During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r46285
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46287 3c298f89-4303-0410-b956-a3cf2f4a3e73
The g++-uc wrapper hardcodes $(STAGING_DIR) and $(TOOLCHAIN_DIR) paths which
will not work outside of the original build environment.
Replace the hardcoded staging_dir occurences with paths relative to the
$STAGING_DIR environment variable to make the g++-uc* wrappers usable in an
SDK environment.
Fixes the libdb47 build failure reported at
https://lists.openwrt.org/pipermail/openwrt-devel/2015-April/032455.html
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r46162
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46164 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r44082
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44095 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r43600
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43601 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r42963
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42964 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r42960
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42961 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r42949
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42950 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r42947
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42948 3c298f89-4303-0410-b956-a3cf2f4a3e73
Also refresh patches and bump copyright year in Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r42929
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42930 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r42419
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42420 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: John Crispin <blogic@openwrt.org>
Backport of r42230
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42373 3c298f89-4303-0410-b956-a3cf2f4a3e73
Currently, any package that uses host compile and depends on
libgmp.so will fail. This is because gmp is not compile for
host machine. So, staging_dir/host has only static lib for gmp
$ ls staging_dir/host/lib/libgmp* -1
staging_dir/host/lib/libgmp.a
staging_dir/host/lib/libgmp.la
staging_dir/host/lib/libgmpxx.a
staging_dir/host/lib/libgmpxx.la
Addind host compile in gmp, the dependent package can use:
PKG_BUILD_DEPENDS:=gmp/host
That will compile gmp to staging_dir/host with *.so files
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Backport of r42196
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42369 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r42257
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42258 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: John Crispin <blogic@openwrt.org>
Backport of r42055
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42056 3c298f89-4303-0410-b956-a3cf2f4a3e73