aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* uclient: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 2c843b2bc04c Add initial GitLab CI support 073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation 086c292160ac uclient-fetch: init_ca_cert: fix memory leak a3c1a88b031a cmake: enable extra compiler checks 32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon 86a2ac6ac46f uclient-fetch: fix potential memory leaks 158dd9dd289c uclient: fix initialized but never read variable 66b4420856a7 uclient-fetch: fix statement may fallt hrough 436f9b3af2ad uclient-http: fix freeing of stack allocated memory e6b5b8a98ce2 Fix extra compiler warnings 12df67e45bb0 Add basic cram based unit tests b6e34845124f cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 68d09243b6fd Add initial GitLab CI support 8280140db9d1 wolfssl: remove now deprecated compatibility code cee6791b362a ustream-mbedtls: fix certificate verification 55c3fd89d508 ustream-mbedtls: implement set_require_validation c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation 3bc05402bfab cmake: enable extra compiler checks cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs 5896991e46a3 ustream-openssl: fix BIO_method memory leak 2c342ae57c5b ustream-openssl: fix wolfSSL includes fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths 63656f81045f cmake: fix linking when wolfSSL not in default paths c26f71e844df cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libubox: utils: introduce mkdir_pDaniel Golle2020-12-121-4/+4
| | | | | | | Add new utility function mkdir_p(char *path, mode_t mode) to replace the partially buggy implementations found accross fstools and procd. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openssl: update to 1.1.1iEneas U de Queiroz2020-12-111-3/+3
| | | | | | | | Fixes: CVE-2020-1971, defined as high severity, summarized as: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: fix broken wolfSSL_X509_check_hostPetr Štetiar2020-12-112-1/+124
| | | | | | | Backport upstream post 4.5.0 fix for broken wolfSSL_X509_check_host(). References: https://github.com/wolfSSL/wolfssl/issues/3329 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: compile with --enable-opensslallEneas U de Queiroz2020-12-111-1/+2
| | | | | | | | | | This enables all OpenSSL API available. It is required to avoid some silent failures, such as when performing client certificate validation. Package size increases from 356.6K to 374.7K for arm_cortex-a9_vfpv3-d16. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add lighty support, skip crypttestsEneas U de Queiroz2020-12-111-1/+3
| | | | | | | | | | Tnis adds the --enable-lighty option to configure, enabling the minimum API needed to run lighttpd, in the packages feed. Size increase is about 120 bytes for arm_cortex-a9_vfpv3-d16. While at it, speed up build by disabling crypt bench/test. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libcxx[abi]: removeRosen Penev2020-12-075-196/+0
| | | | | | | | | | | | This is a neat project, but offers no benefit to OpenWrt. The initial reason for it was to be a replacement for libstdcpp as it is smaller and lacks compatibility for C++98. Unfortunately, compiling several packages with it results in larger ipk sizes. While not a member of the packages feed, this will be moved to packages-abandoned to keep it somewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lzo: removeRosen Penev2020-12-061-61/+0
| | | | | | This is not used by any package in base. It will be moved to packages. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: use --cross-compile-prefix in ConfigureEneas U de Queiroz2020-12-061-3/+2
| | | | | | | | | | | | | This sets the --cross-compile-prefix option when running Configure, so that that it will not use the host gcc to figure out, among other things, compiler defines. It avoids errors, if the host 'gcc' is handled by clang: mips-openwrt-linux-musl-gcc: error: unrecognized command-line option '-Qunused-arguments' Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-cthelper: removeRosen Penev2020-11-281-72/+0
| | | | | | | conntrack was moved to packages where this is used. This will be moved there as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-cttimeout: removeRosen Penev2020-11-281-72/+0
| | | | | | | conntrack was moved to packages where this is used. This will be moved there as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-log: removeRosen Penev2020-11-289-459/+0
| | | | | | | ulogd in the packages feed is the only user of this. It will be moved there. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnetfilter-queue: removeRosen Penev2020-11-282-184/+0
| | | | | | | Nothing in base uses this. This will be moved to packages where it is used. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libroxml: removeRosen Penev2020-11-271-48/+0
| | | | | | This will be moved to the packages feed as nothing here uses it. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libiconv-full: Makefile polishingRosen Penev2020-11-261-9/+2
| | | | | | | | | | | | Added PKG_INSTALL to avoid using an explicit define Build/Compile Added PKG_BUILD_PARALLEL for faster compilation. Removed TARGET_CLAFGS. They are no longer necessary. fPIC is default now. So is gnu99. -DUSE_DOS is a hack to include old and mostly unused conversions. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libiconv-full: update to version 1.16Josef Schlehofer2020-11-266-29530/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Removed following patches: 100-strip_charsets.patch - makes the full variant slim. 101-autotools.patch - this one fails to apply because it was backported from newer versions for 1.11.1. 103-configure_ac_fix.patch - backported from newer versions 200-work-with-libtool2.patch - is not needed anymore, it is done differently in upstream 300-fortify-source-compat.patch - these files are not there anymore - TVHeadend requires working iconv library e.g. transliteration to ASCII and this does not work with libiconv-full currently. There is a simple test, which requires to install iconv package. Before applying this update: root@turris:/# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE luoukK After applying this update: root@turris:~# echo ŽluťoučkýKůň | iconv -t ASCII//TRANSLIT//IGNORE Zlutouck'yKun - Makefile changes: Use HTTPS for their website Fixed deprecated SPDX License Identifier Move PKG_MAINTAINER above PKG_LICENSE Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> Tested-by: Rosen Penev <rosenp@gmail.com> [malta]
* nettle: fix build on macos xcode 12Kevin Darbyshire-Bryant2020-11-261-0/+34
| | | | | | | | | | | compiler warns that exit() isn't defined so checks for build system compiler fail. include <stdlib.h> to define exit() Tested under macos Catalina & Big Sur Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* libusb-compat: removeRosen Penev2020-11-252-239/+0
| | | | | | | No package in base relies on this library. This library will be moved to packages where it is needed. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libjson-c: enable rpath for host builds to fix errors on recent macOSFelix Fietkau2020-11-141-0/+5
| | | | | | Same approach as on libubox Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libnetfilter-log: Backport kernel header syncsBrett Mastbergen2020-11-123-1/+161
| | | | | | | | | | | | Backport upstream commits that sync the local kernel header copies in this library, with up to date copies. These updated headers ensure that libnetfilter-log users can use current kernel functionality such as requesting that conntrack information be appended to nflog events sent to userspace via the NFULNL_CFG_F_CONNTRACK flag. This functionality has been available since kernel version 4.4 Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
* libnl-tiny: update to the latest versionFelix Fietkau2020-11-121-3/+4
| | | | | | | 2584ebc642b2 libnl-tiny: install pkgconfig file c291088f631d unl: add support for connecting to rtnl Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libselinux: remove dependency on musl-fts for non-musl buildsDaniel Golle2020-10-311-3/+6
| | | | | | Suggested-by: Curtis Deptuck <curtdept@users.noreply.github.com> Tested-by: Curtis Deptuck <curtdept@users.noreply.github.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openssl: bump to 1.1.1hEneas U de Queiroz2020-09-283-5/+5
| | | | | | This is a bug-fix release. Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libsepol: break out chkcon utilityDaniel Golle2020-09-271-0/+18
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: split utility packages and add PKG_LICENSEDaniel Golle2020-09-211-14/+73
| | | | | | | | Split utility packages similar to coreutils in packages feed, adding ALTERNATIVES for those which are also provided by busybox-selinux. Also add missing license information. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libjson-c: update to 0.15David Bauer2020-09-174-184/+22
| | | | | | | | | | | | Drop patches as they've been upstreamed: * 001-Fix-CVE-2020-12762.patch Refresh patches: * 000-libm.patch Add patch to avoid build failure due to missing docs in tarball. Signed-off-by: David Bauer <mail@david-bauer.net>
* wolfssl: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk 391.545 new: libwolfssl24_4.5.0-stable-2_mips_24kc.ipk 387.439 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libnftnl: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libnftnl12_1.1.7-1_mips_24kc.ipk 47.459 new: libnftnl12_1.1.7-2_mips_24kc.ipk 45.742 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* jansson: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-1/+4
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: jansson4_2.13.1-1_mips_24kc.ipk 19.171 new: jansson4_2.13.1-2_mips_24kc.ipk 18.936 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libnftnl: Update to version 1.1.7Hauke Mehrtens2020-09-061-2/+2
| | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: libnftnl12_1.1.5-1_mips_24kc.ipk 46.252 new: libnftnl12_1.1.7-1_mips_24kc.ipk 47.459 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* jansson: Update to version 2.13.1Hauke Mehrtens2020-09-061-2/+3
| | | | | | | | | | | | | This also sets the ABI_VERSION as this is a versioned shared library. The ipk sizes for mips_24Kc change like this: old: jansson_2.12-1_mips_24kc.ipk 18.692 new: jansson4_2.13.1-1_mips_24kc.ipk 19.171 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libselinux: package executables into -utilsDaniel Golle2020-09-041-0/+13
| | | | | | | Add new package libselinux-utils containing the executable utilities included with libselinux. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mbedtls: update to 2.16.8Magnus Kroken2020-09-022-25/+25
| | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues and the most notable of them are described in more detail in the security advisories. * Local side channel attack on RSA and static Diffie-Hellman * Local side channel attack on classical CBC decryption in (D)TLS * When checking X.509 CRLs, a certificate was only considered as revoked if its revocationDate was in the past according to the local clock if available. Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* libaudit: add host-build required by policycoreutils/hostDaniel Golle2020-09-011-9/+25
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: host-build depends on renamed libaudit packageDaniel Golle2020-09-011-1/+1
| | | | | Fixes: efdf619f21 ("audit: build only libaudit") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libaudit: drop unused fileDaniel Golle2020-09-011-16/+0
| | | | | | | | Drop init script from libaudit package. It will be added to the 'audit' package in the packages feed. Fixes: efdf619f21 ("audit: build only libaudit") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: add missing package metadataDaniel Golle2020-08-311-1/+6
| | | | | | License and CPE-ID were missing, add them. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* audit: build only libauditDaniel Golle2020-08-314-0/+268
| | | | | | Turns out auditd depends on libev. Lets have that in packages.git. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libcxx: update to 10.0.0Rosen Penev2020-08-315-60/+24
| | | | | | | | | | | | | | | | | | | Switched to upstream tarballs. Switched to libcxxabi as using libsupc++ is quite wonky. Fixed description. Removed patches. The fixes are cosmetic. Added ssp patch. This one is needed for i386 and powerpc under musl. Compile tested every C++ package in the tree with the exception of several boost packages. There's something broken with boost. Ran tested with gerbera. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcxxabi: addRosen Penev2020-08-312-0/+98
| | | | | | | | | | | | | | | This will be used for libcxx. libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses GCC specific stuff which causes failed compilation for some packages. There are also runtime issues, most notably with cxxopts where the program just crashes. Reference: https://github.com/gerbera/gerbera/issues/795 Added patch to fix ARM compilation. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libsemanage: new packageDaniel Golle2020-08-311-0/+66
| | | | | | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [update to 3.1] Signed-off-by: W. Michael Petullo <mike@flyn.org> [removed python part for inclusion in core] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: add certgen config optionPaul Spooren2020-08-312-1/+6
| | | | | | The option allows to generate certificates. Signed-off-by: Paul Spooren <mail@aparcar.org>
* nghttp2: move to packages.gitHans Dedecker2020-08-311-44/+0
| | | | | | | | | As the package curl has been moved to packages.git and only libcurl depends on libnghttps move it as well to packages.git. This is based on the Hamburg 2019 decision that non essential packages should move outside base. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wolfssl: Update to version 4.5.0Hauke Mehrtens2020-08-263-4/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Fix a build error on big endian systems by backporting a pull request: https://github.com/wolfSSL/wolfssl/pull/3255 The size of the ipk increases on mips BE by 1.4% old: libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246 new: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.7Magnus Kroken2020-08-242-27/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libselinux: fix Makefile styleDaniel Golle2020-08-141-1/+1
| | | | | | Also fix line order in libselinux Makefile. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsepol: fix Makefile styleDaniel Golle2020-08-141-3/+2
| | | | | | Fix line ordering (cosmetic). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: clean up Makefile line orderDaniel Golle2020-08-141-4/+2
| | | | | | | | The most recent patch added add lines in one block instead of in the appropriate places to keep Makefiles in consistent style. Fix that. Fixes: ff02e1561f ("pcre: add host variant of libpcre") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* pcre: add host variant of libpcreThomas Petazzoni2020-08-141-0/+12
| | | | | | This is needed to build the host variant of libselinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>