kumquat-buildroot/package/libopenssl/libopenssl.hash

# From https://www.openssl.org/source/openssl-1.1.1b.tar.gz.sha256
sha256	f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90	openssl-1.1.1c.tar.gz

# License files
sha256	c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c	LICENSE
package/libopenssl: bump to version 1.1.1b Drop patches 4..6 as they are now upstream. Update the hash of the license file as the copyright dates changed. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-03-21 21:47:02 +01:00			`# From https://www.openssl.org/source/openssl-1.1.1b.tar.gz.sha256`
package/libopenssl: security bump to version 1.1.1c Fixes the following security issues: Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-05-30 23:43:36 +02:00			`sha256 f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90 openssl-1.1.1c.tar.gz`
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-01-29 10:39:19 +01:00
			`# License files`
package/libopenssl: bump to version 1.1.1b Drop patches 4..6 as they are now upstream. Update the hash of the license file as the copyright dates changed. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-03-21 21:47:02 +01:00			`sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE`