Openssl 3.1.0 from yesterday(14.03.23) + Entware update

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 5678
Location: UK, London, just across the river..
PostPosted: Wed Mar 15, 2023 12:43    Post subject: Openssl 3.1.0 from yesterday(14.03.23) + Entware update Reply with quote
There is new Openssl 3.1.0 from yesterday(14.03.23)....which replaces OpenSSL 3.0.8-2

Also there is a new Entware update!

For Entware

libopenssl 1.1.1s - is replaced, with OpenSSL 3.0.8-2a (edited) instead of OpenSSL 1.1.1t , but sadly there is a new Openssl 3.1.0 from yesterday ... Embarassed

Along with some other updates, there are also Stubby and GetDNS updates to their last versions !

Update/Upgrade if you care...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 51741 WAP
TP-Link WR1043NDv2 -DD-WRT 52054 Gateway/DoT DNS,AP Isolation,Ad-Block,Firewall,Forced DNS,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 51887 Gateway/DoT DNS,Ad-Block,Firewall,Forced DNS,x3 VLAN(no-wifi)
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 52081 Gateway/DoT DNS,AD-Block,AP&Net Isolation,x3 VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 51887 Gateway/StubbyDoT/DNS,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 51887 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3 VLAN,VPN (no-wifi)
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913

Last edited by Alozaros on Sat Mar 18, 2023 11:44; edited 1 time in total
Back to top View user's profile Send private message
Sponsor
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1024
PostPosted: Wed Mar 15, 2023 13:32    Post subject: Reply with quote
DD-WRT currently uses OpenSSL 1.1.1t:

https://svn.dd-wrt.com/changeset/51950#file0

There was an attempt to migrate to 3.0:

https://svn.dd-wrt.com/changeset/47403 thru https://svn.dd-wrt.com/changeset/47421,
https://svn.dd-wrt.com/changeset/47430,
https://svn.dd-wrt.com/changeset/47437,
https://svn.dd-wrt.com/changeset/47447 & https://svn.dd-wrt.com/changeset/47448,

but it was reverted:

https://svn.dd-wrt.com/changeset/47453 thru https://svn.dd-wrt.com/changeset/47459,
https://svn.dd-wrt.com/changeset/47461,
https://svn.dd-wrt.com/changeset/47463,
https://svn.dd-wrt.com/changeset/48299/src/router/php8/ext/openssl/openssl.c (missed revert, fixed in php8 update)

Not sure why you'd want to inject possible issues or recommend this, but to each their own.
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.
--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.4
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 5678
Location: UK, London, just across the river..
PostPosted: Wed Mar 15, 2023 14:54    Post subject: Reply with quote
yep no idea why Entware switched from 1.1.1s to 3.0.8-2 otherwise with Stubby/GetDNS, things are working...ok, I need to test DNScrypt-proxy v2xx too, but later..

Sadly Entware updates are Synch with OpenWRT in regards to updates...so, no idea why they switched those versions...for 1.1.1s and than for 1.1.1t i put a request long time ago https://github.com/Entware/Entware/issues/909 (just changed the versions)..

new 3.1.0 came yesterday, so may be things are fixed..but sadly Entware remains under-updated..

p.s. 3.0.8-2 was patched to 3.0.8-2a shorty after...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 51741 WAP
TP-Link WR1043NDv2 -DD-WRT 52054 Gateway/DoT DNS,AP Isolation,Ad-Block,Firewall,Forced DNS,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 51887 Gateway/DoT DNS,Ad-Block,Firewall,Forced DNS,x3 VLAN(no-wifi)
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 52081 Gateway/DoT DNS,AD-Block,AP&Net Isolation,x3 VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 51887 Gateway/StubbyDoT/DNS,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 51887 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3 VLAN,VPN (no-wifi)
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913

Last edited by Alozaros on Sat Mar 18, 2023 11:46; edited 1 time in total
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 13274
Location: Texas, USA
PostPosted: Wed Mar 15, 2023 16:24    Post subject: Reply with quote
Debian 11 with current security patches / updates Rolling Eyes

Code:
user@sandie:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022


Next release will be v 3.0.x openssl for Debian, it seems. To clarify version of openssl above, it's "1.1.1n-0+deb11u3". Debian has a long history of patching packages, but not necessarily updating the version number.

https://packages.debian.org/bullseye/openssl
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
At some point, people just get plain tired of this place.
Because they are tired of bottom-feeders and the same old hat.
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 5678
Location: UK, London, just across the river..
PostPosted: Wed Mar 15, 2023 19:57    Post subject: Reply with quote
kernel-panic69 wrote:
Debian 11 with current security patches / updates Rolling Eyes

Code:
user@sandie:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022


Next release will be v 3.0.x openssl for Debian, it seems. To clarify version of openssl above, it's "1.1.1n-0+deb11u3". Debian has a long history of patching packages, but not necessarily updating the version number.

https://packages.debian.org/bullseye/openssl


yep my Parrot (debian fork) is also still on 1.1.1n patched, it seems Entware also picked
v 3.0.8-2 openssl instead of 3.1.0 or even 1.1.1t ... Rolling Eyes
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 51741 WAP
TP-Link WR1043NDv2 -DD-WRT 52054 Gateway/DoT DNS,AP Isolation,Ad-Block,Firewall,Forced DNS,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 51887 Gateway/DoT DNS,Ad-Block,Firewall,Forced DNS,x3 VLAN(no-wifi)
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 52081 Gateway/DoT DNS,AD-Block,AP&Net Isolation,x3 VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 51887 Gateway/StubbyDoT/DNS,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 51887 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3 VLAN,VPN (no-wifi)
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 13274
Location: Texas, USA
PostPosted: Wed Mar 15, 2023 20:27    Post subject: Reply with quote
The only 'Debian' box I have that has current upstream version / patched Debian packages installed is running Progeny and a Linux 3.x.x kernel. Original kernel was 2.2.x and a revival to Progeny 2.0 development ending in release candidates included 2.4 and 2.6 kernels, and eventually led to Progeny 3.0 preview release versions with the 2.6 kernel.

https://lwn.net/Articles/80473/

https://distrowatch.com/?newsid=02690

Progeny begat Ubuntu (and probably other Debian-based componentized distros). It was Ian Murdock's idea of combining the Anaconda (RedHat) installer and Debian, more or less. Quite honestly, what Canonical did ... well, I don't want to set this forum on fire with my opinion, lol.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
At some point, people just get plain tired of this place.
Because they are tired of bottom-feeders and the same old hat.
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6027
Location: Texas
PostPosted: Wed Mar 15, 2023 22:05    Post subject: Reply with quote
'Debian-Bookworm ssh'
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 13274
Location: Texas, USA
PostPosted: Thu Mar 16, 2023 2:39    Post subject: Reply with quote
Aforementioned PC running a heavily hacked version of Progeny 3.0-Preview 2 is not Internet-aware, but managed to bump ssh version to latest:

Code:
user@morpheus:~$ ssh -V
OpenSSH_9.3p1 Debian-1, OpenSSL 1.1.1t  7 Feb 2023


It originally started life as a Pentium III-500 and is now on last-gen Pentium 4 hardware. SATA SSDs make life better. And you thought you ran old ass dog hardware, @mrjcd Cool
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
At some point, people just get plain tired of this place.
Because they are tired of bottom-feeders and the same old hat.
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6027
Location: Texas
PostPosted: Thu Mar 16, 2023 2:56    Post subject: Reply with quote
kernel-panic69 wrote:
It originally started life as a Pentium III-500 and is now on last-gen Pentium 4 hardware. SATA SSDs make life better. And you thought you ran old ass dog hardware, @mrjcd Cool

yeahuh that's kinda old stuff Surprised
SSDs do make things better/faster ...I run a few of them Laughing
Back to top View user's profile Send private message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 5678
Location: UK, London, just across the river..
PostPosted: Sat Mar 18, 2023 8:50    Post subject: Reply with quote
Entware just patched OpenSSL 3.0.8-2 to OpenSSL 3.0.8-2a
so, one more update...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 51741 WAP
TP-Link WR1043NDv2 -DD-WRT 52054 Gateway/DoT DNS,AP Isolation,Ad-Block,Firewall,Forced DNS,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 51887 Gateway/DoT DNS,Ad-Block,Firewall,Forced DNS,x3 VLAN(no-wifi)
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 52081 Gateway/DoT DNS,AD-Block,AP&Net Isolation,x3 VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 51887 Gateway/StubbyDoT/DNS,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 51887 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3 VLAN,VPN (no-wifi)
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum