Commit graph

495 commits

Author SHA1 Message Date
Magnus Kroken
4b8c69258e mbedtls: enable MBEDTLS_DHM_C
This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x.
DHM_C is also already enabled in the PolarSSL 1.3.x config.h.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-12 10:22:19 +01:00
Alexandru Ardelean
8cb476c853 libs: libnetfilter-queue: update to a newer version in git repo
Last release of libnetfilter-queue was in 2012.
There don't seem to be any release tarballs since then.

This updates it to a more recent version, pointing to the git repo.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-12-04 11:41:53 +01:00
Hauke Mehrtens
abedd718aa cyassl: update to wolfssl version 3.9.10
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 21:35:35 +01:00
Hauke Mehrtens
99ea26883b mbedtls: update to version 2.4.0
This fixes two minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:38:20 +01:00
Hauke Mehrtens
280fdac18f polarssl: update to version 1.3.18
This fixes two minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:36:34 +01:00
Felix Fietkau
a2e197d972 libubox: update to the latest version
- Improves C++ compatibility
- Adds static initializers for the kvlist API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-01 20:14:52 +01:00
Florian Fainelli
a9dce48b22 libnl-tiny: Remove GENL_ID_GENERATE
This constant was always defined to 0, and recently got removed in
upstream commit a07ea4d9941af5a0c6f0be2a71b51ac9c083c5e5 ("genetlink: no
longer support using static family IDs")

Fixes libnl-tiny builds with latest upstream kernels.

Fixes: d723f2573a ("libnl-tiny: remove include/linux overrides to fix various build issues")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-11-24 12:53:19 +01:00
Felix Fietkau
d723f2573a libnl-tiny: remove include/linux overrides to fix various build issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-17 13:36:09 +01:00
Jo-Philipp Wich
32f8b36d59 libnetfilter-conntrack: update to v1.0.6
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-11-14 13:03:53 +01:00
Nikos Mavrogiannopoulos
00e0a7d600 nettle: enable fat build
This allows to include optimizations such as ARM neon which
are detected on run-time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
[Jo-Philipp Wich: picked from openwrt#191 and rebased onto LEDE master]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-11-14 13:03:53 +01:00
Luiz Angelo Daros de Luca
e2fd98793e elfutils: bump to 0.167
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2016-11-03 11:08:02 +01:00
Felix Fietkau
70af3bfd57 libreadline: set ABI_VERSION to force rebuild of dependent packages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-10-19 20:26:54 +02:00
Alexandru Ardelean
fb789c4821 libs/gettext: drop Build/Prepare rule in favor of default one
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-10-15 11:36:52 +02:00
Alexandru Ardelean
832cd7ceb5 libs/libiconv: drop Build/Prepare rule in favor of default one
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-10-15 11:36:51 +02:00
Alexandru Ardelean
ab20b679f6 libs/libnl-tiny: drop Build/Prepare rule in favor of default one
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-10-15 11:36:51 +02:00
Daniel Engberg
195d2de867 package/libs/libreadline: Update to 7.0
Update libreadline to 7.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:51 +02:00
Daniel Engberg
9e87d6bdc8 package/libs/libconfig: Update to 1.5
Update libconfig to 1.5

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:51 +02:00
Daniel Engberg
6e5de6e07b package/libs/libnftnl: Update to 1.0.6
Update libnftnl to 1.0.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:51 +02:00
Daniel Engberg
1d7af1a296 package/libs/libtool: Switch to xz tarball
Switch to xz tarball, there's no point pulling two different tarballs of the same source code (tools/libtool uses xz).

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:51 +02:00
Daniel Engberg
f23a44173e package/libs/nettle: Update to 3.3
Update to 3.3

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:51 +02:00
Daniel Engberg
913609a9b1 package/libs/libnl: Update to 3.2.28
Update to 3.2.28
Remove patch as its in upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:50 +02:00
Daniel Engberg
d41e54fb02 package/libs/libmnl: Update to 1.0.4
* Update to 1.0.4
* Remove patch as it's upstreamed

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-15 11:36:50 +02:00
Kevin Darbyshire-Bryant
c5e48abcc6 mbedtls: enable NIST curves optimisation.
luci using ustream-mbedtls is extremely slow vs ustream-polarssl.
polarssl alias mbedtls v1 is configured to use NIST prime speed
optimisation, so no longer disable the default optimisation for
mbedtls v2.

Compile & run tested: Archer C7v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[Jo-Philipp Wich: refresh patch to use common format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-13 20:25:42 +02:00
Dirk Neukirchen
f14b3705de gettext-full: update to 0.19.8.1
- unify configs of host/target
- disable stuff to decrease build time
- disable interactive gettextize: see
http://lists.busybox.net/pipermail/buildroot/2014-April/093394.html

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-10-13 20:25:42 +02:00
Dirk Neukirchen
d42521fa07 gettext: fix whitespace
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-10-13 20:25:42 +02:00
Daniel Engberg
9edfe7dd13 source: Switch to xz for packages and tools where possible
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-10-06 12:16:56 +02:00
Florian Fainelli
493b0f3f57 toolchain: Force installation into /lib
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-28 08:39:00 +02:00
Magnus Kroken
b1f39d3d7e openssl: update to 1.0.2j
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-09-27 17:50:22 +02:00
Rosen Penev
c0b15b3072 openssl: Make DTLS configurable.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Rosen Penev
aaa067ab0b openssl: Remove J-PAKE. Nothing uses it.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Daniel Engberg
edbc8fec8a libjson-c: Update to 0.12.1
Updates libjson-c and removes backport patch.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:21 +02:00
diizzyy
509708889c libunwind: use url alias
Use alias instead of hardcoded URL

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:21 +02:00
Hauke Mehrtens
ea288126db openssl: backport build fix when hardware support is used
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 19:53:00 +02:00
Magnus Kroken
6926325829 openssl: update to 1.0.2i
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:28:59 +02:00
John Crispin
edf5b2955e cyassl: remove duplicate submenu level
Signed-off-by: John Crispin <john@phrozen.org>
2016-09-19 16:07:58 +02:00
Andreas Schultz
b9e3e38e79 cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-09-19 15:30:32 +02:00
Felix Fietkau
00a1056c3f openssl: re-enable ARM assembly
The original reason for disabling it seems to have been fixed
Related discussion: https://github.com/lede-project/source/pull/307

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-31 13:57:05 +02:00
Andreas Schultz
277f85c21a cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-08-22 17:30:35 +02:00
Hannu Nyman
a77ce8ba96 libs/gmp: update to 6.1.1
Update libgmp to 6.1.1

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-08-15 15:32:38 +02:00
Jo-Philipp Wich
d36c5152ef ncurses: change handling of PKG_CONFIG_LIBDIR
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.

Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch

Also refresh patches while we're at.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-15 13:34:17 +02:00
Felix Fietkau
7ee9222770 openssl: re-enable CMAC support
Needed by a few packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-09 07:18:03 +02:00
Jo-Philipp Wich
27dffa0b0c uclient: change SSL support error message
Change the error message about missing SSL support to be more explicit by
mentioning required package names.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-08 12:20:15 +02:00
Felix Fietkau
11d47e615b libubox: update to the latest version, adds a few utility functions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:08 +02:00
Hauke Mehrtens
bdf9243c1b cyassl: update to wolfssl version 3.9.6
Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

old size:
libcyassl_3.9.0-1_mips_34kc_dsp.ipk     147552

new size:
libcyassl_3.9.6-1_mips_34kc_dsp.ipk     150087

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-07-24 15:05:03 +02:00
Felix Fietkau
cd91f384ac openssl: re-enable NPN by default
Several packages rely on it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-24 14:43:44 +02:00
Felix Fietkau
cb8f322d93 openssl: add back the CAST cipher by default
At least netatalk and some ipsec packages use it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-24 14:42:18 +02:00
Felix Fietkau
600fd467d8 openssl: revert the no-ripemd change, openssh needs that cipher
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-23 19:03:47 +02:00
Dirk Feytons
3ad8bc4366 openssl: add option to disable SRP support
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 12:10:41 +02:00
Dirk Feytons
057b116e09 openssl: add --gc-sections
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 12:10:08 +02:00
Dirk Feytons
41da31ac2c openssl: remove some unneeded functionality and algorithms
The patch needed for this commit has been sent upstream:
https://github.com/openssl/openssl/pull/1155

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
2016-07-23 12:09:51 +02:00