's default will be used, which fails in some
cases, such as recent Gentoo systems.
CC: Petr Štetiar
Signed-off-by: Eneas U de Queiroz
diff --git a/target/sdk/files/Makefile b/target/sdk/files/Makefile
index 8df1904cb0..2f89ce0cf8 100644
--- a/target/sdk/files/Makefile
+++ b/target/sdk/file
on a bool config. This restores the previous behavior.
Signed-off-by: Eneas U de Queiroz
--
This was reported to me here:
https://github.com/openwrt/openwrt/commit/dcf3e63a35d05e7e5103819c0f17195bfafe9baa#commitcomment-38390450
The update to kconfig-v5.6 broke TARGET_MULTI_PROFILE because it would
rule. Add -O2 to
CFLAGS when building them as well.
Signed-off-by: Eneas U de Queiroz
---
include/toplevel.mk | 15 ---
scripts/config/Makefile | 23 +--
2 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/include/toplevel.mk b/include/toplevel.mk
it to be necessarily 'm' either, so we can safely use it
as bool.
Newer versions of Linux 'conf' will issue a warning when it detects such
unmet dependencies, and will set it to 'n' instead of 'y', as the
current version does. In all cases, 'm' is never used.
Signed-off-by: Eneas U de Queiroz
config with a different setting.
Signed-off-by: Eneas U de Queiroz
---
include/toplevel.mk | 2 +-
scripts/config/README | 4
scripts/config/symbol.c | 5 +
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/include/toplevel.mk b/include/toplevel.mk
index 2965f75c7c
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive. These are the last ones not using them.
Signed-off-by: Eneas U de Queiroz
---
package/utils/busybox/config/Config.in| 44 +--
.../utils/busybox/config/networking/Config.in
. Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.
Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).
Signed-off-by: Eneas U de Queiroz
---
package/kernel/linux
tab.[ch] *.lex.c files to avoid depending on
flex & bison
Eneas U de Queiroz (6):
kernel: add @IPV6 dependency to ipv6 modules
busybox: quote 'source' filenames in Config.in
build: define RTC_SUPPORT as a bool
build: simplify building *config targets
build: scripts/config - update to k
config with a different setting.
Signed-off-by: Eneas U de Queiroz
---
include/toplevel.mk | 2 +-
scripts/config/README | 4
scripts/config/symbol.c | 5 +
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/include/toplevel.mk b/include/toplevel.mk
index 2965f75c7c
rule. Add -O2 to
CFLAGS when building them as well.
Signed-off-by: Eneas U de Queiroz
---
include/toplevel.mk | 15 ---
scripts/config/Makefile | 23 +--
2 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/include/toplevel.mk b/include/toplevel.mk
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive. These are the last ones not using them.
Signed-off-by: Eneas U de Queiroz
---
package/utils/busybox/config/Config.in| 44 +--
.../utils/busybox/config/networking/Config.in
. Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.
Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).
Signed-off-by: Eneas U de Queiroz
---
package/kernel/linux
it to be necessarily 'm' either, so we can safely use it
as bool.
Newer versions of Linux 'conf' will issue a warning when it detects such
unmet dependencies, and will set it to 'n' instead of 'y', as the
current version does. In all cases, 'm' is never used.
Signed-off-by: Eneas U de Queiroz
such
as the need to quote 'source' filenames: busybox needed to be adapted.
Also, unmet dependencies are handled a bit differently now, and
RTC_SUPPORT in target/Config.in, which was defined as tristate, and
depended on 'm' (meaning its value should be only 'm' or 'n'), but ended
up being sel
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
newly generated RSA modules
- the patch reversing EOF detection we had already applied.
Signed-off-by: Eneas U de Queiroz
---
This was tested with nginx and openssl util
to revert 22623e0.
- not mentioning session resumption breakage because I can't verify it.
Eneas U de Queiroz (1):
openssl: revert EOF detection change in 1.1.1
package/libs/openssl/Makefile | 2 +-
...t-Detect-EOF-while-reading-in-libssl.patch | 80 +++
2 files
openssl/openssl#11400.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 353ae453f5..ca45549800 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
the change (don't revert), then we should probably revert this
now, and take the patches out once most/all affected apps have adapted.
Since this might cause trouble right away, and it was applied to 19.07,
I decided to post this now, as RFC.
This was tested in mvebx, WRT3200ACM, using nginx.
Eneas U de
-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 353ae453f5..ca45549800 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=e
PKG_VERSION:=$(PKG_BASE
less told otherwise.
Eneas U de Queiroz (2):
openssl: add configuration example for afalg-sync
openssl: update to 1.1.1e
package/libs/openssl/Makefile | 6 +--
.../150-openssl.cnf-add-engines-conf.patch| 31 -
...o-make-the-dev-crypto-engine-dynamic.patch
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index ca393be88f..353ae453f5 10
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index eb267f31f0..ca393be88f 100644
--- a/package/libs/openssl/Makefile
+++ b/package
[0-9], then the old package ipk will not be
removed from the bin directory by make package/abc2/clean.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index 351cf25394..5b0143d56d 100644
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index cd052698e2..351cf25394 100644
--- a/include/pack
new functions using lowercase and underscores
* Used '< file' instead of 'cat file |' to pass the files to xargs
* Added a commit changing the wildcard pattern, reverting the use of
xargs.
Eneas U de Queiroz (3):
build: package-ipkg: avoid calling wildcard twice
build: call ipkg-remo
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/package-ipkg.mk b/include/package
that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and pipes it to xargs otherwise.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index 5f7f2583a2..f2c31d1d3c 100644
--- a/include/pack
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.
Signed-off-by: Eneas U de Queiroz
diff --git a/include/package-ipkg.mk b/include/package
new functions and to opkg_package_files in
include/feeds.mk.
Eneas U de Queiroz (2):
build: package-ipkg: avoid calling wildcard twice
build: call ipkg-remove using xargs if #args>=512
include/package-ipkg.mk | 20 ++--
1 file changed, 18 insertions(+), 2 del
install package kmod-bluetooth_6lowpan.
Changing the wildcard pattern is not trivial, and there may be other
places in the build system making this assumption about the package name
format.
Using a dash in place of the underscore avoids the issue.
Signed-off-by: Eneas U de Queiroz
diff --git
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.
Signed-off-by: Eneas U de Queiroz
--
This was reported here: https://github.com/openwrt/packages/issues/10987
This should
The old name was dropped and no longer works.
Signed-off-by: Eneas U de Queiroz
--
While testing this with wolfssl, I noticed the package was built without
TLS support. This was run-tested with wolfssl on WRT3200ACM
diff --git a/package/network/utils/curl/Makefile
b/package/network/utils/curl
This update fixes many bugs, and six security vulnerabilities, including
CVE-2019-18840.
Signed-off-by: Eneas U de Queiroz
--
Compile-tested all dependents, and run-tested with wpad, uhttpd, and
curl on WRT3200ACM.
There has been an issue with WPA3 and wolfssl. I am not able to test
it, but I
in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys
Signed-off-by: Eneas U de Queiroz
---
This was run-tested on WRT3200ACM, using uhttpdi, uclient-fetch, curl
This is needed to export crypto information to netfilter, allowing
the alt. afalg openssl engine to obtain information about the drivers
being used.
Signed-off-by: Eneas U de Queiroz
---
Tested on WRT3200ACM, running openrt master. For mvebu, this
increases the package size from 17,097
t_method" redefined [-Werror]
Only define the symbols if not previously defined.
Signed-off-by: Eneas U de Queiroz
--
There are two CVEs with critical(CVSS 3.1)/high(CVSS2.0) base scores
that have been fixed in wolfssl 4.2.0: CVE-2019-16748 & CVE-2019-15651.
Before we can update wolfssl, thi
commands.
Signed-off-by: Eneas U de Queiroz
---
This should be cherry-picked to 19.07.
Run-tested on WRT3200ACM without engines, and with devcrypto & afalg.
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 28625bad05..eb267f31f0 100644
--- a/package/libs/ope
This adds the CRYPTO_ALG_KERN_DRIVER_ONLY flag to Qualcomm crypto engine
driver algorithms, so that openssl devcrypto can recognize them as
hardware-accelerated.
Signed-off-by: Eneas U de Queiroz
diff --git
a/target/linux/ipq40xx/patches-4.14/181-crypto-qce-add-CRYPTO_ALG_KERN_DRIVER_ONLY
CONFIG_CRYPTO_GF128MUL was removed as well, since it is only needed by
some cipher modes (LRW, GCM), none of which are selected, and it is
packaged as a module.
Signed-off-by: Eneas U de Queiroz
--
> The upstream qce crypto driver does not support the IPQ806x series.
> The ipq806x target used to host ipq40
This adds the CRYPTO_ALG_KERN_DRIVER_ONLY flag to Qualcomm crypto engine
driver algorithms, so that openssl devcrypto can recognize them as
hardware-accelerated.
Signed-off-by: Eneas U de Queiroz
--
It was reported to me at the forum:
https://forum.openwrt.org/t/comparing-cpu-soc-performance
The current crypto libraries will fail to load small RSA keys, so a new
certificate was generated with a 2048-bit RSA key.
Also fixed a typo in ustream-example-client.c
Signed-off-by: Eneas U de Queiroz
--
This is the output of 'openssl x509 -noout -text -in example.crt', with
the public key
This updates the CyaSSL names to wolfSSL, and removes obsolete code to
support old versions of the library < v3.10.4.
Some #include statements were moved around, so that wolfssl/options.h is
loaded before any other wolfssl/openssl header.
Signed-off-by: Eneas U de Queiroz
diff --
will be
called, and 'valid_cert' will be true if that call suceeds and we
have a peer certificate, just as it happens with openssl. Only
'valid_cn' will not be set.
Signed-off-by: Eneas U de Queiroz
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6b3fc8c..86e1b07 100644
--- a/CMakeLists.txt
+++ b
to detect their
presence. Otherwise, another call to ustream_set_io is done before
creating the SSL session to properly set the callbacks.
Signed-off-by: Eneas U de Queiroz
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3b557c3..6b3fc8c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,7
on.
Eneas
--
Eneas U de Queiroz (3):
Remove CyaSSL, WolfSSL < 3.10.4 support
ustream-io-cyassl.c: fix client-mode connections
wolfssl: enable CN validation
CMakeLists.txt | 25 +++
ustream-internal.h | 3 --
ustream-io-cyass
, and Eneas U de Queiroz added as maintainer.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 60357604b1..3f8907cf17 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed, and Eneas U de Queiroz added as maintainer
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz
--
Run
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure. This applies a couple of upstream
patches fixing this.
Signed-off-by: Eneas U de Queiroz
---
This is the result of this upstream issue:
https://github.com/wolfSSL/wolfssl/issues/2392
It was tested
used, which should be good enough.
Nonetheless, the call is being checked in CMakeLists.txt, just in case
wolfssl build options change.
Without CN validation, uclient-fetch will fail to run unless the
--no-check-certificate option is used.
Signed-off-by: Eneas U de Queiroz
---
This was run-tested
backward compatibility.
Signed-off-by: Eneas U de Queiroz
---
This was tested on a WRT3200ACM running openwrt master, using
uclient-fetch and uhttpd.
I've also tested on x86_64 (not on openwrt, though) for compatibility
with previous versions of wolfssl, so it _should_ be safe to use this
for 18.06
and DHE-GCM were moved ahead of ECDHE-CBC.
Signed-off-by: Eneas U de Queiroz
---
If you use the intermediate compatibility list, you lose compatibility
with Safari on iOS<=8 and OS X<=10.10. Windows XP will not work either,
but since it is not compatible with EC keys, it does not change w
-by: Eneas U de Queiroz
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 7c72ce1..3810d6a 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -33,6 +33,21 @@
* aes128, aes256, 3DES(client only)
*/
+#ifdef WOLFSSL_SSL_H
+# define top_ciphers
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/network/services/uhttpd/Makefile
b/package/network/services/uhttpd/Makefile
index
).
Signed-off-by: Eneas U de Queiroz
diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
index 7b5748425d..cfd1bfc80e 100644
--- a/package/utils/px5g/Makefile
+++ b/package/utils/px5g/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g
-PKG_RELEASE:=8
equivalent of 3072-bit RSA key, and is
generated much faster than even a 2048-bit RSA key.
uhttpd currently generates a 2048-bit RSA key by default, and that has
not been changed.
Eneas U de Queiroz (3):
openssl: always build with EC support
px5g: support EC keys
uhttpd: add support
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 63493829ba..d1281ec6fa 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -76,7 +76,6 @@ config OPENSSL_WITH_TLS13
bool
default y
. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.
Signed-off-by: Eneas U de Queiroz
---
This is an alternative to updating 18.06 to 4.1.0, just backporting the
patches. This has been
.
* Add AF_ALG hardware crypto support, which due to a bug, only works
when CCM support is turned off.
* Reorganized option conditionals in Makefile.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 50b0bb9cdf..32b0f74089
wolfssl changed ABI version.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/ustream-ssl/Makefile
b/package/libs/ustream-ssl/Makefile
index 2ea5bf0bd5..c0fd281866 100644
--- a/package/libs/ustream-ssl/Makefile
+++ b/package/libs/ustream-ssl/Makefile
@@ -3,6 +3,15 @@ include
wolfssl changed ABI version, so this forces an update to hostapd.
Some build options selected by hostapd are always built now, so they
were removed.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/network/services/hostapd/Config.in
b/package/network/services/hostapd/Config.in
index
.
* Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
* Reorganized option conditionals in Makefile.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 4aa163b361..a729f73a1d 100644
no issues
with them. ustream-ssl actually defines HAVE_SNI, and I have done
extensive runtime tests without any issues.
900-remove-broken-autoconf-macros.patch: this was fixed upstream, and
the jobserver was disabled by ./configure --disable-jobserver.
Eneas U de Queiroz (1):
wolfssl: bump to 4.
operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 875ff5e6a3..a729f73a1d 100644
Removed an eglibc remnant, and while at it, grouped all of the
TOOLCHAIN_PLATFORMs using the same FLAGS together.
Signed-off-by: Eneas U de Queiroz
diff --git a/target/toolchain/files/wrapper.sh
b/target/toolchain/files/wrapper.sh
index 2b760840d8..4452128382 100755
--- a/target/toolchain
This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/toolchain/eglibc-files/etc/nsswitch.conf
b/package/libs/toolchain/eglibc-files/etc/nsswitch.conf
deleted file mode 100644
index 981c425da6..00
--- a/package
I've found some remnants from eglibc, removed by 64da662 in Feb/2016.
While at it, I stumbled upon a case statement with redundant commands,
so I've simplified it as well.
Eneas U de Queiroz (2):
libs/toolchain: remove eglibc remnant file
target/toolchain/files/wrapper.sh: simplify 'case
Commit 3167a57 missed it.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 7aaa562539..264be02496 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -13,7 +13,7 @@ PKG_RELEASE:=1
PKG_SOURCE
building options for TLS 1.0, and TLS 1.3.
Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
Reorganized option conditionals in Makefile.
Add Eneas U de Queiroz as maintainer.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Config.in b
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/network
. Nonetheless, uhttpd connects
without a problem, and I can confirm /dev/crypto or AF_ALG sockets open.
The package currently lacks a maintainer, so I've added myself.
--
Changelog:
v1->v2:
* Increased FP_MAX_BITS to allow 4096-bit RSA keys.
* Update master to 4.0.0
Eneas U de Queiroz (3):
wolf
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack. Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack. Patches were refreshed.
Fixed poly1305 build option, and made some Makefile updates.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl
cate files in libnghttp2' missed duplicates in
staging_dir by Build/InstallDev.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/nghttp2/Makefile b/package/libs/nghttp2/Makefile
index b96ebd8acb..2f0b4bcabc 100644
--- a/package/libs/nghttp2/Makefile
+++ b/package/libs/nghttp2/Makefile
@@ -
is version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd
Signed-off-by: Eneas U de Queiroz
---
Notes:
Run-tested on mvebu/arm/WRT3200ACM & brcm47xx/mipsel/WRT610N,
using openssl-util
is version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd
Signed-off-by: Eneas U de Queiroz
---
Notes:
Run-tested on mvebu/arm/WRT3200ACM & brcm47xx/mipsel/WRT610N,
using openssl-util
diff -
is version:
- Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
- Fix OPENSSL_config bug (patch removed)
- Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
- Enable SHA3 pre-hashing for ECDSA and DSA
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/
onditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected. The final binares are not affected by
this.
Signed-off-by: Eneas U de Queiroz
---
This trick takes, for example, $(curdir)/kernel/cryptodev-lin
&& operand in DEPENDS. Also, fixes generation of ||
dependencies by scripts/package-metadata.pl.
The precedence order from higher to lower is && then ||. Use of
parentheses to change the order is not supported. As before, they are
silently ignored. Use them for readability only.
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
TLDR: this avoids recursive
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
Signed-off-by: Eneas U
ream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found. The config file is not installed by default.
Signed-off-by: Eneas U de Queiroz
---
The config file is not installed by default as it is usually not needed.
Without the patch,
_CRYPTO symbol that is no longer needed.
Signed-off-by: Eneas U de Queiroz
---
ChangeLog:
v2: increase PKG_RELEASE
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index ecb9eea389..49f136e845 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/ope
_CRYPTO symbol that is no longer needed.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index ecb9eea389..49f136e845 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -96,7 +96,6 @@ config OPE
p the sgid bit when running from a sgid-set
directory, resulting in a different file being generated.
Signed-off-by: Eneas U de Queiroz
---
Notes:
This fixes an issue exposed in
https://github.com/openwrt/packages/pull/8513
Tested it by reproducing the wrong tarball with master
he engines.
Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used
by openssh. There is an open PR to update openssh; when merged, this
symbol can be safely removed.
Signed-off-by: Eneas U de Queiroz
---
Notes:
ChangeLog:
v2: Reverted the removal of OPENSSL_ENG
he engines.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 235f38e787..72ff64634f 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -269,7 +269,7 @@ config OPENSSL_ENGINE_BUILTIN_AFALG
wholesale changes to its building system.
Apparently, parallel builds are working now.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index a9dd16f3e7..ef840e28ad 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openss
to measure performance,
but I feel it is useful anyway.
Eneas U de Queiroz (2):
openssl: revert disallowing parallel build
openssl: disable digests by default, misc fixes
package/libs/openssl/Config.in| 5 ++-
package/libs/openssl/Makefile | 7 +++-
...default-
supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz
---
T
ix release that incorporated all of the devcrypto engine
patches currently in the tree.
The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options. It was replaced by a simple make clean.
Signed-off-by: Eneas U
supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz
---
This s
supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz
---
This s
size info for message digests. This was breaking
openssh with a 'ssh_dispatch_fatal: ... invalid argument' error.
The patch was sent upstream as part of openssl/openssl#8213.
Reported-by: Gerard Looije
Signed-off-by: Eneas U de Queiroz
---
Run-tested on Linksys WRT3200ACM with openssh 7.9p1
supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz
diff --git
from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.
Signed-off-by: Eneas U de Queiroz
diff --git
a/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch
b/package/li
sl/openssl/pull/8213.
Signed-off-by: Eneas U de Queiroz
Eneas U de Queiroz (2):
openssl: patch to fix devcrypto sessions leak
openssl: backport devcrypto changes from master
package/libs/openssl/Config.in| 35 +-
package/libs/openssl/Makefile | 65 +-
...vcryp
oup within expression allowed only inside a function
static uint32_t ipv4_rtr_alert = cpu_to_be32(0x9404);
^
Patch was submitted upstream at https://github.com/sbyx/omcproxy/pull/2
Eneas U de Queiroz (1):
omcproxy: fix compilation on little-endian CPUs
packa
32 outside of a function.
Signed-off-by: Eneas U de Queiroz
diff --git a/package/network/services/omcproxy/Makefile
b/package/network/services/omcproxy/Makefile
index 28de833a1c..e121fa0b23 100644
--- a/package/network/services/omcproxy/Makefile
+++ b/package/network/services/omcproxy/Makefile
@@
ly a build dependency for /dev/crypto support in openssl.
Since it is a kernel module, it belongs here anyway.
- Removed Nikos Mavrogiannopoulos as maintainer.
- Streamlined make flags
Signed-off-by: Eneas U de Queiroz
diff --git a/package/kernel/cryptodev-linux/Makefile
b/package/kernel/cryptodev-linu
101 - 200 of 232 matches
Mail list logo
