aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* openssl: backport build fix when hardware support is usedHauke Mehrtens2016-09-242-0/+35
| | | | | | | This fix added to the openssl 1.0.2 branch. In addition add the header for the existing backport. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2iMagnus Kroken2016-09-247-43/+19
| | | | | | | | | | | | | | | Drop 302-fix_no_cmac_build.patch, it has been applied upstream. Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * 10 Low severity issues Security advisory: https://www.openssl.org/news/secadv/20160922.txt Changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* cyassl: remove duplicate submenu levelJohn Crispin2016-09-191-3/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-09-192-4/+5
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* openssl: re-enable ARM assemblyFelix Fietkau2016-08-311-2/+2
| | | | | | | The original reason for disabling it seems to have been fixed Related discussion: https://github.com/lede-project/source/pull/307 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-08-222-2/+117
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* libs/gmp: update to 6.1.1Hannu Nyman2016-08-151-2/+2
| | | | | | Update libgmp to 6.1.1 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ncurses: change handling of PKG_CONFIG_LIBDIRJo-Philipp Wich2016-08-156-9/+92
| | | | | | | | | | | | | | When PKG_CONFIG_LIBDIR was unset in the environment, the configure script was deducing the PKG_CONFIG_LIBDIR from the location of the pkg-config binary, which doesn't make a lot of sense, and isn't done by other autotools based packages. Patch imported from the Buildroot project: https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch Also refresh patches while we're at. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: re-enable CMAC supportFelix Fietkau2016-08-091-1/+1
| | | | | | Needed by a few packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: change SSL support error messageJo-Philipp Wich2016-08-081-2/+2
| | | | | | | Change the error message about missing SSL support to be more explicit by mentioning required package names. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: update to the latest version, adds a few utility functionsFelix Fietkau2016-07-291-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: update to wolfssl version 3.9.6Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | | | Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html old size: libcyassl_3.9.0-1_mips_34kc_dsp.ipk 147552 new size: libcyassl_3.9.6-1_mips_34kc_dsp.ipk 150087 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: re-enable NPN by defaultFelix Fietkau2016-07-241-1/+1
| | | | | | Several packages rely on it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: add back the CAST cipher by defaultFelix Fietkau2016-07-241-1/+1
| | | | | | At least netatalk and some ipsec packages use it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: revert the no-ripemd change, openssh needs that cipherFelix Fietkau2016-07-231-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: add option to disable SRP supportDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add --gc-sectionsDirk Feytons2016-07-231-1/+2
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: remove some unneeded functionality and algorithmsDirk Feytons2016-07-232-3/+28
| | | | | | | | The patch needed for this commit has been sent upstream: https://github.com/openssl/openssl/pull/1155 Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
* openssl: add option to disable PSK supportDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add option for NPN supportDirk Feytons2016-07-233-1/+23
| | | | | | | | NPN has been superseded by ALPN so NPN is disabled by default The patch has been sent to OpenSSL for inclusion, see https://github.com/openssl/openssl/pull/1100 Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add option to disable compression supportDirk Feytons2016-07-232-3/+15
| | | | | | | By default it's disabled. After the CRIME attack it seems the use of compression is discouraged. Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add option to omit deprecated APIsDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* libpcap: fix dependency of install-shared-so make targetMatthias Schiffer2016-07-211-16/+20
| | | | | | | | | | | | | There seems to be a situation in which a rebuild of libpcap.so is triggered in the install step of the libpcap Makefile. libpcap.so is the wrong target, leading to the build failure reported in [1]. Fix the dependency of install-shared-so to $(SHAREDLIB) so the build can succeed in this case. [1] https://dev.openwrt.org/ticket/19894 Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* uclibc++: fix build with gcc 6.1.0, which defaults to using C++14 ABIFelix Fietkau2016-07-152-0/+21
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: fix missing mbedtls_time_t bug in mbedtls 2.3.0Hauke Mehrtens2016-07-142-1/+22
| | | | | | | This backports a commit from mbedtls current git which adds missing include for platform.h. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.3.0Hauke Mehrtens2016-07-132-33/+24
| | | | | | | This fixes 3 minor security problems. SSLv3 is deactivated by default now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* polarssl: update to version 1.3.17Hauke Mehrtens2016-07-132-16/+4
| | | | | | | This fixes 3 minor security problems. SSLv3 is deactivated by default now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libubox: update to latest git HEADJohn Crispin2016-07-051-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* uclient: update to the latest version, fixes HTTP redirect supportFelix Fietkau2016-07-051-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "ustream-ssl: Fix recursive dependency"Felix Fietkau2016-07-041-2/+2
| | | | | | | | This reverts commit abf0768131db659c6819de9e7149624dd044c345. The description is wrong, there is no recursive dependency here. The conditions were added intentionally to avoid bogus build dependencies. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ustream-ssl: Fix recursive dependencyDaniel Dickinson2016-07-041-2/+2
| | | | | | | | Two variants incorrectly include themselves in conditional depends on ssl libraries, which results in a recursive dependency. Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* ustream-ssl: update to latest git HEADJohn Crispin2016-07-021-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* libnl-tiny: Generic Netlink multicast groups supportHauke Mehrtens2016-07-027-1/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds this commit from normal libnl to libnl-tiny: https://github.com/tgraf/libnl/commit/2dbc1ca76c5b82c40749e609eb83877418abb006 commit 2dbc1ca76c5b82c40749e609eb83877418abb006 Author: dima <dima.ky@gmail.com> Date: Wed Oct 13 17:53:34 2010 +0300 Generic Netlink multicast groups support I have a patch against commit d378220c96c3c8b6f27dca33e7d8ba03318f9c2d extending libnl with a facility to receive generic netlink messages sent to multicast groups. Essentially it add one new function genl_ctrl_resolve_grp which prototype looks like this int genl_ctrl_resolve_grp(struct nl_sock *sk, const char *family_name, const char *grp_name) It resolves the family name and the group name to group id. Then the returned id can be used in nl_socket_add_membership to subscribe to multicast messages. Besides that it adds two more functions uint32_t nl_socket_get_peer_groups(struct nl_sock *sk) void nl_socket_set_peer_groups(struct nl_sock *sk, uint32_t groups) allowing to modify the socket peer groups field. So it's possible to multicast messages from the user space using the legacy interface. Looks like there is no way (or I was not able to find one?) to modify the netlink socket destination group from the user space, when the group id is greater then 32. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cosmetic style fix]
* libnetfilter_queue: fix checksum computationAlin Năstac2016-06-261-0/+113
| | | | | | | | | | | There are 2 issues fixed by this patch: - UDP checksum is computed incorrectly, the used pseudo IP header contains transport protocol 6 iso 17 - on big endian arches the UDP/TCP checksum is incorrectly computed when payload length is odd Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
* uclient: update to the latest version with better help and DELETERafał Miłecki2016-06-161-2/+2
| | | | | | | This slightly improves output of help messages and supports sending message body for DELETE. Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
* libubox: update to the latest version, fixes an uloop signal handling race ↵Felix Fietkau2016-06-151-2/+2
| | | | | | condition Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libunwind: initial version 1.1Yousong Zhou2016-06-134-0/+141
| | | | | | | | | | | | | | The package Makefile was based on work at link [1] with the following changes 1. Disable minidebuginfo support thus no dependency on liblzma 2. Add 2 patches for building against musl-libc and building with mips16 enabled 3. Add LICENSE and DEPENDS info, etc. [1] https://github.com/rpi-openwrt/rpi-packages/tree/master/libs/libunwind Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* package/*: update git urls for project reposJohn Crispin2016-06-134-4/+4
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* polarssl: enable AES-GCM and CAMELLIA-GCM ciphersuitesJo-Philipp Wich2016-06-112-11/+1
| | | | | | | | | | | Recent versions of Chrome require this ciphers to successfully handshake with a TLS enabled uhttpd server using the ustream-polarssl backend. If `CONFIG_GCM` is disabled, `ssl_ciphersuite_from_id()` will return `NULL` when cipher `0x9d` is looked up, causing the calling `ssl_ciphersuite_match()` to fail with `POLARSSL_ERR_SSL_INTERNAL_ERROR`. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace jow@openwrt.org with jo@mein.ioJo-Philipp Wich2016-06-078-8/+8
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wolfssl: enable openssl 1.0.1 compatibilityKarl Palsson2016-06-072-19/+1
| | | | | | | | | | | >From wolfssl/openssl/opensslv.h, and from skimming the contents of what "--enable-stunnel" actually does, it seems that --enable-opensslextra doesn't give you the "full" openssl compatibility that you may wish for these days. Unfortuantely, while wolfssl writes the build time options into wolfssl/options.h, it doesn't include that file itself. User applications must include that directly. Signed-off-by: Karl Palsson <karlp@etactica.com>
* ustream-ssl: update to the latest version, adds cyassl/wolfssl fixesFelix Fietkau2016-06-071-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-0712-12/+12
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* elfutils: remove unrecognized config optionDirk Neukirchen2016-06-011-1/+0
| | | | | | | fixes: configure: WARNING: unrecognized options: --disable-werror Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* libpcap: remove unrecognized configure optionsDirk Neukirchen2016-06-011-2/+0
| | | | Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* libiconv-full: add license tagFlorian Eckert2016-05-311-1/+3
| | | | | | show the license for this package in opkg Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* gettext-full: prevent using emacsJo-Philipp Wich2016-05-311-2/+5
| | | | | | | | | | | | | | | | When the gettext-full host build phase finds an `emacs` exectuble during the build it will launch an `emacs --batch` command to run some Lisp code. On certain Debian systems the `/usr/bin/emacs` path might point, via alternatives, to the `/usr/bin/jove` editor which will then launch an interactive session when invoked by the gettext build. In order to avoid this problem, explicitely disable emacs handling during the build through a configure environment variable. Also remove my now unreachable maintainer address. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libpcap: set a static default for PCAP_HAS_USBFelix Fietkau2016-05-211-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl/wolfssl: update to 3.9.0Dirk Neukirchen2016-05-213-10/+8
| | | | | | | | | | | | | | | | | | | | | wolfssl has a fine grained feature and compatibility control for compiling stunnel, lighthttp or (partly) openssl dropin ustream-ssl uses features that require normally HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers ar71xx ipkg sizes of wolfssl 3.9.0: - with stunnel: 144022 - this patch (w.o. stunnel): 131712 - without openssl(extra): 111104 - w.o openssl/sni:108515 - w.o openssl/sni/ecc: 93954 so patch 300 saves around 12k compressed ipkg size v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl that broke with v1 Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* libubox: update to the latest versionFelix Fietkau2016-05-201-2/+2
| | | | | | adds a SIGCHLD handling fix and jshn performance improvements Signed-off-by: Felix Fietkau <nbd@nbd.name>