Patch release fixing build system issues with the 2.0.0 release.
2.0.0 introduced API changes including:
* Version macros for detection of incompatible API / version
* size_t as argument to allow longer base64 encoded strings
* Configurable line break functionality
* Flags field for encoder
* Helpers to calculate required output buffer maximum lengths
* Switched in-/out-pointers to void*
Link: https://github.com/libb64/libb64/blob/v2.0.0.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3650172e26)
Fixes https://github.com/openwrt/packages/issues/27952
Update avahi from 0.8 to 0.9-rc4. The 0.9 development line accumulates
four years of bug and security fixes since the 0.8 release (2020-02-18).
Notable improvements in 0.9-rc4 over 0.8:
Security (all CVEs previously backported as patches, now removed):
- CVE-2023-38469: reject TXT records whose total rdata exceeds
AVAHI_DNS_RDATA_MAX, preventing heap-buffer reads under crafted mDNS
- CVE-2023-38470: ensure each DNS label is at least one byte, preventing
an infinite loop on malformed packets
- CVE-2023-38471: extract host name via avahi_unescape_label() before
generating an alternative to avoid operating on a raw escaped string
- CVE-2023-38472: check that rdata pointer is non-NULL before passing to
avahi_rdata_parse() from dbus-entry-group
- CVE-2023-38473: derive alternative host name from its unescaped form,
fixing incorrect hostname collision resolution with escaped labels
Bug fixes (previously backported):
- Fix NULL-pointer crashes in avahi_s_*_browser_new() (#175)
- Avoid infinite loop in avahi-daemon simple-protocol by handling
AVAHI_WATCH_HUP event in client_work
- Fix potential undefined behaviour in avahi_dns_packet_consume_uint32:
cast uint8_t operands to uint32_t before shifting
- Fix memory/CPU leak in the simple event loop: cleanup_watches() was
zeroing timeout_req_cleanup instead of watch_req_cleanup, so completed
watches were never removed from the linked list
- Emit D-Bus error reply when avahi-daemon cannot resolve a hostname or
service, rather than crashing with a NULL dereference
- Increase ini-file-parser line buffer from 256 to 1024 bytes to handle
longer configuration values without silent truncation
Other changes:
- P2P tunnel support: IFF_MULTICAST is no longer required for
point-to-point interfaces when allow-point-to-point=yes
- Runtime directory: configure.ac now derives the socket path from
${runstatedir} (defaults to ${localstatedir}/run), so the
explicit patch reverting the /run hardcoding is no longer needed
- Patch 010-pkgconfig.patch (pkgconfig prefix alignment) is retained
as it has not been merged upstream
Dropped patches (all merged upstream):
020-revert-runtime-dir-systemd-change.patch
100-p2p-no-iff_multicast-required.patch
200-Fix-NULL-pointer-crashes-from-175.patch
201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
204-Emit-error-if-requested-service-is-not-found.patch
205-conf-file-line-lengths.patch
300-CVE-2023-38469.patch through 304-CVE-2023-38473.patch
Library SONAMES unchanged: libavahi-common.so.3, libavahi-core.so.7,
libavahi-client.so.3 — no reverse dependency rebuilds required.
Disable libsystemd (not available on OpenWrt)
avahi 0.9-rc4 added --enable-libsystemd which defaults to enabled and
fails configure when libsystemd is not found via pkg-config. OpenWrt
does not provide libsystemd; disable it explicitly.
Also pass --with-systemdsystemunitdir=no to suppress the pkg-config
lookup for the systemd unit directory.
Drop po/ subdir from build
The 0.9-rc4 tarball is a raw git archive; po/Makefile.in.in is not
pre-generated as it was in the 0.8 release tarball. autopoint (from
gettext) is needed to install it, but is not available in the OpenWrt
SDK. Since OpenWrt does not use NLS translations, remove po/ from
SUBDIRS in Makefile.am to avoid the missing po/Makefile.in.in error
during configure.
In 0.9-rc4 the D-Bus system.d directory changed from
$(sysconfdir)/dbus-1/system.d to $(datadir)/dbus-1/system.d,
so avahi-dbus.conf is now installed under usr/share/dbus-1/system.d.
Update the install rule source path accordingly; keep the on-device
destination at /etc/dbus-1/system.d for compatibility.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 24c3026f94)
With fortify sources libutp fails to compile because the fortify sources
for musl use the GNU extension include_next. Do not fail when the
compiler issues a warning.
Fixes the following compile error:
```
In file included from libutp-2023.02.14~c95738b1/utp_utils.cpp:23:
/include/fortify/stdlib.h:22:2: error: #include_next is a GCC extension [-Werror]
22 | #include_next <stdlib.h>
| ^~~~~~~~~~~~
```
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0814aba3b0)
Version 1.24
------------
* The CMake-based build system now supports Apple Framework builds.
* libdeflate now builds for Windows ARM64EC.
* Made another small optimization to the x86 and ARM CRC32 code.
* Fixed a compiler warning on certain platforms (issue #416).
Version 1.23
------------
* Fixed bug introduced in 1.20 where incorrect checksums could be calculated if
libdeflate was compiled with clang at -O0 and run on a CPU supporting AVX512.
* Fixed bug introduced in 1.20 where incorrect checksums could be calculated in
rare cases on macOS computers that support AVX512 and are running an older
version of macOS that contains a bug that corrupts AVX512 registers. This
could occur only if code outside libdeflate enabled AVX512 in the thread.
* Fixed build error when using -mno-evex512 with clang 18+ or gcc 14+.
* Increased the minimum CMake version to 3.10.
* Further optimized the x86 CRC code.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fba37516d7)
The LMDB shared library (liblmdb.so) does not currently have a SONAME
set, which can cause issues when linking against it. Specifically, when
an object is linked against the library using its absolute path (for
example, in Meson builds), that path (as seen in the build environment)
is stored in the resulting object's DT_NEEDED entry. This can prevent
the library from being found during runtime linking. Set the SONAME to
liblmdb.so to ensure proper runtime linking.
Signed-off-by: Michał Kępień <michal@isc.org>
(cherry picked from commit 8aa78ebebf)
This is a security release.
Security:
* CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-6hxc-62jh-p29v
* CVE-2025-62408. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-jq53-42q6-pqr5
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit ebdb9536a9)
Replace boilerplate license header with a SPDX license identifier.
Set correct package license to blessing.
Fixes: 9236e4f ("sqlite3: import 3.7.12.1 (2012-05-22) from packages")
Link: https://spdx.org/licenses/blessing.html
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 7ff8ef148f)
Libivykis, an asynchronous I/O readiness notification library.
This library is required by syslog-ng and potentially other packages
that need event-driven I/O handling.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit c92d120690)
This fixes version detection issues when other packages (like snort3)
try to find the tcmalloc library using CMake's find_package(). Without
the headers in the staging directory, CMake cannot read the version
information from tcmalloc.h, resulting in empty version strings.
Fixes:
Found TCMalloc: /builder/staging_dir/target-x86_64_musl/usr/lib/libtcmalloc.so (found version "")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e52a809371)
Make libunwind support optional depending on package availability.
Previously, gperftools unconditionally enabled libunwind as
mandatory dependency, which led to build failures on architectures where
libunwind is not provided.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 69bf2443d9)
It should be working for mips*,
so enable it and let's see. :-)
In the past, there were some issues related to mips,
when the package was added, but these days, it appears
that these issues are gone. More details
about those issues could be found in the GitHub pull request
when gperftools was added. Reference is in the Fixes tag.
Fixes: c1b4e80825 ("gperftools: add new package")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4dc36ae9fd)
Bump to latest release and removed upstreamed patch.
Resulting libs give a fully functional snort3 which was built against
this new version.
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc (Intel N150 based box)
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 465eddb46d)
When compiling glib2 with NLS, it automatically sets linker flags to `-lglib-2.0 -lintl` in pkg-config (.pc) files.
Signed-off-by: Lukas Voegl <lvoegl@tdt.de>
(cherry picked from commit 7ee547b440)
2.80.1 - January 8, 2025
========================
- OpenSSL: fix crash in complete_handshake (!251, Dario Saccavino)
- OpenSSL: fix invalid free in openssl_get_binding_tls_server_end_point() (!255)
- TLS test should handle G_IO_ERROR_WOULD_BLOCK (!253, Richard Purdie and Alexander Kanavin)
- Updated translations
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b49f4cc0a3)
Add GIO modules for TLS support as well as defining proxies via well-known
environment variables.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 223d7e2995)
libtorrent only links to boost headers since boost 1.69.
Remove boost-system from the dependencies and add boost as build
dependency.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7be94fac37)
The provided Config.in was never sourced from the Makefile, making it
impossible to toggle TLS support.
This commit adds the necessary Makefile glue to fix this.
Also default to TLS disabled, as was the de-facto case since Config.in
was never sourced (and thus the default 'y' never enabled).
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 5ffca82f54)
Shell expects a matching library version to be installed. Specify a
matching version using EXTRA_DEPENDS.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 5b8e0fd464)
Trying to compile libffi now that automake has been updated to 1.17 will
fail, however there is no reason for us to be calling autoreconf as libffi
release tarballs already contain the generated configure script.
So, drop the unnecessary autoreconf that seems to be leftover from the
previous 3.4.2 bump as we dont have any patches targeting configure.ac nor
libffi in general.
Fixes: openwrt/openwrt#18041
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit c8949c84a2)
3.4.7 Feb-8-2024
Add static trampoline support for Linux on s390x.
Fix BTI support for ARM64.
Support pointer authentication for ARM64.
Fix ASAN compatibility.
Fix x86-64 calls with 6 GP registers and some SSE registers.
Miscellaneous fixes for ARC and Darwin ARM64.
Fix OpenRISC or1k and Solaris 10 builds.
Remove nios2 port.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 00f28b8281)
Package has a consistent Config.in file, but it isn't added to all parts of the file.
libopenldap is unable to be built with --enable-debug because the Config.in is never
attached to the libopenldap.
Signed-off-by: Donald Hoskins <grommish@gmail.com>
The ethtool-lua library is a partial re-implementation of the ethtool.
The goal is to provide the CLI queries and configuration options as a
Lua API.
The reason for staring this library, was the desire for a nice and
efficient way to query DSA switch statistics in the
prometheus-node-exporter-lua on OpenWRT devices. Existing suggestions
around the internet focussed mainly on calling the ethtool CLI program
and parsing the output. This is neither elegant nor efficient, as the
collection time for this implementation was 300% higher on my rtl838x
based switch running OpenWRT.
This package can be easily compiled and packaged for OpenWRT, as it was
initially created as an OpenWRT package.
Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
[improve PKG_SOURCE/PKG_SOURCE_URL]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 054ba0ce9c)
Daniel Golle