summaryrefslogtreecommitdiff
path: root/package/openssl/openssl.mk
AgeCommit message (Collapse)Author
2011-09-13openssl: bump to 1.0.0eYegor Yefremov
Changes between 1.0.0d and 1.0.0e [6 Sep 2011] *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. (CVE-2011-3207) [Kaspar Brand <ossl@velox.ch>] *) Fix SSL memory handling for (EC)DH ciphersuites, in particular for multi-threaded use of ECDH. (CVE-2011-3210) [Adam Langley (Google)] *) Fix x509_name_ex_d2i memory leak on bad inputs. [Bodo Moeller] *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check signature public key algorithm by using OID xref utilities instead. Before this you could only use some ECC ciphersuites with SHA1 only. [Steve Henson] *) Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: http://eprint.iacr.org/2011/232.pdf [Billy Bob Brumley and Nicola Tuveri] Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-04-01openssl: fix compilation for i386Gustavo Zacarias
Closes #3445. OpenSSL emits bswap instructions when building for i386 targets which unfortunately is only available on 486+ class processors. Since the normal workaround is detected at build time and we are cross compiling we need to specify this. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-23openssl: fix libdir issueGustavo Zacarias
Closes #3205 OpenSSL's build system tries to be too wise for it's own good when guessing what libdir should be. This causes problems like the one reported in bug #3205 so just specify libdir to point to /lib (since it's prefixed it would finally be /usr/lib) since it should be present on 32 and 64 bit targets. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-09openssl: security bump to 1.0.0dGustavo Zacarias
CVE-2011-0014 http://www.openssl.org/news/secadv_20110208.txt OCSP stapling vulnerability in OpenSSL Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-01-17openssl: add ocf supportGustavo Zacarias
Enable OCF (cryptodev) support for openssl as an option. This requires a patched kernel to export hardware acceleration for openssl to use it. If you lack a patched kernel or support it won't break anything, it will simply fall back to the default software engine from openssl, you'll just have a slightly bigger libssl/libcrypto. Tested with 20100325 release + 20101223 patch from the mailing list. [Peter: slightly tweaked .mk] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-11openssl: security bump to version 1.0.0cGustavo Zacarias
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-19openssl: security bump to version 1.0.0bGustavo Zacarias
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-10-18openssl: Bump to 1.0.0aGustavo Zacarias
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-08-31Remove code specific to removed architecturesThomas Petazzoni
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-07-07openssl: don't override the CC passed at configure timeThomas Petazzoni
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-06-06openssl: bump version, enable mdc2+camellia+tlsextGustavo Zacarias
Closes #1951 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-05-02openssl: convert to the generic infrastructureThomas Petazzoni
OpenSSL is not using the autotools as its build system. Therefore, we must use the generic infrastructure instead of the autotools one. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-31openssl: bump versionGustavo Zacarias
Closes #1411 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-11-15openssl: bump to 0.9.8l + security fixesGustavo Zacarias
Closes #703 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-23openssl: use generic support for avr32Peter Korsgaard
Upstream openssl doesn't have avr32 support, and we dropped the avr32 optimization patch some time ago. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-29openssl: remove invalid quotes around x86_64Peter Korsgaard
Thanks for Thomas for noticing. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-07-29openssl: fix arch handlingPeter Korsgaard
Closes #497 Use ARCH instead of BR2_ARCH as BR2_ARCH won't match because of the surrounding quotes. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-04-28package/openssl: fix uninstallPeter Korsgaard
2009-04-28package/openssl: STRIP_STRIP_ALL should be used for binariesPeter Korsgaard
2009-04-28package/openssl: also strip libraries with _OPENSSL_BIN is enabledPeter Korsgaard
2009-04-28package/openssl: make sure TARGET_CFLAGS are usedPeter Korsgaard
And remove the unnedded c_rehash binary while we're at it. Patch by Gustavo Zacarias <gustavo@zacarias.com.br>, closes #307. Saves ~250k on PPC with default config (E.G. -Os)
2009-04-07openssl: bump versionPeter Korsgaard
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>, closes #217 Fixes multiple security flaws - See http://www.openssl.org/news/secadv_20090325.txt for details.
2009-03-15openssl: strip librariesPeter Korsgaard
2009-03-05openssl: misc fixesPeter Korsgaard
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar> Closes #151. * Avoid fips directory completely since it just installs source file cruft inlib * Point openssldir to a more friendly and common /etc/ssl rather than /usr/lib/ssl
2009-02-24Bump version to 0.9.8jHamish Moffatt
2008-10-13openssl: fix architecture specified when configuring opensslHans-Christian Egtvedt
This patch will default to linux-generic32, unless a known optimized architecture is selected. As of today it will select optimized config for; avr32, ia64, powerpc and x86_64. This fixes bug #5344. Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-10-07openssl: fix compiling OpenSSL for i386 architectureHans-Christian Egtvedt
This patch will use linux-generic32 for all i386 target architectures, which fixes bug #5274. Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-09-24openssl: convert to Makefile.autotools.in and bump version to 0.9.8gHans-Christian Egtvedt
This patch converts building of OpenSSL to use Makefile.autotools.in and bumps the version to 0.9.8g. The patches are updated to reflect this version upgrade. A kconfig option for adding the OpenSSL engines is also added. Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-07-08openssl: re-revert r22644Peter Korsgaard
The build without CONFIG_UPDATE has now been verified on arm/armeb/avr32, so lets revert this for good.
2008-07-08Revert patch which breaks AVR32 buildUlf Samuelsson
2008-07-08Don't $(CONFIG_UPDATE) openssl as it doesn't use autotools anywayHamish Moffatt
2008-07-05Fix bug [1899] Add table entry to allow openssl to build for AVR32, disabled ↵Ulf Samuelsson
softfloat
2008-07-05Update config.* of opensslUlf Samuelsson
2008-03-27buildroot: cleanup <package>-clean targets.Peter Korsgaard
Based on input from Arndt Kritzner & Bernhard Fischer.
2007-10-01- just use the strip binary to avoid confusing libtool (quotes)Bernhard Reutner-Fischer
- use $(STRIPCMD) in packages to avoid clashes with $(STRIP)
2007-08-22- global whitespace trimmingBernhard Reutner-Fischer
2007-08-22- semicolon touchup. No other changesBernhard Reutner-Fischer
2007-08-21Remove switches if sstrip is runUlf Samuelsson
2007-08-13Store openssl files in /usr/lib/sslUlf Samuelsson
2007-08-11Bump version of openssl, add threadsUlf Samuelsson
2007-07-11Use <package>_VERSION in all <package>.mk instead of <package>_VERUlf Samuelsson
2007-04-16- install some more stuff that goes into staging_dir into the proper place.Bernhard Reutner-Fischer
First hunk of fixes for bug #1290
2007-04-06- hit awk on steroids with a clue baitBernhard Reutner-Fischer
2006-11-17- add and use BR2_BZCAT config option.Bernhard Reutner-Fischer
2005-12-29fix i686 targets [again] bug 595Mike Frysinger
2005-12-03dont set openssl arch to i386-i386 for i386 targets #495 by noahMike Frysinger
2005-10-06openssl calls the i686 target "i686/cmov" not just "i686" as pointed out by ↵Mike Frysinger
Sieg on irc
2005-10-02dont version bump since all the patches need to be redoneMike Frysinger
2005-09-30ver bump by gnat in Bug 452 and make sure we configure as i386 with i[456]86 ↵Mike Frysinger
targets by schieli in Bug 450
2005-07-12Thomas Lundquist writes:Eric Andersen
If I understand you correctly, you want the ncurses development headers on the target. a patch for this (named target_headers.patch and includes similar options for a few other libs in buildroot) can be found at: http://www.zelow.no/floppyfw/download/Development/Patches/buildroot/ (a few packages there aswell) it will add an option to put headers on target for ncurses, zlib and openssl. Thomas.