Commit graph

541 commits

Author SHA1 Message Date
Felix Fietkau
21361dbf74 uclibc++: add a patch to fix memory corruption issues on exceptions
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48928
2016-03-05 14:23:49 +00:00
Jo-Philipp Wich
c042adcf74 cyassl: disable Intel ASM for now
With ASM support enabled, CyaSSL fails to build on all x86 subtargets.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48876
2016-03-02 10:01:27 +00:00
Jo-Philipp Wich
25b34dd97f openssl: update to 1.0.2g (8 CVEs)
CVE-2016-0704

s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites. This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.

CVE-2016-0703

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they *displace* encrypted-key
bytes. This leads to an efficient divide-and-conquer key recovery attack: if
an eavesdropper has intercepted an SSLv2 handshake, they can use the server as
an oracle to determine the SSLv2 master-key, using only 16 connections to the
server and negligible computation. More importantly, this leads to a more
efficient version of DROWN that is effective against non-export ciphersuites,
and requires no significant computation.

CVE-2016-0702

A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery of
RSA keys. The ability to exploit this issue is limited as it relies on an
attacker who has control of code in a thread running on the same hyper-
threaded core as the victim thread which is performing decryptions.

CVE-2016-0799

The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings. Additionally
the internal |doapr_outch| function can attempt to write to an OOB memory
location (at an offset from the NULL pointer) in the event of a memory
allocation failure. In 1.0.2 and below this could be caused where the size
of a buffer to be allocated is greater than INT_MAX. E.g. this could be in
processing a very long "%s" format string. Memory leaks can also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data is
passed to the BIO_*printf functions. If applications use these functions in
this way then they could be vulnerable. OpenSSL itself uses these functions
when printing out human-readable dumps of ASN.1 data. Therefore applications
that print this data could be vulnerable if the data is from untrusted sources.
OpenSSL command line applications could also be vulnerable where they print out
ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is
not considered directly vulnerable. Additionally certificates etc received via
remote connections via libssl are also unlikely to be able to trigger these
issues because of message size limits enforced within libssl.

CVE-2016-0797

In the BN_hex2bn function the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this case
memory is allocated to the internal BIGNUM data field, but it is insufficiently
sized leading to heap corruption. A similar issue exists in BN_dec2bn. This
could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user
applications with very large untrusted hex/dec data. This is anticipated to be
a rare occurrence. All OpenSSL internal usage of these functions use data that
is not expected to be untrusted, e.g. config file data or application command
line arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.

CVE-2016-0798

The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. Specifically, SRP servers that configure a secret seed to hide
valid login information are vulnerable to a memory leak: an attacker connecting
with an invalid username can cause a memory leak of around 300 bytes per
connection. Servers that do not configure SRP, or configure SRP but do not
configure a seed are not vulnerable. In Apache, the seed directive is known as
SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note
that OpenSSL makes no strong guarantees about the indistinguishability of valid
and invalid logins. In particular, computations are currently not carried out
in constant time.

CVE-2016-0705

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare.

CVE-2016-0800

A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and non-
vulnerable servers can be decrypted provided another server supporting SSLv2
and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP)
shares the RSA keys of the non-vulnerable server. This vulnerability is known
as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to
perform approximately 2^50 computation, as well as thousands of connections to
the affected server. A more efficient variant of the DROWN attack exists
against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m,
1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can
avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers,
if they've not done so already. Disabling all SSLv2 ciphers is also sufficient,
provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f)
have been deployed. Servers that have not disabled the SSLv2 protocol, and are
not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
ciphers are nominally disabled, because malicious clients can force the use of
SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following
mitigation against DROWN: SSLv2 is now by default disabled at build-time.
Builds that are not configured with "enable-ssl2" will not support SSLv2.
Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl,
SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the
application explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery
have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2
56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up
are now disabled in default builds of OpenSSL. Builds that are not configured
with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength
ciphers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48868
2016-03-01 14:31:08 +00:00
John Crispin
3aceb54a3b libubox: update to latest git HEAD
adds isdir support to json_script

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 48798
2016-02-26 08:35:41 +00:00
Felix Fietkau
64da662a88 toolchain/glibc: remove obsolete versions
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48780
2016-02-25 13:43:46 +00:00
Felix Fietkau
b77a72ce0c ustream-ssl: update to the latest version, fixes openssl TLS version selection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48752
2016-02-22 08:54:46 +00:00
John Crispin
a231a9afd3 package/libs/gmp: update libgmp to 6.1.0
Update also the library version of gmp to 6.1.0.
Switch download to use the GNU alias.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 48712
2016-02-12 08:31:39 +00:00
Jo-Philipp Wich
39852286e9 libubox: properly handle "null" values in blobmsg_add_json_element()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48687
2016-02-09 22:42:48 +00:00
Hauke Mehrtens
6329349cd0 cyassl: update to wolfssl version 3.8.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48616
2016-02-01 22:38:28 +00:00
Felix Fietkau
2911212962 openssl: update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48531
2016-01-28 18:20:06 +00:00
Felix Fietkau
02ba90c228 uclient: update to the latest version, fixes connection timeout handling (#21726)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48524
2016-01-28 11:23:50 +00:00
Felix Fietkau
30a8ab5726 libubox: update to the latest version, adds usock_inet_timeout() with RFC6555 support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48523
2016-01-28 11:22:49 +00:00
Felix Fietkau
487efe2508 ustream-ssl: update to the latest version, fixes hostname validation with openssl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48503
2016-01-26 00:10:19 +00:00
Felix Fietkau
9d0703f016 uclient: update to the latest version, now truncates files when overwriting them
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48465
2016-01-23 20:02:34 +00:00
Felix Fietkau
7e29a768fa uclient: update to the latest version, improves interoperability with quirky servers
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48463
2016-01-23 18:53:17 +00:00
Felix Fietkau
87456ff286 ustream-ssl: update to the latest version, fixes handling SSL connection close notification
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48462
2016-01-23 18:53:12 +00:00
Felix Fietkau
ac734726fe uclient: update to the latest version, fixes overwrite with wget -O
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48441
2016-01-21 15:59:39 +00:00
Felix Fietkau
24f553e2d8 elfutils: fix compatibility with non-glibc builds
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48429
2016-01-21 14:08:33 +00:00
Felix Fietkau
81868a8619 gettext-full: fix relocatable patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48420
2016-01-20 23:21:03 +00:00
Felix Fietkau
285f024c88 gettext-full: use $(STAGING_DIR)/host instead of $(STAGING_DIR_HOST)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48407
2016-01-20 19:36:18 +00:00
Felix Fietkau
dcdcbdd50e gettext: use $(STAGING_DIR)/host instead of $(STAGING_DIR_HOST)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48406
2016-01-20 19:36:14 +00:00
Felix Fietkau
4c030333a3 libiconv: install to the new prefix
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48402
2016-01-20 19:12:22 +00:00
Felix Fietkau
1981ee7d75 toolchain: Reverse glibc/eglibc conditionals to check for eglibc
This will make adding future glibc versions easier because the
conditionals won't have to be modified again.

Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48399
2016-01-20 19:12:01 +00:00
Felix Fietkau
272a3e03de libiconv: change include guard to make glib2 consider it compatible
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48396
2016-01-20 13:54:30 +00:00
Felix Fietkau
99fb7d9a4e elfutils: bump to 0.165
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 48393
2016-01-20 13:54:13 +00:00
Felix Fietkau
8353ed85f2 uclient: update to the latest version, adds an auth reconnect handling fix and a small uclient-fetch command line fix
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48390
2016-01-20 10:15:25 +00:00
Felix Fietkau
f6e4badfe4 toolchain: Add glibc 2.22
Signed-off-by: Michael Marley <michael@michaelmarley.com>

SVN-Revision: 48383
2016-01-19 22:58:51 +00:00
Felix Fietkau
54baefc480 ustream-ssl: update to the latest version, fixes connection with servers requiring DHE
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48380
2016-01-19 22:41:36 +00:00
Felix Fietkau
23541c6f6f uclient: install a symlink from uclient-fetch to wget into /bin
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48379
2016-01-19 22:41:31 +00:00
Felix Fietkau
977948b15c uclient: update to the latest version, fixes a cosmetic progress bar issue
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48378
2016-01-19 22:41:18 +00:00
Felix Fietkau
8de052800a openssl: remove the separate configuration menu, use the implicit one (via MENU:=1)
Fixes warning on selecting OPENSSL_ENGINE_CRYPTO if openssl is not selected

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48312
2016-01-18 12:42:08 +00:00
Jo-Philipp Wich
1bd8400752 package/libs/libiconv: function names
Currently libiconv-stub and libiconv-full use different names
for functions iconv, iconv_open, and iconv_close.

This may lead to failures when building modules, e.g. with
apr-util when NLS is not activated.

The two modules libiconv-stub and libiconv-full should be
interchangeable, so we need the same function names.

cf.
http://git.savannah.gnu.org/cgit/libiconv.git/tree/include/iconv.h.in

After applying this patch execute

	make distclean

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

SVN-Revision: 48301
2016-01-18 09:23:17 +00:00
Felix Fietkau
c3b01ead44 uclient: update to the latest version, adds many fixes/features
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48278
2016-01-17 12:41:06 +00:00
Felix Fietkau
b075688953 ustream-ssl: fix copy&paste mistake in mbedtls variant title
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48258
2016-01-16 09:14:03 +00:00
Felix Fietkau
b0b0c319f9 polarssl: update to 1.3.16, fixes intermediate certificate validation
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48257
2016-01-16 00:20:05 +00:00
Felix Fietkau
d9494cdf6d ustream-ssl: update to the latest version, adds mbedtls variant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48256
2016-01-16 00:20:01 +00:00
Felix Fietkau
5bd5c3282b libubox: update to the latest version, adds lua/ustream fixes and extends usock
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48255
2016-01-16 00:19:54 +00:00
Felix Fietkau
6665bbb1a0 mbedtls: update to version 2.2.1
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48254
2016-01-16 00:19:47 +00:00
Jo-Philipp Wich
b809725eb1 gettext-full: make autopoint and gettextize reloctable
The autopoint and gettextize host utilities contain hardcoded staging dir
paths which need to be overridden for the SDK environment.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48208
2016-01-12 07:51:56 +00:00
Felix Fietkau
da19a09b9e Revert "package/libs/libtool: rename to libltdl"
This reverts commit r48149

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48169
2016-01-10 11:39:19 +00:00
Felix Fietkau
3e0615fe8f package/libs/zlib: new package zlib-dev
The patch adds a new package zlib-dev. It contains all files needed for
compiling a program using the zlib library:

/usr/include/zconf.h
/usr/include/zlib.h
/usr/lib/libz.a
/usr/lib/pkgconfig/zlib.pc

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

SVN-Revision: 48151
2016-01-07 21:08:13 +00:00
Felix Fietkau
d65fe30d9b package/libs/libtool: rename to libltdl
Source package libtool is used to package libltdl.
Unfortunately binary libtoolize is missing.
Packaging libtoolize would depend on package file which is in the
packages feed.
Felix Fietkau suggested to rename source libtool to libltdl
and to create a new package libtool in packages.

This patch contains the renaming.

CC: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

SVN-Revision: 48149
2016-01-07 21:08:00 +00:00
Felix Fietkau
04d7cf87e3 ustream-ssl: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48126
2016-01-04 15:12:53 +00:00
Felix Fietkau
dce9fb3006 librpc: move to git.openwrt.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48125
2016-01-04 15:12:37 +00:00
Felix Fietkau
9cd6162b63 packages: use OPENWRT_GIT to point at the main openwrt git repo
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48118
2016-01-04 15:11:49 +00:00
John Crispin
c75c8ab6a6 libnl: fix warning with poll.h include on musl
Warning is:
  #warning redirecting incorrect #include <sys/poll.h> to <poll.

Not a big issue.
But it can be annoying when building with -Werror set.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 48004
2015-12-23 19:26:26 +00:00
John Crispin
395dd083fc OpenSSL: Added source/old to PKG_SOURCE_URL
OpenSSL moves old versions of the library from
http://www.openssl.org/source/ to
http://www.openssl.org/source/old/$version/ breaking the old links.
That behavior breaks the OpenWRT-build every time OpenSSL releases
a new version.

This patch adds http://www.openssl.org/source/old/$version/ to the
PKG_SOURCE_URL of OpenSSL to avoid breaking the build whenever
OpenSSL releases a new version.

Signed-off-by: Kevin Kirsch <ranlvor@starletp9.de>
Reviewed-by: Alexander Dahl <post@lespocky.de>

SVN-Revision: 47860
2015-12-11 15:07:40 +00:00
John Crispin
354aa80ada ncurses: Fix build of libncursew
Packages using libncursesw can fail to build if both libncurses and libncursesw
are not installed. Currently the ncurses.h file is installed in "usr/include/ncursesw"
directory and includes other .h files in the "usr/include" directory incorrectly.
For example: Including <ncursesw/ncurses.h> fails due to these references. These build
changes will set the correct include paths within the developer includes.

Packages that expect ncurses.h (or curses.h) in the default "usr/include" path fail
even when expecting to build with libncursesw and will need to be fixed as well. However,
they cannot be fixed until this patch is applied.

Signed-off-by: Ted Hess <thess@kitschensync.net>

SVN-Revision: 47853
2015-12-11 15:06:01 +00:00
Felix Fietkau
8af89bbcb6 popt: remove xgettext prereq check, it is not necessary
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47826
2015-12-10 12:40:19 +00:00
Hauke Mehrtens
f1d3b08fc0 openssl: add config option for no_hw support
The hardware support is required by some 3rd party engines (tpm)

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>

SVN-Revision: 47817
2015-12-09 22:26:40 +00:00
Hauke Mehrtens
52df3181c1 cyassl: update to wolfSSL version 3.7.0
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925

The activation of SSLv3 support is needed for curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47791
2015-12-05 15:45:31 +00:00
Hauke Mehrtens
82c491708b openssl: update to version 1.0.2e
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47726
2015-12-03 21:01:57 +00:00
Hauke Mehrtens
9453b61c94 mbedtls: update to version 2.1.3
This fixes some non critical bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47725
2015-12-03 21:01:18 +00:00
Hauke Mehrtens
8c058ae0bd polarssl: update to version 1.3.15
This is a minor version update which fixes some small bugs. None of
these bugs were exploitable according to the release notes.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 47724
2015-12-03 21:00:45 +00:00
Hauke Mehrtens
bd527a8d18 gettext-full: activate format-security checks
This patch was taken from upstream libcroco

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47585
2015-11-22 14:18:04 +00:00
Hauke Mehrtens
146dab8841 gettext-full: update to version 0.19.6
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47584
2015-11-22 14:17:11 +00:00
Felix Fietkau
1e06647d37 libnl-tiny: include <sys/socket.h>
Currently some libnl headers require application code to include
dependencies on its own. E.g. a simple include of <linux/netlink.h>
will trigger an error:
/usr/include/libnl-tiny/linux/netlink.h:32:2: error: unknown type name 'sa_family_t'

Similarly including <netlink/handlers.h> causes:
/usr/include/libnl-tiny/netlink/handlers.h:133:19: warning: 'struct ucred' declared inside parameter list [enabled by default]

Fix it by including <sys/socket.h> where needed in libnl headers.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47456
2015-11-11 11:39:21 +00:00
Felix Fietkau
77c25c2dd1 elfutils: bump to 0.164
Patches are refreshed except for elfutils-portability, which is gone:
https://lists.fedorahosted.org/pipermail/elfutils-devel/2015-October/005290.html

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 47453
2015-11-11 08:32:28 +00:00
Felix Fietkau
79e14650e0 toolchain: remove obsolete relinking code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47445
2015-11-10 21:11:03 +00:00
Felix Fietkau
f7939f5e74 gcc: remove version 4.6, it is no longer needed
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47443
2015-11-10 21:10:53 +00:00
Felix Fietkau
d965d94b22 libubox: update to the latest version, adds a small json_script feature
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47418
2015-11-08 20:39:01 +00:00
Felix Fietkau
1242463489 librpc: update to the latest version, fixes build with uclibc-ng (#20856)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47382
2015-11-04 18:33:12 +00:00
John Crispin
4ce2b7cda5 libpcap: USB support by default if usbmon is enabled
If building usbmon support then you'll likely want to have
USB support in libpcap as well.

Signed-off-by: Bjørn Mork <bjorn@mork.no>

SVN-Revision: 47265
2015-10-26 09:02:03 +00:00
Hauke Mehrtens
b792ea7ac0 polarssl: update to version 1.3.14
This fixes CVE-2015-5291 and some other smaller security issues.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47201
2015-10-18 21:48:32 +00:00
Hauke Mehrtens
43d397d7d6 mbedtls: update to version 2.1.2
This fixes CVE-2015-5291 and some other smaller security issues.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47200
2015-10-18 21:48:04 +00:00
Luka Perkov
75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Luka Perkov
c420373557 libnl: fix URL
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>

SVN-Revision: 47183
2015-10-11 22:19:25 +00:00
Felix Fietkau
f0ce8d24e6 libnl: Install include files into libnl3
Install header files into same location as pkgconfig/libnl-3.0.pc says:
  Cflags: -I${includedir}/libnl3

Signed-off-by: Bruno Randolf <br1@einfach.org>

SVN-Revision: 47102
2015-10-02 16:24:15 +00:00
Felix Fietkau
b976097bc6 libnl: split libnl into smaller libraries
Some modules may require only libnl-genl, some
libnl-route and fewer would require libnl-nf.

This patch splits the entire libnl package into smaller
more granular libs that can be installed individually as required.

Also added libnl*.so symlinks for convenience.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 47037
2015-09-24 09:08:52 +00:00
John Crispin
c35420c6a5 libubox: update to latest git revision
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46937
2015-09-15 06:12:42 +00:00
Felix Fietkau
b13d8e55a7 argp-standalone: fix build error with gcc 5.2 (#20460)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46813
2015-09-08 07:10:07 +00:00
Felix Fietkau
3ae9c4fcad uclibc++: fix build with gcc 5.2
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46777
2015-09-03 13:15:05 +00:00
Felix Fietkau
41a9f280c4 libpcap: update to version 1.7.4
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46776
2015-09-03 13:14:56 +00:00
Steven Barth
37160e21bb polarssl: bump to 1.3.12
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46762
2015-09-01 18:48:15 +00:00
Steven Barth
bef52af66f polarssl: Fix build failures due to PKG_NAME != dir name
Packages that depend on PolarSSL fail to build because polarssl's InstallDev
section never actually gets executed because (prior to this patch) the package
name does not match the subdir the package is in (presumably due to upstream
name change).  As a workaround I have changed the package name back to
polarssl and used a new variable SRC_PKG_NAME for the purposes of downloading
the upstream tarball and creating PKG_BUILD_DIR.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 46683
2015-08-18 08:37:38 +00:00
Hauke Mehrtens
252bcd379a cyassl: the upstream package in version 4.6.0 changed
Update the md5sum to the new version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46551
2015-08-03 20:34:28 +00:00
Luka Perkov
18721fa120 openssl: add one more mirror
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 46517
2015-07-28 21:54:44 +00:00
Steven Barth
da337e211e mbedtls: package version 2.0, make polarssl compatible
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46484
2015-07-24 22:26:44 +00:00
Jo-Philipp Wich
48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth
f3cacb9e84 uclibc++: link libssp_nonshared only for musl
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46192
2015-07-06 08:55:28 +00:00
Hauke Mehrtens
69a2459c66 cyassl: update to wolfssl 3.6.0
Upstream wolfssl already has better checks to detect broken ssl v2
ClientHellos, we can remove our hack.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46168
2015-07-03 23:20:36 +00:00
Hauke Mehrtens
9177e16098 cyassl: version bump to 3.4.6
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46167
2015-07-03 23:20:01 +00:00
Jo-Philipp Wich
27b9bf4493 uclibc++: make g++-uc* wrappers relocatable
The g++-uc wrapper hardcodes $(STAGING_DIR) and $(TOOLCHAIN_DIR) paths which
will not work outside of the original build environment.

Replace the hardcoded staging_dir occurences with paths relative to the
$STAGING_DIR environment variable to make the g++-uc* wrappers usable in an
SDK environment.

Fixes the libdb47 build failure reported at
  https://lists.openwrt.org/pipermail/openwrt-devel/2015-April/032455.html

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46162
2015-07-03 13:33:05 +00:00
Steven Barth
6d48dcb8d5 libubox: fix MD5 for musl on big-endian platforms
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46145
2015-06-29 14:12:38 +00:00
Steven Barth
a47a5dd28d elfutils: bump to 0.163
Bugfix only release.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 46136
2015-06-29 06:47:31 +00:00
Jo-Philipp Wich
a98549b8ec libiconv-full: fix build with fortify source
Avoid redefining `realpath` to fix the following error:

    .../include/fortify/stdlib.h:36:13: error: 'realpath' undeclared here (not in a function)

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46127
2015-06-25 12:13:57 +00:00
Steven Barth
933b588e25 uclibc++: link against libssp_nonshared instead of libssp
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46076
2015-06-20 18:36:52 +00:00
Steven Barth
34aeffef08 libpcap: fixup libtool
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46074
2015-06-20 17:37:28 +00:00
Steven Barth
8a9fd81e55 uclibc++: only disable SSP for ppc
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46067
2015-06-19 14:36:37 +00:00
Steven Barth
38da12f7e4 uclibc++: honor ldflags, disable SSP
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46066
2015-06-19 14:09:02 +00:00
Steven Barth
4d548dce67 libtool: enable passthrough for SSP options
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46065
2015-06-19 13:45:48 +00:00
Steven Barth
6e3b087de8 libnl-tiny: honor CFLAGS when linking
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46029
2015-06-18 08:13:04 +00:00
Felix Fietkau
535f58c362 libusb-compat: fix musl compatibility issues
Use stdint types instead of non-standard ones

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

SVN-Revision: 46025
2015-06-18 06:39:09 +00:00
Steven Barth
6ac38545c9 openssl: disable parallel builds (spurious linking break)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46005
2015-06-16 17:28:11 +00:00
Felix Fietkau
7ba6500d2c elfutils: bump to 0.162
Besides source.tgz, 001-elfutils-portability.patch (provided by upstream
project) where updated.

Other patches where updated to fix hulk warnings and minor conflicts.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 45984
2015-06-15 07:46:21 +00:00
Felix Fietkau
b98fb76646 elfutils: import package from packages.git
elfutils is required by perf. So we'll move this package from
packages.git and make it part of the core distribution.

Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45969
2015-06-14 17:43:40 +00:00
Felix Fietkau
389144d701 argp-standalone: import package from packages.git
argp-standalone is required by elfutils, itself required by perf. So
we'll move this package from packages.git and make it part of the core
distribution.

Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45967
2015-06-14 17:43:28 +00:00
Felix Fietkau
0c66367e3f libubox: update to the latest version, adds a few fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45959
2015-06-14 17:41:33 +00:00
Steven Barth
38e0845bd7 openssl: 1.0.2c (srsly, you guys, srsly)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45950
2015-06-12 20:49:20 +00:00
Steven Barth
085a75aec2 openssl: fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45947
2015-06-11 20:36:46 +00:00
Steven Barth
89c8d78d31 openssl: 1.0.2b (hey, we made it nearly 3 months this time!)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45946
2015-06-11 20:28:44 +00:00
Jo-Philipp Wich
645635801d ustream-ssl: fix compilation against current PolarSSL/mbedTLS version
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45934
2015-06-09 16:52:12 +00:00
Steven Barth
2f463c1112 polarssl: bump to 1.3.11
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45925
2015-06-08 07:38:13 +00:00
Hauke Mehrtens
c1a3a1ac2d ncurses: Fix building with gcc 5.1
This patch is taken from the gentoo guys who extracted this from a large
upstream commit (with many unrelated changes).

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 45878
2015-06-02 21:54:54 +00:00
Felix Fietkau
e79506709f libubox: update to the latest version, adds a base64 implementation
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45641
2015-05-08 12:35:41 +00:00
Felix Fietkau
af9672cfde ustream-ssl: correct year in PKG_VERSION string
ustream-ssl: correct the year in the PKG_VERSION string, as both r45157 and
r45441 left the old year 2014 there. For a casual user it may seem that the
current code is from April 2014, although
a4ca61527236e89eb9efb782fd9bfd04796144e3 is from April 2015.

http://nbd.name/gitweb.cgi?p=ustream-ssl.git;a=commit;h=a4ca61527236e89eb9efb782fd9bfd04796144e3
https://dev.openwrt.org/changeset/45441/
https://dev.openwrt.org/changeset/45157/

signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45623
2015-05-08 10:43:48 +00:00
Felix Fietkau
334ad1d49f polarssl: include PKG_RELEASE in ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45610
2015-05-05 10:14:04 +00:00
Felix Fietkau
34cacae2b9 polarssl: disable runtime version checks to save some space
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45607
2015-05-05 10:00:49 +00:00
Felix Fietkau
434bf8a90b polarssl: disable an unused random number generator
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45606
2015-05-05 10:00:36 +00:00
Steven Barth
4d9694981b nettle: bump to 3.1.1
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45595
2015-05-03 11:19:42 +00:00
Felix Fietkau
4d58f0f4d9 Revert "ncurses: cleanup InstallDev"
This reverts r43204. The symlinks are faulty, as they point to a
temporary staging dir

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45569
2015-04-23 11:06:15 +00:00
Steven Barth
18f55ddf7d nettle: bump to 3.1
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45526
2015-04-20 20:47:42 +00:00
Felix Fietkau
1233e38be8 libnl-tiny: link library with -Bsymbolic-functions
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45510
2015-04-19 18:33:19 +00:00
Felix Fietkau
384ac9cdf7 uclient: update to the latest version, fixes a crash in processing redirect/disconnect after headers
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45446
2015-04-14 21:05:45 +00:00
John Crispin
da2742db3b ustream-ssl: update to latest git HEAD
fixes long writes when using polarssl

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45441
2015-04-14 19:01:24 +00:00
Felix Fietkau
baef360adb librpc: update to the latest version, fixes musl compatibility issues (#19445)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45366
2015-04-10 20:02:55 +00:00
John Crispin
3d248c4dee openssl: disable arm optimisation until we know why it fails on some socs
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45343
2015-04-10 08:27:55 +00:00
Nicolas Thill
fe46689f10 packages: use $(LN) macro, make symlinks relative
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45250
2015-04-03 00:07:43 +00:00
Nicolas Thill
b8dccba8f2 ustream-ssl: fix SNI when building against cyassl
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45224
2015-04-01 15:11:38 +00:00
Nicolas Thill
32085b22b0 libreadline: cleanup Makefile, fix shlib perms
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45223
2015-04-01 15:11:32 +00:00
John Crispin
426d3abe8f cyassl: add --enable-ecc as its needed when using the CA certificates
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45217
2015-04-01 13:00:45 +00:00
John Crispin
97b3237307 ustream-ssl: enable SNI when building for cyassl
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45216
2015-04-01 10:42:33 +00:00
John Crispin
b233fdcfa2 cyassl: add support for SSL_set_tlsext_host_name
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45215
2015-04-01 10:42:28 +00:00
John Crispin
67bf89324d ustream-ssl: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45157
2015-03-30 13:17:27 +00:00
Felix Fietkau
2d13d8dc76 conntrack-tools: update package (along with associated libraries) to the latest version, fix musl build issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45077
2015-03-28 10:19:26 +00:00
Felix Fietkau
a24db9522c update libnetfilter_conntrack to version 1.0.4
This updates libnetfilter_conntrack to the latest
stable version 1.0.4 which was released Aug-06-2013.

Changeset is available here:
http://git.netfilter.org/libnetfilter_conntrack/log/

Signed-off-by: Christian Mehlis <christian@m3hlis.de>

SVN-Revision: 45074
2015-03-28 10:19:04 +00:00
Felix Fietkau
6aba44bfe0 toolchain: drop obsolete references to the coldfire target
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44975
2015-03-25 14:29:17 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
Felix Fietkau
512066dba4 toolchain: remove obsolete checks for avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44963
2015-03-24 10:07:25 +00:00
John Crispin
752fc0c8d3 libubox: update to latest git HEAD
fix a bug the made uloop_end() not work when called from within a uloop_process
callback handler

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44945
2015-03-22 19:30:04 +00:00
Steven Barth
3006bc6904 openssl: biweekly critical security update
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44900
2015-03-20 08:14:42 +00:00
Nicolas Thill
4b382a440b packages: some (e)glibc fixes after r44701
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44842
2015-03-16 12:25:06 +00:00
Felix Fietkau
8733c8103b json-c: merge an upstream fix for a compiler warning (fixes #19187)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44826
2015-03-16 07:54:55 +00:00
John Crispin
3e2f578353 toolchain: The glorious return of glibc, ver 2.21
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)

[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44701
2015-03-12 19:50:57 +00:00
John Crispin
59c20174f8 json-c: update to 0.12 and bump all depending services
Version 0.12 deprecates json_object_object_get and moves the header files around

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44657
2015-03-11 15:54:33 +00:00
John Crispin
8573891dfe openssl: enable ARM assembly acceleration
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.

Based on a patch submitted by Daniel Drown:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html

Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>

SVN-Revision: 44618
2015-03-06 07:57:10 +00:00
Jo-Philipp Wich
e0f48f8d30 libubox: implement ulog_close() and call it on ulog_open()
This is required to properly update syslog idents when switching between
log modes.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44546
2015-02-26 13:42:44 +00:00
Jo-Philipp Wich
948483f93c libubox: introduce generic logging api
Update to git head in order to introduce the new ulog() logging api which
supports early boot logging to dmesg.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44542
2015-02-26 10:25:18 +00:00
Nicolas Thill
4b8ebb5d50 packages: remove uneeded PKG_BUILD_DIR overrides
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44498
2015-02-22 01:31:21 +00:00
Jo-Philipp Wich
7aa5766ad1 libevent2: remove defunct download mirror
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44380
2015-02-10 18:55:44 +00:00
Steven Barth
909af3fa4b openssl: fix upstream regression for non-ec builds
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44364
2015-02-09 15:26:35 +00:00
Steven Barth
1a014d170a polarssl: bump to 1.3.10, work around rename to mbedtls
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44361
2015-02-09 12:44:32 +00:00
Steven Barth
2ca8a6cce4 openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44332
2015-02-09 12:04:00 +00:00
Jo-Philipp Wich
74338a700a libevent2: update to v2.0.22
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44289
2015-02-06 10:30:04 +00:00
Jo-Philipp Wich
66fe4fd966 ncurses: add host build for 'tic'
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44282
2015-02-05 23:18:42 +00:00
John Crispin
43b0486a1d libubox: update to latest git HEAD
adds "ignore SIGPIPE by default"

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44178
2015-01-28 12:08:04 +00:00
Felix Fietkau
bc31129b03 gmp: use http instead of ftp download (#18805)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44082
2015-01-23 10:54:56 +00:00
Felix Fietkau
e10da3edbf libubox: update to the latest version
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44080
2015-01-23 10:54:45 +00:00
Jo-Philipp Wich
555492e41a polarssl: patch CVE-2015-1182
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44060
2015-01-20 12:49:54 +00:00
Rafał Miłecki
7aba4f1539 uclient: update to the latest version with timeout support
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 44053
2015-01-19 16:02:59 +00:00
Rafał Miłecki
e171dc4cf5 libubox: update to the latest commit with JSON and usock fixes
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 44052
2015-01-19 15:56:06 +00:00
John Crispin
09a08fb9e6 toolchain: Add libatomic when using external toolchain
Otherwise libatomic cannot be used in conjunction with external toolchains.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 43998
2015-01-17 13:58:03 +00:00
John Crispin
748d452899 add pkgconfig information for popt library
Modify makefile to record pkgconfig information for the popt library.

Signed-off-by: Mike Brady <mikebrady@eircom.net>

SVN-Revision: 43994
2015-01-17 12:52:28 +00:00
Steven Barth
3138207f48 openssl: update to 1.0.1l *sigh*
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43976
2015-01-15 17:59:06 +00:00
Felix Fietkau
2ff6a5f618 libusb: update to version 1.0.19
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43930
2015-01-11 16:14:23 +00:00
Felix Fietkau
64e7b41b2e popt: update to latest upstream version, fixes build breakage after autofools changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43901
2015-01-09 19:52:27 +00:00
Jo-Philipp Wich
5cda3e9f7f gettext-full: update to v0.19.4
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43896
2015-01-09 14:51:29 +00:00
Steven Barth
dbca1e5662 openssl: bump to 1.0.1j
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43875
2015-01-08 18:29:26 +00:00
Steven Barth
2c4d88c503 openssl: fix CVE-2014-3569
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43858
2015-01-06 09:59:55 +00:00
Felix Fietkau
5e6f099edb nettle: add CONFIG_LIBNETTLE_MINI to PKG_CONFIG_DEPENDS to fix rebuild issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43852
2015-01-05 13:03:55 +00:00
Steven Barth
c6c0c275bc libnftnl: bump to upstream release 1.0.3
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43729
2014-12-16 09:22:49 +00:00
Steven Barth
21bf45edd2 cyassl: bump to 3.3.0
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43728
2014-12-16 09:16:00 +00:00
Steven Barth
e90e143852 libnftnl: bump to latest git
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43706
2014-12-14 16:03:18 +00:00
Felix Fietkau
d54e759611 toolchain: do not include libatomic.so in the libc package
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43699
2014-12-13 23:58:47 +00:00
Jonas Gorski
e983ee54fd libnl-tiny: fix receiving netlink messages larger than 4K
Apply libnl commit 807fddc4cd9ecb12ba64e1b7fa26d86b6c2f19b0 ("nl:
Increase receive buffer size to 4 pages") also to libnl-tiny to ensure
netlink messages larger than 4KiB can be received, as the restart logic
seems to be broken.

This fixes iwinfo accessing info on dual band b43 cards, as they can
support a lot of channels, breaking the 4K default limit (seen was >5k).

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 43633
2014-12-11 19:35:48 +00:00
Felix Fietkau
0636bb43ae toolchain: disable libatomic for gcc 4.6
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43623
2014-12-11 17:52:22 +00:00
Felix Fietkau
37c5b92d40 uclient: update to the latest version, fixes HTTP digest auth processing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43600
2014-12-10 16:03:02 +00:00
Felix Fietkau
d928d333e3 libnl-tiny: remove dead code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43599
2014-12-10 16:02:49 +00:00
Florian Fainelli
acf4691904 libbsd: add support for aarch64
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 43354
2014-11-24 06:33:34 +00:00
Felix Fietkau
2ff709e38f libubox: fix a variable handling regression in jshn
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43351
2014-11-23 22:53:14 +00:00
Felix Fietkau
e4d207542e libubox: update to the latest version, adds some jshn optimizations
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43350
2014-11-23 20:10:07 +00:00
Felix Fietkau
061319ec3d lzo: disable unaligned access for everything except x86
Fixes issues on ARM

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43349
2014-11-23 20:10:02 +00:00
Jonas Gorski
4b16b90152 toolchain: musl: fix symlink for ldd
ld-musl-*.so* is a symlink "broken" for the hostsystem, so wildcard
will skip it, causing LD_MUSL_NAME to empty and the ldd symlink pointing
to ../../lib directly.
This causes sysupgrade failing to copy any linked libaries and
consequently failing to run anything after switching to ram disk.

Fix this by creating a symlink directly pointing to where ld-musl-*.so*
points to.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 43314
2014-11-19 12:17:34 +00:00
Nicolas Thill
f4417f7ad8 package/*: replace occurences of 'ln -sf' to '$(LN)'
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205
2014-11-06 19:35:34 +00:00
Nicolas Thill
bd92e9806b ncurses: cleanup InstallDev
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43204
2014-11-06 19:35:23 +00:00
Nicolas Thill
8d515b3b40 libusb-compat: cleanup InstallDev
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43203
2014-11-06 19:35:14 +00:00
Steven Barth
2a5ad9cf0b openssl: reenable CMS (broke krb5)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43176
2014-11-04 08:37:06 +00:00
Steven Barth
6d1d02eefb polarssl: update to 1.3.9
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43170
2014-11-03 19:36:06 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Steven Barth
6a4a437e04 openssl: optimize build options, disable old SSL versions
Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43123
2014-10-30 13:11:04 +00:00
John Crispin
6dc6e4ed08 libiconv: do not replace untranslatable characters with * or ?
Instead throw an -EILSEQ error.

Signed-off-by: Tjalling Hattink <t.hattink@fugro.nl>

SVN-Revision: 43089
2014-10-27 15:51:25 +00:00
Felix Fietkau
9ac5cfe1ba openssl: fix target definition for x86_64 (#18182)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43045
2014-10-24 13:23:39 +00:00
Steven Barth
0b3fec7e80 libnftnl: bump to latest
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43012
2014-10-21 20:00:46 +00:00
John Crispin
b52651a66e openssl: host build fails when ccache is enabled
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43002
2014-10-20 11:19:53 +00:00
Felix Fietkau
82c182f828 Revert "openssl: add host build."
This reverts commit r42988

SVN-Revision: 42997
2014-10-20 09:18:21 +00:00
John Crispin
c8ad508d37 openssl: add host build.
Only support Linux at the moment.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 42988
2014-10-20 06:29:27 +00:00
Felix Fietkau
f2a4294ab5 toolchain: drop the mips softfloat symlink hack
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42975
2014-10-19 21:46:03 +00:00
Felix Fietkau
4c4157e287 toolchain: when using musl, install a symlink from ld-musl-*.so to /usr/bin/ldd
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42974
2014-10-19 21:45:58 +00:00
Felix Fietkau
0a7bd0c8b9 openssl: add ABI_VERSION to fix package rebuild issues (fixes #18169)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42963
2014-10-19 16:19:07 +00:00
Felix Fietkau
fedcfd0303 polarssl: do not build the unused programs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42960
2014-10-19 09:43:31 +00:00
Felix Fietkau
b6086a3079 polarssl: add missing version bump
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42949
2014-10-18 09:20:38 +00:00
Felix Fietkau
e5daecce98 polarssl: disable SSLv3 support, fixes CVE-2014-3566 (POODLE)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42947
2014-10-18 09:17:31 +00:00
Jo-Philipp Wich
7949a3d381 openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Also refresh patches and bump copyright year in Makefile.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42929
2014-10-16 08:32:54 +00:00
John Crispin
607b3cac36 package: add libnetfilter-log.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 42921
2014-10-14 19:01:16 +00:00
John Crispin
ea74a1119e libubox: update to latest git
this adds a new helper for setting/overriding the signal handlers

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42917
2014-10-14 15:53:00 +00:00
Steven Barth
e263cd27ee libnftnl: bump to 2014-10-02
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42799
2014-10-06 05:30:36 +00:00
Steven Barth
64e3cb9fe8 toolchain: Fix libthreaddb not being installed
Signed-off-by: Michel Stam <m.stam@fugro.nl>

SVN-Revision: 42752
2014-10-02 19:47:39 +00:00
Steven Barth
af8367a00b libnftnl: bump for bugfixes
SVN-Revision: 42697
2014-09-29 08:31:31 +00:00