openwrt

Go to file

Eneas U de Queiroz f8282da11e openssl: fix CVE-2023-464 and CVE-2023-465 Apply two patches fixing low-severity vulnerabilities related to certificate policies validation: - Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464) Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. - Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465) Severity: Low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Note: OpenSSL also released a fix for low-severity security advisory CVE-2023-466. It is not included here because the fix only changes the documentation, which is not built nor included in any OpenWrt package. Due to the low-severity of these issues, there will be not be an immediate new release of OpenSSL. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>		2023-04-17 10:15:36 -03:00
.github	CI: build: fix external toolchain use with release tag tests	2023-01-04 19:35:17 +01:00
LICENSES	LICENSES: include all used licenses in LICENSES directory	2021-02-14 19:21:38 +01:00
config	toolchain: Select USE_SSTRIP with external musl toolchain	2022-12-06 01:01:12 +01:00
include	OpenWrt v21.02.6: revert to branch defaults	2023-04-09 23:38:42 +01:00
package	openssl: fix CVE-2023-464 and CVE-2023-465	2023-04-17 10:15:36 -03:00
scripts	scripts/dl_github_archieve.py: fix generating unreproducible tar	2023-01-12 15:00:55 +01:00
target	kernel: backport fix for recently introduced UBI bug	2023-04-15 03:34:22 +01:00
toolchain	toolchain: Include ./include/fortify for external musl toolchain	2022-12-04 16:07:33 +01:00
tools	tools/mkimage: fix build on MacOS arm64	2022-12-09 03:25:49 +01:00
.gitattributes	add .gitattributes to prevent the git autocrlf option from messing with CRLF/LF in files	2012-05-08 13:30:49 +00:00
.gitignore	gitignore: add .vscode for VS Code users	2021-03-29 22:26:27 +02:00
BSDmakefile	build: use SPDX license tags	2021-02-05 14:54:47 +01:00
COPYING	COPYING: add COPYING file to specify project licenses	2021-02-14 19:21:38 +01:00
Config.in	build: use SPDX license tags	2021-02-05 14:54:47 +01:00
Makefile	Makefile: fix stray \ warnings with grep-3.8	2022-09-29 19:44:09 +02:00
README.md	README: switch from freenode to oftc	2021-06-12 12:41:29 -10:00
feeds.conf.default	OpenWrt v21.02.6: revert to branch defaults	2023-04-09 23:38:42 +01:00
rules.mk	rules_mk: use gcc versions for external toolchain	2022-12-04 16:07:33 +01:00

README.md

OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.

Sunshine!

Development

To build your own firmware you need a GNU/Linux, BSD or MacOSX system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system.

Requirements

You need the following tools to compile OpenWrt, the package names vary between distributions. A complete list with distribution specific packages is found in the Build System Setup documentation.

gcc binutils bzip2 flex python3 perl make find grep diff unzip gawk getopt
subversion libz-dev libc-dev rsync which

Quickstart

Run ./scripts/feeds update -a to obtain all the latest package definitions defined in feeds.conf / feeds.conf.default
Run ./scripts/feeds install -a to install symlinks for all obtained packages into package/feeds/
Run make menuconfig to select your preferred configuration for the toolchain, target system & firmware packages.
Run make to build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the GNU/Linux kernel & all chosen applications for your target system.

The main repository uses multiple sub-repositories to manage packages of different categories. All packages are installed via the OpenWrt package manager called opkg. If you're looking to develop the web interface or port packages to OpenWrt, please find the fitting repository below.

LuCI Web Interface: Modern and modular interface to control the device via a web browser.
OpenWrt Packages: Community repository of ported packages.
OpenWrt Routing: Packages specifically focused on (mesh) routing.

Support Information

For a list of supported devices see the OpenWrt Hardware Database

Documentation

Support Community

Forum: For usage, projects, discussions and hardware advise.
Support Chat: Channel #openwrt on oftc.net.

Developer Community

Bug Reports: Report bugs in OpenWrt
Dev Mailing List: Send patches
Dev Chat: Channel #openwrt-devel on oftc.net.

License

OpenWrt is licensed under GPL-2.0