aboutsummaryrefslogtreecommitdiff
path: root/package/openssl/openssl.hash
Commit message (Collapse)AuthorAgeFilesLines
* openssl: new virtual packageGravatar Adam Duskett2017-10-211-7/+0
| | | | | | | | | | | | | | | | | | | | | To ease the transition to having both OpenSSL and LibreSSL, there has to be a new virtual package introduced to handle both. Instead of making a libssl, and adding OpenSSL and libressl to that package, it will be far easier to move openssl to libopenssl and to make OpenSSL a virtual package. This offers a few advantages: - BR2_PACKAGE_OPENSSL is still a visible symbol with no dependencies. - It does not require a huge patch to convert every instance of OpenSSL -> libssl) - Users will be able to update without ever having to select anything new. - LibreSSL can be added at a later date to the virtual package. Signed-off-by: Adam Duskett <Adamduskett@outlook.com> [Thomas: define BR2_PACKAGE_PROVIDES_HOST_OPENSSL to the value "host-libopenssl" as we always want to use the original OpenSSL for the host variant.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openssl: bump verstion to 1.0.2lGravatar Bernd Kuhls2017-05-281-2/+2
| | | | | | | | According to https://www.openssl.org/news/newslog.html this release does not contain security fixes. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2kGravatar Gustavo Zacarias2017-01-261-2/+2
| | | | | | | | | | Fixes: CVE-2017-3731 - Truncated packet could crash via OOB read. CVE-2017-3732 - BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055 - Montgomery multiplication may produce incorrect results Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.2jGravatar Gustavo Zacarias2016-09-271-2/+2
| | | | | | | | | Fixes: CVE-2016-7052 - Missing CRL sanity check [Peter: drop CVE 6309 from description as pointed out by Baruch] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: security bump to version 1.0.2iGravatar Bernd Kuhls2016-09-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | https://www.openssl.org/news/secadv/20160922.txt Fixes SSL_peek() hang on empty record (CVE-2016-6305) SWEET32 Mitigation (CVE-2016-2183) OOB write in MDC2_Update() (CVE-2016-6303) Malformed SHA512 ticket DoS (CVE-2016-6302) OOB write in BN_bn2dec() (CVE-2016-2182) OOB read in TS_OBJ_print_bio() (CVE-2016-2180) Pointer arithmetic undefined behaviour (CVE-2016-2177) Constant time flag not preserved in DSA signing (CVE-2016-2178) DTLS buffered message DoS (CVE-2016-2179) DTLS replay protection DoS (CVE-2016-2181) Certificate message OOB reads (CVE-2016-6306) Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.2hGravatar Gustavo Zacarias2016-05-041-2/+2
| | | | | | | | | | | | Fixes: CVE-2016-2105 - Fix EVP_EncodeUpdate overflow CVE-2016-2106 - Fix EVP_EncryptUpdate overflow CVE-2016-2107 - Prevent padding oracle in AES-NI CBC MAC check CVE-2016-2109 - Prevent ASN.1 BIO excessive memory allocation CVE-2016-2176 - EBCDIC overread Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.2gGravatar Gustavo Zacarias2016-03-011-2/+2
| | | | | | | | | | | | | Fixes: CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN) CVE-2016-0705 - Double-free in DSA code CVE-2016-0798 - Memory leak in SRP database lookups CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption CVE-2016-0799 - Fix memory issues in BIO_*printf functions CVE-2016-0702 - Side channel attack on modular exponentiation Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: security bump to version 1.0.2fGravatar Bernd Kuhls2016-01-281-2/+2
| | | | | | | | | | Fixes DH small subgroups (CVE-2016-0701) SSLv2 doesn't block disabled ciphers (CVE-2015-3197) An update on DHE man-in-the-middle protection (Logjam) Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: re-enable parallel buildGravatar Gustavo Zacarias2015-12-171-0/+5
| | | | | | | | | The previous incarnation was incomplete, it only applied one of the Gentoo patches, hence it had corner cases. Apply all 4 patches as pointed out by Mike on the mailing list. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2eGravatar Gustavo Zacarias2015-12-031-2/+2
| | | | | | | | | | | | | | Fixes: CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64 CVE-2015-3194 - Certificate verify crash with missing PSS parameter CVE-2015-3195 - X509_ATTRIBUTE memory leak Enable IDEA as well since otherwise the build breaks (always great upstream) - it's no longer patent encumbered. [Peter: correct sha256] Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Revert "openssl: enable parallel build and installation"Gravatar Yann E. MORIN2015-11-231-2/+0
| | | | | | | | | | | | | | | | This reverts commit 55e4ec054c21b9164e10c323a5f0afff1deb1d67. There are still build failures in parallel builds: http://autobuild.buildroot.org/results/9a0/9a0fc1064010a658155e6a18ec72e0e3c58ec7f6/ http://autobuild.buildroot.org/results/c28/c28064f383da1f577bd9227d004f1939daf4579f/ http://autobuild.buildroot.org/results/218/2180b9d900b27103acc92a2932f7ffa560b04831/ and so on... Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Ryan Barnett <rjbarnet@rockwellcollins.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: enable parallel build and installationGravatar Ryan Barnett2015-09-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is a patch that is originally based on a patch Thomas P. submitted for an earlier version of this package. I have adopted this patch to use the latest available Gentoo parallel patch. I have also seen about a minute improvement on my build times of openssl. Part of Thomas P's original message: On my build server, the current build of OpenSSL takes 1 minutes and 20 seconds. With this commit applied, enabling parallel build and installation, the build only takes 28 seconds. All the patches are downloaded from Gentoo. There is apparently some interest in upstream OpenSSL to enable parallel build, see for example commit https://github.com/openssl/openssl/commit/c3f22253b139793ff3b91ff7e6969e180cf06815. This commit is not part of any OpenSSL release, but we can hope that the problem will resolved in the future. Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> CC: Gustavo Zacarias <gustavo@zacarias.com.ar> CC: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2dGravatar Gustavo Zacarias2015-07-091-4/+2
| | | | | | | Fixes CVE-2015-1793 - Alternative chains certificate forgery. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: bump to version 1.0.2cGravatar Gustavo Zacarias2015-06-121-4/+4
| | | | | | | Fixes HMAC ABI breakage from 1.0.2b Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2bGravatar Gustavo Zacarias2015-06-121-4/+4
| | | | | | | | | | | CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1788 - Malformed ECParameters causes infinite loop CVE-2015-1792 - CMS verify infinite loop with unknown hash function CVE-2015-1791 - Race condition handling NewSessionTicket Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2aGravatar Gustavo Zacarias2015-03-191-4/+4
| | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2015-0291 - ClientHello sigalgs DoS CVE-2015-0290 - Multiblock corrupted pointer CVE-2015-0207 - Segmentation fault in DTLSv1_listen CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0208 - Segmentation fault for invalid PSS parameters CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences CVE-2015-0293 - DoS via reachable assert in SSLv2 servers CVE-2015-1787 - Empty CKE with client auth and DHE CVE-2015-0285 - Handshake with unseeded PRNG CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref musl patch removed since it's no longer necessary. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump version to 1.0.2Gravatar Vicente Olivert Riera2015-01-271-4/+4
| | | | | | | | | - Bump version to 1.0.2 - Adapt patches to new version - Update hash value Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1lGravatar Gustavo Zacarias2015-01-201-4/+4
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1kGravatar Gustavo Zacarias2015-01-081-4/+4
| | | | | | | | | | | | | | | | Fixes: CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record CVE-2014-3569 - no-ssl3 configuration sets method to NULL CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 - DH client certificates accepted without verification [Server] CVE-2014-8275 - Certificate fingerprints can be modified CVE-2014-3570 - Bignum squaring may produce incorrect results Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.1jGravatar Gustavo Zacarias2014-10-171-4/+4
| | | | | | | | | | | Fixes: CVE-2014-3513 - SRTP memory leak CVE-2014-3567 - Session ticket memory leak CVE-2014-3568 - Build option no-ssl3 is incomplete And adds SSL3 fallback protection against POODLE. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: add hashGravatar Gustavo Zacarias2014-09-181-0/+4
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>