aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* nghttp2: Fix pkgconfig fileRosen Penev2019-11-091-7/+5
| | | | | | | | | | lib and includedir point to the host, not staging_dir. Note that prefix and exec_prefix is overriden to point to staging_dir. As CMAKE_INSTTALL is passed, switched InstallDev to use cmake.mk's rule. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libevent2: Fix pkgconfig directoriesRosen Penev2019-11-091-8/+5
| | | | | | | | | | | includedir and libdir are set to /usr/include and /usr/lib . This breaks compilation with packages such as tmux that use pkgconfig to find libevent Also added PKG_LICENSE_FILES. Simplified the InstallDev section by using cmake.mk's default rule. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: update to v4.2.0-stableEneas U de Queiroz2019-11-063-142/+4
| | | | | | | | | | | | | | | Many bugs were fixed--2 patches removed here. This release of wolfSSL includes fixes for 5 security vulnerabilities, including two CVEs with high/critical base scores: - potential invalid read with TLS 1.3 PSK, including session tickets - potential hang with ocspstaping2 (always enabled in openwrt) - CVE-2019-15651: 1-byte overread when decoding certificate extensions - CVE-2019-16748: 1-byte overread when checking certificate signatures - DSA attack to recover DSA private keys Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnl-tiny: update to latest Git headPetr Štetiar2019-11-061-16/+9
| | | | | | | | | | | | | | Includes following changes: 0230d0698e59 add initial GitLab CI support 5e13b797a988 iron out all extra compiler warnings 802fbd4d6f39 cmake: enable extra compiler checks 050bb5c4431b convert into CMake project 5b350e42d1fd refactor into separate Git project and converts the package build to utilize CMake. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to latest Git HEADJo-Philipp Wich2019-11-051-3/+3
| | | | | | | c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect Fixes: CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: bump to version 2019-10-29Yousong Zhou2019-11-031-3/+3
| | | | | | | It contains a single change to vlist.h header file: "vlist: add more macros for loop iteration". This is needed for newer version of fstools Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libnl: update to 3.5.0DENG Qingfang2019-11-013-211/+4
| | | | | | Update libnl to 3.5.0 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ustream-ssl: Update to latest git HEADHauke Mehrtens2019-11-011-5/+5
| | | | | | | | | | 465f8dc wolfssl: adjust to new API in v4.2.0 3b06c65 Update example certificate & key, fix typo 1c38fd8 wolfssl: enable CN validation 33308ee ustream-io-cyassl.c: fix client-mode connections 79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: gcc: enable sanitizers for glibc toolchainYousong Zhou2019-10-241-0/+172
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libubox: update to latest git HEADRoman Yeryomin2019-10-221-3/+3
| | | | | | eb30a03 libubox, jshn: add option to write output to a file Signed-off-by: Roman Yeryomin <roman@advem.lv>
* libpcap: build with cmakeYousong Zhou2019-10-214-298/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | The main motivation is to drop and stop maintaining "100-debian_shared_lib.patch". It lacks the logic to include custom implementation of several functions like pcap_strlcpy() which can cause build failures when glibc is used [2] CAN and CAN-USB support related symbols are now handled by general linux support, see [1] "-ffunction-sections -fdata-sections" were removed as they should help much for shared libraries Size comparison before and after the change -rw-r--r-- 1 yunion yunion 238042 Oct 18 11:42 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 lrwxrwxrwx 1 yunion yunion 16 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 -> libpcap.so.1.9.1 -rwxr-xr-x 1 yunion yunion 229867 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1.9.1 [1] On Linux, handle all CAN captures with pcap-linux.c, in cooked mode, https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b [2] https://github.com/openwrt/packages/issues/10270 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssl: Add engine configuration to openssl.cnfEneas U de Queiroz2019-10-202-1/+57
| | | | | | | | | | | This adds engine configuration sections to openssl.cnf, with a commented list of engines. To enable an engine, all you have to do is uncomment the engine line. It also adds some useful comments to the devcrypto engine configuration section. Other engines currently don't have configuration commands. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libevent2: Update to 2.1.11Daniel Engberg2019-10-155-81/+94
| | | | | | | | | | | | Update libevent to 2.1.11 Use CMake instead GNU Autotools Backport following commits: https://github.com/libevent/libevent/commit/f05ba671931e2b4e38459899f6f63f79f99869fe ..and partially https://github.com/libevent/libevent/commit/7201062f3ef505a77baa6ccaf1cf73812462308a to fix compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* uClibc++: Fix three bugsRosen Penev2019-10-126-20/+221
| | | | | | | | | | | | | | | | | | | | | | | The first allows usage of several functions in the std namespace, which broke compilation of gddrescue specifically with uClibc-ng and uClibc++. The second allows usage of long long with normal C++11, which is part of the standard. Before, std=gnu++11 needed to be passsed to work around it. As a result of the second patch, the pedantic patch can safely be removed. Both patches are upstream backports. Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long. Added another patch that fixes a typo with the long long support. Sent to upstream. Fixed up license information according to SPDX. Small cleanups for consistency. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: update to 1.9.1DENG Qingfang2019-10-126-38/+19
| | | | | | | | | | | | Fixed CVEs: CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* libnl-tiny: fix package mirror hashPetr Štetiar2019-10-111-1/+1
| | | | | | | | Current hash doesn't match with the content of the source tarball. Fixes: a92f74ba8db8 ("libnl-tiny: move source code into separate Git repository") Reported-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: add gcc-8 -ffile-prefix-map filterPaul Spooren2019-10-091-1/+1
| | | | | | | | | | gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths in the resulting binaries. Ref: https://reproducible-builds.org/docs/build-path/ Signed-off-by: Paul Spooren <mail@aparcar.org> [refactored into separate commit] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libnl-tiny: move source code into separate Git repositoryPetr Štetiar2019-10-0943-8366/+12
| | | | | | | | | | In order to make the source code usable and testable separately out of buildroot. Acked-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* elfutils: Add host buildRosen Penev2019-09-212-16/+9
| | | | | | | | | | | | | | | | | | | | | | | Needed for glib2 host build: gresource-tool.c:32:20: fatal error: libelf.h: No such file or directory #include <libelf.h> Changed PKG_LICENSE to the SPDX version. Switched build dependency for argp-standalone to !USE_GLIBC. argp is a glibc extension. Treat it as such. Adjusted patch to use strerror_l, which works properly with both glibc and musl. The patch errors under glibc with: dwfl_error.c:158:7: error: ignoring return value of 'strerror_r', declared with attribute warn_unused_result [-Werror=unused-result] strerror_r (error & 0xffff, s, sizeof(s)); void casting does not fix the error. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: allow building with hw-crytpo and AES-CCMEneas U de Queiroz2019-09-204-21/+160
| | | | | | | | Hardware acceleration was disabled when AES-CCM was selected as a workaround for a build failure. This applies a couple of upstream patches fixing this. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* mbedtls: update to 2.16.3Magnus Kroken2019-09-203-52/+25
| | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* uClibc++: Remove faulty patchRosen Penev2019-09-202-14/+1
| | | | | | | | | | | | | | | This patch was originally added to fix compilation with v4l2rtspserver. Turns out it was v4l2rtspserver that was broken, not uClibc++. This now causes issues with a different package where the arguments are being split. Note that with this patch, shellcheck throws an error: SC2068: Double quote array expansions to avoid re-splitting elements. More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-1912-2524/+223
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-011-2/+2
| | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* openssl: always build with EC supportEneas U de Queiroz2019-09-012-19/+2
| | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnfnetlink: Avoid passing both -fPIC and -fpicRosen Penev2019-08-311-3/+4
| | | | | | | | Instead, instruct the configure script to use $(FPIC) only. Mixing -fPIC and -fpic can cause issues on some platforms like PPC. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-08-311-2/+4
| | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: refresh patchesChristian Lamparter2019-08-243-7/+7
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* elfutils: bump to 0.177Luiz Angelo Daros de Luca2019-08-192-43/+4
| | | | | | 200-uclibc-ng-compat.patch is upstream now. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* nghttp2: bump to 1.39.2Hans Dedecker2019-08-181-2/+2
| | | | | | | | | 957abacf Bump up version number to 1.39.2, LT revision to 32:0:18 83d362c6 Don't read too greedily a76d0723 Add nghttp2_option_set_max_outbound_ack db2f612a nghttpx: Fix request stall Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ustream-ssl: update to latest git HEADHauke Mehrtens2019-08-171-3/+3
| | | | | | | e8f9c22 Revise supported ciphersuites 7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* musl: ldso/dlsym: fix mips returning undef dlsymLuiz Angelo Daros de Luca2019-08-171-1/+1
| | | | | | | | | | | | | | | This happens only the second time a library is loaded by dlopen(). After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef symbol from lib1 dependencies. After the second library is loaded, dlsym(lib2,"undef1") was returning the address of "undef1" in lib2 instead of searching lib2 dependencies. Using upstream fix which now uses the same logic for relocation time and dlsym. Fixes openwrt/packages#9297 Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* wolfssl: bump to 4.1.0-stableEneas U de Queiroz2019-08-175-56/+16
| | | | | | | | | | | | | | | | | Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* nettle: Update to 3.5.1Daniel Engberg2019-08-091-4/+4
| | | | | | | Update (lib)nettle to 3.5.1 Bump ABI_VERSION Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-051-2/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* libroxml: bump to the 3.0.2 versionRafał Miłecki2019-07-151-3/+3
| | | | | | | * Fix for memory leak regression * Support for (un)escaping Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* libs/toolchain: remove eglibc remnant fileEneas U de Queiroz2019-07-151-13/+0
| | | | | | This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnftnl: bump to version 1.1.3Konstantin Demin2019-07-071-3/+3
| | | | | | bump ABI version accordingly (thanks to Jo-Philipp Wich). Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* wolfssl: update to 4.0.0-stableEneas U de Queiroz2019-07-075-126/+62
| | | | | | | | | | | | | | | Removed options that can't be turned off because we're building with --enable-stunnel, some of which affect hostapd's Config.in. Adjusted the title of OCSP option, as OCSP itself can't be turned off, only the stapling part is selectable. Mark options turned on when wpad support is selected. Add building options for TLS 1.0, and TLS 1.3. Add hardware crypto support, which due to a bug, only works when CCM support is turned off. Reorganized option conditionals in Makefile. Add Eneas U de Queiroz as maintainer. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: update to 3.15.7, fix MakefileEneas U de Queiroz2019-07-074-13/+13
| | | | | | | | | This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Increased FP_MAX_BITS to allow 4096-bit RSA keys. Fixed poly1305 build option, and some Makefile updates. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* ustream-ssl: update to 2019-06-24Eneas U de Queiroz2019-06-241-3/+3
| | | | | | This adds chacha20-poly1305 support to the mbedtls variant. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* mbedtls: Update to version 2.16.2Josef Schlehofer2019-06-241-2/+2
| | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
* nghttp2: deduplicate files in staging_dirEneas U de Queiroz2019-06-221-1/+1
| | | | | | | '38b22b1e: deduplicate files in libnghttp2' missed duplicates in staging_dir by Build/InstallDev. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* libjson-c: update to 0.13.1Deng Qingfang2019-06-192-18/+21
| | | | Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* nghttp2: bump to 1.39.1Hans Dedecker2019-06-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7ffc239b Bump up version number to 1.39.1 bc886a0e Fix FPE with default backend a3a14a9c Fix log-level is not set with cmd-line or configuration file acfb3607 Update manual pages bdfd14c2 Bump up version number to 1.39.0, LT revision to 31:4:17 cddc09fe Update AUTHORS 3c3b6ae8 Add missing colon 2f83aa9e Fix multi-line text travis issue fc591d0c Run nghttpx integration test with cmake build 9a17c3ef travis: use multi-line text b7220f07 cmake: Remove SPDY related files a1556fd1 Merge pull request #1356 from nghttp2/fix-log-level-on-reload 77f1c872 nghttpx: Fix unchanged log level on configuration reload 49ce44e1 Merge pull request #1352 from nghttp2/travis-osx f54b3ffc Fix libxml2 CFLAGS output b0f5e5cc Implement daemon() using fork() for OSX 8d6ecd66 Enable osx build on travis f82fb521 Update doc 2e1975dd clang-format-8 97ce392b Merge pull request #1347 from nghttp2/nghttpx-ignore-cl-te-on-upgrade afefbda5 Ignore content-length in 200 response to CONNECT request 4fca2502 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT 6975c336 Update llhttp to 1.1.3 0288093c Fix llhttp_get_error_pos usage a3a03481 Merge pull request #1340 from nghttp2/nghttpx-llhttp c64d2573 Replace http-parser with llhttp f028cc43 clang-format 302e3746 Merge pull request #1337 from nghttp2/upgrade-mruby 3cdbc5f5 Merge pull request #1335 from adamgolebiowski/boost-1.70 a6925186 Fix mruby build error 45d63d20 Upgrade mruby to 2.0.1 cbba1ebf asio: support boost-1.70 e86d1378 Bump up version number to 1.39.0-DEV 4a9d2005 Update manual pages Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libubox: update to latest git HEADHauke Mehrtens2019-06-161-3/+3
| | | | | | | 9dd2dcf libubox: add format string checking to ulog() ecf5617 ustream: Add format string checks to ustream_(v)printf() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nghttp2: deduplicate files in libnghttp2Konstantin Demin2019-06-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | libnghttp2 accidentally ships library twice: $ tar -Oxzf libnghttp2-14_1.38.0-1_mips_24kc.ipk ./data.tar.gz | tar -tzvf - drwxr-xr-x root/root 0 2019-06-07 23:14 ./ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/lib/ -rw-r--r-- root/root 144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -rw-r--r-- root/root 144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3 after fix, there's library and symlink (as designed): $ tar -Oxzf libnghttp2-14_1.38.0-2_mips_24kc.ipk ./data.tar.gz | tar -tzvf - drwxr-xr-x root/root 0 2019-06-07 23:14 ./ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/lib/ lrwxrwxrwx root/root 0 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -> libnghttp2.so.14.17.3 -rw-r--r-- root/root 144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3 Binary package size reduced accordingly: 134621 -> 66593. Compile/run-tested: ar71xx/generic. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* libunwind: bump to version 1.3.1Yousong Zhou2019-06-052-16/+6
| | | | | | | | | | | | | | | Libunwind provides a sigreturn stub for x86 in version 1.2 [1]. However the arch still depends on setcontext() which is unavailable in musl-libc and which is supposed to be "deprecated everywhere" [2] [1] x86 sigreturn unimplemented for some libcs, https://github.com/libunwind/libunwind/issues/13 [2] setcontext deprecated on x86, https://github.com/libunwind/libunwind/issues/69 Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552 Reported-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssl: update to version 1.1.1cEneas U de Queiroz2019-05-312-34/+3
| | | | | | | | | | | Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
* uclient: bump to version 2019-05-30Yousong Zhou2019-05-301-3/+3
| | | | | | | | This version bump contains the following commit to fix FS#2222 3b3e368 uclient-http: set data_eof when content-length is 0 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>