<feed xmlns='http://www.w3.org/2005/Atom'>
<title>mtk-20170518/package/libs/openssl, branch v17.01.2</title>
<subtitle>MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker</subtitle>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/'/>
<entry>
<title>openssl: Use mkhash for STAMP_CONFIGURED</title>
<updated>2017-04-22T10:43:51+00:00</updated>
<author>
<name>Florian Fainelli</name>
<email>f.fainelli@gmail.com</email>
</author>
<published>2017-03-01T18:48:32+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=72fcdb6286ad7be24296acbd36043ee3e96e5ec4'/>
<id>72fcdb6286ad7be24296acbd36043ee3e96e5ec4</id>
<content type='text'>
The current way of creating a STAMP_CONFIGURED filename for OpenSSL can
lead to an extremely long filename that makes touch unable to create it,
and fail the build.

Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a
shortert stamp file,

Fixes #572

Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The current way of creating a STAMP_CONFIGURED filename for OpenSSL can
lead to an extremely long filename that makes touch unable to create it,
and fail the build.

Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a
shortert stamp file,

Fixes #572

Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: update to version 1.0.2k</title>
<updated>2017-01-28T12:33:22+00:00</updated>
<author>
<name>Hauke Mehrtens</name>
<email>hauke@hauke-m.de</email>
</author>
<published>2017-01-27T22:36:45+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=f5ab082243f9822544204fc713c6bd4dab14a3a8'/>
<id>f5ab082243f9822544204fc713c6bd4dab14a3a8</id>
<content type='text'>
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>treewide: clean up download hashes</title>
<updated>2016-12-16T21:39:22+00:00</updated>
<author>
<name>Felix Fietkau</name>
<email>nbd@nbd.name</email>
</author>
<published>2016-12-16T16:32:10+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=720b99215da295a2e7b4acdef30b58bec6acedc2'/>
<id>720b99215da295a2e7b4acdef30b58bec6acedc2</id>
<content type='text'>
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: update to 1.0.2j</title>
<updated>2016-09-27T15:50:22+00:00</updated>
<author>
<name>Magnus Kroken</name>
<email>mkroken@gmail.com</email>
</author>
<published>2016-09-26T15:21:52+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=b1f39d3d7ee7ba0714e45af64a935b01877a5175'/>
<id>b1f39d3d7ee7ba0714e45af64a935b01877a5175</id>
<content type='text'>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken &lt;mkroken@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken &lt;mkroken@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: Make DTLS configurable.</title>
<updated>2016-09-27T15:50:22+00:00</updated>
<author>
<name>Rosen Penev</name>
<email>rosenp@gmail.com</email>
</author>
<published>2016-09-26T20:00:04+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=c0b15b307201ddeeaf01aa4d6c85cdefbade035f'/>
<id>c0b15b307201ddeeaf01aa4d6c85cdefbade035f</id>
<content type='text'>
Signed-off by: Rosen Penev &lt;rosenp@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off by: Rosen Penev &lt;rosenp@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: Remove J-PAKE. Nothing uses it.</title>
<updated>2016-09-27T15:50:22+00:00</updated>
<author>
<name>Rosen Penev</name>
<email>rosenp@gmail.com</email>
</author>
<published>2016-09-26T19:56:14+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=aaa067ab0b3cfd6d26f976e2e5e43ac15a8f0ee6'/>
<id>aaa067ab0b3cfd6d26f976e2e5e43ac15a8f0ee6</id>
<content type='text'>
Signed-off by: Rosen Penev &lt;rosenp@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off by: Rosen Penev &lt;rosenp@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: backport build fix when hardware support is used</title>
<updated>2016-09-24T17:53:00+00:00</updated>
<author>
<name>Hauke Mehrtens</name>
<email>hauke@hauke-m.de</email>
</author>
<published>2016-09-24T17:50:27+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=ea288126dbcf11ecf990b858e1c563b24b198327'/>
<id>ea288126dbcf11ecf990b858e1c563b24b198327</id>
<content type='text'>
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.

Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.

Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: update to 1.0.2i</title>
<updated>2016-09-24T11:28:59+00:00</updated>
<author>
<name>Magnus Kroken</name>
<email>mkroken@gmail.com</email>
</author>
<published>2016-09-24T09:36:49+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=6926325829a2f58059ca8e614c892062fbbae393'/>
<id>6926325829a2f58059ca8e614c892062fbbae393</id>
<content type='text'>
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken &lt;mkroken@gmail.com&gt;
Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken &lt;mkroken@gmail.com&gt;
Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: re-enable ARM assembly</title>
<updated>2016-08-31T11:57:05+00:00</updated>
<author>
<name>Felix Fietkau</name>
<email>nbd@nbd.name</email>
</author>
<published>2016-08-31T11:31:38+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=00a1056c3f366ee27cb86da8e521a827ad5d5b8f'/>
<id>00a1056c3f366ee27cb86da8e521a827ad5d5b8f</id>
<content type='text'>
The original reason for disabling it seems to have been fixed
Related discussion: https://github.com/lede-project/source/pull/307

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The original reason for disabling it seems to have been fixed
Related discussion: https://github.com/lede-project/source/pull/307

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: re-enable CMAC support</title>
<updated>2016-08-09T05:18:03+00:00</updated>
<author>
<name>Felix Fietkau</name>
<email>nbd@nbd.name</email>
</author>
<published>2016-08-09T05:17:58+00:00</published>
<link rel='alternate' type='text/html' href='http://www.chd.sx/cgit/mtk-20170518/commit/?id=7ee92227700c324f4c7c9b587bca1d8267c29112'/>
<id>7ee92227700c324f4c7c9b587bca1d8267c29112</id>
<content type='text'>
Needed by a few packages

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Needed by a few packages

Signed-off-by: Felix Fietkau &lt;nbd@nbd.name&gt;
</pre>
</div>
</content>
</entry>
</feed>
