Backport upstream commits that sync the local kernel header
copies in this library, with up to date copies. These updated
headers ensure that libnetfilter-log users can use current
kernel functionality such as requesting that conntrack
information be appended to nflog events sent to userspace via
the NFULNL_CFG_F_CONNTRACK flag. This functionality has been
available since kernel version 4.4
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
Split utility packages similar to coreutils in packages feed, adding
ALTERNATIVES for those which are also provided by busybox-selinux.
Also add missing license information.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Drop patches as they've been upstreamed:
* 001-Fix-CVE-2020-12762.patch
Refresh patches:
* 000-libm.patch
Add patch to avoid build failure due to missing docs in tarball.
Signed-off-by: David Bauer <mail@david-bauer.net>
This also sets the ABI_VERSION as this is a versioned shared library.
The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk 18.692
new:
jansson4_2.13.1-1_mips_24kc.ipk 19.171
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.
* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Drop init script from libaudit package. It will be added to the
'audit' package in the packages feed.
Fixes: efdf619f21 ("audit: build only libaudit")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Switched to upstream tarballs.
Switched to libcxxabi as using libsupc++ is quite wonky.
Fixed description.
Removed patches. The fixes are cosmetic.
Added ssp patch. This one is needed for i386 and powerpc under musl.
Compile tested every C++ package in the tree with the exception of
several boost packages. There's something broken with boost.
Ran tested with gerbera.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This will be used for libcxx.
libcxxabi is needed as libsupc++ is not good enough for libcxx. It uses
GCC specific stuff which causes failed compilation for some packages.
There are also runtime issues, most notably with cxxopts where the
program just crashes.
Reference: https://github.com/gerbera/gerbera/issues/795
Added patch to fix ARM compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 3.1]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[removed python part for inclusion in core]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As the package curl has been moved to packages.git and only libcurl
depends on libnghttps move it as well to packages.git.
This is based on the Hamburg 2019 decision that non essential packages
should move outside base.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).
Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The most recent patch added add lines in one block instead of in the
appropriate places to keep Makefiles in consistent style. Fix that.
Fixes: ff02e1561f ("pcre: add host variant of libpcre")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Dependencies are meant to express actual run-time dependencies and
strictly speaking, libselinux can be build and used on kernels without
SELinux (not in a very meaningful way, but never mind).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The pkgconfig file references the host directories, not the openwrt
ones. Used SED to fix as is done elsewhere. Removed CMAKE_INSTALL as a
result.
Removed now pointless CFLAGS.
Added PKG_BUILD_PARALLEL for faster compilation.
Various rearrangements for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The last commit to this package that added the pkgconfig file did not
fix the paths to point to the prefix.
This allows packages to find lzo properly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CMake is less error prone that autotools and also compiles faster.
Fixed license information.
Added pkgconfig file to InstallDev so that packages that use it can
find lzo.
Before:
time make package/lzo/compile -j 12
________________________________________________________
Executed in 20.87 secs fish external
usr time 26.95 secs 0.00 micros 26.95 secs
sys time 5.49 secs 305.00 micros 5.49 secs
After:
time make package/lzo/compile -j 12
________________________________________________________
Executed in 13.22 secs fish external
usr time 19.59 secs 328.00 micros 19.59 secs
sys time 4.03 secs 10.00 micros 4.03 secs
Time output is with fish shell. make clean was ran before both attempts.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
f4e9bf73ac5c examples/lua: attempt to highlight some traps
53b9a2123fc6 lua/uloop: fd_add: use absolute indices for arguments
c0941d3289fc lua/uloop: make get_sock_fd capable of absolute addresses
161c25960ba2 lua/uloop: fd_add() better args checking
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Before this change, setting the verbosity to anything with V=blah would
cause uclibc++ build to print errors to the screen. Now, it the
clibc++ build verbosity will be altered in the following manners:
* V=s will set V=1 in the uclibc++ build
* V=sc will set V=2 in the uclibc++ build
Signed-off-by: Wren Turkal <wt@penguintechs.org>
The original text was copy/pasted from some other package.
Adjust the package title and description to match the description
on the publishers page.
Signed-off-by: Catalin Patulea <catalinp@google.com>
[slightly adjust content and commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This replace the shell script header of ldd
when it install to `/usr/bin/ldd` where
`#! /..../staging_dir/host/bin/bash`
should be
`#!/bin/sh`
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>