From dbca1e5662eecf3c3e0071aee2aa41c1f77592f9 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 8 Jan 2015 18:29:26 +0000 Subject: [PATCH] openssl: bump to 1.0.1j Signed-off-by: Steven Barth SVN-Revision: 43875 --- package/libs/openssl/Makefile | 6 +-- .../patches/001-fix-CVE-2014-3569.patch | 38 ------------------- .../libs/openssl/patches/150-no_engines.patch | 18 ++++----- .../openssl/patches/200-parallel_build.patch | 8 ++-- 4 files changed, 16 insertions(+), 54 deletions(-) delete mode 100644 package/libs/openssl/patches/001-fix-CVE-2014-3569.patch diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 36f0adb15a..70eb741e2c 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=1.0.1j -PKG_RELEASE:=4 +PKG_VERSION:=1.0.1k +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 @@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=f7175c9cd3c39bb1907ac8bba9df8ed3 +PKG_MD5SUM:=d4f002bd22a56881340105028842ae1f PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch b/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch deleted file mode 100644 index 26dfb29452..0000000000 --- a/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Kurt Roeckx -Date: Tue, 21 Oct 2014 18:45:15 +0000 (+0200) -Subject: Keep old method in case of an unsupported protocol -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5 - -Keep old method in case of an unsupported protocol - -When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set -the method to NULL. We didn't used to do that, and it breaks things. This is a -regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c. Keep the old -method since the code is not able to deal with a NULL method at this time. - -CVE-2014-3569, PR#3571 - -Reviewed-by: Emilia Käsper ---- - -diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c -index 38960ba..858420d 100644 ---- a/ssl/s23_srvr.c -+++ b/ssl/s23_srvr.c -@@ -615,12 +615,14 @@ int ssl23_get_client_hello(SSL *s) - if ((type == 2) || (type == 3)) - { - /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ -- s->method = ssl23_get_server_method(s->version); -- if (s->method == NULL) -+ const SSL_METHOD *new_method; -+ new_method = ssl23_get_server_method(s->version); -+ if (new_method == NULL) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } -+ s->method = new_method; - - if (!ssl_init_wbio_buffer(s,1)) goto err; - diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch index 69ab139881..161cd29c08 100644 --- a/package/libs/openssl/patches/150-no_engines.patch +++ b/package/libs/openssl/patches/150-no_engines.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -2012,6 +2012,11 @@ EOF +@@ -2017,6 +2017,11 @@ EOF close(OUT); } @@ -14,7 +14,7 @@ Configured for $target. --- a/util/libeay.num +++ b/util/libeay.num -@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it +@@ -2072,7 +2072,6 @@ PKCS7_ATTR_SIGN_it UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: @@ -22,7 +22,7 @@ ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new +@@ -2546,7 +2545,6 @@ OCSP_RESPONSE_new AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: @@ -30,7 +30,7 @@ OCSP_onereq_get0_id 3028 EXIST::FUNCTION: ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2576,7 +2574,6 @@ ASN1_primitive_free +@@ -2577,7 +2575,6 @@ ASN1_primitive_free i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: @@ -38,7 +38,7 @@ _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2600,7 +2597,6 @@ asn1_get_choice_selector +@@ -2601,7 +2598,6 @@ asn1_get_choice_selector i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES @@ -46,7 +46,7 @@ OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: -@@ -2667,7 +2663,6 @@ OCSP_CRLID_it +@@ -2668,7 +2664,6 @@ OCSP_CRLID_it OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: @@ -54,7 +54,7 @@ X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2762,8 +2757,6 @@ DES_read_2passwords +@@ -2763,8 +2758,6 @@ DES_read_2passwords DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: @@ -63,7 +63,7 @@ OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: -@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules +@@ -2773,7 +2766,6 @@ OPENSSL_load_builtin_modules AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES @@ -71,7 +71,7 @@ _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES -@@ -3107,7 +3099,6 @@ EC_GFp_nist_method +@@ -3108,7 +3100,6 @@ EC_GFp_nist_method STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION: STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch index 646c51ba16..b63e5eea63 100644 --- a/package/libs/openssl/patches/200-parallel_build.patch +++ b/package/libs/openssl/patches/200-parallel_build.patch @@ -97,7 +97,7 @@ fi; \ --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -90,11 +90,11 @@ testapps: +@@ -85,11 +85,11 @@ testapps: @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi subdirs: @@ -111,7 +111,7 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -105,7 +105,7 @@ links: +@@ -100,7 +100,7 @@ links: # lib: $(LIB): are splitted to avoid end-less loop lib: $(LIB) @touch lib @@ -120,7 +120,7 @@ $(AR) $(LIB) $(LIBOBJ) [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o $(RANLIB) $(LIB) || echo Never mind. -@@ -116,7 +116,7 @@ shared: buildinf.h lib subdirs +@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs fi libs: @@ -129,7 +129,7 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -125,7 +125,7 @@ install: +@@ -120,7 +120,7 @@ install: (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done;