aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* wolfssl: add support for OpenVPNIvan Pavlov2021-05-232-1/+7
| | | | | | | | | | Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4, so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* wolfssl: always export wc_ecc_set_rngDavid Bauer2021-05-212-1/+51
| | | | | | | | | | | | | | | Since commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") wolfssl requires a RNG for an EC key when the hardened built option is selected. wc_ecc_set_rng is only available when built hardened, so there is no safe way to install the RNG to the key regardless whether or not wolfssl is compiled hardened. Always export wc_ecc_set_rng so tools such as hostapd can install RNG regardless of the built settings for wolfssl. Signed-off-by: David Bauer <mail@david-bauer.net>
* libubox: update to the latest versionFelix Fietkau2021-05-181-3/+3
| | | | | | | | | | | | 870acee325fe tests: cram: test_base64: fix failing tests 4d8995e91d56 tests: cram: test_base64: really fix failing tests 551d75b5662c libubox: tests: add more blobmsg/json test cases a0dbcf8b8f96 tests: add blob-buffer overflow test b36a3a90098d blob: fix exceeding maximum buffer length b8abed749423 utils.h: add fallthrough macro b14c4688612c json_script: fix unannotated fall-through warning Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: update to Git version 2021-05-14Baptiste Jonglez2021-05-141-3/+3
| | | | | | | | 6a6011d uclient-http: set eof mark when content-length is 0 19571e4 tests: fix help usage test for uclient built with sanitizer c5fc04b tests: fix help usage test Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* libsemanage: fix pkgconfig pathsRosen Penev2021-04-151-1/+3
| | | | | | The pkgconfig file currently points to host paths. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcap: bump to 2.48Stijn Tintel2021-04-051-2/+2
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: drop invalid copyright headerStijn Tintel2021-04-051-2/+0
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: import from packages feedStijn Tintel2021-04-052-0/+126
| | | | | | | | | | | | Having libcap in OpenWrt base allows us to enable libcap support in other packages in base. In lldpd, this would allow the monitor process to drop its privileges instead of running as root, improving security. It will also allow us to drop our patch to disable libcap. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* uclient: update to Git version 2021-04-03Hauke Mehrtens2021-04-031-3/+3
| | | | | | | 83efca2 tests: fix possibly longer start of HTTP server 64e00d6 uclient-fetch: document missing options Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ncurses: add screen-256color terminfoPaul Spooren2021-03-291-1/+2
| | | | | | | The terminfo is required by the popular terminal multiplexer screen and tmux, offer it by default as the size impact is minimal with 885 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ncurses: split long line of supported terminfoPaul Spooren2021-03-291-1/+12
| | | | | | | The terminfo files were all in one row which is terrible to read. Split them over multiple lines to improve readability. Signed-off-by: Paul Spooren <mail@aparcar.org>
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-262-25/+24
| | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "openssl: refresh patches"Kevin Darbyshire-Bryant2021-03-2611-2498/+180
| | | | | | This reverts commit e27ef2da0d513494c3e9926ce8d44b63e4236a32. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: refresh patchesKevin Darbyshire-Bryant2021-03-2611-180/+2498
| | | | | | Tidy up some patch fuzz. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* elfutils: enable building with MIPS16Tony Ambardar2021-03-251-2/+2
| | | | | | | | | | | | | | | | | | Building with MIPS16 was disabled in 2013 due to an issue with GCC TLS: https://dev.archive.openwrt.org/ticket/13572. But after the problematic GCC version was retired, this change wasn't revisited. Re-enable MIPS16 builds to reduce average elfutils library sizes ~10%. This was compile-tested on malta/mips32be and malta/mips32le, and linked with iproute2 for run-testing. Package sizes follow: Library MIPS16:=0 MIPS16:=1 ------- --------- --------- libelf1 43217 37492 libasm1 12481 11658 libdw1 229723 205793 Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* libnfnetlink: quote $(FPIC) on command linePhilip Prindeville2021-03-191-2/+2
| | | | | | | | | When $(FPIC) gets expanded on the command line (for instance when setting environment variables for libtool, configure, or make) we can't count on it not needing quoting (i.e. it could contain multiple flags separated with spaces). Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* mbedtls: update to 2.16.10Magnus Kroken2021-03-162-13/+13
| | | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Security fixes: * Fix a buffer overflow in mbedtls_mpi_sub_abs() * Fix an errorneous estimation for an internal buffer in mbedtls_pk_write_key_pem() * Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() * Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* gettext-full: disable nameless locale defineRosen Penev2021-03-142-5/+5
| | | | | | | It seems some packages like transmission and json-glib fail with it enabled. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: remove host build from target packageTony Ambardar2021-03-131-2/+0
| | | | | | | | | | | | | Commit f4da28c301 ("elfutils: Add host build") supplied a libelf host library to fix a glib2 host build error, but this need was later removed by b6212c8769 ("glib2: don't use libelf during host build"). More importantly, there are already two sources for libelf host libraries: OpenWRT build prerequisites [1] and tools/libelf. A third is not needed. Ref [1]: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* libsemanage: update to version 3.2Dominick Grift2021-03-081-3/+3
| | | | | | | | | | | | c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsemanage/genhomedircon: check usepasswd 6ebb35d2 libsemanage: Bump libsemanage.so version c08b73d7 libsemanage: Drop deprecated functions b46406de libsemanage: Remove legacy and duplicate symbols Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libselinux: update to version 3.2Dominick Grift2021-03-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expressions 9cc6b5cf libselinux/getconlist: report failures 156dd0de libselinux: update getseuser e2dca5df libselinux: accept const fromcon in get_context API da4829d0 libselinux: Always close status page fd 45b15c22 selinux(8): explain that runtime disable is deprecated 3c16aaef selinux(8): mark up SELINUX values c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable db0f2f38 libselinux: Add build option to disable X11 backend 4a142ac4 libsepol: Bump libsepol.so version d23342a9 libselinux: convert matchpathcon to selabel_lookup() 7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format. f5d644c7 libselinux: Add additional log callback details in man page for auditing. 075f9cfe libselinux: Fix selabel_lookup() for the root dir. a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices. a63f93d8 libselinux: initialize last_policyload in selinux_status_open() ef902db9 libselinux: safely access shared memory in selinux_status_updated() 9e4480b9 libselinux: Remove trailing slash on selabel_file lookups. 21fb5f20 libselinux: use full argument specifiers for security_check_context in man page e7abd802 libselinux: fix build order 05bdc031 libselinux: use kernel status page by default Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsepol: update to version 3.2Dominick Grift2021-03-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering <src_info> 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libubox: update to git HEADDaniel Golle2021-03-021-3/+3
| | | | | | 2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libunwind: Add MIPS64 dep checkDonald Hoskins2021-03-011-1/+1
| | | | | | | | | | | libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness. libunwind seems to support MIPS64 without issues, it was limited by the dep arch check in the Makefile. Used to compile Suricata6/Rust locally without issue. Signed-off-by: Donald Hoskins <grommish@gmail.com>
* libpcap: update to 1.10.0Rosen Penev2021-03-017-109/+73
| | | | | | | | | | | | | | | | | | | | | Simplify cmake option handling by putting everything in blocks. Add openssl patch as there's no easy way to disable. Rebase the skip manpages patch. Remove the monitor mode patch as it no longer applies. Remove flex patch as normal Makefile is no longer used. Remove USB path patch. While it is deprecated, the codepath is never taken. /sys/bus/usb/devices is checked before hand. If it exists, the function does stuff and returns. Additionally, this path is used elsewhere in the code. Refresh other patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* zlib: properly split patchesAdrian Schmutzler2021-02-244-502/+501
| | | | | | | | | | This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* pcre: disable C++ bindingsRosen Penev2021-02-241-18/+3
| | | | | | Nothing uses them. Allows to simplify the Makefile. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: always build with GOST engine supportEneas U de Queiroz2021-02-233-18/+19
| | | | | | | | | | | | | | The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-02-235-92/+4
| | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libusb: Fix parsing of descriptors for multi-configuration devicesGeorgi Valkov2021-02-213-1/+91
| | | | | | | | | | | | | | | Prerequisite patch: Correct a typo in the Changelog and clean up a stray file Fix changes in libusb which introduced a regression: Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device initialization") introduced a regression for devices with multiple configurations. The logic that verifies the reported length of the configuration descriptors failed to count the length of the configuration descriptor itself and would truncate the actual length by 9 bytes, leading to a parsing error for subsequent descriptors. Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
* wolfssl: fix Ed25519 typo in config promptChristian Lamparter2021-02-201-1/+1
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* openssl: update package sourcesDavid Bauer2021-02-201-3/+5
| | | | | | | | | | | | OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by: David Bauer <mail@david-bauer.net>
* openssl: bump to 1.1.1jEneas U de Queiroz2021-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* gettext-full: update to 0.21Rosen Penev2021-02-1610-120/+395
| | | | | | | | | | | | | | Add m4 patch to avoid conflict with tools/autoconf-archive. Add build parallel as it seems to work now. Remove a bunch of uClibc-ng hacks as it is not in the tree anymore. Format security patch was fixed upstream. Refreshed other patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* build: reorder more BuildPackages lines to deal with ABI_VERSIONFelix Fietkau2021-02-161-2/+3
| | | | | | | After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use libtool patch for PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+1
| | | | | | Makes it unnecessary to patch .so files after build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use build system variable to specify ABI versionFelix Fietkau2021-02-151-4/+5
| | | | | | This removes the need to patch it afterwards Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-151-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and ↵Hauke Mehrtens2021-02-151-3/+1
| | | | | | | | | | | | | | | | package version" This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libwolfssl: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl collect2: error: ld returned 1 exit status This reverts commit 2591c83b3406c16d3c1cd2dc7fa59c3c1b901d3c. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "libubox: use PKG_ABI_VERSION"Hauke Mehrtens2021-02-151-4/+1
| | | | | | | | | | | | This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libubox: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox This reverts commit f421fefa8a34319c5ff5dcc1af39d6311ec1ad1e. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-141-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-141-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libnftnl: update to 1.1.8Rosen Penev2021-02-141-7/+8
| | | | | | | | | | | | | | Fix license information. Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0 Add PKG_BUILD_PARALLEL for faster compilation. Remove autoreconf as nothing is being patched. Minor cleanups for consistency between packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libevent2: update to 2.1.12Rosen Penev2021-02-143-73/+3
| | | | | | Remove upstream backports. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* readline: update to 8.1Rosen Penev2021-02-141-3/+3
| | | | | | Fix license. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* gmp: update to 6.2.1Rosen Penev2021-02-141-4/+4
| | | | | | Fix license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: Backport fix for CVE-2021-3336Hauke Mehrtens2021-02-092-1/+54
| | | | | | | | | | | | This should fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The patch is backported from the upstream wolfssl development branch. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.9Rosen Penev2021-01-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>