Commit Graph

935 Commits

Author SHA1 Message Date
Rosen Penev
e2ecf39e8e ncurses: Do not pass both -fPIC and -fpic
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.

Removed PKG_BUILD_DIR as it is already the default value.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
Christian Lamparter
5ef3fe614c openssl: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Luiz Angelo Daros de Luca
0851ce4ff9 elfutils: bump to 0.177
200-uclibc-ng-compat.patch is upstream now.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-19 22:10:35 +02:00
Hans Dedecker
58f929077f nghttp2: bump to 1.39.2
957abacf Bump up version number to 1.39.2, LT revision to 32:0:18
83d362c6 Don't read too greedily
a76d0723 Add nghttp2_option_set_max_outbound_ack
db2f612a nghttpx: Fix request stall

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-18 18:58:16 +02:00
Hauke Mehrtens
ced2b7bb98 ustream-ssl: update to latest git HEAD
e8f9c22 Revise supported ciphersuites
7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 17:09:42 +02:00
Luiz Angelo Daros de Luca
0d0617ff14 musl: ldso/dlsym: fix mips returning undef dlsym
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Using upstream fix which now uses the same logic for relocation time
and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-17 16:57:32 +02:00
Eneas U de Queiroz
77e0e99d31 wolfssl: bump to 4.1.0-stable
Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-08-17 16:43:23 +02:00
Daniel Engberg
9e489b41b5 nettle: Update to 3.5.1
Update (lib)nettle to 3.5.1
Bump ABI_VERSION

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-08-09 21:40:13 +02:00
Jeffery To
e545fac8d9 build: include BUILD_VARIANT in PKG_BUILD_DIR
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.

This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-08-05 23:22:26 +02:00
Rafał Miłecki
430d65c544 libroxml: bump to the 3.0.2 version
* Fix for memory leak regression
* Support for (un)escaping

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 21:35:56 +02:00
Eneas U de Queiroz
c47eff0df3 libs/toolchain: remove eglibc remnant file
This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-15 19:29:07 +02:00
Konstantin Demin
ce8027ed29 libnftnl: bump to version 1.1.3
bump ABI version accordingly (thanks to Jo-Philipp Wich).

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-07-07 13:02:06 +02:00
Eneas U de Queiroz
ff69364ad8 wolfssl: update to 4.0.0-stable
Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
Mark options turned on when wpad support is selected.
Add building options for TLS 1.0, and TLS 1.3.
Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
Reorganized option conditionals in Makefile.
Add Eneas U de Queiroz as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
2792daab5a wolfssl: update to 3.15.7, fix Makefile
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
82a8ddd603 ustream-ssl: update to 2019-06-24
This adds chacha20-poly1305 support to the mbedtls variant.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-06-24 22:01:17 +02:00
Josef Schlehofer
a2f54f6d5d mbedtls: Update to version 2.16.2
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-06-24 20:22:23 +02:00
Eneas U de Queiroz
ee1a783314 nghttp2: deduplicate files in staging_dir
'38b22b1e: deduplicate files in libnghttp2' missed duplicates in
staging_dir by Build/InstallDev.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-06-22 10:23:56 +02:00
Deng Qingfang
080ba31eec
libjson-c: update to 0.13.1
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-06-19 22:44:28 +02:00
Hans Dedecker
865e25e049 nghttp2: bump to 1.39.1
7ffc239b Bump up version number to 1.39.1
bc886a0e Fix FPE with default backend
a3a14a9c Fix log-level is not set with cmd-line or configuration file
acfb3607 Update manual pages
bdfd14c2 Bump up version number to 1.39.0, LT revision to 31:4:17
cddc09fe Update AUTHORS
3c3b6ae8 Add missing colon
2f83aa9e Fix multi-line text travis issue
fc591d0c Run nghttpx integration test with cmake build
9a17c3ef travis: use multi-line text
b7220f07 cmake: Remove SPDY related files
a1556fd1 Merge pull request #1356 from nghttp2/fix-log-level-on-reload
77f1c872 nghttpx: Fix unchanged log level on configuration reload
49ce44e1 Merge pull request #1352 from nghttp2/travis-osx
f54b3ffc Fix libxml2 CFLAGS output
b0f5e5cc Implement daemon() using fork() for OSX
8d6ecd66 Enable osx build on travis
f82fb521 Update doc
2e1975dd clang-format-8
97ce392b Merge pull request #1347 from nghttp2/nghttpx-ignore-cl-te-on-upgrade
afefbda5 Ignore content-length in 200 response to CONNECT request
4fca2502 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT
6975c336 Update llhttp to 1.1.3
0288093c Fix llhttp_get_error_pos usage
a3a03481 Merge pull request #1340 from nghttp2/nghttpx-llhttp
c64d2573 Replace http-parser with llhttp
f028cc43 clang-format
302e3746 Merge pull request #1337 from nghttp2/upgrade-mruby
3cdbc5f5 Merge pull request #1335 from adamgolebiowski/boost-1.70
a6925186 Fix mruby build error
45d63d20 Upgrade mruby to 2.0.1
cbba1ebf asio: support boost-1.70
e86d1378 Bump up version number to 1.39.0-DEV
4a9d2005 Update manual pages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-16 21:34:56 +02:00
Hauke Mehrtens
fc454ca153 libubox: update to latest git HEAD
9dd2dcf libubox: add format string checking to ulog()
ecf5617 ustream: Add format string checks to ustream_(v)printf()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 16:40:08 +02:00
Konstantin Demin
38b22b1e70 nghttp2: deduplicate files in libnghttp2
libnghttp2 accidentally ships library twice:

$ tar -Oxzf libnghttp2-14_1.38.0-1_mips_24kc.ipk ./data.tar.gz | tar -tzvf -
drwxr-xr-x root/root         0 2019-06-07 23:14 ./
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/lib/
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3

after fix, there's library and symlink (as designed):

$ tar -Oxzf libnghttp2-14_1.38.0-2_mips_24kc.ipk ./data.tar.gz | tar -tzvf -
drwxr-xr-x root/root         0 2019-06-07 23:14 ./
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/lib/
lrwxrwxrwx root/root         0 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -> libnghttp2.so.14.17.3
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3

Binary package size reduced accordingly: 134621 -> 66593.

Compile/run-tested: ar71xx/generic.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-06-12 23:00:58 +02:00
Yousong Zhou
ef7aa03bdb libunwind: bump to version 1.3.1
Libunwind provides a sigreturn stub for x86 in version 1.2 [1].  However
the arch still depends on setcontext() which is unavailable in musl-libc
and which is supposed to be "deprecated everywhere" [2]

 [1] x86 sigreturn unimplemented for some libcs,
     https://github.com/libunwind/libunwind/issues/13
 [2] setcontext deprecated on x86,
     https://github.com/libunwind/libunwind/issues/69

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-05 01:13:07 +00:00
Eneas U de Queiroz
f22ef1f1de openssl: update to version 1.1.1c
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
2019-05-31 11:21:22 +02:00
Yousong Zhou
cf463159df uclient: bump to version 2019-05-30
This version bump contains the following commit to fix FS#2222

	3b3e368 uclient-http: set data_eof when content-length is 0

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 12:13:31 +00:00
Yousong Zhou
1e5f4dcd66 libunwind: requires glibc if arch in powerpc
libunwind for powerpc depends on getcontext() from libc which musl-libc
does not provide because this API and its friends are supposed to be
"obsolescent" [1,2]

 [1] Subject: Re: setcontext/getcontext/makecontext missing?
     https://www.openwall.com/lists/musl/2016/02/04/5
 [2] http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497200058
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 10:30:45 +00:00
Rosen Penev
395bef4bba libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Jeffery To
782eda9750 zlib: Use relative paths in pkg-config metadata file
The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix
and exec_prefix variables in *.pc files, to supply the correct
(buildroot) paths for callers. If other variables are not defined
relative to prefix and exec_prefix, then the returned values will be
incorrect.

The default zlib.pc file generated by cmake contains absolute paths.
This patches the file to use relative paths (relative to ${prefix} and
${exec_prefix}).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-05-17 21:41:43 +02:00
Rosen Penev
0b26382533 uClibc++: Update to 0.2.5
Switched to xz archives for smaller size.

Removed upstreamed patches.

Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.

Refreshed config.

Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.

Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.

Removed pedantic -Wlong-long warnings as they are not useful.

Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).

Added --gc-sections to linker flags to reduce size: 72653 vs 75222.

Removed warn linker options. They have been upstreamed.

Tested on Archer C7v2 and GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Rosen Penev
4760541027 elfutils: Fix compile with uClibc-ng
Probably glibc too. argp_help takes a char *. not const char *.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-05 21:11:01 +02:00
Hauke Mehrtens
1325e74e0c kernel: Remove support for kernel 3.18
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.

The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 22:41:38 +02:00
Rafał Miłecki
d6643aca34 libroxml: bump to the 3.0.1 version
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-05-01 07:25:55 +02:00
Eneas U de Queiroz
17cb490ac4 openssl: build kmods only if engines are selected
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected.  The final binares are not affected by
this.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2019-04-26 15:31:34 +02:00
Jose Olivera
40de4c038a elfutils: bump to 0.176
*Fixes:
  -CVE-2019-7150
  -CVE-2019-7149
  -CVE-2019-7146
  -CVE-2019-7665
  -CVE-2019-7664
  -CVE-2019-7148

*Refresh 003-libintl-compatibility.patch

*Also reset PKG_RELEASE.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2019-04-26 10:04:47 +02:00
Eneas U de Queiroz
8abb505048 openssl: add Eneas U de Queiroz as maintainer
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 21:37:31 +02:00
Eneas U de Queiroz
ff9ac986ce openssl: fix OPENSSL_config bug affecting wget
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found.  The config file is not installed by default.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 20:30:02 +02:00
Hans Dedecker
47dc4f96cb nghttp2: bump to 1.38.0
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-22 13:42:24 +02:00
Eneas U de Queiroz
450d44a8ea openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default.  Right now, some packages require
this, so it is always enabled by the bots.  Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.

However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.

NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.

Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-17 11:26:55 +02:00
Josef Schlehofer
4ebd66d7a9 mbedtls: update to version 2.16.1
Refreshed patches

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:30:43 +02:00
Rosy Song
488e7ccfbc libnftnl: bump to latest version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-03-21 17:05:44 +01:00
Eneas U de Queiroz
fc1386ccf8 openssl: revert disallowing parallel build
Openssl 1.1.0 made wholesale changes to its building system.
Apparently, parallel builds are working now.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-03-21 17:05:34 +01:00
Eneas U de Queiroz
2407b1edcc openssl: disable digests by default, misc fixes
Openssh uses digest contexts across forks, which is not supported by the
/dev/crypto engine.  The speed of digests is usually not worth enabling
them anyway.  This changes the default of the DIGESTS option to NONE, so
the user still has the option to enable them.

Added another patch related to the use of encryption contexts across
forks, that ignores a failure to close a previous open session when
reinitializing a context, instead of failing the reinitialization.

Added a link to the Cryptographic Hardware Accelerators document to the
engine pacakges description, to provide more detailed instructions to
configure the engines.

Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used
by openssh.  There is an open PR to update openssh; when merged, this
symbol can be safely removed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
2019-03-12 18:26:59 +01:00
Hans Dedecker
b04c9a1ffc nghttp2: bump to 1.37.0
cfb47d30 Take into account larger frame size for prioritization
dbbe4e01 Remove unused field
371bc3a8 clang-format
5e7889c5 Update manual pages
b1b2ad50 Bump up version number to 1.37.0, LT revision to 31:2:17
e043ca83 Update AUTHORS
c2434dfb Simplify stream_less
816ad210 Reuse name when indexing header by referencing dynamic table
f5feb16e Merge pull request #1295 from bratkartoffel/fix-compile-boringssl
adf09f21 Merge pull request #1303 from donny-dont/fix-shared-install
2591960e Explicitly set install location when building shared libs
d93842db nghttpx: Fix backend stall if header and request body are sent in 2 packets
8dc2b263 nghttpx: Use std::priority_queue
8d842701 Update manual pages
de85b0fd Update README
5d6beed5 Merge branch 'nghttpx-backend-weight'
1ff9de4c nghttpx: Backend address selection with weight
34482ed4 Fix compilation with boringssl
9b6ced66 Bump up version number to 1.37.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-10 19:34:33 +01:00
Moritz Warning
3d3e04d8c8 wolfssl: fix build in busybox environments
The configure script broke when used in alpine-3.9 based docker containers. Fixed in wolfSSL >3.15.7.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
2019-03-10 17:48:23 +01:00
Eneas U de Queiroz
d971ae51a5 openssl: backport devcrypto changes from master
The patches to the /dev/crypto engine were commited to openssl master,
and will be in the next major version (3.0).

Changes:
- Optimization in computing a digest in one operation, saving an ioctl
- Runtime configuration options for the choice of algorithms to use
- Command to dump useful information about the algorithms supported by
  the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.

The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[refresh patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-09 18:55:07 +01:00
Yousong Zhou
0e8ddc953f libubox: bump to version 2019-02-27
Contains the following change

	eeef7b5 blobmsg_json: blobmsg_format_string: do not escape '/'

Resolves FS#2147

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Alexander Couzens
b2bf3745ff
package/ncurses: change AR options to fix reproducible builds
ar has a deterministic (-D) and non-deterministic (-U) mode.
OpenWrt is already using the deterministic mode by default,
but ncurses' configure script force this to be non-deterministic.
Since autoreconf fails to generate a new configure, the configure script
is directly modified.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-02-28 19:09:35 +01:00
Eneas U de Queiroz
9e8cbecb7f openssl: bump to release 1.1.1b
This is bugfix release that incorporated all of the devcrypto engine
patches currently in the tree.

The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options.  It was replaced by a simple make clean.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-27 22:43:30 +01:00
Daniel Engberg
38867b7eba popt: Use modern toolchain logic
Replace define Build/Configure with CONFIGURE_ARGS

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-02-26 23:20:04 +01:00
Matt Merhar
0d1d5880c0 elfutils: fix install .so glob
Only libelf was being packaged correctly - libdw and libasm included
just the symlinks.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2019-02-26 23:20:04 +01:00
Peter Wagner
0297610554 elfutils: fix DEPENDS for libelf
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2019-02-17 19:22:39 +01:00
Eneas U de Queiroz
ddee1825de openssl: patch to fix devcrypto sessions leak
Applies a patch from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-17 19:22:35 +01:00
Eneas U de Queiroz
29b69e840a openssl: add package for openssl.cnf, misc changes
- Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking
  the transitional mechanism, allowing libopenssl_1.0* and
  libopenssl_1.1* to coexist.

- Remove the (selecting) dependency on @KERNEL_AIO

- Use global SOURCE_DATE_EPOCH

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:24:09 +01:00
Eneas U de Queiroz
2eeb2853ed openssl: optimizations based on ARCH/small flash
Add a patch to enable the option to change the default ciphersuite list
ordering to prefer ChaCha20 over AES-GCM.  This is used by default for
all platforms, except for x86_64 and aarch64. The assumption is that
only the latter have AES-specific CPU instructions and asm code that
uses them in openssl.  Chacha20Poly1305 is 3x faster than AES-256 in
systems without AES instructions, with an equivalent strength.

Disable error messages by default except for devices with small flash or
RAM, to aid debugging.

Disable ASM by default on arm platform with small flash.  Size
difference on mips and powerpc, the other platforms with small flash
devices, are not really relevant (using 100K as a threshold).  All of
the affected platforms are source-only anyway.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:24:09 +01:00
Eneas U de Queiroz
d872d00b2f openssl: update to version 1.1.1a
This version adds the following functionality:
  * TLS 1.3
  * AFALG engine support for hardware accelleration
  * x25519 ECC curve support
  * CRIME protection: disable use of compression by default
  * Support for ChaCha20 and Poly1305

Patches fixing bugs in the /dev/crypto engine were applied, from
https://github.com/openssl/openssl/pull/7585

This increses the size of the ipk binray on MIPS32 by about 32%:
old:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk
239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:23:26 +01:00
Eneas U de Queiroz
be3892284c openssl: add configuration options, disable ssl3
Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 21:14:46 +01:00
Sven Roederer
6e575fa9d6 openssl: update list of mirrors
Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2019-01-31 21:21:49 +01:00
Sven Roederer
989060478a openssl: bump to 1.0.2q
This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2019-01-30 11:59:46 +01:00
Michael Heimpold
268b5bec80 mbedtls: Kconfig option to enable/disable debug functions
This introduces a new Kconfig option to switch on/off mbedtls' support
for debug functions.

The idea behind is to inspect TLS traffic with Wireshark for debug
purposes. At the moment, there is no native or 'nice' support for
this, but at
68aea15833
an example implementation can be found which uses the debug functions
of the library. However, this requires to have this debug stuff enabled
in the library, but at the moment it is staticly patched out.

So this patch removes the static part from the configuration patch
and introduces a dynamic config file editing during build.

When enabled, this heavily increases the library size, so I added
a warning in the Kconfig help section.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-01-27 01:04:53 +01:00
Deng Qingfang
e8f2302516 mbedtls: update to 2.16.0
Refresh patch

https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-01-27 01:04:53 +01:00
Jo-Philipp Wich
f4d6e8f98f libelf: fix library packaging
The library has an usual shared object file name, which caused the
install glob pattern to miss the actual so.

Fixes: #2082
Fixes; 0e70f69a35 ("treewide: revise library packaging")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-25 18:59:46 +01:00
Jo-Philipp Wich
d7bf0898a8 elfutils: rename libelf1 to libelf
The ABI_VERSION:=1 tag will take care of transforming the binary
library package basename.

Add a virtual PROVIDES:=libelf1 for packages still having libelf1
in their DEPENDS:=... lists.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:52:23 +01:00
Jo-Philipp Wich
0e70f69a35 treewide: revise library packaging
- Annotate versionless libraries (such as libubox, libuci etc.) with a fixed
  ABI_VERSION resembling the source date of the last incompatible change
- Annotate packages shipping versioned library objects with ABI_VERSION
- Stop shipping unversioned library symlinks for packages with ABI_VERSION

Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries
Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:30 +01:00
Jo-Philipp Wich
68b29a7a95 uclient: set fixed ABI_VERSION on libuclient
Last incompatible change appeared to be 4924411
("http: add proper error handling to uclient_http_redirect()") which
changed the return value of uclient_http_redirect() from bool to int.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:29 +01:00
Andy Walsh
94f6030170 librpc: remove package
* replaced with packages/libtirpc
* remove busybox options rarely used/deprecated
BUSYBOX_CONFIG_FEATURE_MOUNT_NFS
BUSYBOX_CONFIG_FEATURE_INETD_RPC

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2019-01-22 13:29:46 +01:00
Jo-Philipp Wich
5d1399788a ncurses: build host libraries with -fPIC
Since readline/host links ncurses/host now, we need to ensure that the
libncursesw.so host library is built with -fPIC.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 11:29:05 +01:00
Jo-Philipp Wich
5a89eea8e4 ncurses: package only versioned shared objects
Also fix the libxxxw.so* -> libxxx.so* linking to actually work, the
prevsious code failed to properly symlink the versioned .so files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 08:49:36 +01:00
Daniel Engberg
166b335e6e readline: Update to 8.0 and various fixes
Update (lib)readline to 8.0
Remove autoreconf
Remove blankspace at the end of the lines in description
Remove --enable-shared and --enable-static as they're enabled by default
Remove TARGET_CPPFLAGS
Simplify install sections
Install readline.pc (pkgconfig)
Add patch for linking (lib)ncurses

Source:
https://git.buildroot.net/buildroot/plain/package/readline/0000-curses-link.patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-01-22 08:49:36 +01:00
Peter Wagner
4da73af112 libnetfilter-conntrack: update to 1.0.7
Signed-off-by: Peter Wagner <tripolar@gmx.at>
[split from https://github.com/openwrt/openwrt/pull/1274]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 08:15:41 +01:00
Hans Dedecker
351e5516eb nghttp2: bump to 1.36.0
e7e8ee5f Update bash_completion
b3b4e335 Update manual pages
bd93d90a Don't treat text as option if it matches -[0-9]
ea69c84b Bump up version number to 1.36.0
783b649b Update AUTHORS
eb21e6f8 Merge branch 'update-http-parser'
ab2aa567 Fix test failure
ff87a542 Use http-parser 0d0a24e19eb5ba232d2ea8859aba2a7cc6c42bc4
439dbce6 Merge branch 'nghttpx-h1-connection-pool-per-addr'
e9c9838c nghttpx: Pool h1 backend connection per address
803d4ba9 Merge branch 'nghttpx-randomize-roundrobin-order'
732245e5 make clang-format
9e8d5433 Use clang-format-7
fdcdb21c nghttpx: Randomize backend address round robin order per thread
11d0533c nghttpx: Ensure that cert serial does not exceed 20 bytes
dbb5f00d Merge pull request #1287 from rckclmbr/fix_serial_size
9cc412e2 Merge pull request #1285 from staticinvocation/master
5b2efc0a Fix getting long serial numbers for openssl < 1.1
7e4c48a4 Disable shared library if ENABLE_SHARED_LIB is OFF
082e162f Merge pull request #1282 from alagoutte/travis
7cc7c06c .travis(.yml): no longer need llvm-toolchain-trusty-7
12ebeb30 .travis(.yml): Update to Xenial
c78abbe1 Update mruby to 2.0.0
124c7848 nghttpx: Add missing return
ce9667c4 Merge branch 'nghttpx-fix-trailing-slash-handling'
f3f40840 nghttpx: Fix broken trailing slash handling
302abf1b h2load: Fix compile error with gcc
089a03be h2load: Write log file with write(2)
de4fe728 Merge branch 'pyos-master'
d1b3a83f h2load: add an option to write per-request logs
eb679253 Merge branch 'puscas-port_in_use'
6800d317 added access to the number of the current server port
c98362ea Bump up version number to 1.36.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-20 18:16:29 +01:00
Jo-Philipp Wich
797e5c1c48 packages: set more explicit ABI_VERSION values
In the case of upstream libraries, set the ABI_VERSION variable to the
soname value of the first version version after the last backwards
incompatible change.

For custom OpenWrt libraries, set the ABI_VERSION to the date of the
last Git commit doing backwards incompatible changes to the source,
such as changing function singatures or dropping exported symbols.

The soname values have been determined by either checking
https://abi-laboratory.pro/index.php?view=tracker or - in the case
of OpenWrt libraries - by carefully reviewing the changes made to
header files thorough the corresponding Git history.

In the future, the ABI_VERSION values must be bumped whenever the
library is updated to an incpompatible version but not with every
package update, in order to reduce the dependency churn in the
binary package repository.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:31:51 +01:00
Kevin Darbyshire-Bryant
ba4fe412c4 elfutils: bump to 0.175
4ea9a2db164c Update upload-release.sh script and po files.
a01938d584b9 libelf: Mark both fsize and msize with const attribute.
c338a0541663 libebl: Don't update w, t and len unnecessarily in ebl_object_note_type_name.
422b549007f6 Prepare for 0.175
22ec8efc1dd8 elflint: Allow PT_GNU_EH_FRAME segment to match SHT_X86_64_UNWIND section.
cf10453f8252 libelf: Correctly setup alignment of SHF_COMPRESSED section data.
d3e6266754b9 strip: Also handle gnu compressed debug sections with --reloc-debug-sections
72e30c2e0cb4 Handle GNU Build Attribute ELF Notes.
7a3f6fe60b85 Recognize NT_VERSION notes.
cff53f1784c9 libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE
ecbe3120cddb libdwelf: New function dwelf_elf_begin.
4b0342b85b5b backends: Add x86_64 section_type_name for SHT_X86_64_UNWIND.
825e48c4e942 Also find CFI in sections of type SHT_X86_64_UNWIND
4789e0fb92b0 libelf: Explicitly update section data after (de)compression.
1628254ba215 strip: Add --reloc-debug-sections-only option.
f2d59180b90b strip: Extract code to update shdrstrndx into new common function.
f6ae0ab9350e strip: Split out debug section relocation into separate helper functions.
b15ee95bcee4 strip: Always copy over any phdrs if there are any.
e574889d92b1 unstrip: Add ELF_CHECK to make sure gelf_getehdr () doesn't return NULL.
5199e15870e0 Recognize and parse GNU Property notes.
b75ff1bbd060 addr2line: Use elf_getshdrstrndx not Ehdr field to print section name.
35197ea4c43e readelf: Use shstrndx to lookup section names.
9a74c190a2b3 backends: ppc use define instead of const for size of dwarf_regs array.
72d023b35f36 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
dce0b3b63ba0 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
1e7c230b277b Check sh_entsize is not zero.
22d2d082d57a size: Handle recursive ELF ar files.
2b16a9be6993 arlib: Check that sh_entsize isn't zero.
4cdb0fd0d3b4 ar: Assume epoch if ar_date is bogus.
577511f66842 findtextrel: Check that sh_entsize isn't zero.
20f9de9b5f70 libdwfl: Sanity check partial core file data reads.
2f4a040fab52 readelf: Handle multiple .debug_macro sections and decode header flag.
eee4269e5315 unstrip: Renumber the group section indexes.
c06ab0bbb476 strip, unstrip: Handle SHT_GROUP correctly.
2876b3b648f6 Handle ADD/SUB relocations
69d6e67eee30 tests: backtrace-dwarf.c improve error handling in test framework.

Originally-produced--by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-01-14 13:32:38 +00:00
Hans Dedecker
055cdab2bb uclient: add ALTERNATIVES for wget
Don't symlink uclient-fetch anymore to /bin/wget but rather use
the ALTERNATIVES support for wget to install it as /usr/bin/wget.
Let uclient-fetch provide wget

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-13 18:27:28 +01:00
Christian Lamparter
a8bae35914 elfutils: fix gcc 8.0+ multistatement macros warning/error
GCC 8.0+ <https://gcc.gnu.org/gcc-8/changes.html> introduces a new
warning about unsafe macros expanding to multiple statements used
as a body of a statement such as if, else, while, switch, or for.

In combination with -Werror this can cause the compilation to fail:

|In file included from xmalloc.c:37:
|xmalloc.c: In function 'xmalloc':
|system.h:39:2: error: macro expands to multiple statements [-Werror=multistatement-macros]
|  fflush(stdout); \
|  ^~~~~~
|xmalloc.c:52:5: note: in expansion of macro 'error'
|     error (EXIT_FAILURE, 0, _("memory exhausted"));
|     ^~~~~
|xmalloc.c:51:3: note: some parts of macro expansion are not guarded by this 'if' clause
|   if (p == NULL)
|   ^~

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-12-20 19:21:42 +01:00
Jo-Philipp Wich
f2c6e2c385 elfutils: produce correct libelf.pc file when building with full nls
When building with full lagnuage support, libelf.so will depend on and
link with libintl.so so we need to change the pkg-config template to
reflect this library dependency.

Also change the Makefile to only pass --disable-nls to configure when
the full nls support is actually disabled in the buildroot config.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-20 08:13:24 +01:00
Tony Ambardar
4b4e6a04ac elfutils: install library files for pkg-config
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-12-19 10:49:57 +01:00
Kevin Darbyshire-Bryant
d6c6d1c7a7 Revert "elfutils: install library files for pkg-config"
This reverts commit 216397b812.

Due to:

Package ip-tiny is missing dependencies for the following libraries:
libelf.so.1
Makefile:187: recipe for target '/var/lib/buildbot/slaves/slave-lede-builds4/mips_24kc/build/sdk/bin/packages/mips_24kc/base/ip-tiny_4.19.0-6_mips_24kc.ipk' failed

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-16 17:20:16 +00:00
Hauke Mehrtens
9e7c4702a1 mbedtls: fix compilation on ARM < 6
mbedtls uses some instructions introduced in ARMv6 which are not
available in older architectures.

Fixes: 3f7dd06fd8 ("mbedtls: Update to 2.14.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 14:03:06 +01:00
Daniel Engberg
3f7dd06fd8 mbedtls: Update to 2.14.1
Update mbedtls to 2.14.1

This fixes:
* CVE-2018-19608: Local timing attack on RSA decryption

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 00:57:20 +01:00
Hans Dedecker
a6f9e3b608 nghttp2: bump to 1.35.1
63843750 Update manual pages
27801e98 Bump up version number to 1.35.1
60e020a8 nghttpx: Fix broken trailing slash handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-15 12:30:02 +01:00
Tony Ambardar
216397b812 elfutils: install library files for pkg-config
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-12-12 09:44:32 +00:00
Nikos Mavrogiannopoulos
99dbbe7eb7 nettle: bump to 3.4.1
This is a security fix adding safer APIs for RSA use.

Compile tested for: ar71xx

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2018-12-09 20:39:35 +01:00
Hans Dedecker
a0d5acfbe2 nghttp2: bump to 1.35.0
e520469b Update manual pages
54067256 Bump up version number to 1.35.0
c4d2eeee Update AUTHORS
f51e696e asio: Add stop() to listen_and_serve doc
a433b132 Merge pull request #1260 from nghttp2/h2load-non-final-response
cf48a56d Merge pull request #1238 from jktjkt/cmake-fix-libevent-detection
6cad1b24 nghttpx: Write mruby send_info early
3c393dca nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
17292445 h2load: Handle HTTP/1 non-final response
f6644a92 make clang-format
48998f72 Merge pull request #1222 from donny-dont/fix/declspec
15ff52f9 Update README
6c03bb14 Upgrade travis toolchain
524b4392 Fix travis build failure
859bf2bc Update manual pages
b5619fb1 h2load: Clarify that time for connect includes TLS handshake
dcbe0c69 nghttpx: Simplify move ctor and operator
2996c284 nghttpx: Cleanup
42e8ceb6 nghttpx: Convert API status code to enum class
1daf9ce8 nghttpx: Convert WorkerEventType to enum class
d68edf56 nghttpx: Convert MemcachedStatusCode to enum class
0c4e9fef nghttpx: Convert memcached op to enum class
571404c6 nghttpx: Convert MemcachedParseState to enum class
4d562b77 nghttpx: Convert LogFragmentType to enum class
e6225871 nghttpx: Convert connection check status to enum class
4bd075de nghttpx: Convert Http2Session state to enum class
b46a3249 nghttpx: Convert FreelistZone to enum class
4bd44b9c nghttpx: Convert dispatch state to enum class
1b42110d nghttpx: Make Downstream state enum class
0735ec55 nghttpx: Convert shrpx_connect_proto to enum class
00554779 nghttpx: Convert DNSResolverStatus to enum class
0963f389 nghttpx: Convert SerialEventType to enum class
1abfa3ca nghttpx: Make TLS handshake state enum class
f2159bc2 nghttpx: Convert UpstreamAltMode to enum class
b0eb68ee nghttpx: Convert shrpx_forwarded_node_type to enum class
e7b7b037 nghttpx: Convert shrpx_cookie_secure to enum class
5e4f434f nghttpx: Convert shrpx_session_affinity to enum class
20ea964f nghttpx: Convert shrpx_proto to enum class
d105619b src: Remove extra braces if possible
ec5729b1 Use std::make_unique
6c919695 Use C++14
46576178 Don't send Transfer-Encoding to pre-HTTP/1.1 clients
5e925f87 Update doc
153531d4 nghttpx: Use the same type as standard stream operator<<
f7287df0 Bump up version number to 1.35.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-11-25 20:22:15 +01:00
Jo-Philipp Wich
0bd99db511 uclient: update to latest Git head
3ba74eb uclient-http: properly handle HTTP redirects via proxy connections

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-24 20:15:04 +01:00
Daniel Engberg
dbba87aa6a popt: Add main site back to PKG_SOURCE_URL
Main site is back up after weeks of downtime.
Add it back as last resort

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-11-09 08:50:18 +01:00
Daniel Engberg
f9a408b75e libconfig: Fix tarball filename (and URL)
v$(PKG_VERSION).tar.gz is a bad idea and will clash for obvious reasons.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-11-01 17:16:52 +01:00
Matthias Schiffer
dd9da51462
openssl: enable OPENSSL_WITH_DEPRECATED when OpenSSL is built as a build dep
Some package (e.g. libunbound) depend on OPENSSL_WITH_DEPRECATED. In some
situations it may happen that libunbound and openssl are only pulled in as
build dependencies, but are not enabled in .config.

In such cases, the defaults of symbols like OPENSSL_WITH_DEPRECATED are
ignored (as the whole symbol depends on PACKAGE_libopenssl), and config
symbol dependencies of libunbound aren't effective either (as libunbound
is not actually enabled).

This commit works around the issue by introducing a hidden negated symbol
OPENSSL_NO_DEPRECATED, which is always disabled when PACKAGE_libopenssl is
disabled, and ensures that OpenSSL is built with deprecated APIs in this
case. A user can still manage to break the build by explicitly enabling
libopenssl and disabling OPENSSL_WITH_DEPRECATED; the interaction between
build dependencies and config symbols will require further discussion.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-10-30 20:38:34 +01:00
Daniel Golle
ed0d5a1e60 wolfssl: update to version 3.15.3-stable
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-10-15 08:41:02 +02:00
Hans Dedecker
329f2d5457 nghttp2: bump to 1.34.0
2b085815 (tag: v1.34.0) Update manual pages
986fa302 Bump up version number to 1.34.0, LT revision to 31:1:17
7c8cb3a0 nghttpx: Improve CONNECT response status handling
334c439c Fix bug that regular CONNECT does not work
6700626c Rule out content-length in the successful response to CONNECT
15162add Update manual pages
93270777 Merge pull request #1235 from nghttp2/backend-conn-timeout
aeb92bbb nghttpx: Add read/write-timeout parameters to backend option
fc7489e0 nghttpx: Fix mruby parameter validation
87ac872f nghttpx: Update doc
c278adde nghttpx: Log error when mruby file cannot be opened
f94d7209 Merge pull request #1234 from nghttp2/nghttpx-rfc8441
9b9baa6b Update doc
02566ee3 nghttpx: Update doc
3002f31b src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL
d2a594a7 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
651e1477 Allow client sending :protocol optimistically
a42faf1c nghttpx: Write TLS alert during handshake
4aac05e1 Merge pull request #1231 from nghttp2/ws-lib-only
b80dfaa8 Adjustment for RFC 8441
a19d8f5d Deal with :protocol pseudo header
33f6e90a Add NGHTTP2_TOKEN__PROTOCOL
ed7fabcb Add SETTINGS_ENABLE_CONNECT_PROTOCOL
8753b6da Update doc
f2de733b Update neverbleed to fix OpenSSL 1.1.1 issues
88ff8c69 Update mruby 1.4.1
a63558a1 nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful
3575a132 nghttpx: Fix crash with plain text HTTP
e2de2fee Update bash_completion
9f415979 Update manual pages
4bfc0cd1 Merge pull request #1230 from nghttp2/nghttpx-faster-logging
9c824b87 nghttpx: Get rid of std::stringstream from Log
a1ea1696 Make VALID_HD_NAME_CHARS and VALID_HD_VALUE_CHARS const qualified
dfc0f248 Make static_table const qualified
ed7c9db2 nghttpx: Add mruby env.tls_handshake_finished
5b42815a nghttpx: Strip incoming Early-Data header field by default
cfe7fa9a nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
cb8a9d58 src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST
023b9448 Merge branch 'tls13-early-data'
9b03c64f nghttpx: Should postpone early data by default
b8eccec6 nghttpx: Disable OpenSSL anti-replay
9f212587 Specify SSL_CTX_set_max_early_data and add an option to change max value
47f60124 nghttpx: Add an option to postpone early data processing
770e44de Implement draft-ietf-httpbis-replay-02
2ab319c1 Don't hide error code from openssl
39923024 Remove SSL_ERROR_WANT_WRITE handling
b30f312a Honor SSL_read semantics
c5cdb78a nghttpx: Add TLSv1.3 0-RTT early data support
f79a5812 Bump up version number to 1.34.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-07 17:39:05 +02:00
Andy Walsh
e0196152eb ncurses: use default host install
* just use default host/install, so libs/headers get properly generated/installed

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-24 19:22:53 +02:00
Andy Walsh
2bbc9376c6 gettext-full: host compile with -fpic
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-24 19:18:52 +02:00
Magnus Kroken
7849f74117 mbedtls: update to 2.13.0
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-09-22 19:26:25 +02:00
Luiz Angelo Daros de Luca
38a88ade14 elfutils: bump to 0.174
- Simplified musl patch with error.h concentrated into system.h

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-09-21 21:32:12 +02:00
Eneas U de Queiroz
0317fc3658 libpcap: patch to add limits.h to pcap-usb-linux.c
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This is an upstream-applied patch that fixes 'PATH_MAX' and 'NAME_MAX'
undeclared when compiling on musl with CONFIG_PCAP_HAS_USB.

[aafa351] pcap-usb-linux.c: add missing limits.h for musl systems.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-09-10 09:15:26 +02:00
Hans Dedecker
17c9b72046 nghttp2: bump to 1.33.0
9d843334 Update bash_completion
23cb3f38 Update manual pages
1d682dcd Bump up version number to 1.33.0, LT revision to 31:0:17
601fbbb4 Update doc
f44aa246 Update AUTHORS
dd74a6dd Update manual pages
e959e733 src: Refactor utos
fb9a204d nghttpx: Fix compile error without mruby
cd096802 Update doc
7417fd71 nghttpx: Per-pattern not per-backend
2d1a981c Merge branch 'akonskarm-master'
45acc922 clang-format
214d0899 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
31fd707d nghttpx: Fix broken healthmon frontend
9a2e38e0 fix code for reuse addr on asio client
d24527e7 Bump up LT revision due to v1.32.1 release
6195d747 nghttpx: Share mruby context if it is compiled from same file
fb97f596 nghttpx: Allocate mruby file because fopen requires NULL terminated string
0ccc7a77 nghttpx: Move blocked request data to request buffer for API request
32826466 nghttpx: Fix crash with API request
0422f8a8 nghttpx: Fix worker process crash with neverbleed write error
e329479a Merge pull request #1215 from nghttp2/mruby-per-backend
f80a7873 Merge branch 'akonskarm-reuse_addr'
866ac6ab add option reuse addr in local endpoint configuration of asio client
b574ae6a nghttpx: Support per-backend mruby script
de4fd7cd doc: Update doc
32d7883c nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
9b24e197 nghttpx: Choose h1 protocol if headers have been sent to backend on retry
13ffece1 Merge pull request #1214 from nghttp2/fix-rst-without-dconn
9d5b781d Fix stream reset if data from client is arrived before dconn is attached

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-03 10:46:20 +02:00
Hans Dedecker
6caa8e09aa nghttp2: bump to 1.32.1
4c76aaee Update manual pages
2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16
708379dc Tweak nghttp2_session_set_stream_user_data
73106b0d Compile with clang-6.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-27 10:11:10 +02:00
Daniel Engberg
e341f45913 libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-25 15:40:23 +02:00
Rosen Penev
3ccc2ebe01 libevent2: Switch to using release tarball
Starting with version 2.1.8, a release tarball is available.

Simplifies the Makefile slightly.

Updated the project URL. HTTPS is broken. Issue has been reported upstream

Adjusted patches. CMake support is not present in the tarball. It's made
for Windows anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-25 13:18:35 +02:00
Jo-Philipp Wich
a27de701b0 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 20:14:00 +02:00
Hauke Mehrtens
d74d6c4522 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Jo-Philipp Wich
5762efd8b2 libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-14 23:54:59 +02:00
Daniel Golle
73100024d3 libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Daniel Golle
a5368dc30c libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Jo-Philipp Wich
1c4a255aa1 libubox: fix source version date
The referenced Git commit was made on the 25th of July, not June.

Fixes 432eaa940f ("libubox: fix mirror hash")
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 17:27:05 +02:00
Jo-Philipp Wich
432eaa940f libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.

A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.

Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 16:32:30 +02:00
Eneas U de Queiroz
33fd1d0d91 ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-08-07 14:28:16 +02:00
Jo-Philipp Wich
e44162ffca uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-03 23:50:29 +02:00
Alexandru Ardelean
20346a63f6 wolfssl: remove myself as maintainer
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-07-30 19:34:43 +02:00
Eneas U de Queiroz
26dbf79f49 libevent2: Don't build tests and samples
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-07-30 15:19:16 +02:00
Leon M. George
025688794d libevent: update to 2.1.8
Signed-off-by: Leon M. George <leon@georgemail.eu>
2018-07-30 10:43:37 +02:00
Andy Walsh
1639ebcb06 ncurses: install lib on host build
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-07-30 10:43:37 +02:00
Daniel Engberg
5647cc7bd4 treewide: Bump PKG_RELEASE due to mbedtls update
Bump PKG_RELEASE on packages that depends on (lib)mbedtls to avoid library
mismatch.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:35:12 +02:00
Daniel Engberg
5b614e3347 mbedtls: Update to 2.12.0
Update mbedtls to 2.12.0
Multiple security fixes
Add support for Chacha20 and Poly1305 cryptographic primitives and their
associated ciphersuites

Difference in size on mips_24kc (ipk):
164kbytes (167882 bytes)
170kbytes (173563 bytes)

https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:35:12 +02:00
Rosen Penev
31f87ebcb2 libjson-c: Update package URL
Found through UScan.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-07-29 12:05:53 +02:00
Syrone Wong
4d57c696b1 libpcap: update to 1.9.0
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream

202-protocol_api.patch dropped due to implemented upstream by another way
upstream commit: 55c690f6f8
and renamed via: 697b1f7e9b

ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2018-07-27 11:17:20 +02:00
John Crispin
5dc32620c4 libubox: update to latest git HEAD
c83a84a fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-25 12:13:19 +02:00
Ted Hess
354de22bad elfutils: Copy missing libraries to staging and packages
Newer shared libraries seem to have the package version as part of their name.
E.g.: libelf-0.173.so

Signed-off-by: Ted Hess <thess@kitschensync.net>
2018-07-24 14:32:27 -04:00
Peter Wagner
d8d2133c35 librpc: add host build to install h files needed for nfs-kernel-server to get compiled
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2018-07-16 15:12:19 +02:00
Daniel Engberg
09d794ab92 popt: Replace dead upstream site with mirror
We can safely assume by now that rpm5.org is dead and isn't coming back
so just add another mirror instead.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-16 15:12:18 +02:00
Konstantin Demin
f715d816b7 libnl: bump to 3.4.0
refresh patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2018-07-07 18:33:58 +02:00
Hauke Mehrtens
b19622044d mbedtls: Activate deterministic ECDSA
With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.

The resulting signature is still compatible to signatures generated not
deterministic.

This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk

This does not change the ECDSA performance in a measurable way.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-07-07 18:33:53 +02:00
Daniel Engberg
5a078180d0 mbedtls: Disable MBEDTLS_SHA256_SMALLER implementation
Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in
upstream and reduces performance by quite a bit.

Source: include/mbedtls/config.h

Enable an implementation of SHA-256 that has lower ROM footprint but also
lower performance.

The default implementation is meant to be a reasonnable compromise between
performance and size. This version optimizes more aggressively for size at
the expense of performance. Eg on Cortex-M4 it reduces the size of
mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of
about 30%.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
164.382 Bytes
ipkg for mips_24kc after:
166.240 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-07 18:31:13 +02:00
Daniel Engberg
10554cfcc1 mbedtls: Update to 2.11.0
Update mbed TLS to 2.11.0

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-07 18:29:14 +02:00
Daniel Engberg
f15f3286e3 mbedtls: cleanup config patch
Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-07-07 18:19:39 +02:00
Enrico Mioso
231b0177fb libconfig: update to version 1.7.2
The previous link did not work here.

Compile-tested on: bcm47xx
Runtime-tested on: bcm47xx

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
2018-07-07 18:19:39 +02:00
Felix Fietkau
1e6c30690c libubox: update to the latest version
3c1b33b utils: add const_* byteswapping functions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-07 14:53:26 +02:00
Luiz Angelo Daros de Luca
b724443f9f elfutils: bump to 0.173
- Removed hacks to use standalone argp as upstream now detects it nicely.
- As we are already installing files, use files from PKG_INSTALL_DIR and
  not PKG_BUILD_DIR
- Only changes Makefile.am as PKG_FIXUP:=autoreconf is in use

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-04 16:18:08 +02:00
Daniel Engberg
5297a759ae mbedtls: Cosmetic cleanups
This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2.
Source:
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73
https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97

Remove the release type option as it's already provided by the toolchain.
Source:
https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-18 20:28:20 +02:00
Rosy Song
9d6a0352e7 libnftnl: bump to version 1.1.1
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-06-18 18:21:20 +02:00
Daniel Golle
5e9470a93b libjson-c: fix host-build
Add -Wno-implicit-fallthrough to HOST_CFLAGS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 22:53:58 +02:00
Daniel Engberg
8428156f48 package/libs/libnfnetlink: Remove dead mirror
Remove mirrors.evolva.ro as it's no longer available

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-14 21:48:38 +02:00
Daniel Golle
56e3a19ad6 libubox: make sure blobmsg-json is included in host-build
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 20:30:47 +02:00
Daniel Golle
6fc8e06078 libjson-c: add host build (for libblobmsg-json)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 20:09:29 +02:00
Daniel Engberg
79bab45772 popt: Add backup site
Add Gentoo's distfiles repo as backup site.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-13 12:15:38 +02:00
Kevin Darbyshire-Bryant
1ee5051f20 nettle: bump to 3.4
3.4 is mainly a bug fix/maintenance release.

3KB increase in ipk lib size on mips.

Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-01 08:39:59 +02:00
Daniel Golle
dad39249fb wolfssl: change defaults to cover wpa_supplicant needs
Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-31 00:38:16 +02:00
Daniel Golle
5857088c5e wolfssl: add PKG_CONFIG_DEPENDS symbols
This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-25 20:36:46 +02:00
Daniel Golle
4f67c1522d wolfssl: update to version 3.14.4
Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 21:46:35 +02:00
Daniel Golle
4f442f5f38 ustream-ssl: fix build against wolfSSL
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 18:55:34 +02:00
John Crispin
346d4c75ea ustream-ssl: update to latest git HEAD
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-22 20:47:21 +02:00
Hauke Mehrtens
2ea8f9c244 mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:21 +02:00
Hauke Mehrtens
f2c8f6dc32 mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:20 +02:00
Hauke Mehrtens
cb11b23d60 mbedtls: update to version 2.9.0
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:20 +02:00
Rodolfo Giometti
2437e0f670 package sysfsutils: add support for sysfs settings at boot
This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
2018-05-22 20:47:20 +02:00
Rosy Song
c7e9d72f05 libnftnl: bump to 1.1.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-05-21 18:07:47 +02:00
Hans Dedecker
419238fdb3 nghttp2: bump to 1.32.0
572735e4 Update manual pages
e8d693c3 Bump up version number to 1.32.0, LT revision to 30:2:16
f44dfcd9 Update AUTHORS
1f1b0d93 Update manual pages
ce8c749b Merge pull request #1173 from nghttp2/asio-client-sni
3e4f257b asio: Support client side SNI
86fab997 Upgrade neverbleed to the latest master
c3ecd445 Merge pull request #1171 from nghttp2/h2load-rate-and-duration
c65ca20a h2load: -r and --duration are mutually exclusive
a5c408c5 Ignore all input after calling session_terminate_session
06379b28 Fix treatment of padding
e04de48e Merge pull request #1162 from nghttp2/libressl
00964642 Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER)
8d0b4544 libressl 2.7 has X509_VERIFY_PARAM_*
d8a34131 libressl 2.7 has SSL_CTX_get0_certificate
5db17d0a Compile with libressl 2.7.2
1bf69b56 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
3febaef1 Bump up LT revision to 30:1:16 due to v1.31.1 release
b1bd6035 Fix frame handling
b48bcb21 examples: Use C style comment in .c files
6f3ce2c7 examples: Remove unused lambda capture
2f9121cf Merge branch 'Sp1l-Sp1l/allow-no-npn'
e65e7711 Add comment on #endif
636ef51b Fix compile error with -Wunused-function
400934e5 [PATCH] Allow building without NPN
4c3a3acf Merge pull request #1146 from vszakats/cmakestaticlib
9aa6002c Merge pull request #1144 from hellojaewon/master
f342260b cmake: add ENABLE_STATIC_LIB option to build static lib
a6dd4970 Fix typo
842509da Don't allow 101 HTTP status code because HTTP/2 removes HTTP Upgrade
4add618a Bump up version number to 1.32.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-09 11:26:45 +02:00
Rosen Penev
2c4294f786 libusb: Add SourceForge mirror.
SourceForge is still getting updated so might as well have it here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-02 09:18:26 +02:00
Daniel Golle
c67a9bed20 wolfssl: fix options and add support for wpa_supplicant features
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-02 09:18:26 +02:00
John Crispin
52ba5760b7 ustream-ssl: update to latest git HEAD
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
Hauke Mehrtens
3088c2a63d libnl: Disable debug support
This dereses the size of the libnl pakcage a little bit
old:
   857 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 41195 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7818 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24322 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
136075 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

new:
   852 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 35020 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7615 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24114 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
131134 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-30 09:01:28 +02:00
Rosen Penev
c0574d08da libusb: Update to 1.0.22
Switched download from SourceForge to GitHub. It seems the author migrated to that.

Also fixed the website URL as the SourceForge link is dead.

Compile tested on ar71xx and mvebu. Small size decrease on ar71xx: 30444 vs. 30099 bytes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-30 09:01:12 +02:00
Hauke Mehrtens
8dcd941d8b tools/zlib: move zlib build to tools
This allows us to link the other tools against our libz and we do not
need the system zlib any more.

Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:28:59 +02:00
Hauke Mehrtens
7b758f7f4f ustream-ssl: px5g: Rebuild package
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.

Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:25 +02:00
Hans Dedecker
d78dd1f306 nghttp2: bump to 1.31.1
1e22b36c Update manual pages
0f818baf Bump up version number to 1.31.1
c411d169 Fix frame handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-15 20:24:44 +02:00
Hans Dedecker
b28e995fc7 libubox: update to latest git HEAD
6eff829 utils: fix build error with g++

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-12 14:02:07 +02:00
Felix Fietkau
08ccfdea78 libubox: update to the latest version
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once
ace6489 switch from typeof to the more portable __typeof__

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-07 15:26:11 +02:00
Felix Fietkau
1566dbd57d Revert "libubox: update to the latest version"
This reverts commit def82714d9.
Needs further fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-07 15:06:14 +02:00
Felix Fietkau
def82714d9 libubox: update to the latest version
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-07 14:47:56 +02:00
Jo-Philipp Wich
1ef0be3e5b Revert "ncurses: Remove obsolete compile fixes"
This reverts commit 4fb684a755.

The compile fixes are still required for host systems using GCC 5.x,
such as Ubuntu 16.04 LTS.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04 17:08:10 +02:00
Rosen Penev
4fb684a755 ncurses: Remove obsolete compile fixes
It seems both issues (GCC5 and Musl) were fixed at some point. Thus, they can be dropped.

Did not bump version as there is no change in functionality or size.

Compile-tested on ar71xx and mvebu, both with musl.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-03 23:26:45 +02:00
Paul Wassi
ef6939b0af package/libs/mbedtls: add package with some mbedtls binaries.
Add some basic binaries required for private key and CSR generation.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:31:26 +02:00
Hauke Mehrtens
2e75914bee mbedtls: update to version 2.8.0
This fixes some minor security problems.

Old size:
162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk

New size:
163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:30:30 +02:00
Rosen Penev
af35ce1065 ncurses: Update to 6.1.
Compile tested on ar71xx.

Old size:
  6527 bin/packages/mips_24kc/base/terminfo_6.0-1_mips_24kc.ipk
141465 bin/packages/mips_24kc/base/libncurses_6.0-1_mips_24kc.ipk

New size:
  6873 bin/packages/mips_24kc/base/terminfo_6.1-1_mips_24kc.ipk
146950 bin/packages/mips_24kc/base/libncurses_6.1-1_mips_24kc.ipk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:28:36 +02:00
Rosen Penev
2a82db7ed5 libtool: Update to 2.4.6
Compile tested on mvebu.

old size:
12947 bin/packages/mips_24kc/base/libltdl_2.4-2_mips_24kc.ipk

new size:
13002 bin/packages/mips_24kc/base/libltdl_2.4.6-1_mips_24kc.ipk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:27:24 +02:00
Paul Wassi
db893ec7f0 openssl: update to 1.0.2o
Fixes CVE-2018-0739

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 10:20:20 +02:00
Felix Fietkau
5f7d134454 libubox: update to the latest version
3aad294 libubox: Plug a small memory leak.
eebe3fc utils: use constant byte-order conversion

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-23 20:56:34 +01:00
Hans Dedecker
5cbd22bb0f nghttp2: bump to 1.31.0
6e744662 Update bash_completion
478eac09 Update manual pages
88e2029e Bump up version number to 1.31.0, LT revision to 30:0:16
45d76cf5 nghttpx: Close listening socket on graceful shutdown
54573f28 Merge pull request #1137 from nghttp2/session-set-user-data
17793e99 Add nghttp2_session_set_user_data() public API function
5eac3c90 Update manual pages
e70195ae nghttpx: Update doc
fe51e7fa Merge pull request #1130 from nghttp2/avoid-inet_pton-macro
eb951c2c src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
39f0ce7c Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
65157811 Merge pull request #1123 from nghttp2/mruby-client-cert-not-before-after
e8af7afc nghttpx: Add an option to accept expired client certificate
38abfd18 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
ff3edc09 nghttpx: Fix potential memory leak
0bb15406 Bump up version number to 1.31.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-05 10:44:20 +01:00
Matthias Schiffer
05dba65569
libunwind: fix build with musl on PPC
Works around two incompatiblities between glibc and (POSIX-compliant) musl:

- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc

Compile tested on mpc85xx.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-02-25 16:58:10 +01:00
Felix Fietkau
8cdc71fc92 libnftnl: backport flowtable support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:41 +01:00
Hauke Mehrtens
9f5a4f8a42 mbedtls: activate deprecated functions
Some functions used by a lot of other software was renamed and is only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.

Fixes: 75c5ab4caf ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-16 20:09:34 +01:00
Hauke Mehrtens
75c5ab4caf mbedtls: update to version 2.7.0
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 21:58:47 +01:00
Hauke Mehrtens
b6d6e3fdf1 bunwind: build for ARM64
ARM64 is supported by libunwind since some versions, allow building it
for aarch64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:17:21 +01:00
Hans Dedecker
30d34358a9 libubox: bump to git HEAD version
b0c830 sh/jshn.sh: add json_for_each_item()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-08 13:14:36 +01:00
Hans Dedecker
ecc347dd6e nghttp2: bump to 1.30.0
f0836c7e Update manual pages
25db178b Bump up version number to 1.30.0, LT revision to 29:2:15
1b6713e6 Update AUTHORS
c1a496cf nghttpx: Fix bug that h1 backend idle timeout expires sooner
e098a211 mruby: Fix bug that response header is unexpectedly overwritten
0ba4bf51 Merge pull request #1120 from dylanplecki/issue-1119-mruby-header-overwrite
6deee203 Fix #1119: Stop overwrite of first header on mruby call to env.req.set_header(..)
6761a933 Merge pull request #1105 from nghttp2/nghttpx-upgrade-scheme
5cc3d159 nghttpx: Add upgrade-scheme parameter to backend option
652f57e7 Merge pull request #1104 from nghttp2/allow-ping-after-goaway
acd6b40e Allow PING frame to be sent after GOAWAY
0fbb46ed Merge pull request #1101 from nghttp2/remember-pushed-links
6ad629de Merge pull request #1102 from nghttp2/fix-missing-alpn-validation
74754982 nghttpx: Fix missing ALPN validation (--npn-list)
a31a2e3b nghttpx: Remember which resource is pushed
a776b0db Merge pull request #1092 from nghttp2/define-103
cfd926f0 src: Define 103 status code
72f52716 Bump up version number to 1.30.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-04 21:19:51 +01:00
Yousong Zhou
c9c2e4d78d openssl: remove call to now absent clean-staging make target
It's not needed now since commit a621b8c ("include: clean package
staging dir files before configure")

Fixes FS#1309

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-30 14:36:44 +08:00
Julien Dusser
241e6dd3e9 build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 19:02:48 +01:00
Maxim Gorbachyov
8590a5c06d libunwind: enable build for arm
Tested with perf on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
2018-01-27 16:46:45 +01:00
Yousong Zhou
2c50af0cea openssl: tell the build system that we are doing CROSS_COMPILE
So that it will not try to run c_rehash with the just built binaries on
certs/demo.

Fixes openwrt/packages#5432

Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 18:19:00 +08:00
Philip Prindeville
3d8040e04f libnftnl: update to 1.0.9
Also, drop unsupported configure options.

Don't use git retrieve but released tarball instead.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Jo-Philipp Wich
fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Jo-Philipp Wich
f089b1fda2 libubox: fix package bump
The previous commit was incorrectly rebased and referred to a not
yet existing PROJECT_GIT variable.

Fixes: d86a269c1f libubox: update to latest git HEAD
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 16:34:29 +01:00
Jo-Philipp Wich
d86a269c1f libubox: update to latest git HEAD
1c08e80 jshn: properly support JSON "null" type

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 16:28:22 +01:00
Jo-Philipp Wich
3f5e39e960 zlib: only enable NEON optimizations on eligible targets
Instead of inferring the availability of NEON support from the target
optimization flags, use a preprocessor test to decide whether to enable
ARMv8 NEON optimizations.

Fixes the following build error spotted by the mediatek/32 buildbot:

    [ 26%] Building C object CMakeFiles/zlib.dir/contrib/arm/inflate.o
    In file included from .../zlib-1.2.11/contrib/arm/chunkcopy.h:10:0,
                     from .../zlib-1.2.11/contrib/arm/inflate.c:87:
    .../arm_neon.h:31:2: error: #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
     #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
      ^
    In file included from .../zlib-1.2.11/contrib/arm/inflate.c:87:0:
    .../zlib-1.2.11/contrib/arm/chunkcopy.h:18:9: error: unknown type name 'uint8x16_t'
     typedef uint8x16_t chunkcopy_chunk_t;
             ^
    [...]
    CMakeFiles/zlib.dir/build.make:302: recipe for target 'CMakeFiles/zlib.dir/contrib/arm/inflate.o' failed

Fixes: 3acecba520 "package/libs/zlib: Add ARM and NEON optimizations"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 12:33:47 +01:00
Kevin Darbyshire-Bryant
b153dbf046 argp-standalone: clean up patch fuzz
Refresh patches to tidy up fuzz.  No functional changes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-05 11:59:59 +01:00
Daniel Engberg
cbe71649bc package/libs/zlib: Add host build
Some packages such as Python/Python3 (host pip/pip3) needs this
to compile.

More detailed explanation provided by Alexandru:

"i need the zlib/host for Python/Python3 ; because, it seems the
host pip/pip3 needs this to work ; i suspect in older versions
this worked, because some of the host's build env would be used
in the build, and then the zlib-dev from the host distro would
be used ; now, the host-build does not seem to have any
-I/usr/include stuff, which is good

and it also seems that Python/Python3 does not like it if the
zlib-dev package is too old, so using this zlib/host would be
good for this as well"

Source:
https://github.com/lede-project/source/pull/1329#issuecomment-351055861

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Daniel Engberg
0dd439141d package/libs/zlib: Add option for O3 optimization
Add option to use O3 optimization as not all devices have
space constraints. This option is default using GCC in upstream
but isn't in the CMake makefile for some reason.

Source: https://github.com/madler/zlib/blob/master/configure#L170

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Daniel Engberg
3acecba520 package/libs/zlib: Add ARM and NEON optimizations
This adds two optimizations for ARM:
NEON optimized Adler(-)32 checksum algorithm (ARMv7 and newer NEON CPUs)
ARM(v7+) specific optimization for inflate
I've also connected inflate optimization to the build using the following
source as template.
0397489124 (diff-a62ad2db6c83dbc205d34bb9a8884f16)

Additional info:
https://codereview.chromium.org/2676493007/
https://codereview.chromium.org/2722063002/

Sources:
https://github.com/madler/zlib/pull/251 (only the first commit)
https://github.com/madler/zlib/pull/256

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Daniel Engberg
383e8aeec7 package/libs/zlib: Use toolchain build logic
Use build logic provided by toolchain instead of doing it manually.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Hans Dedecker
67c1c145f0 nghttp2: bump to 1.29.0
439b9b6c (tag: v1.29.0) Update manual pages
48498452 Bump up version number to v1.29.0, LT revision to 29:1:15
d30f3816 Update manual pages
4d1139f6 Remove SPDY
48f57407 nghttpx: Update doc
c1f14d73 Update manual pages
216f4dad nghttpx: Remove redundant check
a4e27d76 Revert "nghttpx: Use an existing h2 backend connection as much as possible"
2365f12e Fix CMAKE_MODULE_PATH
03f7ec0f nghttpx: Write API request body in temporary file
2056e812 nghttpx: Increase api-max-request-body
1ebb6810 nghttpx: Faster configuration loading with lots of backends
a3ebeeaf nghttpx: Fix crash with --backend-http-proxy-uri option
422ad1be Use NGHTTP2_REFUSED_STREAM for streams which are closed by GOAWAY
97f1735c Bump up version number to 1.29.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-24 17:06:16 +01:00
Jake Staehle
e80ab48777 libiconv-full: fix compile-time linking error GCC7
LEDE Flyspray Task 1091:
Fix libiconv-full 'undefined reference' compile linker error using GCC7 Musl
Tested with targets x86 (i386 and x86_64)
Addition of CFLAGS "std=gnu89" fixes the linker issues, credit to harrylwc
Issue found with 'minidlna' package, which depends on 'libiconv-full'
Error in compile log:
../lib/.libs/libiconv.so: undefined reference to `aliases_lookup'
../lib/.libs/libiconv.so: undefined reference to `aliases2_lookup'
collect2: error: ld returned 1 exit status
Makefile:64: recipe for target 'iconv_no_i18n' failed

Signed-off-by: Jake Staehle <jacob@staehle.us>
2017-12-19 22:23:42 +01:00
Jo-Philipp Wich
902961c148 wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:39:52 +01:00
Peter Wagner
55e70c8b72 openssl: update to 1.0.2n
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-12-08 10:47:51 +01:00
Hans Dedecker
0b3087eebf nghttp2: bump to 1.28.0
939ad5dd Update manual pages
24d92b97 Add deprecation warning when spdylay support is enabled
4c92ff18 Bump up version number to 1.28.0, LT revision to 29:0:15
280db5c6 Update neverbleed
7fbcb2d0 Merge pull request #1074 from nghttp2/fix-doc
53aeb2c3 Fix doc
ff200bfc clang-format-5.0
fee3151f Switch to clang-format-5.0
99a85159 Update manual pages
2a981a3f Merge pull request #1066 from nghttp2/nghttpx-add-affinity-cookie-secure
0028275d nghttpx: Add affinity-cookie-secure parameter to backend option
ee8bfddf Merge pull request #1063 from nghttp2/error_callback2
194acb1f src: Use nghttp2_error_callback2
43a2a70a Add nghttp2_error_callback2
73344ae9 nghttpx: Use plain hex string format for client serial
c479f612 Merge pull request #1060 from nghttp2/nghttpx-add-client-serial
eca0a302 nghttpx: Add $tls_client_serial log variable
4720c5cb nghttpx: Make client serial available in mruby script
cd55ab28 nghttpx: Add function to get serial number from certificate
d402cfdf Merge pull request #1057 from nghttp2/nghttpx-add-tls-client-issuer-name
22502182 Add tls_client_issuer_name log variable and expose it to mruby
05e1fd5e Update manual pages
943d7923 Add Session Affinity section to nghttpx howto
568ecbfb doc: Add missing port
f5ddd7f4 nghttpx: Make initial_addr_idx_ unsigned
88abbce7 nghttpx: Fix compile error with gcc
16e90365 nghttpx: Fix affinity retry
fa7945c6 nghttpx: Refactor
daca43f0 nghttpx: Fix stalled backend connection on retry
16bc11e6 nghttpx: Remove duplicated util::make_socket_nodelay
6f7e94cd Merge pull request #1047 from PiotrSikora/go_vet
61efa15a integration: Fix issues reported by the `go vet` tool.
8c0ea56b Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
54905371 nghttpx: Refactor
6010d393 integration: Add tests
be5c39a1 src: Add tests
b8fda680 nghttpx: Cookie based session affinity
e29b9c12 Merge pull request #1045 from nghttp2/nghttpx-sha1-fingerprint
539e2781 nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
7008afd4 nghttpx: Refactor get_x509_fingerprint to accept hash function
77a41756 Merge pull request #1041 from nghttp2/fix-examples-client-server
b15045d6 Merge pull request #1040 from nghttp2/nghttpx-mruby-add-more-tls-vars
03084f75 examples: Make client and server work with libevent-2.1.8
60baca27 nghttpx: Add more TLS related attributes to mruby Env object
86990db2 Merge pull request #1038 from nghttp2/nghttpx-add-more-logging-vars
cb376bcd nghttpx: Add client fingerprint and subject name to accesslog
f2b8edd1 nghttpx: Fix memory leak
c4f8afcf nghttpx: Get TLS info only when it is necessary when writing accesslog
1a1a216d Merge pull request #1037 from nghttp2/nghttpx-mruby-tls-client-vars
9f80a82c nghttpx: Add client fingerprint and subject name to mruby env
c573c80b nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
3cd6817e Fix typos
d4a69658 Add another warning about mruby
8e06fe49 Fix typo
aaeeec8f Fix typos
66d5e246 Bump up version number to 1.28.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-27 10:12:03 +01:00
Rosen Penev
9052dd6534 libusb-compat: Upgrade to 0.1.15
Compile tested on ramips (mt7621)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:28 +01:00
Alexander Couzens
bd1ee909d0 wolfssl: add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-19 02:29:08 +01:00
Daniel Engberg
dca96b7546 openssl: Add optimization option
Add option to optimize for speed instead of size

cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048

=== Linksys WRT3200ACM ===

Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14111.49k    47147.75k   123375.02k   206937.09k   258828.97k
sha1             14495.71k    46763.99k   116679.94k   188115.29k   228294.66k
des cbc          22315.63k    23118.98k    23323.14k    23348.22k    23363.58k
des ede3          8085.97k     8217.26k     8255.74k     8266.41k     8273.92k
aes-128 cbc      48740.10k    52606.12k    54224.98k    56263.68k    54774.44k
aes-192 cbc      43410.83k    47325.31k    48994.05k    49377.96k    48532.14k
aes-256 cbc      39132.46k    42512.60k    43692.63k    43997.18k    44070.23k
sha256           19987.80k    47314.69k    86119.08k   109352.28k   119466.67k
sha512            8034.63k    32321.92k    47495.94k    65777.32k    74080.26k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s     49.1   1892.2
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s    168.9    156.3

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14655.49k    48561.79k   126953.56k   210741.93k   262430.72k
sha1             14607.90k    47032.15k   117725.87k   188226.22k   228499.46k
des cbc          28041.11k    29586.84k    29939.80k    30047.91k    30067.37k
des ede3         10697.93k    10899.75k    10956.97k    10972.84k    10980.01k
aes-128 cbc      58852.70k    65956.07k    68675.67k    69388.29k    69607.42k
aes-192 cbc      50299.73k    56501.23k    58491.65k    59008.00k    59159.89k
aes-256 cbc      44684.38k    47944.36k    49098.67k    49573.89k    49463.30k
sha256           19673.53k    47248.58k    86775.04k   110053.72k   119382.02k
sha512            8029.67k    32033.02k    47440.04k    65740.12k    74072.06k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s     50.8   1892.0
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s    170.0    155.0

=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3376.97k    11654.74k    32966.76k    60016.27k    80729.43k
sha1              2310.95k     6024.87k    11680.32k    15273.93k    16784.07k
des cbc           6787.21k     7014.36k     7072.49k     7088.73k     7092.48k
des ede3          2462.47k     2499.87k     2509.48k     2511.35k     2514.75k
aes-128 cbc      10014.28k    11018.87k    11308.99k    11381.03k    11406.20k
aes-192 cbc       8930.35k     9675.27k     9895.97k     9954.57k     9971.92k
aes-256 cbc       8022.81k     8624.03k     8799.60k     8843.14k     8856.07k
sha256            2546.33k     5542.19k     9326.99k    11249.03k    11969.57k
sha512             877.22k     3503.44k     4856.01k     6554.96k     7299.32k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s      9.1    319.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s     30.5     26.9

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3660.39k    12401.37k    34501.23k    62438.83k    81786.64k
sha1              3500.20k    10730.70k    25056.19k    37715.86k    44253.13k
des cbc           7189.75k     7545.88k     7641.90k     7665.71k     7672.18k
des ede3          2690.64k     2734.33k     2745.24k     2748.13k     2748.81k
aes-128 cbc      11325.29k    12731.75k    13151.34k    13259.95k    13289.55k
aes-192 cbc       9932.36k    10997.65k    11309.84k    11389.53k    11408.92k
aes-256 cbc       8845.13k     9677.01k     9920.30k     9980.77k     9996.42k
sha256            3200.50k     7107.76k    12230.85k    14933.73k    15962.15k
sha512             879.12k     3510.79k     4956.45k     6711.45k     7484.39k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s     11.7    422.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s     41.9     38.3

-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-18 21:01:26 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Felix Fietkau
d5bcd0240a libnl-tiny: use fixed message size instead of using the page size
Simplifies the code and reduces size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 12:54:15 +01:00
Alexander Couzens
6ab4521464
package/elfutils: add CFLAG -Wno-format-nonliteral
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-13 01:11:12 +01:00
Peter Wagner
164fe697f7
openssl: update to 1.0.2m
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:

../libssl.so: undefined reference to `SSLv3_client_method'

Fixes CVE: CVE-2017-3735, CVE-2017-3736

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-11-12 23:47:11 +01:00
Ralph Sennhauser
f5468d2486 openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
2017-11-06 16:39:41 +01:00