aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
...
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-272-24/+23
| | | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 0bd0de7d43b3846ad0d7006294e1daaadfa7b532)
* mbedtls: update to 2.16.10Magnus Kroken2021-03-212-13/+13
| | | | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Security fixes: * Fix a buffer overflow in mbedtls_mpi_sub_abs() * Fix an errorneous estimation for an internal buffer in mbedtls_pk_write_key_pem() * Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() * Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)
* libsemanage: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsemanage/genhomedircon: check usepasswd 6ebb35d2 libsemanage: Bump libsemanage.so version c08b73d7 libsemanage: Drop deprecated functions b46406de libsemanage: Remove legacy and duplicate symbols Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 4670492ad72e54e0608ef5f92d7066c1c7fa8f45) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: update to version 3.2Dominick Grift2021-03-151-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expressions 9cc6b5cf libselinux/getconlist: report failures 156dd0de libselinux: update getseuser e2dca5df libselinux: accept const fromcon in get_context API da4829d0 libselinux: Always close status page fd 45b15c22 selinux(8): explain that runtime disable is deprecated 3c16aaef selinux(8): mark up SELINUX values c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable db0f2f38 libselinux: Add build option to disable X11 backend 4a142ac4 libsepol: Bump libsepol.so version d23342a9 libselinux: convert matchpathcon to selabel_lookup() 7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format. f5d644c7 libselinux: Add additional log callback details in man page for auditing. 075f9cfe libselinux: Fix selabel_lookup() for the root dir. a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices. a63f93d8 libselinux: initialize last_policyload in selinux_status_open() ef902db9 libselinux: safely access shared memory in selinux_status_updated() 9e4480b9 libselinux: Remove trailing slash on selabel_file lookups. 21fb5f20 libselinux: use full argument specifiers for security_check_context in man page e7abd802 libselinux: fix build order 05bdc031 libselinux: use kernel status page by default Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit b1fc2b5b0be61d994d6a0429fd78331c0c57639a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsepol: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering <src_info> 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 2a1bdde0d05dd97aa58da546d15197409d481bb3) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* zlib: properly split patchesAdrian Schmutzler2021-02-254-502/+501
| | | | | | | | | | | This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 221eefaf6b301043c491aab8815fcfa24e8a5583)
* openssl: update package sourcesDavid Bauer2021-02-241-3/+5
| | | | | | | | | | | | | OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 10e84bde369d7cfb60d6ac6ee5c7211474bd4179)
* wolfssl: fix Ed25519 typo in config promptChristian Lamparter2021-02-241-1/+1
| | | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 09e66112f1ea9f5838ce80533f3850523dc30230)
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-02-245-92/+4
| | | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)
* openssl: bump to 1.1.1jEneas U de Queiroz2021-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 482c9ff289c65480c8e7340e1740db24c62f91df)
* build: reorder more BuildPackages lines to deal with ABI_VERSIONFelix Fietkau2021-02-161-2/+3
| | | | | | | | After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 75455b75a7ee)
* wolfssl: use libtool patch for PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+1
| | | | | | Makes it unnecessary to patch .so files after build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use build system variable to specify ABI versionFelix Fietkau2021-02-151-4/+5
| | | | | | This removes the need to patch it afterwards Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-151-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and ↵Hauke Mehrtens2021-02-151-3/+1
| | | | | | | | | | | | | | | | package version" This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libwolfssl: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl collect2: error: ld returned 1 exit status This reverts commit 2591c83b3406c16d3c1cd2dc7fa59c3c1b901d3c. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "libubox: use PKG_ABI_VERSION"Hauke Mehrtens2021-02-151-4/+1
| | | | | | | | | | | | This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libubox: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox This reverts commit f421fefa8a34319c5ff5dcc1af39d6311ec1ad1e. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-141-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-141-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libnftnl: update to 1.1.8Rosen Penev2021-02-141-7/+8
| | | | | | | | | | | | | | Fix license information. Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0 Add PKG_BUILD_PARALLEL for faster compilation. Remove autoreconf as nothing is being patched. Minor cleanups for consistency between packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libevent2: update to 2.1.12Rosen Penev2021-02-143-73/+3
| | | | | | Remove upstream backports. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* readline: update to 8.1Rosen Penev2021-02-141-3/+3
| | | | | | Fix license. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* gmp: update to 6.2.1Rosen Penev2021-02-141-4/+4
| | | | | | Fix license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: Backport fix for CVE-2021-3336Hauke Mehrtens2021-02-092-1/+54
| | | | | | | | | | | | This should fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The patch is backported from the upstream wolfssl development branch. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.9Rosen Penev2021-01-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: make InstallDev explicitRosen Penev2021-01-161-2/+7
| | | | | | Helps to see what actually gets installed. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: cleanup PKG_ variablesRosen Penev2021-01-161-4/+5
| | | | | | | | | | Reordered for consistency between packages. Fixed license information. Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: update to 1.0.24Rosen Penev2021-01-161-3/+3
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: add config option to compile with hkdfEtan Kissling2021-01-141-1/+18
| | | | | | | This adds a config option to allow compiling with HKDF algorithm support to support applications that require this feature. Signed-off-by: Etan Kissling <etan_kissling@apple.com>
* wolfssl: enable HAVE_SECRET_CALLBACKFelix Fietkau2021-01-021-0/+10
| | | | | | Fixes wpad-wolfssl build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: Fix hostapd build with wolfssl 4.6.0Hauke Mehrtens2021-01-011-0/+25
| | | | | | | | | | | | This fixes the following build problem in hostapd: mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add': <artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point' mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map' mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin': <artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map' Fixes: ba40da9045f7 ("wolfssl: Update to v4.6.0-stable") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libevent2: trigger rebuild on libevent2-pthreadsAlexandru Ardelean2021-01-011-0/+1
| | | | | | | | | | | | | The symbol determines if the libevent2-pthreads libraries get built or not. If we want to select libevent2-pthreads, and these haven't been built, an error will occur mentioning that there are no 'libevent_pthreads-2.1.so' files. Adding CONFIG_PACKAGE_libevent2-pthreads to PKG_CONFIG_DEPEND will make sure that the libraries get re-built in case libevent2-pthreads is selected. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wolfssl: Update to v4.6.0-stableEneas U de Queiroz2021-01-014-154/+4
| | | | | | | | | | | | | | | | | This version fixes a large number of bugs, although no security vulnerabilities are listed. Full changelog at: https://www.wolfssl.com/docs/wolfssl-changelog/ or, as part of the version's README.md: https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md Due a number of API additions, size increases from 374.7K to 408.8K for arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. Backported patches were removed; remaining patch was refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* toolchain: remove uClibc install stuffRosen Penev2020-12-221-28/+3
| | | | | | This is preparation for removing uClibc-ng. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: fix pcap-configRosen Penev2020-12-221-2/+10
| | | | | | | | | | | | | pcap-config as installed is using OS paths instead of OpenWrt ones. Take fix from libpng and adjust as needed. This problem seems to occur on Arch Linux and not on Debian/Fedora based distros. No idea why. Remove CMAKE_INSTALL as there is now an InstallDev section. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* pcre: fix paths in config fileRosen Penev2020-12-221-1/+2
| | | | | | | | | The paths are pointing to OS paths, not OpenWrt ones. Use SED line from libpng to fix and adjust accordingly. This may allow certain packages that use the config file to pick up pcre. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* nettle: update to 3.6Rosen Penev2020-12-221-6/+6
| | | | | | | | | | | Updated ABI_VERSION. Switched PKG_BUILD_PARALLEL on as there seems to be no issue anymore. I can't find any information about why it was turned off. Fixed license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: update to 0.180Rosen Penev2020-12-223-6/+6
| | | | | | Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* toolchain: Deactivate sanitizer on MIPS and ARCHauke Mehrtens2020-12-191-4/+4
| | | | | | | | | | MIPS 32 bit support for sanitizer was added with GCC 9, MIPS 64 bit and ARC are still not supported in GCC 10. Deactivate them for now and change this when we change the default compiler to GCC 9 or later. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libunwind: update to 1.5.0Rosen Penev2020-12-163-17/+14
| | | | | | | | | | | | | | Cleanup Makefile for consistency with other ones. Remove PKG_SSP. It can be fixed with -lssp_nonshared. Add PKG_BUILD_PARALLEL for faster compilation. Add zlib dependency. 1.5.0 requires it now. Refresh patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-conntrack: update to 1.0.8Rosen Penev2020-12-151-9/+8
| | | | | | | | | | Previous git version was 1.0.7. Switched to using tarballs for simplicity. Fixed license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uclient: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 2c843b2bc04c Add initial GitLab CI support 073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation 086c292160ac uclient-fetch: init_ca_cert: fix memory leak a3c1a88b031a cmake: enable extra compiler checks 32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon 86a2ac6ac46f uclient-fetch: fix potential memory leaks 158dd9dd289c uclient: fix initialized but never read variable 66b4420856a7 uclient-fetch: fix statement may fallt hrough 436f9b3af2ad uclient-http: fix freeing of stack allocated memory e6b5b8a98ce2 Fix extra compiler warnings 12df67e45bb0 Add basic cram based unit tests b6e34845124f cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 68d09243b6fd Add initial GitLab CI support 8280140db9d1 wolfssl: remove now deprecated compatibility code cee6791b362a ustream-mbedtls: fix certificate verification 55c3fd89d508 ustream-mbedtls: implement set_require_validation c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation 3bc05402bfab cmake: enable extra compiler checks cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs 5896991e46a3 ustream-openssl: fix BIO_method memory leak 2c342ae57c5b ustream-openssl: fix wolfSSL includes fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths 63656f81045f cmake: fix linking when wolfSSL not in default paths c26f71e844df cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libubox: utils: introduce mkdir_pDaniel Golle2020-12-121-4/+4
| | | | | | | Add new utility function mkdir_p(char *path, mode_t mode) to replace the partially buggy implementations found accross fstools and procd. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openssl: update to 1.1.1iEneas U de Queiroz2020-12-111-3/+3
| | | | | | | | Fixes: CVE-2020-1971, defined as high severity, summarized as: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: fix broken wolfSSL_X509_check_hostPetr Štetiar2020-12-112-1/+124
| | | | | | | Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host(). References: https://github.com/wolfSSL/wolfssl/issues/3329 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: compile with --enable-opensslallEneas U de Queiroz2020-12-111-1/+2
| | | | | | | | | | This enables all OpenSSL API available. It is required to avoid some silent failures, such as when performing client certificate validation. Package size increases from 356.6K to 374.7K for arm_cortex-a9_vfpv3-d16. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add lighty support, skip crypttestsEneas U de Queiroz2020-12-111-1/+3
| | | | | | | | | | Tnis adds the --enable-lighty option to configure, enabling the minimum API needed to run lighttpd, in the packages feed. Size increase is about 120 bytes for arm_cortex-a9_vfpv3-d16. While at it, speed up build by disabling crypt bench/test. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libcxx[abi]: removeRosen Penev2020-12-075-196/+0
| | | | | | | | | | | | This is a neat project, but offers no benefit to OpenWrt. The initial reason for it was to be a replacement for libstdcpp as it is smaller and lacks compatibility for C++98. Unfortunately, compiling several packages with it results in larger ipk sizes. While not a member of the packages feed, this will be moved to packages-abandoned to keep it somewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lzo: removeRosen Penev2020-12-061-61/+0
| | | | | | This is not used by any package in base. It will be moved to packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>