openwrtv3/package/libs/openssl/patches/150-no_engines.patch
Hauke Mehrtens d74d6c4522 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00

81 lines
4.6 KiB
Diff

--- a/Configure
+++ b/Configure
@@ -2144,6 +2144,11 @@ EOF
close(OUT);
}
+# ugly hack to disable engines
+if($target eq "mingwx") {
+ system("sed -e s/^LIB/XLIB/g -i engines/Makefile");
+}
+
print <<EOF;
Configured for $target.
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -2075,7 +2075,6 @@ PKCS7_ATTR_SIGN_it
UI_add_error_string 2633 EXIST::FUNCTION:
KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
-ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2549,7 +2548,6 @@ OCSP_RESPONSE_new
AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
OCSP_resp_count 3025 EXIST::FUNCTION:
KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
-ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2580,7 +2578,6 @@ ASN1_primitive_free
i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
asn1_enc_save 3054 EXIST::FUNCTION:
-ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2604,7 +2601,6 @@ asn1_get_choice_selector
i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
AES_options 3074 EXIST::FUNCTION:AES
-ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
OCSP_id_cmp 3076 EXIST::FUNCTION:
OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
@@ -2671,7 +2667,6 @@ OCSP_CRLID_it
OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
-ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2766,8 +2761,6 @@ DES_read_2passwords
DES_read_password 3207 EXIST::FUNCTION:DES
UI_UTIL_read_pw 3208 EXIST::FUNCTION:
UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
-ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
@@ -2776,7 +2769,6 @@ OPENSSL_load_builtin_modules
AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
-ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
@@ -3111,7 +3103,6 @@ EC_GFp_nist_method
STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION:
STORE_method_set_modify_function 3530 NOEXIST::FUNCTION:
STORE_parse_attrs_next 3531 NOEXIST::FUNCTION:
-ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC
X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: