aboutsummaryrefslogtreecommitdiffstats
path: root/tools/libressl
Commit message (Collapse)AuthorAgeFilesLines
* tools/libressl: disable assembly code for all hostsMichael Pratt2022-07-311-4/+1
| | | | | | | | | | | | | | | | | | | This SSL library is for hosts only and not shipped as a build product, therefore its performance quality (speed) is not critical. Assembly code is broken in LibreSSL for some x86_64 hosts (part of git history) and for some RISC host archs like armv7l, aarch64, powerpc, ppc64, etc... so let's just disable it for all hosts. For example, this fixes an instance on ARM hosts where the host Python 3 builds broken modules which link to LibreSSL, even with patches that enable LibreSSL support with the import error "unexpected reloc type 3". Ref: a395563f6 ("build: fix libressl build on x32 (amd64ilp32) host ") Suggested-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Michael Pratt <mcpratt@pm.me>
* tools/libressl: ensure PIC-only object compilationMichael Pratt2022-07-311-1/+7
| | | | | | | | | | | | Line up configure arguments for cleaner git diff and editing and grepping. LibreSSL must be built with PIC, and has the flags for it already in CFLAGS. Add the configure option native to LibreSSL to use only PIC in objects, which further enforces that each object in the library has the PIC flag to prevent a mixture of PIC / non-PIC objects within it. Ref: 96a940308 ("tools: libressl: always build as PIC") Signed-off-by: Michael Pratt <mcpratt@pm.me>
* tools/libressl: bump to v3.5.3Andre Heider2022-07-201-2/+2
| | | | | | | | | | | This includes API additions required for u-boot v2022.07 and Python 3.10. https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.1-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3-relnotes.txt Signed-off-by: Andre Heider <a.heider@gmail.com>
* tools/libressl: update to version 3.4.3Josef Schlehofer2022-06-191-2/+2
| | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt ``` It includes the following security fix: * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* tools/libressl: update to version 3.4.2Josef Schlehofer2022-03-011-2/+2
| | | | | | | | | | | | | | | Release notes: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt ``` It includes the following security fix * In some situations the X.509 verifier would discard an error on an unverified certificate chain, resulting in an authentication bypass. Thanks to Ilya Shipitsin and Timo Steinlein for reporting. ``` Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* tools/libressl: update to 3.4.1Rosen Penev2021-11-021-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: update to 3.3.4Rosen Penev2021-09-051-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: update to 3.3.3Rosen Penev2021-06-201-3/+3
| | | | | | Fix wrong FPIC variable usage. Fixes compilation under sparc64 host. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ccache: update to 4.1Rosen Penev2020-12-311-0/+1
| | | | | | | | | | | | | | | | Upstream switched to building with CMake. Adjust accordingly. Reapplied patch as upstream changed the file format. Added HOST_BUILD_PARALLEL for faster compilation. Added cmake tool dependency and removed circular dependencies as a result. Adjusted dependent tools to use NOCACHE as they are needed to build ccache. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: update to 3.3.1Rosen Penev2020-12-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: update to 3.2.1Yuan Tao2020-09-182-14/+3
| | | | | | | | | | | | | | libressl update to 3.2.1 Delete 001-dont-build-tests-man.patch Add configure args : --enable-static --disable-tests The patch (001-dont-build-tests-man.patch) no longer works with the current version. Follow the patch notes: Adding the --enable-static and --disable-tests parameters should replace the patch. Signed-off-by: Yuan Tao <ty@wevs.org>
* tools/libressl: Update to 3.0.2Daniel Engberg2020-02-182-25/+2
| | | | | | Update libressl to 3.0.2 and remove 010-avoid-glibc.patch as fix is added by upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools: libressl: fix compilation for non-glibc clib (FS#2400)Hans Dedecker2019-07-231-0/+23
| | | | | | | | | | | | | Fixes compilaton issue for non glibc clibs : libtool: compile: gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" "-DPACKAGE_STRING=\"libressl 2.9.2\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_SYSLOG=1 -DHAVE_ACCEPT4=1 -DHAVE_PIPE2=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_EXPLICIT_BZERO=1 -DHAVE_GETAUXVAL=1 -DHAVE_GETAUXVAL=1 -DHAVE_DL_ITERATE_PHDR=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAS_GNU_WARNING_LONG=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I../crypto/asn1 -I../crypto/bn -I../crypto/ec -I../crypto/ecdsa -I../crypto/evp -I../crypto/modes -I../crypto -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE -D__STRICT_ALIGNMENT -O2 -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DHAVE_GNU_STACK -Wno-pointer-sign -MT compat/getprogname_linux.lo -MD -MP -MF compat/.deps/getprogname_linux.Tpo -c compat/getprogname_linux.c -o compat/getprogname_linux.o compat/getprogname_linux.c: In function 'getprogname': compat/getprogname_linux.c:32:2: error: #error "Cannot emulate getprogname" #error "Cannot emulate getprogname" ^~~~~ Reported-by: Anibal Portero <anibal.portero@pantacor.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tools: libressl: fix build on MacOSKevin Darbyshire-Bryant2019-07-221-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Making all in tests depbase=`echo handshake_table.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" -DPACKAGE_STRING=\"libressl\ 2.9.2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_READPASSPHRASE_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_READPASSPHRASE=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_GETPROGNAME=1 -DHAVE_SYSLOG=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_ARC4RANDOM=1 -DHAVE_ARC4RANDOM_BUF=1 -DHAVE_ARC4RANDOM_UNIFORM=1 -DHAVE_TIMINGSAFE_BCMP=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAVE___VA_COPY=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I ../crypto/modes -I ../crypto/asn1 -I ../ssl -I ../tls -I ../apps/openssl -I ../apps/openssl/compat -D_PATH_SSL_CA_FILE=\"../apps/openssl/cert.pem\" -I/Users/kevin/wrt/staging_dir/host/include -D__STRICT_ALIGNMENT -O2 -I/Users/kevin/wrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Qunused-arguments -Wno-pointer-sign -MT handshake_table.o -MD -MP -MF $depbase.Tpo -c -o handshake_table.o handshake_table.c &&\ mv -f $depbase.Tpo $depbase.Po make[4]: *** No rule to make target `/Users/kevin/wrt/build_dir/host/libressl-2.9.2/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o', needed by `handshake_table'. Stop. make[3]: *** [all-recursive] Error 1 A similar error & clues from https://gitlab.com/ymorin/buildroot/commit/e783d60473944f8b39f1def45d8d6b483a062158 " LibreSSL 2.9.1 now has a test that requires libtls.a, however, when building a shared library only build, the --disable-static flag is passed to libressl, which prevents the building of libtls.a. With libtls.a not being built, the following error occurs: libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. Stop. There are three options to fix this: 1) Stick with autotools, and provide a patch that removes building anything in the tests folder. 2) Pass --enable-static to LIBRESSL_CONF_OPTS 3) Change the package type to cmake, as a cmake build does not have this issue." It appears we cannot change to cmake because cmake has a dependency on an ssl library. Take option 1 and do not build the tests. Also take the opportunity to remove man page building as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* tools: libressl: update to 2.9.2 versionRoman Yeryomin2019-07-211-2/+2
| | | | | | To keep in sync with OpenSSL 1.1.x branch version options. Signed-off-by: Roman Yeryomin <roman@advem.lv>
* build: fix libressl build on x32 (amd64ilp32) hostThorsten Glaser2018-11-011-0/+4
| | | | | | disable use of assembly code since x32 gets misdetected as amd64 Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
* tools/libressl: Add PKG_CPE_ID for proper CVE trackingRosen Penev2018-10-161-0/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: Update to 2.8.1Daniel Engberg2018-10-071-3/+3
| | | | | | Update libressl to 2.8.1 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools/libressl: update to version 2.7.2Hauke Mehrtens2018-04-281-2/+2
| | | | | | | Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API and this needs some modifications of the code using it. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/libressl: update to 2.6.4Hannu Nyman2018-01-171-2/+2
| | | | Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* tools/libressl: update to 2.5.4Hannu Nyman2017-05-251-3/+3
| | | | Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* tools/libressl: Update to 2.5.1Daniel Engberg2017-03-201-2/+2
| | | | | | Update libressl to 2.5.1 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tools: libressl: always build as PICMatthias Schiffer2017-01-101-0/+1
| | | | | | | | | Fixes link errors for host packages like ruby like the following: /usr/bin/ld: .../staging_dir/host/lib/libcrypto.a(libcrypto_la-md5_dgst.o): relocation R_X86_64_PC32 against symbol `memcpy@@GLIBC_2.14' can not be used when making a shared object; recompile with -fPIC Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libressl: disable shared libraries, fixes build issuesFelix Fietkau2016-12-281-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/libressl: Update to 2.5.0 and use mirrorsDaniel Engberg2016-10-151-3/+5
| | | | | | Updates LibreSSL to 2.5.0 and switches from main site to mirrors as primary source. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* build: allow to build LEDE on latest MacOS XWaldemar Brodkorb2016-06-071-0/+22
Latest Xcode doesn't include openssl anymore. To compile mkimage from u-boot source you need SSL headers on your host. This patch provides libressl host package for any Darwin compilation. Unfortunately openssl from MacPorts can not be used, as the installed headers in /opt/local are breaking GDB compilation. Tested with a RB532 image build and resulting kernel booted on a device via TFTP. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [fixes, dependencies]