OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.05 2016-05-04T20:44:51+00:00 2016-05-04T20:44:51+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-03T14:39:33+00:00 urn:sha1:2de25704771bfe34fb87a01dad3987c5c93404eb Fixes: CVE-2016-2105 - Fix EVP_EncodeUpdate overflow CVE-2016-2106 - Fix EVP_EncryptUpdate overflow CVE-2016-2107 - Prevent padding oracle in AES-NI CBC MAC check CVE-2016-2109 - Prevent ASN.1 BIO excessive memory allocation CVE-2016-2176 - EBCDIC overread Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-04-20T06:59:32+00:00 Matthew Shyu matthew.shyu@amlogic.com 2016-04-19T10:26:46+00:00 urn:sha1:817d3a02acf65b31e02ba1b026201f72b908c8ce Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-04-18T21:38:34+00:00 Thomas Petazzoni thomas.petazzoni@free-electrons.com 2016-04-17T21:31:34+00:00 urn:sha1:6cb4814c87cb1282b4a1d35e73743e8dd1b12ec5 The Linux kernel doesn't even support i386 anymore, there is no NPTL support for i386 and uClibc-ng only supports NPTL on x86, so there is essentially no usable thread implementation. Most likely glibc and musl also don't support i386 either. So it's time to remove the support for this architecture variant. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-03-01T14:48:08+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-01T14:38:36+00:00 urn:sha1:25b218c144805a4fcd100396a936bc7bdccdedbc Fixes: CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN) CVE-2016-0705 - Double-free in DSA code CVE-2016-0798 - Memory leak in SRP database lookups CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption CVE-2016-0799 - Fix memory issues in BIO_*printf functions CVE-2016-0702 - Side channel attack on modular exponentiation Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-01-28T21:26:15+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-01-28T19:37:07+00:00 urn:sha1:7d8b6bdd0075a57c2a4bb083197da7b41d6cef47 Fixes DH small subgroups (CVE-2016-0701) SSLv2 doesn't block disabled ciphers (CVE-2015-3197) An update on DHE man-in-the-middle protection (Logjam) Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-17T21:15:33+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2015-12-03T21:31:16+00:00 urn:sha1:37e7c34aaf74d6115ccfbc0fb233d3e8b016b6fc The previous incarnation was incomplete, it only applied one of the Gentoo patches, hence it had corner cases. Apply all 4 patches as pointed out by Mike on the mailing list. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-12-03T21:08:27+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2015-12-03T17:49:42+00:00 urn:sha1:e9fb14ecef2427d3b98586c667f1e19112de5f90 Fixes: CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64 CVE-2015-3194 - Certificate verify crash with missing PSS parameter CVE-2015-3195 - X509_ATTRIBUTE memory leak Enable IDEA as well since otherwise the build breaks (always great upstream) - it's no longer patent encumbered. [Peter: correct sha256] Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-11-23T17:32:25+00:00 Yann E. MORIN yann.morin.1998@free.fr 2015-11-23T16:23:57+00:00 urn:sha1:a597e3c676948c6c1eb6440c82f19b7460f29192 This reverts commit 55e4ec054c21b9164e10c323a5f0afff1deb1d67. There are still build failures in parallel builds: http://autobuild.buildroot.org/results/9a0/9a0fc1064010a658155e6a18ec72e0e3c58ec7f6/ http://autobuild.buildroot.org/results/c28/c28064f383da1f577bd9227d004f1939daf4579f/ http://autobuild.buildroot.org/results/218/2180b9d900b27103acc92a2932f7ffa560b04831/ and so on... Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Ryan Barnett <rjbarnet@rockwellcollins.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-09-23T21:27:42+00:00 Gustavo Zacarias gustavo.zacarias@free-electrons.com 2015-09-22T14:23:40+00:00 urn:sha1:35495daed39933db06dcc62a335fff89836d1853 Switch from : to # since CFLAGS can include :'s spilled in from BR2_TARGET_OPTIMIZATION, for example: BR2_TARGET_OPTIMIZATION="-Wl,-rpath,/lib:/usr/lib" would cause the sed expression to fail thus breaking the build. Changed all of the SEDs to # for consistency. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-16T20:20:52+00:00 Ryan Barnett ryanbarnett3@gmail.com 2015-09-16T12:06:25+00:00 urn:sha1:55e4ec054c21b9164e10c323a5f0afff1deb1d67 This is a patch that is originally based on a patch Thomas P. submitted for an earlier version of this package. I have adopted this patch to use the latest available Gentoo parallel patch. I have also seen about a minute improvement on my build times of openssl. Part of Thomas P's original message: On my build server, the current build of OpenSSL takes 1 minutes and 20 seconds. With this commit applied, enabling parallel build and installation, the build only takes 28 seconds. All the patches are downloaded from Gentoo. There is apparently some interest in upstream OpenSSL to enable parallel build, see for example commit https://github.com/openssl/openssl/commit/c3f22253b139793ff3b91ff7e6969e180cf06815. This commit is not part of any OpenSSL release, but we can hope that the problem will resolved in the future. Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> CC: Gustavo Zacarias <gustavo@zacarias.com.ar> CC: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>