Upstream commit: 52ba5760b7
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support
Signed-off-by: John Crispin <john@phrozen.org>
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.
This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.
Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
This release is also ABI incompatible with the previous one, but it is
API compatible.
Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.
Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT
Remove extra DEFAULT_VARIANT from libustream-polarssl.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
This reverts commit abf0768131.
The description is wrong, there is no recursive dependency here. The
conditions were added intentionally to avoid bogus build dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Two variants incorrectly include themselves in
conditional depends on ssl libraries, which results
in a recursive dependency.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
John Crispin