mirror of
https://github.com/immortalwrt/immortalwrt.git
synced 2025-08-14 14:19:53 +08:00
e2cdcf8e46
Automatically rebased: 100-Configure-afalg-support.patch Changes between 3.5.0 and 3.5.1: Fix x509 application adds trusted use instead of rejected use. Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. (CVE-2025-4575) Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation alert being received. Older versions of OpenSSL failed with DTLS if a no_renegotiation alert was received. All versions of OpenSSL do this for TLS. From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We have now restored the original behaviour and brought DTLS back into line with TLS. Signed-off-by: John Audia <therealgraysky@proton.me> Link: https://github.com/openwrt/openwrt/pull/19283 Signed-off-by: Robert Marko <robimarko@gmail.com>
24 lines
872 B
Diff
24 lines
872 B
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Date: Thu, 27 Sep 2018 08:29:21 -0300
|
|
Subject: Do not use host kernel version to disable AFALG
|
|
|
|
This patch prevents the Configure script from using the host kernel
|
|
version to disable building the AFALG engine on openwrt targets.
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
--- a/Configure
|
|
+++ b/Configure
|
|
@@ -1811,7 +1811,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
|
|
|
|
unless ($disabled{afalgeng}) {
|
|
$config{afalgeng}="";
|
|
- if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
|
|
+ if ($target =~ m/openwrt$/) {
|
|
+ push @{$config{engdirs}}, "afalg";
|
|
+ } elsif (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
|
|
push @{$config{engdirs}}, "afalg";
|
|
} else {
|
|
disable('not-linux', 'afalgeng');
|