Staging tree of Piotr Dymacz https://git.openwrt.org/openwrt/staging/pepe2k/atom?h=v21.02.3 2022-03-06T19:56:23Z 2022-03-06T19:56:23Z Josef Schlehofer 2022-02-23T20:32:41Z urn:sha1:03271046869ec2e681e0732e3ed6460ab1537243 Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt ``` It includes the following security fix * In some situations the X.509 verifier would discard an error on an unverified certificate chain, resulting in an authentication bypass. Thanks to Ilya Shipitsin and Timo Steinlein for reporting. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 495c4f4e197166a6fa997d4620ca6c241e3abd45) 2022-03-06T19:56:23Z Rosen Penev 2021-09-22T07:49:33Z urn:sha1:8ed3b5b04b4983d75f4192bab470c6fb7eb9c50f Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 03bb3412a2b8bf8ac69e062ea9fd88e2c6c6fb57) 2022-03-06T19:56:23Z Rosen Penev 2021-09-02T02:29:40Z urn:sha1:2736a5df94134fcad19dbd429fa21761536937b7 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f78ad901e1ce07c42a9f5e670c39dbdcea15eb87) 2022-03-06T19:56:23Z Rosen Penev 2021-06-19T21:45:11Z urn:sha1:49b2e6365d054aa49c88478ab2000eb2dd439cd8 Fix wrong FPIC variable usage. Fixes compilation under sparc64 host. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit bf4dbbb55e2b8e23f186e1334f1e9ce6a3a8ddfe) 2020-12-31T09:03:21Z Rosen Penev 2020-12-23T09:16:17Z urn:sha1:31554e50d2c3d0707a40f9ed08b0d6999f584ba2 Upstream switched to building with CMake. Adjust accordingly. Reapplied patch as upstream changed the file format. Added HOST_BUILD_PARALLEL for faster compilation. Added cmake tool dependency and removed circular dependencies as a result. Adjusted dependent tools to use NOCACHE as they are needed to build ccache. Signed-off-by: Rosen Penev <rosenp@gmail.com> 2020-12-18T19:44:43Z Rosen Penev 2020-12-18T01:46:40Z urn:sha1:5950397e1486548c2736d653fdf177e986b3e896 Signed-off-by: Rosen Penev <rosenp@gmail.com> 2020-09-18T18:08:51Z Yuan Tao 2020-09-12T19:50:36Z urn:sha1:649e098ec085abad1ac08b545e03db882fbfcc17 libressl update to 3.2.1 Delete 001-dont-build-tests-man.patch Add configure args : --enable-static --disable-tests The patch (001-dont-build-tests-man.patch) no longer works with the current version. Follow the patch notes: Adding the --enable-static and --disable-tests parameters should replace the patch. Signed-off-by: Yuan Tao <ty@wevs.org> 2020-02-18T20:38:51Z Daniel Engberg 2020-02-03T15:47:47Z urn:sha1:0ffb7b02ba334cdd1a74a531ec751b81b51a5b06 Update libressl to 3.0.2 and remove 010-avoid-glibc.patch as fix is added by upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> 2019-07-23T12:54:07Z Hans Dedecker 2019-07-23T12:47:56Z urn:sha1:1282a630272c59dfd105262772a2ca136084db03 Fixes compilaton issue for non glibc clibs : libtool: compile: gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" "-DPACKAGE_STRING=\"libressl 2.9.2\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_SYSLOG=1 -DHAVE_ACCEPT4=1 -DHAVE_PIPE2=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_EXPLICIT_BZERO=1 -DHAVE_GETAUXVAL=1 -DHAVE_GETAUXVAL=1 -DHAVE_DL_ITERATE_PHDR=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAS_GNU_WARNING_LONG=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I../crypto/asn1 -I../crypto/bn -I../crypto/ec -I../crypto/ecdsa -I../crypto/evp -I../crypto/modes -I../crypto -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE -D__STRICT_ALIGNMENT -O2 -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DHAVE_GNU_STACK -Wno-pointer-sign -MT compat/getprogname_linux.lo -MD -MP -MF compat/.deps/getprogname_linux.Tpo -c compat/getprogname_linux.c -o compat/getprogname_linux.o compat/getprogname_linux.c: In function 'getprogname': compat/getprogname_linux.c:32:2: error: #error "Cannot emulate getprogname" #error "Cannot emulate getprogname" ^~~~~ Reported-by: Anibal Portero <anibal.portero@pantacor.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> 2019-07-22T16:06:04Z Kevin Darbyshire-Bryant 2019-07-22T13:38:54Z urn:sha1:8d6d227bb653b7cce7092a5a9d55180c3e022848 Making all in tests depbase=`echo handshake_table.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" -DPACKAGE_STRING=\"libressl\ 2.9.2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_READPASSPHRASE_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_READPASSPHRASE=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_GETPROGNAME=1 -DHAVE_SYSLOG=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_ARC4RANDOM=1 -DHAVE_ARC4RANDOM_BUF=1 -DHAVE_ARC4RANDOM_UNIFORM=1 -DHAVE_TIMINGSAFE_BCMP=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAVE___VA_COPY=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I ../crypto/modes -I ../crypto/asn1 -I ../ssl -I ../tls -I ../apps/openssl -I ../apps/openssl/compat -D_PATH_SSL_CA_FILE=\"../apps/openssl/cert.pem\" -I/Users/kevin/wrt/staging_dir/host/include -D__STRICT_ALIGNMENT -O2 -I/Users/kevin/wrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Qunused-arguments -Wno-pointer-sign -MT handshake_table.o -MD -MP -MF $depbase.Tpo -c -o handshake_table.o handshake_table.c &&\ mv -f $depbase.Tpo $depbase.Po make[4]: *** No rule to make target `/Users/kevin/wrt/build_dir/host/libressl-2.9.2/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o', needed by `handshake_table'. Stop. make[3]: *** [all-recursive] Error 1 A similar error & clues from https://gitlab.com/ymorin/buildroot/commit/e783d60473944f8b39f1def45d8d6b483a062158 " LibreSSL 2.9.1 now has a test that requires libtls.a, however, when building a shared library only build, the --disable-static flag is passed to libressl, which prevents the building of libtls.a. With libtls.a not being built, the following error occurs: libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. Stop. There are three options to fix this: 1) Stick with autotools, and provide a patch that removes building anything in the tests folder. 2) Pass --enable-static to LIBRESSL_CONF_OPTS 3) Change the package type to cmake, as a cmake build does not have this issue." It appears we cannot change to cmake because cmake has a dependency on an ssl library. Take option 1 and do not build the tests. Also take the opportunity to remove man page building as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>