From patchwork Mon Aug 5 14:47:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eneas U de Queiroz X-Patchwork-Id: 1142223 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Mo1rSSO+"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="QsWB4EYL"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 462LJ656Rnz9sBF for ; Tue, 6 Aug 2019 00:49:09 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=iGTMycgBQe5UZTVJFVLPSw6lDrdZ2EYCvKEOWs/aDm4=; b=Mo1rSSO+1PUw/m Vzd1J5wWuPMVENRJ/AlIHIqV5jFqOk6Q+lDtQ6XXeluW4Las5kp2Ldt54VGQ8dpX2SMd6eqbMPXd3 ckULs5P9L+Qw5xVpMWgkqGhwP0eF2ivLdPSJkELi+jyIV6EAaJpGKs+o7i+jtH1DjyTZJvWfSME4P wQ5p598hc+K5ayvj76G7wV0SEh5JyRv0QMmGI1magN5Oit1I1j45Pt+00dZV55IyCpKQc71pBpVd1 1GbkYqfZ/xGL6YLoK9I6sdyHIo3eBUdF0GM7sqY+5IDO7TtjJZ/Epms+ob4O9xipF1zU7OWKEQxFf S+w+38nFP0uQdQj1WFxw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hueI4-0001uB-JY; Mon, 05 Aug 2019 14:48:48 +0000 Received: from mail-qt1-x841.google.com ([2607:f8b0:4864:20::841]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hueHz-0001rk-Cg for openwrt-devel@lists.openwrt.org; Mon, 05 Aug 2019 14:48:47 +0000 Received: by mail-qt1-x841.google.com with SMTP id d17so2254528qtj.8 for ; Mon, 05 Aug 2019 07:48:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=54jjXo+zVfc2a3eb1zynYhlfeW/psIDejTKWEB1URFU=; b=QsWB4EYL4HWjIfEJ9b0pAH3aejQYSUNi0C0iNcL5XPCnaUnUpiZDI87P8aM1fKw5kb njTBZP9xXXltE/z+ZIzOBO9RjcK6yUiXIEEmHJ14nru6n2fdS0cu2sTq06HF9VdrMPgv 2dNck3THU/ot929Ua5YyMMgipgNqq9l2dr95pSyE41K4Jkm4HWK0VdwUyRmImquelsuM OAGbCroda+zkMwyo3jauXW97d3yER1Jmy7qb+a5vjbg/Rdj3DWQQuwm51ar8xNl1OxLm QCgab5Znzn2i46loJq95OM+0Nr1AuBSoVnM6uhA91dre2WIYr15y/7gp1LKq/gP6Mj8+ g7lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=54jjXo+zVfc2a3eb1zynYhlfeW/psIDejTKWEB1URFU=; b=bTzjraNYKY41o/BeRiwmhMhnKMcQplEqpCKYFDN5eGXX0sIwkH11AQnxTmp+C4l4TB gH2vL6aOrVHWop/kbcBuzM+UP5OPFimARnC3jEpXhNba8bj0efqupLfjvIq15+CKVHvE SNTL2mxmJVFps37rs0o777G8jxXlg3qeEW1AJm8MA2XZpte41NMbHpsqOBIO//oHiVrO 0M5nh8ElSaooghYkSgMIQ2SB3DT7hZs651TsekcBp1g0R44sgr+tBDqeWAej8+VjjY5F bPNA3oUTBjNdtHnmuxfbWA2s+YoEFPyVBoHeFAZkf3YcumX7eVAWYov09pKe6tMbCV3F Tycw== X-Gm-Message-State: APjAAAVCEc8/ySM9H5eFLpFw4oOW+6eRlX/n0UTgLcU1yHb86yih4SQO MSavRIAK/8MMryH4TP0T+eRVPmRe81c= X-Google-Smtp-Source: APXvYqxYUetacuWf4lFSeuG7q9CgNKjVfP2uuh1vwk3HXdKDlUIrj9FyxD96vLVbPXcgkpvuMfAn8w== X-Received: by 2002:ac8:21f2:: with SMTP id 47mr107665991qtz.38.1565016521054; Mon, 05 Aug 2019 07:48:41 -0700 (PDT) Received: from gateway.troianet.com.br (ipv6.troianet.com.br. [2804:688:21:4::2]) by smtp.gmail.com with ESMTPSA id u7sm43947469qta.82.2019.08.05.07.48.39 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 05 Aug 2019 07:48:40 -0700 (PDT) From: Eneas U de Queiroz To: openwrt-devel@lists.openwrt.org Date: Mon, 5 Aug 2019 11:47:58 -0300 Message-Id: <20190805144758.3129-2-cotequeiroz@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190805144758.3129-1-cotequeiroz@gmail.com> References: <20190805144758.3129-1-cotequeiroz@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190805_074843_430245_8CFF713C X-CRM114-Status: UNSURE ( 7.74 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:841 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cotequeiroz[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [PATCH 1/1] wolfssl: bump to 4.1.0-stable X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eneas U de Queiroz Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Always build AES-GCM support. Unnecessary patches were removed. This includes two vulnerability fixes: CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK extension parsing. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Signed-off-by: Eneas U de Queiroz diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 875ff5e6a3..a729f73a1d 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -4,10 +4,6 @@ config WOLFSSL_HAS_AES_CCM bool "Include AES-CCM support" default y -config WOLFSSL_HAS_AES_GCM - bool "Include AES-GCM support" - default y - config WOLFSSL_HAS_CHACHA_POLY bool "Include ChaCha20-Poly1305 cipher suite support" default y @@ -24,13 +20,8 @@ config WOLFSSL_HAS_TLSV10 bool "Include TLS 1.0 support" default y -if !(WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY) - comment "! TLS 1.3 support needs one of: AES-CCM, AES-GCM, ChaCha20-Poly1305" -endif - config WOLFSSL_HAS_TLSV13 bool "Include TLS 1.3 support" - depends on WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY default y config WOLFSSL_HAS_SESSION_TICKET @@ -56,6 +47,9 @@ config WOLFSSL_HAS_ECC25519 bool "Include ECC Curve 22519 support" default n +config WOLFSSL_HAS_DEVCRYPTO + bool + if WOLFSSL_HAS_AES_CCM comment "! Hardware Acceleration does not build with AES-CCM enabled" endif @@ -72,9 +66,11 @@ if !WOLFSSL_HAS_AES_CCM config WOLFSSL_HAS_DEVCRYPTO_AES bool "/dev/crypto - AES-only" + select WOLFSSL_HAS_DEVCRYPTO config WOLFSSL_HAS_DEVCRYPTO_FULL bool "/dev/crypto - full" + select WOLFSSL_HAS_DEVCRYPTO endchoice endif diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 678eb4936b..2ad03a5aca 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=4.0.0-stable +PKG_VERSION:=4.1.0-stable PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=6cf678c72b485d1904047c40c20f85104c96b5f39778822783a2c407ccb23657 +PKG_HASH:=f0d630c3ddfeb692b8ae38cc739f47d5e9f0fb708662aa241ede0c42a5eb3dd8 PKG_FIXUP:=libtool PKG_INSTALL:=1 @@ -25,14 +25,13 @@ PKG_MAINTAINER:=Eneas U de Queiroz PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CONFIG_DEPENDS:=\ - CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \ - CONFIG_WOLFSSL_HAS_AFALG CONFIG_WOLFSSL_HAS_ARC4 \ - CONFIG_WOLFSSL_HAS_CHACHA_POLY CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \ - CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL, CONFIG_WOLFSSL_HAS_DH \ - CONFIG_WOLFSSL_HAS_DTLS CONFIG_WOLFSSL_HAS_ECC25519 \ - CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_SESSION_TICKET \ - CONFIG_WOLFSSL_HAS_TLSV10 CONFIG_WOLFSSL_HAS_TLSV13 \ - CONFIG_WOLFSSL_HAS_WPAS + CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \ + CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \ + CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \ + CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ + CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \ + CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \ + CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS include $(INCLUDE_DIR)/package.mk @@ -65,11 +64,9 @@ CONFIGURE_ARGS += \ --enable-sni \ --enable-stunnel \ --disable-examples \ - --disable-leanpsk \ - --disable-leantls \ + --disable-jobserver \ --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \ --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \ - --$(if $(CONFIG_WOLFSSL_HAS_AES_GCM),enable,disable)-aesgcm \ --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \ --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \ --$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \ diff --git a/package/libs/wolfssl/patches/400-additional_compatibility.patch b/package/libs/wolfssl/patches/400-additional_compatibility.patch deleted file mode 100644 index 1464e9d2a8..0000000000 --- a/package/libs/wolfssl/patches/400-additional_compatibility.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/cyassl/openssl/ssl.h -+++ b/cyassl/openssl/ssl.h -@@ -28,6 +28,9 @@ - #define CYASSL_OPENSSL_H_ - - #include -+#ifndef HAVE_SNI -+#undef CYASSL_SNI_HOST_NAME -+#endif - #include - - #endif diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch deleted file mode 100644 index 34d3e62361..0000000000 --- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -4740,7 +4740,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta - AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) - - AX_CREATE_GENERIC_CONFIG --AX_AM_JOBSERVER([yes]) - - AC_OUTPUT - ---- a/Makefile.am -+++ b/Makefile.am -@@ -20,8 +20,6 @@ dist_noinst_SCRIPTS = - noinst_SCRIPTS = - check_SCRIPTS = - --#includes additional rules from aminclude.am --@INC_AMINCLUDE@ - DISTCLEANFILES+= aminclude.am - - CLEANFILES+= cert.der \ From patchwork Mon Aug 5 17:19:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eneas U de Queiroz X-Patchwork-Id: 1142394 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hzR832k4"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="g1Sw5uAk"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 462Pf40h0Rz9sBF for ; Tue, 6 Aug 2019 03:19:55 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=zN+joj6Z/HHzOGOcreYV4VF8Nbmi1fLRw4UBgXh43wU=; b=hzR832k4RMNDLu sDFAbRd7CGgFMoY/EO/EJfymTbS4ZxD6K3ZxPBIDTe6RPrfykEIeFcpY3pXw+WFQ4p+vmF+Svyyuw VmCsmSMPiGAXFt/oFCK5Cxq8Mm+xXDHQn6iWf3MT51bAHv0XOzY4hVN1ACqsSG86r9zDXZnFH1A2N 282Xk6Y6RGM8iA+movp+YAgW1rQjWtQlxtHfDr2qFcqmgiGQTYTXAejj7eEB3NHXQiMh23bUpvZiP lrlVHiQrKh0KcuE3vtUnQgx/jrt8MDwII8xuQdRoPia0szIMD2cznCgbTBAEqqMK05I+Hcb2vbhJP KKdVAWTqtM31WR4VkoQw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1huge1-0004x1-RY; Mon, 05 Aug 2019 17:19:37 +0000 Received: from mail-qt1-x842.google.com ([2607:f8b0:4864:20::842]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hugdz-0004wW-7m for openwrt-devel@lists.openwrt.org; Mon, 05 Aug 2019 17:19:36 +0000 Received: by mail-qt1-x842.google.com with SMTP id x22so8301623qtp.12 for ; Mon, 05 Aug 2019 10:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VA4mEFsoSFLkmx+MMCZmQx1P2hbjEqxypnaQv/GNoxI=; b=g1Sw5uAkecSp02D/HFiXrf7W7fwO6LmTOY4RvI6uUCe/IQqpd9dzJndOBsE4XdfshN E4AXWsoyuxff4XswP65K0t1CW51IPYGE/O4TFDrN/x0IkSOi/9YUUuiCcgEg3sf9OO6W 4hrwXv1k2YnNvvWFg9p0aDjnFX6LP5Mqu9vzyIjlLjNWo4jaRN2uom7rCkdTvp8Vk29c 3czoV0wK3cWrNVRUpk3wt1FImhvs73GLxFVYUKvydcyb30qO3JS8PoR963VB+CTD9GUM 4Sni/W3KmmP5n1v0JwkJLg/stZV26OD5T5xUz7lB1pGHiMITAi+9mlrDtsvXM3fZHTQj olEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VA4mEFsoSFLkmx+MMCZmQx1P2hbjEqxypnaQv/GNoxI=; b=bUAT2okxH7j4IN892q3IYdRbHpZm3EsEr6ytWzmZsEfg2VQa0rkCce7kCT/W88guAD e05MDMGu5n6+PGDRecrXILRkkIPRl7fvdBIXB2v/WN80FK07oGRKcNs9U5xu4DEUDG+R 65OW233kSlIdUMcbw21b6FCCBO3NGnphB4M8Viu81aO71PfzciTgaRTup2D2dx1KTTRS 5Vsk4mfcPE/bXLNLwxfz9t8jNxcPwCUWqa1pFWk5+vOYz12zvdexGp6KC1G4pm2KnkA1 tD2OogBG4lO8cHI4zZVugf4GbZr+O7KWj7jV5k5mS0D9AI2OV1U9BQWj7ixnEdKP1PPZ Z2Tg== X-Gm-Message-State: APjAAAV9GGqXvooJnhBgbuA97I6pmAaW9Zqc7yuzj4fvZlzk0vOfUkMe /H3jigk+X+L8rp5MRYrDrXyad0Lsi2A= X-Google-Smtp-Source: APXvYqwxXpC4I18I8RvwSQ2Due5+H15hlGm1julTaJZOXZ+LxEY82798b3KUdR5xBdRYOYZKA+CY8Q== X-Received: by 2002:aed:254c:: with SMTP id w12mr111773613qtc.127.1565025573845; Mon, 05 Aug 2019 10:19:33 -0700 (PDT) Received: from gateway.troianet.com.br (ipv6.troianet.com.br. [2804:688:21:4::2]) by smtp.gmail.com with ESMTPSA id j2sm38491728qtb.89.2019.08.05.10.19.32 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 05 Aug 2019 10:19:33 -0700 (PDT) From: Eneas U de Queiroz To: openwrt-devel@lists.openwrt.org Date: Mon, 5 Aug 2019 14:19:20 -0300 Message-Id: <20190805171921.3995-2-cotequeiroz@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190805171921.3995-1-cotequeiroz@gmail.com> References: <20190805144758.3129-1-cotequeiroz@gmail.com> <20190805171921.3995-1-cotequeiroz@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190805_101935_274786_FE089D4F X-CRM114-Status: UNSURE ( 5.68 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:842 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cotequeiroz[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [RFC 18.06 PATCH 2/3] ustream-ssl: bump wolfssl variant X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eneas U de Queiroz Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org wolfssl changed ABI version. Signed-off-by: Eneas U de Queiroz diff --git a/package/libs/ustream-ssl/Makefile b/package/libs/ustream-ssl/Makefile index 2ea5bf0bd5..c0fd281866 100644 --- a/package/libs/ustream-ssl/Makefile +++ b/package/libs/ustream-ssl/Makefile @@ -3,6 +3,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ustream-ssl PKG_RELEASE:=1 +### NOTICE FOR THE NEXT VERSION/RELEASE BUMP. +### +# libustream-wolfssl currently has a different RELEASE than the rest of the libs. +# This is temporary, and was done to avoid to needlessly upgrade the rest of the +# variants. So when the next update happen, things should get back to normal. +# If this package gets a PKG_RELEASE bump, please use PKG_RELEASE:=3, and remove the +# RELEASE:=2 line under libustream-wolfssl, as well as this notice. +# If the VERSION/SOURCE_DATE gets updated, remove the notice and the RELEASE:=2 line. + PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git PKG_SOURCE_DATE:=2018-07-30 @@ -39,6 +48,9 @@ define Package/libustream-wolfssl $(Package/libustream/default) TITLE += (wolfssl) DEPENDS += +PACKAGE_libustream-wolfssl:libwolfssl +#### + RELEASE:=2 +#### VARIANT:=wolfssl endef From patchwork Mon Aug 5 17:19:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eneas U de Queiroz X-Patchwork-Id: 1142395 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="f0dqVYSb"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RCOKhr2I"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 462Pf65GNdz9sBF for ; Tue, 6 Aug 2019 03:19:58 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Q3aGjgYbLeTYUWu4W2ze8bv1uTi+XnRe+JaVpBm+eMs=; b=f0dqVYSb9lae1f 3L4/bORw3B/XBEYToHGp7fSqDVQDIsX/WoSouaWItmjwVZ5nI84vsJ+rfIrvIqOaSOJROslAl0x1i LfDyzCP9M/N0lPLDN5dDSpa+vijKOUv5vT8vbm5luQEotIQP2cb+JAnlQ+pz9lM9cFA4iRqrgqgWU nZzrCd7vJ4i/LZ0aeaSTbLgu/lj7h+Qig2QMcUUb69UywKfrx8ZCm4pBYP77KJg4ZDOR4rXyZmaHj HFE/s98T0wOiVsIzJAJryaH17SZW6YdbQEkQhAvU2oaQ7cZjnRT1wtDm8byGUWJQ1VsEiMXh041il ylKYExl73Quw+L/lp6Xw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1huge9-00056C-51; Mon, 05 Aug 2019 17:19:45 +0000 Received: from mail-qt1-x82a.google.com ([2607:f8b0:4864:20::82a]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1huge0-0004wj-M6 for openwrt-devel@lists.openwrt.org; Mon, 05 Aug 2019 17:19:38 +0000 Received: by mail-qt1-x82a.google.com with SMTP id l9so81637105qtu.6 for ; Mon, 05 Aug 2019 10:19:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=d6Xbgi7crALSmXgblRFQmK37tISzodQTs/Z4Qu7Nkb4=; b=RCOKhr2IkUWQJnoqcIknyEZbP7tKolmh1jbDzEUOZPqLZ5IG55DBvSLvwFgY1T+y0/ ohhfHe8Xw0XVOE8iCLQFwjUsvuax+HMMkEZt0AInrOs2dUJgVagzCbMLohZ2hofb5Ars QnYhQ0oF+ief+zuoZY5YBn2ZLTKZU2TAFgsm5niYqLkkxe8AzHph2CKjKKidwNb+vZLd K7UWNvXlQgd+ecjpOr4rSP3kGbvLVW5n5hAjZec3GkZyTLHzlIXMT5DWSrmrpJzZ1Aqq u/BCJTlsnl4+9jEdFH702haqcgyjGjLH8fuCrsDIeob0iXKrXY7UF1gChZZezkGlIcd+ J0iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=d6Xbgi7crALSmXgblRFQmK37tISzodQTs/Z4Qu7Nkb4=; b=FJXznsIOzbMSllXZGtZGO692GNicoHhyATN45MWSV6XpvchYPQAIf/vIslPWAKlfBJ T60iRNJ7fUem1/xtpiwV16RoAFt7coLfw7JBtIMYNyuR7/9HKOGw8fU9lcO4RZRH7jbs wmahGj4A6gUaCvnxT2DbKonpRZlyEOtIglO3mq4mR/Rhs/BPKuY8vmWG7el1ZaMZOoYQ HQuHKHNw175Od+9QN/xN7w86v7tjhRwsDCJgwHN1RuX5jFXvvNvBA+UHA7O5aXDpFj+/ eGvC2aogZ1CQGn/hVWs1VZXpxyshHa7oF83QUobB+cvu+++Okgzkaw/R+fCIALAeRu5j +XMQ== X-Gm-Message-State: APjAAAUwgZiMjWFRLBmvnkSSsDKKffiZHLgyKNHo98CmsHAXU5pNNrvv UjATpr8BFVG2Bn29ERYDjQwRwO5cHcM= X-Google-Smtp-Source: APXvYqxWM67jsyi35KCBSGgfiVU9IIR62IgRJN9t6ldYVJQjafLm1SW5q7PYJ4SAMxrMZNPFiacoBQ== X-Received: by 2002:ac8:31ba:: with SMTP id h55mr109227126qte.363.1565025575284; Mon, 05 Aug 2019 10:19:35 -0700 (PDT) Received: from gateway.troianet.com.br (ipv6.troianet.com.br. [2804:688:21:4::2]) by smtp.gmail.com with ESMTPSA id j2sm38491728qtb.89.2019.08.05.10.19.34 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 05 Aug 2019 10:19:34 -0700 (PDT) From: Eneas U de Queiroz To: openwrt-devel@lists.openwrt.org Date: Mon, 5 Aug 2019 14:19:21 -0300 Message-Id: <20190805171921.3995-3-cotequeiroz@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190805171921.3995-1-cotequeiroz@gmail.com> References: <20190805144758.3129-1-cotequeiroz@gmail.com> <20190805171921.3995-1-cotequeiroz@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190805_101936_720626_08B5F6C8 X-CRM114-Status: UNSURE ( 5.98 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:82a listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cotequeiroz[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [RFC 18.06 PATCH 3/3] hostapd: bump wolfssl variants, adjust options X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eneas U de Queiroz Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org wolfssl changed ABI version, so this forces an update to hostapd. Some build options selected by hostapd are always built now, so they were removed. Signed-off-by: Eneas U de Queiroz diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in index 222cfb7f13..6611958cf1 100644 --- a/package/network/services/hostapd/Config.in +++ b/package/network/services/hostapd/Config.in @@ -67,15 +67,10 @@ config WPA_WOLFSSL PACKAGE_wpad-wolfssl ||\ PACKAGE_wpad-mesh-wolfssl ||\ PACKAGE_eapol-test-wolfssl - select PACKAGE_libwolfssl select WOLFSSL_HAS_AES_CCM - select WOLFSSL_HAS_AES_GCM select WOLFSSL_HAS_ARC4 - select WOLFSSL_HAS_DES3 select WOLFSSL_HAS_DH - select WOLFSSL_HAS_ECC select WOLFSSL_HAS_OCSP - select WOLFSSL_HAS_PSK select WOLFSSL_HAS_SESSION_TICKET select WOLFSSL_HAS_WPAS diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index b548ecdf1b..3412125d2c 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -6,6 +6,15 @@ include $(TOPDIR)/rules.mk +### NOTICE FOR THE NEXT VERSION/RELEASE BUMP. +### +# The wolfssl variants currently have a different RELEASE than the others. +# This is temporary, and was done to avoid to needlessly upgrade the rest of the +# variants. So when the next update happen, things should get back to normal. +# If this package gets a PKG_RELEASE bump, please use PKG_RELEASE:=8, and remove the +# RELEASE:=7 lines under the wolfssl variants, as well as this notice. +# If the VERSION/SOURCE_DATE gets updated, remove the notice and the RELEASE:=7 lines. + PKG_NAME:=hostapd PKG_RELEASE:=6 @@ -170,6 +179,9 @@ Package/hostapd-openssl/description = $(Package/hostapd/description) define Package/hostapd-wolfssl $(call Package/hostapd/Default,$(1)) TITLE+= (full) +#### + RELEASE:=7 +#### VARIANT:=full-wolfssl DEPENDS+=+libwolfssl endef @@ -222,6 +234,9 @@ Package/wpad-openssl/description = $(Package/wpad/description) define Package/wpad-wolfssl $(call Package/wpad/Default,$(1)) TITLE+= (full) +#### + RELEASE:=7 +#### VARIANT:=wpad-full-wolfssl DEPENDS+=+libwolfssl endef @@ -260,6 +275,9 @@ Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description) define Package/wpad-mesh-wolfssl $(call Package/wpad-mesh,$(1)) DEPENDS+=+libwolfssl +#### + RELEASE:=7 +#### VARIANT:=wpad-mesh-wolfssl endef @@ -290,6 +308,9 @@ endef define Package/wpa-supplicant-wolfssl $(call Package/wpa-supplicant/Default,$(1)) +#### + RELEASE:=7 +#### VARIANT:=supplicant-full-wolfssl DEPENDS+=+libwolfssl endef @@ -320,6 +341,9 @@ endef define Package/wpa-supplicant-mesh-wolfssl $(call Package/wpa-supplicant-mesh/Default,$(1)) +#### + RELEASE:=7 +#### VARIANT:=supplicant-mesh-wolfssl DEPENDS+=+libwolfssl endef @@ -379,6 +403,9 @@ define Package/eapol-test-wolfssl TITLE:=802.1x authentication test utility SECTION:=net CATEGORY:=Network +#### + RELEASE:=7 +#### VARIANT:=supplicant-full-wolfssl CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS))) DEPENDS:=$(DRV_DEPENDS) +libwolfssl