AA: security fix for CVE-2014-0160 - upgrade OpenSSL to version 1.0.1g
authorJo-Philipp Wich <jow@openwrt.org>
Tue, 8 Apr 2014 09:04:35 +0000 (09:04 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Tue, 8 Apr 2014 09:04:35 +0000 (09:04 +0000)
Signed-off-by: Mirko Vogt <mirko@openwrt.org>
SVN-Revision: 40423

package/openssl/Makefile
package/openssl/patches/120-cisco-dtls-fix.patch [deleted file]

index fa08774a3ac0579d870707f0e7ffc07419a262b4..92bc445926728a28dbc2c0b06b54b89b20217da7 100644 (file)
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.1e
+PKG_VERSION:=1.0.1g
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
        ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
        ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=66bf6f10f060d561929de96f9dfe5b8c
+PKG_MD5SUM:=de62b43dfcd858e66a74bee1c834e959
 
 PKG_LICENSE:=SSLEAY OPENSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/openssl/patches/120-cisco-dtls-fix.patch b/package/openssl/patches/120-cisco-dtls-fix.patch
deleted file mode 100644 (file)
index 11e6bb5..0000000
+++ /dev/null
@@ -1,31 +0,0 @@
-From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw2@infradead.org>
-Date: Tue, 12 Feb 2013 14:55:32 +0000
-Subject: [PATCH] Check DTLS_BAD_VER for version number.
-
-The version check for DTLS1_VERSION was redundant as
-DTLS1_VERSION > TLS1_1_VERSION, however we do need to
-check for DTLS1_BAD_VER for compatibility.
-
-PR:2984
-(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
----
- ssl/s3_cbc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 02edf3f..443a31e 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
-       unsigned padding_length, good, to_check, i;
-       const unsigned overhead = 1 /* padding length byte */ + mac_size;
-       /* Check if version requires explicit IV */
--      if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
-+      if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
-               {
-               /* These lengths are all public so we can test them in
-                * non-constant time.
--- 
-1.8.1.2
-