The glib2 package fails to build when CONFIG_PKG_FORTIFY_SOURCE_1 or
CONFIG_PKG_FORTIFY_SOURCE_2 is enabled in the OpenWrt config:
In file included from ../glib/libcharset/localcharset.c:28:
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h: In function 'snprintf':
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h:101:9: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
101 | return __orig_snprintf(__s, __n, __f, __builtin_va_arg_pack());
| ^~~~~~
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h: In function 'sprintf':
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h:110:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
110 | __r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
| ^~~
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-11.2.0_musl/include/fortify/stdio.h:114:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
114 | __r = __orig_sprintf(__s, __f, __builtin_va_arg_pack());
| ^~~
Disable fortify source for the package as a workaround.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 723c4360c4)
Needs an extra header. pthread.h is also no longer implicitly included.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 4605f98b41)
e596ff1 ubus.c: only add nr entries matching our own SSID
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit bb0d45ed355264ca606d01699ca59edaf6848eab)
This removes the guard "CONFIG_BUILD_PATENTED" for the ffmpeg build
feature for mpd-full. ffmpeg was already unconditionally registered as a
dependency (at line 51).
The ffmpeg package already handles whether or not to include patented
codecs internally using the same config flag, so guarding its use as a
dependency here does not appear necessary anymore.
(For reference: guard "BUILD_PATENTED" was introduced in 44eb12f for
ffmpeg, then partially removed by 326c973).
Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
(cherry picked from commit f3fe7de8dc)
cdn.postfix.johnriley.me serves a certificate for a different domain
name.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit d4feef97e6)
* fix another vpn corner case
* add support for javascript based captive portals (location.href)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3ae7a46b82)
wolfssl/options.h needs to be included before the other wolfssl headers
to enable OpenSSL API required to build the package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 8fb3fd3dac)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 591f8cad33)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 9b1cdb7b52)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
This is the latest commit that touches the xr_usb_serial_common-1a dir.
The changes are restricted to whitespace fixes and kernel version
adaptations:
ecc6ebe xr_usb: Use tty_driver_kref_put for kernel 5.15 and above
caf6d25 xr_usb: Use tty_alloc_driver for kernel 5.15 and above
a42b7e6 xr_usb: Compilation fixes for kernel 5.14
497adb7 #39 fix compilation for newer linux kernels
9103471 xr_usb: fix some whitespace errors
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eadab32450857dcb98ceb55fbddc8b2a30660a7c)
libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:
libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory
As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.
Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 797945dfaa)
Update to v16.16.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
No vulnerabilities related with openssl (uses system openssl)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 8db0d09823)
This also:
* Adds PKG_SOURCE_DATE and PKG_SOURCE_VERSION to PKG_VERSION (by
default, when PKG_VERSION is defined, PKG_SOURCE_DATE and
PKG_SOURCE_VERSION are not used)
* Fixes package copyright
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 2dd1c17626)
Few minor changes, like -h flag for program (help).
Added URL to package definition.
No new version release with version number, so version stays
as is, but pkg_release is still bumbed with this commit.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 8f66090160)
* various vpn fixes/optimizations (run tested by forum users)
* refine several log statements
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cf1f9dc933)
- Handle bool values correctly. We get the values as bool, but collectd
requires a bool value to be numeric in the range [0, 1].
- Remove profile and mode values. Those are strings, which cannot be
represented by collectd.
- Update collectd type for some values.
- Fix latn value being present twice.
Signed-off-by: Dominik Riebeling <bluebrother@posteo.de>
(cherry picked from commit eb632da5bb)
youtube-dl is still maintained, but moves very slowly and many other
distributions instead package an active fork, yt-dlp.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 89710ac588)
glib2's meson.build runs check cc.has_function('ngettext', args :
osx_ldflags) and, if successful, it never looks for non-libc libintl.
For musl and glibc this test is always successful.
glib2 unconditionally sets ENABLE_NLS, so during compile <libintl.h>
gets included always. But then we have a disconnect when the OpenWrt pkg
is being built with BUILD_NLS=y, because the <libintl.h> will be from
libintl-full but glib2 will not link to libintl-full.
With BUILD_NLS=n there's no problem, because the <libintl.h> will be
from libc.
In lieu of proper libintl detection in glib2's meson build, removing the
SED call from the Makefile together with the added patch sorts this out.
The SED call can be removed because when we force libintl-full use, the
meson build will put the necessary linker flag into the pkg-config file
itself.
Alpine Linux does something similar (see [1]), but they always force
the use of the external libintl. I assume they always go for full NLS
support.
[1] https://git.alpinelinux.org/aports/tree/main/glib/musl-libintl.patch
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 721838ddd4)
Use nft instead of iptables to open port 80 in the firewall when getting a
cert. Since nft doesn't allow deleting a rule by its contents, capture and
save the handle when creating the rule, and use that to delete.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
(cherry picked from commit d926da5182)