From 6926325829a2f58059ca8e614c892062fbbae393 Mon Sep 17 00:00:00 2001 From: Magnus Kroken Date: Sat, 24 Sep 2016 11:36:49 +0200 Subject: [PATCH] openssl: update to 1.0.2i Drop 302-fix_no_cmac_build.patch, it has been applied upstream. Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * 10 Low severity issues Security advisory: https://www.openssl.org/news/secadv/20160922.txt Changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Magnus Kroken Signed-off-by: Hauke Mehrtens --- package/libs/openssl/Makefile | 4 ++-- .../openssl/patches/140-makefile-dirs.patch | 2 +- .../libs/openssl/patches/150-no_engines.patch | 2 +- .../patches/160-disable_doc_tests.patch | 12 +++++----- .../patches/190-remove_timestamp_check.patch | 4 ++-- .../openssl/patches/200-parallel_build.patch | 14 +++++------ .../patches/302-fix_no_cmac_build.patch | 24 ------------------- 7 files changed, 19 insertions(+), 43 deletions(-) delete mode 100644 package/libs/openssl/patches/302-fix_no_cmac_build.patch diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 76a907b6bb8..dc1202cd847 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.0.2 -PKG_BUGFIX:=h +PKG_BUGFIX:=i PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -22,7 +22,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=9392e65072ce4b614c1392eefc1f23d0 +PKG_MD5SUM:=9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/140-makefile-dirs.patch index 7503dfc1f61..83c412f4443 100644 --- a/package/libs/openssl/patches/140-makefile-dirs.patch +++ b/package/libs/openssl/patches/140-makefile-dirs.patch @@ -1,6 +1,6 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -136,7 +136,7 @@ FIPSCANLIB= +@@ -137,7 +137,7 @@ FIPSCANLIB= BASEADDR= diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch index f509d28bd2c..274ecbe0a51 100644 --- a/package/libs/openssl/patches/150-no_engines.patch +++ b/package/libs/openssl/patches/150-no_engines.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -2109,6 +2109,11 @@ EOF +@@ -2114,6 +2114,11 @@ EOF close(OUT); } diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch index a3bee387214..0fd1fa19ddc 100644 --- a/package/libs/openssl/patches/160-disable_doc_tests.patch +++ b/package/libs/openssl/patches/160-disable_doc_tests.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -138,7 +138,7 @@ FIPSCANLIB= +@@ -139,7 +139,7 @@ FIPSCANLIB= BASEADDR=0xFB00000 @@ -9,7 +9,7 @@ ENGDIRS= ccgost SHLIBDIRS= crypto ssl -@@ -156,7 +156,7 @@ SDIRS= \ +@@ -157,7 +157,7 @@ SDIRS= \ # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -18,7 +18,7 @@ MAKEFILE= Makefile -@@ -170,7 +170,7 @@ SHELL=/bin/sh +@@ -171,7 +171,7 @@ SHELL=/bin/sh TOP= . ONEDIRS=out tmp @@ -27,7 +27,7 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -@@ -273,7 +273,7 @@ reflect: +@@ -275,7 +275,7 @@ reflect: sub_all: build_all @@ -36,7 +36,7 @@ build_libs: build_libcrypto build_libssl openssl.pc -@@ -530,7 +530,7 @@ dist: +@@ -533,7 +533,7 @@ dist: @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar @@ -47,7 +47,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ --- a/Makefile.org +++ b/Makefile.org -@@ -528,7 +528,7 @@ dist: +@@ -531,7 +531,7 @@ dist: @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch index ffc2f2db2b4..4620bf90a6d 100644 --- a/package/libs/openssl/patches/190-remove_timestamp_check.patch +++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch @@ -1,6 +1,6 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -184,7 +184,7 @@ TARFILE= ../$(NAME).tar +@@ -185,7 +185,7 @@ TARFILE= ../$(NAME).tar EXHEADER= e_os2.h HEADER= e_os.h @@ -9,7 +9,7 @@ # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -@@ -400,11 +400,6 @@ openssl.pc: Makefile +@@ -403,11 +403,6 @@ openssl.pc: Makefile echo 'Version: '$(VERSION); \ echo 'Requires: libssl libcrypto' ) > openssl.pc diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch index e3a0bb2b018..276800378d9 100644 --- a/package/libs/openssl/patches/200-parallel_build.patch +++ b/package/libs/openssl/patches/200-parallel_build.patch @@ -1,6 +1,6 @@ --- a/Makefile.org +++ b/Makefile.org -@@ -279,17 +279,17 @@ build_libcrypto: build_crypto build_engi +@@ -281,17 +281,17 @@ build_libcrypto: build_crypto build_engi build_libssl: build_ssl libssl.pc build_crypto: @@ -24,7 +24,7 @@ all_testapps: build_libs build_testapps build_testapps: -@@ -461,7 +461,7 @@ update: errors stacks util/libeay.num ut +@@ -464,7 +464,7 @@ update: errors stacks util/libeay.num ut @set -e; target=update; $(RECURSIVE_BUILD_CMD) depend: @@ -33,7 +33,7 @@ lint: @set -e; target=lint; $(RECURSIVE_BUILD_CMD) -@@ -523,9 +523,9 @@ dist: +@@ -526,9 +526,9 @@ dist: @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar @@ -45,7 +45,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -534,12 +534,19 @@ install_sw: +@@ -537,12 +537,19 @@ install_sw: $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private @@ -66,7 +66,7 @@ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ do \ if [ -f "$$i" ]; then \ -@@ -623,12 +630,7 @@ install_html_docs: +@@ -626,12 +633,7 @@ install_html_docs: done; \ done @@ -164,7 +164,7 @@ ctags $(SRC) --- a/test/Makefile +++ b/test/Makefile -@@ -139,7 +139,7 @@ install: +@@ -144,7 +144,7 @@ install: tags: ctags $(SRC) @@ -173,7 +173,7 @@ apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -557,7 +557,7 @@ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFT +@@ -577,7 +577,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) diff --git a/package/libs/openssl/patches/302-fix_no_cmac_build.patch b/package/libs/openssl/patches/302-fix_no_cmac_build.patch deleted file mode 100644 index 1b94f24508d..00000000000 --- a/package/libs/openssl/patches/302-fix_no_cmac_build.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- a/crypto/asn1/ameth_lib.c -+++ b/crypto/asn1/ameth_lib.c -@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *stand - &eckey_asn1_meth, - #endif - &hmac_asn1_meth, -+#ifndef OPENSSL_NO_CMAC - &cmac_asn1_meth, -+#endif - #ifndef OPENSSL_NO_DH - &dhx_asn1_meth - #endif ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_m - &ec_pkey_meth, - #endif - &hmac_pkey_meth, -+#ifndef OPENSSL_NO_CMAC - &cmac_pkey_meth, -+#endif - #ifndef OPENSSL_NO_DH - &dhx_pkey_meth - #endif -- 2.30.2