summaryrefslogtreecommitdiffstats
path: root/package/openssl
Commit message (Collapse)AuthorAgeFilesLines
* openssl: add fix for hash cryptodev offloadingGustavo Zacarias2014-08-091-0/+429
| | | | | | | | | | | See http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest This has been sitting for ages in the openssl tracker and it's verified to cause issues. The patch only touches cryptodev engine offloading so it's pretty safe. Tested on CAAM SEC4 hardware. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1iGustavo Zacarias2014-08-071-1/+1
| | | | | | | | | | | | | | | | | Fixes: CVE-2014-3508 - Information leak in pretty printing functions CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext CVE-2014-3505 - Double Free when processing DTLS packets CVE-2014-3506 - DTLS memory exhaustion CVE-2014-3507 - DTLS memory leak from zero-length fragments CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service CVE-2014-3511 - OpenSSL TLS protocol downgrade attack CVE-2014-3512 - SRP buffer overrun Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: drop libdl from pc fileGustavo Zacarias2014-07-191-0/+8
| | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/2a2/2a274e2dbffd268a391b0e8a15dae5a759b870a1/ [Thomas: move registration of the hook inside the condition.] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.1hBaruch Siach2014-06-051-1/+1
| | | | | | | | Fixes CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198 among others. See https://www.openssl.org/news/secadv_20140605.txt for details. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* powerpc: add powerpc64 and powerpc64le supportCody P Schafer2014-05-261-0/+6
| | | | | | | | | | This enables powerpc64 and powerpc64le. Currently, le needs at least glibc 2.19 and gcc 4.9.0. For gdb, 7.7.1 works (added in an earlier patch). [Peter: also disallow gcc 4.8 for ppc64le] Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1gBaruch Siach2014-04-082-22/+1
| | | | | | | | | Fixes highly critical CVE-2014-0160. See http://heartbleed.com . Drop patch applied upstream. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: fix bug #6770Gustavo Zacarias2014-01-101-0/+21
| | | | | | | | | | openssl 1.0.1f Makefile.org doesn't quote $(CC) when passing the parameter in another invocation of make, hence breaking when the compiler string contains a space with multiple strings (for example with ccache). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1fGustavo Zacarias2014-01-072-35/+1
| | | | | | | | Fixes CVE-2013-4343, CVE-2013-6450 and the previously patched CVE-2013-6449. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: add fix for CVE-2013-6449Gustavo Zacarias2014-01-033-0/+34
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Config.in files: use if/endif instead of 'depends on' for main symbolThomas De Schampheleire2013-12-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | In the Config.in file of package foo, it often happens that there are other symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense when foo itself is enabled. There are two ways to express this: with depends on BR2_PACKAGE_FOO in each extra symbol, or with if BR2_PACKAGE_FOO ... endif around the entire set of extra symbols. The if/endif approach avoids the repetition of 'depends on' statements on multiple symbols, so this is clearly preferred. But even when there is only one extra symbol, if/endif is a more logical choice: - it is future-proof for when extra symbols are added - it allows to have just one strategy instead of two (less confusion) This patch modifies the Config.in files accordingly. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove uninstall commandsThomas De Schampheleire2013-12-061-7/+0
| | | | | Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: fix coding styleYann E. MORIN2013-12-061-7/+2
| | | | | | | | | | | | | | | | | | | Currently, openssl defines three conditional hooks, but two do not follow our coding rules: - for PRE_CONFIGURE, the hook is defined in the if-block, but the _HOOK variable is always set - for POST_INSTALL_TARGET, the hook is always defined, but the _HOOK variable is set in the if-block Fix that: - define the hook in the if-block - assign the _HOOK variable in the if-block At the same time, get rid of extra empty lines that make it more difficult to read. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: only build threads configuration if toolchain has pthread supportPeter Korsgaard2013-11-221-1/+1
| | | | | | | | | Gets rid of a large number of warnings (and suboptimal code?): ..sysroot/usr/include/features.h:209:5: warning: #warning requested reentrant code, but thread support was disabled [-Wcpp] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: don't build testsGustavo Zacarias2013-08-231-0/+1
| | | | | | | | | These require shared libraries and we save a tiny amount of build time. Fixes: http://autobuild.buildroot.net/results/88e/88e5e07e94e49879907186ff35ce66944f867ec2/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Remove BR2_HAVE_DEVFILESThomas Petazzoni2013-07-041-12/+0
| | | | | | | | | | | | This finally removes the BR2_HAVE_DEVFILES option, that was used to install/keep development files on target. With the recent migration of the internal backend to the package infrastructure, we had anyway lost the ability to build gcc for the target, and install the uClibc development files on the target. [Peter: also remove support/scripts/copy.sh] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Normalize separator size to 80Alexandre Belloni2013-06-061-2/+2
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix host-openssl dependenciesArnout Vandecappelle (Essensium/Mind)2013-05-121-0/+1
| | | | | | | | | Support for ocf-linux or cryptodev-linux added a dependency of host-openssl on host-ocf-linux / host-cryptodev-linux, which we don't have and the dependency is anyway not needed. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: integrate variable cryptodev supportGustavo Zacarias2013-05-052-16/+6
| | | | | | | | | | Allow openssl to use cryptodev-linux hardware crypto support besides OCF. To do this we remove the OCF option from openssl and automatically use any of the available implementations when available. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: add host variantGustavo Zacarias2013-04-171-0/+21
| | | | | | | Useful for the upcoming host-python-m2crypto package. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: adjust ARM optimizationsGustavo Zacarias2013-04-111-6/+0
| | | | | | | | We no longer support ARM less than v4 so just kill dead code that we had for those cases. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: bump to version 1.0.1eGustavo Zacarias2013-02-181-1/+1
| | | | | | | Fixes some regressions introduced by 1.0.1d Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.1dGustavo Zacarias2013-02-051-1/+1
| | | | | | | Fixes CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix static buildPeter Korsgaard2012-12-161-2/+1
| | | | | | Just use the default target instead of hardcoding shared library support. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix runtime failure on some powerpc variantsGustavo Zacarias2012-12-101-0/+3
| | | | | | | | | OpenSSL's assembly optimizations por PowerPC seem to be broken for at least 4xx cores. Thanks go to Jan Schunke for reporting and testing. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: disable apps for NOMMUGustavo Zacarias2012-10-222-8/+11
| | | | | | | | | The openssl binary uses fork() so disable the option and build for !MMU. Fixes http://autobuild.buildroot.net/results/45a9b84c16caadbf77b6fc43d7a0001c981a4c87/build-end.log Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Merge branch 'next'Peter Korsgaard2012-09-031-1/+1
|\ | | | | | | | | | | | | | | | | | | Conflicts: package/e2fsprogs/e2fsprogs.mk package/libfuse/libfuse.mk package/multimedia/mpd/mpd.mk package/smartmontools/smartmontools.mk Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
| * openssl: bump to version 1.0.1cGustavo Zacarias2012-08-241-1/+1
| | | | | | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | openssl: add license infoDanomi Manchego2012-08-151-0/+2
|/ | | | | Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* all packages: rename XXXTARGETS to xxx-packageArnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: fix static buildPeter Korsgaard2012-07-011-4/+14
| | | | Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0jGustavo Zacarias2012-05-141-1/+1
| | | | | | | Bump to version 1.0.0j to fix CVE-2012-2333 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: switch to the ocf-linux packageGustavo Zacarias2012-05-053-490/+9
| | | | | | | | | | Remove builtin OCF support from the openssl package into a new package. Even though ocf support is just a header file we'd rather have it in a separate package because of unrelated version bumps and to fetch it from source. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0iGustavo Zacarias2012-04-191-1/+1
| | | | | | | Fix for CVE-2012-2110 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0hGustavo Zacarias2012-03-151-1/+1
| | | | | | | Bump to version 1.0.0h to fix CMS and S/MIME Bleichenbacher attack (CVE-2012-0884) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0gGustavo Zacarias2012-01-221-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0fGustavo Zacarias2012-01-061-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: remove useless arguments from GENTARGETSThomas Petazzoni2011-09-291-1/+1
| | | | | | | | | | Thanks to the pkgparentdir and pkgname functions, we can rewrite the GENTARGETS macro in a way that avoids the need for each package to repeat its name and the directory in which it is present. [Peter: pkgdir->pkgparentdir] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: bump to 1.0.0eYegor Yefremov2011-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 1.0.0d and 1.0.0e [6 Sep 2011] *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. (CVE-2011-3207) [Kaspar Brand <ossl@velox.ch>] *) Fix SSL memory handling for (EC)DH ciphersuites, in particular for multi-threaded use of ECDH. (CVE-2011-3210) [Adam Langley (Google)] *) Fix x509_name_ex_d2i memory leak on bad inputs. [Bodo Moeller] *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check signature public key algorithm by using OID xref utilities instead. Before this you could only use some ECC ciphersuites with SHA1 only. [Steve Henson] *) Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: http://eprint.iacr.org/2011/232.pdf [Billy Bob Brumley and Nicola Tuveri] Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix compilation for i386Gustavo Zacarias2011-04-011-0/+5
| | | | | | | | | | | | Closes #3445. OpenSSL emits bswap instructions when building for i386 targets which unfortunately is only available on 486+ class processors. Since the normal workaround is detected at build time and we are cross compiling we need to specify this. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix libdir issueGustavo Zacarias2011-02-231-0/+1
| | | | | | | | | | | | | Closes #3205 OpenSSL's build system tries to be too wise for it's own good when guessing what libdir should be. This causes problems like the one reported in bug #3205 so just specify libdir to point to /lib (since it's prefixed it would finally be /usr/lib) since it should be present on 32 and 64 bit targets. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to 1.0.0dGustavo Zacarias2011-02-091-1/+1
| | | | | | | | | | CVE-2011-0014 http://www.openssl.org/news/secadv_20110208.txt OCSP stapling vulnerability in OpenSSL Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: add ocf supportGustavo Zacarias2011-01-173-1/+503
| | | | | | | | | | | | | | | | Enable OCF (cryptodev) support for openssl as an option. This requires a patched kernel to export hardware acceleration for openssl to use it. If you lack a patched kernel or support it won't break anything, it will simply fall back to the default software engine from openssl, you'll just have a slightly bigger libssl/libcrypto. Tested with 20100325 release + 20101223 patch from the mailing list. [Peter: slightly tweaked .mk] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0cGustavo Zacarias2010-12-112-17/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0bGustavo Zacarias2010-11-192-1/+17
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: Bump to 1.0.0aGustavo Zacarias2010-10-184-91/+15
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Remove code specific to removed architecturesThomas Petazzoni2010-08-311-3/+0
| | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: don't override the CC passed at configure timeThomas Petazzoni2010-07-071-2/+2
| | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: bump version, enable mdc2+camellia+tlsextGustavo Zacarias2010-06-061-2/+4
| | | | | | | Closes #1951 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: convert to the generic infrastructureThomas Petazzoni2010-05-021-34/+51
| | | | | | | | OpenSSL is not using the autotools as its build system. Therefore, we must use the generic infrastructure instead of the autotools one. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix build without ipv6 supportPeter Korsgaard2010-04-151-0/+55
| | | | | | Closes #1567 Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
OpenPOWER on IntegriCloud