Commit Graph

17 Commits (2108ca0d9a03d66dd5979fd6a757c1fa23b6ea02)

Author SHA1 Message Date
Steven Barth 8333ce1963 OpenSSL: update to 1.0.1g
This fixes the Heartbleed bug (CVE-2014-0160).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 40421
2014-04-08 05:24:36 +00:00
Felix Fietkau 2835152df8 openssl: Fix x86_64 build on some 64bit host systems
On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.

install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'

Set LIBDIR accordingly to fix this.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39885
2014-03-12 10:00:53 +00:00
Felix Fietkau c2bbaf439c openssl: update to 1.0.1f
This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853
2014-03-09 13:23:41 +00:00
Felix Fietkau 836e9fad45 openssl: detect configuration changes and clean build tree accordingly (fixes #15067)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39852
2014-03-09 13:19:29 +00:00
Felix Fietkau 46c8633c45 openssl: move make depend call to Build/Configure
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39851
2014-03-09 13:19:25 +00:00
John Crispin 408306633a openssl: fix up PKG_DEPENDS. there are 2 missing CONFIG_ prefixe
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39607
2014-02-18 13:33:08 +00:00
Felix Fietkau 6cb542d6a4 openssl: Support multi-threaded applications
Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 39048
2013-12-14 10:19:48 +00:00
Felix Fietkau 1f819564d1 openssl: add support for RIPEMD/160
RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.

Size compared:

openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

openssl with RIPEMD/160 support:
652K  8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

So the file size just grows ~5kb, which shouldn't be a problem.

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 38809
2013-11-14 20:42:15 +00:00
Felix Fietkau 7e6b26a1f3 openssl: add parallel build support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37927
2013-09-10 12:09:13 +00:00
Felix Fietkau 648bc811f0 openssl: to disable mips16, use the new PKG_USE_MIPS16 flag instead of messing with cflags directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37771
2013-08-14 13:02:33 +00:00
Felix Fietkau da654a0c42 openssl: add elliptic curve crypto compilation options to openssl
This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

SVN-Revision: 37523
2013-07-24 12:37:55 +00:00
Felix Fietkau aacbb9ba77 openssl: disable mips16, it makes the code slower
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36602
2013-05-10 00:18:27 +00:00
Florian Fainelli f223d0927e openssl: Pass in any TARGET_ASFLAGS
Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.

This depends on patch 1/5.

Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 36201
2013-04-05 12:36:09 +00:00
Florian Fainelli 22e8b168c8 openssl: update OpenSSL to 1.0.1e, fix Cisco DTLS.
1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.

Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.

Update mirror URLs to reflect current reality.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35600
2013-02-14 13:00:03 +00:00
Tim Yardley b521113aa1 openssl: security update to 1.0.1d to address CBC TLS issue
addressing
CVE-2013-0169: 4th February 2013

Signed-off-by: Tim Yardley <yardley@gmail.com>

SVN-Revision: 35524
2013-02-08 19:36:06 +00:00
Hamish Guthrie 81a3d9ba31 licensing: Add licensing metadata to many packages Two new variables are introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated.
The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!

SVN-Revision: 33861
2012-10-19 15:34:28 +00:00
Felix Fietkau 48db59fab7 move library packages to package/libs/
SVN-Revision: 33657
2012-10-08 11:24:12 +00:00