openssl: update to 1.0.1f

This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853

package/libs/openssl/Makefile

@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.1e
-PKG_RELEASE:=2
+PKG_VERSION:=1.0.1f
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
@@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=66bf6f10f060d561929de96f9dfe5b8c
+PKG_MD5SUM:=f26b09c028a0541cab33da697d522b25
 
 PKG_LICENSE:=SSLEAY OPENSSL
 PKG_LICENSE_FILES:=LICENSE

package/libs/openssl/patches/110-optimize-for-size.patch

@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -402,6 +402,10 @@ my %table=(
+@@ -403,6 +403,10 @@ my %table=(
  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  

package/libs/openssl/patches/120-cisco-dtls-fix.patch

@@ -1,31 +0,0 @@
-From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw2@infradead.org>
-Date: Tue, 12 Feb 2013 14:55:32 +0000
-Subject: [PATCH] Check DTLS_BAD_VER for version number.
-
-The version check for DTLS1_VERSION was redundant as
-DTLS1_VERSION > TLS1_1_VERSION, however we do need to
-check for DTLS1_BAD_VER for compatibility.
-
-PR:2984
-(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
----
- ssl/s3_cbc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 02edf3f..443a31e 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
- 	unsigned padding_length, good, to_check, i;
- 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
- 	/* Check if version requires explicit IV */
--	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
-+	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
- 		{
- 		/* These lengths are all public so we can test them in
- 		 * non-constant time.
--- 
-1.8.1.2
-

package/libs/openssl/patches/150-no_engines.patch

@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2003,6 +2003,11 @@ EOF
+@@ -2004,6 +2004,11 @@ EOF
  	close(OUT);
    }
    

package/libs/openssl/patches/160-disable_doc_tests.patch

@@ -36,7 +36,7 @@
  
  build_libs: build_crypto build_ssl build_engines
  
-@@ -539,7 +539,7 @@ dist:
+@@ -540,7 +540,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -47,7 +47,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -537,7 +537,7 @@ dist:
+@@ -538,7 +538,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  

package/libs/openssl/patches/190-remove_timestamp_check.patch

@@ -9,7 +9,7 @@
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -396,11 +396,6 @@ openssl.pc: Makefile
+@@ -397,11 +397,6 @@ openssl.pc: Makefile
  	    echo 'Libs.private: $(EX_LIBS)'; \
  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
  

package/libs/openssl/patches/200-parallel_build.patch

@@ -29,7 +29,7 @@
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -454,7 +454,7 @@ report:
+@@ -455,7 +455,7 @@ report:
  	@$(PERL) util/selftest.pl
  
  depend:
@@ -38,7 +38,7 @@
  
  lint:
  	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -532,9 +532,9 @@ dist:   
+@@ -533,9 +533,9 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -50,7 +50,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -543,12 +543,19 @@ install_sw:
+@@ -544,12 +544,19 @@ install_sw:
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@@ -71,7 +71,7 @@
  	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
  	do \
  		if [ -f "$$i" ]; then \
-@@ -628,12 +635,7 @@ install_html_docs:
+@@ -629,12 +636,7 @@ install_html_docs:
  		done; \
  	done
  
@@ -97,7 +97,7 @@
  		fi; \
 --- a/crypto/Makefile
 +++ b/crypto/Makefile
-@@ -86,11 +86,11 @@ testapps:
+@@ -88,11 +88,11 @@ testapps:
  	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
  
  subdirs:
@@ -111,7 +111,7 @@
  
  links:
  	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -101,7 +101,7 @@ links:
+@@ -103,7 +103,7 @@ links:
  # lib: $(LIB): are splitted to avoid end-less loop
  lib:	$(LIB)
  	@touch lib
@@ -120,7 +120,7 @@
  	$(AR) $(LIB) $(LIBOBJ)
  	[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
  	$(RANLIB) $(LIB) || echo Never mind.
-@@ -112,7 +112,7 @@ shared: buildinf.h lib subdirs
+@@ -114,7 +114,7 @@ shared: buildinf.h lib subdirs
  	fi
  
  libs:
@@ -129,7 +129,7 @@
  
  install:
  	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -121,7 +121,7 @@ install:
+@@ -123,7 +123,7 @@ install:
  	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
  	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
  	done;