<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/openssl/openssl.hash, branch 2017.05</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.05</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.05'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-01-26T21:34:36+00:00</updated>
<entry>
<title>openssl: security bump to version 1.0.2k</title>
<updated>2017-01-26T21:34:36+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2017-01-26T20:07:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=f9a6a2df56012b2ee6d171ca9371910c668bfa78'/>
<id>urn:sha1:f9a6a2df56012b2ee6d171ca9371910c668bfa78</id>
<content type='text'>
Fixes:
CVE-2017-3731 - Truncated packet could crash via OOB read.
CVE-2017-3732 - BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055 - Montgomery multiplication may produce incorrect results

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssl: security bump to version 1.0.2j</title>
<updated>2016-09-27T05:27:27+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-09-26T23:44:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7ba5ed97bc1bf9b4f8aef2dec4a64520b444b677'/>
<id>urn:sha1:7ba5ed97bc1bf9b4f8aef2dec4a64520b444b677</id>
<content type='text'>
Fixes:
CVE-2016-7052 - Missing CRL sanity check

[Peter: drop CVE 6309 from description as pointed out by Baruch]
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/openssl: security bump to version 1.0.2i</title>
<updated>2016-09-22T19:09:33+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2016-09-22T17:16:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=ba16a7a93edb46db409e51992c265ca7e14c13ff'/>
<id>urn:sha1:ba16a7a93edb46db409e51992c265ca7e14c13ff</id>
<content type='text'>
https://www.openssl.org/news/secadv/20160922.txt

Fixes
SSL_peek() hang on empty record (CVE-2016-6305)
SWEET32 Mitigation (CVE-2016-2183)
OOB write in MDC2_Update() (CVE-2016-6303)
Malformed SHA512 ticket DoS (CVE-2016-6302)
OOB write in BN_bn2dec() (CVE-2016-2182)
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Constant time flag not preserved in DSA signing (CVE-2016-2178)
DTLS buffered message DoS (CVE-2016-2179)
DTLS replay protection DoS (CVE-2016-2181)
Certificate message OOB reads (CVE-2016-6306)
Excessive allocation of memory in tls_get_message_header()
  (CVE-2016-6307)
Excessive allocation of memory in dtls1_preprocess_fragment()
  (CVE-2016-6308)

Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssl: security bump to version 1.0.2h</title>
<updated>2016-05-04T20:44:51+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-05-03T14:39:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2de25704771bfe34fb87a01dad3987c5c93404eb'/>
<id>urn:sha1:2de25704771bfe34fb87a01dad3987c5c93404eb</id>
<content type='text'>
Fixes:
CVE-2016-2105 - Fix EVP_EncodeUpdate overflow
CVE-2016-2106 - Fix EVP_EncryptUpdate overflow
CVE-2016-2107 - Prevent padding oracle in AES-NI CBC MAC check
CVE-2016-2109 - Prevent ASN.1 BIO excessive memory allocation
CVE-2016-2176 - EBCDIC overread

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssl: security bump to version 1.0.2g</title>
<updated>2016-03-01T14:48:08+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-03-01T14:38:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=25b218c144805a4fcd100396a936bc7bdccdedbc'/>
<id>urn:sha1:25b218c144805a4fcd100396a936bc7bdccdedbc</id>
<content type='text'>
Fixes:
CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN)
CVE-2016-0705 - Double-free in DSA code
CVE-2016-0798 - Memory leak in SRP database lookups
CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
CVE-2016-0799 - Fix memory issues in BIO_*printf functions
CVE-2016-0702 - Side channel attack on modular exponentiation

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/openssl: security bump to version 1.0.2f</title>
<updated>2016-01-28T21:26:15+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2016-01-28T19:37:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7d8b6bdd0075a57c2a4bb083197da7b41d6cef47'/>
<id>urn:sha1:7d8b6bdd0075a57c2a4bb083197da7b41d6cef47</id>
<content type='text'>
Fixes
DH small subgroups (CVE-2016-0701)
SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
An update on DHE man-in-the-middle protection (Logjam)

Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssl: re-enable parallel build</title>
<updated>2015-12-17T21:15:33+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo.zacarias@free-electrons.com</email>
</author>
<published>2015-12-03T21:31:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=37e7c34aaf74d6115ccfbc0fb233d3e8b016b6fc'/>
<id>urn:sha1:37e7c34aaf74d6115ccfbc0fb233d3e8b016b6fc</id>
<content type='text'>
The previous incarnation was incomplete, it only applied one of the
Gentoo patches, hence it had corner cases.
Apply all 4 patches as pointed out by Mike on the mailing list.

Signed-off-by: Gustavo Zacarias &lt;gustavo.zacarias@free-electrons.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssl: security bump to version 1.0.2e</title>
<updated>2015-12-03T21:08:27+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo.zacarias@free-electrons.com</email>
</author>
<published>2015-12-03T17:49:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=e9fb14ecef2427d3b98586c667f1e19112de5f90'/>
<id>urn:sha1:e9fb14ecef2427d3b98586c667f1e19112de5f90</id>
<content type='text'>
Fixes:
CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64
CVE-2015-3194 - Certificate verify crash with missing PSS parameter
CVE-2015-3195 - X509_ATTRIBUTE memory leak

Enable IDEA as well since otherwise the build breaks (always great
upstream) - it's no longer patent encumbered.

[Peter: correct sha256]
Signed-off-by: Gustavo Zacarias &lt;gustavo.zacarias@free-electrons.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>Revert "openssl: enable parallel build and installation"</title>
<updated>2015-11-23T17:32:25+00:00</updated>
<author>
<name>Yann E. MORIN</name>
<email>yann.morin.1998@free.fr</email>
</author>
<published>2015-11-23T16:23:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=a597e3c676948c6c1eb6440c82f19b7460f29192'/>
<id>urn:sha1:a597e3c676948c6c1eb6440c82f19b7460f29192</id>
<content type='text'>
This reverts commit 55e4ec054c21b9164e10c323a5f0afff1deb1d67.

There are still build failures in parallel builds:
    http://autobuild.buildroot.org/results/9a0/9a0fc1064010a658155e6a18ec72e0e3c58ec7f6/
    http://autobuild.buildroot.org/results/c28/c28064f383da1f577bd9227d004f1939daf4579f/
    http://autobuild.buildroot.org/results/218/2180b9d900b27103acc92a2932f7ffa560b04831/
    and so on...

Signed-off-by: "Yann E. MORIN" &lt;yann.morin.1998@free.fr&gt;
Cc: Ryan Barnett &lt;rjbarnet@rockwellcollins.com&gt;
Cc: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
Cc: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssl: enable parallel build and installation</title>
<updated>2015-09-16T20:20:52+00:00</updated>
<author>
<name>Ryan Barnett</name>
<email>ryanbarnett3@gmail.com</email>
</author>
<published>2015-09-16T12:06:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=55e4ec054c21b9164e10c323a5f0afff1deb1d67'/>
<id>urn:sha1:55e4ec054c21b9164e10c323a5f0afff1deb1d67</id>
<content type='text'>
This is a patch that is originally based on a patch Thomas P.
submitted for an earlier version of this package. I have adopted this
patch to use the latest available Gentoo parallel patch. I have also
seen about a minute improvement on my build times of openssl.

Part of Thomas P's original message:

On my build server, the current build of OpenSSL takes 1 minutes and
20 seconds. With this commit applied, enabling parallel build and
installation, the build only takes 28 seconds.

All the patches are downloaded from Gentoo.

There is apparently some interest in upstream OpenSSL to enable
parallel build, see for example commit
https://github.com/openssl/openssl/commit/c3f22253b139793ff3b91ff7e6969e180cf06815. This
commit is not part of any OpenSSL release, but we can hope that the
problem will resolved in the future.

Signed-off-by: Ryan Barnett &lt;ryanbarnett3@gmail.com&gt;
CC: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
CC: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
CC: Arnout Vandecappelle &lt;arnout@mind.be&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
</feed>
