aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* openssl: update to 1.0.2rStijn Segers2019-04-072-6/+6
| | | | | | | | | | This bump contains bug and security fixes. Compile-tested on ar71xx, ramips/mt7621 and x86/64. Run-tested on ramips/mt7621. Signed-off-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_HASH fixup]
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (cherry picked from commit 989060478ae270885727d91c25b9b52b0f33743c)
* mbedtls: update to 2.14.1 for 18.06Stijn Segers2019-01-304-29/+56
| | | | | | | | | | | | | | | | | | | | | | | Updates mbedtls to 2.14.1. This builds on the previous master commit 7849f74117ce83e4cfcd1448a22cc05dbf9b3486. Fixes in 2.13.0: * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Fixes in 2.14.1: * CVE-2018-19608: Local timing attack on RSA decryption Includes master commit 9e7c4702a1f4e49113d10bc736f50e8a06bdb8ba 'mbedtls: fix compilation on ARM < 6'. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> [Adapted and squashed for 18.06.1+] Signed-off-by: Stijn Segers <foss@volatilesystems.org> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Cosmetic cleanupsDaniel Engberg2018-12-181-1/+1
| | | | | | | | | | | | | | This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2. Source: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73 https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97 Remove the release type option as it's already provided by the toolchain. Source: https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from 5297a759aee34952299d1d42f677f31781026c67)
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-12-181-3/+3
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from ed0d5a1e609e0b39eff9f06e3522396581d0b06e)
* ncurses: use default host installAndy Walsh2018-12-181-6/+0
| | | | | | | * just use default host/install, so libs/headers get properly generated/installed Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from e0196152ebe7b6d11b740a81d0c3bced5b1902c1)
* gettext-full: host compile with -fpicAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 2bbc9376c6c081a8db491f047e32091da6ba0016)
* libbsd: Update to 0.8.7Daniel Engberg2018-12-184-45/+272
| | | | | | | | | | | Update libbsd to 0.8.7 Remove glibc dependency Clean up InstallDev and install entries Use /usr path for consistency Cherry pick patches from upstream to fix musl compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from e341f45913beac28e5574d470ed79e4b6f9ee255)
* ustream-ssl: update to latest git HEADEneas U de Queiroz2018-12-181-3/+3
| | | | | | | | | 23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list 450ada0 ustream-ssl: Revised security on mbedtls 34b0b80 ustream-ssl: add openssl-1.1.0 compatibility Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (backported from 33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)
* wolfssl: disable broken shipped Job server macroJo-Philipp Wich2018-12-181-0/+21
| | | | | | | | | | | | | | | | | The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on plain POSIX shells due to the use of `let`. Shells lacking `let` will fail to run the generated m4sh code and end up invoking "make" with "-jyes" as argument, fialing the build. Since there is no reason in the first place for some random package to muck with the make job server settings and since we do not want it to randomly override "-j" either, simply remove references to this defunct macro to let the build succeed on platforms which not happen to use bash as default shell. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from a27de701b0250b06302350d25dc514e1b488dc59)
* wolfssl: remove myself as maintainerAlexandru Ardelean2018-12-181-1/+0
| | | | | | | | I no longer have the time, nor the desire to maintain this package. Remove myself as maintainer. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> (backported from 20346a63f69bbb919ffdf29bc2e77496d01719e3)
* ncurses: install lib on host buildAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)
* librpc: add host build to install h files needed for nfs-kernel-server to ↵Peter Wagner2018-12-181-0/+9
| | | | | | | get compiled Signed-off-by: Peter Wagner <tripolar@gmx.at> (backported from d8d2133c35c9c9b410e16cdebe878acd0da6382f)
* libnftnl: bump to version 1.1.1Rosy Song2018-12-181-2/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)
* nettle: bump to 3.4Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | 3.4 is mainly a bug fix/maintenance release. 3KB increase in ipk lib size on mips. Compile tested for: ar71xx, ramips Run tested on: ar71xx Archer C7 v2, ramips mir3g Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 1ee5051f202f600d854bcf939ba4ee37f057ace2)
* ustream-ssl: fix build against wolfSSLDaniel Golle2018-12-181-3/+3
| | | | | | | | | | | | | commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke build against wolfSSL because wolfSSL doesn't (yet) support SSL_CTX_set_ecdh_auto() of the OpenSSL API. Fix this in ustream-ssl: 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 4f442f5f383837efcfb345033169178f74f63440)
* wolfssl: change defaults to cover wpa_supplicant needsDaniel Golle2018-12-182-10/+10
| | | | | | | | | | | | | | Implicetely selecting the required options via Kconfig snippet from hostapd worked fine in local builds when using menuconfig but confused the buildbots which (in phase1) may build wpad-mini and hence already come with CONFIG_WPA_WOLFSSL being defined as unset which then won't trigger changing the defaults of wolfssl. Work around by explicitely reflecting wpa_supplicant's needs in wolfssl's default settings to make buildbots happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from dad39249fb91d6f320256ac12944863f09bb2dc9)
* wolfssl: add PKG_CONFIG_DEPENDS symbolsDaniel Golle2018-12-181-1/+10
| | | | | | | | | This change will trigger rebuild on buildbots in case of changed config symbols, like in the case of hostapd selecting some wolfssl symbols lately. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 5857088c5eb3a5a2409e3c57dbfa2487e08bbf4a)
* wolfssl: update to version 3.14.4Daniel Golle2018-12-183-149/+6
| | | | | | | | | Use download from github archive corresponding to v3.14.4 tag because the project's website apparently only offers 3.14.0-stable release downloads. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 4f67c1522d92bc4512c3ecf58c38ff9886530b48)
* package sysfsutils: add support for sysfs settings at bootRodolfo Giometti2018-12-184-0/+83
| | | | | | | This patch is based on sysfsutils package's behaviour on Debian OS. Signed-off-by: Rodolfo Giometti <giometti@linux.it> (backported from 2437e0f67050cad79cc1778b18cefd8d3cd86d07)
* libnftnl: bump to 1.1.0Rosy Song2018-12-183-1706/+3
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from c7e9d72f056a190fe14b1ebc3f07e726121e2965)
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)
* libubox: set RPATH for host buildJo-Philipp Wich2018-09-041-0/+3
| | | | | | | | This is required for programs that indirectly link libjson-c through the libubox blobmsg_json library. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5762efd8b29d68e219fc9d00b681269727cbf5d5)
* libubox: set HOST_BUILD_PREFIXDaniel Golle2018-09-041-0/+1
| | | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 73100024d335caaa7477e5b3be27fad1d228a234)
* libubox: make sure blobmsg-json is included in host-buildDaniel Golle2018-09-041-1/+2
| | | | | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 56e3a19ad6b09b421db84e7266f3df3d459d23b4) [While nothing in 18.06 needs the blobmsg-json host build, this prevents builds failing due to incompatible json-c versions installed on the host system] Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libjson-c: set HOST_BUILD_PREFIXDaniel Golle2018-09-041-1/+2
| | | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit a5368dc30c18947d260c8b68f2f83ca57bdb95b0)
* libjson-c: Update package URLRosen Penev2018-09-041-1/+1
| | | | | | | Found through UScan. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 31f87ebcb25b4d266faaf347073f1913740a5891)
* libjson-c: fix host-buildDaniel Golle2018-09-041-0/+1
| | | | | | | Add -Wno-implicit-fallthrough to HOST_CFLAGS. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 5e9470a93b6e79ec63d2eda16f1849d7e3868562)
* libjson-c: add host build (for libblobmsg-json)Daniel Golle2018-09-041-0/+2
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 6fc8e06078d30e8d36a00d0ecc97ac9cc148fe60)
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "libevent2: Don't build tests and samples"Jo-Philipp Wich2018-08-091-13/+0
| | | | | | | | This reverts commit fe90d14880ad80e5cbc0eba036f8f9f83fa77396. The cherry pick does not apply cleanly to 18.06. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: update to version 2018-05-22Hauke Mehrtens2018-08-081-4/+4
| | | | | | | 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to 2.12.0Hauke Mehrtens2018-08-084-30/+120
| | | | | | | | | | | | | | | | | | | Multiple security fixes * CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Disable OFB block mode and XTS block cipher mode, added in 2.11.0. Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0 Patch the so version back to the original one, the API changes are looking no so invasive. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.967 Bytes ipkg for mips_24kc after: 164.753 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Activate the session cacheHauke Mehrtens2018-08-081-9/+0
| | | | | | | | | | | | | | This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. ipkg for mips_24kc before: 163.140 Bytes ipkg for mips_24kc after: 163.967 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: cleanup config patchDaniel Engberg2018-08-081-40/+32
| | | | | | | Clean up patch, use "//" consistently. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Deactivate platform abstractionHauke Mehrtens2018-08-081-0/+9
| | | | | | | | This makes mbedtls use the POSIX API directly and not use the own abstraction layer. The size of the ipkg decreased by about 100 bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libevent2: Don't build tests and samplesEneas U de Queiroz2018-08-081-0/+13
| | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This reduces build time significantly. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (cherry picked from commit 26dbf79f4905e6b5ba5aafdc2271c3a864dd1924)
* libubox: fix mirror hashJo-Philipp Wich2018-08-071-1/+1
| | | | | | | | | | | | Correct the mirror hash to reflect whats on the download server. A locally produced libubox SCM tarball was also verified to yield an identical checksum compared to the one currently on the download server. Fixes FS#1707. Fixes 5dc32620c4 ("libubox: update to latest git HEAD") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 432eaa940fee0b8023bee122da4cb08f3216209f)
* uclient: update to latest git HEADJo-Philipp Wich2018-08-031-3/+3
| | | | | | | | | | | | | | | f2573da uclient-fetch: use package name pattern in message for missing SSL library 9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename f41ff60 uclient-http: basic auth: Handle memory allocation failure a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures 66fb58d uclient-http: Handle memory allocation failure 2ac991b uclient: Handle memory allocation failure for url 63beea4 uclient-http: Implement error handling for header-sending eb850df uclient-utils: Handle memory allocation failure for url file name ae1c656 uclient-http: Close ustream file handle only if allocated Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit e44162ffca448d024fe023944df702c9d3f6b586)
* libubox: update to latest git HEADJohn Crispin2018-07-251-3/+3
| | | | | | | c83a84a fix segfault when passed blobmsg attr is NULL Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 5dc32620c4aa66d05eb5585784ed954854e8194c)
* libnfnetlink: Remove dead mirrorDaniel Engberg2018-06-141-2/+1
| | | | | | Remove mirrors.evolva.ro as it's no longer available Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* nghttp2: bump to 1.32.0Hans Dedecker2018-05-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 572735e4 Update manual pages e8d693c3 Bump up version number to 1.32.0, LT revision to 30:2:16 f44dfcd9 Update AUTHORS 1f1b0d93 Update manual pages ce8c749b Merge pull request #1173 from nghttp2/asio-client-sni 3e4f257b asio: Support client side SNI 86fab997 Upgrade neverbleed to the latest master c3ecd445 Merge pull request #1171 from nghttp2/h2load-rate-and-duration c65ca20a h2load: -r and --duration are mutually exclusive a5c408c5 Ignore all input after calling session_terminate_session 06379b28 Fix treatment of padding e04de48e Merge pull request #1162 from nghttp2/libressl 00964642 Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER) 8d0b4544 libressl 2.7 has X509_VERIFY_PARAM_* d8a34131 libressl 2.7 has SSL_CTX_get0_certificate 5db17d0a Compile with libressl 2.7.2 1bf69b56 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API 3febaef1 Bump up LT revision to 30:1:16 due to v1.31.1 release b1bd6035 Fix frame handling b48bcb21 examples: Use C style comment in .c files 6f3ce2c7 examples: Remove unused lambda capture 2f9121cf Merge branch 'Sp1l-Sp1l/allow-no-npn' e65e7711 Add comment on #endif 636ef51b Fix compile error with -Wunused-function 400934e5 [PATCH] Allow building without NPN 4c3a3acf Merge pull request #1146 from vszakats/cmakestaticlib 9aa6002c Merge pull request #1144 from hellojaewon/master f342260b cmake: add ENABLE_STATIC_LIB option to build static lib a6dd4970 Fix typo 842509da Don't allow 101 HTTP status code because HTTP/2 removes HTTP Upgrade 4add618a Bump up version number to 1.32.0-DEV Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libusb: Add SourceForge mirror.Rosen Penev2018-05-021-1/+3
| | | | | | SourceForge is still getting updated so might as well have it here. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: fix options and add support for wpa_supplicant featuresDaniel Golle2018-05-022-5/+40
| | | | | | | | Some options' default values have been changed upstream, others were accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options needed to build hostapd/wpa_supplicant against wolfssl. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ustream-ssl: update to latest git HEADJohn Crispin2018-05-011-3/+3
| | | | | | | | 527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode. 39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL. 45ac930 remove polarssl support Signed-off-by: John Crispin <john@phrozen.org>
* libnl: Disable debug supportHauke Mehrtens2018-04-301-0/+3
| | | | | | | | | | | | | | | | | | | This dereses the size of the libnl pakcage a little bit old: 857 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk 41195 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk 7818 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk 24322 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk 136075 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk new: 852 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk 35020 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk 7615 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk 24114 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk 131134 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libusb: Update to 1.0.22Rosen Penev2018-04-301-4/+4
| | | | | | | | | | Switched download from SourceForge to GitHub. It seems the author migrated to that. Also fixed the website URL as the SourceForge link is dead. Compile tested on ar71xx and mvebu. Small size decrease on ar71xx: 30444 vs. 30099 bytes. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/zlib: move zlib build to toolsHauke Mehrtens2018-04-281-2/+0
| | | | | | | | | | | | | This allows us to link the other tools against our libz and we do not need the system zlib any more. Only the static linked library is copied to the staging directory so we have a statically linked library on all systems and not only on Linux. This also adds the new dependencies of the packages which are depending on zlib. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ustream-ssl: px5g: Rebuild packageHauke Mehrtens2018-04-181-1/+1
| | | | | | | | | | | | mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so library, all applications using this shared library have to be recompiled to be able to load the new library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nghttp2: bump to 1.31.1Hans Dedecker2018-04-151-2/+2
| | | | | | | | 1e22b36c Update manual pages 0f818baf Bump up version number to 1.31.1 c411d169 Fix frame handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>