Commit Graph

589 Commits

Author SHA1 Message Date
Felix Fietkau
d5bcd0240a libnl-tiny: use fixed message size instead of using the page size
Simplifies the code and reduces size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 12:54:15 +01:00
Alexander Couzens
6ab4521464
package/elfutils: add CFLAG -Wno-format-nonliteral
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-13 01:11:12 +01:00
Peter Wagner
164fe697f7
openssl: update to 1.0.2m
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:

../libssl.so: undefined reference to `SSLv3_client_method'

Fixes CVE: CVE-2017-3735, CVE-2017-3736

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-11-12 23:47:11 +01:00
Ralph Sennhauser
f5468d2486 openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
2017-11-06 16:39:41 +01:00
John Crispin
bd60c9063d bubox: update to latest git HEAD
729f47f jshn: read and write 64-bit integers

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 10:06:35 +01:00
Yousong Zhou
f0c37f6ceb libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches.  This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.

The error message:

    OpenWrt-libtool: link: ccache_cc -shared  -fPIC -DPIC  .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o  -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive  -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc  -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib   -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
    .libs/os-linux.o: In function `_Ux86_get_elf_image':
    os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
    Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lresume.o: In function `_ULx86_resume':
    Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
    collect2: error: ld returned 1 exit status
    Makefile:2249: recipe for target 'libunwind.la' failed

The snippet from gcc -dumpspecs

    %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-06 10:49:58 +08:00
Felix Fietkau
eb58eba08b uclient: update to the latest version, fixes fetch of multiple files
4b87d83 uclient-fetch: fix overloading of output_file variable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-02 22:54:09 +01:00
Hans Dedecker
f90f94d2c1 nghttp2: switch to release tarball
Switch from git to xz release tarball as there's no good reason to keep
using git when release tarballs are provided.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-01 22:08:14 +01:00
Baptiste Jonglez
098afa1e1b openssl: Enable assembler optimizations for aarch64
OpenSSL is built with the generic linux settings for most targets,
including aarch64.  These generic settings are designed for 32-bit CPU and
provide no assembler optmization: this is widely suboptimal for aarch64.

This patch simply switches to the aarch64 settings that are already
available in OpenSSL.

Here is the output of "openssl speed" before the optimization, with
"(...)" representing build flags that didn't change:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)

And after this patch, OpenSSL uses 64 bit mode and assembler optimizations:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)  -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM

Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3:

    before# openssl speed sha aes blowfish
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3918.89k     9982.43k    19148.03k    24933.03k    27325.78k
    sha256            4604.51k    10240.64k    17472.51k    21355.18k    22801.07k
    sha512            3662.19k    14539.41k    21443.16k    29544.11k    33177.60k
    blowfish cbc     16266.63k    16940.86k    17176.92k    17237.33k    17252.35k
    aes-128 cbc      19712.95k    21447.40k    22091.09k    22258.35k    22304.09k
    aes-192 cbc      17680.12k    19064.47k    19572.14k    19703.13k    19737.26k
    aes-256 cbc      15986.67k    17132.48k    17537.28k    17657.17k    17689.26k

    after# openssl speed sha aes blowfish
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              6770.87k    26172.80k    86878.38k   205649.58k   345978.20k
    sha256           20913.93k    74663.85k   184658.18k   290891.09k   351032.66k
    sha512            7633.10k    30110.14k    50083.24k    71883.43k    82485.25k
    blowfish cbc     16224.93k    16933.55k    17173.76k    17234.94k    17252.35k
    aes-128 cbc      19425.74k    21193.31k    22065.74k    22304.77k    22380.54k
    aes-192 cbc      17452.29k    18883.84k    19536.90k    19741.70k    19800.06k
    aes-256 cbc      15815.89k    17003.01k    17530.03k    17695.40k    17746.60k

For some reason AES and blowfish do not benefit, but SHA performance
improves between 1.7x and 15x.  SHA256 clearly benefits the most from the
optimization (4.5x on small blocks, 15x on large blocks!).

When using EVP (with "openssl speed -evp <algo>"):

    # Before, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3824.46k    10049.66k    19170.56k    24947.03k    27325.78k
    sha256            3368.33k     8511.15k    16061.44k    20772.52k    22721.88k
    sha512            2845.23k    11381.57k    19467.69k    28512.26k    33008.30k
    bf-cbc           15146.74k    16623.83k    17092.01k    17211.39k    17249.62k
    aes-128-cbc      17873.03k    20870.61k    21933.65k    22216.36k    22301.35k
    aes-192-cbc      16184.18k    18607.15k    19447.13k    19670.02k    19737.26k
    aes-256-cbc      14774.06k    16757.25k    17457.58k    17639.42k    17686.53k

    # After, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              7056.97k    27142.10k    89515.86k   209155.41k   347419.99k
    sha256            7745.70k    29750.06k    95341.48k   211001.69k   332376.75k
    sha512            4550.47k    18086.06k    39997.10k    65880.75k    81431.21k
    bf-cbc           15129.20k    16619.03k    17090.56k    17212.76k    17246.89k
    aes-128-cbc      99619.74k   269032.34k   450214.23k   567353.00k   613933.06k
    aes-192-cbc      93180.74k   231017.79k   361766.66k   433671.51k   461731.16k
    aes-256-cbc      89343.23k   209858.58k   310160.04k   362234.88k   380878.85k

Blowfish does not seem to have assembler optimization at all, and SHA
still benefits (between 1.6x and 14.5x) but is generally slower than in
non-EVP mode.

However, AES performance is improved between 5.5x and 27.5x, which is
really impressive!  For aes-128-cbc on large blocks, a core i7-6600U
@2.60GHz is only twice as fast...

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-10-31 10:43:10 +08:00
Hans Dedecker
f6c01306cb nghttp2: bump to 1.27.0
Changes in v1.27.0 :

build: Fixed accidental compiler flags concatenation for MSVC (Patch from LazyHamster) (GH-1029)
build: Reduce libxml2 version requirement to 2.6.26 (Patch from Mike Lothian) (GH-1020)
asio: Support for Windows / MinGW (Patch from Daniel Evers) (GH-1027)
h2load: Print out h2 header fields with --verbose option (GH-1015)
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only (GH-1016)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:05:33 +01:00
Stefan Oberhumer
06e41056aa libs/lzo: Reenable unaligned access on ARM, PPC, ...
Due a compiler bug on ARM targets
 ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit 061319ec3d .

A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.

Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
2017-10-24 13:24:04 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Stijn Tintel
7695f144eb libnetfilter_conntrack: switch to git
In order to build conntrack-tools from git, a newer version of
libnetfilter_conntrack is required. As 1.0.6 is currently the latest
release, switch to git.

b0a7cf7 include: expose a copy of nf_conntrack_common.h
f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat()
79dac5a conntrack: revert getobjopt_is_nat() condition
b266523 libnetfilter_conntrack: bump version to 1.0.7
e870432 labels: don't crash on NULL labelmap

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:12:00 +03:00
Stijn Tintel
bcfc39b763 libnetfilter_queue: bump to git HEAD
b39cac7 src: Correct typo in the location of internal.h in #include
58cb066 src: Declare the define visibility attribute together
e84b559 Revert "src: Declare the define visibility attribute together"
003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute
63973da doc: extend the doxygen section about NFQA_CFG_F_GSO
d7f74c7 build: bump version to 1.0.3
3f9eb57 build: bump library release version too
601abd1 doc: Add information about retrieving UID/GID/SECCTX fields

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:06:06 +03:00
Stijn Tintel
9e9696afc8 treewide: switch git.netfilter.org to HTTPS
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 21:10:36 +03:00
Hans Dedecker
0e265dc0c7 nghttp2: add libnghttp2 package
The nghttp2 library is an implementation of the Hypertext Transfer
Protocol version 2 in C; it supports RFC7540 and RFC7541.
The package enables only the reusable C library; binary size is 130K (X86)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Hans Dedecker
470b13975d libubox: bump to git HEAD version
632688e utils: nuke bitfield functions and macros
f714be1 uloop: make SIGCHLD signal handling optional

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:00 +02:00
Hans Dedecker
47f3645930 libubox: fix uloop race condition
7a10576 uloop: Fix race condition in SIGCHLD handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-21 23:03:36 +02:00
Alexandru Ardelean
7bc80364b7 libs/wolfssl: bump to version 3.12.0 ; add myself as maintainer
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
41706d05b9 libs/wolfssl: adjust symbol defaults against libwolfssl defaults
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
8334a23679 libs/wolfssl: disable hardening check in settings.h
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.

```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[  2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"

```

Hardening is enabled by default in libwolfssl at build-time.

However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).

This looks like a small bug/issue with wolfssl.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
d03c23c8d4 cyassl,curl,libustream-ssl: rename every cyassl to wolfssl
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
560b7334ec libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Kevin Darbyshire-Bryant
69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
2017-09-11 01:56:14 +02:00
Matthias Schiffer
f12a5b8f6d
uclient: update to 2017-09-06
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-06 15:46:03 +02:00
Lucian Cristian
b90fb5ffe1 openssl: update to version 1.0.2l
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-07-28 23:07:17 +02:00
Stijn Tintel
462ca4e059 zlib: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-07-14 08:45:55 +02:00
Stijn Tintel
b3cba687a4 lzo: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-07-14 08:45:40 +02:00
Daniel Golle
2be603783b ncurses: add libnucrses-dev package
It's needed to use the SDK and IB on an OpenWrt/LEDE host.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-07-08 23:19:31 +02:00
Magnus Kroken
329f6a96b7 mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Daniel Golle
04063820e8 libreadline: add host-build
Also make sure that the PKG_NAME and folder name are equal.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-24 14:38:14 +02:00
Yousong Zhou
77dc6a2ae7 libunwind: update to version 1.2.1
Changes since 1.2

    a77b0cd Bump version to v1.2.1
    5f354cb mips/tilegx: Add missing unwind_i.h header file
    620d1c3 Add aarch64 getcontext functionality.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-19 14:43:09 +08:00
Felix Fietkau
98634205fd libubox: update to the latest version, fixes a runqueue use-after-free bug
7237302 md5: add "const" qualifier to the "file" argument
fa9937c json_script: enable custom expr handler callback
368fd26 uloop: allow specifying a timeout for uloop_run()
6a7fb7d runqueue: fix use-after-free bug
4bc3dec uloop: fix a regression in timeout handling
fd57eea uloop: allow passing 0 as timeout to uloop_run

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 11:51:41 +02:00
Florian Fainelli
484f768dfa elfutils: Pass -Wno-unused-result to silence warnings as errors
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:

dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
       strerror_r (error & 0xffff, s, sizeof(s));
                  ^
cc1: all warnings being treated as errors

Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:03 -07:00
Felix Fietkau
e6d4235ae5 json-c: disable implicit fallthrough warning (gcc 7)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Yousong Zhou
5d48dc1146 libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.

Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-22 11:07:40 +08:00
Luiz Angelo Daros de Luca
ccc54b2935 elfutils: bump to 0.169
Removed patches (now upstream):
- 004-maybe-uninitialized.patch
- 007-fix_TEMP_FAILURE_RETRY.patch

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-05-18 07:59:56 +02:00
Daniel Engberg
74395d97a9 libs/libnftnl: Update to 1.0.7
Update libnftnl to 1.0.7

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 17:22:58 +02:00
Florian Fainelli
c258bc781f toolchain: Package libgomp
Some external toolchains may be configured to enable OpenMP. Provide a
package for these libraries which can be used by other packages.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-11 13:42:55 -07:00
Daniel Engberg
7dc2a581b9 libs/libpcap: Rework URLs
Add mirror and use main site as last resort.
Source: http://www.tcpdump.org/mirrors.html

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-22 09:16:23 +01:00
Daniel Engberg
480a6aec98 libs/openssl: Refresh mirror list
Refresh mirror list, some doesn't offer OpenSSL and add main site as last resort.
Source: https://www.openssl.org/source/mirror.html

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-22 09:16:23 +01:00
Daniel Engberg
cc5721c3b8 lzo: Update to 2.10
Update lzo to 2.10

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-20 08:25:49 +01:00
Alexey Brodkin
51d9ac61c7 libnl: Fix building with uClibc
uClibc doesn't implement strerror_l() and thus libnl starting from
3.2.29 couldn't be compiled with it any longer, see
6c2d111177

To work-around that problem we'll just do a check on strerror_l()
availability during configuration and if it's not there just fall back
to locale-less strerror().

Patch for libnl is alreadfy merged upstream, see
e15966ac7f
and once the next libnl release happens this one must be removed from
Lede/OpenWrt.

Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: John Crispin <john@phrozen.org>
Cc: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-16 11:28:28 +01:00
Hauke Mehrtens
b6a8b43dd2 toolchain: add musl libc.so to external toolchain
musl provides a /lib/libc.so file which should be integrated into the libc
package when the external toolchain with musl is used.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-03-15 22:31:11 +01:00
Hauke Mehrtens
7b52278154 mbedtls: update to version 2.4.2
This fixes the following security problems:
* CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
* SLOTH vulnerability
* Denial of Service through Certificate Revocation List

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 20:04:32 +01:00
Florian Fainelli
7f0c95a7df toolchain: Allow external toolchains to specify libthread-db
We need to let external toolchains be able to specify the path and
specification file to the libthread-db POSIX thread debugging shared
libraries.

This fixes GDB not being able to be installed because it is depending on
libthread-db:

Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies
 * for gdb:
 *      libthread-db *
 * opkg_install_cmd: Cannot install package gdb.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-04 11:19:56 -08:00
Florian Fainelli
9e740fa5a5 openssl: Use mkhash for STAMP_CONFIGURED
The current way of creating a STAMP_CONFIGURED filename for OpenSSL can
lead to an extremely long filename that makes touch unable to create it,
and fail the build.

Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a
shortert stamp file,

Fixes #572

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:52 -08:00
Ted Hess
23dff07148 libubox: Update to latest version
9d6305a utils: Change calloc_a() to return size_t aligned pointers

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-02-24 15:32:47 -05:00
Martin Schiller
fdfde3eb21 libpcap: add optional netfilter support
This is needed to use the nflog interface with tcpdump

Signed-off-by: Martin Schiller <mschiller@tdt.de>
2017-02-22 22:52:30 +01:00
Felix Fietkau
7df0069bb5 mbedtls: add --function-sections and --data-sections to CFLAGS
This allows binaries that links these libraries statically to be reduced
by using --gc-sections on link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 16:05:03 +01:00