aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/ustream-ssl
Commit message (Collapse)AuthorAgeFilesLines
* treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-051-1/+1
| | | | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458) (cherry picked from commit 562894b39da381264a34ce31e9334c8a036fa139)
* ustream-ssl: update to Git version 2022-01-16Hauke Mehrtens2022-02-121-4/+4
| | | | | | | 868fd88 ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e74529552cf8fa16bd40b3db9d5cc82a913a49b4)
* ustream-ssl: variants conflict with each otherKarel Kočí2022-01-161-1/+3
| | | | | | | | | This adds conflicts between variants of libustream pacakge. They provide the same file and thus it should not be possible to install them side by side. Signed-off-by: Karel Kočí <karel.koci@nic.cz> (cherry picked from commit 219e17a35088a90eea664fbb4c66549d701a3cb4)
* ustream-ssl: update to Git version 2020-12-10Petr Štetiar2020-12-141-4/+4
| | | | | | | | | | | | | | | | | 68d09243b6fd Add initial GitLab CI support 8280140db9d1 wolfssl: remove now deprecated compatibility code cee6791b362a ustream-mbedtls: fix certificate verification 55c3fd89d508 ustream-mbedtls: implement set_require_validation c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation 3bc05402bfab cmake: enable extra compiler checks cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs 5896991e46a3 ustream-openssl: fix BIO_method memory leak 2c342ae57c5b ustream-openssl: fix wolfSSL includes fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths 63656f81045f cmake: fix linking when wolfSSL not in default paths c26f71e844df cmake: fix building out of the tree Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ustream-ssl: bump to latest Git HEADJo-Philipp Wich2020-03-251-4/+4
| | | | | | | | | | 5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write f7f93ad add support for specifying usable ciphers Also bump the ABI version since the layout of `struct ustream_ssl_ops` changed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | | 30cebb4 ustream-ssl: mbedtls: fix ssl client verification 77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: update to latest Git HEADJo-Philipp Wich2019-11-051-3/+3
| | | | | | | c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect Fixes: CVE-2019-5101, CVE-2019-5102 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: Update to latest git HEADHauke Mehrtens2019-11-011-5/+5
| | | | | | | | | | 465f8dc wolfssl: adjust to new API in v4.2.0 3b06c65 Update example certificate & key, fix typo 1c38fd8 wolfssl: enable CN validation 33308ee ustream-io-cyassl.c: fix client-mode connections 79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: update to latest git HEADHauke Mehrtens2019-08-171-3/+3
| | | | | | | e8f9c22 Revise supported ciphersuites 7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-051-2/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* ustream-ssl: update to 2019-06-24Eneas U de Queiroz2019-06-241-3/+3
| | | | | | This adds chacha20-poly1305 support to the mbedtls variant. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* packages: set more explicit ABI_VERSION valuesJo-Philipp Wich2019-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | In the case of upstream libraries, set the ABI_VERSION variable to the soname value of the first version version after the last backwards incompatible change. For custom OpenWrt libraries, set the ABI_VERSION to the date of the last Git commit doing backwards incompatible changes to the source, such as changing function singatures or dropping exported symbols. The soname values have been determined by either checking https://abi-laboratory.pro/index.php?view=tracker or - in the case of OpenWrt libraries - by carefully reviewing the changes made to header files thorough the corresponding Git history. In the future, the ABI_VERSION values must be bumped whenever the library is updated to an incpompatible version but not with every package update, in order to reduce the dependency churn in the binary package repository. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: update to latest git HEADEneas U de Queiroz2018-08-071-4/+4
| | | | | | | | 23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list 450ada0 ustream-ssl: Revised security on mbedtls 34b0b80 ustream-ssl: add openssl-1.1.0 compatibility Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* treewide: Bump PKG_RELEASE due to mbedtls updateDaniel Engberg2018-07-301-1/+1
| | | | | | | Bump PKG_RELEASE on packages that depends on (lib)mbedtls to avoid library mismatch. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Update to 2.11.0Daniel Engberg2018-07-071-1/+1
| | | | | | | | | | | | | | | | Update mbed TLS to 2.11.0 Disable OFB block mode and XTS block cipher mode, added in 2.11.0. The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS This is to avoid having a mismatch between packages when upgrading. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.846 Bytes ipkg for mips_24kc after: 164.382 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* ustream-ssl: fix build against wolfSSLDaniel Golle2018-05-241-3/+3
| | | | | | | | | | | | commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke build against wolfSSL because wolfSSL doesn't (yet) support SSL_CTX_set_ecdh_auto() of the OpenSSL API. Fix this in ustream-ssl: 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ustream-ssl: update to latest git HEADJohn Crispin2018-05-221-4/+4
| | | | | | | 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: John Crispin <john@phrozen.org>
* mbedtls: update to version 2.9.0Hauke Mehrtens2018-05-221-1/+1
| | | | | | | | The soversion was changed in this version again and is now aligned with the 2.7.2 version. The size of the ipkg file stayed mostly the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: update to latest git HEADJohn Crispin2018-05-011-3/+3
| | | | | | | | 527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode. 39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL. 45ac930 remove polarssl support Signed-off-by: John Crispin <john@phrozen.org>
* ustream-ssl: px5g: Rebuild packageHauke Mehrtens2018-04-181-1/+1
| | | | | | | | | | | | mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so library, all applications using this shared library have to be recompiled to be able to load the new library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* treewide: replace LEDE_GIT with PROJECT_GITJo-Philipp Wich2018-01-101-1/+1
| | | | | | | Remove LEDE_GIT references in favor to the new name-agnostic PROJECT_GIT variable. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-171-7/+7
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* ustream-ssl: remove legacy polarssl supportFelix Fietkau2017-01-091-12/+0
| | | | | | | The old polarssl 1.3 branch is EOL since end of 2016, and the package for it will be removed soon. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarsslHannu Nyman2016-12-301-2/+1
| | | | | | | | | Currently both libustream-polarssl and libustream-mbedtls variants define themselves as the DEFAULT_VARIANT Remove extra DEFAULT_VARIANT from libustream-polarssl. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* treewide: clean up and unify PKG_VERSION for git based downloadsFelix Fietkau2016-12-221-6/+4
| | | | | | Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-061-1/+2
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* Revert "ustream-ssl: Fix recursive dependency"Felix Fietkau2016-07-041-2/+2
| | | | | | | | This reverts commit abf0768131db659c6819de9e7149624dd044c345. The description is wrong, there is no recursive dependency here. The conditions were added intentionally to avoid bogus build dependencies. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ustream-ssl: Fix recursive dependencyDaniel Dickinson2016-07-041-2/+2
| | | | | | | | Two variants incorrectly include themselves in conditional depends on ssl libraries, which results in a recursive dependency. Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* ustream-ssl: update to latest git HEADJohn Crispin2016-07-021-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* package/*: update git urls for project reposJohn Crispin2016-06-131-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* ustream-ssl: update to the latest version, adds cyassl/wolfssl fixesFelix Fietkau2016-06-071-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-071-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ustream-ssl: update to the latest version, fixes openssl TLS version selectionFelix Fietkau2016-02-221-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48752
* ustream-ssl: update to the latest version, fixes hostname validation with ↵Felix Fietkau2016-01-261-2/+2
| | | | | | | | openssl Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48503
* ustream-ssl: update to the latest version, fixes handling SSL connection ↵Felix Fietkau2016-01-231-2/+2
| | | | | | | | close notification Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48462
* ustream-ssl: update to the latest version, fixes connection with servers ↵Felix Fietkau2016-01-191-2/+2
| | | | | | | | requiring DHE Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48380
* ustream-ssl: fix copy&paste mistake in mbedtls variant titleFelix Fietkau2016-01-161-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48258
* ustream-ssl: update to the latest version, adds mbedtls variantFelix Fietkau2016-01-161-2/+15
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48256
* ustream-ssl: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48126
* ustream-ssl: fix compilation against current PolarSSL/mbedTLS versionJo-Philipp Wich2015-06-091-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45934
* ustream-ssl: correct year in PKG_VERSION stringFelix Fietkau2015-05-081-1/+1
| | | | | | | | | | | | | | | ustream-ssl: correct the year in the PKG_VERSION string, as both r45157 and r45441 left the old year 2014 there. For a casual user it may seem that the current code is from April 2014, although a4ca61527236e89eb9efb782fd9bfd04796144e3 is from April 2015. http://nbd.name/gitweb.cgi?p=ustream-ssl.git;a=commit;h=a4ca61527236e89eb9efb782fd9bfd04796144e3 https://dev.openwrt.org/changeset/45441/ https://dev.openwrt.org/changeset/45157/ signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 45623
* ustream-ssl: update to latest git HEADJohn Crispin2015-04-141-2/+2
| | | | | | | | fixes long writes when using polarssl Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45441
* ustream-ssl: fix SNI when building against cyasslNicolas Thill2015-04-011-2/+2
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45224
* ustream-ssl: enable SNI when building for cyasslJohn Crispin2015-04-011-1/+1
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45216
* ustream-ssl: properly handle return codesJohn Crispin2015-03-301-2/+2
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45157
* ustream-ssl: select polarssl as default variant, skip openssl/cyassl ↵Felix Fietkau2014-09-231-2/+3
| | | | | | | | dependencies if unused Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 42655
* ustream-ssl: update to latest version, adds certificate validation supportFelix Fietkau2014-03-251-2/+3
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 40017
* ustream-ssl: update to the latest version, fixes cyassl buildFelix Fietkau2014-03-211-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 40004
* ustream-ssl: update to latest version, fixes writes before ssl handshake ↵Felix Fietkau2014-03-211-2/+2
| | | | | | | | completion Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39985