Commit Graph

59 Commits

Author SHA1 Message Date
Thomas Petazzoni
0849e8193e package: remove useless arguments from GENTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
GENTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:09:58 +02:00
Yegor Yefremov
a50f6ef29e openssl: bump to 1.0.0e
Changes between 1.0.0d and 1.0.0e [6 Sep 2011]

  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
     [Kaspar Brand <ossl@velox.ch>]

  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
     for multi-threaded use of ECDH. (CVE-2011-3210)
     [Adam Langley (Google)]

  *) Fix x509_name_ex_d2i memory leak on bad inputs.
     [Bodo Moeller]

  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
     signature public key algorithm by using OID xref utilities instead.
     Before this you could only use some ECC ciphersuites with SHA1 only.
     [Steve Henson]

  *) Add protection against ECDSA timing attacks as mentioned in the paper
     by Billy Bob Brumley and Nicola Tuveri, see:

	http://eprint.iacr.org/2011/232.pdf

     [Billy Bob Brumley and Nicola Tuveri]

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-13 00:17:15 +02:00
Gustavo Zacarias
47736c88c3 openssl: fix compilation for i386
Closes #3445.

OpenSSL emits bswap instructions when building for i386 targets which
unfortunately is only available on 486+ class processors.
Since the normal workaround is detected at build time and we are cross
compiling we need to specify this.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-04-01 21:56:21 +02:00
Gustavo Zacarias
d17c165280 openssl: fix libdir issue
Closes #3205

OpenSSL's build system tries to be too wise for it's own good when
guessing what libdir should be.
This causes problems like the one reported in bug #3205 so just specify
libdir to point to /lib (since it's prefixed it would finally be
/usr/lib) since it should be present on 32 and 64 bit targets.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-23 23:31:49 +01:00
Gustavo Zacarias
68bb70ce5a openssl: security bump to 1.0.0d
CVE-2011-0014
http://www.openssl.org/news/secadv_20110208.txt

OCSP stapling vulnerability in OpenSSL

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-09 22:50:49 +01:00
Gustavo Zacarias
7b9faa03ee openssl: add ocf support
Enable OCF (cryptodev) support for openssl as an option.

This requires a patched kernel to export hardware acceleration for
openssl to use it.
If you lack a patched kernel or support it won't break anything, it will
simply fall back to the default software engine from openssl, you'll
just have a slightly bigger libssl/libcrypto.

Tested with 20100325 release + 20101223 patch from the mailing list.

[Peter: slightly tweaked .mk]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-01-17 22:00:08 +01:00
Gustavo Zacarias
a01ee272fe openssl: security bump to version 1.0.0c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-11 02:25:21 +01:00
Gustavo Zacarias
9df0952493 openssl: security bump to version 1.0.0b
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-19 15:46:37 +01:00
Gustavo Zacarias
567eee4f54 openssl: Bump to 1.0.0a
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-10-18 11:18:12 +02:00
Thomas Petazzoni
97d8618c6c Remove code specific to removed architectures
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-08-31 20:28:21 +02:00
Thomas Petazzoni
9d6610f58f openssl: don't override the CC passed at configure time
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-07-07 08:14:42 +02:00
Gustavo Zacarias
3dbc86f098 openssl: bump version, enable mdc2+camellia+tlsext
Closes #1951

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-06-06 23:15:29 +02:00
Thomas Petazzoni
c9a06efff3 openssl: convert to the generic infrastructure
OpenSSL is not using the autotools as its build system. Therefore, we
must use the generic infrastructure instead of the autotools one.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-05-02 23:26:11 +02:00
Gustavo Zacarias
aa3486fd52 openssl: bump version
Closes #1411

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-31 10:59:03 +02:00
Gustavo Zacarias
48ed49e91d openssl: bump to 0.9.8l + security fixes
Closes #703

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-11-15 23:58:50 +01:00
Peter Korsgaard
db5e305867 openssl: use generic support for avr32
Upstream openssl doesn't have avr32 support, and we dropped the
avr32 optimization patch some time ago.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-23 14:44:23 +02:00
Peter Korsgaard
8162f3977a openssl: remove invalid quotes around x86_64
Thanks for Thomas for noticing.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-29 23:35:41 +02:00
Peter Korsgaard
2a966bcd3b openssl: fix arch handling
Closes #497

Use ARCH instead of BR2_ARCH as BR2_ARCH won't match because of the
surrounding quotes.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-29 21:49:45 +02:00
Peter Korsgaard
a4c8130640 package/openssl: fix uninstall 2009-04-28 18:30:20 +00:00
Peter Korsgaard
32c9952c3f package/openssl: STRIP_STRIP_ALL should be used for binaries 2009-04-28 18:30:15 +00:00
Peter Korsgaard
df1f80d645 package/openssl: also strip libraries with _OPENSSL_BIN is enabled 2009-04-28 18:30:10 +00:00
Peter Korsgaard
98dcd8656d package/openssl: make sure TARGET_CFLAGS are used
And remove the unnedded c_rehash binary while we're at it.

Patch by Gustavo Zacarias <gustavo@zacarias.com.br>, closes #307.

Saves ~250k on PPC with default config (E.G. -Os)
2009-04-28 18:30:06 +00:00
Peter Korsgaard
bd14b0e70f openssl: bump version
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>, closes #217

Fixes multiple security flaws - See
http://www.openssl.org/news/secadv_20090325.txt for details.
2009-04-07 07:01:20 +00:00
Peter Korsgaard
740cf88151 openssl: strip libraries 2009-03-15 07:28:06 +00:00
Peter Korsgaard
89b4f17873 openssl: misc fixes
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
Closes #151.

* Avoid fips directory completely since it just installs source file cruft
  inlib
* Point openssldir to a more friendly and common /etc/ssl rather than
  /usr/lib/ssl
2009-03-05 13:48:29 +00:00
Hamish Moffatt
e14c11230a Bump version to 0.9.8j 2009-02-24 00:37:06 +00:00
Hans-Christian Egtvedt
bd3dd7b6b9 openssl: fix architecture specified when configuring openssl
This patch will default to linux-generic32, unless a known optimized
architecture is selected.

As of today it will select optimized config for; avr32, ia64, powerpc and
x86_64.

This fixes bug #5344.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-10-13 08:10:35 +00:00
Hans-Christian Egtvedt
599d3243f1 openssl: fix compiling OpenSSL for i386 architecture
This patch will use linux-generic32 for all i386 target architectures, which
fixes bug #5274.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-10-07 07:11:15 +00:00
Hans-Christian Egtvedt
1158ddccd9 openssl: convert to Makefile.autotools.in and bump version to 0.9.8g
This patch converts building of OpenSSL to use Makefile.autotools.in and bumps
the version to 0.9.8g. The patches are updated to reflect this version upgrade.

A kconfig option for adding the OpenSSL engines is also added.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-09-24 09:10:06 +00:00
Peter Korsgaard
cdf8f1cf2f openssl: re-revert r22644
The build without CONFIG_UPDATE has now been verified on arm/armeb/avr32,
so lets revert this for good.
2008-07-08 13:49:23 +00:00
Ulf Samuelsson
98ddefdad8 Revert patch which breaks AVR32 build 2008-07-08 10:13:04 +00:00
Hamish Moffatt
ad36f93d5d Don't $(CONFIG_UPDATE) openssl as it doesn't use autotools anyway 2008-07-08 06:40:05 +00:00
Ulf Samuelsson
edbe9d1672 Fix bug [1899] Add table entry to allow openssl to build for AVR32, disabled softfloat 2008-07-05 07:25:06 +00:00
Ulf Samuelsson
9fe1876477 Update config.* of openssl 2008-07-05 06:54:35 +00:00
Peter Korsgaard
dfe689229d buildroot: cleanup <package>-clean targets.
Based on input from Arndt Kritzner & Bernhard Fischer.
2008-03-27 15:42:42 +00:00
Bernhard Reutner-Fischer
14a71561a3 - just use the strip binary to avoid confusing libtool (quotes)
- use $(STRIPCMD) in packages to avoid clashes with $(STRIP)
2007-10-01 16:15:31 +00:00
Bernhard Reutner-Fischer
6547bced93 - global whitespace trimming 2007-08-22 12:35:41 +00:00
Bernhard Reutner-Fischer
956d3eb78b - semicolon touchup. No other changes 2007-08-22 09:56:41 +00:00
Ulf Samuelsson
e4ead9c13c Remove switches if sstrip is run 2007-08-21 01:53:57 +00:00
Ulf Samuelsson
5081b43120 Store openssl files in /usr/lib/ssl 2007-08-13 19:35:08 +00:00
Ulf Samuelsson
be62f652d6 Bump version of openssl, add threads 2007-08-11 16:55:52 +00:00
Ulf Samuelsson
e1621a4a2a Use <package>_VERSION in all <package>.mk instead of <package>_VER 2007-07-11 14:06:06 +00:00
Bernhard Reutner-Fischer
41decaa9fe - install some more stuff that goes into staging_dir into the proper place.
First hunk of fixes for bug #1290
2007-04-16 18:51:20 +00:00
Bernhard Reutner-Fischer
09d260414b - hit awk on steroids with a clue bait 2007-04-06 15:01:32 +00:00
Bernhard Reutner-Fischer
6e2823c1fa - add and use BR2_BZCAT config option. 2006-11-17 15:43:51 +00:00
Mike Frysinger
62bc22c2f5 fix i686 targets [again] bug 595 2005-12-29 11:19:18 +00:00
Mike Frysinger
7848054080 dont set openssl arch to i386-i386 for i386 targets #495 by noah 2005-12-03 20:32:13 +00:00
Mike Frysinger
9468545bbf openssl calls the i686 target "i686/cmov" not just "i686" as pointed out by Sieg on irc 2005-10-06 03:00:54 +00:00
Mike Frysinger
03cac04c28 dont version bump since all the patches need to be redone 2005-10-02 08:37:34 +00:00
Mike Frysinger
18871c83f8 ver bump by gnat in Bug 452 and make sure we configure as i386 with i[456]86 targets by schieli in Bug 450 2005-09-30 01:51:45 +00:00