Openssl 3.x.x and libopenssl 1.1.1xx

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page 1, 2, 3, 4  Next
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Wed Mar 15, 2023 12:43    Post subject: Openssl 3.x.x and libopenssl 1.1.1xx Reply with quote
There is new libopenssl 3.0.13-1 from yesterday(25.02.24)....which replaces OpenSSL 3.0.10-1

Also there is a new Entware update so update yours!

For Entware...

libopenssl 1.1.1s - is replaced, with OpenSSL 3.0.8-2a (edited) instead of OpenSSL 1.1.1t , but sadly there is a new Openssl 3.1.0 from yesterday ... Embarassed

Along with some other updates, there are also Stubby and GetDNS updates to their last versions !

Update/Upgrade if you care...

P.S. Edited/Updated information

Entware is currently on libopenssl - 3.0.10-1
DDWRT is currently on libopenssl 1.1.1v

for more recent update...see this page ----------------------------> https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=334213&postdays=0&postorder=asc&start=30

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Sun Feb 25, 2024 13:40; edited 13 times in total
Sponsor
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Wed Mar 15, 2023 13:32    Post subject: Reply with quote
DD-WRT currently uses OpenSSL 1.1.1t:

https://svn.dd-wrt.com/changeset/51950#file0

There was an attempt to migrate to 3.0:

https://svn.dd-wrt.com/changeset/47403 thru https://svn.dd-wrt.com/changeset/47421,
https://svn.dd-wrt.com/changeset/47430,
https://svn.dd-wrt.com/changeset/47437,
https://svn.dd-wrt.com/changeset/47447 & https://svn.dd-wrt.com/changeset/47448,

but it was reverted:

https://svn.dd-wrt.com/changeset/47453 thru https://svn.dd-wrt.com/changeset/47459,
https://svn.dd-wrt.com/changeset/47461,
https://svn.dd-wrt.com/changeset/47463,
https://svn.dd-wrt.com/changeset/48299/src/router/php8/ext/openssl/openssl.c (missed revert, fixed in php8 update)

Not sure why you'd want to inject possible issues or recommend this, but to each their own.

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Wed Mar 15, 2023 14:54    Post subject: Reply with quote
yep no idea why Entware switched from 1.1.1s to 3.0.8-2 otherwise with Stubby/GetDNS, things are working...ok, I need to test DNScrypt-proxy v2xx too, but later..

Sadly Entware updates are Synch with OpenWRT in regards to updates...so, no idea why they switched those versions...for 1.1.1s and than for 1.1.1t i put a request long time ago https://github.com/Entware/Entware/issues/909 (just changed the versions)..

new 3.1.0 came yesterday, so may be things are fixed..but sadly Entware remains under-updated..

p.s. 3.0.8-2 was patched to 3.0.8-2a shorty after...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Sat Mar 18, 2023 11:46; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Mar 15, 2023 16:24    Post subject: Reply with quote
Debian 11 with current security patches / updates Rolling Eyes

Code:
user@sandie:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022


Next release will be v 3.0.x openssl for Debian, it seems. To clarify version of openssl above, it's "1.1.1n-0+deb11u3". Debian has a long history of patching packages, but not necessarily updating the version number.

https://packages.debian.org/bullseye/openssl

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Wed Mar 15, 2023 19:57    Post subject: Reply with quote
kernel-panic69 wrote:
Debian 11 with current security patches / updates Rolling Eyes

Code:
user@sandie:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022


Next release will be v 3.0.x openssl for Debian, it seems. To clarify version of openssl above, it's "1.1.1n-0+deb11u3". Debian has a long history of patching packages, but not necessarily updating the version number.

https://packages.debian.org/bullseye/openssl


yep my Parrot (debian fork) is also still on 1.1.1n patched, it seems Entware also picked
v 3.0.8-2 openssl instead of 3.1.0 or even 1.1.1t ... Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed Mar 15, 2023 20:27    Post subject: Reply with quote
The only 'Debian' box I have that has current upstream version / patched Debian packages installed is running Progeny and a Linux 3.x.x kernel. Original kernel was 2.2.x and a revival to Progeny 2.0 development ending in release candidates included 2.4 and 2.6 kernels, and eventually led to Progeny 3.0 preview release versions with the 2.6 kernel.

https://lwn.net/Articles/80473/

https://distrowatch.com/?newsid=02690

Progeny begat Ubuntu (and probably other Debian-based componentized distros). It was Ian Murdock's idea of combining the Anaconda (RedHat) installer and Debian, more or less. Quite honestly, what Canonical did ... well, I don't want to set this forum on fire with my opinion, lol.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Mar 15, 2023 22:05    Post subject: Reply with quote
'Debian-Bookworm ssh'
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu Mar 16, 2023 2:39    Post subject: Reply with quote
Aforementioned PC running a heavily hacked version of Progeny 3.0-Preview 2 is not Internet-aware, but managed to bump ssh version to latest:

Code:
user@morpheus:~$ ssh -V
OpenSSH_9.3p1 Debian-1, OpenSSL 1.1.1t  7 Feb 2023


It originally started life as a Pentium III-500 and is now on last-gen Pentium 4 hardware. SATA SSDs make life better. And you thought you ran old ass dog hardware, @mrjcd Cool

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Thu Mar 16, 2023 2:56    Post subject: Reply with quote
kernel-panic69 wrote:
It originally started life as a Pentium III-500 and is now on last-gen Pentium 4 hardware. SATA SSDs make life better. And you thought you ran old ass dog hardware, @mrjcd Cool

yeahuh that's kinda old stuff Surprised
SSDs do make things better/faster ...I run a few of them Laughing
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Sat Mar 18, 2023 8:50    Post subject: Reply with quote
Entware just patched OpenSSL 3.0.8-2 to OpenSSL 3.0.8-2a
so, one more update...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sat Mar 25, 2023 12:32    Post subject: Reply with quote
mrjcd wrote:
yeahuh that's kinda old stuff Surprised
SSDs do make things better/faster ...I run a few of them Laughing

Unlike spinning hard disks, you need to power on SSDs periodically, or the data would vanish. Smile
Traditional hard disks might still have the problem of bit rot.

Potential for SSD data loss after extended shutdown
17 February 2023
https://www.ibm.com/support/pages/potential-ssd-data-loss-after-extended-shutdown

Debunked: Your SSD won't lose data if left unplugged after all | PCWorld
May 21, 2015
https://www.pcworld.com/article/427602/debunked-your-ssd-wont-lose-data-if-left-unplugged-after-all.html

Will SSD lose data if left unpowered for extended period? : DataHoarder
https://www.reddit.com/r/DataHoarder/comments/ba8o0b/will_ssd_lose_data_if_left_unpowered_for_extended/

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Fri Jun 02, 2023 10:08    Post subject: OpenSSL 1.1.1u Reply with quote
new Openssl is out and about https://www.openssl.org/ if possible BS to update ??

30-May-2023 OpenSSL 1.1.1u is now available, including bug and security fixes

I also tried to contact Entware guys to update if possible...(i guess we have to wait for it)

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Sun Jun 04, 2023 7:27    Post subject: Reply with quote
Thanks BS !!!

https://svn.dd-wrt.com/changeset/52881
https://svn.dd-wrt.com/changeset/52882

OpenSSL updated to 1.1.1u

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Sun Jun 04, 2023 12:26; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun Jun 04, 2023 11:54    Post subject: Reply with quote
You're welcome. I'm pretty sure I'm not the only person who emailed Sebastian, but I definitely was quite hesitant about it considering past responses to such emails. Please be considerate of others, thanks.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Sun Jun 04, 2023 12:26    Post subject: Reply with quote
kernel-panic69 wrote:
You're welcome. I'm pretty sure I'm not the only person who emailed Sebastian, but I definitely was quite hesitant about it considering past responses to such emails. Please be considerate of others, thanks.


I didn't want to email him, nor i posted at the SVN, like some others do...
Just decided to use the old thread..instead...and it worked out Razz (magic)
and yes, it may require some testing before the public build is out..


have a wonderful day !

DDWRT
OpenSSL is updated to 1.1.1u

Entware updated too, despite they dont run the very last OpenSSL they claimed the patch came form OpenWRT synch ... 3.0.8-9 (well that was quick) thanks to all !!!

Upgrading libopenssl on root from 3.0.8-2a to 3.0.8-9...
Downloading https://bin.entware.net/armv7sf-k3.2/libopenssl_3.0.8-9_armv7-3.2.ipk

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum