to uint*.h
* remove unaligned memory access behind #ifdef i386 from uint*.h
(compilers are now smart enough so they are no longer needed and they
were technically undefined behavior so the sanitizer complained)
OpenWrt package changes:
* The newly introduced 'json' build tool is added to the host build and
staged as 'libowfat-json'.
* DEBUG option is now set by global CONFIG_DEBUG option
* fixed duplicate CROSS prefix of RANLIB
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ver 0.76:
Fix issue with random scalar generation.
ver 0.75:
Add support for converting OID octets to strings.
Add support for NIST P-224 cuve usage with ECDH.
Add support for NIST P-521 cuve usage with ECDH.
Add support for SHA-3 series of hashing algorithms.
ver 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
ver 0.73:
Fix issue with parsing hwdb.bin child structures.
ver 0.72:
Add support for the Test Anything Protocol.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The python package now works with Python 3.11.
Also simplify Build/InstallDev with CMAKE_INSTALL.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
musl libc does not support this feature, and for glibc, additional
library libasan is required. Disable it explicitly to avoid build issue
when CONFIG_DEBUG is selected.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Libarchive 3.7.9 is a bugfix release, fixing a regression in libarchive
3.7.8 regarding GNU sparse entries was fixed.
Libarchive 3.7.8 is a bugfix and security release:
Security fixes:
* tar reader: Handle truncation in the middle of a GNU long linkname (CVE-2024-57970)
* unzip: fix null pointer dereference (CVE-2025-1632)
* tar reader: fix unchecked return value in list_item_verbose() (CVE-2025-25724)
Important bugfixes:
* 7zip reader: add SPARC and POWERPC filter support for non-LZMA compressors
* tar reader: Ignore ustar size when pax size is present
* tar writer: Fix bug when -s/a/b/ used more than once with b flag
* cpio: Fix a Y2038 bug on Windows
* libarchive: Handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
* libarchive: Adding missing seeker function to archive_read_open_FILE()
Full Changelog: https://github.com/libarchive/libarchive/compare/v3.7.7...v3.7.8
Signed-off-by: Petr Štetiar <ynezz@true.cz>
libarchive fixed a lot of security issues in the last few releases, listing only
notable changes,
libarchive 3.7.5:
* rar4: protect copy_from_lzss_window_to_unp() CVE-2024-20696
* rar4: fix CVE-2024-26256
libarchive 3.7.6:
* this release fixes a tar regression introduced in libarchive 3.7.5
libarchive 3.7.7:
* gzip: prevent a hang when processing a malformed gzip inside a gzip (OSS-Fuzz)
* tar: don't crash on truncated tar archives (OSS-Fuzz)
* tar: fix two leaks in tar header parsing
Link: https://github.com/libarchive/libarchive/releases
Signed-off-by: Matthias Franck <matthias.franck@softathome.com>
New version requires liburing as a new dependency. To avoid a build error
where mock.c is using glibc's function sig, disabled build tests since
builds are done with musl libc.
Signed-off-by: John Audia <therealgraysky@proton.me>
ICU 77 is mostly focused on bug fixes, segmentation conformance, and other refinements.
The Java technology preview implementation of the CLDR MessageFormat 2.0 specification has been updated to incorporate the CLDR 46.1 spec plus most but not all of the CLDR 47 changes.
The C++ technology preview implementation of MessageFormat 2.0 is not yet quite up to date with CLDR 46.1.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
All patches refreshed.
Verbatim copy from upstream's NEWS file:
* Version 3.8.9 (released 2025-02-07)
** libgnutls: leancrypto was added as an interim option for PQC
The library can now be built with leancrypto instead of liboqs for
post-quantum cryptography (PQC), when configured with
--with-leancrypto option instead of --with-liboqs.
** libgnutls: Experimental support for ML-DSA signature algorithm
The library and certtool now support ML-DSA signature algorithm as
defined in FIPS 204 and based on
draft-ietf-lamps-dilithium-certificates-04. This feature is
currently marked as experimental and can only be enabled when
compiled with --with-leancrypto or --with-liboqs.
Contributed by David Dudas.
** libgnutls: Support for ML-KEM-1024 key encapsulation mechanism
The support for ML-KEM post-quantum key encapsulation mechanisms
has been extended to cover ML-KEM-1024, in addition to ML-KEM-768.
MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per
draft-kwiatkowski-tls-ecdhe-mlkem-03.
** libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243]
** API and ABI modifications:
GNUTLS_PK_MLDSA44: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA65: New enum member of gnutls_pk_algorithm_t
GNUTLS_PK_MLDSA87: New enum member of gnutls_pk_algorithm_t
GNUTLS_SIGN_MLDSA44: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA65: New enum member of gnutls_sign_algorithm_t
GNUTLS_SIGN_MLDSA87: New enum member of gnutls_sign_algorithm_t
* Version 3.8.8 (released 2024-11-05)
** libgnutls: Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange in TLS 1.3
The support for post-quantum key exchanges has been extended to
cover the final standard of ML-KEM, following
draft-kwiatkowski-tls-ecdhe-mlkem. The minimum supported version of
liboqs is bumped to 0.11.0.
** libgnutls: All records included in an OCSP response are now checked in TLS
Previously, when multiple records are provided in a single OCSP
response, only the first record was considered; now all those
records are examined until the server certificate matches.
** libgnutls: Handling of malformed compress_certificate extension is now more standard compliant
The server behavior of receiving a malformed compress_certificate
extension now more strictly follows RFC 8879; return
illegal_parameter alert instead of bad_certificate, as well as
overlong extension data is properly rejected.
** build: More flexible library linking options for compression libraries, TPM, and liboqs support
The configure options, --with-zstd, --with-brotli, --with-zlib,
--with-tpm2, and --with-liboqs now take 4 states:
yes/link/dlopen/no, to specify how the libraries are linked or
loaded.
** API and ABI modifications:
No changes since last version.
* Version 3.8.7 (released 2024-08-15)
** libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely disable DSA
algorithm support.
** libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS
For testing purposes, the hybrid post-quantum key exchange defined
in draft-tls-westerbaan-xyber768d00 has been implemented using
liboqs. Since the algorithm is still not finalized, the support of
this key exchange is disabled by default and can be enabled with
the --with-liboqs configure option.
** API and ABI modifications:
GNUTLS_PK_MLKEM768: New enum member of gnutls_pk_algorithm_t
* Version 3.8.6 (released 2024-07-03)
** libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
** libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
** API and ABI modifications:
gnutls_pkcs12_generate_mac3: New function
gnutls_pkcs12_flags_t: New enum
gnutls_hash_squeeze: New function
Compile tested: x86/64, QEMU Standard PC (Q35 + ICH9, 2009), r29064-696ad7b1aa09
Compile tested: ath79/generic, TP-Link Archer C7 v4, r29064-696ad7b1aa09
Compile tested: realtek/rtl838x, Netgear GS108T v3, r29064-696ad7b1aa09
Run tested: x86/64, QEMU Standard PC (Q35 + ICH9, 2009), r29064-696ad7b1aa09, booted and used for 7h without issues
Run tested: ath79/generic, TP-Link Archer C7 v4, r29064-696ad7b1aa09, booted and used for 7h without issues
Run tested: realtek/rtl838x, Netgear GS108T v3, r29064-696ad7b1aa09, booted and used for 7h without issues
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Change source to Github since they dont distribute source tarballs anymore,
enable autoreconf in order to generate configure script.
This actually makes psqlodbc as its been broken for a while.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Version 3.3 isn't current any more, but current mxml v4 has breaking changes,
so if added should be a new package.
Not depended on by other packages.
Signed-off-by: Espen Jürgensen <espenjurgensen+openwrt@gmail.com>
Trying to compile libffi now that automake has been updated to 1.17 will
fail, however there is no reason for us to be calling autoreconf as libffi
release tarballs already contain the generated configure script.
So, drop the unnecessary autoreconf that seems to be leftover from the
previous 3.4.2 bump as we dont have any patches targeting configure.ac nor
libffi in general.
Fixes: openwrt/openwrt#18041
Signed-off-by: Robert Marko <robimarko@gmail.com>
3.4.7 Feb-8-2024
Add static trampoline support for Linux on s390x.
Fix BTI support for ARM64.
Support pointer authentication for ARM64.
Fix ASAN compatibility.
Fix x86-64 calls with 6 GP registers and some SSE registers.
Miscellaneous fixes for ARC and Darwin ARM64.
Fix OpenRISC or1k and Solaris 10 builds.
Remove nios2 port.
Signed-off-by: John Audia <therealgraysky@proton.me>
Fabrice Fontaine