aboutsummaryrefslogtreecommitdiffstats
path: root/tools/libressl
Commit message (Collapse)AuthorAgeFilesLines
* tools/libressl: update to version 3.4.3Josef Schlehofer2022-07-151-2/+2
| | | | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt ``` It includes the following security fix: * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google. (CVE-2022–0778) ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 25534d5cc20a807ff776fdb18847344167ce081d)
* tools/libressl: update to version 3.4.2Josef Schlehofer2022-03-061-2/+2
| | | | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt ``` It includes the following security fix * In some situations the X.509 verifier would discard an error on an unverified certificate chain, resulting in an authentication bypass. Thanks to Ilya Shipitsin and Timo Steinlein for reporting. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 495c4f4e197166a6fa997d4620ca6c241e3abd45)
* tools/libressl: update to 3.4.1Rosen Penev2022-03-061-2/+2
| | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 03bb3412a2b8bf8ac69e062ea9fd88e2c6c6fb57)
* tools/libressl: update to 3.3.4Rosen Penev2022-03-061-2/+2
| | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f78ad901e1ce07c42a9f5e670c39dbdcea15eb87)
* tools/libressl: update to 3.3.3Rosen Penev2022-03-061-3/+3
| | | | | | | Fix wrong FPIC variable usage. Fixes compilation under sparc64 host. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit bf4dbbb55e2b8e23f186e1334f1e9ce6a3a8ddfe)
* ccache: update to 4.1Rosen Penev2020-12-311-0/+1
| | | | | | | | | | | | | | | | Upstream switched to building with CMake. Adjust accordingly. Reapplied patch as upstream changed the file format. Added HOST_BUILD_PARALLEL for faster compilation. Added cmake tool dependency and removed circular dependencies as a result. Adjusted dependent tools to use NOCACHE as they are needed to build ccache. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: update to 3.3.1Rosen Penev2020-12-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: update to 3.2.1Yuan Tao2020-09-182-14/+3
| | | | | | | | | | | | | | libressl update to 3.2.1 Delete 001-dont-build-tests-man.patch Add configure args : --enable-static --disable-tests The patch (001-dont-build-tests-man.patch) no longer works with the current version. Follow the patch notes: Adding the --enable-static and --disable-tests parameters should replace the patch. Signed-off-by: Yuan Tao <ty@wevs.org>
* tools/libressl: Update to 3.0.2Daniel Engberg2020-02-182-25/+2
| | | | | | Update libressl to 3.0.2 and remove 010-avoid-glibc.patch as fix is added by upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools: libressl: fix compilation for non-glibc clib (FS#2400)Hans Dedecker2019-07-231-0/+23
| | | | | | | | | | | | | Fixes compilaton issue for non glibc clibs : libtool: compile: gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" "-DPACKAGE_STRING=\"libressl 2.9.2\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_SYSLOG=1 -DHAVE_ACCEPT4=1 -DHAVE_PIPE2=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_EXPLICIT_BZERO=1 -DHAVE_GETAUXVAL=1 -DHAVE_GETAUXVAL=1 -DHAVE_DL_ITERATE_PHDR=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAS_GNU_WARNING_LONG=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I../crypto/asn1 -I../crypto/bn -I../crypto/ec -I../crypto/ecdsa -I../crypto/evp -I../crypto/modes -I../crypto -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE -D__STRICT_ALIGNMENT -O2 -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DHAVE_GNU_STACK -Wno-pointer-sign -MT compat/getprogname_linux.lo -MD -MP -MF compat/.deps/getprogname_linux.Tpo -c compat/getprogname_linux.c -o compat/getprogname_linux.o compat/getprogname_linux.c: In function 'getprogname': compat/getprogname_linux.c:32:2: error: #error "Cannot emulate getprogname" #error "Cannot emulate getprogname" ^~~~~ Reported-by: Anibal Portero <anibal.portero@pantacor.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tools: libressl: fix build on MacOSKevin Darbyshire-Bryant2019-07-221-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Making all in tests depbase=`echo handshake_table.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" -DPACKAGE_STRING=\"libressl\ 2.9.2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_READPASSPHRASE_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_READPASSPHRASE=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_GETPROGNAME=1 -DHAVE_SYSLOG=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_ARC4RANDOM=1 -DHAVE_ARC4RANDOM_BUF=1 -DHAVE_ARC4RANDOM_UNIFORM=1 -DHAVE_TIMINGSAFE_BCMP=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAVE___VA_COPY=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I ../crypto/modes -I ../crypto/asn1 -I ../ssl -I ../tls -I ../apps/openssl -I ../apps/openssl/compat -D_PATH_SSL_CA_FILE=\"../apps/openssl/cert.pem\" -I/Users/kevin/wrt/staging_dir/host/include -D__STRICT_ALIGNMENT -O2 -I/Users/kevin/wrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Qunused-arguments -Wno-pointer-sign -MT handshake_table.o -MD -MP -MF $depbase.Tpo -c -o handshake_table.o handshake_table.c &&\ mv -f $depbase.Tpo $depbase.Po make[4]: *** No rule to make target `/Users/kevin/wrt/build_dir/host/libressl-2.9.2/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o', needed by `handshake_table'. Stop. make[3]: *** [all-recursive] Error 1 A similar error & clues from https://gitlab.com/ymorin/buildroot/commit/e783d60473944f8b39f1def45d8d6b483a062158 " LibreSSL 2.9.1 now has a test that requires libtls.a, however, when building a shared library only build, the --disable-static flag is passed to libressl, which prevents the building of libtls.a. With libtls.a not being built, the following error occurs: libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. Stop. There are three options to fix this: 1) Stick with autotools, and provide a patch that removes building anything in the tests folder. 2) Pass --enable-static to LIBRESSL_CONF_OPTS 3) Change the package type to cmake, as a cmake build does not have this issue." It appears we cannot change to cmake because cmake has a dependency on an ssl library. Take option 1 and do not build the tests. Also take the opportunity to remove man page building as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* tools: libressl: update to 2.9.2 versionRoman Yeryomin2019-07-211-2/+2
| | | | | | To keep in sync with OpenSSL 1.1.x branch version options. Signed-off-by: Roman Yeryomin <roman@advem.lv>
* build: fix libressl build on x32 (amd64ilp32) hostThorsten Glaser2018-11-011-0/+4
| | | | | | disable use of assembly code since x32 gets misdetected as amd64 Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
* tools/libressl: Add PKG_CPE_ID for proper CVE trackingRosen Penev2018-10-161-0/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: Update to 2.8.1Daniel Engberg2018-10-071-3/+3
| | | | | | Update libressl to 2.8.1 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools/libressl: update to version 2.7.2Hauke Mehrtens2018-04-281-2/+2
| | | | | | | Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API and this needs some modifications of the code using it. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/libressl: update to 2.6.4Hannu Nyman2018-01-171-2/+2
| | | | Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* tools/libressl: update to 2.5.4Hannu Nyman2017-05-251-3/+3
| | | | Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* tools/libressl: Update to 2.5.1Daniel Engberg2017-03-201-2/+2
| | | | | | Update libressl to 2.5.1 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools: libressl: always build as PICMatthias Schiffer2017-01-101-0/+1
| | | | | | | | | Fixes link errors for host packages like ruby like the following: /usr/bin/ld: .../staging_dir/host/lib/libcrypto.a(libcrypto_la-md5_dgst.o): relocation R_X86_64_PC32 against symbol `memcpy@@GLIBC_2.14' can not be used when making a shared object; recompile with -fPIC Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libressl: disable shared libraries, fixes build issuesFelix Fietkau2016-12-281-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/libressl: Update to 2.5.0 and use mirrorsDaniel Engberg2016-10-151-3/+5
| | | | | | Updates LibreSSL to 2.5.0 and switches from main site to mirrors as primary source. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* build: allow to build LEDE on latest MacOS XWaldemar Brodkorb2016-06-071-0/+22
Latest Xcode doesn't include openssl anymore. To compile mkimage from u-boot source you need SSL headers on your host. This patch provides libressl host package for any Darwin compilation. Unfortunately openssl from MacPorts can not be used, as the installed headers in /opt/local are breaking GDB compilation. Tested with a RB532 image build and resulting kernel booted on a device via TFTP. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [fixes, dependencies]