* rules: fix broken commitcount on alpine system
To generate commitcount we use grep --max-count. This is not present on
alpine grep and cause wrong generation. Use -m as it's just the short
version of --max-count and more portable.
Fixes: #11200
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* image-commands.mk: Be consistent in command invocation
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
* image: fix device profile specific COMPILE targets
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
* trusted-firmware-a.mk: use correct CPE ID
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fritz-tools: fritz_tffs_nand: exclude oob code when disabled
Skip unnecessary stuff if checking the oob data is disabled.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* fritz-tools: fritz_tffs_nand: get rid of struct tffs_sectors
This doesn't help and "[0]" gets in the way of bounds checks.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* fritz-tools: fritz_tffs_nand: cache already read sector ids
This speeds up the tool significantly, especially when using the "-a"
argument.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: update to 6.0.0
Release Notes:
https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/
Remove upstreamed patch:
- 010-ipstats-Add-param.h-for-musl.patch
Refreshed:
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
* iproute2: update to 6.1.0
Announcement:
https://lore.kernel.org/netdev/20221214094130.7b11ec2e@hermes.local/T/#t
Refresh patch:
- 170-ip_tiny.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
* tools/xz: update to 5.2.10
Update to latest version.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* Revert "Revert "tools/upx: remove (#10622)""
This reverts commit d3e16f203a.
* kernel: Make use of KERNEL_MAKE
Make use of KERNEL_MAKE in kernel packages were easily possible.
This moves some more code to common places and reduces the number of
lines.
It is defined like this:
KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: gcc: backport patches to fix build with glibc 2.36
glibc 2.36 changed the definition of enum fsconfig_command, it now
collides with the same definition from sys/mount.h. Remove the include
of linux/fs.h This still compiled with musl too.
This backports a patch which is already in the stable branch of GCC 11
and GCC 12.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Update to glibc 2.36
This updates to glibc to version 2.36.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/llvm: update to 15.0.6
Release Notes:
https://discourse.llvm.org/t/llvm-15-0-0-release/65099https://discourse.llvm.org/t/llvm-15-0-1-released/65380https://discourse.llvm.org/t/llvm-15-0-2-released/65695https://discourse.llvm.org/t/llvm-15-0-3-released/66036https://discourse.llvm.org/t/llvm-15-0-4-released/66337https://discourse.llvm.org/t/llvm-15-0-5-release/66616https://discourse.llvm.org/t/llvm-15-0-6-released/66899
Remove HOST_BUILD_PARALLEL as it's default now.
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Co-authored-by: Olliver Schinagl <oliver@schinagl.nl>
Co-authored-by: Michael Pratt <mcpratt@pm.me>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Andre Heider <a.heider@gmail.com>
Co-authored-by: Kien Truong <duckientruong@gmail.com>
Co-authored-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Enable this option and thus re-include crypt() support for the SHA256,
SHA512 and Blowfish ciphers on all devices. According to commit
9365745f8e7b ("musl: add a hack to remove unused crypt() algorithms,
saves ~14k after lzma") it should add about ~14k to the resulting image,
which seems to be a reasonable size increase for consistent crypt()
support.
Decided to not remove this hack completely as it might be still useful
for people trying to fit custom images onto smaller devices and the
patch is rather simple so we can afford to keep it for now.
References: https://github.com/openwrt/openwrt/pull/1331
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This updates to glibc to version 2.35.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
* glibc: update to latest 2.33 HEAD (bug 28011)
b5711025bc x86_64: Remove unneeded static PIE check for undefined weak diagnostic
edfd11197e wordexp: handle overflow in positional parameter number (bug 28011)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* glibc: update to latest 2.33 HEAD (bug 28213)
9b01145592 MIPS: Setup errno for {f,l,}xstat
9c676ef514 RISC-V: Update rv64 ULPs
c6cadbf83a linux: Remove shmmax check from tst-sysvshm-linux
22d37364ae librt: add test (bug 28213)
27a78fd712 librt: fix NULL pointer dereference (bug 28213)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* toolchain: glibc: Update to version 2.34
glibc version 2.34 does not provide versioned shared libraries any more,
it only provides shared libraries using the ABI version. Do not try to
copy them any more.
The functions from libpthread and librt were integrated into the main
binary, the libpthread.so and librt.so are only used for backwards
compatibility any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Increase minimum kernel version to 5.4
Increase the minimum kernel version needed by the glibc compiled for
OpenWrt to version 5.4. With this setting the glibc build will remove
all code needed to support older kernel versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Enable --enable-bind-now
Enable --enable-bind-now when CONFIG_PKG_RELRO_FULL is set. This option
is activated by default. This will enable full RELRO protection.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* glibc: update to 2.34 HEAD
72123e1b56 NEWS: Add a bug entry for BZ #28755
08beb3a3f4 x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
b50d5b746c x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
1b9cd6a721 NEWS: add bug entry for BZ #28769 and BZ #28770
3438bbca90 Linux: Detect user namespace support in io/tst-getcwd-smallbuff
d084965adc realpath: Avoid overwriting preexisting error (CVE-2021-3998)
472e799a5f getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
8c8a71c85f tst-realpath-toolong: Fix hurd build
f7a79879c0 realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770]
73c362840c stdlib: Fix formatting of tests list in Makefile
269eb9d930 stdlib: Sort tests in Makefile
062ff490c1 support: Add helpers to create paths longer than PATH_MAX
82b1acd9de powerpc: Fix unrecognized instruction errors with recent binutils
1d401d1fcc x86: use default cache size if it cannot be determined [BZ #28784]
6890b8a3ae CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
1081f1d3dd sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
7b5d433fd0 CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
5575daae50 socket: Add the __sockaddr_un_set function
03e6e02e6a Disable debuginfod in printer tests [BZ #28757]
705f1e4606 Update syscall lists for Linux 5.16
2fe2af88ab i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bug 28771)
73558ffe84 Update syscall lists for Linux 5.15
e64235ff42 powerpc: Fix unrecognized instruction errors with recent GCC
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* toolchain: glibc: Remove patch for ARC700
The ARC700 target was renoved, this patch is not needed any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hans Dedecker <dedeckeh@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
58b90461ae elf: Use _dl_catch_error from base namespace in dl-libc.c [BZ #27646]
8c06748c51 Fix use of __pthread_attr_copy in mq_notify (bug 27896)
4b6be914bd Use __pthread_attr_copy in mq_notify (bug 27896)
f4cba6ca1e dlfcn: Failures after dlmopen should not terminate process [BZ #15271]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
