openssl: bump to 1.0.2m

Fixes:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results
CVE-2017-3735: Malformed X.509 IPAddressFamily could cause OOB read
CVE-2017-3736: bn_sqrx8x_internal carry bug on x86_64

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>

openssl: replace ocf-crypto-headers with a header file from cryptodev-linux

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>

openssl: update to 1.0.2j

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* (Severity: Moderate) Missing CRL sanity check (CVE-2016-7052)
* 10 Low severity issues

Security advisories:
https://www.openssl.org/news/secadv/20160922.txt
https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>

openssl: Update to version 1.0.2h

Bump to the latest version, fixes several security issues:
* CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49295 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to 1.0.2g (8 CVEs)

CVE-2016-0704

s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites. This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.

CVE-2016-0703

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they *displace* encrypted-key
bytes. This leads to an efficient divide-and-conquer key recovery attack: if
an eavesdropper has intercepted an SSLv2 handshake, they can use the server as
an oracle to determine the SSLv2 master-key, using only 16 connections to the
server and negligible computation. More importantly, this leads to a more
efficient version of DROWN that is effective against non-export ciphersuites,
and requires no significant computation.

CVE-2016-0702

A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery of
RSA keys. The ability to exploit this issue is limited as it relies on an
attacker who has control of code in a thread running on the same hyper-
threaded core as the victim thread which is performing decryptions.

CVE-2016-0799

The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings. Additionally
the internal |doapr_outch| function can attempt to write to an OOB memory
location (at an offset from the NULL pointer) in the event of a memory
allocation failure. In 1.0.2 and below this could be caused where the size
of a buffer to be allocated is greater than INT_MAX. E.g. this could be in
processing a very long "%s" format string. Memory leaks can also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data is
passed to the BIO_*printf functions. If applications use these functions in
this way then they could be vulnerable. OpenSSL itself uses these functions
when printing out human-readable dumps of ASN.1 data. Therefore applications
that print this data could be vulnerable if the data is from untrusted sources.
OpenSSL command line applications could also be vulnerable where they print out
ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is
not considered directly vulnerable. Additionally certificates etc received via
remote connections via libssl are also unlikely to be able to trigger these
issues because of message size limits enforced within libssl.

CVE-2016-0797

In the BN_hex2bn function the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this case
memory is allocated to the internal BIGNUM data field, but it is insufficiently
sized leading to heap corruption. A similar issue exists in BN_dec2bn. This
could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user
applications with very large untrusted hex/dec data. This is anticipated to be
a rare occurrence. All OpenSSL internal usage of these functions use data that
is not expected to be untrusted, e.g. config file data or application command
line arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.

CVE-2016-0798

The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. Specifically, SRP servers that configure a secret seed to hide
valid login information are vulnerable to a memory leak: an attacker connecting
with an invalid username can cause a memory leak of around 300 bytes per
connection. Servers that do not configure SRP, or configure SRP but do not
configure a seed are not vulnerable. In Apache, the seed directive is known as
SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note
that OpenSSL makes no strong guarantees about the indistinguishability of valid
and invalid logins. In particular, computations are currently not carried out
in constant time.

CVE-2016-0705

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare.

CVE-2016-0800

A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and non-
vulnerable servers can be decrypted provided another server supporting SSLv2
and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP)
shares the RSA keys of the non-vulnerable server. This vulnerability is known
as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to
perform approximately 2^50 computation, as well as thousands of connections to
the affected server. A more efficient variant of the DROWN attack exists
against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m,
1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can
avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers,
if they've not done so already. Disabling all SSLv2 ciphers is also sufficient,
provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f)
have been deployed. Servers that have not disabled the SSLv2 protocol, and are
not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
ciphers are nominally disabled, because malicious clients can force the use of
SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following
mitigation against DROWN: SSLv2 is now by default disabled at build-time.
Builds that are not configured with "enable-ssl2" will not support SSLv2.
Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl,
SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the
application explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery
have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2
56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up
are now disabled in default builds of OpenSSL. Builds that are not configured
with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength
ciphers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48868 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48531 3c298f89-4303-0410-b956-a3cf2f4a3e73

OpenSSL: Added source/old to PKG_SOURCE_URL

OpenSSL moves old versions of the library from
http://www.openssl.org/source/ to
http://www.openssl.org/source/old/$version/ breaking the old links.
That behavior breaks the OpenWRT-build every time OpenSSL releases
a new version.

This patch adds http://www.openssl.org/source/old/$version/ to the
PKG_SOURCE_URL of OpenSSL to avoid breaking the build whenever
OpenSSL releases a new version.

Signed-off-by: Kevin Kirsch <ranlvor@starletp9.de>
Reviewed-by: Alexander Dahl <post@lespocky.de>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47860 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add config option for no_hw support

The hardware support is required by some 3rd party engines (tpm)

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47817 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to version 1.0.2e

This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47726 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add one more mirror

Signed-off-by: Luka Perkov <luka@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46517 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to v1.0.2d (CVE-2015-1793)

During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46285 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: disable parallel builds (spurious linking break)

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46005 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: 1.0.2c (srsly, you guys, srsly)

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45950 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45947 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: 1.0.2b (hey, we made it nearly 3 months this time!)

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45946 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: disable arm optimisation until we know why it fails on some socs

Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45343 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: biweekly critical security update

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44900 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: enable ARM assembly acceleration

Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.

Based on a patch submitted by Daniel Drown:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html

Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44618 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: fix upstream regression for non-ec builds

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44364 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: bump to 1.0.2

Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44332 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to 1.0.1l *sigh*

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43976 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: bump to 1.0.1j

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43875 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: fix CVE-2014-3569

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43858 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: reenable CMS (broke krb5)

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43176 3c298f89-4303-0410-b956-a3cf2f4a3e73

license info - revert r43155

turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43167 3c298f89-4303-0410-b956-a3cf2f4a3e73

Add more license tags with SPDX identifiers

Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43155 3c298f89-4303-0410-b956-a3cf2f4a3e73

Add a few SPDX tags

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43151 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: optimize build options, disable old SSL versions

Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43123 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: fix target definition for x86_64 (#18182)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43045 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: host build fails when ccache is enabled

Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43002 3c298f89-4303-0410-b956-a3cf2f4a3e73

Revert "openssl: add host build."

This reverts commit r42988

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42997 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add host build.

Only support Linux at the moment.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42988 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add ABI_VERSION to fix package rebuild issues (fixes #18169)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42963 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)

Also refresh patches and bump copyright year in Makefile.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42929 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: another day another bug fix update

Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42055 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: version bump to 1.0.1h

today appeared another serious vulnerability in openssl. More info is
here http://ccsinjection.lepidum.co.jp. Users are advised to update to
openssl 1.0.1h.

Signed-off-by: Martin Strbacka <martin.strbacka@nic.cz>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41026 3c298f89-4303-0410-b956-a3cf2f4a3e73

OpenSSL: update to 1.0.1g

This fixes the Heartbleed bug (CVE-2014-0160).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40421 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: Fix x86_64 build on some 64bit host systems

On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.

install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'

Set LIBDIR accordingly to fix this.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39885 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update to 1.0.1f

This version includes this changes:

Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39853 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: detect configuration changes and clean build tree accordingly (fixes #15067)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39852 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: move make depend call to Build/Configure

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39851 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: fix up PKG_DEPENDS. there are 2 missing CONFIG_ prefixe

Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39607 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: Support multi-threaded applications

Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39048 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add support for RIPEMD/160

RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.

Size compared:

openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

openssl with RIPEMD/160 support:
652K 8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

So the file size just grows ~5kb, which shouldn't be a problem.

Signed-off-by: Peter Wagner <tripolar@gmx.at>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38809 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add parallel build support

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37927 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: to disable mips16, use the new PKG_USE_MIPS16 flag instead of messing with cflags directly

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37771 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: add elliptic curve crypto compilation options to openssl

This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37523 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: disable mips16, it makes the code slower

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36602 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: Pass in any TARGET_ASFLAGS

Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.

This depends on patch 1/5.

Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36201 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: update OpenSSL to 1.0.1e, fix Cisco DTLS.

1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.

Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.

Update mirror URLs to reflect current reality.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35600 3c298f89-4303-0410-b956-a3cf2f4a3e73

openssl: security update to 1.0.1d to address CBC TLS issue

addressing
CVE-2013-0169: 4th February 2013

Signed-off-by: Tim Yardley <yardley@gmail.com>



git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35524 3c298f89-4303-0410-b956-a3cf2f4a3e73

licensing: Add licensing metadata to many packages
Two new variables are introduces to many packages, namely PKG_LICENSE and
PKG_LICENSE_FILES - there may be more than one license applied to packages,
and these are listed in the PKG_LICENSE variable and separated by spaces.
All relevant license files are also added to the PKG_LICENSE_FILES variable,
also space separated.

The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33861 3c298f89-4303-0410-b956-a3cf2f4a3e73

move library packages to package/libs/

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33657 3c298f89-4303-0410-b956-a3cf2f4a3e73