This fixes CVE-2015-5291 and some other smaller security issues.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47202 3c298f89-4303-0410-b956-a3cf2f4a3e73
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r46285
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46286 3c298f89-4303-0410-b956-a3cf2f4a3e73
The g++-uc wrapper hardcodes $(STAGING_DIR) and $(TOOLCHAIN_DIR) paths which
will not work outside of the original build environment.
Replace the hardcoded staging_dir occurences with paths relative to the
$STAGING_DIR environment variable to make the g++-uc* wrappers usable in an
SDK environment.
Fixes the libdb47 build failure reported at
https://lists.openwrt.org/pipermail/openwrt-devel/2015-April/032455.html
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r46162
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46163 3c298f89-4303-0410-b956-a3cf2f4a3e73
elfutils is required by perf. So we'll move this package from
packages.git and make it part of the core distribution.
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45969 3c298f89-4303-0410-b956-a3cf2f4a3e73
argp-standalone is required by elfutils, itself required by perf. So
we'll move this package from packages.git and make it part of the core
distribution.
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45967 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch is taken from the gentoo guys who extracted this from a large
upstream commit (with many unrelated changes).
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45878 3c298f89-4303-0410-b956-a3cf2f4a3e73
This reverts r43204. The symlinks are faulty, as they point to a
temporary staging dir
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45569 3c298f89-4303-0410-b956-a3cf2f4a3e73
fixes long writes when using polarssl
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45441 3c298f89-4303-0410-b956-a3cf2f4a3e73
This updates libnetfilter_conntrack to the latest
stable version 1.0.4 which was released Aug-06-2013.
Changeset is available here:
http://git.netfilter.org/libnetfilter_conntrack/log/
Signed-off-by: Christian Mehlis <christian@m3hlis.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45074 3c298f89-4303-0410-b956-a3cf2f4a3e73
fix a bug the made uloop_end() not work when called from within a uloop_process
callback handler
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44945 3c298f89-4303-0410-b956-a3cf2f4a3e73
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)
[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]
Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44701 3c298f89-4303-0410-b956-a3cf2f4a3e73
Version 0.12 deprecates json_object_object_get and moves the header files around
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44657 3c298f89-4303-0410-b956-a3cf2f4a3e73
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.
Based on a patch submitted by Daniel Drown:
https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html
Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44618 3c298f89-4303-0410-b956-a3cf2f4a3e73
This is required to properly update syslog idents when switching between
log modes.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44546 3c298f89-4303-0410-b956-a3cf2f4a3e73
Update to git head in order to introduce the new ulog() logging api which
supports early boot logging to dmesg.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44542 3c298f89-4303-0410-b956-a3cf2f4a3e73
