openssl: bump to 1.0.1j

Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43875
2015-01-08 18:29:26 +00:00 · 2015-01-08 18:29:26 +00:00 · dbca1e5662
commit dbca1e5662
parent a6a142caf6
4 changed files with 16 additions and 54 deletions
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=openssl
-PKG_VERSION:=1.0.1j
-PKG_RELEASE:=4
+PKG_VERSION:=1.0.1k
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0

 PKG_BUILD_PARALLEL:=1
@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=f7175c9cd3c39bb1907ac8bba9df8ed3
+PKG_MD5SUM:=d4f002bd22a56881340105028842ae1f

 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
--- a/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch
+++ b/package/libs/openssl/patches/001-fix-CVE-2014-3569.patch
@ -1,38 +0,0 @@
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Tue, 21 Oct 2014 18:45:15 +0000 (+0200)
-Subject: Keep old method in case of an unsupported protocol
-X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5
-
-Keep old method in case of an unsupported protocol
-
-When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
-the method to NULL.  We didn't used to do that, and it breaks things.  This is a
-regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c.  Keep the old
-method since the code is not able to deal with a NULL method at this time.
-
-CVE-2014-3569, PR#3571
-
-Reviewed-by: Emilia Käsper <emilia@openssl.org>
---
-
-diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
-index 38960ba..858420d 100644
--- a/ssl/s23_srvr.c
-+++ b/ssl/s23_srvr.c
-@@ -615,12 +615,14 @@ int ssl23_get_client_hello(SSL *s)
- 	if ((type == 2) || (type == 3))
- 		{
- 		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
-                s->method = ssl23_get_server_method(s->version);
-		if (s->method == NULL)
-+		const SSL_METHOD *new_method;
-+		new_method = ssl23_get_server_method(s->version);
-+		if (new_method == NULL)
- 			{
- 			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- 			goto err;
- 			}
-+		s->method = new_method;
- 
- 		if (!ssl_init_wbio_buffer(s,1)) goto err;
- 
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ b/package/libs/openssl/patches/150-no_engines.patch
@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2012,6 +2012,11 @@ EOF
+@@ -2017,6 +2017,11 @@ EOF
 	close(OUT);
   }
   
@ -14,7 +14,7 @@
 Configured for $target.
 --- a/util/libeay.num
 +++ b/util/libeay.num
-@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it                      
+@@ -2072,7 +2072,6 @@ PKCS7_ATTR_SIGN_it
 UI_add_error_string                     2633	EXIST::FUNCTION:
 KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
 OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
@ -22,7 +22,7 @@
 ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
 PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new                       
+@@ -2546,7 +2545,6 @@ OCSP_RESPONSE_new
 AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
 OCSP_resp_count                         3025	EXIST::FUNCTION:
 KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
@ -30,7 +30,7 @@
 OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
 ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
 NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2576,7 +2574,6 @@ ASN1_primitive_free                     
+@@ -2577,7 +2575,6 @@ ASN1_primitive_free
 i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
 i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
 asn1_enc_save                           3054	EXIST::FUNCTION:
@ -38,7 +38,7 @@
 _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
 PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2600,7 +2597,6 @@ asn1_get_choice_selector                
+@@ -2601,7 +2598,6 @@ asn1_get_choice_selector
 i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
 ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
 AES_options                             3074	EXIST::FUNCTION:AES
@ -46,7 +46,7 @@
 OCSP_id_cmp                             3076	EXIST::FUNCTION:
 OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
 OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
-@@ -2667,7 +2663,6 @@ OCSP_CRLID_it                           
+@@ -2668,7 +2664,6 @@ OCSP_CRLID_it
 OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
 OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
@ -54,7 +54,7 @@
 X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2762,8 +2757,6 @@ DES_read_2passwords                     
+@@ -2763,8 +2758,6 @@ DES_read_2passwords
 DES_read_password                       3207	EXIST::FUNCTION:DES
 UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
 UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
@ -63,7 +63,7 @@
 OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
 OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
 OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
-@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules            
+@@ -2773,7 +2766,6 @@ OPENSSL_load_builtin_modules
 AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
 AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
 AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
@ -71,7 +71,7 @@
 _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
 EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
 EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
-@@ -3107,7 +3099,6 @@ EC_GFp_nist_method                      
+@@ -3108,7 +3100,6 @@ EC_GFp_nist_method
 STORE_meth_set_modify_fn                3530	NOEXIST::FUNCTION:
 STORE_method_set_modify_function        3530	NOEXIST::FUNCTION:
 STORE_parse_attrs_next                  3531	NOEXIST::FUNCTION:
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@ -97,7 +97,7 @@
 		fi; \
 --- a/crypto/Makefile
 +++ b/crypto/Makefile
-@@ -90,11 +90,11 @@ testapps:
+@@ -85,11 +85,11 @@ testapps:
 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 
 subdirs:
@ -111,7 +111,7 @@
 
 links:
 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -105,7 +105,7 @@ links:
+@@ -100,7 +100,7 @@ links:
 # lib: $(LIB): are splitted to avoid end-less loop
 lib:	$(LIB)
 	@touch lib
@ -120,7 +120,7 @@
 	$(AR) $(LIB) $(LIBOBJ)
 	[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -116,7 +116,7 @@ shared: buildinf.h lib subdirs
+@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
 	fi
 
 libs:
@ -129,7 +129,7 @@
 
 install:
 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -125,7 +125,7 @@ install:
+@@ -120,7 +120,7 @@ install:
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;