aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs
Commit message (Collapse)AuthorAgeFilesLines
* package/elfutils: add CFLAG -Wno-format-nonliteralAlexander Couzens2017-11-131-1/+1
| | | | | | | When a library is using fortify-packages GCC will complain about "error: format not a string literal, argument types not checked". Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* openssl: update to 1.0.2mPeter Wagner2017-11-122-5/+5
| | | | | | | | | | don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error: ../libssl.so: undefined reference to `SSLv3_client_method' Fixes CVE: CVE-2017-3735, CVE-2017-3736 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssl: fix cryptodev config dependencyRalph Sennhauser2017-11-061-0/+1
| | | | Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
* bubox: update to latest git HEADJohn Crispin2017-11-061-3/+3
| | | | | | 729f47f jshn: read and write 64-bit integers Signed-off-by: John Crispin <john@phrozen.org>
* libunwind: disable building with sspYousong Zhou2017-11-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | If we enable -fstack-protector while building libunwind, function __stack_chk_fail_local will be referred to for i386 and powerpc32 arches. This will cause link failure because the default gcc build specs says no link_ssp if -nostdlib is given. The error message: OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1 .libs/os-linux.o: In function `_Ux86_get_elf_image': os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local' x86/.libs/Lregs.o: In function `_ULx86_access_fpreg': Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local' x86/.libs/Lresume.o: In function `_ULx86_resume': Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local' collect2: error: ld returned 1 exit status Makefile:2249: recipe for target 'libunwind.la' failed The snippet from gcc -dumpspecs %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}} Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* uclient: update to the latest version, fixes fetch of multiple filesFelix Fietkau2017-11-021-3/+3
| | | | | | 4b87d83 uclient-fetch: fix overloading of output_file variable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* nghttp2: switch to release tarballHans Dedecker2017-11-011-7/+5
| | | | | | | Switch from git to xz release tarball as there's no good reason to keep using git when release tarballs are provided. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openssl: Enable assembler optimizations for aarch64Baptiste Jonglez2017-10-312-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL is built with the generic linux settings for most targets, including aarch64. These generic settings are designed for 32-bit CPU and provide no assembler optmization: this is widely suboptimal for aarch64. This patch simply switches to the aarch64 settings that are already available in OpenSSL. Here is the output of "openssl speed" before the optimization, with "(...)" representing build flags that didn't change: OpenSSL 1.0.2l 25 May 2017 options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) And after this patch, OpenSSL uses 64 bit mode and assembler optimizations: OpenSSL 1.0.2l 25 May 2017 options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3: before# openssl speed sha aes blowfish The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3918.89k 9982.43k 19148.03k 24933.03k 27325.78k sha256 4604.51k 10240.64k 17472.51k 21355.18k 22801.07k sha512 3662.19k 14539.41k 21443.16k 29544.11k 33177.60k blowfish cbc 16266.63k 16940.86k 17176.92k 17237.33k 17252.35k aes-128 cbc 19712.95k 21447.40k 22091.09k 22258.35k 22304.09k aes-192 cbc 17680.12k 19064.47k 19572.14k 19703.13k 19737.26k aes-256 cbc 15986.67k 17132.48k 17537.28k 17657.17k 17689.26k after# openssl speed sha aes blowfish type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 6770.87k 26172.80k 86878.38k 205649.58k 345978.20k sha256 20913.93k 74663.85k 184658.18k 290891.09k 351032.66k sha512 7633.10k 30110.14k 50083.24k 71883.43k 82485.25k blowfish cbc 16224.93k 16933.55k 17173.76k 17234.94k 17252.35k aes-128 cbc 19425.74k 21193.31k 22065.74k 22304.77k 22380.54k aes-192 cbc 17452.29k 18883.84k 19536.90k 19741.70k 19800.06k aes-256 cbc 15815.89k 17003.01k 17530.03k 17695.40k 17746.60k For some reason AES and blowfish do not benefit, but SHA performance improves between 1.7x and 15x. SHA256 clearly benefits the most from the optimization (4.5x on small blocks, 15x on large blocks!). When using EVP (with "openssl speed -evp <algo>"): # Before, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3824.46k 10049.66k 19170.56k 24947.03k 27325.78k sha256 3368.33k 8511.15k 16061.44k 20772.52k 22721.88k sha512 2845.23k 11381.57k 19467.69k 28512.26k 33008.30k bf-cbc 15146.74k 16623.83k 17092.01k 17211.39k 17249.62k aes-128-cbc 17873.03k 20870.61k 21933.65k 22216.36k 22301.35k aes-192-cbc 16184.18k 18607.15k 19447.13k 19670.02k 19737.26k aes-256-cbc 14774.06k 16757.25k 17457.58k 17639.42k 17686.53k # After, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 7056.97k 27142.10k 89515.86k 209155.41k 347419.99k sha256 7745.70k 29750.06k 95341.48k 211001.69k 332376.75k sha512 4550.47k 18086.06k 39997.10k 65880.75k 81431.21k bf-cbc 15129.20k 16619.03k 17090.56k 17212.76k 17246.89k aes-128-cbc 99619.74k 269032.34k 450214.23k 567353.00k 613933.06k aes-192-cbc 93180.74k 231017.79k 361766.66k 433671.51k 461731.16k aes-256-cbc 89343.23k 209858.58k 310160.04k 362234.88k 380878.85k Blowfish does not seem to have assembler optimization at all, and SHA still benefits (between 1.6x and 14.5x) but is generally slower than in non-EVP mode. However, AES performance is improved between 5.5x and 27.5x, which is really impressive! For aes-128-cbc on large blocks, a core i7-6600U @2.60GHz is only twice as fast... Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* nghttp2: bump to 1.27.0Hans Dedecker2017-10-291-3/+3
| | | | | | | | | | | | Changes in v1.27.0 : build: Fixed accidental compiler flags concatenation for MSVC (Patch from LazyHamster) (GH-1029) build: Reduce libxml2 version requirement to 2.6.26 (Patch from Mike Lothian) (GH-1020) asio: Support for Windows / MinGW (Patch from Daniel Evers) (GH-1027) h2load: Print out h2 header fields with --verbose option (GH-1015) nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only (GH-1016) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libs/lzo: Reenable unaligned access on ARM, PPC, ...Stefan Oberhumer2017-10-241-4/+0
| | | | | | | | | | | | Due a compiler bug on ARM targets ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 ) unaligned access was disabled on all targets other than i386 and x86_64 with commit 061319ec3dfe9b6d14af1286a1d9979db56048d7 . A fix has been added to lzo-2.09 so it is not necessary to disable unaligned access within the Makefile anymore. Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-155-115/+254
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libnetfilter_conntrack: switch to gitStijn Tintel2017-10-091-6/+6
| | | | | | | | | | | | | | In order to build conntrack-tools from git, a newer version of libnetfilter_conntrack is required. As 1.0.6 is currently the latest release, switch to git. b0a7cf7 include: expose a copy of nf_conntrack_common.h f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat() 79dac5a conntrack: revert getobjopt_is_nat() condition b266523 libnetfilter_conntrack: bump version to 1.0.7 e870432 labels: don't crash on NULL labelmap Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* libnetfilter_queue: bump to git HEADStijn Tintel2017-10-092-13/+11
| | | | | | | | | | | | | b39cac7 src: Correct typo in the location of internal.h in #include 58cb066 src: Declare the define visibility attribute together e84b559 Revert "src: Declare the define visibility attribute together" 003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute 63973da doc: extend the doxygen section about NFQA_CFG_F_GSO d7f74c7 build: bump version to 1.0.3 3f9eb57 build: bump library release version too 601abd1 doc: Add information about retrieving UID/GID/SECCTX fields Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: switch git.netfilter.org to HTTPSStijn Tintel2017-10-082-2/+2
| | | | | | | As git.netfilter.org seems to support HTTPS, use that instead of HTTP which is insecure, or GIT which is blocked on many corporate networks. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* nghttp2: add libnghttp2 packageHans Dedecker2017-10-071-0/+47
| | | | | | | | The nghttp2 library is an implementation of the Hypertext Transfer Protocol version 2 in C; it supports RFC7540 and RFC7541. The package enables only the reusable C library; binary size is 130K (X86) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libubox: bump to git HEAD versionHans Dedecker2017-10-041-3/+3
| | | | | | | 632688e utils: nuke bitfield functions and macros f714be1 uloop: make SIGCHLD signal handling optional Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libubox: fix uloop race conditionHans Dedecker2017-09-211-3/+3
| | | | | | 7a10576 uloop: Fix race condition in SIGCHLD handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* libs/wolfssl: bump to version 3.12.0 ; add myself as maintainerAlexandru Ardelean2017-09-171-3/+4
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: adjust symbol defaults against libwolfssl defaultsAlexandru Ardelean2017-09-171-7/+7
| | | | | | | | Some symbols have been renamed. Some are default enabled/disabled, so we need to adjust semantics against that. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: disable hardening check in `settings.h`Alexandru Ardelean2017-09-171-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This seems to cause a false-positive warning/error while building `libwebsockets-cyassl`. ``` make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' [ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43: /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp] #warning "For timing resistance / side-channel attack prevention consider using harden options" ``` Hardening is enabled by default in libwolfssl at build-time. However, the `settings.h` header is exported (along with other headers) for build (via Build/InstallDev). This looks like a small bug/issue with wolfssl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-174-39/+39
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)Alexandru Ardelean2017-09-171-0/+1
| | | | | | | | Until other packages from feeds decide to rename the dependency of `+libcyassl` to `+libwolfssl`, this allows for a bit of backwards compatibility with those packages. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-112-28/+28
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* uclient: update to 2017-09-06Matthias Schiffer2017-09-061-3/+3
| | | | | | | 24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses 83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: update to version 1.0.2lLucian Cristian2017-07-284-10/+10
| | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* zlib: use default Build/Configure ruleStijn Tintel2017-07-141-11/+9
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lzo: use default Build/Configure ruleStijn Tintel2017-07-141-6/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ncurses: add libnucrses-dev packageDaniel Golle2017-07-081-0/+20
| | | | | | It's needed to use the SDK and IB on an OpenWrt/LEDE host. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* libreadline: add host-buildDaniel Golle2017-06-242-0/+2
| | | | | | Also make sure that the PKG_NAME and folder name are equal. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libunwind: update to version 1.2.1Yousong Zhou2017-06-192-48/+2
| | | | | | | | | | Changes since 1.2 a77b0cd Bump version to v1.2.1 5f354cb mips/tilegx: Add missing unwind_i.h header file 620d1c3 Add aarch64 getcontext functionality. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libubox: update to the latest version, fixes a runqueue use-after-free bugFelix Fietkau2017-06-171-3/+3
| | | | | | | | | | | 7237302 md5: add "const" qualifier to the "file" argument fa9937c json_script: enable custom expr handler callback 368fd26 uloop: allow specifying a timeout for uloop_run() 6a7fb7d runqueue: fix use-after-free bug 4bc3dec uloop: fix a regression in timeout handling fd57eea uloop: allow passing 0 as timeout to uloop_run Signed-off-by: Felix Fietkau <nbd@nbd.name>
* elfutils: Pass -Wno-unused-result to silence warnings as errorsFlorian Fainelli2017-05-261-1/+1
| | | | | | | | | | | | | | | | | | | elfutils turns on -Werror by default, and patch 100-musl-compat.patch changes how strerror_r is used and we no longer use the function's return value. This causes the following build error/warning to occur with glibc-based toolchains: dwfl_error.c: In function 'dwfl_errmsg': dwfl_error.c:158:18: error: ignoring return value of 'strerror_r', declared with attribute warn_unused_result [-Werror=unused-result] strerror_r (error & 0xffff, s, sizeof(s)); ^ cc1: all warnings being treated as errors Fixing this would be tricky as there are two possible signatures for strerror_r (XSI and GNU), just turn off unused-result warnings instead. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* json-c: disable implicit fallthrough warning (gcc 7)Felix Fietkau2017-05-251-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libunwind: update to 1.2Yousong Zhou2017-05-223-19/+58
| | | | | | | | | | | Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new tarball is released yet Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* elfutils: bump to 0.169Luiz Angelo Daros de Luca2017-05-186-241/+271
| | | | | | | | Removed patches (now upstream): - 004-maybe-uninitialized.patch - 007-fix_TEMP_FAILURE_RETRY.patch Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* libs/libnftnl: Update to 1.0.7Daniel Engberg2017-05-161-3/+3
| | | | | | Update libnftnl to 1.0.7 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: Package libgompFlorian Fainelli2017-05-111-0/+35
| | | | | | | Some external toolchains may be configured to enable OpenMP. Provide a package for these libraries which can be used by other packages. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* libs/libpcap: Rework URLsDaniel Engberg2017-03-221-1/+2
| | | | | | | Add mirror and use main site as last resort. Source: http://www.tcpdump.org/mirrors.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libs/openssl: Refresh mirror listDaniel Engberg2017-03-221-5/+6
| | | | | | | Refresh mirror list, some doesn't offer OpenSSL and add main site as last resort. Source: https://www.openssl.org/source/mirror.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* lzo: Update to 2.10Daniel Engberg2017-03-201-2/+2
| | | | | | Update lzo to 2.10 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* libnl: Fix building with uClibcAlexey Brodkin2017-03-161-0/+105
| | | | | | | | | | | | | | | | | | | | uClibc doesn't implement strerror_l() and thus libnl starting from 3.2.29 couldn't be compiled with it any longer, see https://github.com/thom311/libnl/commit/6c2d111177e91184073c44f83d4a6182aaba06d7 To work-around that problem we'll just do a check on strerror_l() availability during configuration and if it's not there just fall back to locale-less strerror(). Patch for libnl is alreadfy merged upstream, see https://github.com/thom311/libnl/commit/e15966ac7f3b43df2acf869f98089762807d0568 and once the next libnl release happens this one must be removed from Lede/OpenWrt. Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com> Cc: Felix Fietkau <nbd@nbd.name> Cc: John Crispin <john@phrozen.org> Cc: Daniel Engberg <daniel.engberg.lists@pyret.net>
* toolchain: add musl libc.so to external toolchainHauke Mehrtens2017-03-151-1/+1
| | | | | | | | | musl provides a /lib/libc.so file which should be integrated into the libc package when the external toolchain with musl is used. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* mbedtls: update to version 2.4.2Hauke Mehrtens2017-03-132-4/+4
| | | | | | | | | This fixes the following security problems: * CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve * SLOTH vulnerability * Denial of Service through Certificate Revocation List Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: Allow external toolchains to specify libthread-dbFlorian Fainelli2017-03-041-0/+28
| | | | | | | | | | | | | | | | | We need to let external toolchains be able to specify the path and specification file to the libthread-db POSIX thread debugging shared libraries. This fixes GDB not being able to be installed because it is depending on libthread-db: Collected errors: * satisfy_dependencies_for: Cannot satisfy the following dependencies * for gdb: * libthread-db * * opkg_install_cmd: Cannot install package gdb. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* openssl: Use mkhash for STAMP_CONFIGUREDFlorian Fainelli2017-03-011-1/+1
| | | | | | | | | | | | | The current way of creating a STAMP_CONFIGURED filename for OpenSSL can lead to an extremely long filename that makes touch unable to create it, and fail the build. Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a shortert stamp file, Fixes #572 Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* libubox: Update to latest versionTed Hess2017-02-241-3/+3
| | | | | | 9d6305a utils: Change calloc_a() to return size_t aligned pointers Signed-off-by: Ted Hess <thess@kitschensync.net>
* libpcap: add optional netfilter supportMartin Schiller2017-02-222-2/+9
| | | | | | This is needed to use the nflog interface with tcpdump Signed-off-by: Martin Schiller <mschiller@tdt.de>
* mbedtls: add --function-sections and --data-sections to CFLAGSFelix Fietkau2017-02-211-0/+2
| | | | | | | This allows binaries that links these libraries statically to be reduced by using --gc-sections on link Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: fix host build on macOSFelix Fietkau2017-02-201-7/+0
| | | | | | Use the defaults instead of a custom non-portable Host/Install section Signed-off-by: Felix Fietkau <nbd@nbd.name>