[LEDE-DEV] [PATCH] openssl: update to 1.0.2j

Magnus Kroken mkroken at gmail.com
Mon Sep 26 08:21:52 PDT 2016


A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken <mkroken at gmail.com>
---
 package/libs/openssl/Makefile                      |  4 ++--
 .../patches/301-fix_no_nextprotoneg_build.patch    | 26 ----------------------
 .../302-Fix_typo_introduced_by_a03f81f4.patch      | 21 -----------------
 3 files changed, 2 insertions(+), 49 deletions(-)
 delete mode 100644 package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch
 delete mode 100644 package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index dc1202c..d690ab0 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
-PKG_BUGFIX:=i
+PKG_BUGFIX:=j
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -22,7 +22,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f
+PKG_MD5SUM:=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch b/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch
deleted file mode 100644
index 91465a3..0000000
--- a/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From f15a7e39a1f7d41716ca5f07faef74f55147d2cf Mon Sep 17 00:00:00 2001
-From: Dirk Feytons <dirk.feytons at gmail.com>
-Date: Thu, 22 Sep 2016 16:17:45 +0200
-Subject: [PATCH] Fix build with no-nextprotoneg
-
-Add a missing ifdef. Same change is already present in master.
-
-Reviewed-by: Matt Caswell <matt at openssl.org>
-Reviewed-by: Rich Salz <rsalz at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/1100)
----
- ssl/t1_ext.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/ssl/t1_ext.c
-+++ b/ssl/t1_ext.c
-@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int
-     case TLSEXT_TYPE_ec_point_formats:
-     case TLSEXT_TYPE_elliptic_curves:
-     case TLSEXT_TYPE_heartbeat:
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-     case TLSEXT_TYPE_next_proto_neg:
-+# endif
-     case TLSEXT_TYPE_padding:
-     case TLSEXT_TYPE_renegotiate:
-     case TLSEXT_TYPE_server_name:
diff --git a/package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch b/package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch
deleted file mode 100644
index 8b14365..0000000
--- a/package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From 581215a519c66db7255ea360ed25bb00033ccd52 Mon Sep 17 00:00:00 2001
-From: Rich Salz <rsalz at openssl.org>
-Date: Thu, 22 Sep 2016 08:47:45 -0400
-Subject: [PATCH] Fix typo introduced by a03f81f4
-
-Reviewed-by: Richard Levitte <levitte at openssl.org>
----
- crypto/engine/eng_cryptodev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_
-     if (fstate->mac_len != 0) {
-         if (fstate->mac_data != NULL) {
-             dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
--            if (dstate->ac_data == NULL) {
-+            if (dstate->mac_data == NULL) {
-                 printf("cryptodev_digest_init: malloc failed\n");
-                 return 0;
-             }
-- 
2.1.4




More information about the Lede-dev mailing list