| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For the InstallDev target, the pkg-config should point to the glib2 host
tools for glib_compile_resources, gdbus_codegen, glib_genmarshal and
glib_mkenums instead of pointing to the targets ones as they are
unusable by the host machine (due to crosscompiling)
Fix the pkg-config to reference the host tools by replaying the entry
and use the prefix_hostpkg variable provided by our pkg-config.
Link: https://github.com/openwrt/packages/pull/23881
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All patches automatically refreshed.
The most important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:
- CVE-2024-28834 / GNUTLS-SA-2023-12-04
A vulnerability was found that the deterministic ECDSA code leaks
bit-length of random nonce which allows for full recovery of the
private key used after observing a few hundreds to a few thousands of
signatures on known messages, due to the application of lattice
techniques.
The issue was reported in the issue tracker as [#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516).
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
When validating a certificate chain with more then 16 certificates
GnuTLS applications crash with an assertion failure.
The issue was reported in the issue tracker as [#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527) and [#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525).
Augmented copy/extract from upstream's NEWS file since GnuTLS 3.8.3:
- Version 3.8.5 (released 2024-04-04)
- libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
- libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
- libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See [#1535](https://gitlab.com/gnutls/gnutls/-/issues/1535) and [!1827](https://gitlab.com/gnutls/gnutls/-/merge_requests/1827).
- build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of `nettle_rsa_compute_root_tr()`.
- API and ABI modifications:
- `GNUTLS_PKCS_PBES1_DES_SHA1`: New enum member of `gnutls_pkcs_encrypt_flags_t`.
- Version 3.8.4 (released 2024-03-18)
- libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a `gnutls_x509_spki_t` object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
- libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis ([#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516)).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
- libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff ([#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525))
and yixiangzhike ([#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527)).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
- libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
- build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
- API and ABI modifications:
- `gnutls_x509_spki_get_rsa_oaep_params`: New function.
- `gnutls_x509_spki_set_rsa_oaep_params`: New function.
- `GNUTLS_PK_RSA_OAEP`: New enum member of `gnutls_pk_algorithm_t`.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass. This patch hacks
the file to set to the correct value.
Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216
https://github.com/intel/hyperscan/issues/431
Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |
|
|
|
|
|
|
|
| |
Manage the activation of Apple iOS devices
There have been no releases since 2020-06-16.
Use the latest git 6925d58ef7994168fb9585aa6f48421149982329
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
|
|
| |
Switched to GitHub tarballs as they are now available.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
|
|
|
| |
There have been no releases since 2020-06-16.
Update to the latest git 5f083426b4ede24b2576f3a56eaf8ac3632c02f7
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
|
|
| |
Switched to GitHub tarballs as they are now available.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
|
|
| |
A library with common code used by the libimobiledevice project.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
|
|
| |
Switched to GitHub tarballs as they are now available.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
|
| |
|
|
|
|
|
| |
The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |\
| |
| | |
nghttp3: Use APK style release number
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Maintainer: Stan Grishin <stangri@melmac.ca>
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
|
| |\ \
| | |
| | | |
ngtcp2: Use APK style release number
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Maintainer: Stan Grishin <stangri@melmac.ca>
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
|
| | |
| |
| |
| |
| |
| | |
These packages exclude mips but forget to exclude mips64.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \
| | |
| | | |
libwebp: update to 1.4.0
|
| | | |
| | |
| | |
| | | |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoids PKG_UNPACK hacks.
Added PKG_LICENSE_FILES.
Reordered variables for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support POSIX basename used in musl libc 1.2.5.
This backports a patch from upstream git.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Can be replaced with regular C++.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| | |
| |
| |
| | |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |/
|
|
|
|
|
| |
update to v1.61.0
CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
|
|
|
| |
- Use HTTPS for project URL
- Drop obsolete patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
|
|
|
|
| |
- Use Meson build system
- Drop upstreamed patch
- Update project URL
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |\
| |
| | |
openblas: update to 0.3.27
|
| | |
| |
| |
| |
| |
| | |
- Add ONLY_CBLAS make flag to skip tests (fixes x86 builds)
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Avoids needing to handle rpath.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a follow-up on the previous treewide refresh of hashes after move
to ZSTD by default for compressing tarballs, as it seems that somehow
CHECK_ALL missed couple of packages.
Fixes: 272f55e87f07 ("treewide: refresh hashes after move to use ZSTD as default")
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
some compile error happens when building.
Linking to libiconv-full fixes this.
refer to: https://github.com/openwrt/openwrt/commit/63dd14b906e9eb27bc878b95ac6777a3624b1135
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
|
| |/
|
|
| |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
|
|
|
|
| |
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
Upstream: submitted
https://github.com/kasbert/epsolar-tracer/pull/61
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
|
| |
|
|
| |
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
|
| |\
| |
| | |
nghttp3: update to 1.2.0
|
| | |
| |
| |
| |
| |
| |
| | |
* update PKG_RELEASE to be apk-compatible
* update PKG_SOURCE/PKG_SOURCE_URL so that it builds
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |/
|
|
|
|
|
|
| |
* update PKG_RELEASE to be apk-compatible
* update PKG_SOURCE/PKG_SOURCE_URL so that it builds
* drop dependency on libopenssl as other SSL libs start to support HTTP/3
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |
|
|
|
|
|
|
|
| |
Latest update in 6c3db5d has switched build system to Meson,
which is broken on several non-SIMD platforms. Turns out,
Meson support is not yet stable enough in the upstream,
so we revert to autotools and drop meson-related patch.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This version contains minor bugfixes.
It fixes a compile problem with GCC 13.
Changes: https://github.com/gost-engine/engine/compare/v3.0.1...v3.0.3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
Drop upstreamed CVE patches.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| |
|
|
|
|
|
| |
- Switch to Meson build system
- Update patch with Meson build fixes
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|