ABI version is added to a package name during packaging, so there's no
need to specify it manually. And nothing explicitly depends on libelf1.
Fixes: d7bf089 ("elfutils: rename libelf1 to libelf")
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21369
(cherry picked from commit 8cc2743c48)
Link: https://github.com/openwrt/openwrt/pull/21547
Signed-off-by: Robert Marko <robimarko@gmail.com>
Packages shouldn't provide a package that another package, in this case
wget from packages provides. Explicitly provide a virtual @wget-any
instead to match the implicit wget provide and switch the only consumer
to use the new provider.
Set uclient-fetch as the default variant for wget-any.
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21369
(cherry picked from commit af1fa176c3)
Link: https://github.com/openwrt/openwrt/pull/21547
Signed-off-by: Robert Marko <robimarko@gmail.com>
Ensure -fPIC is passed during the linking stage to fix LTO build
failures (relocation errors) on MIPS and other architectures.
Fixes: #20436
Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21455
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 4ff0f496a4)
libc depends on knowing libgcc's ABI, so it needs to be evaluated first.
Otherwise libc will depend on an ABI-less libgcc causing the rest of the
toolchain to fail.
Building package index...
ERROR: unable to select packages:
libgcc (virtual):
note: please select one of the 'provided by'
packages explicitly
provided by: libgcc1
required by: world[libgcc]
Before:
libc fused dependencies: libgcc
libgcc fused dependencies:
libatomic fused dependencies: libgcc1
After:
libgcc fused dependencies:
libc fused dependencies: libgcc1
libatomic fused dependencies: libgcc1
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21265
(cherry picked from commit 5e32bfbf4b)
Link: https://github.com/openwrt/openwrt/pull/21253
Signed-off-by: Robert Marko <robimarko@gmail.com>
This reverts commit c25265953b.
Linking of libpsx.so from libcap 2.77 fails on powerpc 464fp. Revert
back to the older version which works.
Bug report: https://bugzilla.kernel.org/show_bug.cgi?id=220860
Fixes: c25265953b ("libcap: update to 2.77")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5b0617ae1f)
Update to latest release.
Add patch `003-Revert-libcap-Add-build-ldflags-to-_makenames-rule.patch`
to fix errors in the form of:
```
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(__stack_chk_fail.o): relocation R_X86_64_32 against symbol `__stack_chk_guard' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(strerror.o): relocation R_X86_64_32 against `.rodata.errmsgstr' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(realloc.o): relocation R_X86_64_32S against hidden symbol `__malloc_size_classes' can not be used when making a PIE object
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(__stdout_write.o): relocation R_X86_64_32S against hidden symbol `__stdio_write' can not be used when making a PIE object
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(ofl.o): relocation R_X86_64_32 against `.bss.ofl_lock' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(stderr.o): warning: relocation against `__stderr_FILE' in read-only section `.rodata.stderr'
/usr/bin/ld.bfd: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
(.text+0x12): undefined reference to `__libc_csu_fini'
/usr/bin/ld.bfd: (.text+0x19): undefined reference to `__libc_csu_init'
collect2: error: ld returned 1 exit status
```
Changes: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/diff/?id=v1.2.77&id2=v1.2.69&dt=2
The apk size did not increase much:
Old size for armsr/armv8:
16245 libcap-2.69-r1.apk
new size for armsr/armv8:
16315 libcap-2.77-r1.apk
Signed-off-by: Nick Hainke <vincent@systemli.org>
Link: https://github.com/openwrt/openwrt/pull/20881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
libunwind fails to compile because the include for the WORDSIZE
definition was missing when compiling with musl libc.
This lead to unw_word_t being defined as 64 bit long instead
of the correct 32 bit.
Signed-off-by: David Bauer <mail@david-bauer.net>
Fix the cipher implementation to avoid treating empty input as finalizer.
This issue is fixed in the openssl 3.6 branch, but the fix approach from
that branch is not suitable for 3.5, since the code is completely different.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Switch to Meson build system and add missing dependency for
libtraceevent-extra.
This switch indirectly fix a compilation error on 32bit target that
weren't getting correct target CFlags. Using Meson fix honour our CFlags
and fix the compilation error.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
MUSL doesn't provide PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP as
it's only glibc and as the MACRO say, it's NP (not portable).
Add patch to check for this and disable overwriting the function
accordingly.
Fixes: 9bdf723476 ("libunistring: update to 1.4.1")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
JIT support in pcre2 allows for extra performance for regex operations in
applications that support it. As outlined in
https://pcre.org/current/doc/html/pcre2jit.html#SEC2 64-bit ARM is
supported.
I tested this on an GL.Inet MT6000 which is an aarch64 device and to my
knowledge everything works as expected. The primary application I tested
this on was haproxy, which makes use pcre for several operations.
If there are no known downsides or known breakages I suggest to
default-enable this feature for aarch64.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20891
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This version fixes multiple security problems:
CVE-2025-7395: Problem in certificate verification on Apple devices
CVE-2025-7394: Predictable results from RAND_bytes() after fork call in OpenSSL compatibility layer
CVE-2025-7396: Activate Curve25519 blinding support
See Release notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.8.0-stablehttps://github.com/wolfSSL/wolfssl/releases/tag/v5.8.2-stable
wolfSSL is now GPLv3 instead of GPLv2, see:
629c5b4cf6
The file size increased a bit:
```
546060 bin/packages/mipsel_24kc/base/libwolfssl5.7.6.e624513f-5.7.6-r1.apk
560684 bin/packages/mipsel_24kc/base/libwolfssl5.8.2.e624513f-5.8.2-r1.apk
```
Link: https://github.com/openwrt/openwrt/pull/20547
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
PKG_NAME was lost during package migration from "packages" feed to "main" feed.
Signed-off-by: Matthias Franck <matthias.franck@softathome.com>
Link: https://github.com/openwrt/openwrt/pull/20662
Signed-off-by: Robert Marko <robimarko@gmail.com>
This mainly improve the CFLAGS handling on compilation of OpenSSL.
The CFLAGS are currently passed 2 times generating compilation warning
due to -fhonour-copts passed 2 times.
This can be improved by passing the CFLAGS as env to the OpenSSL
Configure tool.
For consistency we do the same for CPPFLAGS and LDFLAGS.
This permits to drop redundant flags in the Compile phase and from the
.conf file.
Link: https://github.com/openwrt/openwrt/pull/20665
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Patch CMakeLists.txt for cmake 4.x compatibility.
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Patch CMakeLists.txt in selected apps for cmake 4.x compatibility.
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Patch CMakeLists.txt in selected apps for cmake 4.x compatibility.
New cmake versions require at least 3.5 as 'cmake_minimum_required'
in CMakeLists.txt. In future 3.10 will be required.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20265
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 096739a93d.
The new fortify-headers version needs some more work to be usable in
OpenWrt. Revert this to fix the builds again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add compatibility with the new fortify-headers 2.3.3 by
disabling two warnings.
Fixes: 6268692bd2 ("toolchain: fortify-headers: Update to version 2.3.3")
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/20552
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
release is Moderate.
This release incorporates the following bug fixes and mitigations:
Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
(CVE-2025-9230)
Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
(CVE-2025-9231)
Fix Out-of-bounds read in HTTP client no_proxy handling.
(CVE-2025-9232)
Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release
builds, as it broke some exiting applications that relied on the previous
3.x semantics, as documented in OpenSSL_version(3).
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/20275
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
