| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47726
|
|
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 46517
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 46285
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46005
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 45950
|
|
|
|
|
|
|
|
| |
CVE-2015-1792 CVE-2015-1791
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 45947
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 45946
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45343
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 44900
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.
Based on a patch submitted by Daniel Drown:
https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html
Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>
SVN-Revision: 44618
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 44364
|
|
|
|
|
|
|
|
| |
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 44332
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43976
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43875
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43858
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43176
|
|
|
|
|
|
|
|
| |
turns out that r43155 adds duplicate info.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43167
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43151
|
|
|
|
|
|
|
| |
Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43123
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43045
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43002
|
|
|
|
|
|
| |
This reverts commit r42988
SVN-Revision: 42997
|
|
|
|
|
|
|
|
| |
Only support Linux at the moment.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42988
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 42963
|
|
|
|
|
|
|
|
| |
Also refresh patches and bump copyright year in Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42929
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42055
|
|
|
|
|
|
|
|
|
|
|
| |
today appeared another serious vulnerability in openssl. More info is
here http://ccsinjection.lepidum.co.jp. Users are advised to update to
openssl 1.0.1h.
Signed-off-by: Martin Strbacka <martin.strbacka@nic.cz>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 41026
|
|
|
|
|
|
|
|
| |
This fixes the Heartbleed bug (CVE-2014-0160).
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 40421
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.
install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'
Set LIBDIR accordingly to fix this.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 39885
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version includes this changes:
Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 39853
|
|
|
|
|
|
|
|
| |
(fixes #15067)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39852
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39851
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39748
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 39607
|
|
|
|
|
|
|
|
|
| |
Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
SVN-Revision: 39048
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.
Size compared:
openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk
openssl with RIPEMD/160 support:
652K 8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk
So the file size just grows ~5kb, which shouldn't be a problem.
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 38809
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37927
|
|
|
|
|
|
|
|
| |
messing with cflags directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37771
|
|
|
|
|
|
|
|
| |
things like ipsec as well)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37524
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
SVN-Revision: 37523
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36602
|
|
|
|
|
|
|
|
| |
make the syntax more compatible with kernel menuconfig
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36351
|
|
|
|
|
|
|
|
|
|
|
|
| |
Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.
This depends on patch 1/5.
Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 36201
|
|
|
|
|
|
|
|
| |
The etrax target has been removed in r34768.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 35684
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.
Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.
Update mirror URLs to reflect current reality.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 35600
|
|
|
|
|
|
|
|
|
| |
addressing
CVE-2013-0169: 4th February 2013
Signed-off-by: Tim Yardley <yardley@gmail.com>
SVN-Revision: 35524
|
|
|
|
|
|
|
|
|
| |
introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated.
The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!
SVN-Revision: 33861
|
|
SVN-Revision: 33657
|