aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: tune config to reduce size and improve performanceFelix Fietkau2016-12-121-5/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: sync with polarssl configFelix Fietkau2016-12-121-9/+80
| | | | | | | One of those changes is re-enabling blowfish support to make openvpn-mbedtls compatible with common configurations Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: enable MBEDTLS_DHM_CMagnus Kroken2016-12-122-10/+1
| | | | | | | This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x. DHM_C is also already enabled in the PolarSSL 1.3.x config.h. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* libs: libnetfilter-queue: update to a newer version in git repoAlexandru Ardelean2016-12-042-34/+36
| | | | | | | | | Last release of libnetfilter-queue was in 2012. There don't seem to be any release tarballs since then. This updates it to a more recent version, pointing to the git repo. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl: update to wolfssl version 3.9.10Hauke Mehrtens2016-12-031-2/+2
| | | | | | | | | | This fixes the following security problems: CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring SWEET32 Attack Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.4.0Hauke Mehrtens2016-12-033-46/+25
| | | | | | This fixes two minor security problems. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* polarssl: update to version 1.3.18Hauke Mehrtens2016-12-032-17/+17
| | | | | | This fixes two minor security problems. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libubox: update to the latest versionFelix Fietkau2016-12-011-3/+3
| | | | | | | - Improves C++ compatibility - Adds static initializers for the kvlist API Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libnl-tiny: Remove GENL_ID_GENERATEFlorian Fainelli2016-11-241-1/+1
| | | | | | | | | | | This constant was always defined to 0, and recently got removed in upstream commit a07ea4d9941af5a0c6f0be2a71b51ac9c083c5e5 ("genetlink: no longer support using static family IDs") Fixes libnl-tiny builds with latest upstream kernels. Fixes: d723f2573af3 ("libnl-tiny: remove include/linux overrides to fix various build issues") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* libnl-tiny: remove include/linux overrides to fix various build issuesFelix Fietkau2016-11-175-506/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libnetfilter-conntrack: update to v1.0.6Jo-Philipp Wich2016-11-141-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* nettle: enable fat buildNikos Mavrogiannopoulos2016-11-141-0/+1
| | | | | | | | | This allows to include optimizations such as ARM neon which are detected on run-time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> [Jo-Philipp Wich: picked from openwrt#191 and rebased onto LEDE master] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* elfutils: bump to 0.167Luiz Angelo Daros de Luca2016-11-038-134/+16
| | | | Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* libreadline: set ABI_VERSION to force rebuild of dependent packagesFelix Fietkau2016-10-191-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libs/gettext: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/libiconv: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/libnl-tiny: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* package/libs/libreadline: Update to 7.0Daniel Engberg2016-10-151-4/+4
| | | | | | Update libreadline to 7.0 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/libconfig: Update to 1.5Daniel Engberg2016-10-151-2/+2
| | | | | | Update libconfig to 1.5 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/libnftnl: Update to 1.0.6Daniel Engberg2016-10-151-3/+3
| | | | | | Update libnftnl to 1.0.6 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/libtool: Switch to xz tarballDaniel Engberg2016-10-151-2/+2
| | | | | | Switch to xz tarball, there's no point pulling two different tarballs of the same source code (tools/libtool uses xz). Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/nettle: Update to 3.3Daniel Engberg2016-10-151-2/+2
| | | | | | Update to 3.3 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/libnl: Update to 3.2.28Daniel Engberg2016-10-152-16/+3
| | | | | | | Update to 3.2.28 Remove patch as its in upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/libs/libmnl: Update to 1.0.4Daniel Engberg2016-10-152-419/+3
| | | | | | | * Update to 1.0.4 * Remove patch as it's upstreamed Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: enable NIST curves optimisation.Kevin Darbyshire-Bryant2016-10-131-9/+0
| | | | | | | | | | | | | luci using ustream-mbedtls is extremely slow vs ustream-polarssl. polarssl alias mbedtls v1 is configured to use NIST prime speed optimisation, so no longer disable the default optimisation for mbedtls v2. Compile & run tested: Archer C7v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> [Jo-Philipp Wich: refresh patch to use common format] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* gettext-full: update to 0.19.8.1Dirk Neukirchen2016-10-135-10/+20
| | | | | | | | | - unify configs of host/target - disable stuff to decrease build time - disable interactive gettextize: see http://lists.busybox.net/pipermail/buildroot/2014-April/093394.html Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* gettext: fix whitespaceDirk Neukirchen2016-10-131-1/+1
| | | | Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-065-7/+10
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: Force installation into /libFlorian Fainelli2016-09-281-24/+16
| | | | | | | | For 64-bit capable systems, a symbolic link is set up for /lib64 to point to /lib, so make sure the installation goes into /lib, irrespective of where the C library files come from in an external toolchain. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* openssl: update to 1.0.2jMagnus Kroken2016-09-273-49/+2
| | | | | | | | | | | | | | A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Patches applied upstream: * 301-fix_no_nextprotoneg_build.patch * 302-Fix_typo_introduced_by_a03f81f4.patch Security advisory: https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openssl: Make DTLS configurable.Rosen Penev2016-09-272-0/+10
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* openssl: Remove J-PAKE. Nothing uses it.Rosen Penev2016-09-271-1/+2
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* libjson-c: Update to 0.12.1Daniel Engberg2016-09-272-26/+5
| | | | | | Updates libjson-c and removes backport patch. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libunwind: use url aliasdiizzyy2016-09-271-1/+1
| | | | | | Use alias instead of hardcoded URL Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openssl: backport build fix when hardware support is usedHauke Mehrtens2016-09-242-0/+35
| | | | | | | This fix added to the openssl 1.0.2 branch. In addition add the header for the existing backport. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2iMagnus Kroken2016-09-247-43/+19
| | | | | | | | | | | | | | | Drop 302-fix_no_cmac_build.patch, it has been applied upstream. Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * 10 Low severity issues Security advisory: https://www.openssl.org/news/secadv/20160922.txt Changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* cyassl: remove duplicate submenu levelJohn Crispin2016-09-191-3/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-09-192-4/+5
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* openssl: re-enable ARM assemblyFelix Fietkau2016-08-311-2/+2
| | | | | | | The original reason for disabling it seems to have been fixed Related discussion: https://github.com/lede-project/source/pull/307 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-08-222-2/+117
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* libs/gmp: update to 6.1.1Hannu Nyman2016-08-151-2/+2
| | | | | | Update libgmp to 6.1.1 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ncurses: change handling of PKG_CONFIG_LIBDIRJo-Philipp Wich2016-08-156-9/+92
| | | | | | | | | | | | | | When PKG_CONFIG_LIBDIR was unset in the environment, the configure script was deducing the PKG_CONFIG_LIBDIR from the location of the pkg-config binary, which doesn't make a lot of sense, and isn't done by other autotools based packages. Patch imported from the Buildroot project: https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch Also refresh patches while we're at. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: re-enable CMAC supportFelix Fietkau2016-08-091-1/+1
| | | | | | Needed by a few packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: change SSL support error messageJo-Philipp Wich2016-08-081-2/+2
| | | | | | | Change the error message about missing SSL support to be more explicit by mentioning required package names. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: update to the latest version, adds a few utility functionsFelix Fietkau2016-07-291-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: update to wolfssl version 3.9.6Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | | | Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html old size: libcyassl_3.9.0-1_mips_34kc_dsp.ipk 147552 new size: libcyassl_3.9.6-1_mips_34kc_dsp.ipk 150087 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: re-enable NPN by defaultFelix Fietkau2016-07-241-1/+1
| | | | | | Several packages rely on it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: add back the CAST cipher by defaultFelix Fietkau2016-07-241-1/+1
| | | | | | At least netatalk and some ipsec packages use it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: revert the no-ripemd change, openssh needs that cipherFelix Fietkau2016-07-231-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: add option to disable SRP supportDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>