Commit Graph

106 Commits

Author SHA1 Message Date
Gustavo Zacarias
d4e547438c openssl: security bump to version 1.0.2d
Fixes CVE-2015-1793 - Alternative chains certificate forgery.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-09 22:03:05 +02:00
Benoît Thébaudeau
ca58207df0 openssl: fix static build
If configured with no-dso, the openssl binary still gets linked with
-ldl, while libdl is not available for static-only builds. The OpenSSL
framework does not support automatically dropping -ldl with no-dso, so
-ldl has to be removed from Makefile after calling ./Configure as
explained in PROBLEMS.

Fixes http://autobuild.buildroot.org/results/cbb35f2582f1cfeb3d11cb4952a80784ff660baf

[Peter: add reference to PROBLEMS file]
Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-07-09 08:54:00 +02:00
Benoît Thébaudeau
a7bc0b9623 openssl: always build apps
Now that building the openssl binary without MMU is supported, the only
reason left for not building apps if the openssl binary is disabled is
to save build time. Moreover, the commit
720893b625 "openssl: disable apps for
NOMMU", which added this behavior, had a side effect: the scripts from
apps (CA.pl, CA.sh and tsget) and the default configuration file
(openssl.cnf) were no longer installed, which is not advertized by the
BR2_PACKAGE_OPENSSL_BIN option. CA.pl and CA.sh use the openssl binary,
so not installing them without the latter makes sense. But tsget does
not use the openssl binary, and openssl.cnf can be used by libcrypto, so
it is preferable to handle BR2_PACKAGE_OPENSSL_BIN like before the
commit mentioned above, i.e. to always build and install apps and to
just remove the openssl binary afterwards if needed.

This is what the current commit does, but installing only the helper
scripts having their dependencies (perl or the openssl binary)
satisfied. The help text is updated accordingly.

Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-06 17:09:45 +02:00
Benoît Thébaudeau
c8937ade4b openssl: support building the binary without MMU
The commit 720893b625 "openssl: disable
apps for NOMMU" prevented the openssl binary from being built without
MMU in order to fix a build failure without fork(). However, openssl is
designed to support the lack of fork() with -DHAVE_FORK=0, so allow the
openssl binary to be enabled without MMU thanks to this option.

Signed-off-by: Benoît Thébaudeau <benoit@wsystem.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-30 16:44:12 +02:00
Gustavo Zacarias
e4f2d3b12a openssl: bump to version 1.0.2c
Fixes HMAC ABI breakage from 1.0.2b

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-12 22:16:11 +02:00
Gustavo Zacarias
53c8d64c08 openssl: security bump to version 1.0.2b
CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1788 - Malformed ECParameters causes infinite loop
CVE-2015-1792 - CMS verify infinite loop with unknown hash function
CVE-2015-1791 - Race condition handling NewSessionTicket

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-12 21:28:21 +02:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Gustavo Zacarias
85e7efff1a openssl: security bump to version 1.0.2a
Fixes:
CVE-2015-0291 - ClientHello sigalgs DoS
CVE-2015-0290 - Multiblock corrupted pointer
CVE-2015-0207 - Segmentation fault in DTLSv1_listen
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0208 - Segmentation fault for invalid PSS parameters
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
CVE-2015-0293 - DoS via reachable assert in SSLv2 servers
CVE-2015-1787 - Empty CKE with client auth and DHE
CVE-2015-0285 - Handshake with unseeded PRNG
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref

musl patch removed since it's no longer necessary.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-19 21:50:58 +01:00
Vicente Olivert Riera
74dd54bf73 openssl: bump version to 1.0.2
- Bump version to 1.0.2
- Adapt patches to new version
- Update hash value

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-27 14:31:35 +01:00
Gustavo Zacarias
e06d091d59 openssl: bump to version 1.0.1l
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-20 00:43:33 +01:00
Gustavo Zacarias
04f99f9659 openssl: security bump to version 1.0.1k
Fixes:
CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record
CVE-2014-3569 - no-ssl3 configuration sets method to NULL
CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client]
CVE-2015-0205 - DH client certificates accepted without verification
[Server]
CVE-2014-8275 - Certificate fingerprints can be modified
CVE-2014-3570 - Bignum squaring may produce incorrect results

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-08 21:16:53 +01:00
Thomas Petazzoni
665e13c85e Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.

As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.

This also helps preparing the addition of other options to select
shared, shared+static or just static.

Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2014-12-11 22:48:13 +01:00
Bernd Kuhls
b4c7db619e package/openssl: drop libdl from more pc files
This is a follow-up patch for
http://git.buildroot.net/buildroot/commit/package/openssl/openssl.mk?id=c130c5d4635e2a4c7338161953152faf8fca07c4

Fixes
http://autobuild.buildroot.net/results/358/35899961b6dc01c1522b17f63946da5ab809bff8/
http://autobuild.buildroot.net/results/c86/c865214e74dd3766b6343ef73c666fa89c0b5dec/
http://autobuild.buildroot.net/results/fc1/fc12e88fb789e2b68d427c37f39789954309b05d/
http://autobuild.buildroot.net/results/f4d/f4deef4e7d2e2cf5fbc9ce5f02289b4dc60cd23b/
http://autobuild.buildroot.net/results/dfd/dfd81f1f1f0f315317b2a85d24b286a277ac7c16/
http://autobuild.buildroot.net/results/918/9188fc9a63d880cac28c5a9a246ca5504dd11bb2/
http://autobuild.buildroot.net/results/dd1/dd1c326345f8f9c8b5838601ace19002f5360bb2/
http://autobuild.buildroot.net/results/27b/27b4544c59166a9f40092403ed3f530190544a82/
http://autobuild.buildroot.net/results/c37/c37022e334d763bad2a59f7311b93504a569b2dd/
http://autobuild.buildroot.net/results/e89/e89265937a6b4808b817be16bcab79bae4a9aed1/
http://autobuild.buildroot.net/results/4a2/4a222a40d627fda6e49714b13b4321d62c9c2e51/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-11-22 19:54:25 +01:00
Peter Korsgaard
93951c8f24 host-openssl: use correct prefix so libssl / libcrypto can be found
Fixes (root cause of):
http://autobuild.buildroot.net/results/d01/d0190a6e5c6b5aa78cfefc29e4e8a4e4b135450b/
http://autobuild.buildroot.net/results/9bb/9bb8defedb8024de83eb3a609ab584efb5d0d2b0/
http://autobuild.buildroot.net/results/e4a/e4a1b298e7e158d3614b89e61d40ef9a00e7ff67/
http://autobuild.buildroot.net/results/5e2/5e24a90058111f7d5618047410f809b45bc165f6/

And many others.

The host version of openssl should be configured to use the host directory
as its prefix and the INSTALL_PREFIX dance shouldn't be used, as otherwise
host-openssl will look in /usr for its libraries.

While we are at it, ensure our host CFLAGS are used similar to how we do for
the target build.  Also enable zlib support as we already list it as a
dependency.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-03 10:59:06 +01:00
Gustavo Zacarias
326781940f openssl: security bump to version 1.0.1j
Fixes:
CVE-2014-3513 - SRTP memory leak
CVE-2014-3567 - Session ticket memory leak
CVE-2014-3568 - Build option no-ssl3 is incomplete
And adds SSL3 fallback protection against POODLE.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-17 14:17:48 +02:00
Gustavo Zacarias
5dd65f2635 openssl: security bump to version 1.0.1i
Fixes:
CVE-2014-3508 - Information leak in pretty printing functions
CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message
CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
CVE-2014-3505 - Double Free when processing DTLS packets
CVE-2014-3506 - DTLS memory exhaustion
CVE-2014-3507 - DTLS memory leak from zero-length fragments
CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
CVE-2014-3511 - OpenSSL TLS protocol downgrade attack
CVE-2014-3512 - SRP buffer overrun

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-07 22:13:14 +02:00
Gustavo Zacarias
c130c5d463 openssl: drop libdl from pc file
Fixes:
http://autobuild.buildroot.net/results/2a2/2a274e2dbffd268a391b0e8a15dae5a759b870a1/

[Thomas: move registration of the hook inside the condition.]

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-19 18:06:19 +02:00
Baruch Siach
5e00a5e3a9 openssl: security bump to version 1.0.1h
Fixes CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198 among others.
See https://www.openssl.org/news/secadv_20140605.txt for details.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-06-05 21:26:30 +02:00
Cody P Schafer
7e674dfa4f powerpc: add powerpc64 and powerpc64le support
This enables powerpc64 and powerpc64le. Currently, le needs at least
glibc 2.19 and gcc 4.9.0. For gdb, 7.7.1 works (added in an earlier
patch).

[Peter: also disallow gcc 4.8 for ppc64le]
Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-26 21:48:33 +02:00
Baruch Siach
ab39c1b47c openssl: bump to version 1.0.1g
Fixes highly critical CVE-2014-0160. See http://heartbleed.com .

Drop patch applied upstream.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-04-08 08:53:09 +02:00
Gustavo Zacarias
757690a262 openssl: bump to version 1.0.1f
Fixes CVE-2013-4343, CVE-2013-6450 and the previously patched
CVE-2013-6449.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-07 17:25:04 +01:00
Thomas De Schampheleire
eb7bd9ef61 packages: remove uninstall commands
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-06 09:40:40 +01:00
Yann E. MORIN
a17ec1645d package/openssl: fix coding style
Currently, openssl defines three conditional hooks, but two do not
follow our coding rules:
  - for PRE_CONFIGURE, the hook is defined in the if-block, but
    the _HOOK variable is always set
  - for POST_INSTALL_TARGET, the hook is always defined, but the
    _HOOK variable is set in the if-block

Fix that:
  - define the hook in the if-block
  - assign the _HOOK variable in the if-block

At the same time, get rid of extra empty lines that make it more
difficult to read.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-06 00:10:09 +01:00
Peter Korsgaard
43becdba4c openssl: only build threads configuration if toolchain has pthread support
Gets rid of a large number of warnings (and suboptimal code?):

..sysroot/usr/include/features.h:209:5: warning: #warning requested
reentrant code, but thread support was disabled [-Wcpp]

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-11-22 22:44:54 +01:00
Gustavo Zacarias
467b8d1f69 openssl: don't build tests
These require shared libraries and we save a tiny amount of build time.
Fixes:
http://autobuild.buildroot.net/results/88e/88e5e07e94e49879907186ff35ce66944f867ec2/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-08-23 20:41:54 +02:00
Thomas Petazzoni
12d1aa4b69 Remove BR2_HAVE_DEVFILES
This finally removes the BR2_HAVE_DEVFILES option, that was used to
install/keep development files on target. With the recent migration of
the internal backend to the package infrastructure, we had anyway lost
the ability to build gcc for the target, and install the uClibc
development files on the target.

[Peter: also remove support/scripts/copy.sh]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-07-04 09:06:33 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Arnout Vandecappelle (Essensium/Mind)
6a77344162 openssl: fix host-openssl dependencies
Support for ocf-linux or cryptodev-linux added a dependency of host-openssl
on host-ocf-linux / host-cryptodev-linux, which we don't have and the
dependency is anyway not needed.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-12 21:10:25 +02:00
Gustavo Zacarias
c714dba577 openssl: integrate variable cryptodev support
Allow openssl to use cryptodev-linux hardware crypto support besides
OCF.
To do this we remove the OCF option from openssl and automatically use
any of the available implementations when available.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-05 23:00:12 +02:00
Gustavo Zacarias
7842789cb5 openssl: add host variant
Useful for the upcoming host-python-m2crypto package.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-17 23:00:21 +02:00
Gustavo Zacarias
1b7f398dbb openssl: adjust ARM optimizations
We no longer support ARM less than v4 so just kill dead code that we had
for those cases.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-11 09:25:51 +02:00
Gustavo Zacarias
0ff2d0f74b openssl: bump to version 1.0.1e
Fixes some regressions introduced by 1.0.1d

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-18 13:15:17 +01:00
Gustavo Zacarias
ae27c45568 openssl: security bump to version 1.0.1d
Fixes CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-05 17:17:31 +01:00
Peter Korsgaard
a3671a3f25 openssl: fix static build
Just use the default target instead of hardcoding shared library support.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-16 10:49:01 +01:00
Gustavo Zacarias
85736773fa openssl: fix runtime failure on some powerpc variants
OpenSSL's assembly optimizations por PowerPC seem to be broken for at
least 4xx cores.
Thanks go to Jan Schunke for reporting and testing.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-10 22:29:03 +01:00
Gustavo Zacarias
720893b625 openssl: disable apps for NOMMU
The openssl binary uses fork() so disable the option and build for !MMU.
Fixes
http://autobuild.buildroot.net/results/45a9b84c16caadbf77b6fc43d7a0001c981a4c87/build-end.log

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-22 20:53:15 +02:00
Peter Korsgaard
32a0454d3c Merge branch 'next'
Conflicts:
	package/e2fsprogs/e2fsprogs.mk
	package/libfuse/libfuse.mk
	package/multimedia/mpd/mpd.mk
	package/smartmontools/smartmontools.mk

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-09-03 21:59:03 +02:00
Gustavo Zacarias
f3c33a354b openssl: bump to version 1.0.1c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-24 23:28:26 +02:00
Danomi Manchego
9e6ab3600f openssl: add license info
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-15 12:03:44 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Peter Korsgaard
d8c630d539 openssl: fix static build
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-07-01 23:59:29 +02:00
Gustavo Zacarias
b108e9b5dd openssl: security bump to version 1.0.0j
Bump to version 1.0.0j to fix CVE-2012-2333

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-14 14:36:17 +02:00
Gustavo Zacarias
30a246be8b openssl: switch to the ocf-linux package
Remove builtin OCF support from the openssl package into a new package.
Even though ocf support is just a header file we'd rather have it in a
separate package because of unrelated version bumps and to fetch it from
source.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-05 16:21:49 +02:00
Gustavo Zacarias
776f0b441d openssl: security bump to version 1.0.0i
Fix for CVE-2012-2110

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-19 20:44:50 +02:00
Gustavo Zacarias
94b3f6064a openssl: security bump to version 1.0.0h
Bump to version 1.0.0h to fix CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-03-15 23:33:52 +01:00
Gustavo Zacarias
6d8abaf9f1 openssl: security bump to version 1.0.0g
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-22 21:45:09 +01:00
Gustavo Zacarias
19f280c311 openssl: security bump to version 1.0.0f
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-06 11:03:50 +01:00
Thomas Petazzoni
0849e8193e package: remove useless arguments from GENTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
GENTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:09:58 +02:00
Yegor Yefremov
a50f6ef29e openssl: bump to 1.0.0e
Changes between 1.0.0d and 1.0.0e [6 Sep 2011]

  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
     [Kaspar Brand <ossl@velox.ch>]

  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
     for multi-threaded use of ECDH. (CVE-2011-3210)
     [Adam Langley (Google)]

  *) Fix x509_name_ex_d2i memory leak on bad inputs.
     [Bodo Moeller]

  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
     signature public key algorithm by using OID xref utilities instead.
     Before this you could only use some ECC ciphersuites with SHA1 only.
     [Steve Henson]

  *) Add protection against ECDSA timing attacks as mentioned in the paper
     by Billy Bob Brumley and Nicola Tuveri, see:

	http://eprint.iacr.org/2011/232.pdf

     [Billy Bob Brumley and Nicola Tuveri]

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-13 00:17:15 +02:00
Gustavo Zacarias
47736c88c3 openssl: fix compilation for i386
Closes #3445.

OpenSSL emits bswap instructions when building for i386 targets which
unfortunately is only available on 486+ class processors.
Since the normal workaround is detected at build time and we are cross
compiling we need to specify this.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-04-01 21:56:21 +02:00