This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This constant was always defined to 0, and recently got removed in
upstream commit a07ea4d9941af5a0c6f0be2a71b51ac9c083c5e5 ("genetlink: no
longer support using static family IDs")
Fixes libnl-tiny builds with latest upstream kernels.
Fixes: d723f2573a ("libnl-tiny: remove include/linux overrides to fix various build issues")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This allows to include optimizations such as ARM neon which
are detected on run-time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
[Jo-Philipp Wich: picked from openwrt#191 and rebased onto LEDE master]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Switch to xz tarball, there's no point pulling two different tarballs of the same source code (tools/libtool uses xz).
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
luci using ustream-mbedtls is extremely slow vs ustream-polarssl.
polarssl alias mbedtls v1 is configured to use NIST prime speed
optimisation, so no longer disable the default optimisation for
mbedtls v2.
Compile & run tested: Archer C7v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[Jo-Philipp Wich: refresh patch to use common format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch
Security advisory: https://www.openssl.org/news/secadv/20160926.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.
Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch
Also refresh patches while we're at.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Change the error message about missing SSL support to be more explicit by
mentioning required package names.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The patch needed for this commit has been sent upstream:
https://github.com/openssl/openssl/pull/1155
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>