aboutsummaryrefslogtreecommitdiff
path: root/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
Commit message (Collapse)AuthorAge
* openssl: update to 3.0.12Hauke Mehrtens2023-10-26
| | | | | | | Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] * Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 3.0.9Ivan Pavlov2023-06-09
| | | | | | | | | | | | | | CVE-2023-2650 fix Remove upstreamed patches Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023] * Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650) * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255) * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465) * Limited the number of nodes created in a policy tree (CVE-2023-0464) Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* openssl: bump to 3.0.8Eneas U de Queiroz2023-02-20
| | | | | | | | | | This is a major update to the current LTS version, supported until 2026-09-07. Changelog: https://github.com/openssl/openssl/blob/openssl-3.0.8/CHANGES.md Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: bump to 1.1.1sJohn Audia2022-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 1.1.1r and 1.1.1s [1 Nov 2022] *) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. [Gibeom Gwon] Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. [Adam Joseph] *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. [Paul Dale] *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases [Matt Caswell] *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes [Todd Short] *) Added the loongarch64 target [Shi Pujin] *) Fixed a DRBG seed propagation thread safety issue [Bernd Edlinger] *) Fixed a memory leak in tls13_generate_secret [Bernd Edlinger] *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. [Bernd Edlinger] *) Added a missing header for memcmp that caused compilation failure on some platforms [Gregor Jasny] Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B Signed-off-by: John Audia <therealgraysky@proton.me>
* openssl: config engines in /etc/ssl/engines.cnf.dEneas U de Queiroz2022-02-22
| | | | | | | | | | | This changes the configuration of engines from the global openssl.cnf to files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has the list of enabled engines, while each engine has its own configuration file installed under /etc/ssl/engines.cnf.d. Patches were refreshed with --zero-commit. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "openssl: refresh patches"Kevin Darbyshire-Bryant2021-03-26
| | | | | | This reverts commit e27ef2da0d513494c3e9926ce8d44b63e4236a32. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: refresh patchesKevin Darbyshire-Bryant2021-03-26
| | | | | | Tidy up some patch fuzz. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: add gcc-8 -ffile-prefix-map filterPaul Spooren2019-10-09
| | | | | | | | | | gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths in the resulting binaries. Ref: https://reproducible-builds.org/docs/build-path/ Signed-off-by: Paul Spooren <mail@aparcar.org> [refactored into separate commit] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-19
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: update to version 1.1.1aEneas U de Queiroz2019-02-12
This version adds the following functionality: * TLS 1.3 * AFALG engine support for hardware accelleration * x25519 ECC curve support * CRIME protection: disable use of compression by default * Support for ChaCha20 and Poly1305 Patches fixing bugs in the /dev/crypto engine were applied, from https://github.com/openssl/openssl/pull/7585 This increses the size of the ipk binray on MIPS32 by about 32%: old: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk 239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Powered by cgit, Themed by Ted Yin.