The patch needed for this commit has been sent upstream:
https://github.com/openssl/openssl/pull/1155
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
There seems to be a situation in which a rebuild of libpcap.so is triggered
in the install step of the libpcap Makefile. libpcap.so is the wrong
target, leading to the build failure reported in [1].
Fix the dependency of install-shared-so to $(SHAREDLIB) so the build can
succeed in this case.
[1] https://dev.openwrt.org/ticket/19894
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This reverts commit abf0768131.
The description is wrong, there is no recursive dependency here. The
conditions were added intentionally to avoid bogus build dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Two variants incorrectly include themselves in
conditional depends on ssl libraries, which results
in a recursive dependency.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
This adds this commit from normal libnl to libnl-tiny:
2dbc1ca76c
commit 2dbc1ca76c5b82c40749e609eb83877418abb006
Author: dima <dima.ky@gmail.com>
Date: Wed Oct 13 17:53:34 2010 +0300
Generic Netlink multicast groups support
I have a patch against commit d378220c96c3c8b6f27dca33e7d8ba03318f9c2d
extending libnl with a facility to receive generic netlink messages sent
to multicast groups.
Essentially it add one new function genl_ctrl_resolve_grp which
prototype looks like this
int genl_ctrl_resolve_grp(struct nl_sock *sk, const char *family_name,
const char *grp_name)
It resolves the family name and the group name to group id. Then
the returned id can be used in nl_socket_add_membership to subscribe
to multicast messages.
Besides that it adds two more functions
uint32_t nl_socket_get_peer_groups(struct nl_sock *sk)
void nl_socket_set_peer_groups(struct nl_sock *sk, uint32_t groups)
allowing to modify the socket peer groups field. So it's possible to
multicast messages from the user space using the legacy interface.
Looks like there is no way (or I was not able to find one?) to modify
the netlink socket destination group from the user space, when the
group id is greater then 32.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cosmetic style fix]
There are 2 issues fixed by this patch:
- UDP checksum is computed incorrectly, the used pseudo IP header
contains transport protocol 6 iso 17
- on big endian arches the UDP/TCP checksum is incorrectly
computed when payload length is odd
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
The package Makefile was based on work at link [1] with the following
changes
1. Disable minidebuginfo support thus no dependency on liblzma
2. Add 2 patches for building against musl-libc and building with
mips16 enabled
3. Add LICENSE and DEPENDS info, etc.
[1] https://github.com/rpi-openwrt/rpi-packages/tree/master/libs/libunwind
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Recent versions of Chrome require this ciphers to successfully handshake with
a TLS enabled uhttpd server using the ustream-polarssl backend.
If `CONFIG_GCM` is disabled, `ssl_ciphersuite_from_id()` will return `NULL`
when cipher `0x9d` is looked up, causing the calling `ssl_ciphersuite_match()`
to fail with `POLARSSL_ERR_SSL_INTERNAL_ERROR`.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days. Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself. User
applications must include that directly.
Signed-off-by: Karl Palsson <karlp@etactica.com>
When the gettext-full host build phase finds an `emacs` exectuble during the
build it will launch an `emacs --batch` command to run some Lisp code.
On certain Debian systems the `/usr/bin/emacs` path might point, via
alternatives, to the `/usr/bin/jove` editor which will then launch an
interactive session when invoked by the gettext build.
In order to avoid this problem, explicitely disable emacs handling during
the build through a configure environment variable.
Also remove my now unreachable maintainer address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954
so patch 300 saves around 12k compressed ipkg size
v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
The libusb package is not parallel build save, a make -j16 reliably breaks it.
Forcibly disable parallel building.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
this patch fixes a bug when using uclibc on MIPS. The bug does not exist when
using musl, so drop the fix.
Signed-off-by: John Crispin <john@phrozen.org>
Bump to the latest version, fixes several security issues:
* CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
This patch adds missing ASCII aliases to the libiconv stub in order to avoid conversion errors like https://github.com/openwrt/packages/issues/2373
Signed-off-by: Gergely Kiss <mail.gery@gmail.com>