| Age | Commit message (Collapse) | Author |
|---|
|
This fixes the Heartbleed bug (CVE-2014-0160).
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40421 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.
install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'
Set LIBDIR accordingly to fix this.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39885 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
This version includes this changes:
Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39853 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
(fixes #15067)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39852 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39851 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39607 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39048 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.
Size compared:
openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk
openssl with RIPEMD/160 support:
652K 8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk
So the file size just grows ~5kb, which shouldn't be a problem.
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38809 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37927 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
messing with cflags directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37771 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37523 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36602 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.
This depends on patch 1/5.
Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36201 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.
Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.
Update mirror URLs to reflect current reality.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35600 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
addressing
CVE-2013-0169: 4th February 2013
Signed-off-by: Tim Yardley <yardley@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35524 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Two new variables are introduces to many packages, namely PKG_LICENSE and
PKG_LICENSE_FILES - there may be more than one license applied to packages,
and these are listed in the PKG_LICENSE variable and separated by spaces.
All relevant license files are also added to the PKG_LICENSE_FILES variable,
also space separated.
The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33861 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33657 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
