Currently, libreadline only installs
```
/usr/lib/libhistory.so.8 -> libhistory.so.8.2
/usr/lib/libhistory.so.8.2
/usr/lib/libreadline.so.8 -> libreadline.so.8.2
/usr/lib/libreadline.so.8.2
```
But there is no `libreadline.so` or `libhistory.so` available.
So this happens:
```
root@OpenWRT:~# cat a.c
int main() {
}
root@OpenWRT:~# gcc a.c -lreadline
/usr/bin/ld: cannot find -lreadline: No such file or directory
collect2: error: ld returned 1 exit status
```
Unless, of course, one uses `-l:libreadline.so.8`... But that
doesn't help with binaries that try to dynamically open
`libreadline.so`. I have one of those here (the STklos Scheme
compiler -- I didn't make a PR for it because it's far from
being ready, but one issue is that it does use dlopen to use
readline...)
With the symlink, it works:
```
root@OpenWRT:~# ln -s /usr/lib/libreadline.so.8 /usr/lib/libreadline.so
root@OpenWRT:~#
root@OpenWRT:~# gcc a.c -lreadline
root@OpenWRT:~#
```
Another example: when trying to package rlwrap, the build failed
complaining it could not find readline (using `-lreadline`).
It would then be necessary to change rlwrap's `configure.ac`
(and also in all packages that use readline), but it seems
simpler to add the symlinks...
This PR changes the Makefile so it will include the links.
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
Link: https://github.com/openwrt/openwrt/pull/16445
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Adjust wolfssl version for apk by removing the "-stable"
from the OpenWrt version, although it is still needed for
upstream download archive name.
Define PKG_BUILD_DIR accordingly.
Utilize new short version to simplify ABI_VERSION calculation.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16906
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fixes the following security problem:
* CVE-2024-49195: Fix a buffer underrun in mbedtls_pk_write_key_der()
when called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, and
the output buffer is smaller than the actual output. Fix a related
buffer underrun in mbedtls_pk_write_key_pem() when called on an opaque
RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled and MBEDTLS_MPI_MAX_SIZE is
smaller than needed for a 4096-bit RSA key.
Link: https://github.com/openwrt/openwrt/pull/16768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
fa05d58e (tag: libnl3_10_0) libnl-3.10.0 release
490ffa07 python: fix flake8 warnings
6fc66dd8 doc: workaround LINK_DOC with empty libnl.dict
914812a9 lib: avoid overflow in computation of s_seq_next
5248e1a4 all: fix and enable "-Wsign-compare" warning
9451842e build: use AC_USE_SYSTEM_EXTENSIONS instead of defining _GNU_SOURCE
20664e1e build: move "-DPGKLIBDIR" and rename
81cab7da build: cleanup defining SYSCONFDIR on command line
cf47571c build: drop unnecessary "-Wno-missing-field-initializers" from default CFLAGS
131008f7 build: add "-Wvla" and "-Wdeclaration-after-statement" to default CFLAGS
7e05b622 lib: add internal _nla_len() helper
32688201 route: treat routes with via nexthops as universe scoped as well
c36c7faa format: reformat "include/base/nl-base-utils.h"
49f78229 tests: add a very basic test for route cache
2ebbc034 tests: add NLTstSelectRoute test helper
d784f2cb tests: set NLTST_IN_CI for not skipping tests accidentally
dcb9e2ef route: add missing priority to route_keygen() debug print
d44505ed tests: add helper to detect availablility of iproute2
774863b4 tests: add helper functions for tests
45a10f96 route: move "struct rtnl_nexthop" to "nl-priv-dynamic-route"
153f213b build: fix "check-progs" target in "Makefile.am"
a1e0b8b2 github: print test-suite.log in case of test failure
3e080631 route: expose nexthop id attribute
401c2488 tests: fix _nltst_object_to_string() to print one line only
529c2ab8 route: drop unused fields from "struct rtnl_route"
71e59e14 build: separate build tests from unit tests
8539b7d3 format: reformat "tests/nl-test-util.h" file
6db85366 route: merge branch 'bisdn:jogo_route_nh_cmp'
861fb809 route: use the new helper function for comparing nexthops
8cf29d7b nexthop: add a identical helper function
7cc72d19 utils: reserve the nl_has_capabiliy numbers for releases 3.10 - 3.12
30da5107 github,clang-format: update fedora version for clang-format
2301992b route: fix IPv6 ecmp route deleted nexthop matching
72e4d73f cache: merge branch 'ievenbach:aurora/cache-mgr-cb'
3381acef cache: use cleanup attribute in nl_cache_mngr_alloc_ex()
32cb9f39 cache: cleanup nl_cache_mngr_alloc_ex()
1dbdc30a cache: allow to allocate cache manager with custom refill socket
18b74e08 tests: test compiling all public headers with C++ compiler
691202bf tests: don't use $COMPILE for building header tests
15d90cbf include: add _NL_NO_WARN_DEPRECATED_HEADER for suppressing warning about deprecated headers
8a5f671a tests: avoid "-Wunused-parameter" warning in build headers test
db1a9d7d route: avoid compiler warning about calloc() arguments in rtnl_netem_set_delay_distribution()
3a43faa1 cache: fix new object in callback v2 on updated objects
46cae1bf socket: fix ubsan complaint about incorrect left-shift in generate_local_port()
96ddcd99 all: merge branch 'th/nl-debug'
13ab0122 github: test with --enable-debug=no configure option
264b244e utils: always define nl_debug_dp
dbe21b8d core: always define statements for NL_DBG()
e592dd89 build: always define NL_DEBUG
58734974 all: use defines for attributes
0c16c9cb route/bison: include "nl-default.h" in lex/yacc files
19d48b0f route: add support for layer 3 filtering on bridges
3646398d route: merge branch 'Cordell-O:main'
e21278ed tests: add test for bridge vlan attributes.
4f324f73 route: add support for vlan filtering on bridge ports.
bf071f2b route: Add support to set ageing time for dynamic bridge table entries
b76c3a5d tests: add unit test for `nl_addr_parse("default", AF_INET6, &addr6)`
8693347f lib/xfrm: add missing #include <time.h>
Small size increase:
955 bin/packages/mips_24kc-old/base/libnl200_3.9.0-r1_mips_24kc.ipk
11157 bin/packages/mips_24kc-old/base/libnl-cli200_3.9.0-r1_mips_24kc.ipk
34896 bin/packages/mips_24kc-old/base/libnl-core200_3.9.0-r1_mips_24kc.ipk
7698 bin/packages/mips_24kc-old/base/libnl-genl200_3.9.0-r1_mips_24kc.ipk
25400 bin/packages/mips_24kc-old/base/libnl-nf200_3.9.0-r1_mips_24kc.ipk
148366 bin/packages/mips_24kc-old/base/libnl-route200_3.9.0-r1_mips_24kc.ipk
956 bin/packages/mips_24kc-new/base/libnl200_3.10.0-r1_mips_24kc.ipk
11154 bin/packages/mips_24kc-new/base/libnl-cli200_3.10.0-r1_mips_24kc.ipk
34965 bin/packages/mips_24kc-new/base/libnl-core200_3.10.0-r1_mips_24kc.ipk
7699 bin/packages/mips_24kc-new/base/libnl-genl200_3.10.0-r1_mips_24kc.ipk
25385 bin/packages/mips_24kc-new/base/libnl-nf200_3.10.0-r1_mips_24kc.ipk
149852 bin/packages/mips_24kc-new/base/libnl-route200_3.10.0-r1_mips_24kc.ipk
Link: https://github.com/openwrt/openwrt/pull/16592
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
New releases of openssl are only published on GitHub, and official
downloads are also redirected to GitHub. So remove the old download
mirrors (file 404), and replace the current address with https.
Link: https://openssl-library.org/source/
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/16470
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
* Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535)
Added github releases url as source mirror
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16332
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.
Fixes: #15942
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16018
Signed-off-by: Robert Marko <robimarko@gmail.com>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
For some reason, it's not working right locally. Override as is done
with the target build.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15916
Signed-off-by: Robert Marko <robimarko@gmail.com>
ncurses is built with wide support enabled, which enables libncursesw.
The problem is, the ncurses build system only supplies ncursesw or
ncurses.pc but not both. The other problem is, the readline build tests
for libncurses before the w variant, making its pc file unusable as
there is no ncurses.pc file to satisfy the Required: ncurses section.
Just override the library.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15864
Signed-off-by: Robert Marko <robimarko@gmail.com>
Needed for things such as readline that depend on ncurses.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15864
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, the build option to enable/disable engine support isn't
reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
is always enabled, producing an error whenever running any
commands in openssl util or programs that explicitly use settings
from '/etc/ssl/openssl.cnf'.
```
➤ openssl version
FATAL: Startup failure (dev note: apps_startup()) for openssl
307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
Error loading shared library libengines.so: No such file or directory
307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
```
Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
if not explicitly enabled.
Example:
```
[openssl_init]
providers = provider_sect
```
After this change, openssl util works correctly.
```
➤ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15661
Signed-off-by: Robert Marko <robimarko@gmail.com>
This commit makes the libquadmath library available to the GCC
toolchain. This library is important for libraries such as
Boost.charconv
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15637
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024]
* Fixed potential use after free after SSL_free_buffers() is called.
[CVE-2024-4741]
* Fixed checking excessively long DSA keys or parameters may be very slow.
[CVE-2024-4603]
* Fixed an issue where some non-default TLS server configurations can cause
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
exploit certain server configurations to trigger unbounded memory growth that
would lead to a Denial of Service. [CVE-2024-2511]
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded. This can be used on platforms
where using atexit() from shared libraries causes crashes on exit
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Update to the latest upstream release to include recent improvements and
bugfixes, and simplify use of PKG_SOURCE_VERSION.
Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.3
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Without this patch, GCC 14 incorrectly complains about the following error:
In file included from /home/user/workspace/mbedtls/library/ctr_drbg.c:13:
In function ‘mbedtls_xor’,
inlined from ‘ctr_drbg_update_internal’ at /home/user/workspace/mbedtls/library/ctr_drbg.c:372:5:
/home/user/workspace/mbedtls/library/common.h:235:17: error: array subscript 48 is outside array bounds of ‘unsigned char[48]’ [-Werror=array-bounds=]
235 | r[i] = a[i] ^ b[i];
| ~^~~
/home/user/workspace/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
/home/user/workspace/mbedtls/library/ctr_drbg.c:335:19: note: at offset 48 into object ‘tmp’ of size 48
335 | unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
| ^~~
In function ‘mbedtls_xor’,
inlined from ‘ctr_drbg_update_internal’ at /home/user/workspace/mbedtls/library/ctr_drbg.c:372:5:
/home/user/workspace/mbedtls/library/common.h:235:24: error: array subscript 48 is outside array bounds of ‘const unsigned char[48]’ [-Werror=array-bounds=]
235 | r[i] = a[i] ^ b[i];
| ~^~~
/home/user/workspace/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
/home/user/workspace/mbedtls/library/ctr_drbg.c:333:57: note: at offset 48 into object ‘data’ of size [0, 48]
333 | const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN])
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘mbedtls_xor’,
inlined from ‘ctr_drbg_update_internal’ at /home/user/workspace/mbedtls/library/ctr_drbg.c:372:5:
/home/user/workspace/mbedtls/library/common.h:235:14: error: array subscript 48 is outside array bounds of ‘unsigned char[48]’ [-Werror=array-bounds=]
235 | r[i] = a[i] ^ b[i];
| ~~~~~^~~~~~~~~~~~~
/home/user/workspace/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
/home/user/workspace/mbedtls/library/ctr_drbg.c:335:19: note: at offset 48 into object ‘tmp’ of size 48
335 | unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
| ^~~
This change adds a basic check to silence the warning until a solution is worked on upstream.
As this check is already used by another compiler, it shouldn't cause any issues for us.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Add "linux64-loongarch64-openwrt" into openssl configurations to enable
building on loongarch64 machines.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
These options are not available in mbedtls 3.6.0 and selecting them
causes an error.
MBEDTLS_CERTS_C was removed in:
1aec64642c
MBEDTLS_XTEA_C was removed in:
10e8cf5fef
MBEDTLS_SSL_TRUNCATED_HMAC was removed in:
4a7010d1aa
Fixes: 0e06642643 ("mbedtls: Update to version 3.6.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
- new URL for sources (old address is dead)
- daemon and utils from packages feed are merged in here
- only build once
- no need to update at the same time in both places
- update to v3.1.4
- removed unneeded patches
- added audisp-syslog
- removed audispd (no longer exists)
- rename and move to package/utils/audit
- update new path in one dependent package
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
This adds support for mbedtls 3.6.0.
The 3.6 version is the next LTS version of mbedtls.
This version supports TLS 1.3.
This switches to download using git. The codeload tar file misses some
git submodules.
Add some extra options added in mbedtls 3.6.0.
The size of the compressed ipkg increases:
230933 bin/packages/mips_24kc/base/libmbedtls13_2.28.7-r2_mips_24kc.ipk
300154 bin/packages/mips_24kc/base/libmbedtls14_3.6.0-r1_mips_24kc.ipk
The removed patch was integrated upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
f9a28a9ce864 ustream-ssl: poll connection on incomplete reads
3c49e70c4622 ustream-ssl: increase number of read buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit a9e22ffa50.
After doing a clean rebuild, it turns out that this change is not necessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update to the latest upstream release to include recent improvements and
bugfixes, and update copyright. Remove MAKE_VARS usage in Makefile and drop
001-cflags.patch which are no longer needed. Also add flags to disable LTO,
mistakenly dropped earlier.
Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
e209a4ced1d8 add strdupa macro for compatibility
af1962b9a609 uclient: add helper function for getting ustream-ssl context/ops
488f1d52cfd2 http: add helper function for checking redirect status
b6e5548a3ecc uclient: defer read notifications to uloop timer
352fb3eeb408 http: call ustream_poll if not enough read data is available
e611e6d0ff0b add ucode binding
ddb18d265757 uclient: add function for getting the amount of pending read/write data
980220ad1762 ucode: fix a few ucode binding issues
6c16331e4bf5 ucode: add support for using a prototype for cb, pass it to callbacks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using zst instead of xz, the hash changes. This commit fixes the
hash for packages and tools in core.
Signed-off-by: Paul Spooren <mail@aparcar.org>
On Fedora 40 system, some compile error happens when
building iconv-ostream.c. Linking to libiconv-full
fixes this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
The PKG_MIRROR_HASH was wrong (again), likely due to an old set of tools
which did not contain the downgrade of xz.
Ref 2070049 unetd: fix PKG_MIRROR_HASH
Fix 89c594e libubox: update to Git HEAD (2024-03-29)"
Signed-off-by: Paul Spooren <mail@aparcar.org>
a2fce001819e CI: add build test run
12bda4bdb197 CI: add CodeQL workflow tests
eb9bcb64185a ustream: prevent recursive calls to the read callback
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
libevent2's cmake use absolute path, then cmake cannot find it when cross compiling:
```
-- Found libevent include directory: /builder/staging_dir/target-mips_24kc_musl/usr/include
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_core.so
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_extra.so
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_openssl.so
-- Found libevent 2.1.12 in /builder/staging_dir/target-mips_24kc_musl/usr
CMake Error at /builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventTargets-shared.cmake:102 (message):
The imported target "libevent::core" references the file
"/usr/lib/libevent_core-2.1.so.7.0.1"
but this file does not exist. Possible reasons include:
* The file was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and contained
"/builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventTargets-shared.cmake"
but not all the files it references.
Call Stack (most recent call first):
/builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventConfig.cmake:168 (include)
CMakeLists.txt:34 (find_package)
```
This patch make cmake use relative imported path, so it can find libevent.
Signed-off-by: Liu Dongmiao <liudongmiao@gmail.com>
Fixes libssh, which requires it. Bump ABI_VERSION, since enabling this
option affects data structures in mbedtls include files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Changelog:
edddd80 Release libbsd 0.11.8
dd0bdb5 test: Close all descriptors before initializing them for closefrom()
0813f37 build: Check out-of-tree builds in CI
df116b5 Adjust strlcpy() and strlcat() per glibc adoption
ecb44e1 Do not add a pointer to the NULL constant
459b7f7 Do not confuse code analyzers with out-of-bounds array access look alike
a44f885 test: Fix short-lived memory leak
3f5ca0a build: Add a coverage regex to the CI job
9d3e59a man: Use VARIANTS instead of ALTERNATIVES in libbsd(7)
f02562d man: Markup function references with Xr instead of Fn
b7367c9 build: Add missing dash to macro title bar
6777eb6 pwcache: Do not declare uidtb and gidtb when not used
d4e0cdc fgetln: Include <stdio.h> after <sys/*>
f41d6c1 build: Refactor GNU .init_array support check into a new m4 function
30b48ed build: Refactor linker script detection into a new m4 function
d0d8d01 build: Do not provide prototypes for arc4random() on Solaris
cf61ebb build: Do not build the progname module if it is not needed
73b25a8 build: Sort entries alphabetically
5434ba1 build: Conditionalize wcslcpy() and wcslcat() functions on macOS
dc1bd1a build: Conditionalize only id-from-name functions not the entire pwcache
edc746e build: Conditionalize getprogname()/setprogname on macOS
8f998d1 progname: Include <procinfo.h> if available
d08163b build: Check whether we need libperfstat on AIX
1186cf8 build: Annotate droppable functions for musl on next SOVERSION bump
6385ccc build: Conditionalize bsd_getopt() on macOS
c120681 Move the version script comments before the symbols
9fa0676 Port getprogname() to AIX
92337b1 Make getprogname() porting mandatory
90b7f3a test: Do not use /dev/null as compiler output file
426bf45 build: Add generated *.sym files to .gitignore
21d12b0 build: On macOS do not build functions provided by the system
bc65806 build: Select whether to include funopen() in the build system
8b7a4d9 build: Move Windows OS detection to the OS features section
ccbfd1c build: Remove __MUSL__ definition from configure
e0976d7 build: Add a new libbsd_strong_alias() macro and switch users to it
49c7dd1 build: Only emit link warnings for ELF objects
8622767 build: Use an export symbols file if there is no version script support
8f61036 build: Add -no-undefined libtool flag
ae7942b build: Do not override the default DEPENDENCIES for libbsd
a5faf17 Only use <stdio_ext.h> if present
06e8a1b Define _NSIG if it is not defined by the system
44824ac Declare environ if the system does not do so
1fb6c3f Use lockf() when flock() is not available
fe16f38 test: Use open_memstream() only if available
7c652a9 test: Do not hardcode root:root user and group names
ed2eb31 test: Fix closefrom() test on macOS
0f8bcdf test: Fix closefrom() test to handle open file descriptor limits
07192b3 test: Disable blank_stack_side_effects() on non-Hurd systems
ca3db5e build: Do not enable ASAN for musl CI pipelines
ff46386 man: Add HISTORY section to arc4random(3bsd)
4c6da57 man: Switch arc4random(3bsd) man page from OpenBSD to NetBSD
830dd88 doc: Remove written-by attribution
257800a build: Add support for sanitizer compiler flags
536a7d4 test: Exempt blank_stack_side_effects() from sanitizer checks
7ed5de0 test: Import explicit_bzero() sanitizer support changes from OpenBSD
05a802a test: Fix memory leaks in fpurge test
5962e03 man: Fix BSD and glibc versions
59a21c7 man: Update STANDARDS and HISTORY sections
7b4ebd6 include: Adjust closefrom() per glibc adoption
0dfbe76 build: Switch to debian:latest Docker image
dec783d build: Fix version script linker support detection
fe21244 include: Use __has_builtin to detect __builtin_offsetof support
ec88b7b funopen: Replace off64_t with off_t in funopen_seek()
2337719 man: Prune unneeded <sys/types.h> include in setproctitle(3)
5dea9da build: Improve C99 compatibility of __progname configure check
b9bf42d build: Enable -Wall for automake
e57c078 build: Add missing AM_PROG_AR macro call to configure.ac
80f1927 build: Fix configure.ac indentation
b7a8bc2 build: Require automake 1.11
e508962 build: Do not require funopen() to be ported
00b538f build: Terminate lists in variables with «# EOL»
5cfa39e build: Use «yes» instead of «true» for AC_CHECK_FUNCS cache value
Signed-off-by: Nick Hainke <vincent@systemli.org>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
6339204c212b CMakeLists.txt: bump minimum cmake version
c1be505732e6 udebug: fix crash in udebug_entry_vprintf with longer strings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Changes:
67f3b2a libtracefs: version 1.8
8a1322f libtracefs utest: Add tests to use mapping if supported
0a65b79 libtracefs: Add tracefs_mapped_is_supported() API
805f650 libtracefs: Call mmap ioctl if a refresh happens
cf7e2a5 libtracefs: Fix tracefs_mmap() kbuf usage
3a26b26 libtracefs: Have nonblock tracefs_cpu reads set errno EAGAIN
2b5bb09 libtracefs: Have tracefs_mmap_read() include subbuf meta data
dee0448 libtracefs: Have mapping work with the other tracefs_cpu* functions
28eebc1 libtracefs: Have tracefs_cpu_flush(_buf)() use mapping
065d914 libtracefs: Use mmapping for iterating raw events
1124e0e libtracefs: Use tracefs_cpu_*_buf() calls for iterator
f43b293 libtracefs: Unmap mmap mapping on tracefs_cpu close
0d24516 libtracefs Documentation: Fix tracefs_cpu_snapshot_open() man pages
5ff31c0 libtracefs Documentation: Add tracefs_follow_events_clear() to main man page
0c7d9f7 libtracefs: Add man pages for tracefs_snapshot_*() functions
b2dc3e0 libtracefs sql: Rename TIMESTAMP_USECS_DELTA to TIMESTAMP_DELTA_USECS
585ec77 libtracefs: Force off trace mmapping
2ed14b5 libtracefs: Add ring buffer memory mapping APIs
173ffc0 libtracefs meson: Add option to disable samples
a55e2e8 libtracefs meson: Add option to disable documentation
93e20af libtracefs: Fix tracefs_instance_reset to clear synthetic events
a1ecbff libtracefs utest: Add more tests to test tracefs_sql()
975c37c libtracefs utest: Add matches to trace_sql() tests
0567e2d libtracefs synthetic: Handle hashed name variables
fcb3a83 libtracefs synthetic: Remove multiple adding of action in tracefs_synth_save()
a9dae65 libtracefs: Fix sqlhist used uninitialized error
fe7a467 libtracefs: Add updating and reading snapshot buffers
1ad57ab libtracefs: Add PID filtering API
d8726bf libtracefs: Also clear max_graph_depth on reset
eb4dd60 libtracefs: Add TIMESTAMP_USECS_DELTA to simplify SQL timestamp compares
8c57eb4 libtracefs: Add tracefs_instance_set/get_subbuf_size()
9bafb21 libtracefs: Add API to extract ring buffer statistics
141d25e libtracefs: Add tracefs_load_headers() API
ef3fae7 libtracefs: Add kerneldoc comments to tracefs_instance_set_buffer_size()
31acfe1 libtracefs utest: Add test to test tracefs_instance_set/get_buffer_percent()
3e6d975 libtracefs: Add tracefs_instance_clear() API
c4efaaf libtracefs: Add tracefs_instance_get/set_buffer_percent()
1e1cc54 libtracefs: Add API to read tracefs_cpu and return a kbuffer
7d395b1 libtracefs: Add tracefs_instance_file_write_number()
e34cbd8 libtracefs: Increase splice to use pipe max size
1f50965 libtracefs: Add API to remove followers from an instance or toplevel
576ee0b libtracefs: Reset tracing before and after unit tests
118b694 libtracefs: Free dynamic event list in utest
5159973 libtracefs: Free tracing_dir in case of remount
df563eb libtracefs: Free buf in clear_func_filter()
3cbac37 libtracefs: Free "missed_followers" of instance
0cbe56e libtracefs testing: Use one tep handle for most tests
adac30f libtracefs Documentation: Fix tracefs_event_file_exists() issues
07ab199 libtracefs: Pass enum value where expected instead of int
bb299b4 libtracefs: fix cscope makefile rule
420d677 libtracefs: Free "followers" when freeing instance
3f436fc libtracefs: Fix documentation of tracefs_trace_pipe_stream() flags
1fde9df libtracefs: Add explicit pthread dependency to meson
d1989ae tracefs-perf: Add missing headers for syscall() and SYS_* defines
Signed-off-by: Nick Hainke <vincent@systemli.org>
To prevent use of host's library path on Void Linux:
/usr/lib/libacl.so: file not recognized: file format not recognized
collect2: error: ld returned 1 exit status
libtool: error: error: relink 'libgettextlib.la' with the above command before installing it
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
rpath handling seems to be more restrictive now. To deal with this,
link the libubox library from STAGING_DIR_HOST to STAGING_DIR_HOSTPKG, so that
packages installed to STAGING_DIR_HOSTPKG can pick it up. This mainly affects
ucode, but possibly other host builds as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
af57bb123f93 socket: add debug callbacks for rx/tx
785e11aee7dd socket: call rx debug callback once per packet instead of per batch
965c4bf49658 socket: change debug callbacks to pass struct nl_msg
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d27acfe416d6 udebug: add more checks for uninitialized buffers
df5b7147f47a udebug: add mips specific quirk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update to the latest upstream release to include recent improvements and
bugfixes. Also refresh local patches.
Link: https://github.com/libbpf/libbpf/releases/tag/v1.3.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
325fea5c57cf udebug: add functions for manipulating entry length
e84c000c4756 udebug: add inline helper function to test if a buffer is allocated
40acbe34632b udebug: wait for response after buffer add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d49aadabb7a1 lib: fix dealing with udebugd restarts
9ec5fbb6aaad ubus: report ring size and data size via ubus api
86b4396baa44 ring: add debug messages for ring alloc errors
e02306af7c50 lib: add helper function for applying ring config
b613879cb049 client: send confirmation messages for ring add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
b77f2a4ce903 uloop: fix build using C++ compilers
260ad5bd1566 udebug: add ulog support
e80dc00ee90c link librt if needed for shm_open
Signed-off-by: Felix Fietkau <nbd@nbd.name>
