aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* libcxx: fix build for x86/64Stijn Tintel2020-01-171-0/+1
| | | | | | | | | | When building libcxx for x86/64, the library is installed in /usr/lib64. As the install section tries to copy the library from /usr/lib, this breaks build on x86/64. Override the lib dir suffix to fix this. Fixes: 856ea2bad3b3 ("libcxx: Add package") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Rosen Penev <rosenp@gmail.com>
* uclient: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | fef6d3d uclient: Add string error function Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | | 30cebb4 ustream-ssl: mbedtls: fix ssl client verification 77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nettle: Disable ARMEB assemblyRosen Penev2020-01-051-1/+6
| | | | | | It's broken for ARMv5, which is the only armeb target in OpenWrt. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: Remove -flto from LDFLAGSRosen Penev2020-01-053-4/+17
| | | | | | | | | | | | | | | It seems the buildbots can't handle it. Added a cmake option to find the cxxabi files as they are part of the toolchain and not in the normal path. It doesn't seem to make a difference, just gets rid of cmake warnings. Added another small GCC warning fix. It's fairly minor. This has no change in compiled size, and most likely no change in behavior. Bumped the PKG_RELEASE anyway. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: Add size optimizationsRosen Penev2020-01-013-1/+39
| | | | | | | | | | | | | | Changed standard to 2a. 2a (as well as 17) contain more constexpr functions, which are evaluated at compile time. This saves space. Added --gc-sections. With the CXXABI change, this now makes the package smaller. With these, size went down to 210845 on mipsel_24kc. Also fixed two small compiler warnings. No real change in behavior. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: Build with the libsupc++ ABIRosen Penev2020-01-011-1/+2
| | | | | | | | | | | | | | | | | | | | | Allows proper exception handling. This includes removing unimplemented warnings. File size increased as a result: Before: 182874 After: 211006 On mipsel_24kc. Note that this requires libsupc++ anyway. It's specified in g++-libcxx. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to version 2019-12-28Petr Štetiar2019-12-281-4/+4
| | | | | | | Fixes startup issues of some services in procd and bumps ABI_VERSION to 20191228. Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: bump to 4.3.0-stableEneas U de Queiroz2019-12-261-3/+3
| | | | | | | This update fixes many bugs, and six security vulnerabilities, including CVE-2019-18840. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libubox: update to version 2019-12-26Petr Štetiar2019-12-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains following changes: eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods b0e21553ae8c blobmsg: add _len variants for all attribute checking methods cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len 143303149c8b Ensure blob_attr length check does not perform out of bounds reads f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value 2df6d35e3299 tests: add test cases for blobmsg parsing 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes 478597b9f9ae blob: fix OOB access in blob_check_type 325418a7a3c0 tests: use blob_parse_untrusted variant 0b24e24b93e1 blob: introduce blob_parse_untrusted 6d27336e4a8b blob: refactor attr parsing into separate function 833d25797b16 test: fuzz: add blob_parse crashes 09ee90f8d6ed tests: add test cases for blob parsing 436d6363a10b tests: add libFuzzer based tests bf680707acfd tests: add unit tests covered with Clang sanitizers f804578847de cmake: add more hardening compiler flags 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings eb216a952407 cmake: use extra compiler warnings only on gcc6+ and bumps ABI_VERSION to 20191226. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libcxx: Depenency fixesRosen Penev2019-12-231-4/+4
| | | | | | | | | | | | | Don't build with uClibc-ng. It's totally unsupported as several functions are missing. Make the musl libc support conditional. Fix hash with make check FIXUP=1. Apparently I based the Makefile off of libedit and forgot to fix the hash. Signed-off-by: Rosen Penev <rosenp@gmail.com> Fixes: 856ea2bad3b3 ("libcxx: Add package")
* libcxx: Add packageRosen Penev2019-12-232-0/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The former is huge and the latter supports only C++98 with some basic support for C++11. Those C++ versions seem to be specific to the compiler version libcxx supports C++11 and above while being much smaller than libstdcpp. On mt7621, these are the sizes of the ipks that I get: libstdcpp: 460786 libcxx: 182881 uClibc++:67720 libcxx is faster than uClibc++ and is under active development as part of the LLVM project while uClibc++ is effectively dead. This PR modifies uclibc++.mk to expose the make menuconfig option. Further cleanup is beyond the scope of this PR. What that means is, this is not used by default. A g++-libcxx wrapper based on the uClibc++ one was added. Works the same way. Compile tested with all packages that use uclibc++.mk in their Makefiles under mipsel_24kc. kismet fails compilation but that package needs to be cleaned up and updated. Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng on a TP-Link Archer C7v2. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to latest Git HEADPetr Štetiar2019-11-241-3/+3
| | | | | | | | | | | | | | | | | | | 07413cce72e1 tests: jshn: add more test cases 26586dae43a8 jshn: fix missing usage for -p and -o arguments 8e832a771d3a jshn: fix off by one in jshn_parse_file cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj' c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars' 93848ec96dc5 jshn: refactor main into smaller pieces 9b6ede0e5312 avl: guard against theoretical null pointer dereference c008294a8323 blobmsg_json: fix possible uninitialized struct member 0003ea9c45cc base64: fix possible null pointer dereference 8baeeea1f52d add assert.h component b0a5cd8a28bf add cram based unit tests 1fefb7c4d7f9 add initial GitLab CI support c955464d7a9b enable extra compiler checks 6228df9de91d iron out all extra compiler warnings Signed-off-by: Petr Štetiar <ynezz@true.cz>
* nghttp2: bump to 1.40.0Hans Dedecker2019-11-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 41060943 Bump up version number to 1.40.0, LT revision to 33:0:19 5ae9bb89 Fail fast if huffman decoding context is in failure state bb519154 Merge pull request #1413 from nghttp2/check-authority 77f5487a Add nghttp2_check_authority as public API db9a8f6e Merge pull request #1409 from nghttp2/fix-wrong-stream-close-error-code 6f28a69b Merge pull request #1411 from richard78917/fix_warning 6ce4835e Fix the bug that stream is closed with wrong error code 29042f1c priority_spec::valid(): remove const qualifier from return value d08c4395 Merge pull request #1405 from nghttp2/huffman 5d6964cf Faster huffman decoding 0d855bfc Faster huffman encoding 6f967c6e Fix errors reported by coverity scan b8a43db8 Merge pull request #1394 from wrowe/fix-static-libname 70b62c1a Merge pull request #1393 from wrowe/fix-static-msvcrt 28b1f0b9 Avoid filename collision of static and dynamic lib 1dd966f1 Merge branch 'fix-nghttpx-mruby' fe8946dd nghttpx: Fix bug that mruby is incorrectly shared between backends 72b71a6b Add new flag ENABLE_STATIC_CRT for Windows f8933fe5 nghttpx: Reconnect h1 backend if it lost connection before sending headers 89c33d69 Update neverbleed 7079dc5e Update neverbleed to fix memory leak 5080db84 Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers" 053c7ac5 nghttpx: Returns 408 if backend timed out before sending headers 8a59ce6d nghttpx: Reconnect h1 backend if it lost connection before sending headers f2fde180 Remove redundant null check before delete 95efb3e1 Don't read too greedily 0a6ce87c Add nghttp2_option_set_max_outbound_ack 2aa79fa9 Bump up LT revision to 32:0:18 3980678d Merge branch 'nghttpx-fix-request-stall' 319d5ab1 nghttpx: Fix request stall 448bbbc3 integration-tests: gofmt e575a2aa Merge pull request #1377 from Aldrog/cmake_systemd 4f7aedc9 cmake: Support building nghttpx with systemd 7a590893 Fix clang-8 warning ee443134 Fix FPE with default backend abef9b90 Fix log-level is not set with cmd-line or configuration file 12a999f0 Bump up version number to 1.40.0-DEV acfb3607 Update manual pages Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libnl-tiny: update to latest Git headPetr Štetiar2019-11-141-3/+3
| | | | | | | | 0219008cc876 remove never used err variable assignment disliked by scan-build 7ce813fcd667 silence use after the free clang analyzer warning 1f73b6a8e678 use offsetof macro to make scan-build happy Signed-off-by: Petr Štetiar <ynezz@true.cz>
* nghttp2: Fix pkgconfig fileRosen Penev2019-11-091-7/+5
| | | | | | | | | | lib and includedir point to the host, not staging_dir. Note that prefix and exec_prefix is overriden to point to staging_dir. As CMAKE_INSTTALL is passed, switched InstallDev to use cmake.mk's rule. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libevent2: Fix pkgconfig directoriesRosen Penev2019-11-091-8/+5
| | | | | | | | | | | includedir and libdir are set to /usr/include and /usr/lib . This breaks compilation with packages such as tmux that use pkgconfig to find libevent Also added PKG_LICENSE_FILES. Simplified the InstallDev section by using cmake.mk's default rule. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: update to v4.2.0-stableEneas U de Queiroz2019-11-063-142/+4
| | | | | | | | | | | | | | | Many bugs were fixed--2 patches removed here. This release of wolfSSL includes fixes for 5 security vulnerabilities, including two CVEs with high/critical base scores: - potential invalid read with TLS 1.3 PSK, including session tickets - potential hang with ocspstaping2 (always enabled in openwrt) - CVE-2019-15651: 1-byte overread when decoding certificate extensions - CVE-2019-16748: 1-byte overread when checking certificate signatures - DSA attack to recover DSA private keys Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnl-tiny: update to latest Git headPetr Štetiar2019-11-061-16/+9
| | | | | | | | | | | | | | Includes following changes: 0230d0698e59 add initial GitLab CI support 5e13b797a988 iron out all extra compiler warnings 802fbd4d6f39 cmake: enable extra compiler checks 050bb5c4431b convert into CMake project 5b350e42d1fd refactor into separate Git project and converts the package build to utilize CMake. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to latest Git HEADJo-Philipp Wich2019-11-051-3/+3
| | | | | | | c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect Fixes: CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: bump to version 2019-10-29Yousong Zhou2019-11-031-3/+3
| | | | | | | It contains a single change to vlist.h header file: "vlist: add more macros for loop iteration". This is needed for newer version of fstools Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libnl: update to 3.5.0DENG Qingfang2019-11-013-211/+4
| | | | | | Update libnl to 3.5.0 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ustream-ssl: Update to latest git HEADHauke Mehrtens2019-11-011-5/+5
| | | | | | | | | | 465f8dc wolfssl: adjust to new API in v4.2.0 3b06c65 Update example certificate & key, fix typo 1c38fd8 wolfssl: enable CN validation 33308ee ustream-io-cyassl.c: fix client-mode connections 79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: gcc: enable sanitizers for glibc toolchainYousong Zhou2019-10-241-0/+172
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libubox: update to latest git HEADRoman Yeryomin2019-10-221-3/+3
| | | | | | eb30a03 libubox, jshn: add option to write output to a file Signed-off-by: Roman Yeryomin <roman@advem.lv>
* libpcap: build with cmakeYousong Zhou2019-10-214-298/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | The main motivation is to drop and stop maintaining "100-debian_shared_lib.patch". It lacks the logic to include custom implementation of several functions like pcap_strlcpy() which can cause build failures when glibc is used [2] CAN and CAN-USB support related symbols are now handled by general linux support, see [1] "-ffunction-sections -fdata-sections" were removed as they should help much for shared libraries Size comparison before and after the change -rw-r--r-- 1 yunion yunion 238042 Oct 18 11:42 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 lrwxrwxrwx 1 yunion yunion 16 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 -> libpcap.so.1.9.1 -rwxr-xr-x 1 yunion yunion 229867 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1.9.1 [1] On Linux, handle all CAN captures with pcap-linux.c, in cooked mode, https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b [2] https://github.com/openwrt/packages/issues/10270 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssl: Add engine configuration to openssl.cnfEneas U de Queiroz2019-10-202-1/+57
| | | | | | | | | | | This adds engine configuration sections to openssl.cnf, with a commented list of engines. To enable an engine, all you have to do is uncomment the engine line. It also adds some useful comments to the devcrypto engine configuration section. Other engines currently don't have configuration commands. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libevent2: Update to 2.1.11Daniel Engberg2019-10-155-81/+94
| | | | | | | | | | | | Update libevent to 2.1.11 Use CMake instead GNU Autotools Backport following commits: https://github.com/libevent/libevent/commit/f05ba671931e2b4e38459899f6f63f79f99869fe ..and partially https://github.com/libevent/libevent/commit/7201062f3ef505a77baa6ccaf1cf73812462308a to fix compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* uClibc++: Fix three bugsRosen Penev2019-10-126-20/+221
| | | | | | | | | | | | | | | | | | | | | | | The first allows usage of several functions in the std namespace, which broke compilation of gddrescue specifically with uClibc-ng and uClibc++. The second allows usage of long long with normal C++11, which is part of the standard. Before, std=gnu++11 needed to be passsed to work around it. As a result of the second patch, the pedantic patch can safely be removed. Both patches are upstream backports. Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long. Added another patch that fixes a typo with the long long support. Sent to upstream. Fixed up license information according to SPDX. Small cleanups for consistency. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: update to 1.9.1DENG Qingfang2019-10-126-38/+19
| | | | | | | | | | | | Fixed CVEs: CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* libnl-tiny: fix package mirror hashPetr Štetiar2019-10-111-1/+1
| | | | | | | | Current hash doesn't match with the content of the source tarball. Fixes: a92f74ba8db8 ("libnl-tiny: move source code into separate Git repository") Reported-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: add gcc-8 -ffile-prefix-map filterPaul Spooren2019-10-091-1/+1
| | | | | | | | | | gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths in the resulting binaries. Ref: https://reproducible-builds.org/docs/build-path/ Signed-off-by: Paul Spooren <mail@aparcar.org> [refactored into separate commit] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libnl-tiny: move source code into separate Git repositoryPetr Štetiar2019-10-0943-8366/+12
| | | | | | | | | | In order to make the source code usable and testable separately out of buildroot. Acked-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* elfutils: Add host buildRosen Penev2019-09-212-16/+9
| | | | | | | | | | | | | | | | | | | | | | | Needed for glib2 host build: gresource-tool.c:32:20: fatal error: libelf.h: No such file or directory #include <libelf.h> Changed PKG_LICENSE to the SPDX version. Switched build dependency for argp-standalone to !USE_GLIBC. argp is a glibc extension. Treat it as such. Adjusted patch to use strerror_l, which works properly with both glibc and musl. The patch errors under glibc with: dwfl_error.c:158:7: error: ignoring return value of 'strerror_r', declared with attribute warn_unused_result [-Werror=unused-result] strerror_r (error & 0xffff, s, sizeof(s)); void casting does not fix the error. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: allow building with hw-crytpo and AES-CCMEneas U de Queiroz2019-09-204-21/+160
| | | | | | | | Hardware acceleration was disabled when AES-CCM was selected as a workaround for a build failure. This applies a couple of upstream patches fixing this. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* mbedtls: update to 2.16.3Magnus Kroken2019-09-203-52/+25
| | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* uClibc++: Remove faulty patchRosen Penev2019-09-202-14/+1
| | | | | | | | | | | | | | | This patch was originally added to fix compilation with v4l2rtspserver. Turns out it was v4l2rtspserver that was broken, not uClibc++. This now causes issues with a different package where the arguments are being split. Note that with this patch, shellcheck throws an error: SC2068: Double quote array expansions to avoid re-splitting elements. More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-1912-2524/+223
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-011-2/+2
| | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* openssl: always build with EC supportEneas U de Queiroz2019-09-012-19/+2
| | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnfnetlink: Avoid passing both -fPIC and -fpicRosen Penev2019-08-311-3/+4
| | | | | | | | Instead, instruct the configure script to use $(FPIC) only. Mixing -fPIC and -fpic can cause issues on some platforms like PPC. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-08-311-2/+4
| | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: refresh patchesChristian Lamparter2019-08-243-7/+7
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* elfutils: bump to 0.177Luiz Angelo Daros de Luca2019-08-192-43/+4
| | | | | | 200-uclibc-ng-compat.patch is upstream now. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* nghttp2: bump to 1.39.2Hans Dedecker2019-08-181-2/+2
| | | | | | | | | 957abacf Bump up version number to 1.39.2, LT revision to 32:0:18 83d362c6 Don't read too greedily a76d0723 Add nghttp2_option_set_max_outbound_ack db2f612a nghttpx: Fix request stall Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ustream-ssl: update to latest git HEADHauke Mehrtens2019-08-171-3/+3
| | | | | | | e8f9c22 Revise supported ciphersuites 7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* musl: ldso/dlsym: fix mips returning undef dlsymLuiz Angelo Daros de Luca2019-08-171-1/+1
| | | | | | | | | | | | | | | This happens only the second time a library is loaded by dlopen(). After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef symbol from lib1 dependencies. After the second library is loaded, dlsym(lib2,"undef1") was returning the address of "undef1" in lib2 instead of searching lib2 dependencies. Using upstream fix which now uses the same logic for relocation time and dlsym. Fixes openwrt/packages#9297 Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* wolfssl: bump to 4.1.0-stableEneas U de Queiroz2019-08-175-56/+16
| | | | | | | | | | | | | | | | | Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* nettle: Update to 3.5.1Daniel Engberg2019-08-091-4/+4
| | | | | | | Update (lib)nettle to 3.5.1 Bump ABI_VERSION Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-051-2/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>