This reverts commit 096739a93d.
The new fortify-headers version needs some more work to be usable in
OpenWrt. Revert this to fix the builds again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
release is Moderate.
This release incorporates the following bug fixes and mitigations:
Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
(CVE-2025-9230)
Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
(CVE-2025-9231)
Fix Out-of-bounds read in HTTP client no_proxy handling.
(CVE-2025-9232)
Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release
builds, as it broke some exiting applications that relied on the previous
3.x semantics, as documented in OpenSSL_version(3).
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/20275
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
d3be5474f6e6 udebug-cli: ignore zero-length messages in logstream
c79f02d899df ucode: fix skipping lines where the timestamp cannot be parsed
5327524e7153 cmake: bump minimum required version to 3.13
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If there is used $(PKG_NAME) in PKG_SOURCE_URL,
then it can not be copy&pasted to the browser's address bar.
Let's remove $(PKG_NAME) and use hardcoded project name
in the PKG_SOURCE_URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20193
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Removed upstreamed patch: 0001-Don-t-keep-the-store-open-in-by_store_ctrl_ex.patch
Release notes:
This is a bug fix release.
This release incorporates the following bug fixes and mitigations:
Added FIPS 140-3 PCT on DH key generation.
Fixed the synthesised OPENSSL_VERSION_NUMBER.
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/20133
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The version of libxml2 was bumped from 2.13.6 to 2.14.5. Since version
2.14, libxml2 is not binary compatible with older versions. Therefore
add an abi version.
From the NEWS file:
Binary compatibility is restricted to versions 2.14 or newer. On ELF
systems, the soname was bumped from libxml2.so.2 to libxml2.so.16.
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
Link: https://github.com/openwrt/openwrt/pull/19983
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6e4ffe2c6657 ucode: add function for getting the number of entries in a snapshot
a62edd89255b ucode: add support for fetching kernel tracepoint events
edeb4d6dc690 udebug-cli: add support for streaming tracing data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3d953628bf17 udebugd: add support for setting an override config
93f6df0240e5 udebug-cli: add support for overriding config on the command line
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Running the bootstrap script autogen.sh
handles the execution of autotools already,
so calling autoreconf before configure
makes this happen twice, which is unnecessary
and can lead to an occasional build problem.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Link: https://github.com/openwrt/openwrt/pull/19748
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, the build system overrides the value of the CC variable
for actual compilation after configuring for target builds.
However, the configure script now modifies the CC variable
to include "-std=gnu23" when the test for C23 features is successful.
The configure script also tests for the ability to use alignof
without including the stdalign.h header, and only includes it if necessary.
The test in the configure script is being done with the C23 standard option
but the compilation is being done without the C23 standard option,
leading to an unusual build error where alignof() is not defined.
Resolving the conflict between the autoconf macros and the build system
causes several other packages to fail, so instead in the meantime,
force the use of C23 standard to compile as part of the new standard
includes alignof as a keyword to deprecate the stdalign.h macro.
Forcing use of the new standard is safe for target builds
as the toolchain is known to support the option
and is always within our scope of version control.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Link: https://github.com/openwrt/openwrt/pull/19748
Signed-off-by: Robert Marko <robimarko@gmail.com>
OpenSSL 3.5.2 is a bug fix release:
This release incorporates the following bug fixes and mitigations:
Miscellaneous minor bug fixes.
The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc (Intel N150 based box)
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19725
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
