aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-112-28/+28
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* uclient: update to 2017-09-06Matthias Schiffer2017-09-061-3/+3
| | | | | | | 24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses 83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: update to version 1.0.2lLucian Cristian2017-07-284-10/+10
| | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* zlib: use default Build/Configure ruleStijn Tintel2017-07-141-11/+9
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lzo: use default Build/Configure ruleStijn Tintel2017-07-141-6/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ncurses: add libnucrses-dev packageDaniel Golle2017-07-081-0/+20
| | | | | | It's needed to use the SDK and IB on an OpenWrt/LEDE host. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* libreadline: add host-buildDaniel Golle2017-06-242-0/+2
| | | | | | Also make sure that the PKG_NAME and folder name are equal. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libunwind: update to version 1.2.1Yousong Zhou2017-06-192-48/+2
| | | | | | | | | | Changes since 1.2 a77b0cd Bump version to v1.2.1 5f354cb mips/tilegx: Add missing unwind_i.h header file 620d1c3 Add aarch64 getcontext functionality. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libubox: update to the latest version, fixes a runqueue use-after-free bugFelix Fietkau2017-06-171-3/+3
| | | | | | | | | | | 7237302 md5: add "const" qualifier to the "file" argument fa9937c json_script: enable custom expr handler callback 368fd26 uloop: allow specifying a timeout for uloop_run() 6a7fb7d runqueue: fix use-after-free bug 4bc3dec uloop: fix a regression in timeout handling fd57eea uloop: allow passing 0 as timeout to uloop_run Signed-off-by: Felix Fietkau <nbd@nbd.name>
* elfutils: Pass -Wno-unused-result to silence warnings as errorsFlorian Fainelli2017-05-261-1/+1
| | | | | | | | | | | | | | | | | | | elfutils turns on -Werror by default, and patch 100-musl-compat.patch changes how strerror_r is used and we no longer use the function's return value. This causes the following build error/warning to occur with glibc-based toolchains: dwfl_error.c: In function 'dwfl_errmsg': dwfl_error.c:158:18: error: ignoring return value of 'strerror_r', declared with attribute warn_unused_result [-Werror=unused-result] strerror_r (error & 0xffff, s, sizeof(s)); ^ cc1: all warnings being treated as errors Fixing this would be tricky as there are two possible signatures for strerror_r (XSI and GNU), just turn off unused-result warnings instead. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* json-c: disable implicit fallthrough warning (gcc 7)Felix Fietkau2017-05-251-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libunwind: update to 1.2Yousong Zhou2017-05-223-19/+58
| | | | | | | | | | | Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new tarball is released yet Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* elfutils: bump to 0.169Luiz Angelo Daros de Luca2017-05-186-241/+271
| | | | | | | | Removed patches (now upstream): - 004-maybe-uninitialized.patch - 007-fix_TEMP_FAILURE_RETRY.patch Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* libs/libnftnl: Update to 1.0.7Daniel Engberg2017-05-161-3/+3
| | | | | | Update libnftnl to 1.0.7 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: Package libgompFlorian Fainelli2017-05-111-0/+35
| | | | | | | Some external toolchains may be configured to enable OpenMP. Provide a package for these libraries which can be used by other packages. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* libs/libpcap: Rework URLsDaniel Engberg2017-03-221-1/+2
| | | | | | | Add mirror and use main site as last resort. Source: http://www.tcpdump.org/mirrors.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libs/openssl: Refresh mirror listDaniel Engberg2017-03-221-5/+6
| | | | | | | Refresh mirror list, some doesn't offer OpenSSL and add main site as last resort. Source: https://www.openssl.org/source/mirror.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* lzo: Update to 2.10Daniel Engberg2017-03-201-2/+2
| | | | | | Update lzo to 2.10 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libnl: Fix building with uClibcAlexey Brodkin2017-03-161-0/+105
| | | | | | | | | | | | | | | | | | | | uClibc doesn't implement strerror_l() and thus libnl starting from 3.2.29 couldn't be compiled with it any longer, see https://github.com/thom311/libnl/commit/6c2d111177e91184073c44f83d4a6182aaba06d7 To work-around that problem we'll just do a check on strerror_l() availability during configuration and if it's not there just fall back to locale-less strerror(). Patch for libnl is alreadfy merged upstream, see https://github.com/thom311/libnl/commit/e15966ac7f3b43df2acf869f98089762807d0568 and once the next libnl release happens this one must be removed from Lede/OpenWrt. Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com> Cc: Felix Fietkau <nbd@nbd.name> Cc: John Crispin <john@phrozen.org> Cc: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: add musl libc.so to external toolchainHauke Mehrtens2017-03-151-1/+1
| | | | | | | | | musl provides a /lib/libc.so file which should be integrated into the libc package when the external toolchain with musl is used. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* mbedtls: update to version 2.4.2Hauke Mehrtens2017-03-132-4/+4
| | | | | | | | | This fixes the following security problems: * CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve * SLOTH vulnerability * Denial of Service through Certificate Revocation List Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: Allow external toolchains to specify libthread-dbFlorian Fainelli2017-03-041-0/+28
| | | | | | | | | | | | | | | | | We need to let external toolchains be able to specify the path and specification file to the libthread-db POSIX thread debugging shared libraries. This fixes GDB not being able to be installed because it is depending on libthread-db: Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies * for gdb: * libthread-db * * opkg_install_cmd: Cannot install package gdb. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* openssl: Use mkhash for STAMP_CONFIGUREDFlorian Fainelli2017-03-011-1/+1
| | | | | | | | | | | | | The current way of creating a STAMP_CONFIGURED filename for OpenSSL can lead to an extremely long filename that makes touch unable to create it, and fail the build. Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a shortert stamp file, Fixes #572 Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* libubox: Update to latest versionTed Hess2017-02-241-3/+3
| | | | | | 9d6305a utils: Change calloc_a() to return size_t aligned pointers Signed-off-by: Ted Hess <thess@kitschensync.net>
* libpcap: add optional netfilter supportMartin Schiller2017-02-222-2/+9
| | | | | | This is needed to use the nflog interface with tcpdump Signed-off-by: Martin Schiller <mschiller@tdt.de>
* mbedtls: add --function-sections and --data-sections to CFLAGSFelix Fietkau2017-02-211-0/+2
| | | | | | | This allows binaries that links these libraries statically to be reduced by using --gc-sections on link Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: fix host build on macOSFelix Fietkau2017-02-201-7/+0
| | | | | | Use the defaults instead of a custom non-portable Host/Install section Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: add host buildJo-Philipp Wich2017-02-191-0/+14
| | | | | | Our opkg fork requires libubox to build, so add a host build for it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libpcap: remove feature dependencies on kmod-* packagesFelix Fietkau2017-02-171-2/+0
| | | | | | USB support could be built into the kernel as well Signed-off-by: Felix Fietkau <nbd@nbd.name>
* toolchain/uclibc: Bump version to 1.0.22Alexey Brodkin2017-02-111-14/+2
| | | | | | | | | | | | | | Important change was made in 1.0.18: all sub-libs were merged in one and only libc similarly to musl. See [1] for more details. To support that we had to remove refences to those sub-libs like libpthread, libcrypt, libdl, libm, libutil etc. [1] http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=29ff9055c80efe77a7130767a9fcb3ab8c67e8ce Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
* uclibc++: patch bugfix erase() on derived __base_associativeBen Kelly2017-02-091-0/+40
| | | | | | | | | | | | | | | | | When calling erase() on a containers derived from __base_associative (e.g. multimap) and providing a pair of iterators a segfault will occur. Example code to reproduce: typedef std::multimap<int, int> testmap; testmap t; t.insert(std::pair<int, int>(1, 1)); t.insert(std::pair<int, int>(2, 1)); t.insert(std::pair<int, int>(3, 1)); t.erase(t.begin(), t.end()); Signed-off-by: Ben Kelly <ben@benjii.net>
* libubox: update to the latest versionFelix Fietkau2017-02-041-3/+3
| | | | | | | | | | | | | | | Adds the following changes: de3f14b uloop: add uloop_cancelling function 3b6181b utils: fix build on Mac OS X 10.12 7f671b1 blobmsg: add support for double 0fe1374 utils: add helper functions useful for allocating a ring buffer 8fc1c30 libubox: replace strtok with _r version. 4a9f74f libubox: allow reading out the pid of uloop process in lua 372e1e6 uloop: remove useless epoll data assignment f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua Signed-off-by: Felix Fietkau <nbd@nbd.name>
* toolchain: Broaden the executable loader patternFlorian Fainelli2017-01-291-1/+1
| | | | | | | | | | Some toolchains will produce executables with an interpreter that is e.g: ld.so.1 (typically a symbolic link). Due to our current LIBC_SPEC_FILE value, we would not be able to copy this symbolic link/file over to the rootfs and executables would fail to load. Extend the search pattern to include all ld*.so* files that could be needed. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* openssl: update to version 1.0.2kHauke Mehrtens2017-01-276-13/+13
| | | | | | | | | This fixes the following security problems: CVE-2017-3731: Truncated packet could crash via OOB read CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055: Montgomery multiplication may produce incorrect results Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libtool: don't clobber host libtool infrastructureJo-Philipp Wich2017-01-221-7/+7
| | | | | | | | | | | | | | | | The libtool target package stages its files into the host staging directory and moves the libltdl library parts from there into the target staging directory afterwards. By doing so, the package essentially renders the host libtool infrastructure unusable, leading to the below error in subsequent package builds: libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool` Prevent this problem by using a dedicated libltdl install prefix in order to avoid overwriting and moving away preexisting files belonging to tools/libtool. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* gettext-full: fix to use $STAGING_DIR_HOSTPKG instead of $STAGING_DIR/hostMatthias Schiffer2017-01-191-4/+4
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* zlib: Update to 1.2.11Daniel Engberg2017-01-161-3/+3
| | | | | | | | Update to 1.2.11 as suggested by upstream Also add SF as primary source and main site as fallback Note: SF doesn't carry the 1.2.11 update yet. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: add static files in staging_dirDomagoj Pintaric2017-01-161-0/+1
| | | | | Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
* ncurses: revert $(STAGING_DIR_HOSTPKG) to $(STAGING_DIR)/host where appropriateMatthias Schiffer2017-01-141-1/+1
| | | | | | | Host files installed in Build/InstallDev are target-specific and will stay in $(STAGING_DIR)/host after the STAGING_DIR_HOSTPKG unification. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* polarssl: remove packageFelix Fietkau2017-01-132-316/+0
| | | | | | | The mbedTLS 1.3 branch has been EOL since end of 2016 and now all remaining users have been converted. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* gettext-full: avoid using iconv for host buildsJo-Philipp Wich2017-01-111-1/+4
| | | | | | | | | | | The gettext-full host build might pick up iconv-stub host build headers during the build, leading to stray linker errors with unresolved references to libiconv_open(), libiconv() and libiconv_close(). Since we're not needing iconv support on the host, pass the appropriate cache variables to configure to prevent detection and linking of iconv. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* package: replace $(STAGING_DIR)/host with $(STAGING_DIR_HOSTPKG)Matthias Schiffer2017-01-105-14/+14
| | | | | | | | | Cleanup to prepare for changing STAGING_DIR_HOSTPKG. The actual change of STAGING_DIR_HOSTPKG (i.e., moving the host packages back into a common, not target-specific directory) will be done after the first LEDE release, but the cleanup will also be useful for projects like Gluon. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libnl: Update to 3.2.29Daniel Engberg2017-01-101-3/+3
| | | | | | Update libnl to 3.2.29 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* cyassl: update to wolfssl version 3.10.0Hauke Mehrtens2017-01-101-3/+4
| | | | | | | This fixes a low level security vulnerability. Deactivate MIPS16 support, crypto code gets much slower with MIPS16. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: remove legacy polarssl supportFelix Fietkau2017-01-091-12/+0
| | | | | | | The old polarssl 1.3 branch is EOL since end of 2016, and the package for it will be removed soon. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: re-enable CFB supportFelix Fietkau2017-01-091-9/+0
| | | | | | It is safe and required by some software, e.g. shadowsocks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: re-enable RC4 support (needed by transmission and others)Felix Fietkau2017-01-081-9/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* zlib: update to 1.2.10Magnus Kroken2017-01-071-2/+2
| | | | | | | * Fix bug in deflate_stored() for zero-length input * Fix bug in gzwrite.c that produced corrupt gzip files Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* elfutils: bump to 0.168Luiz Angelo Daros de Luca2017-01-036-218/+183
| | | | | | | | | | | Other changes: - Project moved to sourceware.org - musl patch where cleaned up and submitted upstream - TEMP_FAILURE_RETRY macro fixed and submitted upstream Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> [Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY] Signed-off-by: Jo-Philipp Wich <jo@mein.io>