aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: enable NIST curves optimisation.Kevin Darbyshire-Bryant2016-10-131-9/+0
| | | | | | | | | | | | | luci using ustream-mbedtls is extremely slow vs ustream-polarssl. polarssl alias mbedtls v1 is configured to use NIST prime speed optimisation, so no longer disable the default optimisation for mbedtls v2. Compile & run tested: Archer C7v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> [Jo-Philipp Wich: refresh patch to use common format] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* gettext-full: update to 0.19.8.1Dirk Neukirchen2016-10-135-10/+20
| | | | | | | | | - unify configs of host/target - disable stuff to decrease build time - disable interactive gettextize: see http://lists.busybox.net/pipermail/buildroot/2014-April/093394.html Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* gettext: fix whitespaceDirk Neukirchen2016-10-131-1/+1
| | | | Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-065-7/+10
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: Force installation into /libFlorian Fainelli2016-09-281-24/+16
| | | | | | | | For 64-bit capable systems, a symbolic link is set up for /lib64 to point to /lib, so make sure the installation goes into /lib, irrespective of where the C library files come from in an external toolchain. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* openssl: update to 1.0.2jMagnus Kroken2016-09-273-49/+2
| | | | | | | | | | | | | | A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Patches applied upstream: * 301-fix_no_nextprotoneg_build.patch * 302-Fix_typo_introduced_by_a03f81f4.patch Security advisory: https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openssl: Make DTLS configurable.Rosen Penev2016-09-272-0/+10
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* openssl: Remove J-PAKE. Nothing uses it.Rosen Penev2016-09-271-1/+2
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* libjson-c: Update to 0.12.1Daniel Engberg2016-09-272-26/+5
| | | | | | Updates libjson-c and removes backport patch. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libunwind: use url aliasdiizzyy2016-09-271-1/+1
| | | | | | Use alias instead of hardcoded URL Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* openssl: backport build fix when hardware support is usedHauke Mehrtens2016-09-242-0/+35
| | | | | | | This fix added to the openssl 1.0.2 branch. In addition add the header for the existing backport. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2iMagnus Kroken2016-09-247-43/+19
| | | | | | | | | | | | | | | Drop 302-fix_no_cmac_build.patch, it has been applied upstream. Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * 10 Low severity issues Security advisory: https://www.openssl.org/news/secadv/20160922.txt Changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* cyassl: remove duplicate submenu levelJohn Crispin2016-09-191-3/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-09-192-4/+5
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* openssl: re-enable ARM assemblyFelix Fietkau2016-08-311-2/+2
| | | | | | | The original reason for disabling it seems to have been fixed Related discussion: https://github.com/lede-project/source/pull/307 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-08-222-2/+117
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* libs/gmp: update to 6.1.1Hannu Nyman2016-08-151-2/+2
| | | | | | Update libgmp to 6.1.1 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ncurses: change handling of PKG_CONFIG_LIBDIRJo-Philipp Wich2016-08-156-9/+92
| | | | | | | | | | | | | | When PKG_CONFIG_LIBDIR was unset in the environment, the configure script was deducing the PKG_CONFIG_LIBDIR from the location of the pkg-config binary, which doesn't make a lot of sense, and isn't done by other autotools based packages. Patch imported from the Buildroot project: https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch Also refresh patches while we're at. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: re-enable CMAC supportFelix Fietkau2016-08-091-1/+1
| | | | | | Needed by a few packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: change SSL support error messageJo-Philipp Wich2016-08-081-2/+2
| | | | | | | Change the error message about missing SSL support to be more explicit by mentioning required package names. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: update to the latest version, adds a few utility functionsFelix Fietkau2016-07-291-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cyassl: update to wolfssl version 3.9.6Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | | | Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html old size: libcyassl_3.9.0-1_mips_34kc_dsp.ipk 147552 new size: libcyassl_3.9.6-1_mips_34kc_dsp.ipk 150087 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: re-enable NPN by defaultFelix Fietkau2016-07-241-1/+1
| | | | | | Several packages rely on it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: add back the CAST cipher by defaultFelix Fietkau2016-07-241-1/+1
| | | | | | At least netatalk and some ipsec packages use it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: revert the no-ripemd change, openssh needs that cipherFelix Fietkau2016-07-231-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openssl: add option to disable SRP supportDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add --gc-sectionsDirk Feytons2016-07-231-1/+2
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: remove some unneeded functionality and algorithmsDirk Feytons2016-07-232-3/+28
| | | | | | | | The patch needed for this commit has been sent upstream: https://github.com/openssl/openssl/pull/1155 Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
* openssl: add option to disable PSK supportDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add option for NPN supportDirk Feytons2016-07-233-1/+23
| | | | | | | | NPN has been superseded by ALPN so NPN is disabled by default The patch has been sent to OpenSSL for inclusion, see https://github.com/openssl/openssl/pull/1100 Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add option to disable compression supportDirk Feytons2016-07-232-3/+15
| | | | | | | By default it's disabled. After the CRIME attack it seems the use of compression is discouraged. Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* openssl: add option to omit deprecated APIsDirk Feytons2016-07-232-1/+11
| | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
* libpcap: fix dependency of install-shared-so make targetMatthias Schiffer2016-07-211-16/+20
| | | | | | | | | | | | | There seems to be a situation in which a rebuild of libpcap.so is triggered in the install step of the libpcap Makefile. libpcap.so is the wrong target, leading to the build failure reported in [1]. Fix the dependency of install-shared-so to $(SHAREDLIB) so the build can succeed in this case. [1] https://dev.openwrt.org/ticket/19894 Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* uclibc++: fix build with gcc 6.1.0, which defaults to using C++14 ABIFelix Fietkau2016-07-152-0/+21
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: fix missing mbedtls_time_t bug in mbedtls 2.3.0Hauke Mehrtens2016-07-142-1/+22
| | | | | | | This backports a commit from mbedtls current git which adds missing include for platform.h. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.3.0Hauke Mehrtens2016-07-132-33/+24
| | | | | | | This fixes 3 minor security problems. SSLv3 is deactivated by default now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* polarssl: update to version 1.3.17Hauke Mehrtens2016-07-132-16/+4
| | | | | | | This fixes 3 minor security problems. SSLv3 is deactivated by default now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libubox: update to latest git HEADJohn Crispin2016-07-051-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* uclient: update to the latest version, fixes HTTP redirect supportFelix Fietkau2016-07-051-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "ustream-ssl: Fix recursive dependency"Felix Fietkau2016-07-041-2/+2
| | | | | | | | This reverts commit abf0768131db659c6819de9e7149624dd044c345. The description is wrong, there is no recursive dependency here. The conditions were added intentionally to avoid bogus build dependencies. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ustream-ssl: Fix recursive dependencyDaniel Dickinson2016-07-041-2/+2
| | | | | | | | Two variants incorrectly include themselves in conditional depends on ssl libraries, which results in a recursive dependency. Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* ustream-ssl: update to latest git HEADJohn Crispin2016-07-021-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* libnl-tiny: Generic Netlink multicast groups supportHauke Mehrtens2016-07-027-1/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds this commit from normal libnl to libnl-tiny: https://github.com/tgraf/libnl/commit/2dbc1ca76c5b82c40749e609eb83877418abb006 commit 2dbc1ca76c5b82c40749e609eb83877418abb006 Author: dima <dima.ky@gmail.com> Date: Wed Oct 13 17:53:34 2010 +0300 Generic Netlink multicast groups support I have a patch against commit d378220c96c3c8b6f27dca33e7d8ba03318f9c2d extending libnl with a facility to receive generic netlink messages sent to multicast groups. Essentially it add one new function genl_ctrl_resolve_grp which prototype looks like this int genl_ctrl_resolve_grp(struct nl_sock *sk, const char *family_name, const char *grp_name) It resolves the family name and the group name to group id. Then the returned id can be used in nl_socket_add_membership to subscribe to multicast messages. Besides that it adds two more functions uint32_t nl_socket_get_peer_groups(struct nl_sock *sk) void nl_socket_set_peer_groups(struct nl_sock *sk, uint32_t groups) allowing to modify the socket peer groups field. So it's possible to multicast messages from the user space using the legacy interface. Looks like there is no way (or I was not able to find one?) to modify the netlink socket destination group from the user space, when the group id is greater then 32. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cosmetic style fix]
* libnetfilter_queue: fix checksum computationAlin Năstac2016-06-261-0/+113
| | | | | | | | | | | There are 2 issues fixed by this patch: - UDP checksum is computed incorrectly, the used pseudo IP header contains transport protocol 6 iso 17 - on big endian arches the UDP/TCP checksum is incorrectly computed when payload length is odd Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
* uclient: update to the latest version with better help and DELETERafał Miłecki2016-06-161-2/+2
| | | | | | | This slightly improves output of help messages and supports sending message body for DELETE. Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
* libubox: update to the latest version, fixes an uloop signal handling race ↵Felix Fietkau2016-06-151-2/+2
| | | | | | condition Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libunwind: initial version 1.1Yousong Zhou2016-06-134-0/+141
| | | | | | | | | | | | | | The package Makefile was based on work at link [1] with the following changes 1. Disable minidebuginfo support thus no dependency on liblzma 2. Add 2 patches for building against musl-libc and building with mips16 enabled 3. Add LICENSE and DEPENDS info, etc. [1] https://github.com/rpi-openwrt/rpi-packages/tree/master/libs/libunwind Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* package/*: update git urls for project reposJohn Crispin2016-06-134-4/+4
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* polarssl: enable AES-GCM and CAMELLIA-GCM ciphersuitesJo-Philipp Wich2016-06-112-11/+1
| | | | | | | | | | | Recent versions of Chrome require this ciphers to successfully handshake with a TLS enabled uhttpd server using the ustream-polarssl backend. If `CONFIG_GCM` is disabled, `ssl_ciphersuite_from_id()` will return `NULL` when cipher `0x9d` is looked up, causing the calling `ssl_ciphersuite_match()` to fail with `POLARSSL_ERR_SSL_INTERNAL_ERROR`. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace jow@openwrt.org with jo@mein.ioJo-Philipp Wich2016-06-078-8/+8
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>