This release includes a fix for CVE-2022-1215, a format string
vulnerabilty in the evdev device handling. For details, see
https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
Peter Hutterer (2):
evdev: strip the device name of format directives
libinput 1.19.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 23638c7ffb)
(cherry picked from commit b95dbe4187)
Noteworthy changes in version 1.17.0 (2022-02-07)
-------------------------------------------------
* New context flag "key-origin". [#5733]
* New context flag "import-filter". [#5739]
* New export mode to export secret subkeys. [#5757]
* Detect errors during the export of secret keys. [#5766]
* New function gpgme_op_receive_keys to import keys from a keyserver
without first running a key listing. [#5808]
* Detect bad passphrase error in certificate import. [T5713]
* Allow setting --key-origin when importing keys. [T5733]
* Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr",
"pinentry", and "socketdir" in gpgme_get_dirinfo. [T5727,T5613]
* Under Unix use poll(2) instead of select(2), when available.
[T2385]
* Do not use --flat_namespace when linking for macOS. [T5610]
* Fix results returned by gpgme_data_* functions. [T5481]
* Support closefrom also for glibc. [rM4b64774b6d]
* cpp,qt: Add support for export of secret keys and secret subkeys.
[#5757]
* cpp,qt: Support for adding existing subkeys to other keys. [#5770]
* qt: Extend ChangeExpiryJob to change expiration of primary key
and of subkeys at the same time. [#4717]
* qt: Expect UTF-8 on stderr on Windows. [rM8fe1546282]
* qt: Allow retrieving the default value of a config entry. [T5515]
Noteworthy changes in version 1.17.1 (2022-03-06)
-------------------------------------------------
* qt: Fix a bug in the ABI compatibility of 1.17.0. [T5834]
Noteworthy changes in version 1.18.0 (2022-08-10)
-------------------------------------------------
* New keylist mode to force refresh via external methods. [T5951]
* The keylist operations now create an import result to report the
result of the locate keylist modes. [T5951]
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure. [T5939]
* cpp, qt: Do not export internal symbols anymore. [T5906]
* cpp, qt: Support revocation of own OpenPGP keys. [T5904]
* qt: The file name of (signed and) encrypted data can now be set. [T6056]
* cpp, qt: Support setting the primary user ID. [T5938]
* python: Fix segv(NULL) when inspecting contect after exeception. [T6060]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d7799595bd)
(cherry picked from commit 00bfb4f151)
This backports a patch from upstream gpgme to fix compilation with glibc 2.34.
It fixes the following build problem:
posix-io.c: In function '_gpgme_io_spawn':
posix-io.c:577:23: error: void value not ignored as it ought to be
577 | while ((i = closefrom (fd)) && errno == EINTR)
| ^
make[5]: *** [Makefile:947: posix-io.lo] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit dafb96c148)
Change the CONFLICTS line from the libgd-full to libgd to fix a
recursive dependency.
While at it, remove the redundant +LIBGD_TIFF:libtiff
+LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 085eb34fbf)
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca09)
(cherry picked from commit f624e41f38)
The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 42b36b7180)
Switch to AUTORELEASE for simplicity.
Disable parallel compilation as there's something wrong with NSS' build
system. Reliably fails with make -j 12 on a ryzen 3600.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1b9e204700)
wolfssl/options.h needs to be included before the other wolfssl headers
to enable OpenSSL API required to build the package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 8fb3fd3dac)
This is the latest commit that touches the xr_usb_serial_common-1a dir.
The changes are restricted to whitespace fixes and kernel version
adaptations:
ecc6ebe xr_usb: Use tty_driver_kref_put for kernel 5.15 and above
caf6d25 xr_usb: Use tty_alloc_driver for kernel 5.15 and above
a42b7e6 xr_usb: Compilation fixes for kernel 5.14
497adb7 #39 fix compilation for newer linux kernels
9103471 xr_usb: fix some whitespace errors
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eadab32450)
libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:
libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory
As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.
Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 797945dfaa)
The cherry-pick done in 022aef6 includes changing the build setup from
cmake to ninja, but it was overlooked that this was actually reverted in
2e654b1.
The ninja build results in headers not being installed for the host pkg,
so protobuf-c/host can't be build.
This commit reverts the package back to cmake.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Remove upstreamed patch.
Switch to AUTORELEASE for simplicity.
Switch to building with Ninja for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1d0d8e057c)
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit f200ccd6fc)
* remove a dead mirror
* use https
* fixes CVE-2021-27212
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Switch to AUTORELEASE for simplicity.
Switch to building with Ninja for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2fe4fe7d6e)
Functions from ed25519_core are needed for GNUnet to build.
Include them in the minimal build of libsodium so we don't need to
switch to the full build just for that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3da874371b)
This fixes CVE-2022-23308.
Also switch to GNOME as download source and xz tarball.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 81fd836f97)
Switch to AUTORELEASE for simplicity.
Switch to building with Ninja for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0ac671880d)
Switch to new upstream and switch package name.
Further disable features to avoid extra dependencies.
Build with PIC to avoid build failures with mips16.
Remove no longer needed patch. Upstream fixed it differently.
Use AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 3b812f93d6)
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and
crafting of network packets. It is designed to be efficient, powerful
and easy to use. It provides C++ wrappers for the most popular packet
processing engines such as libpcap, WinPcap, DPDK and PF_RING.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit 2d8e396be3)
It has been imported as core package into OpenWrt repository. Its fdtget
is required by sysupgrade on U-Boot devices so it couldn't live in an
extra feed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c8d4c89daa)
Remove the --install parameter when running aclocal. The --install
argument is used to copy third-party files to the first -I directory.
gnutls has -I m4 first, which would copy files to its local build
directory. However, openwrt prepends the staging dir m4 directory,
causing aclocal --install to copy an old definition of
ax_code_coverage.m4 into the staging dir.
If strace is built after gnutls, compilation will fail:
Makefile:9303: *** missing separator. Stop.
The version of ax_code_coverage.m4 that gets installed does not define
@CODE_COVERAGE_RULES@.
Removing the --install parameter in gnutls solves the issue.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 206eaae165)
The raison d'être of package mariadb-common was to provide common my.cnf
config file that was being used to include subdirectories and then to
push utf-8 as default everywhere. Let's make this file part of the
server package as there we actually set other options as well and drop
it from all clients. Instead let's set utf-8 as default in server,
client and client libraries. While at it also set socket to the more
common path and drop mysqld_safe script from the list of configuration
files and do other minor tweaks.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit d8ecded02d)
ICU 70 released. It updates to Unicode 14, including new characters, scripts, emoji, and corresponding API constants. ICU 70 adds support for emoji properties of strings. It also updates to CLDR 40 locale data with many additions and corrections. ICU 70 also includes many other bug fixes and enhancements, especially for measurement unit formatting, and it can now be built and used with C++20 compilers.
This change will require minor modifications in php7 and php8.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Also package /usr/libexec/libinput/* and /usr/share/lib/input/*.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f53cd4232a)
Paul Blazejowski discovered that the recent update to this package broke
cross-compiling for some OpenWrt platforms. This backports commit 33593864
(March 26, 2021) from the upstream libgpg-error project to fix this
problem.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 71b7f74ff1)
Not available with OpenWrt. Fixes compilation when host GTest is
present.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7f34b03356)
Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2021-3672 to this issue.
References: https://c-ares.haxx.se/adv_20210810.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
'cp' fails with a text file busy error if it tries to overwrite an
executable file that is running. 'install' unlinks the file first, so
it will not cause the problem.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 47f98d7030)
ICU 69 updates to CLDR 39 locale data with many additions and corrections. ICU 69 also includes significant improvements for measurement unit formatting and number formatting in general, as well as many other bug fixes and enhancements.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Building the xr_usb_serial module fails for Kenel 5.4 with CONFIG_PM
enabled:
xr_usb_serial_common.c:1574:15: error: 'ASYNCB_INITIALIZED' undeclared
(first use in this function); did you mean 'RCU_INITIALIZER'?
Use tty_port_initialized in order to determine the status of the TTY
port.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 69cf7836df)
Library for node.js will be disabled temporarily due to difficulty in supporting the latest node.js.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Library for node.js will be disabled temporarily due to difficulty in supporting the latest node.js.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Daniel Golle