buildroot/package/openssl, branch 2017.02

openssl: security bump to version 1.0.2k

2017-01-26T21:34:36+00:00

Fixes: CVE-2017-3731 - Truncated packet could crash via OOB read. CVE-2017-3732 - BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055 - Montgomery multiplication may produce incorrect results Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

openssl: use $(HOST_MAKE_ENV) when calling $(MAKE)

2016-10-22T13:19:24+00:00

Signed-off-by: Gustavo Zacarias Reviewed-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Thomas Petazzoni

openssl: use $(TARGET_MAKE_ENV) when calling $(MAKE)

2016-10-15T12:16:54+00:00

Signed-off-by: Gustavo Zacarias Reviewed-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Thomas Petazzoni

openssl: security bump to version 1.0.2j

2016-09-27T05:27:27+00:00

Fixes: CVE-2016-7052 - Missing CRL sanity check [Peter: drop CVE 6309 from description as pointed out by Baruch] Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

package/openssl: security bump to version 1.0.2i

2016-09-22T19:09:33+00:00

https://www.openssl.org/news/secadv/20160922.txt Fixes SSL_peek() hang on empty record (CVE-2016-6305) SWEET32 Mitigation (CVE-2016-2183) OOB write in MDC2_Update() (CVE-2016-6303) Malformed SHA512 ticket DoS (CVE-2016-6302) OOB write in BN_bn2dec() (CVE-2016-2182) OOB read in TS_OBJ_print_bio() (CVE-2016-2180) Pointer arithmetic undefined behaviour (CVE-2016-2177) Constant time flag not preserved in DSA signing (CVE-2016-2178) DTLS buffered message DoS (CVE-2016-2179) DTLS replay protection DoS (CVE-2016-2181) Certificate message OOB reads (CVE-2016-6306) Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/openssl: depend on the virtual cryptodev package

2016-09-04T13:39:27+00:00

Instead of depending on each provider of cryptodev, make openssl depend on the virtual package. This is easy because in both cases the openssl build systems needs the same configuration options. Signed-off-by: "Yann E. MORIN" Signed-off-by: Thomas Petazzoni

openssl: fix m68k uclinux compile

2016-08-01T21:03:24+00:00

The GCC manual suggest when getting: relocation truncated to fit: R_68K_GOT16O foobar to use -mxgot. Fixes: http://autobuild.buildroot.net/results/455fd0f274bfa4bbd786bcd6740ecf960e47c1bd/ Signed-off-by: Waldemar Brodkorb Signed-off-by: Thomas Petazzoni

openssl: disable assembly for ARMv7M

2016-06-22T14:59:23+00:00

It requires interwork and v7M is thumb-only. Fixes: http://autobuild.buildroot.net/results/55d/55dc9d6826defd2c9048c2991019d4d573d34af4/ [Peter: use R2_ARM_CPU_HAS_ARM for logic] Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

openssl: security bump to version 1.0.2h

2016-05-04T20:44:51+00:00

Fixes: CVE-2016-2105 - Fix EVP_EncodeUpdate overflow CVE-2016-2106 - Fix EVP_EncryptUpdate overflow CVE-2016-2107 - Prevent padding oracle in AES-NI CBC MAC check CVE-2016-2109 - Prevent ASN.1 BIO excessive memory allocation CVE-2016-2176 - EBCDIC overread Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

openssl: enable aarch64 optimization

2016-04-20T06:59:32+00:00

Signed-off-by: Matthew Shyu Signed-off-by: Peter Korsgaard