aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* libjson-c: backport security fixesRobert Marko2020-05-135-1/+175
| | | | | | | | | | | | This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* argp-standalone: fix segfault in canon_doc_optionStijn Tintel2020-05-031-0/+14
| | | | | | Backported from glibc. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* elfutils: powerpc build fixLuiz Angelo Daros de Luca2020-04-281-0/+34
| | | | | | | | | | | | | | Fixes following build error on mpc85xx/generic: ppc_initreg.c: In function 'ppc_set_initial_registers_tid': ppc_initreg.c:79:22: error: field 'r' has incomplete type struct pt_regs r; Ref: FS#2924 Fixes: d27623b54254 ("elfutils: update to 0.179") Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> [commit description facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1gPetr Štetiar2020-04-211-2/+2
| | | | | | | | Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mbedtls: update to 2.16.6Magnus Kroken2020-04-171-2/+2
| | | | | | | | | | | | Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* elfutils: aarch64 fix build on muslLucian Cristian2020-04-171-0/+59
| | | | | | | | | aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid': aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int') dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF; ~~~~~~~~~~~~~~ ^ Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* elfutils: update to 0.179Rosen Penev2020-04-136-64/+106
| | | | | | | | | | | | | | | | | Removed sys/cdefs usage. The header is deprecated. Removed canonicalize_file_name define. It's already fixed upstream. Added --disable-debuginfod. Seems to be needed. Modified patch 005 to build more stuff. It was failing before. It still only builds libraries. Modified patch 100 to use strerror under non-glibc. It is used under glibc as strerror is not thread safe. It is under musl and uClibc-ng. strerror_l is not available under uClibc-ng. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* jansson: convert to cmakeKevin Darbyshire-Bryant2020-04-011-14/+9
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: bump to 1.1.1fEneas U de Queiroz2020-04-012-83/+3
| | | | | | | | | There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* jansson: import jansson from packagesKevin Darbyshire-Bryant2020-03-291-0/+51
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: revert EOF detection change in 1.1.1Eneas U de Queiroz2020-03-282-1/+81
| | | | | | | | | | | | | | | | | | | | | | This adds patches to avoid possible application breakage caused by a change in behavior introduced in 1.1.1e. It affects at least nginx, which logs error messages such as: nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: xxxx, server: [::]:443 Openssl commits db943f4 (Detect EOF while reading in libssl), and 22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the behavior when encountering an EOF in SSL_read(). Previous behavior was to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits being reverted changed it to SSL_ERRO_SSL, and add an error to the stack, which is correct. Unfortunately this affects a number of applications that counted on the old behavior, including nginx. The reversion was discussed in openssl/openssl#11378, and implemented as PR openssl/openssl#11400. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* uclient: update mirror hashJo-Philipp Wich2020-03-251-1/+1
| | | | | Fixes: 98017228dd ("uclient: bump to latest Git HEAD") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uclient: bump to latest Git HEADJo-Philipp Wich2020-03-251-2/+2
| | | | | | af585db uclient-fetch: support specifying advertised TLS ciphers Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: bump to latest Git HEADJo-Philipp Wich2020-03-251-4/+4
| | | | | | | | | | 5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write f7f93ad add support for specifying usable ciphers Also bump the ABI version since the layout of `struct ustream_ssl_ops` changed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libnftnl: drop unsupported configure optionKevin Darbyshire-Bryant2020-03-231-2/+1
| | | | | | --without-json-parsing is not a supported configure option. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: update to 1.1.1eEneas U de Queiroz2020-03-214-41/+22
| | | | | | | This version includes bug and security fixes, including medium-severity CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: add configuration example for afalg-syncEneas U de Queiroz2020-03-212-2/+31
| | | | | | | This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* readline: needs host depend on ncurses to buildJan Kardell2020-03-201-0/+2
| | | | | | We must ensure that host ncurses is build before host readline. Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
* libnftnl: bump to 1.1.5Kevin Darbyshire-Bryant2020-03-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Solve missing references to nftnl_set_list_lookup_byname when building iptables with Nftables support enabled (CONFIG_IPTABLES_NFTABLES) Bump the ABI version to force everything to match. /Users/kevin/wrt/staging_dir/toolchain-x86_64_gcc-9.2.0_musl/lib/gcc/x86_64-openwrt-linux-musl/9.2.0/../../../../x86_64-openwrt-linux-musl/bin/ld: xtables_nft_multi-nft-bridge.o: in function `nft_bridge_parse_lookup': nft-bridge.c:(.text.nft_bridge_parse_lookup+0xcd): undefined reference to `nftnl_set_list_lookup_byname' /Users/kevin/wrt/staging_dir/toolchain-x86_64_gcc-9.2.0_musl/lib/gcc/x86_64-openwrt-linux-musl/9.2.0/../../../../x86_64-openwrt-linux-musl/bin/ld: xtables_nft_multi-nft-cache.o: in function `nftnl_set_list_cb': nft-cache.c:(.text.nftnl_set_list_cb+0x80): undefined reference to `nftnl_set_list_lookup_byname' /Users/kevin/wrt/staging_dir/toolchain-x86_64_gcc-9.2.0_musl/lib/gcc/x86_64-openwrt-linux-musl/9.2.0/../../../../x86_64-openwrt-linux-musl/bin/ld: xtables_nft_multi-nft-cache.o: in function `fetch_set_cache': nft-cache.c:(.text.fetch_set_cache+0x10a): undefined reference to `nftnl_set_list_lookup_byname' collect2: error: ld returned 1 exit status make[6]: *** [xtables-nft-multi] Error 1 make[5]: *** [all] Error 2 make[4]: *** [all-recursive] Error 1 make[3]: *** [all] Error 2 make[2]: *** [/Users/kevin/wrt/build_dir/target-x86_64_musl/linux-x86_64/iptables-1.8.4/.built] Error 2 make[2]: Leaving directory `/Users/kevin/wrt/package/network/utils/iptables' Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ncurses: update to 6.2DENG Qingfang2020-03-057-19/+19
| | | | | | Update ncurses to 6.2 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* libpcap: activate PIE ASLR by defaultStijn Tintel2020-03-011-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This is required to enable PIE ASLR support by default in ppp, as it fails to build without it, on x86/64. The .so file size stays identical. Suggested-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* libubox: update to latest Git HEADJo-Philipp Wich2020-02-271-3/+3
| | | | | | | | 7da6643 tests: blobmsg: add test case 75e300a blobmsg: fix wrong payload len passed from blobmsg_check_array Fixes: FS#2833 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mbedtls: use correct SPDX License Identifier and add License fileJosef Schlehofer2020-02-241-1/+2
| | | | | | | | | | License "GPL-2.0+" is deprecated License Identifier according to SPDX License list [1]. The correct one is GPL-2.0-or-later. While at it, also add the License file. [1] https://spdx.org/licenses/ Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* mbedtls: update to version 2.16.5Josef Schlehofer2020-02-241-2/+2
| | | | | | | | | | Changelog: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* libbsd: update to 0.10.0Rosen Penev2020-02-224-295/+6
| | | | | | | | | | Removed all upstream patches. Added PKG_BUILD_PARALLEL for faster compilation. Small Makefile rearrangements for consistency between packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-24/+24
| | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* libubox: update to version 2020-01-20Petr Štetiar2020-01-201-3/+3
| | | | | | | | | | | | | | | | 43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes 5c0faaf4f5e2 tests: prefer dynamically allocated buffers 1ffa41535369 blobmsg_json: prefer snprintf usage 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf a2aab30fc918 jshn: prefer snprintf usage b0886a37f39a cmake: add a possibility to set library version a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values f0da3a4283b7 blobmsg_json: fix int16 serialization 20a070f08139 tests: blobmsg/json: add more test cases 379cd33d1992 tests: include json script shunit2 based testing Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libcxx: fix build for x86/64Stijn Tintel2020-01-171-0/+1
| | | | | | | | | | When building libcxx for x86/64, the library is installed in /usr/lib64. As the install section tries to copy the library from /usr/lib, this breaks build on x86/64. Override the lib dir suffix to fix this. Fixes: 856ea2bad3b3 ("libcxx: Add package") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Rosen Penev <rosenp@gmail.com>
* uclient: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | fef6d3d uclient: Add string error function Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | | 30cebb4 ustream-ssl: mbedtls: fix ssl client verification 77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nettle: Disable ARMEB assemblyRosen Penev2020-01-051-1/+6
| | | | | | It's broken for ARMv5, which is the only armeb target in OpenWrt. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: Remove -flto from LDFLAGSRosen Penev2020-01-053-4/+17
| | | | | | | | | | | | | | | It seems the buildbots can't handle it. Added a cmake option to find the cxxabi files as they are part of the toolchain and not in the normal path. It doesn't seem to make a difference, just gets rid of cmake warnings. Added another small GCC warning fix. It's fairly minor. This has no change in compiled size, and most likely no change in behavior. Bumped the PKG_RELEASE anyway. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: Add size optimizationsRosen Penev2020-01-013-1/+39
| | | | | | | | | | | | | | Changed standard to 2a. 2a (as well as 17) contain more constexpr functions, which are evaluated at compile time. This saves space. Added --gc-sections. With the CXXABI change, this now makes the package smaller. With these, size went down to 210845 on mipsel_24kc. Also fixed two small compiler warnings. No real change in behavior. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxx: Build with the libsupc++ ABIRosen Penev2020-01-011-1/+2
| | | | | | | | | | | | | | | | | | | | | Allows proper exception handling. This includes removing unimplemented warnings. File size increased as a result: Before: 182874 After: 211006 On mipsel_24kc. Note that this requires libsupc++ anyway. It's specified in g++-libcxx. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to version 2019-12-28Petr Štetiar2019-12-281-4/+4
| | | | | | | Fixes startup issues of some services in procd and bumps ABI_VERSION to 20191228. Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: bump to 4.3.0-stableEneas U de Queiroz2019-12-261-3/+3
| | | | | | | This update fixes many bugs, and six security vulnerabilities, including CVE-2019-18840. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libubox: update to version 2019-12-26Petr Štetiar2019-12-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains following changes: eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods b0e21553ae8c blobmsg: add _len variants for all attribute checking methods cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len 143303149c8b Ensure blob_attr length check does not perform out of bounds reads f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value 2df6d35e3299 tests: add test cases for blobmsg parsing 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes 478597b9f9ae blob: fix OOB access in blob_check_type 325418a7a3c0 tests: use blob_parse_untrusted variant 0b24e24b93e1 blob: introduce blob_parse_untrusted 6d27336e4a8b blob: refactor attr parsing into separate function 833d25797b16 test: fuzz: add blob_parse crashes 09ee90f8d6ed tests: add test cases for blob parsing 436d6363a10b tests: add libFuzzer based tests bf680707acfd tests: add unit tests covered with Clang sanitizers f804578847de cmake: add more hardening compiler flags 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings eb216a952407 cmake: use extra compiler warnings only on gcc6+ and bumps ABI_VERSION to 20191226. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libcxx: Depenency fixesRosen Penev2019-12-231-4/+4
| | | | | | | | | | | | | Don't build with uClibc-ng. It's totally unsupported as several functions are missing. Make the musl libc support conditional. Fix hash with make check FIXUP=1. Apparently I based the Makefile off of libedit and forgot to fix the hash. Signed-off-by: Rosen Penev <rosenp@gmail.com> Fixes: 856ea2bad3b3 ("libcxx: Add package")
* libcxx: Add packageRosen Penev2019-12-232-0/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The former is huge and the latter supports only C++98 with some basic support for C++11. Those C++ versions seem to be specific to the compiler version libcxx supports C++11 and above while being much smaller than libstdcpp. On mt7621, these are the sizes of the ipks that I get: libstdcpp: 460786 libcxx: 182881 uClibc++:67720 libcxx is faster than uClibc++ and is under active development as part of the LLVM project while uClibc++ is effectively dead. This PR modifies uclibc++.mk to expose the make menuconfig option. Further cleanup is beyond the scope of this PR. What that means is, this is not used by default. A g++-libcxx wrapper based on the uClibc++ one was added. Works the same way. Compile tested with all packages that use uclibc++.mk in their Makefiles under mipsel_24kc. kismet fails compilation but that package needs to be cleaned up and updated. Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng on a TP-Link Archer C7v2. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libubox: update to latest Git HEADPetr Štetiar2019-11-241-3/+3
| | | | | | | | | | | | | | | | | | | 07413cce72e1 tests: jshn: add more test cases 26586dae43a8 jshn: fix missing usage for -p and -o arguments 8e832a771d3a jshn: fix off by one in jshn_parse_file cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj' c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars' 93848ec96dc5 jshn: refactor main into smaller pieces 9b6ede0e5312 avl: guard against theoretical null pointer dereference c008294a8323 blobmsg_json: fix possible uninitialized struct member 0003ea9c45cc base64: fix possible null pointer dereference 8baeeea1f52d add assert.h component b0a5cd8a28bf add cram based unit tests 1fefb7c4d7f9 add initial GitLab CI support c955464d7a9b enable extra compiler checks 6228df9de91d iron out all extra compiler warnings Signed-off-by: Petr Štetiar <ynezz@true.cz>
* nghttp2: bump to 1.40.0Hans Dedecker2019-11-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 41060943 Bump up version number to 1.40.0, LT revision to 33:0:19 5ae9bb89 Fail fast if huffman decoding context is in failure state bb519154 Merge pull request #1413 from nghttp2/check-authority 77f5487a Add nghttp2_check_authority as public API db9a8f6e Merge pull request #1409 from nghttp2/fix-wrong-stream-close-error-code 6f28a69b Merge pull request #1411 from richard78917/fix_warning 6ce4835e Fix the bug that stream is closed with wrong error code 29042f1c priority_spec::valid(): remove const qualifier from return value d08c4395 Merge pull request #1405 from nghttp2/huffman 5d6964cf Faster huffman decoding 0d855bfc Faster huffman encoding 6f967c6e Fix errors reported by coverity scan b8a43db8 Merge pull request #1394 from wrowe/fix-static-libname 70b62c1a Merge pull request #1393 from wrowe/fix-static-msvcrt 28b1f0b9 Avoid filename collision of static and dynamic lib 1dd966f1 Merge branch 'fix-nghttpx-mruby' fe8946dd nghttpx: Fix bug that mruby is incorrectly shared between backends 72b71a6b Add new flag ENABLE_STATIC_CRT for Windows f8933fe5 nghttpx: Reconnect h1 backend if it lost connection before sending headers 89c33d69 Update neverbleed 7079dc5e Update neverbleed to fix memory leak 5080db84 Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers" 053c7ac5 nghttpx: Returns 408 if backend timed out before sending headers 8a59ce6d nghttpx: Reconnect h1 backend if it lost connection before sending headers f2fde180 Remove redundant null check before delete 95efb3e1 Don't read too greedily 0a6ce87c Add nghttp2_option_set_max_outbound_ack 2aa79fa9 Bump up LT revision to 32:0:18 3980678d Merge branch 'nghttpx-fix-request-stall' 319d5ab1 nghttpx: Fix request stall 448bbbc3 integration-tests: gofmt e575a2aa Merge pull request #1377 from Aldrog/cmake_systemd 4f7aedc9 cmake: Support building nghttpx with systemd 7a590893 Fix clang-8 warning ee443134 Fix FPE with default backend abef9b90 Fix log-level is not set with cmd-line or configuration file 12a999f0 Bump up version number to 1.40.0-DEV acfb3607 Update manual pages Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libnl-tiny: update to latest Git headPetr Štetiar2019-11-141-3/+3
| | | | | | | | 0219008cc876 remove never used err variable assignment disliked by scan-build 7ce813fcd667 silence use after the free clang analyzer warning 1f73b6a8e678 use offsetof macro to make scan-build happy Signed-off-by: Petr Štetiar <ynezz@true.cz>
* nghttp2: Fix pkgconfig fileRosen Penev2019-11-091-7/+5
| | | | | | | | | | lib and includedir point to the host, not staging_dir. Note that prefix and exec_prefix is overriden to point to staging_dir. As CMAKE_INSTTALL is passed, switched InstallDev to use cmake.mk's rule. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libevent2: Fix pkgconfig directoriesRosen Penev2019-11-091-8/+5
| | | | | | | | | | | includedir and libdir are set to /usr/include and /usr/lib . This breaks compilation with packages such as tmux that use pkgconfig to find libevent Also added PKG_LICENSE_FILES. Simplified the InstallDev section by using cmake.mk's default rule. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: update to v4.2.0-stableEneas U de Queiroz2019-11-063-142/+4
| | | | | | | | | | | | | | | Many bugs were fixed--2 patches removed here. This release of wolfSSL includes fixes for 5 security vulnerabilities, including two CVEs with high/critical base scores: - potential invalid read with TLS 1.3 PSK, including session tickets - potential hang with ocspstaping2 (always enabled in openwrt) - CVE-2019-15651: 1-byte overread when decoding certificate extensions - CVE-2019-16748: 1-byte overread when checking certificate signatures - DSA attack to recover DSA private keys Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libnl-tiny: update to latest Git headPetr Štetiar2019-11-061-16/+9
| | | | | | | | | | | | | | Includes following changes: 0230d0698e59 add initial GitLab CI support 5e13b797a988 iron out all extra compiler warnings 802fbd4d6f39 cmake: enable extra compiler checks 050bb5c4431b convert into CMake project 5b350e42d1fd refactor into separate Git project and converts the package build to utilize CMake. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to latest Git HEADJo-Philipp Wich2019-11-051-3/+3
| | | | | | | c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect Fixes: CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: bump to version 2019-10-29Yousong Zhou2019-11-031-3/+3
| | | | | | | It contains a single change to vlist.h header file: "vlist: add more macros for loop iteration". This is needed for newer version of fstools Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libnl: update to 3.5.0DENG Qingfang2019-11-013-211/+4
| | | | | | Update libnl to 3.5.0 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* ustream-ssl: Update to latest git HEADHauke Mehrtens2019-11-011-5/+5
| | | | | | | | | | 465f8dc wolfssl: adjust to new API in v4.2.0 3b06c65 Update example certificate & key, fix typo 1c38fd8 wolfssl: enable CN validation 33308ee ustream-io-cyassl.c: fix client-mode connections 79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>