[source] openssl: update to version 1.0.2k

LEDE Commits lede-commits at lists.infradead.org
Fri Jan 27 15:36:36 PST 2017


hauke pushed a commit to source.git, branch master:
https://git.lede-project.org/12db207e9b1112092f527f91b0c3d2ef8d7b8297

commit 12db207e9b1112092f527f91b0c3d2ef8d7b8297
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Fri Jan 27 23:36:45 2017 +0100

    openssl: update to version 1.0.2k
    
    This fixes the following security problems:
    CVE-2017-3731: Truncated packet could crash via OOB read
    CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
    CVE-2016-7055: Montgomery multiplication may produce incorrect results
    
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/libs/openssl/Makefile                                 |  4 ++--
 package/libs/openssl/patches/110-optimize-for-size.patch      |  2 +-
 package/libs/openssl/patches/150-no_engines.patch             |  2 +-
 package/libs/openssl/patches/160-disable_doc_tests.patch      |  6 +++---
 package/libs/openssl/patches/190-remove_timestamp_check.patch |  2 +-
 package/libs/openssl/patches/200-parallel_build.patch         | 10 +++++-----
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 0d69d70..9b64302 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
-PKG_BUGFIX:=j
+PKG_BUGFIX:=k
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -23,7 +23,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_HASH:=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
+PKG_HASH:=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch
index 1721842..0f174a3 100644
--- a/package/libs/openssl/patches/110-optimize-for-size.patch
+++ b/package/libs/openssl/patches/110-optimize-for-size.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -468,6 +468,12 @@ my %table=(
+@@ -470,6 +470,12 @@ my %table=(
  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
index 274ecbe..586d1f2 100644
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ b/package/libs/openssl/patches/150-no_engines.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2114,6 +2114,11 @@ EOF
+@@ -2128,6 +2128,11 @@ EOF
  	close(OUT);
    }
    
diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch
index 0fd1fa1..73459ff 100644
--- a/package/libs/openssl/patches/160-disable_doc_tests.patch
+++ b/package/libs/openssl/patches/160-disable_doc_tests.patch
@@ -27,7 +27,7 @@
  WDIRS=  windows
  LIBS=   libcrypto.a libssl.a
  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -275,7 +275,7 @@ reflect:
+@@ -276,7 +276,7 @@ reflect:
  
  sub_all: build_all
  
@@ -36,7 +36,7 @@
  
  build_libs: build_libcrypto build_libssl openssl.pc
  
-@@ -533,7 +533,7 @@ dist:
+@@ -534,7 +534,7 @@ dist:
  	@$(MAKE) SDIRS='$(SDIRS)' clean
  	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
  
@@ -47,7 +47,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -531,7 +531,7 @@ dist:
+@@ -532,7 +532,7 @@ dist:
  	@$(MAKE) SDIRS='$(SDIRS)' clean
  	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
  
diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch
index 4620bf9..424e660 100644
--- a/package/libs/openssl/patches/190-remove_timestamp_check.patch
+++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch
@@ -9,7 +9,7 @@
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -403,11 +403,6 @@ openssl.pc: Makefile
+@@ -404,11 +404,6 @@ openssl.pc: Makefile
  	    echo 'Version: '$(VERSION); \
  	    echo 'Requires: libssl libcrypto' ) > openssl.pc
  
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
index 2768003..f1d9f07 100644
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -281,17 +281,17 @@ build_libcrypto: build_crypto build_engi
+@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
  build_libssl: build_ssl libssl.pc
  
  build_crypto:
@@ -24,7 +24,7 @@
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -464,7 +464,7 @@ update: errors stacks util/libeay.num ut
+@@ -465,7 +465,7 @@ update: errors stacks util/libeay.num ut
  	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
  
  depend:
@@ -33,7 +33,7 @@
  
  lint:
  	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -526,9 +526,9 @@ dist:
+@@ -527,9 +527,9 @@ dist:
  	@$(MAKE) SDIRS='$(SDIRS)' clean
  	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
  
@@ -45,7 +45,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -537,12 +537,19 @@ install_sw:
+@@ -538,12 +538,19 @@ install_sw:
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@@ -66,7 +66,7 @@
  	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
  	do \
  		if [ -f "$$i" ]; then \
-@@ -626,12 +633,7 @@ install_html_docs:
+@@ -627,12 +634,7 @@ install_html_docs:
  		done; \
  	done
  



More information about the lede-commits mailing list