This ensures mbedtls_config.h is correctly updated and the package rebuilt
accordingly when configuration options are changed after the source is first
prepared.
Signed-off-by: Karsten Sperling <ksperling@apple.com>
Link: https://github.com/openwrt/openwrt/pull/19358
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update to 6.5.
Removed patch from pre-2012: 101-ncurses-5.6-20080628-kbs.patch
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19335
Signed-off-by: Robert Marko <robimarko@gmail.com>
Without the newly introduced flag, building with libc ends in errors such the below.
There is an upstream fix[1], but backporting it is not straight forward.
/scratch/union/staging_dir/toolchain-x86_64_gcc-15.1.0_glibc/x86_64-openwrt-linux-gnu/include/c++/15.1.0/cstddef:81:21: error: redefinition of 'struct std::__byte_operand<unsigned char>'
81 | template<> struct __byte_operand<unsigned char> { using __type = byte; };
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/scratch/union/staging_dir/toolchain-x86_64_gcc-15.1.0_glibc/x86_64-openwrt-linux-gnu/include/c++/15.1.0/cstddef:78:21: note: previous definition of 'struct std::__byte_operand<unsigned char>'
78 | template<> struct __byte_operand<bool> { using __type = byte; };
| ^~~~~~~~~~~~~~~~~~~~
make[4]: *** [Makefile:438: ../obj_s/cursesp.o] Error 1
1. https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=394a1a6cf317912584592e33184ef550e738a4b9
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19335
Signed-off-by: Robert Marko <robimarko@gmail.com>
Split the xcrypt package build into two Makefiles and a common part for
the version definition in order to work-around build problems when
combining VARIANT with BUILDONLY and scoped InstallDev.
This is done in order to skip build of libcrypt-compat in case we are
not building against glibc in order to prevent libcrypt.so shared
library being present in staging_dir and by that breaking multiple
packages which then will link against it.
Fixes: e3cf7088f1 ("libcrypt-compat: introduce package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Link: https://github.com/openwrt/openwrt/pull/19353
Signed-off-by: Robert Marko <robimarko@gmail.com>
Updates libnetfilter-conntrack to version 1.1.0.
Removes patches which should no longer be needed according to changelog for
libnetfilter-conntrack 1.1.0
Signed-off-by: Ian Ladd <ianwladd@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19282
Signed-off-by: Robert Marko <robimarko@gmail.com>
Automatically rebased: 100-Configure-afalg-support.patch
Changes between 3.5.0 and 3.5.1:
Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application
adds a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected
for a particular use it will be instead marked as trusted for that use.
(CVE-2025-4575)
Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation.
We have now restored the original behaviour and brought DTLS back into line
with TLS.
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19283
Signed-off-by: Robert Marko <robimarko@gmail.com>
glibc 2.39 has removed libcrypt completely.
solution: build libxcrypt with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19160
Signed-off-by: Robert Marko <robimarko@gmail.com>
Apply same patches to gmp on the host side to fix GCC 15 build errors.
31800db91d
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/18992
Signed-off-by: Robert Marko <robimarko@gmail.com>
Disable -Wunterminated-string-initialization for now.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18600
Signed-off-by: Robert Marko <robimarko@gmail.com>
This release includes several fixes, most notable are
"-Wunterminated-string-initialization" fixes for upcoming GCC 15.x
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19011
Signed-off-by: Robert Marko <robimarko@gmail.com>
Import libxcrypt from the packages feed to the main OpenWrt repo,
as glibc 2.41 doesn't provide libcrypt (since 2.39 release).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19011
Signed-off-by: Robert Marko <robimarko@gmail.com>
There is no practical value in keeping GCC11 around, as even OpenWrt 23.05
uses GCC12 as the default one, so drop it.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Changelog:
0379096 libtracefs: version 1.8.2
e2e0b4d sqlhist: Add bash completion for the sqlhist utility
78dd6d5 libtracefs: Add trace_sql.bash for tracefs_sql() bash completions
4f66bca libtracefs: Fix trace_sql() to handle buckets cast
6680dae libtracefs: Have tracefs_sql() cast handle stacktrace
4668195 libtracefs: Handle synthetic events with dynamic strings as fields
48a7752 libtracefs: Fix COMM for use as a field for tracefs_sqlhist()
a8d57d2 libtracefs: Fix mistaken update to TRACEFS_STACKTRACE macro
6e913f7 libtracefs: utest: Do not fail if uprobes are not supported by kernel
5db5cf5 libtracefs: Rerun bison and flex via make sqlhist_remake
1514530 libtracefs: Add make sqlhist_remake to run bison and flex
d49b6fa libtrace: Fix memory leak in tracefs_cpu
07cff64 libtracefs: Fix the read file failure code checking
457f02f trace-cmd: Unit test for tracefs_instance_file_append() API
a2bfb49 libtracefs: utest: Rename private functions to fix static building
65f629e libtracefs utest: Do not test more events than what the ring buffer can hold
05a5dc4 libtracefs utest: Fix min percent test
0a46992 libtracefs utest: Add test to check handling multiple dynamic events
bd47435 libtracefs: Destroy synthetic and eprobes before other events
78d8d2e libtracefs: Have tracefs_dynevent_get_all() find kprobes and uprobes properly
ef70c00 libtracefs .gitignore: Ignore utest/trace-utest in git
ff20336 libtracefs utest: Do not test kprobe interface if there's no kprobes
93d9049 libtracefs: Have tracefs_instance_tracers() return instance tracers
4cbebed libtracefs: Documentation: Add missing documentation to meson.build
Link: https://github.com/openwrt/openwrt/pull/18783
Signed-off-by: Nick Hainke <vincent@systemli.org>
libiconv 1.17 fails to compile with GCC15 when doing the host build,
luckily version 1.18 already contains the fixes required so update to it.
New in 1.18:
* Many more transliterations, in particular also of Emoji characters.
* The iconv_open function is now POSIX:2024 compliant: it recognizes a
suffix //NON_IDENTICAL_DISCARD in the 'tocode' argument, with the effect
that characters that cannot be represented in the target character set
will be silently discarded. Whereas the suffix //IGNORE in the 'tocode'
argument has the effect of discarding not only characters that cannot be
represented in the target character set, but also invalid multibyte
sequences in the input.
Accordingly, the iconvctl function accepts requests
ICONV_GET_DISCARD_INVALID, ICONV_SET_DISCARD_INVALID,
ICONV_GET_DISCARD_NON_IDENTICAL, ICONV_SET_DISCARD_NON_IDENTICAL.
* The iconv_open function and the iconv program now support multiple suffixes,
such as //TRANSLIT//IGNORE, not only one.
* GB18030 is now an alias for GB18030:2005. A new converter for GB18030:2022
is added. Since this encoding merely cleans up a few private-use-area
mappings, you can continue to use the GB18030 converter, for backward
compatibility. Its Unicode to GB18030 conversion direction has been
enhanced, to help transitioning away from PUA code points.
* When converting from/to an EBCDIC encoding, a non-standard way of
converting newlines can be requested
- at the C level, by calling iconvctl with argument ICONV_SET_FROM_SURFACE
or ICONV_SET_TO_SURFACE, or
- from the iconv program, by setting the environment variable
ICONV_EBCDIC_ZOS_UNIX to a non-empty value.
* Special support for z/OS: The iconv program adds a charset metadata tag to
its output file. (Contributed by Mike Fulton.)
* For conversions from UCS-2, UCS-4, UTF-16, UTF-32, invoking
iconv(cd,NULL,NULL,...) now preserves the byte order state.
Link: https://github.com/openwrt/openwrt/pull/18698
Signed-off-by: Robert Marko <robimarko@gmail.com>
It seems that this was required many years ago (It was added in 2012),
probably due to relying on outdated or broken libtool versions, but 1.17
uses libtool 2.4.7.
After trying building both host and target libiconv versions on Fedora and
MacOS I cannot seem to find what patch-libtool is supposed to fixup.
So, I can only presume that it is completely uneeded these days and can
be dropped.
Link: https://github.com/openwrt/openwrt/pull/18698
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update libsemanage to latest 3.8.1 release and add an upstream backport[1]
that fixes compilation with GCC14 due to basename.
[1] a339594da6
Link: https://github.com/openwrt/openwrt/pull/18674
Signed-off-by: Robert Marko <robimarko@gmail.com>
ChangeLog
417c2e3 libtracefs: version 1.8.1
41efd9e libtracefs: Add meson build targets to Makefile
310b796 libtracefs utest: Add better logic to cause missed events
b589e32 libtracefs: Add cpu-map sample to trace mapped buffer
4ede86e libtracefs: Enable mmapped ring buffer
e6737d4 libtracefs: Initialize val in build_filter()
590e452 libtracefs: Close dir in the error path in tracefs_event_systems()
0309a87 libtracefs: Close dir in the error path in tracefs_system_events()
f34fb1f libtracefs: Prevent memory leak in tracefs_dynevent_get_all()
48e906b libtracefs: my_yyinput() should return 0 when no data can be read
5e5b2a7 libtracefs: Prevent memory leak in tracefs_instance_create()
8f2593f libtracefs: Prevent a memory leak in open_cpu_files()
7d77b83 libtracefs: Prevent a memory leak in tracefs_system_events()
7fcd8d2 libtracefs: Prevent a memory leak in add_func_str()
a01d0ba libtracefs: Don't leak socket file descriptor in open_vsock()
efdf7f7 libtracefs: Prevent memory leak in tracefs_event_systems()
2342293 libtracefs: Prevent a memory leak in tracefs_synth_add_end_field()
1c95394 libtracefs: Prevent a memory leak in update_fields()
6b35665 libtracefs: Prevent memory leak in append_filer()
aecc0b7 libtracefs: Call va_end() before exiting tracefs_hist_set_sort_key()
a5e37f7 libtracefs: Add trace-mmap.c to meson build
8f62e96 libtracefs meson: Use SemVer in the build description
e04fa01 meson: Add utest option
fb213a4 libtracefs: Update trace_buffer_meta
04505a0 libtracefs utest: Include libgen.h for basename()
7b4a9c9 libtracefs utest: Define _LARGEFILE64_SOURCE for lseek64() with musl
ba75081 libtracefs utest: Add PATH_MAX if it is not already defined
5f27b7f libtracefs: Update the kbuf for previous read in trace_mmap_load_subbuf()
73ac9c1 libtracefs: Fix tracefs_instance_reset() of triggers
7d15d77 libtracefs meson: build tracefs-mmap by default
Link: https://github.com/openwrt/openwrt/pull/18349
Signed-off-by: Nick Hainke <vincent@systemli.org>
ChangeLog:
bd47bd5 libtraceevent: 1.8.4
fe0bc49 libtraceevent: Print function pointer address when TEP_EVENT_FL_PRINTRAW is specified
f2224d5 libtraceevent: Have sizeof() parsing handle u8/s8 through u64/s64
5f570de libtraceevent: Print arrays like Linux does
645a883 libtraceevent: 1.8.3
d4c1fb4 libtraceevent: Add meson build targets to Makefile
c3dc220 libtraceevent: Fix a double free in process_op()
021da90 libtraceevent: Do not return a local stack pointer in get_field_str()
340e2e6 libtraceevent: Have unit test fail when any tests fail
c84155f libtraceevent: prevent a memory leak in tep_plugin_add_option()
03551eb libtraceevent: Prevent a memory leak in process_fields()
34ece90 libtraceevent: Close shared object in the error path of load_plugin()
8802f0f libtraceevent: Avoid a simple asprintf case
76a0eb8 libtraceevent: Fix event-parse memory leak in process_cond
5bc98bd libtraceevent: Have single quotes represent characters
ec8e0cc libtraceevent: Fix tests running on big endian arch
60ed6c3 libtraceevent: build: Various fixes for the Meson build of libtraceevent
0351241 libtraceevent utest: Include libgen.h for basename() with musl
Link: https://github.com/openwrt/openwrt/pull/18349
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
c7edc38f libnl-3.11.0 release
b75e27de lib/route: add support for bridge msti
8a73b245 lib/route: add support for bridge info boolopts
3b284a11 lib/route: extend bridge info support
a43a41cd lib/route: add missing bridge info getter functions
756d5161 lib/route: add missing entry in libnl-route-3.sym file
014c33a6 lib/route: add rtnl_neigh ext flags support
acf572b5 route: add support for getting permanent mac address of link
afafe78a lib/route: extend bridge flags
11597b73 xfrm: remove redundant check in xfrm_sa_update_cache()
2abfb089 xfrm: use the new _nl_auto_nl_object helper
831e9868 cache: use the new _nl_auto_nl_object helper
4b9daa6d add _nl_auto_nl_object helper
379a1405 black: fix "target-version" in "pyproject.toml"
8460c9b7 link/bonding: implement parsing link type
d60535c9 link/bonding: implement comparing bond links
22b6cf5c link/bonding: implement io_clone()
e1c75bff link/bonding: add getters for attributes
ee4612ca link/bonding: rename bn_mask to ce_mask
81c40cbb tests: optimize _nltst_assert_route_list_permutate() to short cut search through permutations
9f5fac78 tests: in _nltst_assert_route_list() accept arbitrary order
01f06b57 base: add _nl_swap() helper macro
5b570259 tests: ensure that there are all expected routes in _nltst_assert_route_list()
1aa16ea9 tests: print route list before failure in _nltst_assert_route_list()
7f099cf0 tests: add _nltst_objects_to_string() helper
e76d5697 tests: add _nltst_malloc0() and _nltst_sprintf() helpers
d94a3e81 tests: move definition of asserts in "tests/nl-test-util.h"
798278ea tests: use _nl_ptrarray_len() helper in _nltst_assert_route_list()
def89a2c base: add _nl_ptrarray_len() helper
64fad14b link: link_msg_parser(): keep link info instead of release and reacquire
b8d3cfb2 lib/attr: add nla functions for variable-length integers
2ae88c48 lib/attr: add NLA_{SINT|UINT} attribute types
Link: https://github.com/openwrt/openwrt/pull/18193
Signed-off-by: Nick Hainke <vincent@systemli.org>
Trying to tcpdump DSA conduits results in errors such as
"unsupported DSA tag: mtk".
Backport two commits adding support for various DSA tags to libpcap.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently, enabling USB, BT or Netfilter support after initial compilation
will not trigger a rebuild, so add the missing PKG_CONFIG_DEPENDS so
that rebuild gets triggered.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
The three packages base-files, libc and kernel are special, the former
can't be upgraded in place since it's content are modified on startup,
the latter two are virtual packages only used as constraints for the
package manager.
Historically base-files was "locked" via a special OPKG function, the
latter two were hidden from the package index and thereby never picked
as possible upgrade.
Time moved forward and we now have APK and tools like OWUT. The latter
compares available packages with installed packages and generates user
readable output, requiring versions for libc and kernel, too. At the
same time, APK uses a different looking mechanism, which is set during
installation instead of part of the package metadata.
In short, this patch adds version constraints to the three packages,
allowing them to be part of the package index.
Fixes: #17774Fixes: #17775Fixes: efahl/owut#31
Signed-off-by: Paul Spooren <mail@aparcar.org>
The ARIA block cipher is pretty uncommon in TLS, deactivate it for now.
This saves some space and reduces the possible variations and attack
vectors of mbedtls.
ARIA support was deactivated in OpenWrt 23.05 by default.
Link: https://github.com/openwrt/openwrt/pull/17342
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
tools/gmp was using the .tar.xz while package/libs/gmp was using the
.tar.gz archive of the GMP release. Use the .tar.gz for both of them.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
On aarch64 musl gcc 14.x compiler, trying compiling elfutils 0.192 with
lto option enabled will cause null-dereference error.
Example error message:
...
elf_compress.c: In function 'elf_compress':
elf_compress.c:675:26: error: potential null pointer dereference [-Werror=null-dereference]
675 | shdr->sh_flags |= SHF_COMPRESSED;
| ^
elf_compress_gnu.c: In function 'elf_compress_gnu':
elf_compress_gnu.c:127:25: error: potential null pointer dereference [-Werror=null-dereference]
127 | shdr->sh_size = new_size;
| ^ ^
...
This is a false postive warning but will abort compilation if gcc has
`-Werror` flag. This commit add a patch for this, see the bugzilla
report below.
This commit backports a series of patches to fix some errors.
Add patch:
- 007-add-libeu-symbols-to-libelf.patch
- 008-fix-autoconf-ENABLE_IMA_VERIFICATION.patch
- 009-fix-null-dereference-with-lto.patch
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=32311
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16886
Signed-off-by: Robert Marko <robimarko@gmail.com>
