aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* wolfssl: fix build with GCC 10 on 32 x86 targetsStijn Tintel2021-08-201-0/+123
| | | | | | Backport upstream patch to fix build with GCC 10 on 32 x86 targets. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* pcre: update to 8.45Rosen Penev2021-08-081-3/+3
| | | | | | Switch to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* nettle: update to 3.7.3Rosen Penev2021-08-082-7/+7
| | | | | | | | Switch to AUTORELEASE to avoid manual increments. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: update to 2.16.11Rosen Penev2021-08-081-3/+3
| | | | | | | | | Switched to AUTORELEASE to avoid manual increments. Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: update to 1.10.1Rosen Penev2021-08-083-5/+5
| | | | | | | | Switch to AUTORELEASE to avoid manual increments. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnftnl: update to 1.2.0Rosen Penev2021-08-081-3/+3
| | | | | | Switch to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcap: update to 2.51Rosen Penev2021-08-081-3/+3
| | | | | | Switched to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: update to 0.182Rosen Penev2021-08-087-66/+12
| | | | | | | | | | | | | | | Add --disable-libdebuginfod with remove libcurl dependency. Remove totally unused host elfutils. Refreshed and rebased patches. Also happens to fix compilation with GCC11. Newer versions of elfutils seem to have some kind of dependency on obstack. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* gettext-full: disable parallel compilationRosen Penev2021-08-081-2/+2
| | | | | | Fails fairly reliably with make -j 12 on a Ryzen 3600. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: add rpcapd as packageStephan Schmidtmer2021-08-081-1/+20
| | | | | | | | | | | | This enables building of rpcapd and adds it as a package. It is a daemon that allows remote packet capturing from another machine. E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP). https://www.tcpdump.org/manpages/rpcapd.8.html Compile and run tested: OpenWrt SNAPSHOT r17190-2801fe6132 on x86/64 Signed-off-by: Stephan Schmidtmer <hurz@gmx.org>
* elfutils: fix building with GCC 11Rui Salvaterra2021-07-251-0/+22
| | | | | | | Add a patch to fix building with GCC 11, which triggers new warnings by enabling -Warray-parameter by default. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* treewide: unmark selected packages nonsharedPetr Štetiar2021-07-023-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts changes done in commit 72cc44958ef4 ("treewide: mark selected packages nonshared") as it removes the nonshared flag, but keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared flag was incorrect. Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared packages as this fix attempt didn't worked out. Currently the imagebuilder is broken again: openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl ... Collected errors: * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status * pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo * pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured * satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl: * libiwinfo20210430 * opkg_install_cmd: Cannot install package luci-ssl-openssl. Everything because iwinfo's ABI was changed two times since rc3 release: +IWINFO_ABI_VERSION:=20210430 +IWINFO_ABI_VERSION:=20210420 Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by phase2 builders: d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease 95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis So now luci-mod-status depends on libiwinfo20210430 but only libiwinfo20210106 can be downloaded. This is first part of the fix, in the upcoming commit Jo is going to remove nonshared flag from iwinfo package as well. References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html Acked-by: Jo-Philipp Wich <jo@mein.io> Reported-by: Nick Hainke <vincent@systemli.org> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: variants conflict with each otherKarel Kočí2021-06-211-1/+3
| | | | | | | | This adds conflicts between variants of libustream pacakge. They provide the same file and thus it should not be possible to install them side by side. Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* treewide: remove PKG_INSTALL from CMake packagesRosen Penev2021-06-191-2/+0
| | | | | | | | | | | | It's already default with cmake.mk Found with: git grep PKG_INSTALL\: | cut -d ':' -f 1 | sort -u > ins git grep cmake.mk | cut -d ':' -f 1 > cmake comm -1 -2 ins cmake Signed-off-by: Rosen Penev <rosenp@gmail.com>
* treewide: remove BUILD_PARALLEL from CMake packagesRosen Penev2021-06-193-3/+0
| | | | | | | | | | | | | It's already default. The only exception is mt76 which has Ninja disabled. Found with: git grep BUILD_PARALLEL | cut -d ':' -f 1 | sort -u > par git grep cmake.mk | cut -d ':' -f 1 > cmake comm -1 -2 par cmake Signed-off-by: Rosen Penev <rosenp@gmail.com>
* treewide: mark selected packages nonsharedHannu Nyman2021-06-133-3/+8
| | | | | | | | | | | | | | | | | | | | Mark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared packages. This helps to keep coherent dependencies if these ABI versioned packages are later updated. Before this commit it is possible to get missing dependencies in target-specific nonshared packages (like iwinfo) that depend on these shared ABI versioned packages. If these are later updated and rebuilt, only the new ABI version will be available for download, while the target-specific packages in releases continue to depend on the old ABI version. After this commit the packages are built along the other nonshared packages by the phase1 images buildbot and will be available at the target/ download directories instead of packages/base dir. That will help to keep a coherent set available. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* package: fix cmake packages build with ninjaRosen Penev2021-06-121-1/+1
| | | | | | | | += is needed for CMAKE_OPTIONS. mt76 needs Ninja disabled as the kernel stuff uses normal make. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: add support for OpenVPNIvan Pavlov2021-05-232-1/+7
| | | | | | | | | | Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4, so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* wolfssl: always export wc_ecc_set_rngDavid Bauer2021-05-212-1/+51
| | | | | | | | | | | | | | | Since commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") wolfssl requires a RNG for an EC key when the hardened built option is selected. wc_ecc_set_rng is only available when built hardened, so there is no safe way to install the RNG to the key regardless whether or not wolfssl is compiled hardened. Always export wc_ecc_set_rng so tools such as hostapd can install RNG regardless of the built settings for wolfssl. Signed-off-by: David Bauer <mail@david-bauer.net>
* libubox: update to the latest versionFelix Fietkau2021-05-181-3/+3
| | | | | | | | | | | | 870acee325fe tests: cram: test_base64: fix failing tests 4d8995e91d56 tests: cram: test_base64: really fix failing tests 551d75b5662c libubox: tests: add more blobmsg/json test cases a0dbcf8b8f96 tests: add blob-buffer overflow test b36a3a90098d blob: fix exceeding maximum buffer length b8abed749423 utils.h: add fallthrough macro b14c4688612c json_script: fix unannotated fall-through warning Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: update to Git version 2021-05-14Baptiste Jonglez2021-05-141-3/+3
| | | | | | | | 6a6011d uclient-http: set eof mark when content-length is 0 19571e4 tests: fix help usage test for uclient built with sanitizer c5fc04b tests: fix help usage test Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* libsemanage: fix pkgconfig pathsRosen Penev2021-04-151-1/+3
| | | | | | The pkgconfig file currently points to host paths. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcap: bump to 2.48Stijn Tintel2021-04-051-2/+2
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: drop invalid copyright headerStijn Tintel2021-04-051-2/+0
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: import from packages feedStijn Tintel2021-04-052-0/+126
| | | | | | | | | | | | Having libcap in OpenWrt base allows us to enable libcap support in other packages in base. In lldpd, this would allow the monitor process to drop its privileges instead of running as root, improving security. It will also allow us to drop our patch to disable libcap. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* uclient: update to Git version 2021-04-03Hauke Mehrtens2021-04-031-3/+3
| | | | | | | 83efca2 tests: fix possibly longer start of HTTP server 64e00d6 uclient-fetch: document missing options Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ncurses: add screen-256color terminfoPaul Spooren2021-03-291-1/+2
| | | | | | | The terminfo is required by the popular terminal multiplexer screen and tmux, offer it by default as the size impact is minimal with 885 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ncurses: split long line of supported terminfoPaul Spooren2021-03-291-1/+12
| | | | | | | The terminfo files were all in one row which is terrible to read. Split them over multiple lines to improve readability. Signed-off-by: Paul Spooren <mail@aparcar.org>
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-262-25/+24
| | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "openssl: refresh patches"Kevin Darbyshire-Bryant2021-03-2611-2498/+180
| | | | | | This reverts commit e27ef2da0d513494c3e9926ce8d44b63e4236a32. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: refresh patchesKevin Darbyshire-Bryant2021-03-2611-180/+2498
| | | | | | Tidy up some patch fuzz. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* elfutils: enable building with MIPS16Tony Ambardar2021-03-251-2/+2
| | | | | | | | | | | | | | | | | | Building with MIPS16 was disabled in 2013 due to an issue with GCC TLS: https://dev.archive.openwrt.org/ticket/13572. But after the problematic GCC version was retired, this change wasn't revisited. Re-enable MIPS16 builds to reduce average elfutils library sizes ~10%. This was compile-tested on malta/mips32be and malta/mips32le, and linked with iproute2 for run-testing. Package sizes follow: Library MIPS16:=0 MIPS16:=1 ------- --------- --------- libelf1 43217 37492 libasm1 12481 11658 libdw1 229723 205793 Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* libnfnetlink: quote $(FPIC) on command linePhilip Prindeville2021-03-191-2/+2
| | | | | | | | | When $(FPIC) gets expanded on the command line (for instance when setting environment variables for libtool, configure, or make) we can't count on it not needing quoting (i.e. it could contain multiple flags separated with spaces). Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* mbedtls: update to 2.16.10Magnus Kroken2021-03-162-13/+13
| | | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Security fixes: * Fix a buffer overflow in mbedtls_mpi_sub_abs() * Fix an errorneous estimation for an internal buffer in mbedtls_pk_write_key_pem() * Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() * Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* gettext-full: disable nameless locale defineRosen Penev2021-03-142-5/+5
| | | | | | | It seems some packages like transmission and json-glib fail with it enabled. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: remove host build from target packageTony Ambardar2021-03-131-2/+0
| | | | | | | | | | | | | Commit f4da28c301 ("elfutils: Add host build") supplied a libelf host library to fix a glib2 host build error, but this need was later removed by b6212c8769 ("glib2: don't use libelf during host build"). More importantly, there are already two sources for libelf host libraries: OpenWRT build prerequisites [1] and tools/libelf. A third is not needed. Ref [1]: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* libsemanage: update to version 3.2Dominick Grift2021-03-081-3/+3
| | | | | | | | | | | | c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsemanage/genhomedircon: check usepasswd 6ebb35d2 libsemanage: Bump libsemanage.so version c08b73d7 libsemanage: Drop deprecated functions b46406de libsemanage: Remove legacy and duplicate symbols Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libselinux: update to version 3.2Dominick Grift2021-03-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expressions 9cc6b5cf libselinux/getconlist: report failures 156dd0de libselinux: update getseuser e2dca5df libselinux: accept const fromcon in get_context API da4829d0 libselinux: Always close status page fd 45b15c22 selinux(8): explain that runtime disable is deprecated 3c16aaef selinux(8): mark up SELINUX values c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable db0f2f38 libselinux: Add build option to disable X11 backend 4a142ac4 libsepol: Bump libsepol.so version d23342a9 libselinux: convert matchpathcon to selabel_lookup() 7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format. f5d644c7 libselinux: Add additional log callback details in man page for auditing. 075f9cfe libselinux: Fix selabel_lookup() for the root dir. a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices. a63f93d8 libselinux: initialize last_policyload in selinux_status_open() ef902db9 libselinux: safely access shared memory in selinux_status_updated() 9e4480b9 libselinux: Remove trailing slash on selabel_file lookups. 21fb5f20 libselinux: use full argument specifiers for security_check_context in man page e7abd802 libselinux: fix build order 05bdc031 libselinux: use kernel status page by default Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsepol: update to version 3.2Dominick Grift2021-03-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering <src_info> 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libubox: update to git HEADDaniel Golle2021-03-021-3/+3
| | | | | | 2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libunwind: Add MIPS64 dep checkDonald Hoskins2021-03-011-1/+1
| | | | | | | | | | | libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness. libunwind seems to support MIPS64 without issues, it was limited by the dep arch check in the Makefile. Used to compile Suricata6/Rust locally without issue. Signed-off-by: Donald Hoskins <grommish@gmail.com>
* libpcap: update to 1.10.0Rosen Penev2021-03-017-109/+73
| | | | | | | | | | | | | | | | | | | | | Simplify cmake option handling by putting everything in blocks. Add openssl patch as there's no easy way to disable. Rebase the skip manpages patch. Remove the monitor mode patch as it no longer applies. Remove flex patch as normal Makefile is no longer used. Remove USB path patch. While it is deprecated, the codepath is never taken. /sys/bus/usb/devices is checked before hand. If it exists, the function does stuff and returns. Additionally, this path is used elsewhere in the code. Refresh other patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* zlib: properly split patchesAdrian Schmutzler2021-02-244-502/+501
| | | | | | | | | | This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* pcre: disable C++ bindingsRosen Penev2021-02-241-18/+3
| | | | | | Nothing uses them. Allows to simplify the Makefile. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: always build with GOST engine supportEneas U de Queiroz2021-02-233-18/+19
| | | | | | | | | | | | | | The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-02-235-92/+4
| | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libusb: Fix parsing of descriptors for multi-configuration devicesGeorgi Valkov2021-02-213-1/+91
| | | | | | | | | | | | | | | Prerequisite patch: Correct a typo in the Changelog and clean up a stray file Fix changes in libusb which introduced a regression: Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device initialization") introduced a regression for devices with multiple configurations. The logic that verifies the reported length of the configuration descriptors failed to count the length of the configuration descriptor itself and would truncate the actual length by 9 bytes, leading to a parsing error for subsequent descriptors. Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
* wolfssl: fix Ed25519 typo in config promptChristian Lamparter2021-02-201-1/+1
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* openssl: update package sourcesDavid Bauer2021-02-201-3/+5
| | | | | | | | | | | | OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by: David Bauer <mail@david-bauer.net>