Commit Graph

342 Commits (f5ff68414711b3d1e8d0989f3aa90942e4da4710)

Author SHA1 Message Date
Hauke Mehrtens f1d3b08fc0 openssl: add config option for no_hw support
The hardware support is required by some 3rd party engines (tpm)

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>

SVN-Revision: 47817
2015-12-09 22:26:40 +00:00
Hauke Mehrtens 52df3181c1 cyassl: update to wolfSSL version 3.7.0
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925

The activation of SSLv3 support is needed for curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47791
2015-12-05 15:45:31 +00:00
Hauke Mehrtens 82c491708b openssl: update to version 1.0.2e
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47726
2015-12-03 21:01:57 +00:00
Hauke Mehrtens 9453b61c94 mbedtls: update to version 2.1.3
This fixes some non critical bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47725
2015-12-03 21:01:18 +00:00
Hauke Mehrtens 8c058ae0bd polarssl: update to version 1.3.15
This is a minor version update which fixes some small bugs. None of
these bugs were exploitable according to the release notes.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 47724
2015-12-03 21:00:45 +00:00
Hauke Mehrtens bd527a8d18 gettext-full: activate format-security checks
This patch was taken from upstream libcroco

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47585
2015-11-22 14:18:04 +00:00
Hauke Mehrtens 146dab8841 gettext-full: update to version 0.19.6
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47584
2015-11-22 14:17:11 +00:00
Felix Fietkau 1e06647d37 libnl-tiny: include <sys/socket.h>
Currently some libnl headers require application code to include
dependencies on its own. E.g. a simple include of <linux/netlink.h>
will trigger an error:
/usr/include/libnl-tiny/linux/netlink.h:32:2: error: unknown type name 'sa_family_t'

Similarly including <netlink/handlers.h> causes:
/usr/include/libnl-tiny/netlink/handlers.h:133:19: warning: 'struct ucred' declared inside parameter list [enabled by default]

Fix it by including <sys/socket.h> where needed in libnl headers.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47456
2015-11-11 11:39:21 +00:00
Felix Fietkau 77c25c2dd1 elfutils: bump to 0.164
Patches are refreshed except for elfutils-portability, which is gone:
https://lists.fedorahosted.org/pipermail/elfutils-devel/2015-October/005290.html

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 47453
2015-11-11 08:32:28 +00:00
Felix Fietkau 79e14650e0 toolchain: remove obsolete relinking code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47445
2015-11-10 21:11:03 +00:00
Felix Fietkau f7939f5e74 gcc: remove version 4.6, it is no longer needed
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47443
2015-11-10 21:10:53 +00:00
Felix Fietkau d965d94b22 libubox: update to the latest version, adds a small json_script feature
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47418
2015-11-08 20:39:01 +00:00
Felix Fietkau 1242463489 librpc: update to the latest version, fixes build with uclibc-ng (#20856)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47382
2015-11-04 18:33:12 +00:00
John Crispin 4ce2b7cda5 libpcap: USB support by default if usbmon is enabled
If building usbmon support then you'll likely want to have
USB support in libpcap as well.

Signed-off-by: Bjørn Mork <bjorn@mork.no>

SVN-Revision: 47265
2015-10-26 09:02:03 +00:00
Hauke Mehrtens b792ea7ac0 polarssl: update to version 1.3.14
This fixes CVE-2015-5291 and some other smaller security issues.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47201
2015-10-18 21:48:32 +00:00
Hauke Mehrtens 43d397d7d6 mbedtls: update to version 2.1.2
This fixes CVE-2015-5291 and some other smaller security issues.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47200
2015-10-18 21:48:04 +00:00
Luka Perkov 75078acd93 cosmetic: remove trailing whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 47197
2015-10-15 22:12:13 +00:00
Luka Perkov c420373557 libnl: fix URL
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>

SVN-Revision: 47183
2015-10-11 22:19:25 +00:00
Felix Fietkau f0ce8d24e6 libnl: Install include files into libnl3
Install header files into same location as pkgconfig/libnl-3.0.pc says:
  Cflags: -I${includedir}/libnl3

Signed-off-by: Bruno Randolf <br1@einfach.org>

SVN-Revision: 47102
2015-10-02 16:24:15 +00:00
Felix Fietkau b976097bc6 libnl: split libnl into smaller libraries
Some modules may require only libnl-genl, some
libnl-route and fewer would require libnl-nf.

This patch splits the entire libnl package into smaller
more granular libs that can be installed individually as required.

Also added libnl*.so symlinks for convenience.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 47037
2015-09-24 09:08:52 +00:00
John Crispin c35420c6a5 libubox: update to latest git revision
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46937
2015-09-15 06:12:42 +00:00
Felix Fietkau b13d8e55a7 argp-standalone: fix build error with gcc 5.2 (#20460)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46813
2015-09-08 07:10:07 +00:00
Felix Fietkau 3ae9c4fcad uclibc++: fix build with gcc 5.2
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46777
2015-09-03 13:15:05 +00:00
Felix Fietkau 41a9f280c4 libpcap: update to version 1.7.4
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46776
2015-09-03 13:14:56 +00:00
Steven Barth 37160e21bb polarssl: bump to 1.3.12
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46762
2015-09-01 18:48:15 +00:00
Steven Barth bef52af66f polarssl: Fix build failures due to PKG_NAME != dir name
Packages that depend on PolarSSL fail to build because polarssl's InstallDev
section never actually gets executed because (prior to this patch) the package
name does not match the subdir the package is in (presumably due to upstream
name change).  As a workaround I have changed the package name back to
polarssl and used a new variable SRC_PKG_NAME for the purposes of downloading
the upstream tarball and creating PKG_BUILD_DIR.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>

SVN-Revision: 46683
2015-08-18 08:37:38 +00:00
Hauke Mehrtens 252bcd379a cyassl: the upstream package in version 4.6.0 changed
Update the md5sum to the new version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46551
2015-08-03 20:34:28 +00:00
Luka Perkov 18721fa120 openssl: add one more mirror
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 46517
2015-07-28 21:54:44 +00:00
Steven Barth da337e211e mbedtls: package version 2.0, make polarssl compatible
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46484
2015-07-24 22:26:44 +00:00
Jo-Philipp Wich 48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth f3cacb9e84 uclibc++: link libssp_nonshared only for musl
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46192
2015-07-06 08:55:28 +00:00
Hauke Mehrtens 69a2459c66 cyassl: update to wolfssl 3.6.0
Upstream wolfssl already has better checks to detect broken ssl v2
ClientHellos, we can remove our hack.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46168
2015-07-03 23:20:36 +00:00
Hauke Mehrtens 9177e16098 cyassl: version bump to 3.4.6
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46167
2015-07-03 23:20:01 +00:00
Jo-Philipp Wich 27b9bf4493 uclibc++: make g++-uc* wrappers relocatable
The g++-uc wrapper hardcodes $(STAGING_DIR) and $(TOOLCHAIN_DIR) paths which
will not work outside of the original build environment.

Replace the hardcoded staging_dir occurences with paths relative to the
$STAGING_DIR environment variable to make the g++-uc* wrappers usable in an
SDK environment.

Fixes the libdb47 build failure reported at
  https://lists.openwrt.org/pipermail/openwrt-devel/2015-April/032455.html

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46162
2015-07-03 13:33:05 +00:00
Steven Barth 6d48dcb8d5 libubox: fix MD5 for musl on big-endian platforms
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46145
2015-06-29 14:12:38 +00:00
Steven Barth a47a5dd28d elfutils: bump to 0.163
Bugfix only release.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 46136
2015-06-29 06:47:31 +00:00
Jo-Philipp Wich a98549b8ec libiconv-full: fix build with fortify source
Avoid redefining `realpath` to fix the following error:

    .../include/fortify/stdlib.h:36:13: error: 'realpath' undeclared here (not in a function)

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46127
2015-06-25 12:13:57 +00:00
Steven Barth 933b588e25 uclibc++: link against libssp_nonshared instead of libssp
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46076
2015-06-20 18:36:52 +00:00
Steven Barth 34aeffef08 libpcap: fixup libtool
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46074
2015-06-20 17:37:28 +00:00
Steven Barth 8a9fd81e55 uclibc++: only disable SSP for ppc
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46067
2015-06-19 14:36:37 +00:00
Steven Barth 38da12f7e4 uclibc++: honor ldflags, disable SSP
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46066
2015-06-19 14:09:02 +00:00
Steven Barth 4d548dce67 libtool: enable passthrough for SSP options
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46065
2015-06-19 13:45:48 +00:00
Steven Barth 6e3b087de8 libnl-tiny: honor CFLAGS when linking
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46029
2015-06-18 08:13:04 +00:00
Felix Fietkau 535f58c362 libusb-compat: fix musl compatibility issues
Use stdint types instead of non-standard ones

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

SVN-Revision: 46025
2015-06-18 06:39:09 +00:00
Steven Barth 6ac38545c9 openssl: disable parallel builds (spurious linking break)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46005
2015-06-16 17:28:11 +00:00
Felix Fietkau 7ba6500d2c elfutils: bump to 0.162
Besides source.tgz, 001-elfutils-portability.patch (provided by upstream
project) where updated.

Other patches where updated to fix hulk warnings and minor conflicts.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

SVN-Revision: 45984
2015-06-15 07:46:21 +00:00
Felix Fietkau b98fb76646 elfutils: import package from packages.git
elfutils is required by perf. So we'll move this package from
packages.git and make it part of the core distribution.

Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45969
2015-06-14 17:43:40 +00:00
Felix Fietkau 389144d701 argp-standalone: import package from packages.git
argp-standalone is required by elfutils, itself required by perf. So
we'll move this package from packages.git and make it part of the core
distribution.

Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>

SVN-Revision: 45967
2015-06-14 17:43:28 +00:00
Felix Fietkau 0c66367e3f libubox: update to the latest version, adds a few fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45959
2015-06-14 17:41:33 +00:00
Steven Barth 38e0845bd7 openssl: 1.0.2c (srsly, you guys, srsly)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45950
2015-06-12 20:49:20 +00:00