Update musl C library to 1.2.6. Fixes CVE-2025-26519
* Patches refreshed. Unnecessary upstream patch removed.
* Add a post-release patch for timezone handling in datetime string
matching (affecting at least uhttpd):
bug report: https://www.openwall.com/lists/musl/2026/03/22/3
fix: https://www.openwall.com/lists/musl/2026/03/30/6
1.2.6 release notes
https://git.musl-libc.org/cgit/musl/tree/WHATSNEW?id=9fa28ece75d8a2191de7c5bb53bed224c5947417
new features:
- posix_getdents interface (new in POSIX-2024)
- renameat2 interface (linux extension)
- iconv support for CP858
- vdso clock_gettime for riscv{32,64}, powerpc{,64}, and s390x
- loongarch64 TLSDESC support
- exposed __getauxval for compiler runtime use detecting cpu features
compatibility:
- initgroups no longer artificially limits number of supplementary groups
- getusershell now skips blank lines and comments
- exit is now explicitly thread-safe (possible future requirement)
- atexit now fails rather than deadlocking if called from late dtor
- strerror now has error strings for EUCLEAN and ENAVAIL
- isatty no longer collapses errors to ENOTTY
- sched.h namespace pollution with _GNU_SOURCE is reduced
- hasmntopt now matches only whole options, not arbitrary substrings
- shadow.h no longer declares an unimplemented sgetspent interface
- vdso with missing sysv hash table (only gnu hash) is now supported
conformance:
- pwrite now handles O_APPEND correctly, reports error if it can't
- mbnrtowcs now conforms to new POSIX-2024 requirement for partial character
- iconv GBK now properly includes euro symbol
- strptime now accepts conversion specifiers added in POSIX-2024
- inet_ntop IPv6 "zero compression" now conforms to RFC 5952
bugs fixed:
- iconv euc-kr decoder could do oob writes on invalid inputs (CVE-2025-26519)
- iconv shift_jis decoder could produce wrong outputs for some invalid inputs
- printf did not honor hex float precision correctly in some cases
- lost or delayed wakes in sem_post under race condition
- termios input speed handling was wrong
- strcasestr failed to match zero-length needle
- fma handled corner case with negative zero wrongly
- syslog LOG_MAKEPRI macro was incorrect
- timer_create is no longer affected by known pthread_barrier bugs
- sysconf(_SC_MINSIGSTKSZ) computed min size incorrectly
- statx emulation left some fields uninitialized
- mntent wrongly included final newline in parsed field output
- SIGEV_THREAD timers could abort process if SIGTIMER became unblocked
- bind_textdomain_codeset returned wrong value
arch-specific bugs fixed:
- early dynamic linker handled page size wrong on dynamic pagesize archs
- arm and aarch64 crti/n files had wrong alignment
- m68k POLLWRNORM and POLLWRBAND values were incorrect
- x32 mq ABI was mismatched
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/22547
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes:
* CVE-2026-6042: Algorithmic Complexity DoS in musl libc iconv
* CVE-2026-40200: musl libc: stack corruption in qsort with sufficiently large inputs
Link: https://github.com/openwrt/openwrt/pull/23329
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch backports a small but important part of the upstream commit:
b3f1b9e2aa07 build: Remove INCLUDE_MEMORY [PR117737]
Its original commit message fails to mention that the commit also moves
the `#include <memory>` to an earlier position within system.h,
which is the actual change that we're after in this patch.
Building our GCC 14.3 with host GCC 16, the inclusion order starts to matter,
which is an issue that was also touched upon by the upstream commits:
9970b576b7e4 Include safe-ctype.h after C++ standard headers, to avoid over-poisoning
f6e00226a4ca build: Move sstream include above safe-ctype.h {PR117771]
Signed-off-by: Lars Gierth <larsg@systemli.org>
Link: https://github.com/openwrt/openwrt/pull/23095
Signed-off-by: Robert Marko <robimarko@gmail.com>
libcody will fail to build if building using a GCC16 host compiler, so
backport the upstream fix.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Take in account only first two version components to lookup patch directory.
Hovewer, computed "BASE_VERSION" may be overridden (if necessary).
This change should prevent further issues with binutils being unpatched, see commits adad973a9c and 525a1e94b3.
Also drop obsolete "BIN_VERSION" variable (not used anywhere).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21997
Signed-off-by: Nick Hainke <vincent@systemli.org>
Rename the patches folder too and also adapt the name in the toolchain menu.
Without changing the patches folder name the patches are not applied.
Fixes: adad973a9c ("toolchain: binutils: update to 2.45.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some applications might activate -Werror=format-nonliteral when building
their application. This breaks fortify headers build. Tell GCC to ignore
such warnings for this code.
This fixes the libubox and ucode build:
```
/include/fortify/stdio.h: In function 'snprintf':
/include/fortify/stdio.h:101:9: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
101 | return __orig_snprintf(__s, __n, __f, __builtin_va_arg_pack());
| ^~~~~~
/include/fortify/stdio.h: In function 'sprintf':
/include/fortify/stdio.h:110:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
110 | __r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
| ^~~
/include/fortify/stdio.h:114:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
114 | __r = __orig_sprintf(__s, __f, __builtin_va_arg_pack());
| ^~~
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.
```
Link: https://github.com/openwrt/openwrt/pull/22042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
373408c19f stdlib: resolve a double lock init issue after fork [BZ #32994]
62928cf7d8 elf: Do not add a copy of _dl_find_object to libc.so
f48de98bce elf: Extract rtld_setup_phdr function from dl_main
513629b14d elf: Handle ld.so with LOAD segment gaps in _dl_find_object (bug 31943)
1502c248d5 nptl: Fix SYSCALL_CANCEL for return values larger than INT_MAX (BZ 33245)
daa4de5253 AArch64: Avoid memset ifunc in cpu-features.c [BZ #33112]
0bb6dad5af AArch64: Optimize algorithm in users of SVE expf helper
2a0b52fdd6 AArch64: Optimize inverse trig functions
307a8a4434 AArch64: Improve codegen in SVE log1p
503f7a7d33 AArch64: Optimize SVE exp functions
6db0f659c8 AArch64: Optimise SVE FP64 Hyperbolics
c467918138 AArch64: Improve codegen SVE log1p helper
330cd035df Remove <libc-tsd.h>
f409ec073f Use proper extern declaration for _nl_C_LC_CTYPE_{class,toupper,tolower}
5d8614b284 ctype: Fallback initialization of TLS using relocations (bug 19341, bug 32483)
940d821afb Use TLS initial-exec model for __libc_tsd_CTYPE_* thread variables [BZ #33234]
4a3e5f1e4c elf: Introduce separate _r_debug_array variable
9d6577fdff elf: Introduce _dl_debug_change_state
b05ce0de3d elf: Restore support for _r_debug interpositions and copy relocations
85780b6055 elf: Compile _dl_debug_state separately (bug 33224)
dd87fcda43 x86-64: Add GLIBC_ABI_GNU2_TLS version [BZ #33129]
e2d9e9eb26 x86-64: Add GLIBC_ABI_DT_X86_64_PLT [BZ #33212]
3f3b4fdd0b elf: Fix handling of symbol versions which hash to zero (bug 29190)
42f9c70ac2 elf: Test dlopen (NULL, RTLD_LAZY) from an ELF constructor
aa5dbd5332 elf: Preserve _rtld_global layout for the release branch
c1bec0b52d i386: Update ___tls_get_addr to preserve vector registers
7aa907241c i386: Also add GLIBC_ABI_GNU2_TLS version [BZ #33129]
ed4672abb5 i386: Add GLIBC_ABI_GNU_TLS version [BZ #33221]
a52c9b75c7 Optimize __libc_tsd_* thread variable access
9867e44cdc AArch64: Fix SVE powf routine [BZ #33299]
cf926cd7fb nss: Group merge does not react to ERANGE during merge (bug 33361)
4b1f8c90f9 x86: Detect Intel Wildcat Lake Processor
7c0632472d x86: Detect Intel Nova Lake Processor
580746904b x86: fix wmemset ifunc stray '!' (bug 33542)
1f57ffdf35 aarch64: Disable ZA state of SME in setjmp and sigsetjmp
97076e0cf1 aarch64: update tests for SME
1a0ee26714 aarch64: define macro for calling __libc_arm_za_disable
889ae4bdbb aarch64: clear ZA state of SME before clone and clone3 syscalls
e4ffcf32b9 aarch64: tests for SME
5bf8ee7ad5 aarch64: fix cfi directives around __libc_arm_za_disable
75b6b263e9 aarch64: Do not link conform tests with -Wl,-z,force-bti (bug 33601)
215e9155ea aarch64: fix includes in SME tests
360f60fb63 AArch64: Optimise SVE scalar callbacks
ca489fc802 AArch64: Fix instability in AdvSIMD tan
442cc3901b AArch64: Fix instability in AdvSIMD sinh
1e16b570bb AArch64: fix SVE tanpi(f) [BZ #33642]
5c6445672a AArch64: Fix and improve SVE pow(f) special cases
040256e79b ppc64le: Restore optimized strcmp for power10
f8cdc03e1e ppc64le: Restore optimized strncmp for power10
6a0b8e3665 ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091)
Link: https://github.com/openwrt/openwrt/pull/20989
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 6268692bd2.
The new fortify-headers version needs some more work to be usable in
OpenWrt. Revert this to fix the builds again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 61f16a6960.
The new fortify-headers version needs some more work to be usable in
OpenWrt. Revert this to fix the builds again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix some warnings and compile errors generated by the new
fortify-headers when compiling some applications like strace.
Fixes: 6268692bd2 ("toolchain: fortify-headers: Update to version 2.3.3")
Link: https://github.com/openwrt/openwrt/pull/20561
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Parsing "git log" is fragile. The actual output depends on both global and
local configuration files. Enabling "log.showSignature" makes "git log" prefix
signed commits with multiple lines of gpg verify output, regardless of the
configured log format.
Add "--no-show-signature" to "git log" commands to work around this particular
issue.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Link: https://github.com/openwrt/openwrt/pull/20127
Signed-off-by: Robert Marko <robimarko@gmail.com>
These instructions are for 64-bit load/store. On ARMv5TE, the CPU
requires addresses to be aligned to 64-bit. When misaligned, behavior is
undefined (effectively either loads the same word twice on LDRD, or
corrupts surrounding memory on STRD).
On ARMv6 and newer, unaligned access is safe.
Removing these instructions for ARMv5TE is necessary, because GCC
ignores alignment information in pointers and does unsafe optimizations
that have shown up as bugs in various places.
This patch was originally added more than 11 years ago in commit b050f87d13,
but got lost 6 years ago, when gcc 9.1 was added in 88c07c6552.
This primarily affects the kirkwood and ixp4xx targets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
9f48a8abb2b2 Remove advisories from release branch
0a7c7a3e283a NEWS: start new section
bdccbfbc52d3 math: Fix log10p1f internal table value (BZ 32626)
d85a7719536f math: Fix sinhf for some inputs (BZ 32627)
cb7f20653724 nptl: Correct stack size attribute when stack grows up [BZ #32574]
cf88351b685d math: Fix tanf for some inputs (BZ 32630)
69fda28279b4 assert: Add test for CVE-2025-0395
1e0e33e1b19a Fix tst-aarch64-pkey to handle ENOSPC as not supported
a900dbaf70f0 x86 (__HAVE_FLOAT128): Defined to 0 for Intel SYCL compiler [BZ #32723]
2cb04444b934 math: Fix `unknown type name '__float128'` for clang 3.4 to 3.8.1 (bug 32694)
07288c7445bb math: Add optimization barrier to ensure a1 + u.d is not reused [BZ #30664]
30992cb5e9d7 RISC-V: Fix IFUNC resolver cannot access gp pointer
7c9a0868077c Aarch64: Improve codegen in SVE asinh
94859e86807a Aarch64: Improve codegen in SVE exp and users, and update expf_inline
f3d9c116cb0a AArch64: Improve codegen for SVE erfcf
2025e27a817f AArch64: Improve codegen for SVE pow
7774a9d07ab2 AArch64: Improve codegen for SVE powf
6d1f97bb0667 aarch64: Add configure checks for GCS support
fda5730898bc aarch64: Add tests for Guarded Control Stack
61ba3cdfa9e9 aarch64: Add GCS tests for transitive dependencies
8d98ee8d70cd aarch64: Add GCS tests for dlopen
009c5a2dca7c aarch64: Add GCS test with signal handler
e0bc5f64eaf7 math: Improve layout of exp/exp10 data
c47c3890f15e AArch64: Add SVE memset
89be78704ed8 AArch64: Use prefer_sve_ifuncs for SVE memset
56609f8df1fa Pass -Wl,--no-error-execstack for tests where -Wl,-z,execstack is used [PR32717]
746ef8e93964 static-pie: Skip the empty PT_LOAD segment at offset 0 [BZ #32763]
fd202462c5f8 elf: Check if __attribute__ ((aligned (65536))) is supported
91f8cff2c48f configure: Fix spelling of -Wl,--no-error-execstack option
1a3083b99992 posix: Move environ helper variables next to environ definition (bug 32541)
66fc3bd75871 math: Remove an extra semicolon in math function declarations
33bfd9020fda Linux: Remove attribute access from sched_getattr (bug 32781)
e22c132484ea nptl: clear the whole rseq area before registration
98c712855d66 nptl: PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug 32786)
ce9b765522f0 nptl: Check if thread is already terminated in sigcancel_handler (BZ 32782)
6a3a4a5e583a x86_64: Add tanh with FMA
7e72fa7577f2 x86_64: Add sinh with FMA
bcd4cf9d5ff2 x86_64: Add atanh with FMA
a282e2c0aee8 x86: Skip XSAVE state size reset if ISA level requires XSAVE
80cd6566496e x86: Use separate variable for TLSDESC XSAVE/XSAVEC state size (bug 32810)
200d20123cb8 x86: Link tst-gnu2-tls2-x86-noxsave{,c,xsavec} with libpthread
b861755a84ee elf: Extend glibc.rtld.execstack tunable to force executable stack (BZ 32653)
d6d56af6e78c elf: Fix arm-linux-gnueabihf build break from b861755a84
f68b407d4bc5 x86: Optimize xstate size calculation
aca31d27123d x86: Add ARL/PTL/CWF model detection support
a53e76465791 x86: Handle unknown Intel processor with default tuning
046b33800c3e x86: Detect Intel Diamond Rapids
5cb575ca9a3d elf: tst-audit10: split AVX512F code into dedicated functions [BZ #32882]
5b4c4617016d nptl: Fix pthread_getattr_np when modules with execstack are allowed (BZ 32897)
5cf17ebc659c hurd: Fix tst-stack2 test build on Hurd
dab44a3b2bb5 elf: Keep using minimal malloc after early DTV resize (bug 32412)
2ca34d76270d support: Use const char * argument in support_capture_subprogram_self_sgid
624285af3bfc elf: Test case for bug 32976 (CVE-2025-4802)
899dd3ab2fc2 x86_64: Fix typo in ifunc-impl-list.c.
515d4166f4db elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
d952c6efaa87 sparc: Fix argument passing to __libc_start_main (BZ 32981)
84bdbf8a6f2f ppc64le: Revert "powerpc: Optimized strncmp for power10" (CVE-2025-5745)
55cdcadf7306 ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702)
b48d7ab03643 ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059)
0c76c951620f ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702)
61e461ed0c16 sparc: Fix sparc32 Fix argument passing to __libc_start_main (BZ 32981)
11e634ccf32e support: Pick group in support_capture_subprogram_self_sgid if UID == 0
6e489c17f827 Fix error reporting (false negatives) in SGID tests
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.39 has removed libcrypt completely:
- configuration flag "--enable-crypt" is obsolete and removed
- patch "050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch"
does not matter anymore
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When using an external toolchain, the SetToolchainInfo function
is missing a qstrip call on GCC_VERSION, which results in quotes
making it to the toolchain info.mk file.
This leads to a failure to build the libgcc ipk package because
the quotes make it to its version and filename. For some reason,
it only fails on the first make invocation, but succeeds on
subsequent ones on my setup.
Fix this issue by adding the qstrip, making it consistent with
the internal toolchain approach.
Signed-off-by: Ondrej Cierny <o.cierny@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19192
Signed-off-by: Robert Marko <robimarko@gmail.com>
There is no practical value in keeping GCC11 around, as even OpenWrt 23.05
uses GCC12 as the default one, so drop it.
Signed-off-by: Robert Marko <robimarko@gmail.com>
3be3728d elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
454f24e9 support: Use const char * argument in support_capture_subprogram_self_sgid
4335cd9b support: Add support_record_failure_barrier
31fa0f73 elf: Test case for bug 32976 (CVE-2025-4802)
ca41fe44 x86_64: Fix typo in ifunc-impl-list.c.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18863
Signed-off-by: Robert Marko <robimarko@gmail.com>
During the build of perl, the following ICE was reported in
https://github.com/openwrt/packages/issues/24565 when targeting PowerPC:
during RTL pass: reload
blocksort.c: In function 'mainSort.isra':
blocksort.c:1011:1: internal compiler error: in patch_jump_insn, at cfgrtl.cc:1303
1011 | }
| ^
0x7d49cee29d8f __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
0x7d49cee29e3f __libc_start_main_impl
../csu/libc-start.c:392
Please submit a full bug report, with preprocessed source (by using -freport-bug).
Please include the complete backtrace with any bug report.
See <http://bugs.openwrt.org/> for instructions.
The same issue also caused the CI failures in
https://github.com/openwrt/packages/pull/26501.
The issue only occurs with GCC 14.2.0, but not with the head of the
releases/gcc-14 maintenance branch; a bisect found that this patch fixes
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Link: https://github.com/openwrt/openwrt/pull/18797
Signed-off-by: Robert Marko <robimarko@gmail.com>
Backport patch from upstream GCC 14 branch which fixes linking with
MIPS16 on the pistachio target.
This fixes the following link problem:
```
/builder/shared-workdir/build/staging_dir/toolchain-mipsel_24kc+24kf_gcc-14.2.0_musl/lib/gcc/mipsel-openwrt-linux-musl/14.2.0/../../../../mipsel-openwrt-linux-musl/bin/ld.bfd: ./liblua.so: undefined reference to `__mips16_ledf2'
/builder/shared-workdir/build/staging_dir/toolchain-mipsel_24kc+24kf_gcc-14.2.0_musl/lib/gcc/mipsel-openwrt-linux-musl/14.2.0/../../../../mipsel-openwrt-linux-musl/bin/ld.bfd: ./liblua.so: undefined reference to `__mips16_call_stub_df_2'
/builder/shared-workdir/build/staging_dir/toolchain-mipsel_24kc+24kf_gcc-14.2.0_musl/lib/gcc/mipsel-openwrt-linux-musl/14.2.0/../../../../mipsel-openwrt-linux-musl/bin/ld.bfd: ./liblua.so: undefined reference to `__mips16_muldf3'
```
Link: https://github.com/openwrt/openwrt/pull/18688
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 57841c83d9.
This is completely breaking the inital GCC configuration and most likely
was not even compile tested, so revert until fixed.
Signed-off-by: Robert Marko <robimarko@gmail.com>
GCC15 has switched the C language default from GNU17 to GNU23[1] and this
causes builds to fail with:
In file included from mips-opc.c:29:
mips-opc.c: In function 'decode_mips_operand':
mips-formats.h:86:7: error: expected identifier or '(' before 'static_assert'
86 | static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
| ^~~~~~~~~~~~~
mips-opc.c:214:15: note: in expansion of macro 'MAPPED_REG'
214 | case 'z': MAPPED_REG (0, 0, GP, reg_0_map);
| ^~~~~~~~~~
So, backport upstream fix for this[2] to fix compilation with GCC15.
Patch for 2.40 was manually refreshed as part of the S390 code does not
exist in 2.40 as it was added after it.
[1] https://gcc.gnu.org/gcc-15/porting_to.html#c23
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=8ebe62f3f0d27806b1bf69f301f5e188b4acd2b4Fixes: #18678
Link: https://github.com/openwrt/openwrt/pull/18681
Signed-off-by: Robert Marko <robimarko@gmail.com>
Hannu Nyman
Shiji Yang
Hauke Mehrtens
Andre Heider
Lars Gierth
Robert Marko
Konstantin Demin
Daniel Dickinson
Nick Hainke
Bjørn Mork
Mark Mentovai
Rui Salvaterra
Robert Marko
Felix Fietkau
Ondrej Cierny
Olcay Korkmaz
Matthias Schiffer