staging/luka/package/libs, branch master

libubox: update to the latest version

2020-05-26T08:45:44Z

86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks Signed-off-by: Felix Fietkau

libubox: update to the latest master

2020-05-24T15:06:09Z

5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator Signed-off-by: Rafał Miłecki

wolfssl: update to 4.4.0-stable

2020-05-20T15:03:45Z

This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz

libjson-c: backport security fixes

2020-05-13T09:16:43Z

This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko Signed-off-by: Luka Perkov [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich

argp-standalone: fix segfault in canon_doc_option

2020-05-03T17:31:30Z

Backported from glibc. Signed-off-by: Stijn Tintel

elfutils: powerpc build fix

2020-04-28T05:45:00Z

Fixes following build error on mpc85xx/generic: ppc_initreg.c: In function 'ppc_set_initial_registers_tid': ppc_initreg.c:79:22: error: field 'r' has incomplete type struct pt_regs r; Ref: FS#2924 Fixes: d27623b54254 ("elfutils: update to 0.179") Signed-off-by: Luiz Angelo Daros de Luca [commit description facelift] Signed-off-by: Petr Štetiar

openssl: bump to 1.1.1g

2020-04-21T20:59:56Z

Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Signed-off-by: Petr Štetiar

mbedtls: update to 2.16.6

2020-04-17T21:43:01Z

Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken

elfutils: aarch64 fix build on musl

2020-04-17T11:43:34Z

aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid': aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int') dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF; ~~~~~~~~~~~~~~ ^ Signed-off-by: Lucian Cristian

elfutils: update to 0.179

2020-04-13T20:40:19Z

Removed sys/cdefs usage. The header is deprecated. Removed canonicalize_file_name define. It's already fixed upstream. Added --disable-debuginfod. Seems to be needed. Modified patch 005 to build more stuff. It was failing before. It still only builds libraries. Modified patch 100 to use strerror under non-glibc. It is used under glibc as strerror is not thread safe. It is under musl and uClibc-ng. strerror_l is not available under uClibc-ng. Signed-off-by: Rosen Penev