o packages needing changes before we can merge
https://github.com/openwrt/openwrt/pull/965 (openssl: Upgrade to 1.1.0h)
ustream-ssl here, and openssh in the packages feed.
Eneas U de Queiroz (1):
ustream-ssl: update to latest git HEAD
package/libs/ustream-ssl/Makefile | 8
1 file changed, 4
ssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/ustream-ssl/Makefile
b/package/libs/ustream-ssl/Makefile
index 9bb093d734..2ea5bf0bd5 100644
---
dded
chips).
Signed-off-by: Eneas U de Queiroz
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
static const int default_ciphersui
y1305 6873.30k 10734.22k 12217.75k 12613.07k 12769.39k
12665.00k
aes-128-gcm3759.88k 4280.96k 4415.66k4437.79k 4456.12k
4436.88k
aes-256-gcm3408.83k 3738.10k 3838.52k3841.90k 3864.31k
3882.17k
chach20-poly1305 is almost 3 times faster than AES128
lied patch that fixes 'PATH_MAX' and 'NAME_MAX'
undeclared when compiling on musl with CONFIG_PCAP_HAS_USB.
[aafa351] pcap-usb-linux.c: add missing limits.h for musl systems.
Signed-off-by: Eneas U de Queiroz
diff --git
a/package/libs/libpcap/patches/205-pcap-usb-linux.c-add-missing-limits.
s function); did you mean 'AF_MAX'?
char buf[sizeof("/dev/bus/usb/000/") + NAME_MAX];
^~~~
AF_MAX
make[3]: *** [Makefile:95: pcap-usb-linux.o] Error 1
Eneas U de Queiroz (1):
libpcap: patch to add
that fixes compilation errors: 'PATH_MAX' and 'NAME_MAX'
undeclared with musl.
Signed-off-by: Eneas U de Queiroz
---
...205-pcap-usb-linux.c-add-missing-limits.h.patch | 22 ++
1 file changed, 22 insertions(+)
create mode 100644
package/libs/libpcap/patches/205-pcap-usb-linux.c-a
were added in mbedtls v2.12.0, our current version.
Signed-off-by: Eneas U de Queiroz
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
st
build time significantly.
Signed-off-by: Eneas U de Queiroz
diff --git
a/package/libs/libevent2/patches/0002-Makefile.am-omit-building-sample-and-test.patch
b/package/libs/libevent2/patches/0002-Makefile.am-omit-building-sample-and-test.patch
new file mode 100644
index 00..506137d555
--- /dev/n
build time significantly (times are for brcm47xx):
time: package/libs/libevent2/compile#38.00#2.68#47.53
time: package/libs/libevent2/compile#21.46#1.76#28.24
I left PKG_REVISION unchanged since this does not alter any package
files.
Eneas U de Queiroz (1):
libevent2: Don't build tests and samples
suite list as mbedTLS.
wolfssl was not honoring setting the minimum protocol with
SSL_CTX_set_options, so we must use TLSv1_2_server_method.
Signed-off-by: Eneas U de Queiroz
---
ustream-openssl.c | 60 +--
1 file changed, 54 insertions(+), 6
cha cipher that
is not available).
Note that the wolfssl does not understand some of openssl chiper list
directives that were previously used , such as !RC4 to remove RC4 suites,
or @STRENGTH, to order them by strength.
Eneas U de Queiroz (1):
openssl, wolfssl: match mbedTLS ciphersuite list
ustream-open
d building with TLS v1.0 support as an option.
Signed-off-by: Eneas U de Queiroz
PS: Is there any reason to split up chacha and poly1305 options?
I would merge them in to a single option, but haven't done this here.
---
package/libs/wolfssl/Config.in | 17 ++-
package/li
ty options, and made them more uniform across the
ssl libraries.
- use only TLS 1.2 in server mode
- changed the ciphersuite ordering
Signed-off-by: Eneas U de Queiroz
---
ustream-mbedtls.c | 49 +++--
1 file changed, 23 insertions(+), 26 deletion
stream-ssl with openssl-1.1.0, maintaining
compatibility with openssl 1.0.2.
Fixed flag handling in ustream-io-openssl.c.
Signed-off-by: Eneas U de Queiroz
---
openssl_bio_compat.h | 33 +
ustream-io-openssl.c | 46 ++---
ty options, and made them more uniform across the
ssl libraries.
- disabled TLS compression, because of CRIME attack
- enabled server-side ordering of cipher suites
- use only TLS 1.2 in server mode for wolfssl
- changed the ciphersuite ordering
Signed-off-by: Eneas U de Queiroz
---
ustream-open
is
due to lack of secure renegotiation. There's an option to enable it, but
wolfssl does not recommend using it.I've made some changes to the
security options used in the library, and made them more uniform across
all supported libraries (mbedtls, wolfssl, openssl 1.0.2 & openssl
1.1.0)
The mbedtls patc
the patch, removing deprecated API.
It is much cleaner now; ustream-io-openssl.c has no #if's, and they're
minimized in ustream-openssl.c.
Signed-off-by: Eneas U de Queiroz
---
openssl_bio_compat.h | 34 ++
ustream-io-open
or changes to the API, so many packages will need
adjustments or version bumps.
Separated the individual engines in place of the generic "hardware
support" option.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Config.in | 45 ++---
package/l
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
the patch, removing deprecated API.
It is much cleaner now; ustream-io-openssl.c has no #if's, and they're
minimized in ustream-openssl.c.
Signed-off-by: Eneas U de Queiroz
---
openssl_bio_compat.h | 34 ++
ustream-io-open
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
I've updated the patches. Here
f @kroeckx patch that was merged in
libevent release-2.1.7-rc. Also skip building samples and tests.
Signed-off-by: Eneas U de Queiroz
---
package/libs/libevent2/Makefile| 2 +-
.../0001-Make-it-build-using-OpenSSL-1.1.0.patch | 202 +
...Makefile.am-omi
stream-ssl with openssl-1.1.0.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
---
ustream-io-openssl.c | 37 +
ustream-openssl.c| 12 +++-
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/ustream-io-openssl.c b/ustr
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
or changes to the API, so many packages will need
adjustments or version bumps.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
---
package/libs/openssl/Config.in | 10 --
package/libs/openssl/Makefile | 51 ++
.../libs/ope
f @kroeckx patch that was merged in
libevent release-2.1.7-rc.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
---
.../0001-Make-it-build-using-OpenSSL-1.1.0.patch | 202 +
1 file changed, 202 insertions(+)
create mode 100644
package/libs/libevent2/p
f @kroeckx patch that was merged in
libevent release-2.1.7-rc.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
---
.../0001-Make-it-build-using-OpenSSL-1.1.0.patch | 202 +
1 file changed, 202 insertions(+)
create mode 100644
package/libs/libevent2/p
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Since upgrading to 2.1.8 is a
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
compatible with openssl-1.1.0.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
---
package/libs/libevent2/Makefile | 35 ---
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/package/libs/libevent2/Makefile b/package/libs/libevent
or changes to the API, so many packages will need
adjustments or version bumps.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
---
package/libs/openssl/Config.in | 10 --
package/libs/openssl/Makefile | 51 ++
.../libs/ope
201 - 232 of 232 matches
Mail list logo
