[LEDE-DEV] [PATCH] openssl: update to 1.0.2i

Magnus Kroken mkroken at gmail.com
Sat Sep 24 02:36:49 PDT 2016


Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken <mkroken at gmail.com>
---
 package/libs/openssl/Makefile                      |  4 ++--
 .../libs/openssl/patches/140-makefile-dirs.patch   |  2 +-
 package/libs/openssl/patches/150-no_engines.patch  |  2 +-
 .../openssl/patches/160-disable_doc_tests.patch    | 12 +++++------
 .../patches/190-remove_timestamp_check.patch       |  4 ++--
 .../libs/openssl/patches/200-parallel_build.patch  | 14 ++++++-------
 .../openssl/patches/302-fix_no_cmac_build.patch    | 24 ----------------------
 7 files changed, 19 insertions(+), 43 deletions(-)
 delete mode 100644 package/libs/openssl/patches/302-fix_no_cmac_build.patch

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 76a907b..dc1202c 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
-PKG_BUGFIX:=h
+PKG_BUGFIX:=i
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -22,7 +22,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=9392e65072ce4b614c1392eefc1f23d0
+PKG_MD5SUM:=9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/140-makefile-dirs.patch
index 7503dfc..83c412f 100644
--- a/package/libs/openssl/patches/140-makefile-dirs.patch
+++ b/package/libs/openssl/patches/140-makefile-dirs.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -136,7 +136,7 @@ FIPSCANLIB=
+@@ -137,7 +137,7 @@ FIPSCANLIB=
  
  BASEADDR=
  
diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
index f509d28..274ecbe 100644
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ b/package/libs/openssl/patches/150-no_engines.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2109,6 +2109,11 @@ EOF
+@@ -2114,6 +2114,11 @@ EOF
  	close(OUT);
    }
    
diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch
index a3bee38..0fd1fa1 100644
--- a/package/libs/openssl/patches/160-disable_doc_tests.patch
+++ b/package/libs/openssl/patches/160-disable_doc_tests.patch
@@ -1,6 +1,6 @@
 --- a/Makefile
 +++ b/Makefile
-@@ -138,7 +138,7 @@ FIPSCANLIB=
+@@ -139,7 +139,7 @@ FIPSCANLIB=
  
  BASEADDR=0xFB00000
  
@@ -9,7 +9,7 @@
  ENGDIRS= ccgost
  SHLIBDIRS= crypto ssl
  
-@@ -156,7 +156,7 @@ SDIRS=  \
+@@ -157,7 +157,7 @@ SDIRS=  \
  
  # tests to perform.  "alltests" is a special word indicating that all tests
  # should be performed.
@@ -18,7 +18,7 @@
  
  MAKEFILE= Makefile
  
-@@ -170,7 +170,7 @@ SHELL=/bin/sh
+@@ -171,7 +171,7 @@ SHELL=/bin/sh
  
  TOP=    .
  ONEDIRS=out tmp
@@ -27,7 +27,7 @@
  WDIRS=  windows
  LIBS=   libcrypto.a libssl.a
  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -273,7 +273,7 @@ reflect:
+@@ -275,7 +275,7 @@ reflect:
  
  sub_all: build_all
  
@@ -36,7 +36,7 @@
  
  build_libs: build_libcrypto build_libssl openssl.pc
  
-@@ -530,7 +530,7 @@ dist:
+@@ -533,7 +533,7 @@ dist:
  	@$(MAKE) SDIRS='$(SDIRS)' clean
  	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
  
@@ -47,7 +47,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -528,7 +528,7 @@ dist:
+@@ -531,7 +531,7 @@ dist:
  	@$(MAKE) SDIRS='$(SDIRS)' clean
  	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
  
diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch
index ffc2f2d..4620bf9 100644
--- a/package/libs/openssl/patches/190-remove_timestamp_check.patch
+++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -184,7 +184,7 @@ TARFILE=        ../$(NAME).tar
+@@ -185,7 +185,7 @@ TARFILE=        ../$(NAME).tar
  EXHEADER=       e_os2.h
  HEADER=         e_os.h
  
@@ -9,7 +9,7 @@
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -400,11 +400,6 @@ openssl.pc: Makefile
+@@ -403,11 +403,6 @@ openssl.pc: Makefile
  	    echo 'Version: '$(VERSION); \
  	    echo 'Requires: libssl libcrypto' ) > openssl.pc
  
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
index e3a0bb2..2768003 100644
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -279,17 +279,17 @@ build_libcrypto: build_crypto build_engi
+@@ -281,17 +281,17 @@ build_libcrypto: build_crypto build_engi
  build_libssl: build_ssl libssl.pc
  
  build_crypto:
@@ -24,7 +24,7 @@
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -461,7 +461,7 @@ update: errors stacks util/libeay.num ut
+@@ -464,7 +464,7 @@ update: errors stacks util/libeay.num ut
  	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
  
  depend:
@@ -33,7 +33,7 @@
  
  lint:
  	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -523,9 +523,9 @@ dist:
+@@ -526,9 +526,9 @@ dist:
  	@$(MAKE) SDIRS='$(SDIRS)' clean
  	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
  
@@ -45,7 +45,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -534,12 +534,19 @@ install_sw:
+@@ -537,12 +537,19 @@ install_sw:
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
  		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@@ -66,7 +66,7 @@
  	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
  	do \
  		if [ -f "$$i" ]; then \
-@@ -623,12 +630,7 @@ install_html_docs:
+@@ -626,12 +633,7 @@ install_html_docs:
  		done; \
  	done
  
@@ -164,7 +164,7 @@
  	ctags $(SRC)
 --- a/test/Makefile
 +++ b/test/Makefile
-@@ -139,7 +139,7 @@ install:
+@@ -144,7 +144,7 @@ install:
  tags:
  	ctags $(SRC)
  
@@ -173,7 +173,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -557,7 +557,7 @@ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFT
+@@ -577,7 +577,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/package/libs/openssl/patches/302-fix_no_cmac_build.patch b/package/libs/openssl/patches/302-fix_no_cmac_build.patch
deleted file mode 100644
index 1b94f24..0000000
--- a/package/libs/openssl/patches/302-fix_no_cmac_build.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- a/crypto/asn1/ameth_lib.c
-+++ b/crypto/asn1/ameth_lib.c
-@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *stand
-     &eckey_asn1_meth,
- #endif
-     &hmac_asn1_meth,
-+#ifndef OPENSSL_NO_CMAC
-     &cmac_asn1_meth,
-+#endif
- #ifndef OPENSSL_NO_DH
-     &dhx_asn1_meth
- #endif
---- a/crypto/evp/pmeth_lib.c
-+++ b/crypto/evp/pmeth_lib.c
-@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_m
-     &ec_pkey_meth,
- #endif
-     &hmac_pkey_meth,
-+#ifndef OPENSSL_NO_CMAC
-     &cmac_pkey_meth,
-+#endif
- #ifndef OPENSSL_NO_DH
-     &dhx_pkey_meth
- #endif
-- 
2.1.4




More information about the Lede-dev mailing list