4ea9a2db164c Update upload-release.sh script and po files.
a01938d584b9 libelf: Mark both fsize and msize with const attribute.
c338a0541663 libebl: Don't update w, t and len unnecessarily in ebl_object_note_type_name.
422b549007f6 Prepare for 0.175
22ec8efc1dd8 elflint: Allow PT_GNU_EH_FRAME segment to match SHT_X86_64_UNWIND section.
cf10453f8252 libelf: Correctly setup alignment of SHF_COMPRESSED section data.
d3e6266754b9 strip: Also handle gnu compressed debug sections with --reloc-debug-sections
72e30c2e0cb4 Handle GNU Build Attribute ELF Notes.
7a3f6fe60b85 Recognize NT_VERSION notes.
cff53f1784c9 libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE
ecbe3120cddb libdwelf: New function dwelf_elf_begin.
4b0342b85b5b backends: Add x86_64 section_type_name for SHT_X86_64_UNWIND.
825e48c4e942 Also find CFI in sections of type SHT_X86_64_UNWIND
4789e0fb92b0 libelf: Explicitly update section data after (de)compression.
1628254ba215 strip: Add --reloc-debug-sections-only option.
f2d59180b90b strip: Extract code to update shdrstrndx into new common function.
f6ae0ab9350e strip: Split out debug section relocation into separate helper functions.
b15ee95bcee4 strip: Always copy over any phdrs if there are any.
e574889d92b1 unstrip: Add ELF_CHECK to make sure gelf_getehdr () doesn't return NULL.
5199e15870e0 Recognize and parse GNU Property notes.
b75ff1bbd060 addr2line: Use elf_getshdrstrndx not Ehdr field to print section name.
35197ea4c43e readelf: Use shstrndx to lookup section names.
9a74c190a2b3 backends: ppc use define instead of const for size of dwarf_regs array.
72d023b35f36 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
dce0b3b63ba0 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
1e7c230b277b Check sh_entsize is not zero.
22d2d082d57a size: Handle recursive ELF ar files.
2b16a9be6993 arlib: Check that sh_entsize isn't zero.
4cdb0fd0d3b4 ar: Assume epoch if ar_date is bogus.
577511f66842 findtextrel: Check that sh_entsize isn't zero.
20f9de9b5f70 libdwfl: Sanity check partial core file data reads.
2f4a040fab52 readelf: Handle multiple .debug_macro sections and decode header flag.
eee4269e5315 unstrip: Renumber the group section indexes.
c06ab0bbb476 strip, unstrip: Handle SHT_GROUP correctly.
2876b3b648f6 Handle ADD/SUB relocations
69d6e67eee30 tests: backtrace-dwarf.c improve error handling in test framework.
Originally-produced--by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Don't symlink uclient-fetch anymore to /bin/wget but rather use
the ALTERNATIVES support for wget to install it as /usr/bin/wget.
Let uclient-fetch provide wget
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
GCC 8.0+ <https://gcc.gnu.org/gcc-8/changes.html> introduces a new
warning about unsafe macros expanding to multiple statements used
as a body of a statement such as if, else, while, switch, or for.
In combination with -Werror this can cause the compilation to fail:
|In file included from xmalloc.c:37:
|xmalloc.c: In function 'xmalloc':
|system.h:39:2: error: macro expands to multiple statements [-Werror=multistatement-macros]
| fflush(stdout); \
| ^~~~~~
|xmalloc.c:52:5: note: in expansion of macro 'error'
| error (EXIT_FAILURE, 0, _("memory exhausted"));
| ^~~~~
|xmalloc.c:51:3: note: some parts of macro expansion are not guarded by this 'if' clause
| if (p == NULL)
| ^~
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
When building with full lagnuage support, libelf.so will depend on and
link with libintl.so so we need to change the pkg-config template to
reflect this library dependency.
Also change the Makefile to only pass --disable-nls to configure when
the full nls support is actually disabled in the buildroot config.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This reverts commit 216397b812.
Due to:
Package ip-tiny is missing dependencies for the following libraries:
libelf.so.1
Makefile:187: recipe for target '/var/lib/buildbot/slaves/slave-lede-builds4/mips_24kc/build/sdk/bin/packages/mips_24kc/base/ip-tiny_4.19.0-6_mips_24kc.ipk' failed
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
mbedtls uses some instructions introduced in ARMv6 which are not
available in older architectures.
Fixes: 3f7dd06fd8 ("mbedtls: Update to 2.14.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update mbedtls to 2.14.1
This fixes:
* CVE-2018-19608: Local timing attack on RSA decryption
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
63843750 Update manual pages
27801e98 Bump up version number to 1.35.1
60e020a8 nghttpx: Fix broken trailing slash handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
e520469b Update manual pages
54067256 Bump up version number to 1.35.0
c4d2eeee Update AUTHORS
f51e696e asio: Add stop() to listen_and_serve doc
a433b132 Merge pull request #1260 from nghttp2/h2load-non-final-response
cf48a56d Merge pull request #1238 from jktjkt/cmake-fix-libevent-detection
6cad1b24 nghttpx: Write mruby send_info early
3c393dca nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
17292445 h2load: Handle HTTP/1 non-final response
f6644a92 make clang-format
48998f72 Merge pull request #1222 from donny-dont/fix/declspec
15ff52f9 Update README
6c03bb14 Upgrade travis toolchain
524b4392 Fix travis build failure
859bf2bc Update manual pages
b5619fb1 h2load: Clarify that time for connect includes TLS handshake
dcbe0c69 nghttpx: Simplify move ctor and operator
2996c284 nghttpx: Cleanup
42e8ceb6 nghttpx: Convert API status code to enum class
1daf9ce8 nghttpx: Convert WorkerEventType to enum class
d68edf56 nghttpx: Convert MemcachedStatusCode to enum class
0c4e9fef nghttpx: Convert memcached op to enum class
571404c6 nghttpx: Convert MemcachedParseState to enum class
4d562b77 nghttpx: Convert LogFragmentType to enum class
e6225871 nghttpx: Convert connection check status to enum class
4bd075de nghttpx: Convert Http2Session state to enum class
b46a3249 nghttpx: Convert FreelistZone to enum class
4bd44b9c nghttpx: Convert dispatch state to enum class
1b42110d nghttpx: Make Downstream state enum class
0735ec55 nghttpx: Convert shrpx_connect_proto to enum class
00554779 nghttpx: Convert DNSResolverStatus to enum class
0963f389 nghttpx: Convert SerialEventType to enum class
1abfa3ca nghttpx: Make TLS handshake state enum class
f2159bc2 nghttpx: Convert UpstreamAltMode to enum class
b0eb68ee nghttpx: Convert shrpx_forwarded_node_type to enum class
e7b7b037 nghttpx: Convert shrpx_cookie_secure to enum class
5e4f434f nghttpx: Convert shrpx_session_affinity to enum class
20ea964f nghttpx: Convert shrpx_proto to enum class
d105619b src: Remove extra braces if possible
ec5729b1 Use std::make_unique
6c919695 Use C++14
46576178 Don't send Transfer-Encoding to pre-HTTP/1.1 clients
5e925f87 Update doc
153531d4 nghttpx: Use the same type as standard stream operator<<
f7287df0 Bump up version number to 1.35.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Some package (e.g. libunbound) depend on OPENSSL_WITH_DEPRECATED. In some
situations it may happen that libunbound and openssl are only pulled in as
build dependencies, but are not enabled in .config.
In such cases, the defaults of symbols like OPENSSL_WITH_DEPRECATED are
ignored (as the whole symbol depends on PACKAGE_libopenssl), and config
symbol dependencies of libunbound aren't effective either (as libunbound
is not actually enabled).
This commit works around the issue by introducing a hidden negated symbol
OPENSSL_NO_DEPRECATED, which is always disabled when PACKAGE_libopenssl is
disabled, and ensures that OpenSSL is built with deprecated APIs in this
case. A user can still manage to break the build by explicitly enabling
libopenssl and disabling OPENSSL_WITH_DEPRECATED; the interaction between
build dependencies and config symbols will require further discussion.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2b085815 (tag: v1.34.0) Update manual pages
986fa302 Bump up version number to 1.34.0, LT revision to 31:1:17
7c8cb3a0 nghttpx: Improve CONNECT response status handling
334c439c Fix bug that regular CONNECT does not work
6700626c Rule out content-length in the successful response to CONNECT
15162add Update manual pages
93270777 Merge pull request #1235 from nghttp2/backend-conn-timeout
aeb92bbb nghttpx: Add read/write-timeout parameters to backend option
fc7489e0 nghttpx: Fix mruby parameter validation
87ac872f nghttpx: Update doc
c278adde nghttpx: Log error when mruby file cannot be opened
f94d7209 Merge pull request #1234 from nghttp2/nghttpx-rfc8441
9b9baa6b Update doc
02566ee3 nghttpx: Update doc
3002f31b src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL
d2a594a7 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
651e1477 Allow client sending :protocol optimistically
a42faf1c nghttpx: Write TLS alert during handshake
4aac05e1 Merge pull request #1231 from nghttp2/ws-lib-only
b80dfaa8 Adjustment for RFC 8441
a19d8f5d Deal with :protocol pseudo header
33f6e90a Add NGHTTP2_TOKEN__PROTOCOL
ed7fabcb Add SETTINGS_ENABLE_CONNECT_PROTOCOL
8753b6da Update doc
f2de733b Update neverbleed to fix OpenSSL 1.1.1 issues
88ff8c69 Update mruby 1.4.1
a63558a1 nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful
3575a132 nghttpx: Fix crash with plain text HTTP
e2de2fee Update bash_completion
9f415979 Update manual pages
4bfc0cd1 Merge pull request #1230 from nghttp2/nghttpx-faster-logging
9c824b87 nghttpx: Get rid of std::stringstream from Log
a1ea1696 Make VALID_HD_NAME_CHARS and VALID_HD_VALUE_CHARS const qualified
dfc0f248 Make static_table const qualified
ed7c9db2 nghttpx: Add mruby env.tls_handshake_finished
5b42815a nghttpx: Strip incoming Early-Data header field by default
cfe7fa9a nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
cb8a9d58 src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST
023b9448 Merge branch 'tls13-early-data'
9b03c64f nghttpx: Should postpone early data by default
b8eccec6 nghttpx: Disable OpenSSL anti-replay
9f212587 Specify SSL_CTX_set_max_early_data and add an option to change max value
47f60124 nghttpx: Add an option to postpone early data processing
770e44de Implement draft-ietf-httpbis-replay-02
2ab319c1 Don't hide error code from openssl
39923024 Remove SSL_ERROR_WANT_WRITE handling
b30f312a Honor SSL_read semantics
c5cdb78a nghttpx: Add TLSv1.3 0-RTT early data support
f79a5812 Bump up version number to 1.34.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This is an upstream-applied patch that fixes 'PATH_MAX' and 'NAME_MAX'
undeclared when compiling on musl with CONFIG_PCAP_HAS_USB.
[aafa351] pcap-usb-linux.c: add missing limits.h for musl systems.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
9d843334 Update bash_completion
23cb3f38 Update manual pages
1d682dcd Bump up version number to 1.33.0, LT revision to 31:0:17
601fbbb4 Update doc
f44aa246 Update AUTHORS
dd74a6dd Update manual pages
e959e733 src: Refactor utos
fb9a204d nghttpx: Fix compile error without mruby
cd096802 Update doc
7417fd71 nghttpx: Per-pattern not per-backend
2d1a981c Merge branch 'akonskarm-master'
45acc922 clang-format
214d0899 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
31fd707d nghttpx: Fix broken healthmon frontend
9a2e38e0 fix code for reuse addr on asio client
d24527e7 Bump up LT revision due to v1.32.1 release
6195d747 nghttpx: Share mruby context if it is compiled from same file
fb97f596 nghttpx: Allocate mruby file because fopen requires NULL terminated string
0ccc7a77 nghttpx: Move blocked request data to request buffer for API request
32826466 nghttpx: Fix crash with API request
0422f8a8 nghttpx: Fix worker process crash with neverbleed write error
e329479a Merge pull request #1215 from nghttp2/mruby-per-backend
f80a7873 Merge branch 'akonskarm-reuse_addr'
866ac6ab add option reuse addr in local endpoint configuration of asio client
b574ae6a nghttpx: Support per-backend mruby script
de4fd7cd doc: Update doc
32d7883c nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
9b24e197 nghttpx: Choose h1 protocol if headers have been sent to backend on retry
13ffece1 Merge pull request #1214 from nghttp2/fix-rst-without-dconn
9d5b781d Fix stream reset if data from client is arrived before dconn is attached
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
4c76aaee Update manual pages
2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16
708379dc Tweak nghttp2_session_set_stream_user_data
73106b0d Compile with clang-6.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Starting with version 2.1.8, a release tarball is available.
Simplifies the Makefile slightly.
Updated the project URL. HTTPS is broken. Issue has been reported upstream
Adjusted patches. CMake support is not present in the tarball. It's made
for Windows anyway.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.
Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.
Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This fixes the following security problems:
* CVE-2018-0732: Client DoS due to large DH parameter
* CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The referenced Git commit was made on the 25th of July, not June.
Fixes 432eaa940f ("libubox: fix mirror hash")
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Correct the mirror hash to reflect whats on the download server.
A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.
Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Update mbedtls to 2.12.0
Multiple security fixes
Add support for Chacha20 and Poly1305 cryptographic primitives and their
associated ciphersuites
Difference in size on mips_24kc (ipk):
164kbytes (167882 bytes)
170kbytes (173563 bytes)
https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream
202-protocol_api.patch dropped due to implemented upstream by another way
upstream commit: 55c690f6f8
and renamed via: 697b1f7e9b
ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
We can safely assume by now that rpm5.org is dead and isn't coming back
so just add another mirror instead.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.
The resulting signature is still compatible to signatures generated not
deterministic.
This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk
This does not change the ECDSA performance in a measurable way.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>