-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libwolfssl/libcurl: CVE-Fix (PR#19513) will crash https-dns-proxy #19547
Comments
options.h header is needed after bump of libwolfssl to version 5.5.1, otherwise libcurl autodetection for libwolfssl availability fails and libcurl is then compiled without https support. Fixes: openwrt#19547 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 3175757) (cherry picked from commit ef545e0) Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit verbosity]
Sorry for the breakage, should be fixed in #19548. |
Same issue, can I download somewhere fixed package, or have to wait until it appears in official repo? |
Until it's fixed you could use the archive repo:
e.g. for 21.02 x86_64 - step by step:
Maybe you have to swap the order of the install. But opkg will inform you about the dependency error if it occurs. best regards |
Sorry for my noob question, but what packages to use for an raspberry pi 4b? I asume the arm packages? Think I found them 'aarch64_cortex-a72' but no libwolfssl5.2.0.99a5b54a - 5.2.0-stable-2 in https://archive.openwrt.org/releases/21.02.3/packages/aarch64_cortex-a72/packages/ ooh it's in /base/. I'm getting there.. It works thanks for the fix! |
When is this going to be fixed for |
When I explicitly declare, that I would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then I would expect, that either I endup with curl having that support, for example in form of https support or it wouldn't be available at all. Downstream projects like for example OpenWrt build curl wolfSSL variant with `--with-wolfssl` already, but in certain corner cases it does fail: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produces curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt/packages#19005 References: openwrt/packages#19547 Signed-off-by: Petr Štetiar <ynezz@true.cz>
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Submitted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz>
When the build workers finishes the package rebuilds for those affected archs https://buildbot.openwrt.org/openwrt-21.02/packages/#/waterfall |
When I explicitly declare, that I would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then I would expect, that either I endup with curl having that support, for example in form of https support or it wouldn't be available at all. Downstream projects like for example OpenWrt build curl wolfSSL variant with `--with-wolfssl` already, but in certain corner cases it does fail: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produces curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt/packages#19005 References: openwrt/packages#19547 Signed-off-by: Petr Štetiar <ynezz@true.cz> Closes #9682
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz>
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f36)
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f36)
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f36)
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f36)
When I explicitly declare, that I would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then I would expect, that either I endup with curl having that support, for example in form of https support or it wouldn't be available at all. Downstream projects like for example OpenWrt build curl wolfSSL variant with `--with-wolfssl` already, but in certain corner cases it does fail: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produces curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt/packages#19005 References: openwrt/packages#19547 Signed-off-by: Petr Štetiar <ynezz@true.cz> Closes curl#9682
The versions are incorrect! It must be:
|
Sorry, yes you're right. My mentioned packages versions are correct but my links are not. Yesterday there was an update to the actual repo (downloads.openwrt.org), so hopefully this bug has been fixed now. best regards realizelol |
When I explicitly declare, that I would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then I would expect, that either I endup with curl having that support, for example in form of https support or it wouldn't be available at all. Downstream projects like for example OpenWrt build curl wolfSSL variant with `--with-wolfssl` already, but in certain corner cases it does fail: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produces curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt/packages#19005 References: openwrt/packages#19547 Signed-off-by: Petr Štetiar <ynezz@true.cz> Closes #9682
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f36)
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz>
When we explicitly declare, that we would like to have curl built with wolfSSL support using `--with-wolfssl` configure option, then we should make sure, that we either endup with curl having that support, or it shouldn't be available at all, otherwise we risk, that we end up with regressions like following: configure:25299: checking for wolfSSL_Init in -lwolfssl configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip] In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33, from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35, from target-x86_64_musl/usr/include/wolfssl/ssl.h:35, from conftest.c:47: target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory #include <wolfssl/wolfcrypt/sp_int.h> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. and in the end thus produce curl without https support: curl: (1) Protocol "https" not supported or disabled in libcurl So fix it, by making the working wolfSSL mandatory and error out in configure step when that's not the case: checking for wolfSSL_Init in -lwolfssl... no configure: error: --with-wolfssl but wolfSSL was not found or doesn't work References: openwrt#19005, openwrt#19547 Upstream-Status: Accepted [curl/curl#9682] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9140f36)
Maintainer: @tapper82 , @stangri , @ynezz , @neheb
Environment: OpenWrt 21.02.3 r16554-1d4dea6d4f - x86_64 - Generic v0 (ImageBuilder)
Description:
I think since PR #19513 the actual packages @ repo downloads.openwrt.org will stop SSL support for curl.
Maybe in case of the missing commits in branch
openwrt-21.02
?:https://github.com/openwrt/packages/commits/master/net/curl/Makefile
-> 312ab68
-> b814eec
-> 03a3271
-> c812153
https://github.com/openwrt/packages/commits/openwrt-21.02/net/curl/Makefile
Syslog:
Installed packages (ERROR):
Installed packages (WORKING):
best regards
realizelol
The text was updated successfully, but these errors were encountered: