aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* libubox: backport security patchesHauke Mehrtens2020-01-2717-1/+1097
| | | | | | | | | | | | | | This backports some security relevant patches from libubox master. These patches should not change the existing API and ABI so that old applications still work like before without any recompilation. Application can now also use more secure APIs. The new more secure interfaces are also available, but not used. OpenWrt master and 19.07 already have these patches by using a more recent libubox version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-31/+31
| | | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 6e96fd90471a49185bcfe9dcb4844d444674ecab)
* openssl: update to version 1.0.2uJosef Schlehofer2020-01-011-2/+2
| | | | | | Fixes CVE-2019-1551 (rsaz_512_sqr overflow bug) on x86_x64 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102Jo-Philipp Wich2019-11-052-1/+57
| | | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c5d5cdb759adc890ce6699117b7119acf280ce77)
* libpcap: update to 1.9.1DENG Qingfang2019-10-195-15/+18
| | | | | | | | | | | | | Fixed CVEs: CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 44f11353de044834a442d3192b66579b99305720)
* libpcap: update to 1.9.0Syrone Wong2019-10-199-306/+50
| | | | | | | | | | | | | 001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream 002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream 202-protocol_api.patch dropped due to implemented upstream by another way upstream commit: https://github.com/the-tcpdump-group/libpcap/commit/55c690f6f834b4762697d7a134de439c9096c921 and renamed via: https://github.com/the-tcpdump-group/libpcap/commit/697b1f7e9b1d6f5a5be04f821d7c5dc62458bb3b ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0 Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
* mbedtls: update to 2.16.3Magnus Kroken2019-09-214-62/+35
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* mbedtls: Update to version 2.16.2Josef Schlehofer2019-09-212-4/+4
| | | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> (cherry picked from commit a2f54f6d5d98211e9c58420eed8c67f4fca83665)
* openssl: bump to 1.0.2t, add maintainerEneas U de Queiroz2019-09-202-3/+4
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed, and Eneas U de Queiroz added as maintainer. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* musl: ldso/dlsym: fix mips returning undef dlsymLuiz Angelo Daros de Luca2019-08-171-1/+1
| | | | | | | | | | | | | | | This happens only the second time a library is loaded by dlopen(). After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef symbol from lib1 dependencies. After the second library is loaded, dlsym(lib2,"undef1") was returning the address of "undef1" in lib2 instead of searching lib2 dependencies. Backporting upstream fix which now uses the same logic for relocation time and dlsym. Fixes openwrt/packages#9297 Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628Eneas U de Queiroz2019-08-174-4/+665
| | | | | | | | | | | | | CVE-2018-16870: medium-severity, new variant of the Bleichenbacher attack to perform downgrade attacks against TLS, which may lead to leakage of sensible data. Backported from 3.15.7. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Backported from 4.1.0. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libbsd: Fix compilation under ARCRosen Penev2019-08-142-1/+31
| | | | | | | | | The 8 year old file does not have any ARC definitions. Signed-off-by: Rosen Penev <rosenp@gmail.com> [updated content of the patch with version sent to upstream] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 395bef4bbacc0dd1cca72907529539194504be27)
* openssl: update to 1.0.2sEneas U de Queiroz2019-06-011-2/+2
| | | | | | | | | Highlights of this version: - Change default RSA, DSA and DH size to 2048 bit - Reject invalid EC point coordinates This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* mbedtls: update to version 2.16.1Hauke Mehrtens2019-05-304-37/+37
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2rStijn Segers2019-04-072-6/+6
| | | | | | | | | | This bump contains bug and security fixes. Compile-tested on ar71xx, ramips/mt7621 and x86/64. Run-tested on ramips/mt7621. Signed-off-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_HASH fixup]
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (cherry picked from commit 989060478ae270885727d91c25b9b52b0f33743c)
* mbedtls: update to 2.14.1 for 18.06Stijn Segers2019-01-304-29/+56
| | | | | | | | | | | | | | | | | | | | | | | Updates mbedtls to 2.14.1. This builds on the previous master commit 7849f74117ce83e4cfcd1448a22cc05dbf9b3486. Fixes in 2.13.0: * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Fixes in 2.14.1: * CVE-2018-19608: Local timing attack on RSA decryption Includes master commit 9e7c4702a1f4e49113d10bc736f50e8a06bdb8ba 'mbedtls: fix compilation on ARM < 6'. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> [Adapted and squashed for 18.06.1+] Signed-off-by: Stijn Segers <foss@volatilesystems.org> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Cosmetic cleanupsDaniel Engberg2018-12-181-1/+1
| | | | | | | | | | | | | | This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2. Source: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73 https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97 Remove the release type option as it's already provided by the toolchain. Source: https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from 5297a759aee34952299d1d42f677f31781026c67)
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-12-181-3/+3
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from ed0d5a1e609e0b39eff9f06e3522396581d0b06e)
* ncurses: use default host installAndy Walsh2018-12-181-6/+0
| | | | | | | * just use default host/install, so libs/headers get properly generated/installed Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from e0196152ebe7b6d11b740a81d0c3bced5b1902c1)
* gettext-full: host compile with -fpicAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 2bbc9376c6c081a8db491f047e32091da6ba0016)
* libbsd: Update to 0.8.7Daniel Engberg2018-12-184-45/+272
| | | | | | | | | | | Update libbsd to 0.8.7 Remove glibc dependency Clean up InstallDev and install entries Use /usr path for consistency Cherry pick patches from upstream to fix musl compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from e341f45913beac28e5574d470ed79e4b6f9ee255)
* ustream-ssl: update to latest git HEADEneas U de Queiroz2018-12-181-3/+3
| | | | | | | | | 23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list 450ada0 ustream-ssl: Revised security on mbedtls 34b0b80 ustream-ssl: add openssl-1.1.0 compatibility Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (backported from 33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)
* wolfssl: disable broken shipped Job server macroJo-Philipp Wich2018-12-181-0/+21
| | | | | | | | | | | | | | | | | The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on plain POSIX shells due to the use of `let`. Shells lacking `let` will fail to run the generated m4sh code and end up invoking "make" with "-jyes" as argument, fialing the build. Since there is no reason in the first place for some random package to muck with the make job server settings and since we do not want it to randomly override "-j" either, simply remove references to this defunct macro to let the build succeed on platforms which not happen to use bash as default shell. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from a27de701b0250b06302350d25dc514e1b488dc59)
* wolfssl: remove myself as maintainerAlexandru Ardelean2018-12-181-1/+0
| | | | | | | | I no longer have the time, nor the desire to maintain this package. Remove myself as maintainer. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> (backported from 20346a63f69bbb919ffdf29bc2e77496d01719e3)
* ncurses: install lib on host buildAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)
* librpc: add host build to install h files needed for nfs-kernel-server to ↵Peter Wagner2018-12-181-0/+9
| | | | | | | get compiled Signed-off-by: Peter Wagner <tripolar@gmx.at> (backported from d8d2133c35c9c9b410e16cdebe878acd0da6382f)
* libnftnl: bump to version 1.1.1Rosy Song2018-12-181-2/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)
* nettle: bump to 3.4Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | 3.4 is mainly a bug fix/maintenance release. 3KB increase in ipk lib size on mips. Compile tested for: ar71xx, ramips Run tested on: ar71xx Archer C7 v2, ramips mir3g Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 1ee5051f202f600d854bcf939ba4ee37f057ace2)
* ustream-ssl: fix build against wolfSSLDaniel Golle2018-12-181-3/+3
| | | | | | | | | | | | | commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke build against wolfSSL because wolfSSL doesn't (yet) support SSL_CTX_set_ecdh_auto() of the OpenSSL API. Fix this in ustream-ssl: 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 4f442f5f383837efcfb345033169178f74f63440)
* wolfssl: change defaults to cover wpa_supplicant needsDaniel Golle2018-12-182-10/+10
| | | | | | | | | | | | | | Implicetely selecting the required options via Kconfig snippet from hostapd worked fine in local builds when using menuconfig but confused the buildbots which (in phase1) may build wpad-mini and hence already come with CONFIG_WPA_WOLFSSL being defined as unset which then won't trigger changing the defaults of wolfssl. Work around by explicitely reflecting wpa_supplicant's needs in wolfssl's default settings to make buildbots happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from dad39249fb91d6f320256ac12944863f09bb2dc9)
* wolfssl: add PKG_CONFIG_DEPENDS symbolsDaniel Golle2018-12-181-1/+10
| | | | | | | | | This change will trigger rebuild on buildbots in case of changed config symbols, like in the case of hostapd selecting some wolfssl symbols lately. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 5857088c5eb3a5a2409e3c57dbfa2487e08bbf4a)
* wolfssl: update to version 3.14.4Daniel Golle2018-12-183-149/+6
| | | | | | | | | Use download from github archive corresponding to v3.14.4 tag because the project's website apparently only offers 3.14.0-stable release downloads. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 4f67c1522d92bc4512c3ecf58c38ff9886530b48)
* package sysfsutils: add support for sysfs settings at bootRodolfo Giometti2018-12-184-0/+83
| | | | | | | This patch is based on sysfsutils package's behaviour on Debian OS. Signed-off-by: Rodolfo Giometti <giometti@linux.it> (backported from 2437e0f67050cad79cc1778b18cefd8d3cd86d07)
* libnftnl: bump to 1.1.0Rosy Song2018-12-183-1706/+3
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from c7e9d72f056a190fe14b1ebc3f07e726121e2965)
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)
* libubox: set RPATH for host buildJo-Philipp Wich2018-09-041-0/+3
| | | | | | | | This is required for programs that indirectly link libjson-c through the libubox blobmsg_json library. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5762efd8b29d68e219fc9d00b681269727cbf5d5)
* libubox: set HOST_BUILD_PREFIXDaniel Golle2018-09-041-0/+1
| | | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 73100024d335caaa7477e5b3be27fad1d228a234)
* libubox: make sure blobmsg-json is included in host-buildDaniel Golle2018-09-041-1/+2
| | | | | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 56e3a19ad6b09b421db84e7266f3df3d459d23b4) [While nothing in 18.06 needs the blobmsg-json host build, this prevents builds failing due to incompatible json-c versions installed on the host system] Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libjson-c: set HOST_BUILD_PREFIXDaniel Golle2018-09-041-1/+2
| | | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit a5368dc30c18947d260c8b68f2f83ca57bdb95b0)
* libjson-c: Update package URLRosen Penev2018-09-041-1/+1
| | | | | | | Found through UScan. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 31f87ebcb25b4d266faaf347073f1913740a5891)
* libjson-c: fix host-buildDaniel Golle2018-09-041-0/+1
| | | | | | | Add -Wno-implicit-fallthrough to HOST_CFLAGS. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 5e9470a93b6e79ec63d2eda16f1849d7e3868562)
* libjson-c: add host build (for libblobmsg-json)Daniel Golle2018-09-041-0/+2
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 6fc8e06078d30e8d36a00d0ecc97ac9cc148fe60)
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "libevent2: Don't build tests and samples"Jo-Philipp Wich2018-08-091-13/+0
| | | | | | | | This reverts commit fe90d14880ad80e5cbc0eba036f8f9f83fa77396. The cherry pick does not apply cleanly to 18.06. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: update to version 2018-05-22Hauke Mehrtens2018-08-081-4/+4
| | | | | | | 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to 2.12.0Hauke Mehrtens2018-08-084-30/+120
| | | | | | | | | | | | | | | | | | | Multiple security fixes * CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Disable OFB block mode and XTS block cipher mode, added in 2.11.0. Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0 Patch the so version back to the original one, the API changes are looking no so invasive. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.967 Bytes ipkg for mips_24kc after: 164.753 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Activate the session cacheHauke Mehrtens2018-08-081-9/+0
| | | | | | | | | | | | | | This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. ipkg for mips_24kc before: 163.140 Bytes ipkg for mips_24kc after: 163.967 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: cleanup config patchDaniel Engberg2018-08-081-40/+32
| | | | | | | Clean up patch, use "//" consistently. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Deactivate platform abstractionHauke Mehrtens2018-08-081-0/+9
| | | | | | | | This makes mbedtls use the POSIX API directly and not use the own abstraction layer. The size of the ipkg decreased by about 100 bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 16:30:10 +0000