aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* perf: Fix build on aarch64Hauke Mehrtens2019-06-201-1/+1
| | | | | | | Somehow perf depended on libunwind, and libunwind also builds on aarch64. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.10Hauke Mehrtens2019-06-183-30/+30
| | | | | | | This fixes multiple bugs and this security problem: * CVE-2018-19608 Local timing attack on RSA decryption Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2sEneas U de Queiroz2019-06-012-3/+3
| | | | | | | | This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal, refreshed patches]
* openssl: bump to 1.0.2rDaniel Bailey2019-04-202-6/+6
| | | | | | | | | | | This fixes the following security problems: 1.0.2r: * CVE-2019-1559: 0-byte record padding oracle Signed-off-by: Daniel Bailey <dbailey@datto.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [fixed patch, refreshed patches]
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (backport of commit 989060478ae270885727d91c25b9b52b0f33743c)
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)
* libubox: update to latest git HEADRafał Miłecki2018-11-161-3/+3
| | | | | | 4382c76 switch from typeof to the more portable __typeof__ Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.5Hauke Mehrtens2018-08-102-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uclient: update to latest git HEADJo-Philipp Wich2018-08-041-4/+4
| | | | | | | | | | | | | | | f2573da uclient-fetch: use package name pattern in message for missing SSL library 9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename f41ff60 uclient-http: basic auth: Handle memory allocation failure a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures 66fb58d uclient-http: Handle memory allocation failure 2ac991b uclient: Handle memory allocation failure for url 63beea4 uclient-http: Implement error handling for header-sending eb850df uclient-utils: Handle memory allocation failure for url file name ae1c656 uclient-http: Close ustream file handle only if allocated Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit e44162ffca448d024fe023944df702c9d3f6b586)
* ustream-ssl: update to latest git HEADJohn Crispin2018-06-051-4/+4
| | | | | | | | | Upstream commit: 346d4c75eaa7a1d9bc8fcddc5db10a6aca95c005 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: John Crispin <john@phrozen.org>
* ustream-ssl: update to latest git HEADJohn Crispin2018-06-051-3/+3
| | | | | | | | | | Upstream commit: 52ba5760b771d873fe21d260e3b53506663b6144 527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode. 39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL. 45ac930 remove polarssl support Signed-off-by: John Crispin <john@phrozen.org>
* mbedtls: Activate the session cacheHauke Mehrtens2018-06-051-10/+0
| | | | | | | | | | | | Upstream commit: f2c8f6dc3249b506b915741d12905402dfffe162 This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update mbedtls to version 2.7.3Hauke Mehrtens2018-06-052-7/+7
| | | | | | This fixes some minor security problems and other bugs. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: change libmbedcrypto.so soversion back to 0Hauke Mehrtens2018-04-143-2/+28
| | | | | | | | | | | | | | | | | | mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the libmbedcrypto.so library, use the old version again to be able to use the new library with binaries compiled against the old mbedtls library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Go back to libmbedcrypto.so.0 and make the system rebuild the binaries which were rebuild for 2.7.0 again. This should make the libmbedcrypto.so library be compatible with the old version shipped with 17.01. Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2") Fixes: f609913b5c ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.2Hauke Mehrtens2018-04-012-23/+23
| | | | | | This fixes some minor security problems. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2oPaul Wassi2018-04-014-11/+11
| | | | | | Fixes CVE-2018-0739 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* mbedtls: update to version 2.7.0Hauke Mehrtens2018-03-103-50/+39
| | | | | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures This release is also ABI incompatible with the previous one, but it is API compatible. Some functions used by a lot of other software was renamed and the old function names are provided as a static inline now, but they are only active when deprecated functions are allowed, deactivate the removal of deprecated functions for now. Also increase the PKG_RELEASE version to force a rebuild and update of packages depending on mbedtls to handle the changed ABI. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libunwind: fix build with musl on PPCMatthias Schiffer2018-02-251-0/+383
| | | | | | | | | | | Works around two incompatiblities between glibc and (POSIX-compliant) musl: - missing register definitions from asm/ptrace.h - non-POSIX-compliant ucontext_t on PPC32 with glibc Compile tested on mpc85xx. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libunwind: enable build for armMaxim Gorbachyov2018-02-131-1/+1
| | | | | | Tested with perf on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* libubox: update to latest lede-17.01 git HEADJo-Philipp Wich2018-01-071-3/+3
| | | | | | | | 1dafcd7 jshn: properly support JSON "null" type 6abafba jshn: read and write 64-bit integers cfc75c5 runqueue: fix use-after-free bug Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libnl-tiny: use fixed message size instead of using the page sizeFelix Fietkau2017-12-131-6/+1
| | | | | | | Simplifies the code and reduces size Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit d5bcd0240a8f42a05ef31005a9a9dea848d3f7a8)
* package/elfutils: add CFLAG -Wno-format-nonliteralAlexander Couzens2017-12-131-1/+1
| | | | | | | | When a library is using fortify-packages GCC will complain about "error: format not a string literal, argument types not checked". Signed-off-by: Alexander Couzens <lynxis@fe80.eu> (cherry picked from commit 6ab45214644166846398e5e520d151c05cc4dd55)
* openssl: fix cryptodev config dependencyRalph Sennhauser2017-12-131-0/+1
| | | | | Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com> (cherry picked from commit f5468d248613fee51d19715e0fa6e37012c0eda7)
* libunwind: disable building with sspYousong Zhou2017-12-131-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | If we enable -fstack-protector while building libunwind, function __stack_chk_fail_local will be referred to for i386 and powerpc32 arches. This will cause link failure because the default gcc build specs says no link_ssp if -nostdlib is given. The error message: OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1 .libs/os-linux.o: In function `_Ux86_get_elf_image': os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local' x86/.libs/Lregs.o: In function `_ULx86_access_fpreg': Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local' x86/.libs/Lresume.o: In function `_ULx86_resume': Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local' collect2: error: ld returned 1 exit status Makefile:2249: recipe for target 'libunwind.la' failed The snippet from gcc -dumpspecs %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}} Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit f0c37f6ceb10a1db0193d4270c6807c0b2f7a3a0)
* zlib: use default Build/Configure ruleStijn Tintel2017-12-131-11/+9
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 462ca4e059dbead678163da26fb4e14748f3021e)
* lzo: use default Build/Configure ruleStijn Tintel2017-12-131-6/+3
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit b3cba687a447478253f95febf17fa9376c98105d)
* libunwind: update to version 1.2.1Yousong Zhou2017-12-132-48/+2
| | | | | | | | | | | Changes since 1.2 a77b0cd Bump version to v1.2.1 5f354cb mips/tilegx: Add missing unwind_i.h header file 620d1c3 Add aarch64 getcontext functionality. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 77dc6a2ae7c94ac3d496ebab589d4574ac7169d0)
* elfutils: Pass -Wno-unused-result to silence warnings as errorsFlorian Fainelli2017-12-131-1/+1
| | | | | | | | | | | | | | | | | | | | elfutils turns on -Werror by default, and patch 100-musl-compat.patch changes how strerror_r is used and we no longer use the function's return value. This causes the following build error/warning to occur with glibc-based toolchains: dwfl_error.c: In function 'dwfl_errmsg': dwfl_error.c:158:18: error: ignoring return value of 'strerror_r', declared with attribute warn_unused_result [-Werror=unused-result] strerror_r (error & 0xffff, s, sizeof(s)); ^ cc1: all warnings being treated as errors Fixing this would be tricky as there are two possible signatures for strerror_r (XSI and GNU), just turn off unused-result warnings instead. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> (cherry picked from commit 484f768dfa295d9fccd82c57cae00458f32b7182)
* libunwind: update to 1.2Yousong Zhou2017-12-133-19/+58
| | | | | | | | | | | | Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new tarball is released yet Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 5d48dc1146171520445c43ee894d9dfce09ae4e2)
* elfutils: bump to 0.169Luiz Angelo Daros de Luca2017-12-136-241/+271
| | | | | | | | | Removed patches (now upstream): - 004-maybe-uninitialized.patch - 007-fix_TEMP_FAILURE_RETRY.patch Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (cherry picked from commit ccc54b29352a7d30762b84761414aa1798ce1183)
* lzo: Update to 2.10Daniel Engberg2017-12-131-2/+2
| | | | | | | Update lzo to 2.10 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit cc5721c3b8e399126a270fd46f5ac4dffc9b3319)
* libnl: Fix building with uClibcAlexey Brodkin2017-12-131-0/+105
| | | | | | | | | | | | | | | | | | | | | uClibc doesn't implement strerror_l() and thus libnl starting from 3.2.29 couldn't be compiled with it any longer, see https://github.com/thom311/libnl/commit/6c2d111177e91184073c44f83d4a6182aaba06d7 To work-around that problem we'll just do a check on strerror_l() availability during configuration and if it's not there just fall back to locale-less strerror(). Patch for libnl is alreadfy merged upstream, see https://github.com/thom311/libnl/commit/e15966ac7f3b43df2acf869f98089762807d0568 and once the next libnl release happens this one must be removed from Lede/OpenWrt. Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com> Cc: Felix Fietkau <nbd@nbd.name> Cc: John Crispin <john@phrozen.org> Cc: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 51d9ac61c711e7e00f8f2eaf5b3503238864508a)
* toolchain: add musl libc.so to external toolchainHauke Mehrtens2017-12-131-1/+1
| | | | | | | | | | musl provides a /lib/libc.so file which should be integrated into the libc package when the external toolchain with musl is used. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit b6a8b43dd2771d4d237256417218bed862545ef4)
* toolchain: Allow external toolchains to specify libthread-dbFlorian Fainelli2017-12-131-0/+28
| | | | | | | | | | | | | | | | | | We need to let external toolchains be able to specify the path and specification file to the libthread-db POSIX thread debugging shared libraries. This fixes GDB not being able to be installed because it is depending on libthread-db: Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies * for gdb: * libthread-db * * opkg_install_cmd: Cannot install package gdb. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> (cherry picked from commit 7f0c95a7dfff8aa0b6f5e3e78263cab108245e4c)
* toolchain: Broaden the executable loader patternFlorian Fainelli2017-12-131-1/+1
| | | | | | | | | | | Some toolchains will produce executables with an interpreter that is e.g: ld.so.1 (typically a symbolic link). Due to our current LIBC_SPEC_FILE value, we would not be able to copy this symbolic link/file over to the rootfs and executables would fail to load. Extend the search pattern to include all ld*.so* files that could be needed. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> (cherry picked from commit 200d932322f3d8c436a67c53f4fbca87f0aab8af)
* openssl: update to 1.0.2nPeter Wagner2017-12-131-3/+3
| | | | | | | | | | add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s) Fixes CVEs: CVE-2017-3737, CVE-2017-3738 Signed-off-by: Peter Wagner <tripolar@gmx.at> (backported from commit 55e70c8b72dbb8e812ceb790bf08543d69fce86e) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* cyassl: update to wolfssl 3.12.2 (1 CVE)Jo-Philipp Wich2017-12-132-2/+146
| | | | | | | | | | | Update wolfssl to the latest release v3.12.2 and backport an upstream pending fix for CVE-2017-13099 ("ROBOT vulnerability"). Ref: https://github.com/wolfSSL/wolfssl/pull/1229 Ref: https://robotattack.org/ Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 902961c148b1f6d06a6159090366250281d801d7)
* openssl: update to 1.0.2mPeter Wagner2017-11-132-4/+4
| | | | | | | | | | don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error: ../libssl.so: undefined reference to `SSLv3_client_method' Fixes CVE: CVE-2017-3735, CVE-2017-3736 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* uclient: update to the latest version, fixes fetch of multiple filesFelix Fietkau2017-11-031-3/+3
| | | | | | 4b87d83 uclient-fetch: fix overloading of output_file variable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-302-30/+30
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* uclient: update to 2017-09-06Matthias Schiffer2017-09-061-3/+3
| | | | | | | 24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses 83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* mbedtls: Re-allow SHA1-signed certificatesBaptiste Jonglez2017-08-112-1/+10
| | | | | | | | | | | | Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. This breaks openvpn clients that try to connect to servers that present a TLS certificate signed with SHA1, which is fairly common. Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. Fixes: FS#942 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openssl: Use mkhash for STAMP_CONFIGUREDFlorian Fainelli2017-04-221-1/+1
| | | | | | | | | | | | | The current way of creating a STAMP_CONFIGURED filename for OpenSSL can lead to an extremely long filename that makes touch unable to create it, and fail the build. Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a shortert stamp file, Fixes #572 Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* libubox: fix host build on macOSFelix Fietkau2017-04-081-7/+0
| | | | | | Use the defaults instead of a custom non-portable Host/Install section Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: add host buildJo-Philipp Wich2017-04-081-0/+14
| | | | | | Our opkg fork requires libubox to build, so add a host build for it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mbedtls: update to version 2.4.2Hauke Mehrtens2017-03-132-4/+4
| | | | | | | | | This fixes the following security problems: * CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve * SLOTH vulnerability * Denial of Service through Certificate Revocation List Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libpcap: add optional netfilter supportMartin Schiller2017-03-012-2/+9
| | | | | | This is needed to use the nflog interface with tcpdump Signed-off-by: Martin Schiller <mschiller@tdt.de>
* mbedtls: add --function-sections and --data-sections to CFLAGSFelix Fietkau2017-03-011-0/+2
| | | | | | | This allows binaries that links these libraries statically to be reduced by using --gc-sections on link Signed-off-by: Felix Fietkau <nbd@nbd.name>