aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* pcre: disable C++ bindingsRosen Penev2021-02-241-18/+3
| | | | | | Nothing uses them. Allows to simplify the Makefile. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: always build with GOST engine supportEneas U de Queiroz2021-02-233-18/+19
| | | | | | | | | | | | | | The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-02-235-92/+4
| | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libusb: Fix parsing of descriptors for multi-configuration devicesGeorgi Valkov2021-02-213-1/+91
| | | | | | | | | | | | | | | Prerequisite patch: Correct a typo in the Changelog and clean up a stray file Fix changes in libusb which introduced a regression: Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device initialization") introduced a regression for devices with multiple configurations. The logic that verifies the reported length of the configuration descriptors failed to count the length of the configuration descriptor itself and would truncate the actual length by 9 bytes, leading to a parsing error for subsequent descriptors. Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
* wolfssl: fix Ed25519 typo in config promptChristian Lamparter2021-02-201-1/+1
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* openssl: update package sourcesDavid Bauer2021-02-201-3/+5
| | | | | | | | | | | | OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by: David Bauer <mail@david-bauer.net>
* openssl: bump to 1.1.1jEneas U de Queiroz2021-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* gettext-full: update to 0.21Rosen Penev2021-02-1610-120/+395
| | | | | | | | | | | | | | Add m4 patch to avoid conflict with tools/autoconf-archive. Add build parallel as it seems to work now. Remove a bunch of uClibc-ng hacks as it is not in the tree anymore. Format security patch was fixed upstream. Refreshed other patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* build: reorder more BuildPackages lines to deal with ABI_VERSIONFelix Fietkau2021-02-161-2/+3
| | | | | | | After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use libtool patch for PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+1
| | | | | | Makes it unnecessary to patch .so files after build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use build system variable to specify ABI versionFelix Fietkau2021-02-151-4/+5
| | | | | | This removes the need to patch it afterwards Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-151-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and ↵Hauke Mehrtens2021-02-151-3/+1
| | | | | | | | | | | | | | | | package version" This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libwolfssl: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl collect2: error: ld returned 1 exit status This reverts commit 2591c83b3406c16d3c1cd2dc7fa59c3c1b901d3c. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "libubox: use PKG_ABI_VERSION"Hauke Mehrtens2021-02-151-4/+1
| | | | | | | | | | | | This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libubox: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox This reverts commit f421fefa8a34319c5ff5dcc1af39d6311ec1ad1e. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-141-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-141-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libnftnl: update to 1.1.8Rosen Penev2021-02-141-7/+8
| | | | | | | | | | | | | | Fix license information. Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0 Add PKG_BUILD_PARALLEL for faster compilation. Remove autoreconf as nothing is being patched. Minor cleanups for consistency between packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libevent2: update to 2.1.12Rosen Penev2021-02-143-73/+3
| | | | | | Remove upstream backports. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* readline: update to 8.1Rosen Penev2021-02-141-3/+3
| | | | | | Fix license. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* gmp: update to 6.2.1Rosen Penev2021-02-141-4/+4
| | | | | | Fix license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: Backport fix for CVE-2021-3336Hauke Mehrtens2021-02-092-1/+54
| | | | | | | | | | | | This should fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The patch is backported from the upstream wolfssl development branch. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.9Rosen Penev2021-01-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: make InstallDev explicitRosen Penev2021-01-161-2/+7
| | | | | | Helps to see what actually gets installed. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: cleanup PKG_ variablesRosen Penev2021-01-161-4/+5
| | | | | | | | | | Reordered for consistency between packages. Fixed license information. Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: update to 1.0.24Rosen Penev2021-01-161-3/+3
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: add config option to compile with hkdfEtan Kissling2021-01-141-1/+18
| | | | | | | This adds a config option to allow compiling with HKDF algorithm support to support applications that require this feature. Signed-off-by: Etan Kissling <etan_kissling@apple.com>
* wolfssl: enable HAVE_SECRET_CALLBACKFelix Fietkau2021-01-021-0/+10
| | | | | | Fixes wpad-wolfssl build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: Fix hostapd build with wolfssl 4.6.0Hauke Mehrtens2021-01-011-0/+25
| | | | | | | | | | | | This fixes the following build problem in hostapd: mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add': <artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point' mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map' mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin': <artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map' Fixes: ba40da9045f7 ("wolfssl: Update to v4.6.0-stable") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libevent2: trigger rebuild on libevent2-pthreadsAlexandru Ardelean2021-01-011-0/+1
| | | | | | | | | | | | | The symbol determines if the libevent2-pthreads libraries get built or not. If we want to select libevent2-pthreads, and these haven't been built, an error will occur mentioning that there are no 'libevent_pthreads-2.1.so' files. Adding CONFIG_PACKAGE_libevent2-pthreads to PKG_CONFIG_DEPEND will make sure that the libraries get re-built in case libevent2-pthreads is selected. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wolfssl: Update to v4.6.0-stableEneas U de Queiroz2021-01-014-154/+4
| | | | | | | | | | | | | | | | | This version fixes a large number of bugs, although no security vulnerabilities are listed. Full changelog at: https://www.wolfssl.com/docs/wolfssl-changelog/ or, as part of the version's README.md: https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md Due a number of API additions, size increases from 374.7K to 408.8K for arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. Backported patches were removed; remaining patch was refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* toolchain: remove uClibc install stuffRosen Penev2020-12-221-28/+3
| | | | | | This is preparation for removing uClibc-ng. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: fix pcap-configRosen Penev2020-12-221-2/+10
| | | | | | | | | | | | | pcap-config as installed is using OS paths instead of OpenWrt ones. Take fix from libpng and adjust as needed. This problem seems to occur on Arch Linux and not on Debian/Fedora based distros. No idea why. Remove CMAKE_INSTALL as there is now an InstallDev section. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* pcre: fix paths in config fileRosen Penev2020-12-221-1/+2
| | | | | | | | | The paths are pointing to OS paths, not OpenWrt ones. Use SED line from libpng to fix and adjust accordingly. This may allow certain packages that use the config file to pick up pcre. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* nettle: update to 3.6Rosen Penev2020-12-221-6/+6
| | | | | | | | | | | Updated ABI_VERSION. Switched PKG_BUILD_PARALLEL on as there seems to be no issue anymore. I can't find any information about why it was turned off. Fixed license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: update to 0.180Rosen Penev2020-12-223-6/+6
| | | | | | Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* toolchain: Deactivate sanitizer on MIPS and ARCHauke Mehrtens2020-12-191-4/+4
| | | | | | | | | | MIPS 32 bit support for sanitizer was added with GCC 9, MIPS 64 bit and ARC are still not supported in GCC 10. Deactivate them for now and change this when we change the default compiler to GCC 9 or later. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libunwind: update to 1.5.0Rosen Penev2020-12-163-17/+14
| | | | | | | | | | | | | | Cleanup Makefile for consistency with other ones. Remove PKG_SSP. It can be fixed with -lssp_nonshared. Add PKG_BUILD_PARALLEL for faster compilation. Add zlib dependency. 1.5.0 requires it now. Refresh patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-conntrack: update to 1.0.8Rosen Penev2020-12-151-9/+8
| | | | | | | | | | Previous git version was 1.0.7. Switched to using tarballs for simplicity. Fixed license information. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uclient: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 2c843b2bc04c Add initial GitLab CI support 073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation 086c292160ac uclient-fetch: init_ca_cert: fix memory leak a3c1a88b031a cmake: enable extra compiler checks 32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon 86a2ac6ac46f uclient-fetch: fix potential memory leaks 158dd9dd289c uclient: fix initialized but never read variable 66b4420856a7 uclient-fetch: fix statement may fallt hrough 436f9b3af2ad uclient-http: fix freeing of stack allocated memory e6b5b8a98ce2 Fix extra compiler warnings 12df67e45bb0 Add basic cram based unit tests b6e34845124f cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 68d09243b6fd Add initial GitLab CI support 8280140db9d1 wolfssl: remove now deprecated compatibility code cee6791b362a ustream-mbedtls: fix certificate verification 55c3fd89d508 ustream-mbedtls: implement set_require_validation c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation 3bc05402bfab cmake: enable extra compiler checks cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs 5896991e46a3 ustream-openssl: fix BIO_method memory leak 2c342ae57c5b ustream-openssl: fix wolfSSL includes fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths 63656f81045f cmake: fix linking when wolfSSL not in default paths c26f71e844df cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libubox: utils: introduce mkdir_pDaniel Golle2020-12-121-4/+4
| | | | | | | Add new utility function mkdir_p(char *path, mode_t mode) to replace the partially buggy implementations found accross fstools and procd. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openssl: update to 1.1.1iEneas U de Queiroz2020-12-111-3/+3
| | | | | | | | Fixes: CVE-2020-1971, defined as high severity, summarized as: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: fix broken wolfSSL_X509_check_hostPetr Štetiar2020-12-112-1/+124
| | | | | | | Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host(). References: https://github.com/wolfSSL/wolfssl/issues/3329 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: compile with --enable-opensslallEneas U de Queiroz2020-12-111-1/+2
| | | | | | | | | | This enables all OpenSSL API available. It is required to avoid some silent failures, such as when performing client certificate validation. Package size increases from 356.6K to 374.7K for arm_cortex-a9_vfpv3-d16. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add lighty support, skip crypttestsEneas U de Queiroz2020-12-111-1/+3
| | | | | | | | | | Tnis adds the --enable-lighty option to configure, enabling the minimum API needed to run lighttpd, in the packages feed. Size increase is about 120 bytes for arm_cortex-a9_vfpv3-d16. While at it, speed up build by disabling crypt bench/test. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libcxx[abi]: removeRosen Penev2020-12-075-196/+0
| | | | | | | | | | | | This is a neat project, but offers no benefit to OpenWrt. The initial reason for it was to be a replacement for libstdcpp as it is smaller and lacks compatibility for C++98. Unfortunately, compiling several packages with it results in larger ipk sizes. While not a member of the packages feed, this will be moved to packages-abandoned to keep it somewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lzo: removeRosen Penev2020-12-061-61/+0
| | | | | | This is not used by any package in base. It will be moved to packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: use --cross-compile-prefix in ConfigureEneas U de Queiroz2020-12-061-3/+2
| | | | | | | | | | | | | This sets the --cross-compile-prefix option when running Configure, so that that it will not use the host gcc to figure out, among other things, compiler defines. It avoids errors, if the host 'gcc' is handled by clang: mips-openwrt-linux-musl-gcc: error: unrecognized command-line option '-Qunused-arguments' Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-cthelper: removeRosen Penev2020-11-281-72/+0
| | | | | | | conntrack was moved to packages where this is used. This will be moved there as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>