aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* wolfssl: add certgen config optionPaul Spooren2020-08-312-1/+6
| | | | | | The option allows to generate certificates. Signed-off-by: Paul Spooren <mail@aparcar.org>
* nghttp2: move to packages.gitHans Dedecker2020-08-311-44/+0
| | | | | | | | | As the package curl has been moved to packages.git and only libcurl depends on libnghttps move it as well to packages.git. This is based on the Hamburg 2019 decision that non essential packages should move outside base. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wolfssl: Update to version 4.5.0Hauke Mehrtens2020-08-263-4/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Fix a build error on big endian systems by backporting a pull request: https://github.com/wolfSSL/wolfssl/pull/3255 The size of the ipk increases on mips BE by 1.4% old: libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246 new: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.7Magnus Kroken2020-08-242-27/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libselinux: fix Makefile styleDaniel Golle2020-08-141-1/+1
| | | | | | Also fix line order in libselinux Makefile. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsepol: fix Makefile styleDaniel Golle2020-08-141-3/+2
| | | | | | Fix line ordering (cosmetic). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: clean up Makefile line orderDaniel Golle2020-08-141-4/+2
| | | | | | | | The most recent patch added add lines in one block instead of in the appropriate places to keep Makefiles in consistent style. Fix that. Fixes: ff02e1561f ("pcre: add host variant of libpcre") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: add host variant of libpcreThomas Petazzoni2020-08-141-0/+12
| | | | | | This is needed to build the host variant of libselinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* libselinux: fix build on non-Linux systemsFelix Fietkau2020-08-131-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libsepol: fix build on non-Linux systemsFelix Fietkau2020-08-131-1/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libselinux: don't depend on kernel config symbolsDaniel Golle2020-08-131-1/+1
| | | | | | | | Dependencies are meant to express actual run-time dependencies and strictly speaking, libselinux can be build and used on kernels without SELinux (not in a very meaningful way, but never mind). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* musl-fts: import from packages feedDaniel Golle2020-08-131-0/+60
| | | | | | | libselinux requires musl-fts to build with musl. Import it from packages feed as well. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: import from packages feedsDaniel Golle2020-08-132-0/+130
| | | | | | | libselinux require pcre, import to to core so it can build without packages feeds. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: add new packageThomas Petazzoni2020-08-131-0/+79
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, update to 3.1] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* libsepol: add new packageThomas Petazzoni2020-08-131-0/+66
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, update to 3.1] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* libjson-c: fix pkgconfig fileRosen Penev2020-08-111-9/+10
| | | | | | | | | | | | | | The pkgconfig file references the host directories, not the openwrt ones. Used SED to fix as is done elsewhere. Removed CMAKE_INSTALL as a result. Removed now pointless CFLAGS. Added PKG_BUILD_PARALLEL for faster compilation. Various rearrangements for consistency between packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to git HEADDaniel Golle2020-08-061-3/+3
| | | | | | 9e52171 blobmsg: introduce BLOBMSG_CAST_INT64 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lzo: fix pkgconfig pathsRosen Penev2020-07-171-1/+3
| | | | | | | | | The last commit to this package that added the pkgconfig file did not fix the paths to point to the prefix. This allows packages to find lzo properly. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lzo: switch to building with CMakeRosen Penev2020-07-111-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | CMake is less error prone that autotools and also compiles faster. Fixed license information. Added pkgconfig file to InstallDev so that packages that use it can find lzo. Before: time make package/lzo/compile -j 12 ________________________________________________________ Executed in 20.87 secs fish external usr time 26.95 secs 0.00 micros 26.95 secs sys time 5.49 secs 305.00 micros 5.49 secs After: time make package/lzo/compile -j 12 ________________________________________________________ Executed in 13.22 secs fish external usr time 19.59 secs 328.00 micros 19.59 secs sys time 4.03 secs 10.00 micros 4.03 secs Time output is with fish shell. make clean was ran before both attempts. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to version 2020-07-11Petr Štetiar2020-07-111-3/+3
| | | | | | | | | f4e9bf73ac5c examples/lua: attempt to highlight some traps 53b9a2123fc6 lua/uloop: fd_add: use absolute indices for arguments c0941d3289fc lua/uloop: make get_sock_fd capable of absolute addresses 161c25960ba2 lua/uloop: fd_add() better args checking Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uclibc++: make verbosity affect uClibc++ buildWren Turkal2020-07-081-0/+8
| | | | | | | | | | Before this change, setting the verbosity to anything with V=blah would cause uclibc++ build to print errors to the screen. Now, it the clibc++ build verbosity will be altered in the following manners: * V=s will set V=1 in the uclibc++ build * V=sc will set V=2 in the uclibc++ build Signed-off-by: Wren Turkal <wt@penguintechs.org>
* libjson-c: update to 0.14DENG Qingfang2020-07-047-210/+191
| | | | | | | | | | | Update libjson-c to 0.14 Changelog: https://github.com/json-c/json-c/wiki/Notes-for-v0.14-release Switch to CMake because the upstream build system was changed ipk size increased by 2KB Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* libnetfilter-queue: fix package title and descriptionCatalin Patulea2020-06-231-3/+3
| | | | | | | | | | The original text was copy/pasted from some other package. Adjust the package title and description to match the description on the publishers page. Signed-off-by: Catalin Patulea <catalinp@google.com> [slightly adjust content and commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* toolchain: glibc ldd env path fixupChen Minqiang2020-06-181-0/+1
| | | | | | | | | | This replace the shell script header of ldd when it install to `/usr/bin/ldd` where `#! /..../staging_dir/host/bin/bash` should be `#!/bin/sh` Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* toolchain: remove gcc libssp and use libc variantIan Cooper2020-06-171-41/+0
| | | | | | | | | | | | | | | Removes the standalone implementation of stack smashing protection in gcc's libssp in favour of the native implementation available in glibc and uclibc. Musl libc already uses its native ssp, so this patch does not affect musl-based toolchains. Stack smashing protection configuration options are now uniform across all supported libc variants. This also makes kernel-level stack smashing protection available for x86_64 and i386 builds using non-musl libc. Signed-off-by: Ian Cooper <iancooper@hotmail.com>
* uclient: uclient-fetch: add option to read POST data from fileDaniel Golle2020-06-171-3/+3
| | | | | | c660986 uclient-fetch: add option to read POST data from file Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* nghttp2: bump to 1.41.0Hans Dedecker2020-06-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 8f7b008b Update bash_completion 83086ba9 Update manual pages c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr 3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20 881c060d Update AUTHORS f8da73bd Earlier check for settings flood 336a98fe Implement max settings option ef415836 Revert "Add missing connection error handling" 979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2 b7d16101 Add missing connection error handling cd53bd81 Merge pull request #1460 from gportay/patch-1 e5625b8c Fix doc c663349f integration: Add PROXY protocol v2 tests 854e9fe3 nghttpx: Always call init_forwarded_for c60ea227 Update doc 49cd8e6e nghttpx: Add PROXY-protocol v2 support 3b17a659 Merge pull request #1453 from Leo-Neat/master 600fcdf5 Merge pull request #1455 from xjtian/long_serials 4922bb41 static_cast size parameter in StringRef constructor to size_t aad86975 Fix get_x509_serial for long serial numbers dc7a7df6 Adding CIFuzz b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue ffb49c6c Merge pull request #1435 from geoffhill/master 2ec58551 Fix receiving stream data stall 459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp a4c1fed5 Bump llhttp to 2.0.4 866eadb5 Enable session_create_idle_stream test, fix errors 5e13274b Fix typo e0d7f7de h2load: Allow port in --connect-to df575f96 h2load: add --connect-to option 1fff7379 clang-format-9 b40c6c86 Merge pull request #1418 from vszakats/patch-1 9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional 2d5f7659 Bump up version number to 1.41.0-DEV Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wolfssl: use -fomit-frame-pointer to fix asm errorEneas U de Queiroz2020-06-031-2/+2
| | | | | | | | | | | 32-bit x86 fail to compile fast-math feature when compiled with frame pointer, which uses a register used in a couple of inline asm functions. Previous versions of wolfssl had this by default. Keeping an extra register available may increase performance, so it's being restored for all architectures. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libconfig: move into packages feedRosen Penev2020-06-031-60/+0
| | | | | | | | | No package in base uses libconfig. Everything is in the packages feed. Ref: https://github.com/openwrt/packages/pull/12255 Signed-off-by: Rosen Penev <rosenp@gmail.com> [subject facelift, PR ref] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libubox: update to the latest versionFelix Fietkau2020-05-261-3/+3
| | | | | | | | | | 86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest masterRafał Miłecki2020-05-241-3/+3
| | | | | | | | | | 5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-05-201-2/+2
| | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libjson-c: backport security fixesRobert Marko2020-05-135-1/+175
| | | | | | | | | | | | This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* argp-standalone: fix segfault in canon_doc_optionStijn Tintel2020-05-031-0/+14
| | | | | | Backported from glibc. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* elfutils: powerpc build fixLuiz Angelo Daros de Luca2020-04-281-0/+34
| | | | | | | | | | | | | | Fixes following build error on mpc85xx/generic: ppc_initreg.c: In function 'ppc_set_initial_registers_tid': ppc_initreg.c:79:22: error: field 'r' has incomplete type struct pt_regs r; Ref: FS#2924 Fixes: d27623b54254 ("elfutils: update to 0.179") Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> [commit description facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1gPetr Štetiar2020-04-211-2/+2
| | | | | | | | Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mbedtls: update to 2.16.6Magnus Kroken2020-04-171-2/+2
| | | | | | | | | | | | Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* elfutils: aarch64 fix build on muslLucian Cristian2020-04-171-0/+59
| | | | | | | | | aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid': aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int') dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF; ~~~~~~~~~~~~~~ ^ Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* elfutils: update to 0.179Rosen Penev2020-04-136-64/+106
| | | | | | | | | | | | | | | | | Removed sys/cdefs usage. The header is deprecated. Removed canonicalize_file_name define. It's already fixed upstream. Added --disable-debuginfod. Seems to be needed. Modified patch 005 to build more stuff. It was failing before. It still only builds libraries. Modified patch 100 to use strerror under non-glibc. It is used under glibc as strerror is not thread safe. It is under musl and uClibc-ng. strerror_l is not available under uClibc-ng. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* jansson: convert to cmakeKevin Darbyshire-Bryant2020-04-011-14/+9
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: bump to 1.1.1fEneas U de Queiroz2020-04-012-83/+3
| | | | | | | | | There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* jansson: import jansson from packagesKevin Darbyshire-Bryant2020-03-291-0/+51
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: revert EOF detection change in 1.1.1Eneas U de Queiroz2020-03-282-1/+81
| | | | | | | | | | | | | | | | | | | | | | This adds patches to avoid possible application breakage caused by a change in behavior introduced in 1.1.1e. It affects at least nginx, which logs error messages such as: nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: xxxx, server: [::]:443 Openssl commits db943f4 (Detect EOF while reading in libssl), and 22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the behavior when encountering an EOF in SSL_read(). Previous behavior was to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits being reverted changed it to SSL_ERRO_SSL, and add an error to the stack, which is correct. Unfortunately this affects a number of applications that counted on the old behavior, including nginx. The reversion was discussed in openssl/openssl#11378, and implemented as PR openssl/openssl#11400. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* uclient: update mirror hashJo-Philipp Wich2020-03-251-1/+1
| | | | | Fixes: 98017228dd ("uclient: bump to latest Git HEAD") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uclient: bump to latest Git HEADJo-Philipp Wich2020-03-251-2/+2
| | | | | | af585db uclient-fetch: support specifying advertised TLS ciphers Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: bump to latest Git HEADJo-Philipp Wich2020-03-251-4/+4
| | | | | | | | | | 5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write f7f93ad add support for specifying usable ciphers Also bump the ABI version since the layout of `struct ustream_ssl_ops` changed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libnftnl: drop unsupported configure optionKevin Darbyshire-Bryant2020-03-231-2/+1
| | | | | | --without-json-parsing is not a supported configure option. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: update to 1.1.1eEneas U de Queiroz2020-03-214-41/+22
| | | | | | | This version includes bug and security fixes, including medium-severity CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: add configuration example for afalg-syncEneas U de Queiroz2020-03-212-2/+31
| | | | | | | This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* readline: needs host depend on ncurses to buildJan Kardell2020-03-201-0/+2
| | | | | | We must ensure that host ncurses is build before host readline. Signed-off-by: Jan Kardell <jan.kardell@telliq.com>