#
af7e7ab6 |
|
04-Nov-2017 |
Zoltan HERPAI <wigyori@uid0.hu> |
openssl: bump to 1.0.2m Fixes: CVE-2017-3731: Truncated packet could crash via OOB read CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055: Montgomery multiplication may produce incorrect results CVE-2017-3735: Malformed X.509 IPAddressFamily could cause OOB read CVE-2017-3736: bn_sqrx8x_internal carry bug on x86_64 Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
#
2f80e9df |
|
12-May-2016 |
Felix Fietkau <nbd@nbd.name> |
openssl: replace ocf-crypto-headers with a header file from cryptodev-linux Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
#
2933b2f1 |
|
26-Sep-2016 |
Zoltan HERPAI <wigyori@uid0.hu> |
openssl: update to 1.0.2j Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * (Severity: Moderate) Missing CRL sanity check (CVE-2016-7052) * 10 Low severity issues Security advisories: https://www.openssl.org/news/secadv/20160922.txt https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
#
dbd05b03 |
|
03-May-2016 |
Jo-Philipp Wich <jow@openwrt.org> |
openssl: Update to version 1.0.2h Bump to the latest version, fixes several security issues: * CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 More details at https://www.openssl.org/news/openssl-1.0.2-notes.html Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49295 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
fc48dd37 |
|
01-Mar-2016 |
Jo-Philipp Wich <jow@openwrt.org> |
openssl: update to 1.0.2g (8 CVEs) CVE-2016-0704 s2_srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a Bleichenbacher oracle, and could potentially allow more efficient variants of the DROWN attack. CVE-2016-0703 s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they *displace* encrypted-key bytes. This leads to an efficient divide-and-conquer key recovery attack: if an eavesdropper has intercepted an SSLv2 handshake, they can use the server as an oracle to determine the SSLv2 master-key, using only 16 connections to the server and negligible computation. More importantly, this leads to a more efficient version of DROWN that is effective against non-export ciphersuites, and requires no significant computation. CVE-2016-0702 A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper- threaded core as the victim thread which is performing decryptions. CVE-2016-0799 The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0797 In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare. CVE-2016-0798 The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. CVE-2016-0705 A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. CVE-2016-0800 A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non- vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server. A more efficient variant of the DROWN attack exists against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they've not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN: SSLv2 is now by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up are now disabled in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48868 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
8b0f96a7 |
|
28-Jan-2016 |
Felix Fietkau <nbd@openwrt.org> |
openssl: update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48531 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
61176282 |
|
11-Dec-2015 |
John Crispin <blogic@openwrt.org> |
OpenSSL: Added source/old to PKG_SOURCE_URL OpenSSL moves old versions of the library from http://www.openssl.org/source/ to http://www.openssl.org/source/old/$version/ breaking the old links. That behavior breaks the OpenWRT-build every time OpenSSL releases a new version. This patch adds http://www.openssl.org/source/old/$version/ to the PKG_SOURCE_URL of OpenSSL to avoid breaking the build whenever OpenSSL releases a new version. Signed-off-by: Kevin Kirsch <ranlvor@starletp9.de> Reviewed-by: Alexander Dahl <post@lespocky.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47860 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
39883238 |
|
09-Dec-2015 |
Hauke Mehrtens <hauke@openwrt.org> |
openssl: add config option for no_hw support The hardware support is required by some 3rd party engines (tpm) Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47817 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
8116a8d3 |
|
03-Dec-2015 |
Hauke Mehrtens <hauke@openwrt.org> |
openssl: update to version 1.0.2e This fixes the following security problems: * CVE-2015-3193 * CVE-2015-3194 * CVE-2015-3195) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47726 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
350edd28 |
|
28-Jul-2015 |
Luka Perkov <luka@openwrt.org> |
openssl: add one more mirror Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46517 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
54009046 |
|
09-Jul-2015 |
Jo-Philipp Wich <jow@openwrt.org> |
openssl: update to v1.0.2d (CVE-2015-1793) During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46285 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
8be7ede1 |
|
16-Jun-2015 |
Steven Barth <steven@midlink.org> |
openssl: disable parallel builds (spurious linking break) Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46005 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
eb58bedb |
|
12-Jun-2015 |
Steven Barth <steven@midlink.org> |
openssl: 1.0.2c (srsly, you guys, srsly) Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45950 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
d175ac81 |
|
11-Jun-2015 |
Steven Barth <steven@midlink.org> |
openssl: fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45947 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
50c5c4f6 |
|
11-Jun-2015 |
Steven Barth <steven@midlink.org> |
openssl: 1.0.2b (hey, we made it nearly 3 months this time!) Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45946 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
89752d35 |
|
10-Apr-2015 |
John Crispin <blogic@openwrt.org> |
openssl: disable arm optimisation until we know why it fails on some socs Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45343 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
99ffd705 |
|
20-Mar-2015 |
Steven Barth <steven@midlink.org> |
openssl: biweekly critical security update Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44900 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
2689997f |
|
06-Mar-2015 |
John Crispin <blogic@openwrt.org> |
openssl: enable ARM assembly acceleration Tested myself on ixp4xx and mvebu, and (originally) by Daniel on i.MX6. Also tested on a MIPS target, to make sure the change to ASFLAGS does not break things. Based on a patch submitted by Daniel Drown: https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html Signed-off-by: Claudio Leite <leitec@staticky.com> Signed-off-by: Daniel Drown <dan-openwrt@drown.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44618 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
a98b1cf5 |
|
09-Feb-2015 |
Steven Barth <steven@midlink.org> |
openssl: fix upstream regression for non-ec builds Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44364 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
c10ed85f |
|
08-Feb-2015 |
Steven Barth <steven@midlink.org> |
openssl: bump to 1.0.2 Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566 Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44332 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
17801c4a |
|
15-Jan-2015 |
Steven Barth <steven@midlink.org> |
openssl: update to 1.0.1l *sigh* Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43976 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
ab095633 |
|
08-Jan-2015 |
Steven Barth <steven@midlink.org> |
openssl: bump to 1.0.1j Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43875 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
0742ac3b |
|
06-Jan-2015 |
Steven Barth <steven@midlink.org> |
openssl: fix CVE-2014-3569 Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43858 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
8d8d9ce2 |
|
04-Nov-2014 |
Steven Barth <steven@midlink.org> |
openssl: reenable CMS (broke krb5) Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43176 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
85c10a8a |
|
03-Nov-2014 |
John Crispin <blogic@openwrt.org> |
license info - revert r43155 turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43167 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
b8df8ca9 |
|
03-Nov-2014 |
John Crispin <blogic@openwrt.org> |
Add more license tags with SPDX identifiers Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43155 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
2bf2015c |
|
01-Nov-2014 |
Steven Barth <steven@midlink.org> |
Add a few SPDX tags Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43151 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
b5a50ff4 |
|
30-Oct-2014 |
Steven Barth <steven@midlink.org> |
openssl: optimize build options, disable old SSL versions Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com> Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43123 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
0cf70f8a |
|
24-Oct-2014 |
Felix Fietkau <nbd@openwrt.org> |
openssl: fix target definition for x86_64 (#18182) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43045 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
058c79e4 |
|
20-Oct-2014 |
John Crispin <blogic@openwrt.org> |
openssl: host build fails when ccache is enabled Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43002 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
c0464fcf |
|
20-Oct-2014 |
Felix Fietkau <nbd@openwrt.org> |
Revert "openssl: add host build." This reverts commit r42988 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42997 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
a7621732 |
|
20-Oct-2014 |
John Crispin <blogic@openwrt.org> |
openssl: add host build. Only support Linux at the moment. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42988 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
2e352aab |
|
19-Oct-2014 |
Felix Fietkau <nbd@openwrt.org> |
openssl: add ABI_VERSION to fix package rebuild issues (fixes #18169) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42963 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
b3c29f9f |
|
16-Oct-2014 |
Jo-Philipp Wich <jow@openwrt.org> |
openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568) Also refresh patches and bump copyright year in Makefile. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42929 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
3b2b802a |
|
07-Aug-2014 |
John Crispin <blogic@openwrt.org> |
openssl: another day another bug fix update Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42055 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
d25c5b67 |
|
05-Jun-2014 |
Hauke Mehrtens <hauke@openwrt.org> |
openssl: version bump to 1.0.1h today appeared another serious vulnerability in openssl. More info is here http://ccsinjection.lepidum.co.jp. Users are advised to update to openssl 1.0.1h. Signed-off-by: Martin Strbacka <martin.strbacka@nic.cz> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41026 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
7166609d |
|
07-Apr-2014 |
Steven Barth <steven@midlink.org> |
OpenSSL: update to 1.0.1g This fixes the Heartbleed bug (CVE-2014-0160). Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40421 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
29368b69 |
|
12-Mar-2014 |
Felix Fietkau <nbd@openwrt.org> |
openssl: Fix x86_64 build on some 64bit host systems On some build hosts openssl fails to install since openssl installs itself into lib64 while the openwrt Makefile expects the libs to end up in lib. install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/ install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1 make[2]: Leaving directory `/openwrt/package/libs/openssl' make[1]: *** [package/libs/openssl/compile] Error 2 make[1]: Leaving directory `/openwrt' Set LIBDIR accordingly to fix this. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39885 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
2ceb14d4 |
|
09-Mar-2014 |
Felix Fietkau <nbd@openwrt.org> |
openssl: update to 1.0.1f This version includes this changes: Don't include gmt_unix_time in TLS server and client random values Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450 Signed-off-by: Peter Wagner <tripolar@gmx.at> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39853 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
d11fe147 |
|
09-Mar-2014 |
Felix Fietkau <nbd@openwrt.org> |
openssl: detect configuration changes and clean build tree accordingly (fixes #15067) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39852 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
3e05d1f9 |
|
09-Mar-2014 |
Felix Fietkau <nbd@openwrt.org> |
openssl: move make depend call to Build/Configure Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39851 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
f2b9871a |
|
18-Feb-2014 |
John Crispin <blogic@openwrt.org> |
openssl: fix up PKG_DEPENDS. there are 2 missing CONFIG_ prefixe Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39607 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
95758e8d |
|
14-Dec-2013 |
Felix Fietkau <nbd@openwrt.org> |
openssl: Support multi-threaded applications Allow multi-threaded applications to work properly by removing the "no-threads" flag that is enabled by default. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39048 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
2aa80858 |
|
14-Nov-2013 |
Felix Fietkau <nbd@openwrt.org> |
openssl: add support for RIPEMD/160 RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh. Size compared: openssl without RIPEMD/160 support: 647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk openssl with RIPEMD/160 support: 652K 8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk So the file size just grows ~5kb, which shouldn't be a problem. Signed-off-by: Peter Wagner <tripolar@gmx.at> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38809 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
d4a372f0 |
|
09-Sep-2013 |
Felix Fietkau <nbd@openwrt.org> |
openssl: add parallel build support Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37927 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
2d1f4702 |
|
14-Aug-2013 |
Felix Fietkau <nbd@openwrt.org> |
openssl: to disable mips16, use the new PKG_USE_MIPS16 flag instead of messing with cflags directly Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37771 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
091e8242 |
|
23-Jul-2013 |
Felix Fietkau <nbd@openwrt.org> |
openssl: add elliptic curve crypto compilation options to openssl This patch adds EC compilation options to openssl OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't) Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size) Activating both take 52Ko. Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37523 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
51274528 |
|
09-May-2013 |
Felix Fietkau <nbd@openwrt.org> |
openssl: disable mips16, it makes the code slower Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36602 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
221ef39a |
|
04-Apr-2013 |
Florian Fainelli <florian@openwrt.org> |
openssl: Pass in any TARGET_ASFLAGS Packages not picking up the regular TARGET_AS need their openwrt Makefiles tweaked. For a basic build, that's just openssl. This depends on patch 1/5. Signed-off-by: Jay Carlson <nop@nop.com> Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36201 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
477ea596 |
|
14-Feb-2013 |
Florian Fainelli <florian@openwrt.org> |
openssl: update OpenSSL to 1.0.1e, fix Cisco DTLS. 1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain circumstances. 1.0.1e has the fix for TLS. Also include a further patch from the 1.0.1 branch which fixes the breakage this introduced for Cisco's outdated pre-standard version of DTLS, as used by OpenConnect. Update mirror URLs to reflect current reality. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35600 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
e07df17a |
|
08-Feb-2013 |
Tim Yardley <yardley@gmail.com> |
openssl: security update to 1.0.1d to address CBC TLS issue addressing CVE-2013-0169: 4th February 2013 Signed-off-by: Tim Yardley <yardley@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35524 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
a81ef914 |
|
19-Oct-2012 |
Hamish Guthrie <hcg@openwrt.org> |
licensing: Add licensing metadata to many packages Two new variables are introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated. The licensing metadata is put into the bin/<platform>/packages/Packages file for later parsing. A script for that is on it's way! git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33861 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
#
a17a510a |
|
08-Oct-2012 |
Felix Fietkau <nbd@openwrt.org> |
move library packages to package/libs/ git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33657 3c298f89-4303-0410-b956-a3cf2f4a3e73
|