summaryrefslogtreecommitdiffstats
path: root/package/openssl
Commit message (Collapse)AuthorAgeFilesLines
* openssl: update cryptodev digests patchGustavo Zacarias2015-01-281-69/+80
| | | | | | | | | The adaptation from commit 74dd54bf is incomplete/bad causing segfaults when using cryptodev for digest offload, examples: openssh, openssl speed, others. Tested on real hardware (talitos). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: fix c_rehash dumbnessGustavo Zacarias2015-01-271-0/+27
| | | | | | | | | | The new c_rehash from openssl 1.0.2 can't take a minus in the directory string since the regex for matching commands checks for - in any position instead of just the beginning to trigger the command parser. Fixes: http://autobuild.buildroot.net/results/ee6/ee683569350d5deaf0ccc603ed7066bffb83cbe3/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump version to 1.0.2Vicente Olivert Riera2015-01-274-384/+381
| | | | | | | | | - Bump version to 1.0.2 - Adapt patches to new version - Update hash value Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1lGustavo Zacarias2015-01-202-5/+5
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1kGustavo Zacarias2015-01-082-5/+5
| | | | | | | | | | | | | | | | Fixes: CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record CVE-2014-3569 - no-ssl3 configuration sets method to NULL CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 - DH client certificates accepted without verification [Server] CVE-2014-8275 - Certificate fingerprints can be modified CVE-2014-3570 - Bignum squaring may produce incorrect results Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSThomas Petazzoni2014-12-111-5/+5
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* Merge branch 'next'Peter Korsgaard2014-12-014-0/+0
|\ | | | | | | | | | | | | | | | | Conflicts: Makefile package/flac/0001-fix-altivec-logic.patch package/grantlee/Config.in Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * package/openssl: rename patches to the new conventionBernd Kuhls2014-11-184-0/+0
| | | | | | | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | package/openssl: drop libdl from more pc filesBernd Kuhls2014-11-221-0/+2
|/ | | | | | | | | | | | | | | | | | | | | This is a follow-up patch for http://git.buildroot.net/buildroot/commit/package/openssl/openssl.mk?id=c130c5d4635e2a4c7338161953152faf8fca07c4 Fixes http://autobuild.buildroot.net/results/358/35899961b6dc01c1522b17f63946da5ab809bff8/ http://autobuild.buildroot.net/results/c86/c865214e74dd3766b6343ef73c666fa89c0b5dec/ http://autobuild.buildroot.net/results/fc1/fc12e88fb789e2b68d427c37f39789954309b05d/ http://autobuild.buildroot.net/results/f4d/f4deef4e7d2e2cf5fbc9ce5f02289b4dc60cd23b/ http://autobuild.buildroot.net/results/dfd/dfd81f1f1f0f315317b2a85d24b286a277ac7c16/ http://autobuild.buildroot.net/results/918/9188fc9a63d880cac28c5a9a246ca5504dd11bb2/ http://autobuild.buildroot.net/results/dd1/dd1c326345f8f9c8b5838601ace19002f5360bb2/ http://autobuild.buildroot.net/results/27b/27b4544c59166a9f40092403ed3f530190544a82/ http://autobuild.buildroot.net/results/c37/c37022e334d763bad2a59f7311b93504a569b2dd/ http://autobuild.buildroot.net/results/e89/e89265937a6b4808b817be16bcab79bae4a9aed1/ http://autobuild.buildroot.net/results/4a2/4a222a40d627fda6e49714b13b4321d62c9c2e51/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* host-openssl: use correct prefix so libssl / libcrypto can be foundPeter Korsgaard2014-11-031-4/+5
| | | | | | | | | | | | | | | | | | | | Fixes (root cause of): http://autobuild.buildroot.net/results/d01/d0190a6e5c6b5aa78cfefc29e4e8a4e4b135450b/ http://autobuild.buildroot.net/results/9bb/9bb8defedb8024de83eb3a609ab584efb5d0d2b0/ http://autobuild.buildroot.net/results/e4a/e4a1b298e7e158d3614b89e61d40ef9a00e7ff67/ http://autobuild.buildroot.net/results/5e2/5e24a90058111f7d5618047410f809b45bc165f6/ And many others. The host version of openssl should be configured to use the host directory as its prefix and the INSTALL_PREFIX dance shouldn't be used, as otherwise host-openssl will look in /usr for its libraries. While we are at it, ensure our host CFLAGS are used similar to how we do for the target build. Also enable zlib support as we already list it as a dependency. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1jGustavo Zacarias2014-10-172-5/+5
| | | | | | | | | | | Fixes: CVE-2014-3513 - SRTP memory leak CVE-2014-3567 - Session ticket memory leak CVE-2014-3568 - Build option no-ssl3 is incomplete And adds SSL3 fallback protection against POODLE. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: Add patch to fix compilation with musl libcMaarten ter Huurne2014-09-281-0/+46
| | | | | | Signed-off-by: Maarten ter Huurne <maarten@treewalker.org> Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: add hashGustavo Zacarias2014-09-181-0/+4
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: add fix for hash cryptodev offloadingGustavo Zacarias2014-08-091-0/+429
| | | | | | | | | | | See http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest This has been sitting for ages in the openssl tracker and it's verified to cause issues. The patch only touches cryptodev engine offloading so it's pretty safe. Tested on CAAM SEC4 hardware. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1iGustavo Zacarias2014-08-071-1/+1
| | | | | | | | | | | | | | | | | Fixes: CVE-2014-3508 - Information leak in pretty printing functions CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext CVE-2014-3505 - Double Free when processing DTLS packets CVE-2014-3506 - DTLS memory exhaustion CVE-2014-3507 - DTLS memory leak from zero-length fragments CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service CVE-2014-3511 - OpenSSL TLS protocol downgrade attack CVE-2014-3512 - SRP buffer overrun Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: drop libdl from pc fileGustavo Zacarias2014-07-191-0/+8
| | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/2a2/2a274e2dbffd268a391b0e8a15dae5a759b870a1/ [Thomas: move registration of the hook inside the condition.] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.1hBaruch Siach2014-06-051-1/+1
| | | | | | | | Fixes CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198 among others. See https://www.openssl.org/news/secadv_20140605.txt for details. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* powerpc: add powerpc64 and powerpc64le supportCody P Schafer2014-05-261-0/+6
| | | | | | | | | | This enables powerpc64 and powerpc64le. Currently, le needs at least glibc 2.19 and gcc 4.9.0. For gdb, 7.7.1 works (added in an earlier patch). [Peter: also disallow gcc 4.8 for ppc64le] Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1gBaruch Siach2014-04-082-22/+1
| | | | | | | | | Fixes highly critical CVE-2014-0160. See http://heartbleed.com . Drop patch applied upstream. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: fix bug #6770Gustavo Zacarias2014-01-101-0/+21
| | | | | | | | | | openssl 1.0.1f Makefile.org doesn't quote $(CC) when passing the parameter in another invocation of make, hence breaking when the compiler string contains a space with multiple strings (for example with ccache). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1fGustavo Zacarias2014-01-072-35/+1
| | | | | | | | Fixes CVE-2013-4343, CVE-2013-6450 and the previously patched CVE-2013-6449. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: add fix for CVE-2013-6449Gustavo Zacarias2014-01-033-0/+34
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Config.in files: use if/endif instead of 'depends on' for main symbolThomas De Schampheleire2013-12-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | In the Config.in file of package foo, it often happens that there are other symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense when foo itself is enabled. There are two ways to express this: with depends on BR2_PACKAGE_FOO in each extra symbol, or with if BR2_PACKAGE_FOO ... endif around the entire set of extra symbols. The if/endif approach avoids the repetition of 'depends on' statements on multiple symbols, so this is clearly preferred. But even when there is only one extra symbol, if/endif is a more logical choice: - it is future-proof for when extra symbols are added - it allows to have just one strategy instead of two (less confusion) This patch modifies the Config.in files accordingly. Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove uninstall commandsThomas De Schampheleire2013-12-061-7/+0
| | | | | Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: fix coding styleYann E. MORIN2013-12-061-7/+2
| | | | | | | | | | | | | | | | | | | Currently, openssl defines three conditional hooks, but two do not follow our coding rules: - for PRE_CONFIGURE, the hook is defined in the if-block, but the _HOOK variable is always set - for POST_INSTALL_TARGET, the hook is always defined, but the _HOOK variable is set in the if-block Fix that: - define the hook in the if-block - assign the _HOOK variable in the if-block At the same time, get rid of extra empty lines that make it more difficult to read. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: only build threads configuration if toolchain has pthread supportPeter Korsgaard2013-11-221-1/+1
| | | | | | | | | Gets rid of a large number of warnings (and suboptimal code?): ..sysroot/usr/include/features.h:209:5: warning: #warning requested reentrant code, but thread support was disabled [-Wcpp] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: don't build testsGustavo Zacarias2013-08-231-0/+1
| | | | | | | | | These require shared libraries and we save a tiny amount of build time. Fixes: http://autobuild.buildroot.net/results/88e/88e5e07e94e49879907186ff35ce66944f867ec2/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Remove BR2_HAVE_DEVFILESThomas Petazzoni2013-07-041-12/+0
| | | | | | | | | | | | This finally removes the BR2_HAVE_DEVFILES option, that was used to install/keep development files on target. With the recent migration of the internal backend to the package infrastructure, we had anyway lost the ability to build gcc for the target, and install the uClibc development files on the target. [Peter: also remove support/scripts/copy.sh] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Normalize separator size to 80Alexandre Belloni2013-06-061-2/+2
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix host-openssl dependenciesArnout Vandecappelle (Essensium/Mind)2013-05-121-0/+1
| | | | | | | | | Support for ocf-linux or cryptodev-linux added a dependency of host-openssl on host-ocf-linux / host-cryptodev-linux, which we don't have and the dependency is anyway not needed. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: integrate variable cryptodev supportGustavo Zacarias2013-05-052-16/+6
| | | | | | | | | | Allow openssl to use cryptodev-linux hardware crypto support besides OCF. To do this we remove the OCF option from openssl and automatically use any of the available implementations when available. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: add host variantGustavo Zacarias2013-04-171-0/+21
| | | | | | | Useful for the upcoming host-python-m2crypto package. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: adjust ARM optimizationsGustavo Zacarias2013-04-111-6/+0
| | | | | | | | We no longer support ARM less than v4 so just kill dead code that we had for those cases. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: bump to version 1.0.1eGustavo Zacarias2013-02-181-1/+1
| | | | | | | Fixes some regressions introduced by 1.0.1d Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.1dGustavo Zacarias2013-02-051-1/+1
| | | | | | | Fixes CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix static buildPeter Korsgaard2012-12-161-2/+1
| | | | | | Just use the default target instead of hardcoding shared library support. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: fix runtime failure on some powerpc variantsGustavo Zacarias2012-12-101-0/+3
| | | | | | | | | OpenSSL's assembly optimizations por PowerPC seem to be broken for at least 4xx cores. Thanks go to Jan Schunke for reporting and testing. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: disable apps for NOMMUGustavo Zacarias2012-10-222-8/+11
| | | | | | | | | The openssl binary uses fork() so disable the option and build for !MMU. Fixes http://autobuild.buildroot.net/results/45a9b84c16caadbf77b6fc43d7a0001c981a4c87/build-end.log Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Merge branch 'next'Peter Korsgaard2012-09-031-1/+1
|\ | | | | | | | | | | | | | | | | | | Conflicts: package/e2fsprogs/e2fsprogs.mk package/libfuse/libfuse.mk package/multimedia/mpd/mpd.mk package/smartmontools/smartmontools.mk Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
| * openssl: bump to version 1.0.1cGustavo Zacarias2012-08-241-1/+1
| | | | | | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | openssl: add license infoDanomi Manchego2012-08-151-0/+2
|/ | | | | Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* all packages: rename XXXTARGETS to xxx-packageArnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: fix static buildPeter Korsgaard2012-07-011-4/+14
| | | | Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0jGustavo Zacarias2012-05-141-1/+1
| | | | | | | Bump to version 1.0.0j to fix CVE-2012-2333 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: switch to the ocf-linux packageGustavo Zacarias2012-05-053-490/+9
| | | | | | | | | | Remove builtin OCF support from the openssl package into a new package. Even though ocf support is just a header file we'd rather have it in a separate package because of unrelated version bumps and to fetch it from source. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0iGustavo Zacarias2012-04-191-1/+1
| | | | | | | Fix for CVE-2012-2110 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0hGustavo Zacarias2012-03-151-1/+1
| | | | | | | Bump to version 1.0.0h to fix CMS and S/MIME Bleichenbacher attack (CVE-2012-0884) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0gGustavo Zacarias2012-01-221-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: security bump to version 1.0.0fGustavo Zacarias2012-01-061-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: remove useless arguments from GENTARGETSThomas Petazzoni2011-09-291-1/+1
| | | | | | | | | | Thanks to the pkgparentdir and pkgname functions, we can rewrite the GENTARGETS macro in a way that avoids the need for each package to repeat its name and the directory in which it is present. [Peter: pkgdir->pkgparentdir] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
OpenPOWER on IntegriCloud