aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: update to 2.16.8Magnus Kroken2020-09-283-36/+36
| | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues and the most notable of them are described in more detail in the security advisories. * Local side channel attack on RSA and static Diffie-Hellman * Local side channel attack on classical CBC decryption in (D)TLS * When checking X.509 CRLs, a certificate was only considered as revoked if its revocationDate was in the past according to the local clock if available. Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 66893063abf56b7d8c21eceed56e5d27859eaaea)
* mbedtls: update to 2.16.7Magnus Kroken2020-08-273-38/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de (cherry picked from commit 201d6776a0b5858b8ce43a2392c9fe48aa1c4dd7)
* libubox: backport additional length-checking fixesBaptiste Jonglez2020-07-055-1/+284
| | | | | | | Fixes: FS#3177 Cc: Felix Fietkau <nbd@nbd.name> Cc: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* mbedtls: update to 2.16.6Magnus Kroken2020-05-162-4/+4
| | | | | | | | | | | | | Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 02fcbe2f3d4eaf65e90bb167aa7818eacc08c633)
* mbedtls: update to version 2.16.5Josef Schlehofer2020-05-162-4/+4
| | | | | | | | | | | Changelog: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 36af1967f5fcfc889594a8af0f92f873f445d249)
* libjson-c: backport security fixesRobert Marko2020-05-164-2/+117
| | | | | | | | | | | | | This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE, rebase patches on top of json-c 0.12] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit bc0288b76816578f5aeccb2abd679f82bfc5738e)
* libubox: backport blobmsg_check_array() fixJo-Philipp Wich2020-02-272-1/+34
| | | | | | Fixes: FS#2833 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 955634b473284847e3c8281a6ac85655329d8b06)
* libubox: backport security patchesHauke Mehrtens2020-01-2717-1/+1097
| | | | | | | | | | | | | | This backports some security relevant patches from libubox master. These patches should not change the existing API and ABI so that old applications still work like before without any recompilation. Application can now also use more secure APIs. The new more secure interfaces are also available, but not used. OpenWrt master and 19.07 already have these patches by using a more recent libubox version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-31/+31
| | | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 6e96fd90471a49185bcfe9dcb4844d444674ecab)
* openssl: update to version 1.0.2uJosef Schlehofer2020-01-011-2/+2
| | | | | | Fixes CVE-2019-1551 (rsaz_512_sqr overflow bug) on x86_x64 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102Jo-Philipp Wich2019-11-052-1/+57
| | | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c5d5cdb759adc890ce6699117b7119acf280ce77)
* libpcap: update to 1.9.1DENG Qingfang2019-10-195-15/+18
| | | | | | | | | | | | | Fixed CVEs: CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 44f11353de044834a442d3192b66579b99305720)
* libpcap: update to 1.9.0Syrone Wong2019-10-199-306/+50
| | | | | | | | | | | | | 001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream 002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream 202-protocol_api.patch dropped due to implemented upstream by another way upstream commit: https://github.com/the-tcpdump-group/libpcap/commit/55c690f6f834b4762697d7a134de439c9096c921 and renamed via: https://github.com/the-tcpdump-group/libpcap/commit/697b1f7e9b1d6f5a5be04f821d7c5dc62458bb3b ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0 Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
* mbedtls: update to 2.16.3Magnus Kroken2019-09-214-62/+35
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* mbedtls: Update to version 2.16.2Josef Schlehofer2019-09-212-4/+4
| | | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> (cherry picked from commit a2f54f6d5d98211e9c58420eed8c67f4fca83665)
* openssl: bump to 1.0.2t, add maintainerEneas U de Queiroz2019-09-202-3/+4
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed, and Eneas U de Queiroz added as maintainer. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* musl: ldso/dlsym: fix mips returning undef dlsymLuiz Angelo Daros de Luca2019-08-171-1/+1
| | | | | | | | | | | | | | | This happens only the second time a library is loaded by dlopen(). After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef symbol from lib1 dependencies. After the second library is loaded, dlsym(lib2,"undef1") was returning the address of "undef1" in lib2 instead of searching lib2 dependencies. Backporting upstream fix which now uses the same logic for relocation time and dlsym. Fixes openwrt/packages#9297 Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628Eneas U de Queiroz2019-08-174-4/+665
| | | | | | | | | | | | | CVE-2018-16870: medium-severity, new variant of the Bleichenbacher attack to perform downgrade attacks against TLS, which may lead to leakage of sensible data. Backported from 3.15.7. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Backported from 4.1.0. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libbsd: Fix compilation under ARCRosen Penev2019-08-142-1/+31
| | | | | | | | | The 8 year old file does not have any ARC definitions. Signed-off-by: Rosen Penev <rosenp@gmail.com> [updated content of the patch with version sent to upstream] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 395bef4bbacc0dd1cca72907529539194504be27)
* openssl: update to 1.0.2sEneas U de Queiroz2019-06-011-2/+2
| | | | | | | | | Highlights of this version: - Change default RSA, DSA and DH size to 2048 bit - Reject invalid EC point coordinates This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* mbedtls: update to version 2.16.1Hauke Mehrtens2019-05-304-37/+37
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2rStijn Segers2019-04-072-6/+6
| | | | | | | | | | This bump contains bug and security fixes. Compile-tested on ar71xx, ramips/mt7621 and x86/64. Run-tested on ramips/mt7621. Signed-off-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_HASH fixup]
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (cherry picked from commit 989060478ae270885727d91c25b9b52b0f33743c)
* mbedtls: update to 2.14.1 for 18.06Stijn Segers2019-01-304-29/+56
| | | | | | | | | | | | | | | | | | | | | | | Updates mbedtls to 2.14.1. This builds on the previous master commit 7849f74117ce83e4cfcd1448a22cc05dbf9b3486. Fixes in 2.13.0: * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Fixes in 2.14.1: * CVE-2018-19608: Local timing attack on RSA decryption Includes master commit 9e7c4702a1f4e49113d10bc736f50e8a06bdb8ba 'mbedtls: fix compilation on ARM < 6'. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> [Adapted and squashed for 18.06.1+] Signed-off-by: Stijn Segers <foss@volatilesystems.org> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Cosmetic cleanupsDaniel Engberg2018-12-181-1/+1
| | | | | | | | | | | | | | This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2. Source: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73 https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97 Remove the release type option as it's already provided by the toolchain. Source: https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from 5297a759aee34952299d1d42f677f31781026c67)
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-12-181-3/+3
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from ed0d5a1e609e0b39eff9f06e3522396581d0b06e)
* ncurses: use default host installAndy Walsh2018-12-181-6/+0
| | | | | | | * just use default host/install, so libs/headers get properly generated/installed Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from e0196152ebe7b6d11b740a81d0c3bced5b1902c1)
* gettext-full: host compile with -fpicAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 2bbc9376c6c081a8db491f047e32091da6ba0016)
* libbsd: Update to 0.8.7Daniel Engberg2018-12-184-45/+272
| | | | | | | | | | | Update libbsd to 0.8.7 Remove glibc dependency Clean up InstallDev and install entries Use /usr path for consistency Cherry pick patches from upstream to fix musl compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from e341f45913beac28e5574d470ed79e4b6f9ee255)
* ustream-ssl: update to latest git HEADEneas U de Queiroz2018-12-181-3/+3
| | | | | | | | | 23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list 450ada0 ustream-ssl: Revised security on mbedtls 34b0b80 ustream-ssl: add openssl-1.1.0 compatibility Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (backported from 33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)
* wolfssl: disable broken shipped Job server macroJo-Philipp Wich2018-12-181-0/+21
| | | | | | | | | | | | | | | | | The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on plain POSIX shells due to the use of `let`. Shells lacking `let` will fail to run the generated m4sh code and end up invoking "make" with "-jyes" as argument, fialing the build. Since there is no reason in the first place for some random package to muck with the make job server settings and since we do not want it to randomly override "-j" either, simply remove references to this defunct macro to let the build succeed on platforms which not happen to use bash as default shell. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from a27de701b0250b06302350d25dc514e1b488dc59)
* wolfssl: remove myself as maintainerAlexandru Ardelean2018-12-181-1/+0
| | | | | | | | I no longer have the time, nor the desire to maintain this package. Remove myself as maintainer. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> (backported from 20346a63f69bbb919ffdf29bc2e77496d01719e3)
* ncurses: install lib on host buildAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)
* librpc: add host build to install h files needed for nfs-kernel-server to ↵Peter Wagner2018-12-181-0/+9
| | | | | | | get compiled Signed-off-by: Peter Wagner <tripolar@gmx.at> (backported from d8d2133c35c9c9b410e16cdebe878acd0da6382f)
* libnftnl: bump to version 1.1.1Rosy Song2018-12-181-2/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)
* nettle: bump to 3.4Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | 3.4 is mainly a bug fix/maintenance release. 3KB increase in ipk lib size on mips. Compile tested for: ar71xx, ramips Run tested on: ar71xx Archer C7 v2, ramips mir3g Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 1ee5051f202f600d854bcf939ba4ee37f057ace2)
* ustream-ssl: fix build against wolfSSLDaniel Golle2018-12-181-3/+3
| | | | | | | | | | | | | commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke build against wolfSSL because wolfSSL doesn't (yet) support SSL_CTX_set_ecdh_auto() of the OpenSSL API. Fix this in ustream-ssl: 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 4f442f5f383837efcfb345033169178f74f63440)
* wolfssl: change defaults to cover wpa_supplicant needsDaniel Golle2018-12-182-10/+10
| | | | | | | | | | | | | | Implicetely selecting the required options via Kconfig snippet from hostapd worked fine in local builds when using menuconfig but confused the buildbots which (in phase1) may build wpad-mini and hence already come with CONFIG_WPA_WOLFSSL being defined as unset which then won't trigger changing the defaults of wolfssl. Work around by explicitely reflecting wpa_supplicant's needs in wolfssl's default settings to make buildbots happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from dad39249fb91d6f320256ac12944863f09bb2dc9)
* wolfssl: add PKG_CONFIG_DEPENDS symbolsDaniel Golle2018-12-181-1/+10
| | | | | | | | | This change will trigger rebuild on buildbots in case of changed config symbols, like in the case of hostapd selecting some wolfssl symbols lately. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 5857088c5eb3a5a2409e3c57dbfa2487e08bbf4a)
* wolfssl: update to version 3.14.4Daniel Golle2018-12-183-149/+6
| | | | | | | | | Use download from github archive corresponding to v3.14.4 tag because the project's website apparently only offers 3.14.0-stable release downloads. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 4f67c1522d92bc4512c3ecf58c38ff9886530b48)
* package sysfsutils: add support for sysfs settings at bootRodolfo Giometti2018-12-184-0/+83
| | | | | | | This patch is based on sysfsutils package's behaviour on Debian OS. Signed-off-by: Rodolfo Giometti <giometti@linux.it> (backported from 2437e0f67050cad79cc1778b18cefd8d3cd86d07)
* libnftnl: bump to 1.1.0Rosy Song2018-12-183-1706/+3
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from c7e9d72f056a190fe14b1ebc3f07e726121e2965)
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)
* libubox: set RPATH for host buildJo-Philipp Wich2018-09-041-0/+3
| | | | | | | | This is required for programs that indirectly link libjson-c through the libubox blobmsg_json library. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5762efd8b29d68e219fc9d00b681269727cbf5d5)
* libubox: set HOST_BUILD_PREFIXDaniel Golle2018-09-041-0/+1
| | | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 73100024d335caaa7477e5b3be27fad1d228a234)
* libubox: make sure blobmsg-json is included in host-buildDaniel Golle2018-09-041-1/+2
| | | | | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 56e3a19ad6b09b421db84e7266f3df3d459d23b4) [While nothing in 18.06 needs the blobmsg-json host build, this prevents builds failing due to incompatible json-c versions installed on the host system] Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libjson-c: set HOST_BUILD_PREFIXDaniel Golle2018-09-041-1/+2
| | | | | | | | Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make bundle-libraries.sh happy. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit a5368dc30c18947d260c8b68f2f83ca57bdb95b0)
* libjson-c: Update package URLRosen Penev2018-09-041-1/+1
| | | | | | | Found through UScan. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 31f87ebcb25b4d266faaf347073f1913740a5891)
* libjson-c: fix host-buildDaniel Golle2018-09-041-0/+1
| | | | | | | Add -Wno-implicit-fallthrough to HOST_CFLAGS. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 5e9470a93b6e79ec63d2eda16f1849d7e3868562)
* libjson-c: add host build (for libblobmsg-json)Daniel Golle2018-09-041-0/+2
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 6fc8e06078d30e8d36a00d0ecc97ac9cc148fe60)
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-28 13:54:09 +0000