aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* libsepol: break out chkcon utilityDaniel Golle2020-09-271-0/+18
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: split utility packages and add PKG_LICENSEDaniel Golle2020-09-211-14/+73
| | | | | | | | Split utility packages similar to coreutils in packages feed, adding ALTERNATIVES for those which are also provided by busybox-selinux. Also add missing license information. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libjson-c: update to 0.15David Bauer2020-09-174-184/+22
| | | | | | | | | | | | Drop patches as they've been upstreamed: * 001-Fix-CVE-2020-12762.patch Refresh patches: * 000-libm.patch Add patch to avoid build failure due to missing docs in tarball. Signed-off-by: David Bauer <mail@david-bauer.net>
* wolfssl: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk 391.545 new: libwolfssl24_4.5.0-stable-2_mips_24kc.ipk 387.439 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libnftnl: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libnftnl12_1.1.7-1_mips_24kc.ipk 47.459 new: libnftnl12_1.1.7-2_mips_24kc.ipk 45.742 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* jansson: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-1/+4
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: jansson4_2.13.1-1_mips_24kc.ipk 19.171 new: jansson4_2.13.1-2_mips_24kc.ipk 18.936 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libnftnl: Update to version 1.1.7Hauke Mehrtens2020-09-061-2/+2
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libnftnl12_1.1.5-1_mips_24kc.ipk 46.252 new: libnftnl12_1.1.7-1_mips_24kc.ipk 47.459 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* jansson: Update to version 2.13.1Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | | | This also sets the ABI_VERSION as this is a versioned shared library. The ipk sizes for mips_24Kc change like this: old: jansson_2.12-1_mips_24kc.ipk 18.692 new: jansson4_2.13.1-1_mips_24kc.ipk 19.171 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libselinux: package executables into -utilsDaniel Golle2020-09-041-0/+13
| | | | | | | Add new package libselinux-utils containing the executable utilities included with libselinux. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mbedtls: update to 2.16.8Magnus Kroken2020-09-022-25/+25
| | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues and the most notable of them are described in more detail in the security advisories. * Local side channel attack on RSA and static Diffie-Hellman * Local side channel attack on classical CBC decryption in (D)TLS * When checking X.509 CRLs, a certificate was only considered as revoked if its revocationDate was in the past according to the local clock if available. Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* libaudit: add host-build required by policycoreutils/hostDaniel Golle2020-09-011-9/+25
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: host-build depends on renamed libaudit packageDaniel Golle2020-09-011-1/+1
| | | | | Fixes: efdf619f21 ("audit: build only libaudit") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libaudit: drop unused fileDaniel Golle2020-09-011-16/+0
| | | | | | | | Drop init script from libaudit package. It will be added to the 'audit' package in the packages feed. Fixes: efdf619f21 ("audit: build only libaudit") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: add missing package metadataDaniel Golle2020-08-311-1/+6
| | | | | | License and CPE-ID were missing, add them. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* audit: build only libauditDaniel Golle2020-08-314-0/+268
| | | | | | Turns out auditd depends on libev. Lets have that in packages.git. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libcxx: update to 10.0.0Rosen Penev2020-08-315-60/+24
| | | | | | | | | | | | | | | | | | | Switched to upstream tarballs. Switched to libcxxabi as using libsupc++ is quite wonky. Fixed description. Removed patches. The fixes are cosmetic. Added ssp patch. This one is needed for i386 and powerpc under musl. Compile tested every C++ package in the tree with the exception of several boost packages. There's something broken with boost. Ran tested with gerbera. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxxabi: addRosen Penev2020-08-312-0/+98
| | | | | | | | | | | | | | | This will be used for libcxx. libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses GCC specific stuff which causes failed compilation for some packages. There are also runtime issues, most notably with cxxopts where the program just crashes. Reference: https://github.com/gerbera/gerbera/issues/795 Added patch to fix ARM compilation. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libsemanage: new packageDaniel Golle2020-08-311-0/+66
| | | | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [update to 3.1] Signed-off-by: W. Michael Petullo <mike@flyn.org> [removed python part for inclusion in core] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: add certgen config optionPaul Spooren2020-08-312-1/+6
| | | | | | The option allows to generate certificates. Signed-off-by: Paul Spooren <mail@aparcar.org>
* nghttp2: move to packages.gitHans Dedecker2020-08-311-44/+0
| | | | | | | | | As the package curl has been moved to packages.git and only libcurl depends on libnghttps move it as well to packages.git. This is based on the Hamburg 2019 decision that non essential packages should move outside base. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wolfssl: Update to version 4.5.0Hauke Mehrtens2020-08-263-4/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Fix a build error on big endian systems by backporting a pull request: https://github.com/wolfSSL/wolfssl/pull/3255 The size of the ipk increases on mips BE by 1.4% old: libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246 new: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.7Magnus Kroken2020-08-242-27/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libselinux: fix Makefile styleDaniel Golle2020-08-141-1/+1
| | | | | | Also fix line order in libselinux Makefile. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsepol: fix Makefile styleDaniel Golle2020-08-141-3/+2
| | | | | | Fix line ordering (cosmetic). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: clean up Makefile line orderDaniel Golle2020-08-141-4/+2
| | | | | | | | The most recent patch added add lines in one block instead of in the appropriate places to keep Makefiles in consistent style. Fix that. Fixes: ff02e1561f ("pcre: add host variant of libpcre") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: add host variant of libpcreThomas Petazzoni2020-08-141-0/+12
| | | | | | This is needed to build the host variant of libselinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* libselinux: fix build on non-Linux systemsFelix Fietkau2020-08-131-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libsepol: fix build on non-Linux systemsFelix Fietkau2020-08-131-1/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libselinux: don't depend on kernel config symbolsDaniel Golle2020-08-131-1/+1
| | | | | | | | Dependencies are meant to express actual run-time dependencies and strictly speaking, libselinux can be build and used on kernels without SELinux (not in a very meaningful way, but never mind). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* musl-fts: import from packages feedDaniel Golle2020-08-131-0/+60
| | | | | | | libselinux requires musl-fts to build with musl. Import it from packages feed as well. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: import from packages feedsDaniel Golle2020-08-132-0/+130
| | | | | | | libselinux require pcre, import to to core so it can build without packages feeds. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: add new packageThomas Petazzoni2020-08-131-0/+79
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, update to 3.1] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* libsepol: add new packageThomas Petazzoni2020-08-131-0/+66
| | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, update to 3.1] Signed-off-by: W. Michael Petullo <mike@flyn.org>
* libjson-c: fix pkgconfig fileRosen Penev2020-08-111-9/+10
| | | | | | | | | | | | | | The pkgconfig file references the host directories, not the openwrt ones. Used SED to fix as is done elsewhere. Removed CMAKE_INSTALL as a result. Removed now pointless CFLAGS. Added PKG_BUILD_PARALLEL for faster compilation. Various rearrangements for consistency between packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to git HEADDaniel Golle2020-08-061-3/+3
| | | | | | 9e52171 blobmsg: introduce BLOBMSG_CAST_INT64 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lzo: fix pkgconfig pathsRosen Penev2020-07-171-1/+3
| | | | | | | | | The last commit to this package that added the pkgconfig file did not fix the paths to point to the prefix. This allows packages to find lzo properly. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lzo: switch to building with CMakeRosen Penev2020-07-111-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | CMake is less error prone that autotools and also compiles faster. Fixed license information. Added pkgconfig file to InstallDev so that packages that use it can find lzo. Before: time make package/lzo/compile -j 12 ________________________________________________________ Executed in 20.87 secs fish external usr time 26.95 secs 0.00 micros 26.95 secs sys time 5.49 secs 305.00 micros 5.49 secs After: time make package/lzo/compile -j 12 ________________________________________________________ Executed in 13.22 secs fish external usr time 19.59 secs 328.00 micros 19.59 secs sys time 4.03 secs 10.00 micros 4.03 secs Time output is with fish shell. make clean was ran before both attempts. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to version 2020-07-11Petr Štetiar2020-07-111-3/+3
| | | | | | | | | f4e9bf73ac5c examples/lua: attempt to highlight some traps 53b9a2123fc6 lua/uloop: fd_add: use absolute indices for arguments c0941d3289fc lua/uloop: make get_sock_fd capable of absolute addresses 161c25960ba2 lua/uloop: fd_add() better args checking Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uclibc++: make verbosity affect uClibc++ buildWren Turkal2020-07-081-0/+8
| | | | | | | | | | Before this change, setting the verbosity to anything with V=blah would cause uclibc++ build to print errors to the screen. Now, it the clibc++ build verbosity will be altered in the following manners: * V=s will set V=1 in the uclibc++ build * V=sc will set V=2 in the uclibc++ build Signed-off-by: Wren Turkal <wt@penguintechs.org>
* libjson-c: update to 0.14DENG Qingfang2020-07-047-210/+191
| | | | | | | | | | | Update libjson-c to 0.14 Changelog: https://github.com/json-c/json-c/wiki/Notes-for-v0.14-release Switch to CMake because the upstream build system was changed ipk size increased by 2KB Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* libnetfilter-queue: fix package title and descriptionCatalin Patulea2020-06-231-3/+3
| | | | | | | | | | The original text was copy/pasted from some other package. Adjust the package title and description to match the description on the publishers page. Signed-off-by: Catalin Patulea <catalinp@google.com> [slightly adjust content and commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* toolchain: glibc ldd env path fixupChen Minqiang2020-06-181-0/+1
| | | | | | | | | | This replace the shell script header of ldd when it install to `/usr/bin/ldd` where `#! /..../staging_dir/host/bin/bash` should be `#!/bin/sh` Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* toolchain: remove gcc libssp and use libc variantIan Cooper2020-06-171-41/+0
| | | | | | | | | | | | | | | Removes the standalone implementation of stack smashing protection in gcc's libssp in favour of the native implementation available in glibc and uclibc. Musl libc already uses its native ssp, so this patch does not affect musl-based toolchains. Stack smashing protection configuration options are now uniform across all supported libc variants. This also makes kernel-level stack smashing protection available for x86_64 and i386 builds using non-musl libc. Signed-off-by: Ian Cooper <iancooper@hotmail.com>
* uclient: uclient-fetch: add option to read POST data from fileDaniel Golle2020-06-171-3/+3
| | | | | | c660986 uclient-fetch: add option to read POST data from file Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* nghttp2: bump to 1.41.0Hans Dedecker2020-06-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 8f7b008b Update bash_completion 83086ba9 Update manual pages c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr 3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20 881c060d Update AUTHORS f8da73bd Earlier check for settings flood 336a98fe Implement max settings option ef415836 Revert "Add missing connection error handling" 979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2 b7d16101 Add missing connection error handling cd53bd81 Merge pull request #1460 from gportay/patch-1 e5625b8c Fix doc c663349f integration: Add PROXY protocol v2 tests 854e9fe3 nghttpx: Always call init_forwarded_for c60ea227 Update doc 49cd8e6e nghttpx: Add PROXY-protocol v2 support 3b17a659 Merge pull request #1453 from Leo-Neat/master 600fcdf5 Merge pull request #1455 from xjtian/long_serials 4922bb41 static_cast size parameter in StringRef constructor to size_t aad86975 Fix get_x509_serial for long serial numbers dc7a7df6 Adding CIFuzz b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue ffb49c6c Merge pull request #1435 from geoffhill/master 2ec58551 Fix receiving stream data stall 459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp a4c1fed5 Bump llhttp to 2.0.4 866eadb5 Enable session_create_idle_stream test, fix errors 5e13274b Fix typo e0d7f7de h2load: Allow port in --connect-to df575f96 h2load: add --connect-to option 1fff7379 clang-format-9 b40c6c86 Merge pull request #1418 from vszakats/patch-1 9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional 2d5f7659 Bump up version number to 1.41.0-DEV Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wolfssl: use -fomit-frame-pointer to fix asm errorEneas U de Queiroz2020-06-031-2/+2
| | | | | | | | | | | 32-bit x86 fail to compile fast-math feature when compiled with frame pointer, which uses a register used in a couple of inline asm functions. Previous versions of wolfssl had this by default. Keeping an extra register available may increase performance, so it's being restored for all architectures. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libconfig: move into packages feedRosen Penev2020-06-031-60/+0
| | | | | | | | | No package in base uses libconfig. Everything is in the packages feed. Ref: https://github.com/openwrt/packages/pull/12255 Signed-off-by: Rosen Penev <rosenp@gmail.com> [subject facelift, PR ref] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libubox: update to the latest versionFelix Fietkau2020-05-261-3/+3
| | | | | | | | | | 86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest masterRafał Miłecki2020-05-241-3/+3
| | | | | | | | | | 5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-05-201-2/+2
| | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>