Commit Graph

79 Commits

Author SHA1 Message Date
Gustavo Zacarias
b108e9b5dd openssl: security bump to version 1.0.0j
Bump to version 1.0.0j to fix CVE-2012-2333

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-14 14:36:17 +02:00
Gustavo Zacarias
30a246be8b openssl: switch to the ocf-linux package
Remove builtin OCF support from the openssl package into a new package.
Even though ocf support is just a header file we'd rather have it in a
separate package because of unrelated version bumps and to fetch it from
source.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-05 16:21:49 +02:00
Gustavo Zacarias
776f0b441d openssl: security bump to version 1.0.0i
Fix for CVE-2012-2110

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-19 20:44:50 +02:00
Gustavo Zacarias
94b3f6064a openssl: security bump to version 1.0.0h
Bump to version 1.0.0h to fix CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-03-15 23:33:52 +01:00
Gustavo Zacarias
6d8abaf9f1 openssl: security bump to version 1.0.0g
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-22 21:45:09 +01:00
Gustavo Zacarias
19f280c311 openssl: security bump to version 1.0.0f
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-01-06 11:03:50 +01:00
Thomas Petazzoni
0849e8193e package: remove useless arguments from GENTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
GENTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:09:58 +02:00
Yegor Yefremov
a50f6ef29e openssl: bump to 1.0.0e
Changes between 1.0.0d and 1.0.0e [6 Sep 2011]

  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
     [Kaspar Brand <ossl@velox.ch>]

  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
     for multi-threaded use of ECDH. (CVE-2011-3210)
     [Adam Langley (Google)]

  *) Fix x509_name_ex_d2i memory leak on bad inputs.
     [Bodo Moeller]

  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
     signature public key algorithm by using OID xref utilities instead.
     Before this you could only use some ECC ciphersuites with SHA1 only.
     [Steve Henson]

  *) Add protection against ECDSA timing attacks as mentioned in the paper
     by Billy Bob Brumley and Nicola Tuveri, see:

	http://eprint.iacr.org/2011/232.pdf

     [Billy Bob Brumley and Nicola Tuveri]

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-13 00:17:15 +02:00
Gustavo Zacarias
47736c88c3 openssl: fix compilation for i386
Closes #3445.

OpenSSL emits bswap instructions when building for i386 targets which
unfortunately is only available on 486+ class processors.
Since the normal workaround is detected at build time and we are cross
compiling we need to specify this.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-04-01 21:56:21 +02:00
Gustavo Zacarias
d17c165280 openssl: fix libdir issue
Closes #3205

OpenSSL's build system tries to be too wise for it's own good when
guessing what libdir should be.
This causes problems like the one reported in bug #3205 so just specify
libdir to point to /lib (since it's prefixed it would finally be
/usr/lib) since it should be present on 32 and 64 bit targets.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-23 23:31:49 +01:00
Gustavo Zacarias
68bb70ce5a openssl: security bump to 1.0.0d
CVE-2011-0014
http://www.openssl.org/news/secadv_20110208.txt

OCSP stapling vulnerability in OpenSSL

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-09 22:50:49 +01:00
Gustavo Zacarias
7b9faa03ee openssl: add ocf support
Enable OCF (cryptodev) support for openssl as an option.

This requires a patched kernel to export hardware acceleration for
openssl to use it.
If you lack a patched kernel or support it won't break anything, it will
simply fall back to the default software engine from openssl, you'll
just have a slightly bigger libssl/libcrypto.

Tested with 20100325 release + 20101223 patch from the mailing list.

[Peter: slightly tweaked .mk]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-01-17 22:00:08 +01:00
Gustavo Zacarias
a01ee272fe openssl: security bump to version 1.0.0c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-11 02:25:21 +01:00
Gustavo Zacarias
9df0952493 openssl: security bump to version 1.0.0b
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-19 15:46:37 +01:00
Gustavo Zacarias
567eee4f54 openssl: Bump to 1.0.0a
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-10-18 11:18:12 +02:00
Thomas Petazzoni
97d8618c6c Remove code specific to removed architectures
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-08-31 20:28:21 +02:00
Thomas Petazzoni
9d6610f58f openssl: don't override the CC passed at configure time
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-07-07 08:14:42 +02:00
Gustavo Zacarias
3dbc86f098 openssl: bump version, enable mdc2+camellia+tlsext
Closes #1951

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-06-06 23:15:29 +02:00
Thomas Petazzoni
c9a06efff3 openssl: convert to the generic infrastructure
OpenSSL is not using the autotools as its build system. Therefore, we
must use the generic infrastructure instead of the autotools one.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-05-02 23:26:11 +02:00
Peter Korsgaard
65e209ca07 openssl: fix build without ipv6 support
Closes #1567

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-04-15 16:26:15 +02:00
Gustavo Zacarias
aa3486fd52 openssl: bump version
Closes #1411

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-31 10:59:03 +02:00
Gustavo Zacarias
48ed49e91d openssl: bump to 0.9.8l + security fixes
Closes #703

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-11-15 23:58:50 +01:00
Peter Korsgaard
db5e305867 openssl: use generic support for avr32
Upstream openssl doesn't have avr32 support, and we dropped the
avr32 optimization patch some time ago.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-23 14:44:23 +02:00
Peter Korsgaard
8162f3977a openssl: remove invalid quotes around x86_64
Thanks for Thomas for noticing.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-29 23:35:41 +02:00
Peter Korsgaard
2a966bcd3b openssl: fix arch handling
Closes #497

Use ARCH instead of BR2_ARCH as BR2_ARCH won't match because of the
surrounding quotes.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-29 21:49:45 +02:00
Peter Korsgaard
a4c8130640 package/openssl: fix uninstall 2009-04-28 18:30:20 +00:00
Peter Korsgaard
32c9952c3f package/openssl: STRIP_STRIP_ALL should be used for binaries 2009-04-28 18:30:15 +00:00
Peter Korsgaard
df1f80d645 package/openssl: also strip libraries with _OPENSSL_BIN is enabled 2009-04-28 18:30:10 +00:00
Peter Korsgaard
98dcd8656d package/openssl: make sure TARGET_CFLAGS are used
And remove the unnedded c_rehash binary while we're at it.

Patch by Gustavo Zacarias <gustavo@zacarias.com.br>, closes #307.

Saves ~250k on PPC with default config (E.G. -Os)
2009-04-28 18:30:06 +00:00
Peter Korsgaard
73f4adaa54 openssl: git rid of version number in patches
As noted by Hamish Moffatt on the list.
2009-04-14 05:21:22 +00:00
Peter Korsgaard
bd14b0e70f openssl: bump version
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>, closes #217

Fixes multiple security flaws - See
http://www.openssl.org/news/secadv_20090325.txt for details.
2009-04-07 07:01:20 +00:00
Thiago A. Corrêa
ff33fbe880 Remove asm optimization patch for AVR32. This is non-essencial, yet, was unclean and prevented the build from completing. Asked Atmel to submit upstream. 2009-04-06 21:44:52 +00:00
Peter Korsgaard
740cf88151 openssl: strip libraries 2009-03-15 07:28:06 +00:00
Peter Korsgaard
89b4f17873 openssl: misc fixes
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
Closes #151.

* Avoid fips directory completely since it just installs source file cruft
  inlib
* Point openssldir to a more friendly and common /etc/ssl rather than
  /usr/lib/ssl
2009-03-05 13:48:29 +00:00
Hamish Moffatt
e14c11230a Bump version to 0.9.8j 2009-02-24 00:37:06 +00:00
Peter Korsgaard
b6dbf2eb86 openssl: fix build without largefile support 2009-01-21 20:31:47 +00:00
Peter Korsgaard
675b479c2f Kconfig: remove 'default n' and 'default no' (see r22874)
Signed-off-by: Markus Heidelberg <markus.heidelberg@web.de>
2009-01-18 14:20:18 +00:00
Peter Korsgaard
30f7cc2f3c openssl: remove uclibc-susv3-legacy hunk from avr32 patch 2009-01-06 11:59:55 +00:00
Peter Korsgaard
620bde2127 openssl: fix uclibc 0.9.30 build 2008-12-28 16:08:57 +00:00
Hans-Christian Egtvedt
bd3dd7b6b9 openssl: fix architecture specified when configuring openssl
This patch will default to linux-generic32, unless a known optimized
architecture is selected.

As of today it will select optimized config for; avr32, ia64, powerpc and
x86_64.

This fixes bug #5344.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-10-13 08:10:35 +00:00
Hans-Christian Egtvedt
599d3243f1 openssl: fix compiling OpenSSL for i386 architecture
This patch will use linux-generic32 for all i386 target architectures, which
fixes bug #5274.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-10-07 07:11:15 +00:00
Hans-Christian Egtvedt
86029f4a35 openssl: add patch for AVR32 support and optimization
This patch adds support for AVR32 architecture and adds an optimized DES and
AES algorithm for this architecture.
2008-09-24 09:12:06 +00:00
Hans-Christian Egtvedt
1158ddccd9 openssl: convert to Makefile.autotools.in and bump version to 0.9.8g
This patch converts building of OpenSSL to use Makefile.autotools.in and bumps
the version to 0.9.8g. The patches are updated to reflect this version upgrade.

A kconfig option for adding the OpenSSL engines is also added.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-09-24 09:10:06 +00:00
Peter Korsgaard
02a623ddf9 buildroot: remove trailing spaces
for i in `find -name 'Config*' -o -name 'Makefile*' -o -name '*.mk'`;
do
	sed -i 's/ \+$//' $i;
done
2008-08-04 19:07:05 +00:00
Peter Korsgaard
4683420c4c Kconfig: remove 'default n'
'default n' is the default, so there's no need to say it explicitly.
2008-07-17 20:01:44 +00:00
Peter Korsgaard
cdf8f1cf2f openssl: re-revert r22644
The build without CONFIG_UPDATE has now been verified on arm/armeb/avr32,
so lets revert this for good.
2008-07-08 13:49:23 +00:00
Ulf Samuelsson
98ddefdad8 Revert patch which breaks AVR32 build 2008-07-08 10:13:04 +00:00
Hamish Moffatt
ad36f93d5d Don't $(CONFIG_UPDATE) openssl as it doesn't use autotools anyway 2008-07-08 06:40:05 +00:00
Ulf Samuelsson
edbe9d1672 Fix bug [1899] Add table entry to allow openssl to build for AVR32, disabled softfloat 2008-07-05 07:25:06 +00:00
Ulf Samuelsson
9fe1876477 Update config.* of openssl 2008-07-05 06:54:35 +00:00