Commit 81d2b72 added a package providing libdeflate. Tiff by default
links to it, causing a build error.
Package libtiff is missing dependencies for the following libraries:
libdeflate.so.0
This commit forces libdeflate use off to avoid this. No revision bump is
done because the package is currently not compiling anyway.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit e3c6da4e25)
Add package for libdeflate which is a library for fast, whole-buffer
DEFLATE-based compression and decompression.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 81d2b7262e)
Add Transmission version of the uTorrent Transport Protocol library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1ecef46f1c)
v1.13.0
This release includes more Neon and AVX2 optimizations, adds a new codec
control to set per frame QP, upgrades GoogleTest to v1.12.1, and includes
numerous bug fixes.
v1.13.1
This release contains two security related fixes. One each for VP8 and VP9.
- https://crbug.com/1486441 (CVE-2023-5217)
- Fix bug with smaller width bigger size (CVE-2023-44488)
Fixes#22318
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 36566a99af)
It seems like the libpcre dependency was added by mistake.
While checking in the source code of czmq (Makefile.am, CMakeLists.txt),
I see there are several dependencies, but there isn't PCRE.
Fixes: 936a48a ("czmq: add new package")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e3ab95185c)
A compiler bug (suspiciously) blocks gnulib compilation for
mipsel_24kc_24kf. While we had this patch to disable gnulib, it was
accidentally removed by 5d27631d9f. Add it
back to fix the long broken build for mipsel_24kc_24kf.
Fixes: #19511
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 68f23a9c33)
If buildsystem does not have a internet connection, then the build
fails. This is because of the fact, that glib2 is downloading and building
the missing dependencies during host compilation.
This cannot be allowed to happen. The package must also be built without
an internet connection.
Adding the missing host build dependency and removing the 'forcefallback'
fixes this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c664b83535)
This package lacks proper maintenance in both upstream and here.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 72c8977b3b)
No longer present. The original reason for having it was an unfortunate
side effect of the way meson uses HOST_LDFLAGS. Since the transistion to
use dependency('iconv'), this is no longer relevant.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 568669dc46)
Removed 010-no-gtest.patch as upstream no longer detects it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 394cc366b3)
This is a security and bugfix release.
Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation
Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 4c4d3b9001)
Imported patches included in debian and other package.
* 200-Fix-NULL-pointer-crashes-from-175.patch
CVE-2021-3502
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
* 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
* 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly".
Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit.
* 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time.
* 204-Emit-error-if-requested-service-is-not-found.patch
It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.
* 205-conf-file-line-lengths.patch
Allow avahi-daemon.conf file to have lines longer than 256 characters (new limit 1024).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 779af4d40c)
Removed `SQLITE3_JSON1` option as it was dropped by upstream.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a7dfb006fe)
Changelog from upstream (https://github.com/getdnsapi/getdns/releases/tag/v1.7.3):
* 2022-12-22: Version 1.7.3
* PR getdnsapi/getdns#532: Increase CMake required version 3.5 -> 3.20, because we
need cmake_path for Absolute paths in pkg-config (See Issue getdnsapi/getdns#517)
Thanks Gabriel Ganne
* Updated to Stubby 0.4.3 quickfix release
* 2022-08-19: Version 1.7.2
* Stubby updated to 0.4.2 quickfix release
* 2022-08-19: Version 1.7.1
* Always send the `dot` ALPN when using DoT
* Strengthen version determination for Libidn2 during cmake processing
(thanks jpbion).
* Fix for issue in UDP stream selection in case of timeouts.
Thanks Shikha Sharma
* Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
* Issue getdnsapi/stubby#295: rdata not correctly written for validation for
certain RR type. Also, set default built type to RelWithDebInfo and
expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
getdns_context_get_api_information()
* Issue getdnsapi/getdns#524: Bug fixes from submodules' upstream?
Thanks Johnnyslee
* Issue getdnsapi/getdns#517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
pkg-config files. Thanks Alex Shpilkin
* Issue getdnsapi/getdns#512: Update README.md to show correct PGP key location.
Thanks Katze Prior.
Signed-off-by: Aquila Cooper <aquila@cpr.is>
Packages like libassuan and libksba would not compile after updating
libgpg-error to 1.46. This was because gpg-error.m4 (and thus the affected
packages' configure scripts) relies on gpgrt-config, which in turn needs
access to gpg-error.pc. This modifies the libgpg-error build process to
copy gpg-error.pc to OpenWrt's staging directory, so that it is available
for subsequent dependent package builds.
Fixes: https://github.com/openwrt/packages/issues/19880
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit a93e0269a1)
1. Added a new option for SQLITE3_COLUMN_METADATA.
2. Minor cleanup Makefile and fixed 2 typo errors.
Fixes: CVE-2022-35737
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a4a0f0793b)
While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl
It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.
Fixes: 676c5c72b5 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a4e8cbb89a)
They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 676c5c72b5)
For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.
Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 77e682a11c)
Fabrice Fontaine