Release date: 2022-08-11
Adresses CVE-2022-2625.
For more details, please see the release notes[1].
[1]: https://www.postgresql.org/docs/release/14.5/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Minor release with a large number of fixes and small changes.
See release notes[1] for details.
[1]: https://www.postgresql.org/docs/release/14.2/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use newly introduced procd_add_restart_mount_trigger to make sure
postmaster gets started only once PGDATA becomes available.
Relocate socket directory to /var/lib/postgresql to make it possible
to run postgresql inside a ujail.
Use signal for shutdown, so it works nicely with jail.
Allow multiple script in UCI 'config postgres-db' to be a list and
run them in order listed.
User more silent methods to check for db or role existence and make
it easy to create several databases owned by the same user by passing
the same credentials multiple times.
Remove disfunctional reload handler.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
configure.in checks for "ARMv8 CRC32C intrinsics" and goes as far as
adding "-march=armv8-a+crc" to the target flags if the compiler allows
it. This can clash with the OpenWrt target flags in
CONFIG_TARGET_OPTIMIZATION. If for example the latter is set to
"-mcpu=cortex-a9" the following warning is issued:
cc1: warning: switch '-mcpu=cortex-a9' conflicts with '-march=armv5t' switch
This commit prevents configure.in from adding the mentioned flag. The
addition is unwanted when cross-compiling.
An issue was raised for this recently, see [1].
[1] https://github.com/openwrt/packages/issues/16034
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Faster and works with mips64 targets.
Removed all options as the defaults are updated. Added new dependencies.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes compilation under some hosts.
Added PKG_BUILD_PARALLEL for faster compilation.
Some small cleanups for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Changelog:
* NEW API: ONIG_OPTION_CALLBACK_EACH_MATCH
* NEW API: ONIG_OPTION_IGNORECASE_IS_ASCII
* NEW API: ONIG_SYNTAX_PYTHON
* Fixed some problems found by OSS-Fuzz
* fix: replace UChar to OnigUChar in oniguruma.h
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
368014b8 Bump version number to v1.44.0, LT revision to 34:2:20
fa16e66a nghttpx: Fix max distance in weight group/address cycle comparison
40af31da nghttpx: Set connect_blocker and live_check after shuffling addresses
9e6c0685 Fix build failure
ebad3d47 Port new ngtcp2 map implementation
d4fd0681 Bump llhttp to 6.0.2
43a47aa0 Do not return HPE_USER from where it is prohibited
20079b4c Update bash_completions
2aeec770 Update manual pages
cef458c3 Replace black-list with block-list
617a5766 Replace master with main
f1d67335 Initialize Config rps field
5f3bcb1f Add precious variables for libev and jemalloc and use JEMALLOC_CFLAGS
b419bfd9 Remove unused field
e406a2c1 Update doc
962a75c4 Merge pull request #1559 from nghttp2/h2load-rps
6cdc13d6 h2load: Add --rps option
92944f78 h2load: Allow unit in -D option
276792a8 Remove unnecessary function
579fa6ea Add more --with-* configure flags
2f2b2117 Add LIBTOOL_LDFLAGS configure variable
88a3cb51 Bump llhttp to 4.0.0
40679cf6 Merge pull request #1553 from nghttp2/nghttpx-fix-accesslog-method
5b587e85 Merge pull request #1550 from jktjkt/docs-asio-fix-typos
50a1121d nghttpx: Remove trailing white space after $method log variable
3239c5ef Bump up version number to v1.44.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
neon detects Darwin on target build and fails due to darwin-specific
build behaviour. OS detection is disable (as non required) via
ne_cv_os_uname=Linux as a part of CONFIGURE_VARS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
We should use upstream patch here, which can be removed later,
instead of maintaining our own one.
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
While running `make menuconfig`, it was discovered then there is a
recursive dependency like this:
tmp/.config-package.in:59138:error: recursive dependency detected!
tmp/.config-package.in:59138: symbol PACKAGE_libwebsockets-openssl is selected by PACKAGE_libwebsockets-mbedtls
tmp/.config-package.in:59122: symbol PACKAGE_libwebsockets-mbedtls depends on PACKAGE_libwebsockets-openssl
It is not possible with the recently added conflicts that two packages
(OpenSSL and full variant, which uses OpenSSL as well), which are almost the same
provides the same named package libwebsockets as their conflict - Mbed
TLS.
Fixes: 676c5c72b5eeb583da2603e399fac085fa442c59 ("libwebsockets: OpenSSL
and mbedTLS variants should conflict")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
They provide the same files, but they don't conflict to each other, this
means that users can install them side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
For some time, it is not possible to install ttyd and mosquitto-ssl at the
same time, so let's solve it that libwebsockets-full provides
libwebsockets-openssl. This allows to install ttyd and mosquitto at
the same time.
Also, we need to add conflict, because we should not have installed
libwebsockets-openssl and libwebsockets-full at the same time as they
provides the same files.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Changes since 4.2 are extensive, as always.
https://libwebsockets.org/git/libwebsockets/tree/changelog?h=v4.3-stable#n4
Eg, Adds CBOR, support for reduced memory CA verification, cookie jars,
mqtt client gains qos2, mbedtls v3, fault injection apis, better support
for event loops.
Signed-off-by: Karl Palsson <karlp@etactica.com>
This was removed and then re-added, but defaulted off upstream. It's
still listed as "not recommended" but still absolutely essential for
many apps for performance.
Fixes: https://github.com/eclipse/mosquitto/issues/2284
Signed-off-by: Karl Palsson <karlp@etactica.com>
With a clean build environment and at least two parallel jobs
a compilation error may occur:
...
-- Looking for uv/version.h - found
libubox include dir: ULOOP_INCLUDE_DIRS-NOTFOUND
libubox libraries: ULOOP_LIBRARIES-NOTFOUND
...
CMake Error in lib/event-libs/uloop/CMakeLists.txt:
Found relative path while evaluating include directories of
"websockets-evlib_uloop":
"ULOOP_INCLUDE_DIRS-NOTFOUND"
...
Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
uloop is always available on OpenWrt, so build in LWS's uloop support by
default. Size difference of .ipk is 683 bytes, or about 0.5%.
No known applications use this at present, but it seems better to
proactively offer it.
Signed-off-by: Karl Palsson <karlp@etactica.com>
2021-09-27 v1.11.0 "Smew Duck"
This maintenance release adds support for VBR mode in VP9 rate control
interface, new codec controls to get quantization parameters and loop filter
levels, and includes several improvements to NEON and numerous bug fixes.
- Upgrading:
New codec control is added to get quantization parameters and loop filter
levels.
VBR mode is supported in VP9 rate control library.
- Enhancement:
Numerous improvements for Neon optimizations.
Code clean-up and refactoring.
Calculation of rd multiplier is changed with BDRATE gains.
- Bug fixes:
Fix to overflow on duration.
Fix to several instances of -Wunused-but-set-variable.
Fix to avoid chroma resampling for 420mpeg2 input.
Fix to overflow in calc_iframe_target_size.
Fix to disallow skipping transform and quantization.
Fix some -Wsign-compare warnings in simple_encode.
Fix input file path in simple_encode_test.
Fix valid range for under/over_shoot pct.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
When libudev-zero is enabled, v4l-utils links against it, and the
package build fails due to a missing dependency:
Package v4l-utils is missing dependencies for the following libraries:
libudev.so.1
As disabling udev doesn't seem to be supported in v4l-utils, simply add
the dependency to fix the build.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Functions from ed25519_core are needed for GNUnet to build.
Include them in the minimal build of libsodium so we don't need to
switch to the full build just for that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes the following error message seen when compiling against
glibc 2.36:
from scan/scan_httpdate.c:3:
include/sys/cdefs.h:338:65: error: macro "__has_attribute" requires an identifier
338 | #if __GNUC_PREREQ (3,2) || __glibc_has_attribute (__deprecated__)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
libowfat target-build fails on macos due to using system `ar` and
`ranlib` tools not compatible with the objects generated by
OpenWrt GCC toolchain.
This patch specifies CROSS= make flag that is used as a prefix for
`ar` and `ranlib` tools.
This patch also specifies CCC= make flag due to CCC= has invalid
value after specifying CROSS= make flag (CCC=$(CROSS)$(CC))
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Fixes a compile error when glib2 is missing.
get rid of nls.mk. iconv/gettext is not used. This was previously here
because of glib2.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2]
------------------------------------------------
* Fix integer overflow in the CRL parser. [rK4b7d9cd4a0]
Release-info: https://dev.gnupg.org/T6230
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This release includes a fix for CVE-2022-1215, a format string
vulnerabilty in the evdev device handling. For details, see
https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
Peter Hutterer (2):
evdev: strip the device name of format directives
libinput 1.19.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ed79e4fa quirks: changes touchpad pressure Lenovo Yoga 2 Pro
797a66c1 doc/user: fix broken link to "Observations on trackpoint input data"
7db2a339 quirks: add ModelBouncingKeys for A4Tech X-710BK Mouse
5e7bae44 quirks: Dell 15R touchpad settings for firmware v3
54275910 gestures: cancel hold gestures on thumb detection
033aee76 doc/user: fix broken link to systemd 60-evdev.hwdb
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Change the CONFLICTS line from the libgd-full to libgd to fix a
recursive dependency.
While at it, remove the redundant +LIBGD_TIFF:libtiff
+LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Switch to AUTORELEASE for simplicity.
Remove no longer necessary warning fixes.
Add now needed zlib dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove both patches as they have been upstreamed.
This new release is only available on Github and does not ship configure
or Makefile, so autoreconf is needed.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This commit fixes an issue where the `libcoap-3-notls.so` is not installed,
in some cases leaving the target's root with no library and just a broken link
from `libcoap-3.so` to `libcoap-3-notls.so`.
Signed-off-by: Leo Soares <leo@hyper.ag>
libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:
libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory
As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.
Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes:
Packages 'bsdtar' and 'bsdtar-noopenssl' do not conflict while providing same file: /usr/bin/bsdtar
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
It updates to Unicode 15, including new characters, scripts, emoji, and corresponding API constants. It also updates to CLDR 42 locale data with various additions and corrections.
ICU 72 adds technology preview implementations for person name formatting, as well as for a new version of message formatting based on a proposed draft Unicode specification.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
The glib2 package fails to build when CONFIG_PKG_FORTIFY_SOURCE_1 or
CONFIG_PKG_FORTIFY_SOURCE_2 is enabled in the OpenWrt config:
In file included from ../glib/libcharset/localcharset.c:28:
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h: In function 'snprintf':
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h:101:9: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
101 | return __orig_snprintf(__s, __n, __f, __builtin_va_arg_pack());
| ^~~~~~
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h: In function 'sprintf':
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h:110:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
110 | __r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
| ^~~
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h:114:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
114 | __r = __orig_sprintf(__s, __f, __builtin_va_arg_pack());
| ^~~
Disable fortify source for the package as a workaround.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
No longer present. The original reason for having it was an unfortunate
side effect of the way meson uses HOST_LDFLAGS. Since the transistion to
use dependency('iconv'), this is no longer relevant.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
glib2's meson.build runs check cc.has_function('ngettext', args :
osx_ldflags) and, if successful, it never looks for non-libc libintl.
For musl and glibc this test is always successful.
glib2 unconditionally sets ENABLE_NLS, so during compile <libintl.h>
gets included always. But then we have a disconnect when the OpenWrt pkg
is being built with BUILD_NLS=y, because the <libintl.h> will be from
libintl-full but glib2 will not link to libintl-full.
With BUILD_NLS=n there's no problem, because the <libintl.h> will be
from libc.
In lieu of proper libintl detection in glib2's meson build, removing the
SED call from the Makefile together with the added patch sorts this out.
The SED call can be removed because when we force libintl-full use, the
meson build will put the necessary linker flag into the pkg-config file
itself.
Alpine Linux does something similar (see [1]), but they always force
the use of the external libintl. I assume they always go for full NLS
support.
[1] https://git.alpinelinux.org/aports/tree/main/glib/musl-libintl.patch
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
By default, gdbm configures/builds with readline and curses support
if they exist.
This can cause race conditions when compiling gdbm and ncurses in
parallel, as gdbm may try to link to ncurses when it doesn't exist.
This commit forces gdbm to skip using readline/ncurses, since it's
unlikely that anybody is using the line-editing feature of gdbm.
See [gdbm's README][1] for more info.
[1]: https://git.gnu.org.ua/gdbm.git/tree/README?h=v1.21#n50
Signed-off-by: Alois Klink <alois@aloisklink.com>
Python supports both GNU dbm and Berkley DBM.
GNU dbm also has a compatibility layer for Berkeley.
The current Berkley DB in OpenWrt is 4.7 and hasn't been updated in ages.
It's also pretty big.
So, an alternative for Python is to use GNU dbm for both (GNU and Berkley).
Also, removing static shared libraries from the build, to encourage the
usage of the shared ones.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Notable changes:
* Use toml as new default storage backend:
Upstream has removed the ini plugin, we have been using in the
past. toml is still somewhat experimental, but upstream has
designated it as future recommended default.
* Remove the dependency on boost. The only plugin needing that has
been removed upstram.
* Enable plugins for libev and libuv event loop integration. This
adds two new packages with the respective dependencies.
Upstream has fixed the bugs preventing us from using this.
* Enable the internal notification plugin/system. This allows
applications to automatically receive notifications about changes
to their configuration. Again upstream fixing bugs enables this
for us.
* Set the environment variable $XDG_CACHE_HOME to "/tmp/" globally
to prevent elektra (and possibly other applications) from
writing temporary data to flash.
Signed-off-by: Harald Geyer <harald@ccbib.org>
Fixed the affected issue in the latest commit
daemon.err avahi-daemon[xxx]: mkdir("/run/avahi-daemon/"): No such file or directory
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This seems to happen only on some distributions (Void, Arch):
/usr/lib/libgcc_s.so.1: file not recognized: file format not recognized
collect2: error: ld returned 1 exit status
libtool: error: error: relink 'libdns_sd.la' with the above command before installing it
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Backport a bunch of patches that fixes build
when using new Autoconf and Automake.
The patches removed are replaced by upstream backports
which are more complete.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
