aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: update to 2.16.6Magnus Kroken2020-04-181-2/+2
| | | | | | | | | | | | | Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 02fcbe2f3d4eaf65e90bb167aa7818eacc08c633)
* mbedtls: update to version 2.16.5Josef Schlehofer2020-04-131-2/+2
| | | | | | | | | | | Changelog: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 36af1967f5fcfc889594a8af0f92f873f445d249)
* openssl: bump to 1.1.1fEneas U de Queiroz2020-04-012-83/+3
| | | | | | | | | | There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit af5ccfbac74b859801cf174460fb8dbf9ed9e181)
* libpcap: Update shared-lib patch from Debian to fix linking problemsHauke Mehrtens2020-03-294-48/+156
| | | | | | | | | | | | | This updates the shared-lib patch to the recent version from debian found here: https://salsa.debian.org/rfrancoise/libpcap/-/blob/debian/1.9.1-2/debian/patches/shared-lib.diff This patch makes it include missing/strlcpy.o to the shared library which is needed for OpenWrt glibc builds, otherwise there is an undefined symbol and tcpdump and other builds are failing. Fixes: 44f11353de04 ("libpcap: update to 1.9.1") Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* readline: needs host depend on ncurses to buildJan Kardell2020-03-291-0/+2
| | | | | | | We must ensure that host ncurses is build before host readline. Signed-off-by: Jan Kardell <jan.kardell@telliq.com> (cherry picked from commit ecef29b29463e7549779e90739e61f8729ccaf09)
* openssl: revert EOF detection change in 1.1.1Eneas U de Queiroz2020-03-292-1/+81
| | | | | | | | | | | | | | | | | | | | | | | This adds patches to avoid possible application breakage caused by a change in behavior introduced in 1.1.1e. It affects at least nginx, which logs error messages such as: nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: xxxx, server: [::]:443 Openssl commits db943f4 (Detect EOF while reading in libssl), and 22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the behavior when encountering an EOF in SSL_read(). Previous behavior was to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits being reverted changed it to SSL_ERRO_SSL, and add an error to the stack, which is correct. Unfortunately this affects a number of applications that counted on the old behavior, including nginx. The reversion was discussed in openssl/openssl#11378, and implemented as PR openssl/openssl#11400. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 2e8a4db9b6b942e3180afda0dc0fd8ac506527f1)
* openssl: update to 1.1.1eEneas U de Queiroz2020-03-224-41/+22
| | | | | | | | This version includes bug and security fixes, including medium-severity CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit dcef8d6093cd54aa990a5ae0099a16e88a18dfbd)
* openssl: add configuration example for afalg-syncEneas U de Queiroz2020-03-222-2/+31
| | | | | | | | This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d9d689589b96bd80e57e5c603d84d6ee95049800)
* libubox: update to latest Git HEADJo-Philipp Wich2020-02-271-3/+3
| | | | | | | | | 7da6643 tests: blobmsg: add test case 75e300a blobmsg: fix wrong payload len passed from blobmsg_check_array Fixes: FS#2833 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 955634b473284847e3c8281a6ac85655329d8b06)
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-24/+24
| | | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 6e96fd90471a49185bcfe9dcb4844d444674ecab)
* libubox: update to version 2020-01-20Petr Štetiar2020-01-201-3/+3
| | | | | | | | | | | | | | | | | 43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes 5c0faaf4f5e2 tests: prefer dynamically allocated buffers 1ffa41535369 blobmsg_json: prefer snprintf usage 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf a2aab30fc918 jshn: prefer snprintf usage b0886a37f39a cmake: add a possibility to set library version a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values f0da3a4283b7 blobmsg_json: fix int16 serialization 20a070f08139 tests: blobmsg/json: add more test cases 379cd33d1992 tests: include json script shunit2 based testing Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 5c73bb12c82c078d8a93cb896348b41598ed9e19)
* libubox: update to version 2019-12-28Petr Štetiar2020-01-051-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contains following changes: cd75136b1342 blobmsg: fix wrong payload len passed from blobmsg_check_array eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods b0e21553ae8c blobmsg: add _len variants for all attribute checking methods cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len 143303149c8b Ensure blob_attr length check does not perform out of bounds reads f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value 2df6d35e3299 tests: add test cases for blobmsg parsing 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes 478597b9f9ae blob: fix OOB access in blob_check_type 325418a7a3c0 tests: use blob_parse_untrusted variant 0b24e24b93e1 blob: introduce blob_parse_untrusted 6d27336e4a8b blob: refactor attr parsing into separate function 833d25797b16 test: fuzz: add blob_parse crashes 09ee90f8d6ed tests: add test cases for blob parsing 436d6363a10b tests: add libFuzzer based tests bf680707acfd tests: add unit tests covered with Clang sanitizers f804578847de cmake: add more hardening compiler flags 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings eb216a952407 cmake: use extra compiler warnings only on gcc6+ 07413cce72e1 tests: jshn: add more test cases 26586dae43a8 jshn: fix missing usage for -p and -o arguments 8e832a771d3a jshn: fix off by one in jshn_parse_file cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj' c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars' 93848ec96dc5 jshn: refactor main into smaller pieces 9b6ede0e5312 avl: guard against theoretical null pointer dereference c008294a8323 blobmsg_json: fix possible uninitialized struct member 0003ea9c45cc base64: fix possible null pointer dereference 8baeeea1f52d add assert.h component b0a5cd8a28bf add cram based unit tests 1fefb7c4d7f9 add initial GitLab CI support c955464d7a9b enable extra compiler checks 6228df9de91d iron out all extra compiler warnings and bumps ABI_VERSION to 20191228. Acked-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: bump to 4.3.0-stableEneas U de Queiroz2020-01-041-3/+3
| | | | | | | | This update fixes many bugs, and six security vulnerabilities, including CVE-2019-18840. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d5ede68f8b67f8fa2b4102b90e5dd3722172299a)
* libubox: bump to version 2019-10-29Yousong Zhou2019-12-231-3/+3
| | | | | | | | It contains a single change to vlist.h header file: "vlist: add more macros for loop iteration". This is needed for newer version of fstools Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 51e76247762d265d4a4aac33456876b83b0cca25)
* libubox: update to latest git HEADRoman Yeryomin2019-12-231-3/+3
| | | | | | | eb30a03 libubox, jshn: add option to write output to a file Signed-off-by: Roman Yeryomin <roman@advem.lv> (cherry picked from commit c0e7ec91a0927002942631bbc995b90f5f7dd7ed)
* wolfssl: update to v4.2.0-stableEneas U de Queiroz2019-11-103-142/+4
| | | | | | | | | | | | | | | | Many bugs were fixed--2 patches removed here. This release of wolfSSL includes fixes for 5 security vulnerabilities, including two CVEs with high/critical base scores: - potential invalid read with TLS 1.3 PSK, including session tickets - potential hang with ocspstaping2 (always enabled in openwrt) - CVE-2019-15651: 1-byte overread when decoding certificate extensions - CVE-2019-16748: 1-byte overread when checking certificate signatures - DSA attack to recover DSA private keys Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit f4853f7cca816214cd6e64cffe2b73d0b8c16def)
* wolfssl: allow building with hw-crytpo and AES-CCMEneas U de Queiroz2019-11-104-21/+160
| | | | | | | | | Hardware acceleration was disabled when AES-CCM was selected as a workaround for a build failure. This applies a couple of upstream patches fixing this. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit ab19627ecc3923687fd339f4f23dc45572d00ce0)
* ustream-ssl: update to latest Git HEADJo-Philipp Wich2019-11-102-59/+3
| | | | | | | | c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect Fixes: CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 6f9157e6bdea91507af84acdf53da7c0e6879bc1)
* ustream-ssl: Update to latest git HEADHauke Mehrtens2019-11-101-5/+5
| | | | | | | | | | | 465f8dc wolfssl: adjust to new API in v4.2.0 3b06c65 Update example certificate & key, fix typo 1c38fd8 wolfssl: enable CN validation 33308ee ustream-io-cyassl.c: fix client-mode connections 79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 57ff06405e09ebce705c01178143c3ce907993b2)
* ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102Jo-Philipp Wich2019-11-052-1/+57
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libevent2: Update to 2.1.11Daniel Engberg2019-11-015-81/+94
| | | | | | | | | | | | | | | Update libevent to 2.1.11 Use CMake instead GNU Autotools Backport following commits: https://github.com/libevent/libevent/commit/f05ba671931e2b4e38459899f6f63f79f99869fe ..and partially https://github.com/libevent/libevent/commit/7201062f3ef505a77baa6ccaf1cf73812462308a to fix compilation Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit f351beedfd47766e5e44a04af50e3724bec54dbc) (resolves FS#2435) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssl: Add engine configuration to openssl.cnfEneas U de Queiroz2019-10-202-1/+57
| | | | | | | | | | | | | This adds engine configuration sections to openssl.cnf, with a commented list of engines. To enable an engine, all you have to do is uncomment the engine line. It also adds some useful comments to the devcrypto engine configuration section. Other engines currently don't have configuration commands. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit cebf024c4d9fd761e55383a582f7e29ac7cc921c) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* libpcap: update to 1.9.1DENG Qingfang2019-10-196-38/+19
| | | | | | | | | | | | | Fixed CVEs: CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 44f11353de044834a442d3192b66579b99305720)
* uClibc++: Fix three bugsRosen Penev2019-10-196-20/+221
| | | | | | | | | | | | | | | | | | | | | | | | The first allows usage of several functions in the std namespace, which broke compilation of gddrescue specifically with uClibc-ng and uClibc++. The second allows usage of long long with normal C++11, which is part of the standard. Before, std=gnu++11 needed to be passsed to work around it. As a result of the second patch, the pedantic patch can safely be removed. Both patches are upstream backports. Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long. Added another patch that fixes a typo with the long long support. Sent to upstream. Fixed up license information according to SPDX. Small cleanups for consistency. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 6ab386c9bc23420816fbcefc84b62cf5438b2c66)
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-2312-2524/+223
| | | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)
* uClibc++: Remove faulty patchRosen Penev2019-09-212-14/+1
| | | | | | | | | | | | | | | | This patch was originally added to fix compilation with v4l2rtspserver. Turns out it was v4l2rtspserver that was broken, not uClibc++. This now causes issues with a different package where the arguments are being split. Note that with this patch, shellcheck throws an error: SC2068: Double quote array expansions to avoid re-splitting elements. More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 977a8fc5fc2e1be6d159b2d9e1c617826b5d9701)
* mbedtls: update to 2.16.3Magnus Kroken2019-09-213-52/+25
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-041-2/+2
| | | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 699955a684eb8f6eb39123632ec7e193fa132753)
* openssl: always build with EC supportEneas U de Queiroz2019-09-042-19/+2
| | | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit f40262697f5aebed25313a1b2eb8f68d37c97e60)
* libnfnetlink: Avoid passing both -fPIC and -fpicRosen Penev2019-09-041-3/+4
| | | | | | | | | Instead, instruct the configure script to use $(FPIC) only. Mixing -fPIC and -fpic can cause issues on some platforms like PPC. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 926157c2ccb02aa06b343662ecbd2571faf6eddd)
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-09-041-2/+4
| | | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit e2ecf39e8e49e43b4d358853f9da51e3897d042c)
* openssl: refresh patchesChristian Lamparter2019-09-043-7/+7
| | | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 5ef3fe614c1e8c350ca0083f61577a89c002bc53)
* elfutils: bump to 0.177Luiz Angelo Daros de Luca2019-09-042-43/+4
| | | | | | | 200-uclibc-ng-compat.patch is upstream now. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (cherry picked from commit 0851ce4ff97260a0fab2a507ee8370e60f78370d)
* nghttp2: bump to 1.39.2Hans Dedecker2019-09-041-2/+2
| | | | | | | | | | 957abacf Bump up version number to 1.39.2, LT revision to 32:0:18 83d362c6 Don't read too greedily a76d0723 Add nghttp2_option_set_max_outbound_ack db2f612a nghttpx: Fix request stall Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 58f929077f8687adbf75338504f319d054a96153)
* ustream-ssl: update to latest git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | e8f9c22 Revise supported ciphersuites 7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit ced2b7bb988426aaece07a78c17d5a7c268e54c4)
* nettle: Update to 3.5.1Daniel Engberg2019-09-041-4/+4
| | | | | | | | Update (lib)nettle to 3.5.1 Bump ABI_VERSION Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 9e489b41b596a768b04b796a9b375d7d005b6ec7)
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-09-041-2/+0
| | | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit e545fac8d968864a965edb9e50c6f90940b0a6c9)
* libs/toolchain: remove eglibc remnant fileEneas U de Queiroz2019-09-041-13/+0
| | | | | | | This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit c47eff0df3270199a69552587355834e57d6b782)
* libnftnl: bump to version 1.1.3Konstantin Demin2019-09-041-3/+3
| | | | | | | bump ABI version accordingly (thanks to Jo-Philipp Wich). Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit ce8027ed296f812099be813182f8b2f65ce16abf)
* ustream-ssl: update to 2019-06-24Eneas U de Queiroz2019-09-041-3/+3
| | | | | | | This adds chacha20-poly1305 support to the mbedtls variant. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 82a8ddd603707a130acf5ec1f54d9093d46acad4)
* mbedtls: Update to version 2.16.2Josef Schlehofer2019-09-041-2/+2
| | | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> (cherry picked from commit a2f54f6d5d98211e9c58420eed8c67f4fca83665)
* nghttp2: deduplicate files in staging_dirEneas U de Queiroz2019-09-041-1/+1
| | | | | | | | '38b22b1e: deduplicate files in libnghttp2' missed duplicates in staging_dir by Build/InstallDev. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (cherry picked from commit ee1a78331462d0c2394c0e6805e4d12fbfa4882d)
* nghttp2: bump to 1.39.1Hans Dedecker2019-09-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7ffc239b Bump up version number to 1.39.1 bc886a0e Fix FPE with default backend a3a14a9c Fix log-level is not set with cmd-line or configuration file acfb3607 Update manual pages bdfd14c2 Bump up version number to 1.39.0, LT revision to 31:4:17 cddc09fe Update AUTHORS 3c3b6ae8 Add missing colon 2f83aa9e Fix multi-line text travis issue fc591d0c Run nghttpx integration test with cmake build 9a17c3ef travis: use multi-line text b7220f07 cmake: Remove SPDY related files a1556fd1 Merge pull request #1356 from nghttp2/fix-log-level-on-reload 77f1c872 nghttpx: Fix unchanged log level on configuration reload 49ce44e1 Merge pull request #1352 from nghttp2/travis-osx f54b3ffc Fix libxml2 CFLAGS output b0f5e5cc Implement daemon() using fork() for OSX 8d6ecd66 Enable osx build on travis f82fb521 Update doc 2e1975dd clang-format-8 97ce392b Merge pull request #1347 from nghttp2/nghttpx-ignore-cl-te-on-upgrade afefbda5 Ignore content-length in 200 response to CONNECT request 4fca2502 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT 6975c336 Update llhttp to 1.1.3 0288093c Fix llhttp_get_error_pos usage a3a03481 Merge pull request #1340 from nghttp2/nghttpx-llhttp c64d2573 Replace http-parser with llhttp f028cc43 clang-format 302e3746 Merge pull request #1337 from nghttp2/upgrade-mruby 3cdbc5f5 Merge pull request #1335 from adamgolebiowski/boost-1.70 a6925186 Fix mruby build error 45d63d20 Upgrade mruby to 2.0.1 cbba1ebf asio: support boost-1.70 e86d1378 Bump up version number to 1.39.0-DEV 4a9d2005 Update manual pages Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 865e25e049f6d5a6488c5e83a7d89d0dc896c876)
* libubox: update to latest git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | 9dd2dcf libubox: add format string checking to ulog() ecf5617 ustream: Add format string checks to ustream_(v)printf() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit fc454ca15305e332a35c9bc1e60dde18f69ac210)
* nghttp2: deduplicate files in libnghttp2Konstantin Demin2019-09-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | libnghttp2 accidentally ships library twice: $ tar -Oxzf libnghttp2-14_1.38.0-1_mips_24kc.ipk ./data.tar.gz | tar -tzvf - drwxr-xr-x root/root 0 2019-06-07 23:14 ./ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/lib/ -rw-r--r-- root/root 144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -rw-r--r-- root/root 144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3 after fix, there's library and symlink (as designed): $ tar -Oxzf libnghttp2-14_1.38.0-2_mips_24kc.ipk ./data.tar.gz | tar -tzvf - drwxr-xr-x root/root 0 2019-06-07 23:14 ./ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/ drwxr-xr-x root/root 0 2019-06-07 23:14 ./usr/lib/ lrwxrwxrwx root/root 0 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -> libnghttp2.so.14.17.3 -rw-r--r-- root/root 144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3 Binary package size reduced accordingly: 134621 -> 66593. Compile/run-tested: ar71xx/generic. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 38b22b1e7022d6b386ce25f39d05cc33fc659240)
* musl: ldso/dlsym: fix mips returning undef dlsymLuiz Angelo Daros de Luca2019-08-171-1/+1
| | | | | | | | | | | | | | | | This happens only the second time a library is loaded by dlopen(). After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef symbol from lib1 dependencies. After the second library is loaded, dlsym(lib2,"undef1") was returning the address of "undef1" in lib2 instead of searching lib2 dependencies. Using upstream fix which now uses the same logic for relocation time and dlsym. Fixes openwrt/packages#9297 Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (cherry picked from commit 0d0617ff14b8b020896680de1f1a49c7ba8a5e0d)
* wolfssl: bump to 4.1.0-stableEneas U de Queiroz2019-08-176-166/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. This brings the package up-to-date with master, so it incorporates changes from 4.0.0 in master: * Removed options that can't be turned off because we're building with --enable-stunnel, some of which affect hostapd's Config.in. * Adjusted the title of OCSP option, as OCSP itself can't be turned off, only the stapling part is selectable. * Mark options turned on when wpad support is selected. * Add building options for TLS 1.0, and TLS 1.3. * Add hardware crypto support, which due to a bug, only works when CCM support is turned off. * Reorganized option conditionals in Makefile. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* libroxml: bump to the 3.0.2 versionRafał Miłecki2019-07-161-3/+3
| | | | | | | | * Fix for memory leak regression * Support for (un)escaping Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 430d65c544551f9af88cdc6f0b9c6c12364b28f9)
* wolfssl: Fix package hashHauke Mehrtens2019-07-081-1/+1
| | | | | Fixes: 3167a57f7262 ("wolfssl: update to 3.15.7, fix Makefile") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: update to 3.15.7, fix MakefileEneas U de Queiroz2019-07-084-13/+13
| | | | | | | | | | This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Increased FP_MAX_BITS to allow 4096-bit RSA keys. Fixed poly1305 build option, and some Makefile updates. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 2792daab5ad26e916619052fc7f581cddc1ea53c)