Commit graph

17 commits

Author SHA1 Message Date
Jo-Philipp Wich
48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth
89c8d78d31 openssl: 1.0.2b (hey, we made it nearly 3 months this time!)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45946
2015-06-11 20:28:44 +00:00
Steven Barth
3006bc6904 openssl: biweekly critical security update
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44900
2015-03-20 08:14:42 +00:00
John Crispin
8573891dfe openssl: enable ARM assembly acceleration
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.

Based on a patch submitted by Daniel Drown:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html

Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>

SVN-Revision: 44618
2015-03-06 07:57:10 +00:00
Steven Barth
909af3fa4b openssl: fix upstream regression for non-ec builds
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44364
2015-02-09 15:26:35 +00:00
Steven Barth
2ca8a6cce4 openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44332
2015-02-09 12:04:00 +00:00
Steven Barth
dbca1e5662 openssl: bump to 1.0.1j
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43875
2015-01-08 18:29:26 +00:00
Steven Barth
2c4d88c503 openssl: fix CVE-2014-3569
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43858
2015-01-06 09:59:55 +00:00
Felix Fietkau
9ac5cfe1ba openssl: fix target definition for x86_64 (#18182)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43045
2014-10-24 13:23:39 +00:00
Jo-Philipp Wich
7949a3d381 openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Also refresh patches and bump copyright year in Makefile.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42929
2014-10-16 08:32:54 +00:00
Felix Fietkau
c2bbaf439c openssl: update to 1.0.1f
This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853
2014-03-09 13:23:41 +00:00
Felix Fietkau
9a97bfcc2b openssl: use termios instead of termio
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39748
2014-02-24 21:09:03 +00:00
Felix Fietkau
7e6b26a1f3 openssl: add parallel build support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37927
2013-09-10 12:09:13 +00:00
Florian Fainelli
16f7554f95 openssl: remove now obsolete cris/etrax patch
The etrax target has been removed in r34768.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35684
2013-02-19 17:22:51 +00:00
Florian Fainelli
22e8b168c8 openssl: update OpenSSL to 1.0.1e, fix Cisco DTLS.
1.0.1d had a rushed fix for CVE-2013-0169 which broke in certain
circumstances. 1.0.1e has the fix for TLS.

Also include a further patch from the 1.0.1 branch which fixes the
breakage this introduced for Cisco's outdated pre-standard version of
DTLS, as used by OpenConnect.

Update mirror URLs to reflect current reality.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35600
2013-02-14 13:00:03 +00:00
Tim Yardley
b521113aa1 openssl: security update to 1.0.1d to address CBC TLS issue
addressing
CVE-2013-0169: 4th February 2013

Signed-off-by: Tim Yardley <yardley@gmail.com>

SVN-Revision: 35524
2013-02-08 19:36:06 +00:00
Felix Fietkau
48db59fab7 move library packages to package/libs/
SVN-Revision: 33657
2012-10-08 11:24:12 +00:00