Fix the cipher implementation to avoid treating empty input as finalizer.
This issue is fixed in the openssl 3.6 branch, but the fix approach from
that branch is not suitable for 3.5, since the code is completely different.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Switch to Meson build system and add missing dependency for
libtraceevent-extra.
This switch indirectly fix a compilation error on 32bit target that
weren't getting correct target CFlags. Using Meson fix honour our CFlags
and fix the compilation error.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
MUSL doesn't provide PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP as
it's only glibc and as the MACRO say, it's NP (not portable).
Add patch to check for this and disable overwriting the function
accordingly.
Fixes: 9bdf723476 ("libunistring: update to 1.4.1")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
JIT support in pcre2 allows for extra performance for regex operations in
applications that support it. As outlined in
https://pcre.org/current/doc/html/pcre2jit.html#SEC2 64-bit ARM is
supported.
I tested this on an GL.Inet MT6000 which is an aarch64 device and to my
knowledge everything works as expected. The primary application I tested
this on was haproxy, which makes use pcre for several operations.
If there are no known downsides or known breakages I suggest to
default-enable this feature for aarch64.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20891
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This version fixes multiple security problems:
CVE-2025-7395: Problem in certificate verification on Apple devices
CVE-2025-7394: Predictable results from RAND_bytes() after fork call in OpenSSL compatibility layer
CVE-2025-7396: Activate Curve25519 blinding support
See Release notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.8.0-stablehttps://github.com/wolfSSL/wolfssl/releases/tag/v5.8.2-stable
wolfSSL is now GPLv3 instead of GPLv2, see:
629c5b4cf6
The file size increased a bit:
```
546060 bin/packages/mipsel_24kc/base/libwolfssl5.7.6.e624513f-5.7.6-r1.apk
560684 bin/packages/mipsel_24kc/base/libwolfssl5.8.2.e624513f-5.8.2-r1.apk
```
Link: https://github.com/openwrt/openwrt/pull/20547
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
PKG_NAME was lost during package migration from "packages" feed to "main" feed.
Signed-off-by: Matthias Franck <matthias.franck@softathome.com>
Link: https://github.com/openwrt/openwrt/pull/20662
Signed-off-by: Robert Marko <robimarko@gmail.com>
This mainly improve the CFLAGS handling on compilation of OpenSSL.
The CFLAGS are currently passed 2 times generating compilation warning
due to -fhonour-copts passed 2 times.
This can be improved by passing the CFLAGS as env to the OpenSSL
Configure tool.
For consistency we do the same for CPPFLAGS and LDFLAGS.
This permits to drop redundant flags in the Compile phase and from the
.conf file.
Link: https://github.com/openwrt/openwrt/pull/20665
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Patch CMakeLists.txt for cmake 4.x compatibility.
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Patch CMakeLists.txt in selected apps for cmake 4.x compatibility.
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Patch CMakeLists.txt in selected apps for cmake 4.x compatibility.
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 096739a93d.
The new fortify-headers version needs some more work to be usable in
OpenWrt. Revert this to fix the builds again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add compatibility with the new fortify-headers 2.3.3 by
disabling two warnings.
Fixes: 6268692bd2 ("toolchain: fortify-headers: Update to version 2.3.3")
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20552
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
release is Moderate.
This release incorporates the following bug fixes and mitigations:
Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
(CVE-2025-9230)
Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
(CVE-2025-9231)
Fix Out-of-bounds read in HTTP client no_proxy handling.
(CVE-2025-9232)
Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release
builds, as it broke some exiting applications that relied on the previous
3.x semantics, as documented in OpenSSL_version(3).
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/20275
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
d3be5474f6e6 udebug-cli: ignore zero-length messages in logstream
c79f02d899df ucode: fix skipping lines where the timestamp cannot be parsed
5327524e7153 cmake: bump minimum required version to 3.13
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If there is used $(PKG_NAME) in PKG_SOURCE_URL,
then it can not be copy&pasted to the browser's address bar.
Let's remove $(PKG_NAME) and use hardcoded project name
in the PKG_SOURCE_URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20193
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix typo in patch file suffix.
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20178
Signed-off-by: Robert Marko <robimarko@gmail.com>
Removed upstreamed patch: 0001-Don-t-keep-the-store-open-in-by_store_ctrl_ex.patch
Release notes:
This is a bug fix release.
This release incorporates the following bug fixes and mitigations:
Added FIPS 140-3 PCT on DH key generation.
Fixed the synthesised OPENSSL_VERSION_NUMBER.
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/20133
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The version of libxml2 was bumped from 2.13.6 to 2.14.5. Since version
2.14, libxml2 is not binary compatible with older versions. Therefore
add an abi version.
From the NEWS file:
Binary compatibility is restricted to versions 2.14 or newer. On ELF
systems, the soname was bumped from libxml2.so.2 to libxml2.so.16.
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
Link: https://github.com/openwrt/openwrt/pull/19983
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
gettext-full only provides libintl which is not licensed under
GPL-3.0.-or-later but under LGPL-2.1-or-later as stated in
gettext-runtime/intl/COPYING.LIB
Fixes: c10d97484a (Add more license tags with SPDX identifiers)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19943
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
