| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The hardware support is required by some 3rd party engines (tpm)
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47817 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47726 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46517 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46285 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46005 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45950 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
CVE-2015-1792 CVE-2015-1791
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45947 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45946 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45343 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44900 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.
Based on a patch submitted by Daniel Drown:
https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html
Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44618 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44364 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44332 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43976 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43875 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43858 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43176 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
turns out that r43155 adds duplicate info.
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43167 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43155 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43151 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
| |
Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43123 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43045 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43002 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
This reverts commit r42988
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42997 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
Only support Linux at the moment.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42988 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42963 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
Also refresh patches and bump copyright year in Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42929 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42055 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
| |
today appeared another serious vulnerability in openssl. More info is
here http://ccsinjection.lepidum.co.jp. Users are advised to update to
openssl 1.0.1h.
Signed-off-by: Martin Strbacka <martin.strbacka@nic.cz>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41026 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
This fixes the Heartbleed bug (CVE-2014-0160).
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40421 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.
install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'
Set LIBDIR accordingly to fix this.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39885 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version includes this changes:
Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39853 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
(fixes #15067)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39852 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39851 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39607 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39048 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.
Size compared:
openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk
openssl with RIPEMD/160 support:
652K 8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk
So the file size just grows ~5kb, which shouldn't be a problem.
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38809 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37927 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
messing with cflags directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37771 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37523 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36602 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
| |
Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.
This depends on patch 1/5.
Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36201 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.
Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.
Update mirror URLs to reflect current reality.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35600 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
| |
addressing
CVE-2013-0169: 4th February 2013
Signed-off-by: Tim Yardley <yardley@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35524 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two new variables are introduces to many packages, namely PKG_LICENSE and
PKG_LICENSE_FILES - there may be more than one license applied to packages,
and these are listed in the PKG_LICENSE variable and separated by spaces.
All relevant license files are also added to the PKG_LICENSE_FILES variable,
also space separated.
The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33861 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33657 3c298f89-4303-0410-b956-a3cf2f4a3e73
|