aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* zlib: backport null dereference fixPetr Štetiar2022-08-091-0/+29
| | | | | | | | | | | | The curl developers found test case that crashed in their testing when using zlib patched against CVE-2022-37434, same patch we've backported in commit 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)"). So we need to backport following patch in order to fix issue introduced in that previous CVE-2022-37434 fix. References: https://github.com/curl/curl/issues/9271 Fixes: 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* jansson: revert ABI version bumpJo-Philipp Wich2022-08-091-3/+3
| | | | | | | | | | | The soversion of the shipped libjansson.so library didn't change, so the ABI version change is unwarranted and leads to opkg file clashes. Also stop shipping an unversioned library symlink while we're at it as it only needed at compile/link time and leading to file level clashes between packages on future ABI bumps. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libtracefs: add Linux kernel trace file system libraryNick Hainke2022-08-061-0/+49
| | | | | | Needed by trace-cmd. Signed-off-by: Nick Hainke <vincent@systemli.org>
* libtraceevent: add Linux kernel trace event libraryNick Hainke2022-08-061-0/+74
| | | | | | Needed by trace-cmd. Signed-off-by: Nick Hainke <vincent@systemli.org>
* elfutils: update to 0.187Nick Hainke2022-08-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | Changes: debuginfod: Support -C option for connection thread pooling. debuginfod-client: Negative cache file are now zero sized instead of no-permission files. addr2line: The -A, --absolute option, which shows file names including the full compilation directory is now the default. To get the old behavior use the new option --relative. readelf, elflint: Recognize FDO Packaging Metadata ELF notes libdw, debuginfo-client: Load libcurl lazily only when files need to be fetched remotely. libcurl is now never loaded when DEBUGINFOD_URLS is unset. And when DEBUGINFOD_URLS is set, libcurl is only loaded when the debuginfod_begin function is called. Signed-off-by: Nick Hainke <vincent@systemli.org>
* zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)Petr Štetiar2022-08-061-0/+32
| | | | | | | | | | | | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader. Fixes: CVE-2022-37434 References: https://github.com/ivd38/zlib_overflow Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libmnl: fix build when bash is not located at /bin/bashMark Mentovai2022-07-311-0/+11
| | | | | | | | | | | | This fixes the libmnl build on macOS, which ships with an outdated bash at /bin/bash. During the OpenWrt build, a modern host bash is built and made available at staging_dir/host/bin/bash, which is present before /bin/bash in the build's PATH. This is similar to 8f7ce3aa6dda, presently appearing at package/kernel/mac80211/patches/build/001-fix_build.patch. Signed-off-by: Mark Mentovai <mark@mentovai.com>
* ustream-ssl: prevent unused crypto lib dependencies from being compiledBoris Krasnovskiy2022-07-311-1/+1
| | | | | | Prevented unused crypto lib dependencies from being compiled Signed-off-by: Boris Krasnovskiy <borkra@gmail.com>
* wolfssl: fix math library buildJohn Audia2022-07-311-0/+23
| | | | | | | | | | | | | Apply upstream patch[1] to fix breakage around math libraries. This can likely be removed when 5.5.0-stable is tagged and released. Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B 1. https://github.com/wolfSSL/wolfssl/pull/5390 Signed-off-by: John Audia <therealgraysky@proton.me>
* libcap: update to 2.65Nick Hainke2022-07-301-2/+2
| | | | | | | | | | | | | Changes: a47d86d Up the release version to 2.65 fc99e56 Include more signatures in pgp.keys.asc. 52288cc Close out this comment in the go/Makefile eb0f1df Prevent 'capsh --user=xxx --' from generating a bash error. 9a95791 Improve documentation for cap_get_pid and cap_reset_ambient. 21d08b0 Fix syntax error in DEBUG protected setcap.c code. 9425048 More useful captree usage string and man page. Signed-off-by: Nick Hainke <vincent@systemli.org>
* libcap: update to 2.64Nick Hainke2022-07-301-2/+2
| | | | | | | | | | | | | Changes: 38cfa2e Up the release version to 2.64 7617af6 Avoid a deadlock in forked psx thread exit. fc029cb Include LIBCAP_{MAJOR,MINOR} #define's in sys/capability.h ceaa591 Clarify how the cap_get_pid() argument is interpreted. 15cacf2 Fix prctl return code/errno handling in libcap. aae9374 Be explicit about CGO_ENABLED=1 for compare-cap build. 66a8a14 psx: free allocated memory at exit. Signed-off-by: Nick Hainke <vincent@systemli.org>
* wolfssl: make shared againJo-Philipp Wich2022-07-302-2/+0
| | | | | | | | | | | | | | Disable the usage of target specific CPU crypto instructions by default to allow the package being shared again. Since WolfSSL does not offer a stable ABI or a long term support version suitable for OpenWrt release timeframes, we're forced to frequently update it which is greatly complicated by the package being nonshared. People who want or need CPU crypto instruction support can enable it in menuconfig while building custom images for the few platforms that support them. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wolfssl: Do not activate HW acceleration on armvirt by defaultHauke Mehrtens2022-07-201-1/+1
| | | | | | | | | | | | | The armvirt target is also used to run OpenWrt in lxc on other targets like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the wolfssl binray is only working when the CPU supports the hardware crypto extension. Some targets like the Raspberry Pi do not support the ARM CPU crypto extension, compile wolfssl without it by default. It is still possible to activate it in custom builds. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libiconv-full: add host buildRosen Penev2022-07-171-0/+7
| | | | | | | | | Now that libiconv-stub is gone, a replacement for its host build is needed. Fixes: c0ba4201f837 ("libiconv-stub: remove") Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mbedtls: build with PICRosen Penev2022-07-171-0/+1
| | | | | | Fixes compilation with GCC12 and dependent packages for some reason. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: bump to 5.4.0Eneas U de Queiroz2022-07-164-48/+4
| | | | | | | | | | This version fixes two vulnerabilities: -CVE-2022-34293[high]: Potential for DTLS DoS attack -[medium]: Ciphertext side channel attack on ECC and DH operations. The patch fixing x86 aesni build has been merged upstream. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libiconv-stub: removeRosen Penev2022-07-1531-1942/+0
| | | | | | No longer used. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libtool: update to 2.4.7Nick Hainke2022-07-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: 6d7ce133 version 2.4.7 b4a37606 NEWS: roll-back manually filled NEWS versioning 33615a45 NEWS: fill entries for past commits f5eb6f11 libltdl: bump libltdl.la version-info. 28fbcb6a libtool: correct linter syntax complaints in M4 7e69e441 gnulib: update submodule to new repository. 2dc7dad7 maint: update copyrights across project. b55b1cc8 libtool: Do not pass '-pthread' to Solaris linker. 960a33e4 docs: manually recording dependencies in Automake 78652682 tests: remove deprecated old-ltdl-iface.at test. f51eddf0 * libtool: Bump M4 serial versions and add missing AC_PROG_SED to ltdl.m4 ccc878dd libtool: replace raw invocations of sed with $SED 5df7dd49 libtool: add support for MidnightBSD 8f4bdbda libtool: powerpc 10.5 detection without a deployment target 9e8c8825 libtool: support macOS 11 0904164d libtool: correct m4 quoting in sed expression da2e3527 libtool: replace some references to /usr/bin/file and /bin/sh 1b74d784 libtool: Add -Wa,* link-mode flag for assembler pass-thru 86d71e86 libtool: Pass -Xassembler flag and arguments to compiler fc7779d7 maint: update Bootstrap git module 0c1bc69d maint: update copyrights across project. 28fb394f maint: update AUTHORS, copyright date. b9b44533 bootstrap: use $gnulib_clone_since 544fc0e2 maint: update bootstrap, gnulib, copyright dates b88cebd5 maint: update bootstrap, gnulib, copyright dates 99bd0948 libtool: add icl.exe support 6ca5e224 docs: typo in 'win32-dll' description 1bfb11a4 libtool: quote 'cd' command in shipped relink_command 722b6af0 doc: fix typos in --mode=install invocations 350082b6 libtool: exit verbosely for fatal configure problems 792b6807 maint: update copyright years f003a1f9 libltdl: handle ENOMEM in lt_dlloader_remove() 08c5524f bootstrap: use the upstream repo as git module a938703c libtool: set file_list_spec to '@' on OS/2 f10e22c2 tests: fix $objdir hardcoding check with CFLAGS=-g3 f9970d99 libtool: pass through -fuse-ld flags d7c8d3b4 m4/libtool.m4: FreeBSD elftoolchain strip support 807cbd63 libtoolize: exec automake and autoconf only with --help 40bc0628 edit-readme-alpha: generate the "stable" README properly b89a47ea maint: fix for 'make sc_immutable_NEWS' hints bb8e7b4a maint: update copyright years b5d44b84 libltdl: handle ENOMEM sooner 5944fdcc gl: minor typo fixes 49856679 gl-tests: dash && option-parser test fix a5c64665 libtool: fix GCC/clang linking with -fsanitize=* ae816ace gl-tests: make the failure more readable d15b3214 m4/libtool.m4: export AIX TLS symbols aabc46ac gl/tests: new tests for options-parser dc8bd92d gl/funclib.sh: func_quotefast_eval & tilde fix a3c6e99c syntax-check: fix sed syntax errors f323f10d gl/tests: new tests for func_quote* family ed4f739f check: enable gnulib's testsuite 9187e9a2 funclib: refactor quoting methods a bit 16dbc070 libtool: optimizing options-parser hooks 32f0df98 libtool: mitigate the $sed_quote_subst slowdown b7b6ec33 gnulib: sync with upstream 5859cc50 maint: relax 'sc_prohibit_test_dollar' check 418129bc ARFLAGS: use 'cr' instead of 'cru' by default 4335de1d libool.m4: add ARFLAGS variable 0f842177 maint: put newline after 'Subject' in ChangeLog 03ec5f49 gnulib: sync with upstream 351a88fe libtoolize: fix infinite recursion in m4 de7b2cb2 bootstrap: fix race in temporary Makefile 702a97fb libtool: fix GCC linking with -specs=* 4ff16210 maint: demote myself from maintainer to former maintainer. c12d38e4 maint: post-release administrivia Signed-off-by: Nick Hainke <vincent@systemli.org>
* libusb: update to 1.0.26Nick Hainke2022-07-101-3/+3
| | | | | | | | | | | | | | | | | | | | Add libatomic as dependency. Changelog: 2022-04-10: v1.0.26 * Fix regression with transfer free's after closing device * Fix regression with destroyed context if API is misused * Workaround for applications using missing default context * Fix hotplog enumeration regression * Fix Windows isochronous transfer regression since 1.0.24 * Fix macOS exit crash in some multi-context cases * Build fixes for various platforms and configurations * Fix Windows HID multi-interface product string retrieval * Update isochronous OUT packet actual lengths on Windows * Add interface bound checking for broken devices * Add umockdev tests on Linux Signed-off-by: Nick Hainke <vincent@systemli.org>
* libusb: update to 1.0.25Nick Hainke2022-07-103-92/+2
| | | | | | | | | | | | | | | | | | | | | | | Remove upstreamed patche: - 001-Correct-a-typo-in-the-Changelog-and-clean-up-a-stray.patch - 002-linux_usbfs-Fix-parsing-of-descriptors-for-multi-con.patch Changelog: 2022-01-31: v1.0.25 * Linux: Fix regression with some particular devices * Linux: Fix regression with libusb_handle_events_timeout_completed() * Linux: Fix regression with cpu usage in libusb_bulk_transfer * Darwin (macOS): Add support for detaching kernel drivers with authorization. * Darwin (macOS): Do not drop partial data on timeout. * Darwin (macOS): Silence pipe error in set_interface_alt_setting(). * Windows: Fix HID backend missing byte * Windows: Fix segfault with libusbk driver * Windows: Fix regression when using libusb0 driver * Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb * New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option * Various other bug fixes and improvements Signed-off-by: Nick Hainke <vincent@systemli.org>
* jansson: update to 2.14Nick Hainke2022-07-101-3/+3
| | | | | | | | | | | | | | | | | Changes (2021-09-09): * New Features: - Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. * Fixes: - Handle `sprintf` corner cases * Build: - Symbol versioning for all exported symbols - Fix compiler warnings * Documentation: - Small fixes - Sphinx 3 compatibility Signed-off-by: Nick Hainke <vincent@systemli.org>
* jansson: cleanup and switch to codeload.github.comNick Hainke2022-07-101-4/+5
| | | | | | | | - Rearrange Makefile. - Switch to codeload.github.com because it looks like new version are not longer deployed at www.digip.org Signed-off-by: Nick Hainke <vincent@systemli.org>
* libpcap: fix PKG_CONFIG_DEPENDS for rpcapdJianhui Zhao2022-07-101-0/+2
| | | | | | | This fix allows trigger a rerun of Build/Configure when rpcapd was selected. Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
* libnl: update to 3.7.0Nick Hainke2022-07-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: 1bb4162 libnl-3.7.0 release 897ec9c route: act: Allow full set of actions on gact,skbedit,mirred 00e46f1 Use print() function in both Python 2 and Python 3 083c1b6 sriov: fix setting ce_mask when parsing VF stat counter 2e9a4f7 Fix typos and errors cc87ad2 changelog: update URL to git history bde0b4c changelog: fix typos in ChangeLog 44988e6 route: format recently added code with clang-format df6e38b route/act: add NAT action 7304c42 route: format recently added code with clang-format f8eb218 cls: flower: extend flower API e5dc111 flower: use correct attribute when filling out flags df6058c tests: merge branch 'th/test-link' 9772c1d tests: add unit tests for creating links 4713b76 github: run unit tests several times and directly 8025547 github: export NLTST_SEED_RAND= to randomize unit tests 7efeca2 tests: add test utils f6f4d36 tests: reformat unit test files with clang-format 135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro 0ea11be utils: add _nl_thread_local macro 9b04936 route: fix crash caused by parse_multipath() by wrong free() 2effffe route/link: Set the cache ops when cloning a link 5ecd56c route/link: add lock around rtnl_link_af_ops_put() e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family() 3f4f1dd xfrm/sa: fix reference counters of sa selector addresses d3c783f all: merge branch 'th/coverity-fixes' 23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message() d52dbcb route: fix check for NULL in nh_encap_dump() 1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*() f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist() d4c7972 all: fix "-Wformat" warnings for nl_dump*() 6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b))) d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers a30b26d socket: workaround undefined behavior coverity warning in generate_local_port() 8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone() dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details() f50a802 route/u32: fix u32_dump_details() to print data fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT 31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details() 40683cc netlink/private: add internal helper utils 6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type() ff5ef61 all: avoid coverity warnings about assigning variable but not using it f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute 46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method 46e85d2 route/mdb: fix leak in mdb_msg_parser() b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro d544105 route/mdb: fix buffer overflow in mdb_msg_parser() 4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace ec712a4 tests: cleanup unshare_user() and use _nltst_fclose() 85e3c5d tests: add _assert_nltst_netns() helper 39e4d8d github: test out-of-tree build and "--disable-static" d63e473 github: build documentation in CI test fa7f97f build: avoid building check-direct with --disable-static 8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script e2aa409 doc: fix markup error in "doc/route.txt" 4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py" Signed-off-by: Nick Hainke <vincent@systemli.org>
* wolfssl: re-enable AES-NI by default for x86_64Eneas U de Queiroz2022-07-082-6/+45
| | | | | | | | | | Apply an upstream patch that removes unnecessary CFLAGs, avoiding generation of incompatible code. Commit 0bd536723303ccd178e289690d073740c928bb34 is reverted so the accelerated version builds by default on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: bump to 1.1.1qDustin Lundquist2022-07-071-2/+2
| | | | | | | | | | | | | | | | | Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño] Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
* wolfssl: WOLFSSL_HAS_WPAS requires WOLFSSL_HAS_DHPascal Ernster2022-07-061-0/+1
| | | | | | | | | Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is enabled, resulting in an "Anonymous suite requires DH" error when trying to compile wolfssl. Signed-off-by: Pascal Ernster <git@hardfalcon.net> Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: bump to 1.1.1pAndre Heider2022-07-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 1.1.1o and 1.1.1p [21 Jun 2022] *) In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. (CVE-2022-2068) [Daniel Fiala, Tomáš Mráz] *) When OpenSSL TLS client is connecting without any supported elliptic curves and TLS-1.3 protocol is disabled the connection will no longer fail if a ciphersuite that does not use a key exchange based on elliptic curves can be negotiated. [Tomáš Mráz] Signed-off-by: Andre Heider <a.heider@gmail.com>
* libjson-c: disable libbsdRosen Penev2022-07-041-1/+5
| | | | | | | | | | | | | | | libjson-c is happy to pick up libbsd both on the host and target. Reproducible with make package/libbsd/compile;make package/libjson-c/compile Also fixes host compilation on Arch Linux for a similar reason. Undefined reference to arc4random. Fixes: f3a198697f60 ("libjson-c: update to 0.16") Acked-by: Thomas Huehn thomas.huehn@hs-nordhausen.de Acked-by: Nick Hainke vincent@systemli.org Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libjson-c: update to 0.16Nick Hainke2022-07-033-18/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix: - 001-dont-build-docs.patch Remove upstreamed patch: - 010-clang.patch Changelog: Deprecated and removed features: -------------------------------- * JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of JSON_C_OBJECT_ADD_CONSTANT_KEY * Direct access to lh_table and lh_entry structure members is deprecated. Use access functions instead, lh_table_head(), lh_entry_next(), etc... * Drop REFCOUNT_DEBUG code. New features ------------ * The 0.16 release introduces no new features Build changes ------------- * Add a DISABLE_EXTRA_LIBS option to skip using libbsd * Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support. Significant changes and bug fixes --------------------------------- * Cap string length at INT_MAX to avoid various issues with very long strings. * json_object_deep_copy: fix deep copy of strings containing '\0' * Fix read past end of buffer in the "json_parse" command * Avoid out of memory accesses in the locally provided vasprintf() function (for those platforms that use it) * Handle allocation failure in json_tokener_new_ex * Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL * printbuf_memset(): set gaps to zero - areas within the print buffer which have not been initialized by using printbuf_memset * printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX) * sprintbuf(): propagate printbuf_memappend errors back to the caller Optimizations -------------- * Speed up parsing by replacing ctype functions with simplified, faster non-locale-sensitive ones in json_tokener and json_object_to_json_string. * Neither vertical tab nor formfeed are considered whitespace per the JSON spec * json_object: speed up creation of objects, calloc() -> malloc() + set fields * Avoid needless extra strlen() call in json_c_shallow_copy_default() and json_object_equal() when the object is known to be a json_type_string. Other changes ------------- * Validate size arguments in arraylist functions. * Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c very early during boot, such as part of cryptsetup. * Use arc4random() if it's available. * random_seed: on error, continue to next method instead of exiting the process * Close file when unable to read from /dev/urandom in get_dev_random_seed() Signed-off-by: Nick Hainke <vincent@systemli.org>
* nettle: update to 3.8Nick Hainke2022-07-032-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refresh: - 100-portability.patch Changelog: ea4ea5e6 Document MacOS test workaround. b14fc902 Add missing file fat-arm64.c to tar file. 6720f433 Update config.guess and config.sub to latest versions. a2be57f0 NEWS entries for Nettle-3.8. bff9a605 Update version numbers, for nettle-3.8. 36386678 Fix comment typo e05fd5a9 Add ChangeLog entry for SM3 contribution. 8739faa8 Document cbc_aes128_encrypt, cbc_aes192_encrypt and cbc_aes256_encrypt. efb2ec7f Deleted the manual's incomplete and out of date list of authors. af38c91f New more accurate AUTHORS file. ba084efa Fix ChangeLog typo. 0fff3097 ChangeLog entries for s390x ghash update. 75b687a8 Fix comment typo. 5d0089ed Refactor s390x-specific code for new ghash organization 2aabd5e2 ppc: Update fat setup for new ghash organization. 8f5fddfb ppc: Update vpmsumd ghash to new organization. 1227381e Comment fix. 9939f866 arm64: Update fat setup for new ghash organization. ab62f731 Fix comment error b1645555 arm64: Update pclmul ghash to new organization. 6b80b889 Update fat setup for new ghash organization. d382fcc0 Delete _ghash_digest. d11c4cd9 x86_64: Update pclmul ghash to new organization. f79cc0c1 x86_64: Update table-based ghash to new organization. bdc2fc31 Move _ghash_digest. 1d438ad4 Refactor GCM C implementation. bdf820df New function block16_zero. d966ea0d Delete code for GCM_TABLE_BITS != 8. 60edc290 x86_64: Fat setup for GCM. be245313 Fix comment typo. f8fa4f1f x86_64: Initial implementation of gcm using the pclmulqdq instructions. 23f75f58 Rearrange gcm configuration defines, and add tests for internal functions. 483ccbc9 Add tests for edge cases in poly1305 digest folding. f3656a44 x86_64: Rewrite of poly1305 assembly. b7268727 ChangeLog entry for arm64 implementation of chacha. 1d4a985c ChangeLog entries for new ppc64 ecc files. 99be366f ecc: Add powerpc64 assembly for ecc_448_modp 53f7ae66 Move a comment. e643dcf1 ecc: Add powerpc64 assembly for ecc_25519_modp 741191d1 ecc: Add powerpc64 assembly for ecc_224_modp 4adcb4af Simplify poly1305-test, more use of tstring length. b48217c8 Add randomized tests of poly1305. dbf178c0 Arrange so that GMP or mini-gmp is always available for tests. 7d83510e ChangeLog entries for new ppc64 ecc files. 02bbf7d1 ecc: Add powerpc64 assembly for ecc_521_modp 2bc7dfad ecc: Add powerpc64 assembly for ecc_384_modp 9b6c0639 ecc: Add powerpc64 assembly for ecc_192_modp 39af7b2e [Arm64] Optimize Chacha20 c82876a5 [S390x] Alerting assembler of machine type 044d24b0 [S390x] Optimize Chacha20 94228f87 tests: Use inline function for dummy definition of test_randomize. 7926debe Share ecc point validation function in testutils.c. 25f73004 Whitespace cleanup 0ec184d8 ppc: Reduce number of registers used for ecc_secp256r1_redc. c7cf1939 ppc: New configure test for ELFV2_ABI f57640ea x86_64: Improved ecc_secp256r1_redc dd65a63e ChangeLog for previous change. ecd4eacf ppc: Add powerpc64 assembly for ecc_256_redc b2758f7c doc: documentation for SM3 hash 0ea74c02 Comment improvements for x86_64 ecc_secp256r1_redc 78aabc69 nettle-benchmark: bench SM3 hashes 7f77ccb4 hmac: add support for SM3 hash function e2edd9be testsuite: add test for SM3 hash function b72886e5 Add OSCCA SM3 hash algorithm d2e4e531 Delete function mpz_limbs_read_n. dd566239 Delete function mpz_limbs_cmp. 07d5e755 gitlab-ci: Enable randomized tests 64ce8c77 Randomize more tests a6f9bdeb Reduce allocation in modinv test 957482d9 Fix sqrt_ratio test for v = 0 case. 7f730943 Reduce allocation in sqrt tests 2c9a600d Move NETTLE_TEST_SEED logic to testutils.c. 48d61c28 Delete obsolete comment. ac95be13 Fix and test for sqrt(0) special case. ffe0f587 eccdata: Output ecc_sqrt_z and ECC_SQRT_E only when computed. 65c95c79 Fix comment typo. 8db66280 Let secp384r1 inverse and sqrt share most of the powering. 5b2758a3 eccdata: Delete generation of unused values ecc_sqrt_t and ECC_SQRT_T_BITS. b3abfac5 eccdata: Generate both redc and non-redc versions of ecc_sqrt_z. 2dbe065d Implement secp224r1 square root, based on patch by Wim Lewis. c8daa71c New function ecc_mod_equal_p, based on patch by Wim Lewis. 4be1725f New function ecc_mod_pow_127m1, used for ecc_secp224r1_inv. 4e987de3 Implement secp521r1 square root, based on patch by Wim Lewis. 2adc4268 Implement secp384r1 square root, based on patch by Wim Lewis. bc07754f Implement secp256r1 square root, based on patch by Wim Lewis. 35f12552 Implement secp192r1 square root, based on patch by Wim Lewis. c2726388 Renamed sqrt_itch --> sqrt_ratio_itch, and curve25519 and curve448 sqrt functions. 03421be1 Rename ecc sqrt --> sqrt_ratio. 652bdc79 New function ecc_mod_zero_p. 571d2cc2 [S390x] Improvements on documentation and instruction set usage for SHA3 permute 26b0f47b New function sec_zero_p. 259ec19a [S390x] Remove lgr instructions by using xgrk instead of xgr instruction 73722fb0 Rewrite of secp256r1 mod functions. 45028ff2 Extend ecc-mod-test, with improved coverage of corner cases. 806d6f6a [S390x] Optimize SHA3 permute using vector facility 78f44318 Change "signature on digest" --> "of digest". 0f90c076 Doc fixes. 52c86f94 Delete a few old FIXME comments 2b68ee47 Use @url and https consistently for references. Fix overlong lines. ea4b2e86 Use texi2pdf to generate the pdf manual 54bbc09b ChangeLog entries for doc structure improvements. cc92638c Divide Cipher section into menu and nodes, and some other minor fixes. 5e6af10b Delete explicit node pointers in nettle.texinfo 55584f4e Change CBC-AES interface 7a966ac3 Test AEAD encrypt/decrypt with message split into pieces. 686fd559 More checks for null pointers in test_aead, to silent static analyzer. 41a72c24 Fix checks of HAVE_NATIVE_cbc_aes*_encrypt d5b0b9cb Fix fat builds for x86_64 windows 419d7af5 x86_64: Fat setup for assembly CBC AES. 121290e0 x86_64: Assembly CBC AES aesni functions. 1f58b09c Add specialized functions for cbc-aes. 99dffa9c ChangeLog entries for recent contributions. 38092fde gitlab-ci: Use mini-gmp for big-endian powerpc64 cross build 4147279b gitlab-ci: Explicitly install cross libgmp-dev packages 8c2321d2 gitlab-ci: No-assembly cross-build for s390x, to test big-endian d4cd2965 gitlab-ci: Delete mips build 9765f8b9 [S390x] Optimize SHA256 and SHA512 compress functions 463553ae x86_64: New 2-way aesni loop also for aes256 c7391e5c x86_64: Refactor aesni assembly, with specific functions for each key size. 4ea2a1f8 [S390x] Optimize SHA1 compress a47813c2 [AArch64] Utilize AES 1-block macros in 4-block macros 5f7740a3 [AArch64] Load AES keys at function prologue 76c7418c ChangeLog entries for previous change. f7bc3e1b [AArch64] Move AES round macros to machine.m4 39d1e2a3 [AArch64] Optimize AES with fat build support b8054a1d [S390x] Optimize memxor3 using vector facility with fat support 422219fe [S390x] Optimize memxor 3900fe65 Add fat-s390x.c to OPT_SOURCES. c2f16582 Fix name of s390x/fat directory in make dist target. 4fc00c4d [S390x] add FAT_TEST_LIST variable to enable fat build testing 856c62ef [S390x] Replace inline assembly and fix fat filenames 3be3ff3e [S390x] Fat build support for AES and GHASH 9f9d4c4b arm64: Add sha2 to aarch64 fat tests. 774917ec ChangeLog entry for arm64 sha256.. 7b446327 [AArch64] Fat build support for SHA-256 compress 6c84092d [S390x] wipe parameter block content and leftover bytes of data from stack 7d301d93 [S390x] wipe hash subkey from stack once GHASH operation completed d1c8417f [AArch64] Optimize SHA-256 compress 33bfc509 [S390x] Use uppercase for macro names in machine.m4 and enhance the documentation for GHASH implementation 94be863c Add sha1 to aarch64 fat tests. 6c89ed3c ChangeLog entry for previous change. e5a9dbf4 arm64: Fat build support for SHA1 compress 530e4c8d [S390x] Update configure.ac and Makefile.in b0525367 [S390x] Implement alloc_stack and free_stack macros in machine.m4 72448928 [S390x] Optimize GHASH 20fedc01 Update Nettle-3.7.3 NEWS. c80961c6 Add input check to rsa_decrypt family of functions. cd6059ae Change _rsa_sec_compute_root_tr to take a fix input size. 401e0bdd Fix comment typos. fd6d9ba7 Add check that message length to _pkcs1_sec_decrypt is valid. e60d8367 ChangeLog entry for arm64 sha1. 47cafcf2 aarch64: Optimize SHA1 Compress a46a17e9 Fix C++-style comments 022e51a2 ChangeLog entries for aes keywrap. 0145efbc Implement aes key wrap and key unwrap (RFC 3394) 61bcbbf8 gitlab-ci: Explicitly pass --enable-s390x-msa to s390x build. 3b1bb7cb Fix comment typo. c23701f3 Reorder and indent asm_replace_list. c2a14fa3 ChangeLog entry for new s390x AES implementation. 1f38723e Append s390x-specific asm file names to asm_replace_list in configure.ac 71dafe91 [S390x] Basic AES-192 and AES-256 optimizations 8247fa21 ppc: Fix macro name SWAP_MASK to use all uppercase. b9f0ede2 Update config.guess and config.sub. 46515038 [S390x] Basic AES-128 optimization f4dc5f20 Split aes-encrypt.c and aes-decrypt.c into one file per key size. 0bff7a2b Initial config for s390x, contributed by Mamone Tarsha. 06d6ef33 nettle-benchmark: avoid -Wmaybe-uninitialized warnings dda3f4fd gitlab-ci: Fix only: variables: check, and quote variables. c2b56cd7 gitlab-ci: Use pipeline variable S390X_ACCOUNT c25774e2 gitlab-ci: Add remote tests for s390x. d5972ced Add forward declaration of struct aes_table. 085317d6 ChangeLog entries for arm64 fat build. 944881d7 ChangeLog entry for nettle-3.7.2 release f9e0e1f4 NEWS entries for 3.7.2. 1585f6ac [AArch64] Support fat build for GCM optimization 03b8ba39 [AArch64] Use m4 macros in gcm-hash.asm and add documentation comments 3f43c143 [AArch64] Update README to be on par with other architectures b30e0ca6 Fix canonical reduction in gostdsa_vko. d9b564e4 Similar fix for eddsa. fbaefb64 Analogous fix to ecc_gostdsa_verify. c24b3616 Ensure ecdsa_sign output is canonically reduced. 2397757b Fix bug in ecc_ecdsa_verify. 5b7608fd Use ecc_mod_mul_canonical for point comparison. 2bf497ba New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical. a471ae85 aarch64: Rename arm64/v8/ --> arm64/crypto/ 0489825e aarch64: Use .arch armv8-a+crypto directive. d32152f4 aarch64: Move m4 definitions after .file directive f3dda9f4 ChangeLog entries for arm64 gcm_hash. b098f19b arch64: Fix clang build fd9dd9d7 arch64: Fix copyright line and typos a3f91c0e aarch64: Adjust gcm-hash assembly for big-endian systems 09d77a10 aarch64: Implement GHASH using the crypto extension pmul instructions. 0c5429d3 aarch64: Add README dbd16501 Add an empty machine.m64 to make configure happy ebf9ae83 Recognize arm64 in configure Signed-off-by: Nick Hainke <vincent@systemli.org>
* libiconv-full: update to 1.17Nick Hainke2022-07-031-2/+2
| | | | | | | | | | | | | | | | Release Notes: - The libiconv library is now licensed under the LGPL version 2.1, instead of the LGPL version 2.0. The iconv program continues to be licensed under GPL version 3. - Added converters for many single-byte EBCDIC encodings: IBM-{037, 273,277,278,280,282,284,285,297,423,424,425,500,838,870,871,875}, IBM-{880,905,924,1025,1026,1047,1097,1112,1122,1123,1130,1132,1137, 1140}, IBM-{1141,1142,1143,1144,1145,1146,1147,1148,1149,1153,1154, 1155,1156,1157}, IBM-{1158,1160,1164,1165,1166,4971,12712,16804}. They are available through the configure option '--enable-extra-encodings'. Signed-off-by: Nick Hainke <vincent@systemli.org>
* wolfssl: add config flag for Curve448Joel Low2022-07-032-0/+5
| | | | | | | | | | | | | This enables building WolfSSL with Curve448, which can be used by Strongswan. This has been tested on a Linksys E8450, running OpenWrt 22.03-rc4. This allows parity with OpenSSL, which already supports Curve448 in OpenWrt 21.02. Fixes openwrt/packages#18812. Signed-off-by: Joel Low <joel@joelsplace.sg>
* libnl: update to 3.6.0Nick Hainke2022-07-032-28/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove upstreamed patch: - 100-build-add-Libs.private-field-in-libnl-pkg-config-file.patch cacaa5f libnl-3.6.0 release 855c02f route/mdb: merge branch 'troglobit:mdb-dump-fixes' 930fc11 route/mdb: add support for MAC multicast entries 2d68caf route/mdb: add missing detils and stats dump callbacks d9ed99b nl-monitor: support for setting libnl debug level 4c41e0d nl-monitor: add missing --help to long_opts[] 7e96356 Check validation type against end of enum 4e153bc route/link: add VLAN bridge binding flag b7256d3 github: build unit tests also with "clang" 8111933 route: assert that "rtnl_link_info_ops" refcount does not drop below zero 4f5c846 lib: merge branch 'th/object-clone-fixes' d23fb81 lib: make nl_object_clone() out-of-memory safe 7f7452c route: fix ref counting for l_info_ops and io_clone() 620d024 route: drop unnecessary oo_clone() implementation from netconf 93a02eb netfilter: make log-msg,queue-msg setters robust against ENOMEM 23902d0 xfrm/sa: clone user_offload in xfrm_sa_clone() 29e5092 xfrm/sa: style cleanup xfrm_sa_clone() 14a9ebc utils: add internal _nl_memdup() helper 2e0d7f8 lib: add rtnl_link_info_ops_get() and take lock for rtnl_link_info_ops's io_refcnt e884286 lib: include <netlink-private/utils.h> in <netlink-private/netlink.h> 7d43191 tests: merge branch 'th/tests-netns' a7bbdab tests: add unit test for nl_object_clone() and nl_object_diff() fdb0121 tests: add new "netns" test suite 9102872 tests: add fixture/teardown for tests to run in separate netns 9a42798 tests: cleanup creating test suites 1fc3e07 tests: refactor tests and add n-test-util helper library 7a3d6e2 netlink: add _NL_N_ELEMENTS() macro 3da4f7d netlink: add _nl_streq()/_nl_streq0() helper 1ad8555 netlink: add _nl_auto_nl_socket cleanup macro c8a5729 lib: add _nl_close() helper 80868e6 clang-format: add ".clang-format" from linux kernel 2782ed3 github: build tests with "-std=gnu11" af59b9a github: split tests in separate steps c8f7902 build: add "check-progs" make target to build unit tests 23b4d33 route/cls: add TCA_FLOWER_KEY_VLAN_ETH_TYPE to "flower_policy" policy 1f8dc89 route/cls: return -NLE_INVAL in case rtnl_tc_data_peek() fails ef5f3eb route/cls: merge branch 'westermo:cls-flower' c385c84 route/cls: no need to copy simple fields in flower_clone() 79217d8 route/cls: make output pointers in rtnl_flower_get_{src,dst}_mac() optional 64e0836 route/cls: adjust whitspace/indentation 5ac9ce3 route/cls: use SPDX-License-Identifier 1a1c4e5 route/cls: reorder fields in "struct rtnl_flower" and adjust indentation ef46de1 route/cls: add flower classifier f0aad20 route: merge branch 'pugo:master' d0cfecc route: make argument of rtnl_link_can_set_{bittiming,data_bittiming}() const 6a92268 route: add rtnl_link_can_set_data_bittiming_const() 841553b route: drop bitrate,sample-point getters/setters from can link 37998f7 route: rename rtnl_link_can_get_data_bt_const() to rtnl_link_can_get_data_bittiming_const() 96d3a6b route: fix adding rtnl_link_can_* symbols to symbol file 881e329 route: fix indentation 37c10ef route/link: add CAN FD support d56bf73 route/mdb: merge branch 'rubensfig:mdb' e0b2406 route/mdb: drop setting ifindex in mdb_clone() d78a6eb route/mdb: minor cleanup in "mdb.c" 57a6d51 route/mdb: drop extra MDB attributes and rework mdb_compare() 0b44562 route/mdb: hide rtnl_mdb_entry_alloc() from public API 1c65ff7 route/mdb: reorder fields in "rtnl_mdb_entry" for tighther packing 1ac5403 route/mdb: use nl_list_for_each_entry_safe() for destroying list in mdb_free_data() 92035e2 route/mdb: cleanup mdb.h header 6237621 build: sort file names in Makefile.am 0ec6c6c mdb: support bridge multicast database notification c980034 route/cls: merge branch 'westermo:classifier-api-extension' a694c33 route/cls: rename rtnl_cls_get{,_by_prio}() API to rtnl_cls_find_by{handle,prio}() 88a5138 route/cls: allow fetching of classifiers from cache 90577b5 route: merge branch 'TummyFish:master' 299f61a license: use SPDX license identifiers and drop license comments 05a540d ip6vti: Add fwmark API 41e4365 ip6gre: Add fwmark API ebc7df3 sit: Add fwmark API 8e1da8e ipip: Add fwmark API bda19be ip6_tnl: Add fwmark API cdc6c0f ipvti: Add fwmark API 2995710 ipgre: Add fwmark API d9dc6c2 ip6vti: Add IPv6 VTI support be86170 license: use SPDX license identifiers and drop license comments 919d9c6 route: merge branch 'westermo:fib-lookup' 1ff9b38 route/route: don't report failure when we receive a route in rtnl_route_lookup() 53bc27e route/route: support FIB lookups using rtnl ed76b9a build: sort files in Makefile.am 46b22c1 route/link: merge branch 'westermo:team-support' 586a6b6 build: fix new symbols in "libnl-route-3.sym" 831f125 route/link: add support for team device 6c59580 route/link: Move LINK_ATTR_IFNAME to a proper location f77cd25 route/netconf: full API export f59f443 build: add Libs.private field in libnl pkg-config file b3333e0 route/qdisc: allow fetching qdiscs by their kind 9a39188 netlink: merge branch 'michael-dev:feature/nflog-vlan-v3' a93fc5f nflog: add recent missing symbols to "libnl-nf-3.sym" 7b4df53 nflog: add missing symbols to "libnl-nf-3.sym" 8266436 nflog:add conntrack flag and enable flags for nflog 246904d nflog: add CT support 59fc1d7 nflog: add mac_header support c268c48 nflog: add vlan attribute 2548468 refresh linux/netfilter/nfnetlink_log.h with linux 5.4 4edffbd route/link: Add IPv6 GRE support 5d69587 route: add global sectin in "libnl-route-3.sym" d0cf3a9 neigh: support to add fdb entry 3bf0a9c cls:u32: fix u32_clone() function 3147d86 route:tc: fix rtnl_tc_clone() calling to_clone() and add comment c027e54 route:cls: fix dangling pointers in to_clone() implementations 47c04fb route:act: drop unnecessary implementations for to_clone() 79f7c9d tests: add test for cloning cls:u32 object b1caff8 github: run unit tests under valgrind 38b3be3 tests: cleanup tests and avoid leaks c2b94b9 lib: add more _nl_auto* cleanup macros 1f05e5a tests: replace libcheck's fail_if() macro by ck_assert*() 6341d89 log: fix typo in dumping msg bfee88b route: fix memory leak of l_info_ops in link_msg_parser() 431ba83 route: merge branch 'qbdwlr:mplsPR' cc680d4 route: add accessors for setting/getting ENCAP_MPLS attributes efe8aad route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc. 0688bc6 netfilter/ct: fix use of reply/orig for conntrack requests 5d92516 route: don't use internal bit mask constants in NLA_PUT in can_put_attrs() 6fe9418 lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup() d0d91c7 route: merge branch 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route' 28a652b route: fix duplicate check for next hop for IPv6 multipath routes 03bfd2f route: check if nh exists while updating route 92c9237 ci: add github-actions 3d1fb00 tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg() d9cad53 xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime() c0e82db cli: Add C++ linkage support 000a3bd yyerror: update to POSIX standard f865a99 xfrm: merge branch 'spellingmistake:master' 0306ae2 xfrm: fix libnl-xfrm-3.sym linker versioning 8950194 xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEV c8f33a4 xfrm: Add support for xfrm user offloading b6cc13d Supporting Hardware offload capability for MACsec 39944c6 route/link: check calloc() return value 12cc0aa zero stack allocated memory in xfrmnl_build_sa_delete_request 5f39502 merge branch 'bengal/coverity' 26f342d route/qdisc: handle error of calloc() d1a151e route/qdisc: fix memory leak in netem.c aa092d1 route/link: fix copy-paste error in geneve.c 30552e8 route/cls: fix cgroup's clone() function 764c30a route: let route/link join RTNLGRP_IPV6_IFINFO mcast group b24e833 doc: update link to mscgen-filter 0b5d17d addr: merge branch 'lcrestez-dn:dadfailed' 30924e7 tests: Add test for rtnl_addr_flags2str 5c05c75 addr: Add address flag `dadfailed` 2abeec8 xfrm: remove superfluous xfrm_userpolicy_id from dump request 5611487 lib/trivial: whitespace ab015e1 lib: merge branch 'th/object-identical-fix' 36b0894 lib: allow to compare incomplete objects in nl_object_identical() 5020077 lib: let nl_object_identical() declare the same object as identical 406ebc8 lib: fix using right compare mask in nl_object_diff64() 8637c70 lib/trivial fix indentation 4be6062 route/link: avoid cloning link policy in link_msg_parser() ba3c51c route/link: fix link_msg_parser() for using the af_ops of the link family f9d0181 lib: use proper int type for id attributes in nl_object_identical() 68b3431 lib: fix documentation of nl_cache_dump_filter to have @params optional 2375cde lib: fix spelling errors in "netlink/handlers.h" 3faf26c gitignore: fix ignoring check-direct build artifacts 47fb1c0 xfrm: remove superfluous xfrm_usersa_id from dump request 846d288 travis: install "check" in travis d64a0ec route: convert non-leading tabs to spaces in "include/netlink/route/link.h" aaefd92 route: add test for valid content of map_stat_id_from_IPSTATS_MIB_v2 array bab9e77 route/link: add RTNL_LINK_REASM_OVERLAPS stat bae11ec tests: add "check-direct" test 2d50b04 route: add "netlink-private/route/utils.h" header 9a52b3d gitignore: merge all gitignore files in top level directory 4c5f2d6 merge branch 'th/license-comment-cleanup' 2d3e690 license: update "doc/COPYING" license text 1389188 license: add SPDX license identifer to "configure.ac" files 503aa5e license: fix and add SPDX license identifiers and drop license comments 4333aef license: cleanup copyright comments 956635b license: fix SPDX license identifier for nl-auto.h 5614b4c lib: merge branch 'th/cleanup-errout' 17e09aa rtnl/route: use cleanup attribute in "lib/route/link.c" b50be8f rtnl/route: use cleanup attribute in "lib/route/route_obj.c" fca338b rtnl/route: fix NLE_NOMEM handling in parse_multipath() 2957d8f rtnl/link: fix leaking rtnl_link_af_ops in link_msg_parser() 77b4f68 rtnl/route: only consider negative error codes as error 6870ece lib: cleanup nla_parse() to return early on error a858a0b lib: use _nl_strncpy*() instead of plain strncpy() 018c694 lib: cleanup _nl_strncpy_assert() e97b990 lib: rename _nl_strncpy() to _nl_strncpy_assert() 5ffbc6f lib: add _NL_RETURN_*() helper macros abb7391 lib: add "include/netlink-private/nl-auto.h" header ecd15bc lib: add _nl_assert_not_reached() 9cc38dc lib/route: adjust coding style 01ea9a6 route/link: Check for null pointer in macvlan Signed-off-by: Nick Hainke <vincent@systemli.org>
* libnl: cleanup makefileNick Hainke2022-07-031-4/+4
| | | | | | | - Add PKG_LICENSE_FILES. - Use SPDX. Signed-off-by: Nick Hainke <vincent@systemli.org>
* wolfssl: disable AES-NI by default for x86_64Eneas U de Queiroz2022-06-271-1/+6
| | | | | | | | | | | | WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have AES instructions but lack other extensions that are used by WolfSSL when AES-NI is enabled. Disable the option by default for now until the issue is properly fixed. People can enable them in a custom build if they are sure it will work for them. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnftnl: update to 1.2.2Nick Hainke2022-06-241-2/+2
| | | | | | | | build: libnftnl 1.2.2 release accee9a set_elem: missing export symbol e2514c0 exthdr: tcp option reset support Signed-off-by: Nick Hainke <vincent@systemli.org>
* libusb: fix missing linkLeo Soares2022-06-191-1/+1
| | | | | | | | | adds `libusb-1.0.so` link on the target root again. Fixes: 43539a6aabbe ("libusb: make InstallDev explicit") Signed-off-by: Leo Soares <leo@hyper.ag> (added fixed tag, reworded commit) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to yEneas U de Queiroz2022-06-091-1/+1
| | | | | | | | | | | | | Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build the now non-shared package, openvpn will not be selected, and WolfSSL will be built without it. Then phase2 bots have CONFIG_ALL=y, which will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This changes the version hash, causing dependency failures, as shared packages expect the phase2 hash. Fixes: #9738 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "wolfssl: set nonshared flag global"Christian 'Ansuel' Marangi2022-06-091-9/+1
| | | | | | | This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503. A better and correct solution was found. Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: set nonshared flag globalChristian 'Ansuel' Marangi2022-06-091-1/+9
| | | | | | | | | | | | | | | | libwolfssl-benchmark should NOT be compiled as nonshared but currently there is a bug where, on buildbot stage2, the package is recompiled to build libwolfssl-benchmark and the dependency change to the new libwolfssl version. Each dependant package will now depend on the new wolfssl package instead of the one previously on stage1 that has a different package HASH. Set the nonshared PKGFLAGS global while this gets investigated and eventually fixed. Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions") Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: enable CPU crypto instructionsEneas U de Queiroz2022-06-072-0/+23
| | | | | | | | | | | | | | | | | | This enables AES & SHA CPU instructions for compatible armv8, and x86_64 architectures. Add this to the hardware acceleration choice, since they can't be enabled at the same time. The package was marked non-shared, since the arm CPUs may or may not have crypto extensions enabled based on licensing; bcm27xx does not enable them. There is no run-time detection of this for arm. NOTE: Should this be backported to a release branch, it must be done shortly before a new minor release, because the change to nonshared will remove libwolfssl from the shared packages, but the nonshared are only built in a subsequent release! Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utilityEneas U de Queiroz2022-06-071-3/+23
| | | | | | This packages the wolfssl benchmark utility. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: don't change ABI because of hw cryptoEneas U de Queiroz2022-06-071-10/+21
| | | | | | | | Enabling different hardware crypto acceleration should not change the library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash has been computed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnl-tiny: update to the latest versionFelix Fietkau2022-05-231-4/+4
| | | | | | b5b2ba09c4f1 netlink: add NLA_F_NESTED to all nested attributes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* elfutils: move host build to toolsStijn Tintel2022-05-181-4/+0
| | | | | | | | | | | The upcoming dwarves host package requires elfutils. As dependencies for tools must exist in tools, we need to move elfutils host build there. As there is at least one package that depends on this, and there is no proper way to create such dependency in the build system, build it unconditionally when not building on macOS. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wolfssl: bump to v5.3.0-stableEneas U de Queiroz2022-05-153-45/+2
| | | | | | | | | This is mostly a bug fix release, including two that were already patched here: - 300-fix-SSL_get_verify_result-regression.patch - 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: bump to 1.1.1oEneas U de Queiroz2022-05-152-6/+6
| | | | | | | | | | This release comes with a security fix related to c_rehash. OpenWrt does not ship or use it, so it was not affected by the bug. There is a fix for a possible crash in ERR_load_strings() when configured with no-err, which OpenWrt does by default. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libubox: update to the latest versionFelix Fietkau2022-05-151-3/+3
| | | | | | | | | f2d6752901f2 blob: clear buf->head when freeing a buffer 45210ce14136 list.h: add container_of_safe macro cfa372ff8aed blobmsg: implicitly reserve space for 0-terminator in string buf alloc d2223ef9da71 blobmsg: work around false positive gcc -Warray-bounds warnings Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: fix compilation with /dev/cryptoEneas U de Queiroz2022-04-201-0/+19
| | | | | | This is trivial fix of a duplicate definition of 'int ret'. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>