aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* openssl: optimizations based on ARCH/small flashEneas U de Queiroz2019-02-123-1/+98
| | | | | | | | | | | | | | | | | | | Add a patch to enable the option to change the default ciphersuite list ordering to prefer ChaCha20 over AES-GCM. This is used by default for all platforms, except for x86_64 and aarch64. The assumption is that only the latter have AES-specific CPU instructions and asm code that uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in systems without AES instructions, with an equivalent strength. Disable error messages by default except for devices with small flash or RAM, to aid debugging. Disable ASM by default on arm platform with small flash. Size difference on mips and powerpc, the other platforms with small flash devices, are not really relevant (using 100K as a threshold). All of the affected platforms are source-only anyway. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: update to version 1.1.1aEneas U de Queiroz2019-02-1222-492/+774
| | | | | | | | | | | | | | | | | | | | | | | This version adds the following functionality: * TLS 1.3 * AFALG engine support for hardware accelleration * x25519 ECC curve support * CRIME protection: disable use of compression by default * Support for ChaCha20 and Poly1305 Patches fixing bugs in the /dev/crypto engine were applied, from https://github.com/openssl/openssl/pull/7585 This increses the size of the ipk binray on MIPS32 by about 32%: old: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk 239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: add configuration options, disable ssl3Eneas U de Queiroz2019-02-1214-476/+376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the following configuration options: * using optimized assembler code (was always on before) * use of x86 SSE2 instructions * dyanic engine support * include error messages * Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms * RFC3779, CMS protocols * VIA padlock hardware acceleration engine Installs openssl.cnf with the library as it is used by engines independent of the openssl util. Fixes DTLS option that was innefective before. Disables insecure SSL3 protocol and SHA0. Adds openwrt-specific targets to Configure script, including asm support for i386, ppc and mips64. Strips building dirs from CFLAGS shown in binary. Skips the fuzz directory during build. Removed include/crypto/devcrypto.h that was included here, to use the cryptodev-linux package, now that it was been moved from the packages feed to the main openwrt repository. This decreses the size of the ipk binray on MIPS32 by about 3.3%: old: 706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: update list of mirrorsSven Roederer2019-01-311-2/+2
| | | | | | Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
* mbedtls: Kconfig option to enable/disable debug functionsMichael Heimpold2019-01-272-10/+28
| | | | | | | | | | | | | | | | | | | | | This introduces a new Kconfig option to switch on/off mbedtls' support for debug functions. The idea behind is to inspect TLS traffic with Wireshark for debug purposes. At the moment, there is no native or 'nice' support for this, but at https://github.com/Lekensteyn/mbedtls/commit/68aea15833e1ac9290b8f52a4223fb4585fb3986 an example implementation can be found which uses the debug functions of the library. However, this requires to have this debug stuff enabled in the library, but at the moment it is staticly patched out. So this patch removes the static part from the configuration patch and introduces a dynamic config file editing during build. When enabled, this heavily increases the library size, so I added a warning in the Kconfig help section. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* mbedtls: update to 2.16.0Deng Qingfang2019-01-272-27/+27
| | | | | | | | Refresh patch https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* libelf: fix library packagingJo-Philipp Wich2019-01-251-2/+2
| | | | | | | | | The library has an usual shared object file name, which caused the install glob pattern to miss the actual so. Fixes: #2082 Fixes; 0e70f69a35 ("treewide: revise library packaging") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* elfutils: rename libelf1 to libelfJo-Philipp Wich2019-01-241-5/+6
| | | | | | | | | | The ABI_VERSION:=1 tag will take care of transforming the binary library package basename. Add a virtual PROVIDES:=libelf1 for packages still having libelf1 in their DEPENDS:=... lists. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: revise library packagingJo-Philipp Wich2019-01-2431-55/+83
| | | | | | | | | | | - Annotate versionless libraries (such as libubox, libuci etc.) with a fixed ABI_VERSION resembling the source date of the last incompatible change - Annotate packages shipping versioned library objects with ABI_VERSION - Stop shipping unversioned library symlinks for packages with ABI_VERSION Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uclient: set fixed ABI_VERSION on libuclientJo-Philipp Wich2019-01-241-1/+1
| | | | | | | | Last incompatible change appeared to be 4924411 ("http: add proper error handling to uclient_http_redirect()") which changed the return value of uclient_http_redirect() from bool to int. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* librpc: remove packageAndy Walsh2019-01-221-42/+0
| | | | | | | | | * replaced with packages/libtirpc * remove busybox options rarely used/deprecated BUSYBOX_CONFIG_FEATURE_MOUNT_NFS BUSYBOX_CONFIG_FEATURE_INETD_RPC Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* ncurses: build host libraries with -fPICJo-Philipp Wich2019-01-221-1/+3
| | | | | | | Since readline/host links ncurses/host now, we need to ensure that the libncursesw.so host library is built with -fPIC. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ncurses: package only versioned shared objectsJo-Philipp Wich2019-01-221-4/+8
| | | | | | | Also fix the libxxxw.so* -> libxxx.so* linking to actually work, the prevsious code failed to properly symlink the versioned .so files. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* readline: Update to 8.0 and various fixesDaniel Engberg2019-01-223-32/+30
| | | | | | | | | | | | | | | | Update (lib)readline to 8.0 Remove autoreconf Remove blankspace at the end of the lines in description Remove --enable-shared and --enable-static as they're enabled by default Remove TARGET_CPPFLAGS Simplify install sections Install readline.pc (pkgconfig) Add patch for linking (lib)ncurses Source: https://git.buildroot.net/buildroot/plain/package/readline/0000-curses-link.patch Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libnetfilter-conntrack: update to 1.0.7Peter Wagner2019-01-221-3/+3
| | | | | | Signed-off-by: Peter Wagner <tripolar@gmx.at> [split from https://github.com/openwrt/openwrt/pull/1274] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* nghttp2: bump to 1.36.0Hans Dedecker2019-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e7e8ee5f Update bash_completion b3b4e335 Update manual pages bd93d90a Don't treat text as option if it matches -[0-9] ea69c84b Bump up version number to 1.36.0 783b649b Update AUTHORS eb21e6f8 Merge branch 'update-http-parser' ab2aa567 Fix test failure ff87a542 Use http-parser 0d0a24e19eb5ba232d2ea8859aba2a7cc6c42bc4 439dbce6 Merge branch 'nghttpx-h1-connection-pool-per-addr' e9c9838c nghttpx: Pool h1 backend connection per address 803d4ba9 Merge branch 'nghttpx-randomize-roundrobin-order' 732245e5 make clang-format 9e8d5433 Use clang-format-7 fdcdb21c nghttpx: Randomize backend address round robin order per thread 11d0533c nghttpx: Ensure that cert serial does not exceed 20 bytes dbb5f00d Merge pull request #1287 from rckclmbr/fix_serial_size 9cc412e2 Merge pull request #1285 from staticinvocation/master 5b2efc0a Fix getting long serial numbers for openssl < 1.1 7e4c48a4 Disable shared library if ENABLE_SHARED_LIB is OFF 082e162f Merge pull request #1282 from alagoutte/travis 7cc7c06c .travis(.yml): no longer need llvm-toolchain-trusty-7 12ebeb30 .travis(.yml): Update to Xenial c78abbe1 Update mruby to 2.0.0 124c7848 nghttpx: Add missing return ce9667c4 Merge branch 'nghttpx-fix-trailing-slash-handling' f3f40840 nghttpx: Fix broken trailing slash handling 302abf1b h2load: Fix compile error with gcc 089a03be h2load: Write log file with write(2) de4fe728 Merge branch 'pyos-master' d1b3a83f h2load: add an option to write per-request logs eb679253 Merge branch 'puscas-port_in_use' 6800d317 added access to the number of the current server port c98362ea Bump up version number to 1.36.0-DEV Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* packages: set more explicit ABI_VERSION valuesJo-Philipp Wich2019-01-196-6/+6
| | | | | | | | | | | | | | | | | | | | | | In the case of upstream libraries, set the ABI_VERSION variable to the soname value of the first version version after the last backwards incompatible change. For custom OpenWrt libraries, set the ABI_VERSION to the date of the last Git commit doing backwards incompatible changes to the source, such as changing function singatures or dropping exported symbols. The soname values have been determined by either checking https://abi-laboratory.pro/index.php?view=tracker or - in the case of OpenWrt libraries - by carefully reviewing the changes made to header files thorough the corresponding Git history. In the future, the ABI_VERSION values must be bumped whenever the library is updated to an incpompatible version but not with every package update, in order to reduce the dependency churn in the binary package repository. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* elfutils: bump to 0.175Kevin Darbyshire-Bryant2019-01-141-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 4ea9a2db164c Update upload-release.sh script and po files. a01938d584b9 libelf: Mark both fsize and msize with const attribute. c338a0541663 libebl: Don't update w, t and len unnecessarily in ebl_object_note_type_name. 422b549007f6 Prepare for 0.175 22ec8efc1dd8 elflint: Allow PT_GNU_EH_FRAME segment to match SHT_X86_64_UNWIND section. cf10453f8252 libelf: Correctly setup alignment of SHF_COMPRESSED section data. d3e6266754b9 strip: Also handle gnu compressed debug sections with --reloc-debug-sections 72e30c2e0cb4 Handle GNU Build Attribute ELF Notes. 7a3f6fe60b85 Recognize NT_VERSION notes. cff53f1784c9 libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE ecbe3120cddb libdwelf: New function dwelf_elf_begin. 4b0342b85b5b backends: Add x86_64 section_type_name for SHT_X86_64_UNWIND. 825e48c4e942 Also find CFI in sections of type SHT_X86_64_UNWIND 4789e0fb92b0 libelf: Explicitly update section data after (de)compression. 1628254ba215 strip: Add --reloc-debug-sections-only option. f2d59180b90b strip: Extract code to update shdrstrndx into new common function. f6ae0ab9350e strip: Split out debug section relocation into separate helper functions. b15ee95bcee4 strip: Always copy over any phdrs if there are any. e574889d92b1 unstrip: Add ELF_CHECK to make sure gelf_getehdr () doesn't return NULL. 5199e15870e0 Recognize and parse GNU Property notes. b75ff1bbd060 addr2line: Use elf_getshdrstrndx not Ehdr field to print section name. 35197ea4c43e readelf: Use shstrndx to lookup section names. 9a74c190a2b3 backends: ppc use define instead of const for size of dwarf_regs array. 72d023b35f36 readelf: Make sure readp is smaller than cieend in print_debug_frame_section. dce0b3b63ba0 readelf: Make sure readp is smaller than cieend in print_debug_frame_section. 1e7c230b277b Check sh_entsize is not zero. 22d2d082d57a size: Handle recursive ELF ar files. 2b16a9be6993 arlib: Check that sh_entsize isn't zero. 4cdb0fd0d3b4 ar: Assume epoch if ar_date is bogus. 577511f66842 findtextrel: Check that sh_entsize isn't zero. 20f9de9b5f70 libdwfl: Sanity check partial core file data reads. 2f4a040fab52 readelf: Handle multiple .debug_macro sections and decode header flag. eee4269e5315 unstrip: Renumber the group section indexes. c06ab0bbb476 strip, unstrip: Handle SHT_GROUP correctly. 2876b3b648f6 Handle ADD/SUB relocations 69d6e67eee30 tests: backtrace-dwarf.c improve error handling in test framework. Originally-produced--by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uclient: add ALTERNATIVES for wgetHans Dedecker2019-01-131-1/+2
| | | | | | | | Don't symlink uclient-fetch anymore to /bin/wget but rather use the ALTERNATIVES support for wget to install it as /usr/bin/wget. Let uclient-fetch provide wget Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* elfutils: fix gcc 8.0+ multistatement macros warning/errorChristian Lamparter2018-12-201-6/+8
| | | | | | | | | | | | | | | | | | | | | | GCC 8.0+ <https://gcc.gnu.org/gcc-8/changes.html> introduces a new warning about unsafe macros expanding to multiple statements used as a body of a statement such as if, else, while, switch, or for. In combination with -Werror this can cause the compilation to fail: |In file included from xmalloc.c:37: |xmalloc.c: In function 'xmalloc': |system.h:39:2: error: macro expands to multiple statements [-Werror=multistatement-macros] | fflush(stdout); \ | ^~~~~~ |xmalloc.c:52:5: note: in expansion of macro 'error' | error (EXIT_FAILURE, 0, _("memory exhausted")); | ^~~~~ |xmalloc.c:51:3: note: some parts of macro expansion are not guarded by this 'if' clause | if (p == NULL) | ^~ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* elfutils: produce correct libelf.pc file when building with full nlsJo-Philipp Wich2018-12-202-3/+27
| | | | | | | | | | | When building with full lagnuage support, libelf.so will depend on and link with libintl.so so we need to change the pkg-config template to reflect this library dependency. Also change the Makefile to only pass --disable-nls to configure when the full nls support is actually disabled in the buildroot config. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* elfutils: install library files for pkg-configTony Ambardar2018-12-191-0/+3
| | | | | | | Support other packages using pkg-config to query existence and details of libelf and libdw libraries at build time. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* Revert "elfutils: install library files for pkg-config"Kevin Darbyshire-Bryant2018-12-161-3/+0
| | | | | | | | | | | | This reverts commit 216397b8124dafafbd79afdf9f8e716b55775194. Due to: Package ip-tiny is missing dependencies for the following libraries: libelf.so.1 Makefile:187: recipe for target '/var/lib/buildbot/slaves/slave-lede-builds4/mips_24kc/build/sdk/bin/packages/mips_24kc/base/ip-tiny_4.19.0-6_mips_24kc.ipk' failed Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mbedtls: fix compilation on ARM < 6Hauke Mehrtens2018-12-161-0/+27
| | | | | | | | mbedtls uses some instructions introduced in ARMv6 which are not available in older architectures. Fixes: 3f7dd06fd85 ("mbedtls: Update to 2.14.1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to 2.14.1Daniel Engberg2018-12-162-26/+26
| | | | | | | | | | | Update mbedtls to 2.14.1 This fixes: * CVE-2018-19608: Local timing attack on RSA decryption Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nghttp2: bump to 1.35.1Hans Dedecker2018-12-151-2/+2
| | | | | | | | 63843750 Update manual pages 27801e98 Bump up version number to 1.35.1 60e020a8 nghttpx: Fix broken trailing slash handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* elfutils: install library files for pkg-configTony Ambardar2018-12-121-0/+3
| | | | | | | Support other packages using pkg-config to query existence and details of libelf and libdw libraries at build time. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* nettle: bump to 3.4.1Nikos Mavrogiannopoulos2018-12-091-2/+2
| | | | | | | | This is a security fix adding safer APIs for RSA use. Compile tested for: ar71xx Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* nghttp2: bump to 1.35.0Hans Dedecker2018-11-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e520469b Update manual pages 54067256 Bump up version number to 1.35.0 c4d2eeee Update AUTHORS f51e696e asio: Add stop() to listen_and_serve doc a433b132 Merge pull request #1260 from nghttp2/h2load-non-final-response cf48a56d Merge pull request #1238 from jktjkt/cmake-fix-libevent-detection 6cad1b24 nghttpx: Write mruby send_info early 3c393dca nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend 17292445 h2load: Handle HTTP/1 non-final response f6644a92 make clang-format 48998f72 Merge pull request #1222 from donny-dont/fix/declspec 15ff52f9 Update README 6c03bb14 Upgrade travis toolchain 524b4392 Fix travis build failure 859bf2bc Update manual pages b5619fb1 h2load: Clarify that time for connect includes TLS handshake dcbe0c69 nghttpx: Simplify move ctor and operator 2996c284 nghttpx: Cleanup 42e8ceb6 nghttpx: Convert API status code to enum class 1daf9ce8 nghttpx: Convert WorkerEventType to enum class d68edf56 nghttpx: Convert MemcachedStatusCode to enum class 0c4e9fef nghttpx: Convert memcached op to enum class 571404c6 nghttpx: Convert MemcachedParseState to enum class 4d562b77 nghttpx: Convert LogFragmentType to enum class e6225871 nghttpx: Convert connection check status to enum class 4bd075de nghttpx: Convert Http2Session state to enum class b46a3249 nghttpx: Convert FreelistZone to enum class 4bd44b9c nghttpx: Convert dispatch state to enum class 1b42110d nghttpx: Make Downstream state enum class 0735ec55 nghttpx: Convert shrpx_connect_proto to enum class 00554779 nghttpx: Convert DNSResolverStatus to enum class 0963f389 nghttpx: Convert SerialEventType to enum class 1abfa3ca nghttpx: Make TLS handshake state enum class f2159bc2 nghttpx: Convert UpstreamAltMode to enum class b0eb68ee nghttpx: Convert shrpx_forwarded_node_type to enum class e7b7b037 nghttpx: Convert shrpx_cookie_secure to enum class 5e4f434f nghttpx: Convert shrpx_session_affinity to enum class 20ea964f nghttpx: Convert shrpx_proto to enum class d105619b src: Remove extra braces if possible ec5729b1 Use std::make_unique 6c919695 Use C++14 46576178 Don't send Transfer-Encoding to pre-HTTP/1.1 clients 5e925f87 Update doc 153531d4 nghttpx: Use the same type as standard stream operator<< f7287df0 Bump up version number to 1.35.0-DEV Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* popt: Add main site back to PKG_SOURCE_URLDaniel Engberg2018-11-091-1/+4
| | | | | | | Main site is back up after weeks of downtime. Add it back as last resort Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libconfig: Fix tarball filename (and URL)Daniel Engberg2018-11-011-3/+3
| | | | | | v$(PKG_VERSION).tar.gz is a bad idea and will clash for obvious reasons. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openssl: enable OPENSSL_WITH_DEPRECATED when OpenSSL is built as a build depMatthias Schiffer2018-10-302-2/+6
| | | | | | | | | | | | | | | | | | | | Some package (e.g. libunbound) depend on OPENSSL_WITH_DEPRECATED. In some situations it may happen that libunbound and openssl are only pulled in as build dependencies, but are not enabled in .config. In such cases, the defaults of symbols like OPENSSL_WITH_DEPRECATED are ignored (as the whole symbol depends on PACKAGE_libopenssl), and config symbol dependencies of libunbound aren't effective either (as libunbound is not actually enabled). This commit works around the issue by introducing a hidden negated symbol OPENSSL_NO_DEPRECATED, which is always disabled when PACKAGE_libopenssl is disabled, and ensures that OpenSSL is built with deprecated APIs in this case. A user can still manage to break the build by explicitly enabling libopenssl and disabling OPENSSL_WITH_DEPRECATED; the interaction between build dependencies and config symbols will require further discussion. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-10-151-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* nghttp2: bump to 1.34.0Hans Dedecker2018-10-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2b085815 (tag: v1.34.0) Update manual pages 986fa302 Bump up version number to 1.34.0, LT revision to 31:1:17 7c8cb3a0 nghttpx: Improve CONNECT response status handling 334c439c Fix bug that regular CONNECT does not work 6700626c Rule out content-length in the successful response to CONNECT 15162add Update manual pages 93270777 Merge pull request #1235 from nghttp2/backend-conn-timeout aeb92bbb nghttpx: Add read/write-timeout parameters to backend option fc7489e0 nghttpx: Fix mruby parameter validation 87ac872f nghttpx: Update doc c278adde nghttpx: Log error when mruby file cannot be opened f94d7209 Merge pull request #1234 from nghttp2/nghttpx-rfc8441 9b9baa6b Update doc 02566ee3 nghttpx: Update doc 3002f31b src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL d2a594a7 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 651e1477 Allow client sending :protocol optimistically a42faf1c nghttpx: Write TLS alert during handshake 4aac05e1 Merge pull request #1231 from nghttp2/ws-lib-only b80dfaa8 Adjustment for RFC 8441 a19d8f5d Deal with :protocol pseudo header 33f6e90a Add NGHTTP2_TOKEN__PROTOCOL ed7fabcb Add SETTINGS_ENABLE_CONNECT_PROTOCOL 8753b6da Update doc f2de733b Update neverbleed to fix OpenSSL 1.1.1 issues 88ff8c69 Update mruby 1.4.1 a63558a1 nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful 3575a132 nghttpx: Fix crash with plain text HTTP e2de2fee Update bash_completion 9f415979 Update manual pages 4bfc0cd1 Merge pull request #1230 from nghttp2/nghttpx-faster-logging 9c824b87 nghttpx: Get rid of std::stringstream from Log a1ea1696 Make VALID_HD_NAME_CHARS and VALID_HD_VALUE_CHARS const qualified dfc0f248 Make static_table const qualified ed7c9db2 nghttpx: Add mruby env.tls_handshake_finished 5b42815a nghttpx: Strip incoming Early-Data header field by default cfe7fa9a nghttpx: Add --tls13-ciphers and --tls-client-ciphers options cb8a9d58 src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST 023b9448 Merge branch 'tls13-early-data' 9b03c64f nghttpx: Should postpone early data by default b8eccec6 nghttpx: Disable OpenSSL anti-replay 9f212587 Specify SSL_CTX_set_max_early_data and add an option to change max value 47f60124 nghttpx: Add an option to postpone early data processing 770e44de Implement draft-ietf-httpbis-replay-02 2ab319c1 Don't hide error code from openssl 39923024 Remove SSL_ERROR_WANT_WRITE handling b30f312a Honor SSL_read semantics c5cdb78a nghttpx: Add TLSv1.3 0-RTT early data support f79a5812 Bump up version number to 1.34.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ncurses: use default host installAndy Walsh2018-09-241-6/+0
| | | | | | * just use default host/install, so libs/headers get properly generated/installed Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* gettext-full: host compile with -fpicAndy Walsh2018-09-241-0/+2
| | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* mbedtls: update to 2.13.0Magnus Kroken2018-09-221-2/+2
| | | | | | | | * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* elfutils: bump to 0.174Luiz Angelo Daros de Luca2018-09-212-533/+7
| | | | | | - Simplified musl patch with error.h concentrated into system.h Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* libpcap: patch to add limits.h to pcap-usb-linux.cEneas U de Queiroz2018-09-101-0/+22
| | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This is an upstream-applied patch that fixes 'PATH_MAX' and 'NAME_MAX' undeclared when compiling on musl with CONFIG_PCAP_HAS_USB. [aafa351] pcap-usb-linux.c: add missing limits.h for musl systems. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* nghttp2: bump to 1.33.0Hans Dedecker2018-09-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9d843334 Update bash_completion 23cb3f38 Update manual pages 1d682dcd Bump up version number to 1.33.0, LT revision to 31:0:17 601fbbb4 Update doc f44aa246 Update AUTHORS dd74a6dd Update manual pages e959e733 src: Refactor utos fb9a204d nghttpx: Fix compile error without mruby cd096802 Update doc 7417fd71 nghttpx: Per-pattern not per-backend 2d1a981c Merge branch 'akonskarm-master' 45acc922 clang-format 214d0899 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master 31fd707d nghttpx: Fix broken healthmon frontend 9a2e38e0 fix code for reuse addr on asio client d24527e7 Bump up LT revision due to v1.32.1 release 6195d747 nghttpx: Share mruby context if it is compiled from same file fb97f596 nghttpx: Allocate mruby file because fopen requires NULL terminated string 0ccc7a77 nghttpx: Move blocked request data to request buffer for API request 32826466 nghttpx: Fix crash with API request 0422f8a8 nghttpx: Fix worker process crash with neverbleed write error e329479a Merge pull request #1215 from nghttp2/mruby-per-backend f80a7873 Merge branch 'akonskarm-reuse_addr' 866ac6ab add option reuse addr in local endpoint configuration of asio client b574ae6a nghttpx: Support per-backend mruby script de4fd7cd doc: Update doc 32d7883c nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_ 9b24e197 nghttpx: Choose h1 protocol if headers have been sent to backend on retry 13ffece1 Merge pull request #1214 from nghttp2/fix-rst-without-dconn 9d5b781d Fix stream reset if data from client is arrived before dconn is attached Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nghttp2: bump to 1.32.1Hans Dedecker2018-08-271-2/+2
| | | | | | | | | 4c76aaee Update manual pages 2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16 708379dc Tweak nghttp2_session_set_stream_user_data 73106b0d Compile with clang-6.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libbsd: Update to 0.8.7Daniel Engberg2018-08-254-45/+272
| | | | | | | | | | Update libbsd to 0.8.7 Remove glibc dependency Clean up InstallDev and install entries Use /usr path for consistency Cherry pick patches from upstream to fix musl compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libevent2: Switch to using release tarballRosen Penev2018-08-252-45/+8
| | | | | | | | | | | | | Starting with version 2.1.8, a release tarball is available. Simplifies the Makefile slightly. Updated the project URL. HTTPS is broken. Issue has been reported upstream Adjusted patches. CMake support is not present in the tarball. It's made for Windows anyway. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: disable broken shipped Job server macroJo-Philipp Wich2018-08-231-0/+21
| | | | | | | | | | | | | | | | The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on plain POSIX shells due to the use of `let`. Shells lacking `let` will fail to run the generated m4sh code and end up invoking "make" with "-jyes" as argument, fialing the build. Since there is no reason in the first place for some random package to muck with the make job server settings and since we do not want it to randomly override "-j" either, simply remove references to this defunct macro to let the build succeed on platforms which not happen to use bash as default shell. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libubox: set RPATH for host buildJo-Philipp Wich2018-08-141-0/+3
| | | | | | | This is required for programs that indirectly link libjson-c through the libubox blobmsg_json library. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: set HOST_BUILD_PREFIXDaniel Golle2018-08-071-1/+2
| | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libjson-c: set HOST_BUILD_PREFIXDaniel Golle2018-08-071-1/+2
| | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org>