- This release contains fixes for CVE-2024-45490,
CVE-2024-45491, CVE-2024-45492.
- Since official place for expat development moved from SourceForge
to GitHub, SourceForge was removed from PKG_SOURCE_URL.
- Use gzip archive to avoid xz usage.
- Remove DOCBOOK_TO_MAN=OFF from CMAKE_OPTIONS because
we already have EXPAT_BUILD_DOCS=OFF, which has same effect.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit b0b5b8bf67)
libxml2 was updated in OpenWrt Git tree with commit dec59db8fb1f
("libxml2: update to 2.13.6"), which fixed several CVEs.
Unfortunately this version bump included removal of some features, which
leads to build issues of libxslt:
libxslt-1.1.37/xsltproc/xsltproc.c:733:39: error: assignment of read-only variable 'xmlParserMaxDepth'
733 | xmlParserMaxDepth = value;
So lets fix it by backporting an upstream "fix", which removes that
deprecated functionality.
Fixes: dec59db8fb1f ("libxml2: update to 2.13.6")
References: https://github.com/openwrt/openwrt/pull/18280
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Removed old uclibc patches. Not relevant with modern musl or glibc.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c9ff829fdb)
Bump glib2 to 2.74.7 which fixes CVE-2023-29499, CVE-2023-32611,
CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 and on top of that
backport CVE-2024-34397 fix from Debian Bookworm glib2 package
2.74.6-2+deb12u2. While at it refresh the patches so they apply cleanly.
References: https://security-tracker.debian.org/tracker/source-package/glib2.0
Fixes: CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2024-34397
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Update the options to match the master branch. This drops options of no
longer supported GCC versions.
Signed-off-by: Richard Muzik <richard.muzik@nic.cz>
libgd is licensed under its own "GD" license and not MIT
Fixes: 60feea09c9 (libgd: import from oldpackages, add myself as maintainer, add license...)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 41c998224d)
tiff is licensed under its own "libtiff" license and not BSD-3-Clause
Fixes: 364de5bc3f (tiff: add licensing information)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit ae165deaf5)
libev is licensed under BSD-2-Clause or GPL-2.0-or-later since its
addition to openwrt
While at it, assign PKG_LICENSE_FILES
Fixes: 67b39f8f9b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 070fc8021c)
Backport patch fixing compilation error for sa_data not well defined.
This is triggered only on platform that makes use of fortify string and
cause compilation error due to the fact that sa_data is not well defined
and his size is arbitrary.
Patch has been accepted in the PF_RING project and this is just a
backport.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c3a50a9fac)
Backport patch for PCRE2 support as PCRE is EOL and won't receive any
support updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit baa0d51270)
Thread-caching malloc provided by this package improves snort3
performance. I have been running with this for over seven months
without issues. Avg CPU usage is down. Another user reported
higher throughput achieved with snort3 compiled with this on
samba transfers on system with CPU-limited snort performance.[1]
1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c1b4e80825)
Hyperscan is a high performance regular expression matching
library from Intel that runs on x86 platforms and offers
support for Perl Compatible Regular Expressions (PCRE) syntax,
simultaneous matching of groups of regular expressions, and
streaming operations.
This has utility in speeding up snort3.
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1db5c54617)
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 02a982bc10)
