Commit Graph

1389 Commits

Author SHA1 Message Date
Hauke Mehrtens
27657050d0 mbedtls: update to 3.6.2
Fixes the following security problem:
* CVE-2024-49195: Fix a buffer underrun in mbedtls_pk_write_key_der()
  when called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, and
  the output buffer is smaller than the actual output. Fix a related
  buffer underrun in mbedtls_pk_write_key_pem() when called on an opaque
  RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled and MBEDTLS_MPI_MAX_SIZE is
  smaller than needed for a 4096-bit RSA key.

Link: https://github.com/openwrt/openwrt/pull/16768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-24 20:17:27 +02:00
Felix Fietkau
2923935093 uclient: update to Git HEAD (2024-10-22)
88ae8f208dd3 uclient-http: fix a typo

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-10-22 13:15:54 +02:00
Hauke Mehrtens
573367038c uclient: update to Git HEAD (2024-06-27)
e035d57 uclient-fetch: improve error handling
a220818 uclient-fetch: add support for --header cmdline argument

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-20 23:59:51 +02:00
Stijn Tintel
36e67f7b62 libbpf: bump to 1.4.6
Release notes:
https://github.com/libbpf/libbpf/releases/tag/v1.4.6

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2024-10-13 22:29:11 +03:00
Hauke Mehrtens
08dc2691e0 libnl: update to 3.10.0
Changes:
fa05d58e (tag: libnl3_10_0) libnl-3.10.0 release
490ffa07 python: fix flake8 warnings
6fc66dd8 doc: workaround LINK_DOC with empty libnl.dict
914812a9 lib: avoid overflow in computation of s_seq_next
5248e1a4 all: fix and enable "-Wsign-compare" warning
9451842e build: use AC_USE_SYSTEM_EXTENSIONS instead of defining _GNU_SOURCE
20664e1e build: move "-DPGKLIBDIR" and rename
81cab7da build: cleanup defining SYSCONFDIR on command line
cf47571c build: drop unnecessary "-Wno-missing-field-initializers" from default CFLAGS
131008f7 build: add "-Wvla" and "-Wdeclaration-after-statement" to default CFLAGS
7e05b622 lib: add internal _nla_len() helper
32688201 route: treat routes with via nexthops as universe scoped as well
c36c7faa format: reformat "include/base/nl-base-utils.h"
49f78229 tests: add a very basic test for route cache
2ebbc034 tests: add NLTstSelectRoute test helper
d784f2cb tests: set NLTST_IN_CI for not skipping tests accidentally
dcb9e2ef route: add missing priority to route_keygen() debug print
d44505ed tests: add helper to detect availablility of iproute2
774863b4 tests: add helper functions for tests
45a10f96 route: move "struct rtnl_nexthop" to "nl-priv-dynamic-route"
153f213b build: fix "check-progs" target in "Makefile.am"
a1e0b8b2 github: print test-suite.log in case of test failure
3e080631 route: expose nexthop id attribute
401c2488 tests: fix _nltst_object_to_string() to print one line only
529c2ab8 route: drop unused fields from "struct rtnl_route"
71e59e14 build: separate build tests from unit tests
8539b7d3 format: reformat "tests/nl-test-util.h" file
6db85366 route: merge branch 'bisdn:jogo_route_nh_cmp'
861fb809 route: use the new helper function for comparing nexthops
8cf29d7b nexthop: add a identical helper function
7cc72d19 utils: reserve the nl_has_capabiliy numbers for releases 3.10 - 3.12
30da5107 github,clang-format: update fedora version for clang-format
2301992b route: fix IPv6 ecmp route deleted nexthop matching
72e4d73f cache: merge branch 'ievenbach:aurora/cache-mgr-cb'
3381acef cache: use cleanup attribute in nl_cache_mngr_alloc_ex()
32cb9f39 cache: cleanup nl_cache_mngr_alloc_ex()
1dbdc30a cache: allow to allocate cache manager with custom refill socket
18b74e08 tests: test compiling all public headers with C++ compiler
691202bf tests: don't use $COMPILE for building header tests
15d90cbf include: add _NL_NO_WARN_DEPRECATED_HEADER for suppressing warning about deprecated headers
8a5f671a tests: avoid "-Wunused-parameter" warning in build headers test
db1a9d7d route: avoid compiler warning about calloc() arguments in rtnl_netem_set_delay_distribution()
3a43faa1 cache: fix new object in callback v2 on updated objects
46cae1bf socket: fix ubsan complaint about incorrect left-shift in generate_local_port()
96ddcd99 all: merge branch 'th/nl-debug'
13ab0122 github: test with --enable-debug=no configure option
264b244e utils: always define nl_debug_dp
dbe21b8d core: always define statements for NL_DBG()
e592dd89 build: always define NL_DEBUG
58734974 all: use defines for attributes
0c16c9cb route/bison: include "nl-default.h" in lex/yacc files
19d48b0f route: add support for layer 3 filtering on bridges
3646398d route: merge branch 'Cordell-O:main'
e21278ed tests: add test for bridge vlan attributes.
4f324f73 route: add support for vlan filtering on bridge ports.
bf071f2b route: Add support to set ageing time for dynamic bridge table entries
b76c3a5d tests: add unit test for `nl_addr_parse("default", AF_INET6, &addr6)`
8693347f lib/xfrm: add missing #include <time.h>

Small size increase:
   955 bin/packages/mips_24kc-old/base/libnl200_3.9.0-r1_mips_24kc.ipk
 11157 bin/packages/mips_24kc-old/base/libnl-cli200_3.9.0-r1_mips_24kc.ipk
 34896 bin/packages/mips_24kc-old/base/libnl-core200_3.9.0-r1_mips_24kc.ipk
  7698 bin/packages/mips_24kc-old/base/libnl-genl200_3.9.0-r1_mips_24kc.ipk
 25400 bin/packages/mips_24kc-old/base/libnl-nf200_3.9.0-r1_mips_24kc.ipk
148366 bin/packages/mips_24kc-old/base/libnl-route200_3.9.0-r1_mips_24kc.ipk
   956 bin/packages/mips_24kc-new/base/libnl200_3.10.0-r1_mips_24kc.ipk
 11154 bin/packages/mips_24kc-new/base/libnl-cli200_3.10.0-r1_mips_24kc.ipk
 34965 bin/packages/mips_24kc-new/base/libnl-core200_3.10.0-r1_mips_24kc.ipk
  7699 bin/packages/mips_24kc-new/base/libnl-genl200_3.10.0-r1_mips_24kc.ipk
 25385 bin/packages/mips_24kc-new/base/libnl-nf200_3.10.0-r1_mips_24kc.ipk
149852 bin/packages/mips_24kc-new/base/libnl-route200_3.10.0-r1_mips_24kc.ipk

Link: https://github.com/openwrt/openwrt/pull/16592
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-05 12:33:38 +02:00
Hauke Mehrtens
6c00a462d1 libxml2: update to 2.13.4
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.0
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.1
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.2
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.3
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.4

Small size reduction:
415095 bin/packages/mips_24kc-old/base/libxml2_2.12.6-r1_mips_24kc.ipk
 87175 bin/packages/mips_24kc-old/base/libxml2-dev_2.12.6-r1_mips_24kc.ipk
 20190 bin/packages/mips_24kc-old/base/libxml2-utils_2.12.6-r1_mips_24kc.ipk
398070 bin/packages/mips_24kc-new/base/libxml2_2.13.4-r1_mips_24kc.ipk
 86760 bin/packages/mips_24kc-new/base/libxml2-dev_2.13.4-r1_mips_24kc.ipk
 19479 bin/packages/mips_24kc-new/base/libxml2-utils_2.13.4-r1_mips_24kc.ipk

Link: https://github.com/openwrt/openwrt/pull/16593
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-05 12:31:43 +02:00
Hauke Mehrtens
271097101f libxml2: update to 2.12.9
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.8
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.9

This fixes:
CVE-2024-34459: Fix buffer overread with xmllint --htmlout
CVE-2024-40896: Fix XXE protection in downstream code

Link: https://github.com/openwrt/openwrt/pull/16593
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-05 12:31:33 +02:00
Hauke Mehrtens
12f067a5f3 libjson-c: update to 0.18
Release Notes:
https://github.com/json-c/json-c/blob/json-c-0.18-20240915/ChangeLog

This restores ABI compatibility with version 0.16 used in OpenWrt 23.05.

Small size increase:
24263 bin/packages/mips_24kc-old/base/libjson-c5_0.17-r1_mips_24kc.ipk
24403 bin/packages/mips_24kc-new/base/libjson-c5_0.18-r1_mips_24kc.ipk

Link: https://github.com/openwrt/openwrt/pull/16591
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-10-05 12:29:20 +02:00
Chukun Pan
38bb47c36c openssl: update download mirrors
New releases of openssl are only published on GitHub, and official
downloads are also redirected to GitHub. So remove the old download
mirrors (file 404), and replace the current address with https.

Link: https://openssl-library.org/source/
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/16470
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-25 23:30:22 +02:00
Yanase Yuki
0b6f38c60a libusb: update to 1.0.27
- Remove unnecessary SourceForge mirror
- Use HTTPS url

Signed-off-by: Yanase Yuki <dev@zpc.st>
Link: https://github.com/openwrt/openwrt/pull/16372
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 18:20:44 +02:00
Yanase Yuki
c19da4be9a mbedtls: update to 3.6.1
- This release fixes CVE-2024-45157, CVE-2024-45158, CVE-2024-45159
- Use official release archive instead of git mirror
- Update website url

Signed-off-by: Yanase Yuki <dev@zpc.st>
Link: https://github.com/openwrt/openwrt/pull/16371
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 17:57:15 +02:00
Ivan Pavlov
c7671a22dc libpcap: update to 1.10.5
Changes: https://git.tcpdump.org/libpcap/blob/bbcbc9174df3298a854daee2b3e666a4b6e5383a:/CHANGES

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16401
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-22 17:41:32 +02:00
Ivan Pavlov
62d3773bf1 openssl: update to 3.0.15
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate.

This release incorporates the following bug fixes and mitigations:

  * Fixed possible denial of service in X.509 name checks (CVE-2024-6119)

  * Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535)

Added github releases url as source mirror

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16332
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-09-06 23:44:56 +02:00
Petr Štetiar
0e8b701794 ustream-ssl: update to Git HEAD (2024-07-28)
99bd3d2b167c ustream-openssl: fix compilation with OPENSSL_NO_DEPRECATED

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/16020
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-25 17:27:32 +02:00
Aleksey Vasilenko
f8ed29932f libunistring: update to 1.2
Release notes:
  https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob_plain;f=NEWS

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16065
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-07 18:05:32 +02:00
Hauke Mehrtens
91573ac145 ncurses: Fix path in ncursesw.pc
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.

Fixes: #15942
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://github.com/openwrt/openwrt/pull/16018
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-28 19:30:35 +02:00
Tony Ambardar
2bebf13357 libbpf: Update to v1.4.5
Update to the latest upstream release to include recent improvements and
bugfixes.

Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.5
Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.4
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-07-19 12:14:47 -07:00
Hauke Mehrtens
3a0232ffd3 wolfssl: Update to version 5.7.2
This fixes multiple security problems:
 * [Medium] CVE-2024-1544
   Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.

 * [Medium] CVE-2024-5288
   A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.

 * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.

 * [Low] CVE-2024-5991
   In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.

 * [Medium] CVE-2024-5814
   A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.

 * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.

 * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.

Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.

Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-15 23:57:44 +02:00
novenary enneagon
d92c42f469 ncurses: add foot terminfo
Add terminfo file for the terminal emulator foot.

https://codeberg.org/dnkl/foot

Signed-off-by: novenary enneagon <novenary@kwak.zip>
Link: https://github.com/openwrt/openwrt/pull/15915
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-10 12:53:27 +02:00
Rosen Penev
2beadefaa0 readline: override termlib for host
For some reason, it's not working right locally. Override as is done
with the target build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15916
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-10 09:39:32 +02:00
Rosen Penev
d7a76fc351 readline: fix pkgconfig usage
ncurses is built with wide support enabled, which enables libncursesw.
The problem is, the ncurses build system only supplies ncursesw or
ncurses.pc but not both. The other problem is, the readline build tests
for libncurses before the w variant, making its pc file unusable as
there is no ncurses.pc file to satisfy the Required: ncurses section.

Just override the library.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15864
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-08 09:44:21 +02:00
Rosen Penev
1b141cb3d1 ncurses: enable pc files in the host build
Needed for things such as readline that depend on ncurses.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15864
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-08 09:44:21 +02:00
Sean Khan
31ec4515c3 openssl: conditionally disable engine section
Currently, the build option to enable/disable engine support isn't
reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
is always enabled, producing an error whenever running any
commands in openssl util or programs that explicitly use settings
from '/etc/ssl/openssl.cnf'.

```
➤ openssl version
FATAL: Startup failure (dev note: apps_startup()) for openssl
307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
Error loading shared library libengines.so: No such file or directory
307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
```

Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
if not explicitly enabled.

Example:
```
[openssl_init]
providers = provider_sect
```

After this change, openssl util works correctly.

```
➤ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
```

Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15661
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-06-22 16:31:23 +02:00
Carlos Miguel Ferreira
76c863fe60
libquadmath: Add libquadmath to the toolchain
This commit makes the libquadmath library available to the GCC
toolchain. This library is important for libraries such as
Boost.charconv

Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15637
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-17 13:12:29 +02:00
John Audia
bac2f1bed6 openssl: update to 3.0.14
Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024]

* Fixed potential use after free after SSL_free_buffers() is called.
  [CVE-2024-4741]
* Fixed checking excessively long DSA keys or parameters may be very slow.
  [CVE-2024-4603]
* Fixed an issue where some non-default TLS server configurations can cause
  unbounded memory growth when processing TLSv1.3 sessions. An attacker may
  exploit certain server configurations to trigger unbounded memory growth that
  would lead to a Denial of Service.  [CVE-2024-2511]
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
  is registered when libcrypto is unloaded. This can be used on platforms
  where using atexit() from shared libraries causes crashes on exit

Signed-off-by: John Audia <therealgraysky@proton.me>

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
2024-06-08 23:29:31 +02:00
Tony Ambardar
56b15913af libbpf: Update to v1.4.3
Update to the latest upstream release to include recent improvements and
bugfixes, and simplify use of PKG_SOURCE_VERSION.

Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.3
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-06-08 14:21:40 +02:00
Rany Hany
a41747ac8e mbedtls: fix build on GCC 14
Without this patch, GCC 14 incorrectly complains about the following error:

In file included from /home/user/workspace/mbedtls/library/ctr_drbg.c:13:
In function ‘mbedtls_xor’,
    inlined from ‘ctr_drbg_update_internal’ at /home/user/workspace/mbedtls/library/ctr_drbg.c:372:5:
/home/user/workspace/mbedtls/library/common.h:235:17: error: array subscript 48 is outside array bounds of ‘unsigned char[48]’ [-Werror=array-bounds=]
  235 |         r[i] = a[i] ^ b[i];
      |                ~^~~
/home/user/workspace/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
/home/user/workspace/mbedtls/library/ctr_drbg.c:335:19: note: at offset 48 into object ‘tmp’ of size 48
  335 |     unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
      |                   ^~~
In function ‘mbedtls_xor’,
    inlined from ‘ctr_drbg_update_internal’ at /home/user/workspace/mbedtls/library/ctr_drbg.c:372:5:
/home/user/workspace/mbedtls/library/common.h:235:24: error: array subscript 48 is outside array bounds of ‘const unsigned char[48]’ [-Werror=array-bounds=]
  235 |         r[i] = a[i] ^ b[i];
      |                       ~^~~
/home/user/workspace/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
/home/user/workspace/mbedtls/library/ctr_drbg.c:333:57: note: at offset 48 into object ‘data’ of size [0, 48]
  333 |                                     const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN])
      |                                     ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘mbedtls_xor’,
    inlined from ‘ctr_drbg_update_internal’ at /home/user/workspace/mbedtls/library/ctr_drbg.c:372:5:
/home/user/workspace/mbedtls/library/common.h:235:14: error: array subscript 48 is outside array bounds of ‘unsigned char[48]’ [-Werror=array-bounds=]
  235 |         r[i] = a[i] ^ b[i];
      |         ~~~~~^~~~~~~~~~~~~
/home/user/workspace/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
/home/user/workspace/mbedtls/library/ctr_drbg.c:335:19: note: at offset 48 into object ‘tmp’ of size 48
  335 |     unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
      |                   ^~~

This change adds a basic check to silence the warning until a solution is worked on upstream.
As this check is already used by another compiler, it shouldn't cause any issues for us.

Signed-off-by: Rany Hany <rany_hany@riseup.net>
2024-05-31 10:33:06 +02:00
Tony Ambardar
d44d35f106 libbpf: Update to v1.4.2
Update to the latest upstream release to include recent improvements and
bugfixes.

Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.2
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-05-21 08:02:55 +02:00
Felix Fietkau
1a2c171909 mbedtls: export cmake files
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-05-07 12:50:27 +02:00
Tony Ambardar
8cf28cc6a5 libbpf: Update to v1.4.1
Update to the latest upstream release to include recent improvements and
bugfixes.

Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.1
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-05-06 22:41:31 +02:00
Pascal Ernster
064d4a8083 libxml2: update to 2.12.6
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6

Changelog (taken from the release notes):
- Regressions
  - parser: Fix detection of duplicate attributes in XML namespace
  - xmlreader: Fix xmlTextReaderConstEncoding
  - html: Fix htmlCreatePushParserCtxt with encoding
  - xmllint: Return error code if XPath returns empty nodeset

Compile-tested: x86_x64, Q35 VM, OpenWRT SNAPSHOT r26135-a8bfdf2ed4d9
Run-tested: x86_x64, Q35 VM, OpenWRT SNAPSHOT r26135-a8bfdf2ed4d9
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
2024-05-05 21:45:52 +02:00
Weijie Gao
3f28c422ba libunwind: add support for loongarch64
Modify package depends to allow building for loongarch64.
Also fix for building with musl.

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-05-04 14:14:24 +08:00
Weijie Gao
33cd87079b openssl: add linux64-loongarch64 into the targets list
Add "linux64-loongarch64-openwrt" into openssl configurations to enable
building on loongarch64 machines.

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-05-04 14:14:24 +08:00
Weijie Gao
6eafcd86b8 toolchain: Disable libtsan and liblsan sanitizer on loongarch64
libtsan and liblsan are not supported by glibc on loongarch64

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-05-04 14:14:24 +08:00
Hauke Mehrtens
adc29202c2 mbedtls: Remove Kconfig options removed from mbedtls 3.6.0
These options are not available in mbedtls 3.6.0 and selecting them
causes an error.

MBEDTLS_CERTS_C was removed in:
1aec64642c

MBEDTLS_XTEA_C was removed in:
10e8cf5fef

MBEDTLS_SSL_TRUNCATED_HMAC was removed in:
4a7010d1aa

Fixes: 0e06642643 ("mbedtls: Update to version 3.6.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-29 01:32:36 +02:00
Marius Dinu
ff0bb196eb libaudit: update to 3.1.4, join with daemon and utils, rename
Changes:
- new URL for sources (old address is dead)
- daemon and utils from packages feed are merged in here
  - only build once
  - no need to update at the same time in both places
- update to v3.1.4
  - removed unneeded patches
  - added audisp-syslog
  - removed audispd (no longer exists)
- rename and move to package/utils/audit
  - update new path in one dependent package

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
2024-04-29 00:53:43 +02:00
Weijie Gao
f9e3fb59c7 libunwind: update to 1.8.1
Rebased patches:
- 003-fix-missing-ef_reg-defs-with-musl.patch
- 004-ppc-musl.patch

Signed-off-by: Weijie Gao <hackpascal@gmail.com>
2024-04-28 23:32:08 +02:00
Hauke Mehrtens
0e06642643 mbedtls: Update to version 3.6.0
This adds support for mbedtls 3.6.0.
The 3.6 version is the next LTS version of mbedtls.
This version supports TLS 1.3.

This switches to download using git. The codeload tar file misses some
git submodules.

Add some extra options added in mbedtls 3.6.0.

The size of the compressed ipkg increases:
230933 bin/packages/mips_24kc/base/libmbedtls13_2.28.7-r2_mips_24kc.ipk
300154 bin/packages/mips_24kc/base/libmbedtls14_3.6.0-r1_mips_24kc.ipk

The removed patch was integrated upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-28 21:42:37 +02:00
Fabrice Fontaine
a4f723e04e package/libs/libjson-c: fix PKG_CPE_ID
cpe:/a:json-c:json-c is the correct CPE ID for libjson-c:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️json-c:json-c

Fixes: c61a239514 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15292
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-27 23:44:20 +02:00
Fabrice Fontaine
27d1ebb46a package/libs/pcre2: fix PKG_CPE_ID
cpe:/a:pcre:pcre2 is the correct CPE ID for pcre2:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️pcre:pcre2

Fixes: c39b0646f3 (pcre2: import pcre2 from packages feed)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2024-04-27 12:05:43 +02:00
Tony Ambardar
098bde1f3e gettext-full: update to 0.22.5
Release Announcement:
https://savannah.gnu.org/news/?group_id=425

Refresh:
- 200-libunistring-missing-link.patch

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Hauke Mehrtens
f475a44c03 wolfssl: Update to 5.7.0
This fixes multiple security problems:
 * [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.

 * [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
   Zhang, Qingni Shen for the report (Peking University, The University
   of Western Australia)."

 * [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
   Qingni Shen for the report (Peking University, The University of
   Western Australia).

Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 23:01:03 +02:00
Hauke Mehrtens
360ac07eb9 mbedtls: Update to 2.28.8
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 22:24:11 +02:00
Felix Fietkau
ea609fe486 uclient: update to Git HEAD (2024-04-19)
e8780fa7792a uclient: fix http regression

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-19 20:06:47 +02:00
Felix Fietkau
a339894691 uclient: update to Git HEAD (2024-04-19)
704c78111a92 uclient-http: use ustream_ssl without ustream_fd

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-19 18:00:23 +02:00
Felix Fietkau
7334337064 ustream-ssl: update to Git HEAD (2024-04-19)
524a76e5af78 ustream-ssl: add support for using a fd instead of ustream as backing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-19 18:00:23 +02:00
Felix Fietkau
66019e456f uclient: update to Git HEAD (2024-04-18)
c2bf660d88ec lib: add log_msg callback to get more detailed log messages
9adb4ca5219d uclient-fetch: add uclient / ustream-ssl log messages (enabled via -v)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-18 22:27:51 +02:00
Felix Fietkau
8992767956 ustream-ssl: update to Git HEAD (2024-04-18)
f9a28a9ce864 ustream-ssl: poll connection on incomplete reads
3c49e70c4622 ustream-ssl: increase number of read buffers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-18 22:27:50 +02:00
Felix Fietkau
e4453d1f81 ustream-ssl: update to Git HEAD (2024-04-18)
60d8fbb5e669 mbedtls: handle session tickets for TLS 1.3
ac42af7981ae mbedtls: add ifdefs to fix legacy compatibility
af7c3532ad49 mbedtls: another cosmetic ifdef fix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-18 13:18:48 +02:00
Felix Fietkau
d4742de1d7 Revert "elfutils: fix a missing typedef in the last update"
This reverts commit a9e22ffa50.
After doing a clean rebuild, it turns out that this change is not necessary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 22:05:24 +02:00