Commit Graph

25 Commits (d7e981ca4c6c04f441f78d76fbf02cdb69e647ab)

Author SHA1 Message Date
Felix Fietkau 9ac5cfe1ba openssl: fix target definition for x86_64 (#18182)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43045
2014-10-24 13:23:39 +00:00
John Crispin b52651a66e openssl: host build fails when ccache is enabled
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43002
2014-10-20 11:19:53 +00:00
Felix Fietkau 82c182f828 Revert "openssl: add host build."
This reverts commit r42988

SVN-Revision: 42997
2014-10-20 09:18:21 +00:00
John Crispin c8ad508d37 openssl: add host build.
Only support Linux at the moment.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 42988
2014-10-20 06:29:27 +00:00
Felix Fietkau 0a7bd0c8b9 openssl: add ABI_VERSION to fix package rebuild issues (fixes #18169)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42963
2014-10-19 16:19:07 +00:00
Jo-Philipp Wich 7949a3d381 openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Also refresh patches and bump copyright year in Makefile.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42929
2014-10-16 08:32:54 +00:00
John Crispin eb8119d590 openssl: another day another bug fix update
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42055
2014-08-07 20:54:41 +00:00
Hauke Mehrtens a56519e1b9 openssl: version bump to 1.0.1h
today appeared another serious vulnerability in openssl. More info is
here http://ccsinjection.lepidum.co.jp. Users are advised to update to
openssl 1.0.1h.

Signed-off-by: Martin Strbacka <martin.strbacka@nic.cz>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 41026
2014-06-05 21:32:36 +00:00
Steven Barth 8333ce1963 OpenSSL: update to 1.0.1g
This fixes the Heartbleed bug (CVE-2014-0160).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 40421
2014-04-08 05:24:36 +00:00
Felix Fietkau 2835152df8 openssl: Fix x86_64 build on some 64bit host systems
On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.

install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'

Set LIBDIR accordingly to fix this.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39885
2014-03-12 10:00:53 +00:00
Felix Fietkau c2bbaf439c openssl: update to 1.0.1f
This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853
2014-03-09 13:23:41 +00:00
Felix Fietkau 836e9fad45 openssl: detect configuration changes and clean build tree accordingly (fixes #15067)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39852
2014-03-09 13:19:29 +00:00
Felix Fietkau 46c8633c45 openssl: move make depend call to Build/Configure
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39851
2014-03-09 13:19:25 +00:00
John Crispin 408306633a openssl: fix up PKG_DEPENDS. there are 2 missing CONFIG_ prefixe
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39607
2014-02-18 13:33:08 +00:00
Felix Fietkau 6cb542d6a4 openssl: Support multi-threaded applications
Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 39048
2013-12-14 10:19:48 +00:00
Felix Fietkau 1f819564d1 openssl: add support for RIPEMD/160
RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.

Size compared:

openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

openssl with RIPEMD/160 support:
652K  8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

So the file size just grows ~5kb, which shouldn't be a problem.

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 38809
2013-11-14 20:42:15 +00:00
Felix Fietkau 7e6b26a1f3 openssl: add parallel build support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37927
2013-09-10 12:09:13 +00:00
Felix Fietkau 648bc811f0 openssl: to disable mips16, use the new PKG_USE_MIPS16 flag instead of messing with cflags directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37771
2013-08-14 13:02:33 +00:00
Felix Fietkau da654a0c42 openssl: add elliptic curve crypto compilation options to openssl
This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

SVN-Revision: 37523
2013-07-24 12:37:55 +00:00
Felix Fietkau aacbb9ba77 openssl: disable mips16, it makes the code slower
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36602
2013-05-10 00:18:27 +00:00
Florian Fainelli f223d0927e openssl: Pass in any TARGET_ASFLAGS
Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.

This depends on patch 1/5.

Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 36201
2013-04-05 12:36:09 +00:00
Florian Fainelli 22e8b168c8 openssl: update OpenSSL to 1.0.1e, fix Cisco DTLS.
1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.

Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.

Update mirror URLs to reflect current reality.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35600
2013-02-14 13:00:03 +00:00
Tim Yardley b521113aa1 openssl: security update to 1.0.1d to address CBC TLS issue
addressing
CVE-2013-0169: 4th February 2013

Signed-off-by: Tim Yardley <yardley@gmail.com>

SVN-Revision: 35524
2013-02-08 19:36:06 +00:00
Hamish Guthrie 81a3d9ba31 licensing: Add licensing metadata to many packages Two new variables are introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated.
The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!

SVN-Revision: 33861
2012-10-19 15:34:28 +00:00
Felix Fietkau 48db59fab7 move library packages to package/libs/
SVN-Revision: 33657
2012-10-08 11:24:12 +00:00