aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
...
* elfutils: enable host buildLucian Cristian2021-11-011-0/+8
| | | | | | | | | | frr 8.0 needs host libelf dev add option for host build tested on x86, ramips, kirkwood Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> [changed commit author's email] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* libsepol: update to version 3.3Dominick Grift2021-10-311-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libsepol/cil: Fix potential undefined shifts libsepol: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. libsepol/cil: Do not skip macros when resolving until later passes libsepol/cil: Limit the amount of reporting for bounds failures libsepol/cil: silence clang void-pointer-to-enum-cast warning libsepol: resolve GCC warning about null-dereference libsepol: use correct cast libsepol: ebitmap: mark nodes of const ebitmaps const Update VERSIONs to 3.3-rc2 for release. libsepol/cil: Handle operations in a class mapping when verifying libsepol/cil: Do not use original type and typeattribute datums libsepol: free memory after policy validation libsepol: avoid implicit conversions libsepol: fix typo libsepol/cil: Free duplicate datums in original calling function libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/cil: Limit the number of active line marks libsepol/cil: Add function to get number of items in a stack libsepol: Fix detected RESOURCE_LEAKs libsepol/cil: Fix syntax checking in __cil_verify_syntax() libsepol/cil: Use size_t for len in __cil_verify_syntax() libsepol/cil: Remove redundant syntax checking libsepol/cil: Improve in-statement to allow use after inheritance libsepol/cil: Simplify cil_tree_children_destroy() libsepol/cil: Refactor the function __cil_build_ast_node_helper() libsepol/cil: Don't destroy optionals whose parent will be destroyed libsepol/cil: Properly check for parameter when inserting name libsepol/cil: Reset expandtypeattribute rules when resetting AST libsepol/cil: Properly check parse tree when printing error messages libsepol/cil: Allow some duplicate macro and block declarations libsepol/cil: When writing AST use line marks for src_info nodes libsepol/cil: Report correct high-level language line numbers libsepol/cil: Add line mark kind and line number to src info libsepol/cil: Create common string-to-unsigned-integer functions libsepol/cil: Push line mark state first when processing a line mark libsepol/cil: Check for valid line mark type immediately libsepol/cil: Check the token type after getting the next token libsepol/cil: Check syntax of src_info statement libsepol/cil: move the fuzz target and build script to the selinux repository libsepol: replace strerror by %m libsepol/cil: remove obsolete comment libsepol/cil: do not allow \0 in quoted strings libsepol/cil: Fix handling category sets in an expression libsepol: assure string NUL-termination of ibdev_name libsepol: avoid implicit conversions libsepol: ignore UBSAN false-positives libsepol: avoid unsigned integer overflow libsepol/cil: Improve checking for bad inheritance patterns libsepol: silence -Wextra-semi-stmt warning libsepol/cil: do not override previous results of __cil_verify_classperms libsepol/cil: Provide option to allow qualified names in declarations libsepol/cil: make array cil_sym_sizes const libsepol/cil: Only reset AST if optional has a declaration libsepol/cil: Add function to determine if a subtree has a declaration libsepol/cil: Improve degenerate inheritance check libsepol/cil: Reduce the initial symtab sizes for blocks libsepol/cil: Check for empty list when marking neverallow attributes libsepol/cil: Fix syntax checking of defaultrange rule libsepol/cil: Properly check for loops in sets libsepol/cil: Allow duplicate optional blocks in most cases libsepol: declare read-only arrays const libsepol: declare file local variable static libsepol: drop unnecessary casts libsepol: drop repeated semicolons libsepol/cil: avoid using maybe uninitialized variables libsepol/cil: drop unnecessary casts libsepol/cil: drop dead store libsepol/cil: drop extra semicolon libsepol/cil: silence cast warning libsepol: remove dead stores libsepol: do not allocate memory of size 0 libsepol: mark read-only parameters of type_set_ interfaces const libsepol: mark read-only parameters of ebitmap interfaces const libsepol: remove dead stores libsepol/cil: follow declaration-after-statement libsepol: follow declaration-after-statement libsepol: avoid unsigned integer overflow libsepol: remove unused functions libsepol: resolve missing prototypes libsepol: fix typos libsepol: Quote paths when generating policy.conf from binary policy libsepol/cil: Account for anonymous category sets in an expression libsepol/cil: Fix anonymous IP address call arguments libsepol: quote paths in CIL conversion libsepol/cil: Resolve anonymous levels only once libsepol/cil: Pointers to datums should be set to NULL when resetting libsepol/cil: Resolve anonymous class permission sets only once libsepol/cil: Limit the number of open parenthesis allowed libsepol/cil: Destroy the permission nodes when exiting with an error libsepol/cil: Handle disabled optional blocks in earlier passes libsepol/cil: Do not resolve arguments to declarations in the call libsepo/cil: Refactor macro call resolution libsepol/cil: Do not add NULL node when inserting key into symtab libsepol/cil: Make name resolution in macros work as documented libsepol/cil: Fix name resolution involving inherited blocks libsepol/cil: Check for self-referential loops in sets libsepol/cil: Return an error if a call argument fails to resolve libsepol/cil: Check datum in ordered list for expected flavor libsepol/cil: Detect degenerate inheritance and exit with an error libsepol/cil: Fix instances where an error returns SEPOL_OK libsepol/cil: Properly reset an anonymous classperm set libsepol: use checked arithmetic builtin to perform safe addition libsepol/cil: Add functions to make use of cil_write_ast() libsepol/cil: Create functions to write the CIL AST libsepol/cil: Use CIL_ERR for error messages in cil_compile() libsepol/cil: Make invalid statement error messages consistent libsepol/cil: Do not allow tunable declarations in in-statements libsepol/cil: Sync checks for invalid rules in macros libsepol/cil: Check for statements not allowed in optional blocks libsepol/cil: Sync checks for invalid rules in booleanifs libsepol/cil: Reorder checks for invalid rules when resolving AST libsepol/cil: Use AST to track blocks and optionals when resolving libsepol/cil: Create new first child helper function for building AST libsepol/cil: Cleanup build AST helper functions libsepol/cil: Reorder checks for invalid rules when building AST libsepol/cil: Move check for the shadowing of macro parameters libsepol/cil: Create function cil_add_decl_to_symtab() and refactor libsepol/cil: Refactor helper function for cil_gen_node() libsepol/cil: Allow permission expressions when using map classes libsepol/cil: Exit with an error if declaration name is a reserved word libsepol/cil: More strict verification of constraint leaf expressions libsepol/cil: Set class field to NULL when resetting struct cil_classperms libsepol/cil: cil_reset_classperms_set() should not reset classpermission libsepol/cil: Destroy classperm list when resetting map perms libsepol/cil: Destroy classperms list when resetting classpermission libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" libsepol/cil: Check for duplicate blocks, optionals, and macros libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression libsepol: Enclose identifier lists in CIL constraint expressions libsepol/cil: Allow lists in constraint expressions libsepol: Enclose identifier lists in constraint expressions libsepol: Write "NO_IDENTIFIER" for empty constraint expression libsepol: make num_* unsigned int in module_to_cil libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs libsepol/cil: fix NULL pointer dereference in __cil_insert_name libsepol/cil: replace printf with proper cil_tree_log libsepol/cil: remove stray printf libsepol/cil: make cil_post_fc_fill_data static libsepol: Check kernel to CIL and Conf functions for supported versions libsepol: Remove unnecessary copying of declarations from link.c libsepol: Properly handle types associated to role attributes libsepol: Expand role attributes in constraint expressions Signed-off-by: Daniel Golle <daniel@makrotopia.org> [re-apply now that buildbot phase1 has caught up] Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* Revert "libsepol: update to version 3.3"Daniel Golle2021-10-291-3/+3
| | | | | | | | | This reverts commit de8a800ca9bda1171bfe17ee7653532465a8b596. Host build uses host includes instead of staging/hostpkg. This breaks the build in case of selinux host libs being older than version 3.3. Revert for now until better fix is found. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: update to version 3.3Dominick Grift2021-10-281-4/+4
| | | | | | | | | | | | Update VERSIONs to 3.3 for release. Update VERSIONs to 3.3-rc3 for release. Update VERSIONs to 3.3-rc2 for release. Update VERSIONs and Python bindings version to 3.3-rc1 for release libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_write_langext() libsemanage: silence -Wextra-semi-stmt warning libsemanage: fix use-after-free in parse_module_store() Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libselinux: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libselinux: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. Update VERSIONs to 3.3-rc2 for release. libselinux/utils: drop requirement to combine compiling and linking Update VERSIONs and Python bindings version to 3.3-rc1 for release Improve error message for label file validation libselinux: replace strerror by %m libselinux: silence -Wextra-semi-stmt warning libselinux/utils/getseuser.c: fix build with gcc 4.8 selinux.8: document how mount flag nosuid affects SELinux libselinux: fix typo libselinux: improve getcon(3) man page libselinux: selinux_status_open: return 1 in fallback mode libselinux: do not use status page fallback mode internally libselinux: make selinux_status_open(3) reentrant libselinux: avc_destroy(3) closes status page libselinux: label_file.c: fix indent libselinux: regex: unify parameter names libselinux: sidtab_sid_stats(): unify parameter name libselinux: drop redundant casts to the same type libselinux: label_db::db_init(): open file with CLOEXEC mode libselinux: matchpathcon: free memory on realloc failure libselinux: label_file::init(): do not pass NULL to strdup libselinux: init_selinux_config(): free resources on error libselinux: matchmediacon(): close file on error libselinux: store_stem(): do not free possible non-heap object libselinux: getdefaultcon: free memory on multiple same arguments libselinux: setexecfilecon(): drop dead assignment libselinux: label_media::init(): drop dead assignment libselinux: label_x::init(): drop dead assignment libselinux: context_new(): drop dead assignment libselinux: exclude_non_seclabel_mounts(): drop unused variable libselinux: getconlist: free memory on multiple level arguments libselinux: selabel_get_digests_all_partial_matches: free memory after FTS_D block libselinux: selinux_restorecon: mark local variable static libselinux: avcstat: use standard length modifier for unsigned long long libselinux: sefcontext_compile: mark local variable static libselinux: Sha1Finalise(): do not discard const qualifier libselinux: label_common(): do not discard const qualifier libselinux: selinux_file_context_cmp(): do not discard const qualifier libselinux: sidtab_hash(): do not discard const qualifier libselinux: silence -Wstringop-overflow warning from gcc 10.3.1 libselinux: selinux_check_passwd_access_internal(): respect deny_unknown libselinux: do not duplicate make target when going into subdirectory Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsepol: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libsepol/cil: Fix potential undefined shifts libsepol: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. libsepol/cil: Do not skip macros when resolving until later passes libsepol/cil: Limit the amount of reporting for bounds failures libsepol/cil: silence clang void-pointer-to-enum-cast warning libsepol: resolve GCC warning about null-dereference libsepol: use correct cast libsepol: ebitmap: mark nodes of const ebitmaps const Update VERSIONs to 3.3-rc2 for release. libsepol/cil: Handle operations in a class mapping when verifying libsepol/cil: Do not use original type and typeattribute datums libsepol: free memory after policy validation libsepol: avoid implicit conversions libsepol: fix typo libsepol/cil: Free duplicate datums in original calling function libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/cil: Limit the number of active line marks libsepol/cil: Add function to get number of items in a stack libsepol: Fix detected RESOURCE_LEAKs libsepol/cil: Fix syntax checking in __cil_verify_syntax() libsepol/cil: Use size_t for len in __cil_verify_syntax() libsepol/cil: Remove redundant syntax checking libsepol/cil: Improve in-statement to allow use after inheritance libsepol/cil: Simplify cil_tree_children_destroy() libsepol/cil: Refactor the function __cil_build_ast_node_helper() libsepol/cil: Don't destroy optionals whose parent will be destroyed libsepol/cil: Properly check for parameter when inserting name libsepol/cil: Reset expandtypeattribute rules when resetting AST libsepol/cil: Properly check parse tree when printing error messages libsepol/cil: Allow some duplicate macro and block declarations libsepol/cil: When writing AST use line marks for src_info nodes libsepol/cil: Report correct high-level language line numbers libsepol/cil: Add line mark kind and line number to src info libsepol/cil: Create common string-to-unsigned-integer functions libsepol/cil: Push line mark state first when processing a line mark libsepol/cil: Check for valid line mark type immediately libsepol/cil: Check the token type after getting the next token libsepol/cil: Check syntax of src_info statement libsepol/cil: move the fuzz target and build script to the selinux repository libsepol: replace strerror by %m libsepol/cil: remove obsolete comment libsepol/cil: do not allow \0 in quoted strings libsepol/cil: Fix handling category sets in an expression libsepol: assure string NUL-termination of ibdev_name libsepol: avoid implicit conversions libsepol: ignore UBSAN false-positives libsepol: avoid unsigned integer overflow libsepol/cil: Improve checking for bad inheritance patterns libsepol: silence -Wextra-semi-stmt warning libsepol/cil: do not override previous results of __cil_verify_classperms libsepol/cil: Provide option to allow qualified names in declarations libsepol/cil: make array cil_sym_sizes const libsepol/cil: Only reset AST if optional has a declaration libsepol/cil: Add function to determine if a subtree has a declaration libsepol/cil: Improve degenerate inheritance check libsepol/cil: Reduce the initial symtab sizes for blocks libsepol/cil: Check for empty list when marking neverallow attributes libsepol/cil: Fix syntax checking of defaultrange rule libsepol/cil: Properly check for loops in sets libsepol/cil: Allow duplicate optional blocks in most cases libsepol: declare read-only arrays const libsepol: declare file local variable static libsepol: drop unnecessary casts libsepol: drop repeated semicolons libsepol/cil: avoid using maybe uninitialized variables libsepol/cil: drop unnecessary casts libsepol/cil: drop dead store libsepol/cil: drop extra semicolon libsepol/cil: silence cast warning libsepol: remove dead stores libsepol: do not allocate memory of size 0 libsepol: mark read-only parameters of type_set_ interfaces const libsepol: mark read-only parameters of ebitmap interfaces const libsepol: remove dead stores libsepol/cil: follow declaration-after-statement libsepol: follow declaration-after-statement libsepol: avoid unsigned integer overflow libsepol: remove unused functions libsepol: resolve missing prototypes libsepol: fix typos libsepol: Quote paths when generating policy.conf from binary policy libsepol/cil: Account for anonymous category sets in an expression libsepol/cil: Fix anonymous IP address call arguments libsepol: quote paths in CIL conversion libsepol/cil: Resolve anonymous levels only once libsepol/cil: Pointers to datums should be set to NULL when resetting libsepol/cil: Resolve anonymous class permission sets only once libsepol/cil: Limit the number of open parenthesis allowed libsepol/cil: Destroy the permission nodes when exiting with an error libsepol/cil: Handle disabled optional blocks in earlier passes libsepol/cil: Do not resolve arguments to declarations in the call libsepo/cil: Refactor macro call resolution libsepol/cil: Do not add NULL node when inserting key into symtab libsepol/cil: Make name resolution in macros work as documented libsepol/cil: Fix name resolution involving inherited blocks libsepol/cil: Check for self-referential loops in sets libsepol/cil: Return an error if a call argument fails to resolve libsepol/cil: Check datum in ordered list for expected flavor libsepol/cil: Detect degenerate inheritance and exit with an error libsepol/cil: Fix instances where an error returns SEPOL_OK libsepol/cil: Properly reset an anonymous classperm set libsepol: use checked arithmetic builtin to perform safe addition libsepol/cil: Add functions to make use of cil_write_ast() libsepol/cil: Create functions to write the CIL AST libsepol/cil: Use CIL_ERR for error messages in cil_compile() libsepol/cil: Make invalid statement error messages consistent libsepol/cil: Do not allow tunable declarations in in-statements libsepol/cil: Sync checks for invalid rules in macros libsepol/cil: Check for statements not allowed in optional blocks libsepol/cil: Sync checks for invalid rules in booleanifs libsepol/cil: Reorder checks for invalid rules when resolving AST libsepol/cil: Use AST to track blocks and optionals when resolving libsepol/cil: Create new first child helper function for building AST libsepol/cil: Cleanup build AST helper functions libsepol/cil: Reorder checks for invalid rules when building AST libsepol/cil: Move check for the shadowing of macro parameters libsepol/cil: Create function cil_add_decl_to_symtab() and refactor libsepol/cil: Refactor helper function for cil_gen_node() libsepol/cil: Allow permission expressions when using map classes libsepol/cil: Exit with an error if declaration name is a reserved word libsepol/cil: More strict verification of constraint leaf expressions libsepol/cil: Set class field to NULL when resetting struct cil_classperms libsepol/cil: cil_reset_classperms_set() should not reset classpermission libsepol/cil: Destroy classperm list when resetting map perms libsepol/cil: Destroy classperms list when resetting classpermission libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" libsepol/cil: Check for duplicate blocks, optionals, and macros libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression libsepol: Enclose identifier lists in CIL constraint expressions libsepol/cil: Allow lists in constraint expressions libsepol: Enclose identifier lists in constraint expressions libsepol: Write "NO_IDENTIFIER" for empty constraint expression libsepol: make num_* unsigned int in module_to_cil libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs libsepol/cil: fix NULL pointer dereference in __cil_insert_name libsepol/cil: replace printf with proper cil_tree_log libsepol/cil: remove stray printf libsepol/cil: make cil_post_fc_fill_data static libsepol: Check kernel to CIL and Conf functions for supported versions libsepol: Remove unnecessary copying of declarations from link.c libsepol: Properly handle types associated to role attributes libsepol: Expand role attributes in constraint expressions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* wolfssl: enable ECC Curve 25519 by defaultStan Grishin2021-10-241-1/+1
| | | | | | | * fixes https://github.com/openwrt/packages/issues/16652 see https://github.com/openwrt/packages/issues/16674#issuecomment-934983898 Signed-off-by: Stan Grishin <stangri@melmac.net>
* uclibc++: removeRosen Penev2021-10-247-398/+0
| | | | | | | | | | | | | | | No package here depends on it. Furthermore, uClibc++ is a fairly buggy C++ library and seems to be relatively inactive upstream. It also lacks proper support for modern C++11 features. The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static linking and LTO can help bring the size down of packages that need it. Added warning message to uclibc++.mk Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: fix compile when enable-devcrypto is setIvan Pavlov2021-10-211-0/+22
| | | | | | | fixing linking error when --enable-devcrypto=yes fixes: 7d92bb050961 wolfssl: update to 4.8.1-stable Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* ncurses: add tmux terminfoJitao Lu2021-10-191-1/+3
| | | | | | | | | | They're preferred terminal descriptions for tmux, with additional support to some special characters and italic fonts. More info can be found at: https://github.com/tmux/tmux/wiki/FAQ Fixes: FS#3404 Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
* wolfssl: remove --enable-sha512 configure switchAndre Heider2021-10-171-2/+2
| | | | | | | | | | It's the default anyway and this just looks confusing, as if it wasn't. Switch to AUTORELEASE while at it. The binary size is unchanged. Signed-off-by: Andre Heider <a.heider@gmail.com>
* wolfssl: always build with --enable-reproducible-buildAndre Heider2021-10-171-0/+1
| | | | | | | | | | | This gates out anything that might introduce semantically frivolous jitter, maximizing chance of identical object files. The binary size shrinks by 8kb: 1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f 1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f Signed-off-by: Andre Heider <a.heider@gmail.com>
* wolfssl: build with WOLFSSL_ALT_CERT_CHAINSAndre Heider2021-10-171-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | "Alternate certification chains, as oppossed to requiring full chain validataion. Certificate validation behavior is relaxed, similar to openssl and browsers. Only the peer certificate must validate to a trusted certificate. Without this, all certificates sent by a peer must be used in the trust chain or the connection will be rejected." This fixes e.g. uclient-fetch and curl connecting to servers using a Let's Encrypt certificate which are cross-signed by the now expired DST Root CA X3, see [0]. This is the recommended solution from upstream [1]. The binary size increases by ~12.3kb: 1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f 1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f [0] https://github.com/openwrt/packages/issues/16674 [1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793 Signed-off-by: Andre Heider <a.heider@gmail.com> [bump PKG_RELEASE] Signed-off-by: David Bauer <mail@david-bauer.net>
* wolfssl: update to 4.8.1-stableIvan Pavlov2021-09-134-18/+11
| | | | | | | | | | | Changes from 4.7.0: Fix one high (OCSP verification issue) and two low vulnerabilities Improve compatibility layer Other improvements and fixes For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* libjson-c: remove old math patchRosen Penev2021-08-302-45/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove old math patch meant for old GCC versions. It's not needed for GCC and causes issues with clang. Add CMake patch to identify clang properly and apply the proper flags. Fixes the following warnings/errors: json_pointer.c:230:7: warning: implicit declaration of function 'vasprintf' is invalid in C99 [-Wimplicit-function-declaration] rc = vasprintf(&path_copy, path_fmt, args); ^ json_pointer.c:317:7: warning: implicit declaration of function 'vasprintf' is invalid in C99 [-Wimplicit-function-declaration] rc = vasprintf(&path_copy, path_fmt, args); ^ /usr/include/bits/mathcalls.h:177:23: error: cannot redeclare builtin function '__builtin_isinf' __MATHDECL_ALIAS (int,isinf,, (_Mdouble_ __value), isinf) ^ /usr/include/bits/mathcalls.h:177:23: note: '__builtin_isinf' is a builtin with type 'int ()' /usr/include/bits/mathcalls.h:213:23: error: cannot redeclare builtin function '__builtin_isnan' __MATHDECL_ALIAS (int,isnan,, (_Mdouble_ __value), isnan) The clang patch is an upstream backport. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssl: bump to 1.1.1lEneas U de Queiroz2021-08-262-5/+4
| | | | | | | | | | | This version fixes two vulnerabilities: - SM2 Decryption Buffer Overflow (CVE-2021-3711) Severity: High - Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Severity: Medium Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libubox: update to the latest versionFelix Fietkau2021-08-241-3/+3
| | | | | | d716ac4bc423 list.h: add a few missing iterator macros Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: fix build with GCC 10 on 32 x86 targetsStijn Tintel2021-08-201-0/+123
| | | | | | Backport upstream patch to fix build with GCC 10 on 32 x86 targets. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* pcre: update to 8.45Rosen Penev2021-08-081-3/+3
| | | | | | Switch to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* nettle: update to 3.7.3Rosen Penev2021-08-082-7/+7
| | | | | | | | Switch to AUTORELEASE to avoid manual increments. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: update to 2.16.11Rosen Penev2021-08-081-3/+3
| | | | | | | | | Switched to AUTORELEASE to avoid manual increments. Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: update to 1.10.1Rosen Penev2021-08-083-5/+5
| | | | | | | | Switch to AUTORELEASE to avoid manual increments. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnftnl: update to 1.2.0Rosen Penev2021-08-081-3/+3
| | | | | | Switch to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcap: update to 2.51Rosen Penev2021-08-081-3/+3
| | | | | | Switched to AUTORELEASE to avoid manual increments. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* elfutils: update to 0.182Rosen Penev2021-08-087-66/+12
| | | | | | | | | | | | | | | Add --disable-libdebuginfod with remove libcurl dependency. Remove totally unused host elfutils. Refreshed and rebased patches. Also happens to fix compilation with GCC11. Newer versions of elfutils seem to have some kind of dependency on obstack. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* gettext-full: disable parallel compilationRosen Penev2021-08-081-2/+2
| | | | | | Fails fairly reliably with make -j 12 on a Ryzen 3600. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: add rpcapd as packageStephan Schmidtmer2021-08-081-1/+20
| | | | | | | | | | | | This enables building of rpcapd and adds it as a package. It is a daemon that allows remote packet capturing from another machine. E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP). https://www.tcpdump.org/manpages/rpcapd.8.html Compile and run tested: OpenWrt SNAPSHOT r17190-2801fe6132 on x86/64 Signed-off-by: Stephan Schmidtmer <hurz@gmx.org>
* elfutils: fix building with GCC 11Rui Salvaterra2021-07-251-0/+22
| | | | | | | Add a patch to fix building with GCC 11, which triggers new warnings by enabling -Warray-parameter by default. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* treewide: unmark selected packages nonsharedPetr Štetiar2021-07-023-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts changes done in commit 72cc44958ef4 ("treewide: mark selected packages nonshared") as it removes the nonshared flag, but keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared flag was incorrect. Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared packages as this fix attempt didn't worked out. Currently the imagebuilder is broken again: openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl ... Collected errors: * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status * pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo * pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured * satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl: * libiwinfo20210430 * opkg_install_cmd: Cannot install package luci-ssl-openssl. Everything because iwinfo's ABI was changed two times since rc3 release: +IWINFO_ABI_VERSION:=20210430 +IWINFO_ABI_VERSION:=20210420 Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by phase2 builders: d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease 95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis So now luci-mod-status depends on libiwinfo20210430 but only libiwinfo20210106 can be downloaded. This is first part of the fix, in the upcoming commit Jo is going to remove nonshared flag from iwinfo package as well. References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html Acked-by: Jo-Philipp Wich <jo@mein.io> Reported-by: Nick Hainke <vincent@systemli.org> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: variants conflict with each otherKarel Kočí2021-06-211-1/+3
| | | | | | | | This adds conflicts between variants of libustream pacakge. They provide the same file and thus it should not be possible to install them side by side. Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* treewide: remove PKG_INSTALL from CMake packagesRosen Penev2021-06-191-2/+0
| | | | | | | | | | | | It's already default with cmake.mk Found with: git grep PKG_INSTALL\: | cut -d ':' -f 1 | sort -u > ins git grep cmake.mk | cut -d ':' -f 1 > cmake comm -1 -2 ins cmake Signed-off-by: Rosen Penev <rosenp@gmail.com>
* treewide: remove BUILD_PARALLEL from CMake packagesRosen Penev2021-06-193-3/+0
| | | | | | | | | | | | | It's already default. The only exception is mt76 which has Ninja disabled. Found with: git grep BUILD_PARALLEL | cut -d ':' -f 1 | sort -u > par git grep cmake.mk | cut -d ':' -f 1 > cmake comm -1 -2 par cmake Signed-off-by: Rosen Penev <rosenp@gmail.com>
* treewide: mark selected packages nonsharedHannu Nyman2021-06-133-3/+8
| | | | | | | | | | | | | | | | | | | | Mark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared packages. This helps to keep coherent dependencies if these ABI versioned packages are later updated. Before this commit it is possible to get missing dependencies in target-specific nonshared packages (like iwinfo) that depend on these shared ABI versioned packages. If these are later updated and rebuilt, only the new ABI version will be available for download, while the target-specific packages in releases continue to depend on the old ABI version. After this commit the packages are built along the other nonshared packages by the phase1 images buildbot and will be available at the target/ download directories instead of packages/base dir. That will help to keep a coherent set available. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* package: fix cmake packages build with ninjaRosen Penev2021-06-121-1/+1
| | | | | | | | += is needed for CMAKE_OPTIONS. mt76 needs Ninja disabled as the kernel stuff uses normal make. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* wolfssl: add support for OpenVPNIvan Pavlov2021-05-232-1/+7
| | | | | | | | | | Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4, so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* wolfssl: always export wc_ecc_set_rngDavid Bauer2021-05-212-1/+51
| | | | | | | | | | | | | | | Since commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") wolfssl requires a RNG for an EC key when the hardened built option is selected. wc_ecc_set_rng is only available when built hardened, so there is no safe way to install the RNG to the key regardless whether or not wolfssl is compiled hardened. Always export wc_ecc_set_rng so tools such as hostapd can install RNG regardless of the built settings for wolfssl. Signed-off-by: David Bauer <mail@david-bauer.net>
* libubox: update to the latest versionFelix Fietkau2021-05-181-3/+3
| | | | | | | | | | | | 870acee325fe tests: cram: test_base64: fix failing tests 4d8995e91d56 tests: cram: test_base64: really fix failing tests 551d75b5662c libubox: tests: add more blobmsg/json test cases a0dbcf8b8f96 tests: add blob-buffer overflow test b36a3a90098d blob: fix exceeding maximum buffer length b8abed749423 utils.h: add fallthrough macro b14c4688612c json_script: fix unannotated fall-through warning Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uclient: update to Git version 2021-05-14Baptiste Jonglez2021-05-141-3/+3
| | | | | | | | 6a6011d uclient-http: set eof mark when content-length is 0 19571e4 tests: fix help usage test for uclient built with sanitizer c5fc04b tests: fix help usage test Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* libsemanage: fix pkgconfig pathsRosen Penev2021-04-151-1/+3
| | | | | | The pkgconfig file currently points to host paths. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcap: bump to 2.48Stijn Tintel2021-04-051-2/+2
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: drop invalid copyright headerStijn Tintel2021-04-051-2/+0
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: import from packages feedStijn Tintel2021-04-052-0/+126
| | | | | | | | | | | | Having libcap in OpenWrt base allows us to enable libcap support in other packages in base. In lldpd, this would allow the monitor process to drop its privileges instead of running as root, improving security. It will also allow us to drop our patch to disable libcap. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* uclient: update to Git version 2021-04-03Hauke Mehrtens2021-04-031-3/+3
| | | | | | | 83efca2 tests: fix possibly longer start of HTTP server 64e00d6 uclient-fetch: document missing options Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ncurses: add screen-256color terminfoPaul Spooren2021-03-291-1/+2
| | | | | | | The terminfo is required by the popular terminal multiplexer screen and tmux, offer it by default as the size impact is minimal with 885 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ncurses: split long line of supported terminfoPaul Spooren2021-03-291-1/+12
| | | | | | | The terminfo files were all in one row which is terrible to read. Split them over multiple lines to improve readability. Signed-off-by: Paul Spooren <mail@aparcar.org>
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-262-25/+24
| | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "openssl: refresh patches"Kevin Darbyshire-Bryant2021-03-2611-2498/+180
| | | | | | This reverts commit e27ef2da0d513494c3e9926ce8d44b63e4236a32. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: refresh patchesKevin Darbyshire-Bryant2021-03-2611-180/+2498
| | | | | | Tidy up some patch fuzz. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* elfutils: enable building with MIPS16Tony Ambardar2021-03-251-2/+2
| | | | | | | | | | | | | | | | | | Building with MIPS16 was disabled in 2013 due to an issue with GCC TLS: https://dev.archive.openwrt.org/ticket/13572. But after the problematic GCC version was retired, this change wasn't revisited. Re-enable MIPS16 builds to reduce average elfutils library sizes ~10%. This was compile-tested on malta/mips32be and malta/mips32le, and linked with iproute2 for run-testing. Package sizes follow: Library MIPS16:=0 MIPS16:=1 ------- --------- --------- libelf1 43217 37492 libasm1 12481 11658 libdw1 229723 205793 Signed-off-by: Tony Ambardar <itugrok@yahoo.com>