aboutsummaryrefslogtreecommitdiff
path: root/package/openssl
Commit message (Collapse)AuthorAgeFilesLines
* core: allow br2-external trees to provide openslGravatar Yann E. MORIN2019-08-041-0/+3
| | | | | | | | | | Similar to toolchains and jpeg, we now offer a way for br2-external trees to provide their openssl implementation, which gets included in the openssl choice. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: disable libressl on uClibc noMMUGravatar Thomas Petazzoni2017-11-061-0/+2
| | | | | | | | | | | | | | | | | | | | uClibc doesn't implement __register_atfork() on noMMU systems, causing a build failure of libressl. Since openssl is available as an alternative on such platforms, we just disable libressl on uClibc/noMMU systems. Fixes: /home/thomas/projets/buildroot/output/build/libressl-2.5.5/crypto/.libs/libcrypto.a(arc4random.o): In function `_rs_init.part.1': arc4random.c:(.text+0x74): undefined reference to `__register_atfork' collect2: error: ld returned 1 exit status This build issue is not visible in the autobuilders, because libressl is only selectable through a choice, which isn't randomized by the autobuilder logic. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: unconditionally define BR2_PACKAGE_PROVIDES_HOST_OPENSSLGravatar Peter Korsgaard2017-10-221-2/+3
| | | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/207/207d0ca1fe5328e675246c851fcb0d5685f8c0bd/ http://autobuild.buildroot.net/results/546/546a56d6dd39e5e9ecfe25fd36a00510e6c0c45b/ host-openssl may be used without openssl being enabled for the target, so move BR2_PACKAGE_PROVIDES_HOST_OPENSSL outside the BR2_PACKAGE_OPENSSL conditional. While we're at it, add a comment explaining what this magic config symbol does. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: add libressl as a providerGravatar Adam Duskett2017-10-211-1/+23
| | | | | | | | | | | At this point, libressl can be added to the openssl virtual package. - Remove the entry package/libressl/Config.in from package/Config.in - Remove the file: package/libressl/Config.in - Add libressl entry to package/openssl/Config.in Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: introduce BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSLGravatar Thomas Petazzoni2017-10-211-0/+3
| | | | | | | | | | | | | Some packages that use openssl are not compatible with libressl, only with the real openssl (known as libopenssl in Buildroot). So before we add libressl as a provider for the openssl virtual package, we introduce a BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL hidden option that packages incompatible with LibreSSL will be able to select. This will allow packages that need OpenSSL to continue using "select", without having to change to using "depends on" dependencies. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: new virtual packageGravatar Adam Duskett2017-10-215-657/+42
| | | | | | | | | | | | | | | | | | | | | To ease the transition to having both OpenSSL and LibreSSL, there has to be a new virtual package introduced to handle both. Instead of making a libssl, and adding OpenSSL and libressl to that package, it will be far easier to move openssl to libopenssl and to make OpenSSL a virtual package. This offers a few advantages: - BR2_PACKAGE_OPENSSL is still a visible symbol with no dependencies. - It does not require a huge patch to convert every instance of OpenSSL -> libssl) - Users will be able to update without ever having to select anything new. - LibreSSL can be added at a later date to the virtual package. Signed-off-by: Adam Duskett <Adamduskett@outlook.com> [Thomas: define BR2_PACKAGE_PROVIDES_HOST_OPENSSL to the value "host-libopenssl" as we always want to use the original OpenSSL for the host variant.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* generic packages: use $(HOST_DIR) instead of $(HOST_DIR)/usr as prefixGravatar Arnout Vandecappelle2017-07-051-1/+1
| | | | | | | | | | | | Remove the redundant usr/ component of the HOST_DIR paths. Since a previous commit added a symlink from $(HOST_DIR)/usr to $(HOST_DIR), everything keeps on working. This is a mechanical change with git grep -l '\$(HOST_DIR)/usr' | xargs sed -i 's%\(prefix\|PREFIX\)=\("\?\)\$(HOST_DIR)/usr%\1=\2$(HOST_DIR)%g' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openssl: bump verstion to 1.0.2lGravatar Bernd Kuhls2017-05-282-3/+3
| | | | | | | | According to https://www.openssl.org/news/newslog.html this release does not contain security fixes. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2kGravatar Gustavo Zacarias2017-01-262-3/+3
| | | | | | | | | | Fixes: CVE-2017-3731 - Truncated packet could crash via OOB read. CVE-2017-3732 - BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055 - Montgomery multiplication may produce incorrect results Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: use $(HOST_MAKE_ENV) when calling $(MAKE)Gravatar Gustavo Zacarias2016-10-221-2/+2
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: use $(TARGET_MAKE_ENV) when calling $(MAKE)Gravatar Gustavo Zacarias2016-10-151-3/+3
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2jGravatar Gustavo Zacarias2016-09-272-3/+3
| | | | | | | | | Fixes: CVE-2016-7052 - Missing CRL sanity check [Peter: drop CVE 6309 from description as pointed out by Baruch] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: security bump to version 1.0.2iGravatar Bernd Kuhls2016-09-222-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | https://www.openssl.org/news/secadv/20160922.txt Fixes SSL_peek() hang on empty record (CVE-2016-6305) SWEET32 Mitigation (CVE-2016-2183) OOB write in MDC2_Update() (CVE-2016-6303) Malformed SHA512 ticket DoS (CVE-2016-6302) OOB write in BN_bn2dec() (CVE-2016-2182) OOB read in TS_OBJ_print_bio() (CVE-2016-2180) Pointer arithmetic undefined behaviour (CVE-2016-2177) Constant time flag not preserved in DSA signing (CVE-2016-2178) DTLS buffered message DoS (CVE-2016-2179) DTLS replay protection DoS (CVE-2016-2181) Certificate message OOB reads (CVE-2016-6306) Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: depend on the virtual cryptodev packageGravatar Yann E. MORIN2016-09-041-7/+2
| | | | | | | | | | | Instead of depending on each provider of cryptodev, make openssl depend on the virtual package. This is easy because in both cases the openssl build systems needs the same configuration options. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: fix m68k uclinux compileGravatar Waldemar Brodkorb2016-08-011-0/+5
| | | | | | | | | | | | The GCC manual suggest when getting: relocation truncated to fit: R_68K_GOT16O foobar to use -mxgot. Fixes: http://autobuild.buildroot.net/results/455fd0f274bfa4bbd786bcd6740ecf960e47c1bd/ Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: disable assembly for ARMv7MGravatar Gustavo Zacarias2016-06-221-1/+2
| | | | | | | | | It requires interwork and v7M is thumb-only. Fixes: http://autobuild.buildroot.net/results/55d/55dc9d6826defd2c9048c2991019d4d573d34af4/ [Peter: use R2_ARM_CPU_HAS_ARM for logic] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.2hGravatar Gustavo Zacarias2016-05-042-3/+3
| | | | | | | | | | | | Fixes: CVE-2016-2105 - Fix EVP_EncodeUpdate overflow CVE-2016-2106 - Fix EVP_EncryptUpdate overflow CVE-2016-2107 - Prevent padding oracle in AES-NI CBC MAC check CVE-2016-2109 - Prevent ASN.1 BIO excessive memory allocation CVE-2016-2176 - EBCDIC overread Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: enable aarch64 optimizationGravatar Matthew Shyu2016-04-201-0/+3
| | | | | Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* arch/x86: remove support for i386Gravatar Thomas Petazzoni2016-04-181-5/+0
| | | | | | | | | | | | The Linux kernel doesn't even support i386 anymore, there is no NPTL support for i386 and uClibc-ng only supports NPTL on x86, so there is essentially no usable thread implementation. Most likely glibc and musl also don't support i386 either. So it's time to remove the support for this architecture variant. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2gGravatar Gustavo Zacarias2016-03-012-3/+3
| | | | | | | | | | | | | Fixes: CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN) CVE-2016-0705 - Double-free in DSA code CVE-2016-0798 - Memory leak in SRP database lookups CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption CVE-2016-0799 - Fix memory issues in BIO_*printf functions CVE-2016-0702 - Side channel attack on modular exponentiation Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssl: security bump to version 1.0.2fGravatar Bernd Kuhls2016-01-282-3/+3
| | | | | | | | | | Fixes DH small subgroups (CVE-2016-0701) SSLv2 doesn't block disabled ciphers (CVE-2015-3197) An update on DHE man-in-the-middle protection (Logjam) Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: re-enable parallel buildGravatar Gustavo Zacarias2015-12-173-7/+18
| | | | | | | | | The previous incarnation was incomplete, it only applied one of the Gentoo patches, hence it had corner cases. Apply all 4 patches as pointed out by Mike on the mailing list. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2eGravatar Gustavo Zacarias2015-12-032-4/+3
| | | | | | | | | | | | | | Fixes: CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64 CVE-2015-3194 - Certificate verify crash with missing PSS parameter CVE-2015-3195 - X509_ATTRIBUTE memory leak Enable IDEA as well since otherwise the build breaks (always great upstream) - it's no longer patent encumbered. [Peter: correct sha256] Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Revert "openssl: enable parallel build and installation"Gravatar Yann E. MORIN2015-11-232-9/+5
| | | | | | | | | | | | | | | | This reverts commit 55e4ec054c21b9164e10c323a5f0afff1deb1d67. There are still build failures in parallel builds: http://autobuild.buildroot.org/results/9a0/9a0fc1064010a658155e6a18ec72e0e3c58ec7f6/ http://autobuild.buildroot.org/results/c28/c28064f383da1f577bd9227d004f1939daf4579f/ http://autobuild.buildroot.org/results/218/2180b9d900b27103acc92a2932f7ffa560b04831/ and so on... Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Ryan Barnett <rjbarnet@rockwellcollins.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: change sed expression delimiterGravatar Gustavo Zacarias2015-09-231-8/+8
| | | | | | | | | | | | | | Switch from : to # since CFLAGS can include :'s spilled in from BR2_TARGET_OPTIMIZATION, for example: BR2_TARGET_OPTIMIZATION="-Wl,-rpath,/lib:/usr/lib" would cause the sed expression to fail thus breaking the build. Changed all of the SEDs to # for consistency. Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: enable parallel build and installationGravatar Ryan Barnett2015-09-162-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is a patch that is originally based on a patch Thomas P. submitted for an earlier version of this package. I have adopted this patch to use the latest available Gentoo parallel patch. I have also seen about a minute improvement on my build times of openssl. Part of Thomas P's original message: On my build server, the current build of OpenSSL takes 1 minutes and 20 seconds. With this commit applied, enabling parallel build and installation, the build only takes 28 seconds. All the patches are downloaded from Gentoo. There is apparently some interest in upstream OpenSSL to enable parallel build, see for example commit https://github.com/openssl/openssl/commit/c3f22253b139793ff3b91ff7e6969e180cf06815. This commit is not part of any OpenSSL release, but we can hope that the problem will resolved in the future. Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> CC: Gustavo Zacarias <gustavo@zacarias.com.ar> CC: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: use git formatted patchesGravatar Ryan Barnett2015-09-163-41/+67
| | | | | | | | | | | | | Using Git formatted patches makes it easier to adjust the patches when needed. [Thomas: remove patch numbering.] Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com> CC: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> CC: Gustavo Zacarias <gustavo@zacarias.com.ar> CC: Arnout Vandecappelle <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2dGravatar Gustavo Zacarias2015-07-092-5/+3
| | | | | | | Fixes CVE-2015-1793 - Alternative chains certificate forgery. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: drop !static dependency from OPENSSL_BIN optionGravatar Peter Korsgaard2015-07-091-4/+0
| | | | | | | The dependency doesn't make sense now that the option only controls if the built binary gets installed into the target or not, so drop it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: fix static buildGravatar Benoît Thébaudeau2015-07-091-0/+8
| | | | | | | | | | | | | | If configured with no-dso, the openssl binary still gets linked with -ldl, while libdl is not available for static-only builds. The OpenSSL framework does not support automatically dropping -ldl with no-dso, so -ldl has to be removed from Makefile after calling ./Configure as explained in PROBLEMS. Fixes http://autobuild.buildroot.org/results/cbb35f2582f1cfeb3d11cb4952a80784ff660baf [Peter: add reference to PROBLEMS file] Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: always build appsGravatar Benoît Thébaudeau2015-07-062-10/+20
| | | | | | | | | | | | | | | | | | | | | | | Now that building the openssl binary without MMU is supported, the only reason left for not building apps if the openssl binary is disabled is to save build time. Moreover, the commit 720893b62510438237b9923d744dd079ddb4f67d "openssl: disable apps for NOMMU", which added this behavior, had a side effect: the scripts from apps (CA.pl, CA.sh and tsget) and the default configuration file (openssl.cnf) were no longer installed, which is not advertized by the BR2_PACKAGE_OPENSSL_BIN option. CA.pl and CA.sh use the openssl binary, so not installing them without the latter makes sense. But tsget does not use the openssl binary, and openssl.cnf can be used by libcrypto, so it is preferable to handle BR2_PACKAGE_OPENSSL_BIN like before the commit mentioned above, i.e. to always build and install apps and to just remove the openssl binary afterwards if needed. This is what the current commit does, but installing only the helper scripts having their dependencies (perl or the openssl binary) satisfied. The help text is updated accordingly. Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: support building the binary without MMUGravatar Benoît Thébaudeau2015-06-302-3/+4
| | | | | | | | | | | The commit 720893b62510438237b9923d744dd079ddb4f67d "openssl: disable apps for NOMMU" prevented the openssl binary from being built without MMU in order to fix a build failure without fork(). However, openssl is designed to support the lack of fork() with -DHAVE_FORK=0, so allow the openssl binary to be enabled without MMU thanks to this option. Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: bump to version 1.0.2cGravatar Gustavo Zacarias2015-06-122-5/+5
| | | | | | | Fixes HMAC ABI breakage from 1.0.2b Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2bGravatar Gustavo Zacarias2015-06-123-32/+5
| | | | | | | | | | | CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1788 - Malformed ECParameters causes infinite loop CVE-2015-1792 - CMS verify infinite loop with unknown hash function CVE-2015-1791 - Race condition handling NewSessionTicket Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/openssl: bin/openssl depends on dynamic linkingGravatar Bernd Kuhls2015-04-191-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | Fixes /home/br/br3/output/host/usr/lib/gcc/i586-buildroot-linux-uclibc/4.8.4/../../../../i586-buildroot-linux-uclibc/bin/ld: cannot find -ldl using this defconfig BR2_STATIC_LIBS=y BR2_PACKAGE_OPENSSL=y BR2_PACKAGE_OPENSSL_BIN=y Quoting PROBLEMS: "We don't have framework to associate -ldl with no-dso, therefore the only way is to edit Makefile right after ./config no-dso and remove -ldl from EX_LIBS line." To not make the build procedure more complicated disable static building of bin/openssl. [Thomas: add corresponding kconfig comment.] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: remove non-lfs enabler patchesGravatar Gustavo Zacarias2015-04-011-19/+0
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: indentation cleanupGravatar Jerzy Grzegorek2015-03-311-10/+10
| | | | | | | This commit doesn't touch infra packages. Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssl: security bump to version 1.0.2aGravatar Gustavo Zacarias2015-03-193-51/+5
| | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2015-0291 - ClientHello sigalgs DoS CVE-2015-0290 - Multiblock corrupted pointer CVE-2015-0207 - Segmentation fault in DTLSv1_listen CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0208 - Segmentation fault for invalid PSS parameters CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences CVE-2015-0293 - DoS via reachable assert in SSLv2 servers CVE-2015-1787 - Empty CKE with client auth and DHE CVE-2015-0285 - Handshake with unseeded PRNG CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref musl patch removed since it's no longer necessary. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: update cryptodev digests patchGravatar Gustavo Zacarias2015-01-281-69/+80
| | | | | | | | | The adaptation from commit 74dd54bf is incomplete/bad causing segfaults when using cryptodev for digest offload, examples: openssh, openssl speed, others. Tested on real hardware (talitos). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: fix c_rehash dumbnessGravatar Gustavo Zacarias2015-01-271-0/+27
| | | | | | | | | | The new c_rehash from openssl 1.0.2 can't take a minus in the directory string since the regex for matching commands checks for - in any position instead of just the beginning to trigger the command parser. Fixes: http://autobuild.buildroot.net/results/ee6/ee683569350d5deaf0ccc603ed7066bffb83cbe3/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump version to 1.0.2Gravatar Vicente Olivert Riera2015-01-274-384/+381
| | | | | | | | | - Bump version to 1.0.2 - Adapt patches to new version - Update hash value Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: bump to version 1.0.1lGravatar Gustavo Zacarias2015-01-202-5/+5
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1kGravatar Gustavo Zacarias2015-01-082-5/+5
| | | | | | | | | | | | | | | | Fixes: CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record CVE-2014-3569 - no-ssl3 configuration sets method to NULL CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 - DH client certificates accepted without verification [Server] CVE-2014-8275 - Certificate fingerprints can be modified CVE-2014-3570 - Bignum squaring may produce incorrect results Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBSGravatar Thomas Petazzoni2014-12-111-5/+5
| | | | | | | | | | | | | | | | | | | | | | | Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed from "prefer static libraries when possible" to "use only static libraries". The former semantic didn't make much sense, since the user had absolutely no control/idea of which package would use static libraries, and which packages would not. Therefore, for quite some time, we have been starting to enforce that BR2_PREFER_STATIC_LIB should really build everything with static libraries. As a consequence, this patch renames BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS, and adjust the Config.in option accordingly. This also helps preparing the addition of other options to select shared, shared+static or just static. Note that we have verified that this commit can be reproduced by simply doing a global rename of BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
* Merge branch 'next'Gravatar Peter Korsgaard2014-12-014-0/+0
|\ | | | | | | | | | | | | | | | | Conflicts: Makefile package/flac/0001-fix-altivec-logic.patch package/grantlee/Config.in Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * package/openssl: rename patches to the new conventionGravatar Bernd Kuhls2014-11-184-0/+0
| | | | | | | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | package/openssl: drop libdl from more pc filesGravatar Bernd Kuhls2014-11-221-0/+2
|/ | | | | | | | | | | | | | | | | | | | | This is a follow-up patch for http://git.buildroot.net/buildroot/commit/package/openssl/openssl.mk?id=c130c5d4635e2a4c7338161953152faf8fca07c4 Fixes http://autobuild.buildroot.net/results/358/35899961b6dc01c1522b17f63946da5ab809bff8/ http://autobuild.buildroot.net/results/c86/c865214e74dd3766b6343ef73c666fa89c0b5dec/ http://autobuild.buildroot.net/results/fc1/fc12e88fb789e2b68d427c37f39789954309b05d/ http://autobuild.buildroot.net/results/f4d/f4deef4e7d2e2cf5fbc9ce5f02289b4dc60cd23b/ http://autobuild.buildroot.net/results/dfd/dfd81f1f1f0f315317b2a85d24b286a277ac7c16/ http://autobuild.buildroot.net/results/918/9188fc9a63d880cac28c5a9a246ca5504dd11bb2/ http://autobuild.buildroot.net/results/dd1/dd1c326345f8f9c8b5838601ace19002f5360bb2/ http://autobuild.buildroot.net/results/27b/27b4544c59166a9f40092403ed3f530190544a82/ http://autobuild.buildroot.net/results/c37/c37022e334d763bad2a59f7311b93504a569b2dd/ http://autobuild.buildroot.net/results/e89/e89265937a6b4808b817be16bcab79bae4a9aed1/ http://autobuild.buildroot.net/results/4a2/4a222a40d627fda6e49714b13b4321d62c9c2e51/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* host-openssl: use correct prefix so libssl / libcrypto can be foundGravatar Peter Korsgaard2014-11-031-4/+5
| | | | | | | | | | | | | | | | | | | | Fixes (root cause of): http://autobuild.buildroot.net/results/d01/d0190a6e5c6b5aa78cfefc29e4e8a4e4b135450b/ http://autobuild.buildroot.net/results/9bb/9bb8defedb8024de83eb3a609ab584efb5d0d2b0/ http://autobuild.buildroot.net/results/e4a/e4a1b298e7e158d3614b89e61d40ef9a00e7ff67/ http://autobuild.buildroot.net/results/5e2/5e24a90058111f7d5618047410f809b45bc165f6/ And many others. The host version of openssl should be configured to use the host directory as its prefix and the INSTALL_PREFIX dance shouldn't be used, as otherwise host-openssl will look in /usr for its libraries. While we are at it, ensure our host CFLAGS are used similar to how we do for the target build. Also enable zlib support as we already list it as a dependency. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: security bump to version 1.0.1jGravatar Gustavo Zacarias2014-10-172-5/+5
| | | | | | | | | | | Fixes: CVE-2014-3513 - SRTP memory leak CVE-2014-3567 - Session ticket memory leak CVE-2014-3568 - Build option no-ssl3 is incomplete And adds SSL3 fallback protection against POODLE. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssl: Add patch to fix compilation with musl libcGravatar Maarten ter Huurne2014-09-281-0/+46
| | | | | | Signed-off-by: Maarten ter Huurne <maarten@treewalker.org> Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>