Hi this patch updates openssl to 1.0.0h and refreshes all patches. This fixes CVE-2012-0884.
Signed-off-by: Peter Wagner <tripo...@gmx.at>
diff --git a/package/openssl/Makefile b/package/openssl/Makefile index d72b06a..22e85ec 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=1.0.0g +PKG_VERSION:=1.0.0h PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz @@ -16,7 +16,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \ ftp://ftp.webmonster.de/pub/openssl/source/ \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=07ecbe4324f140d157478637d6beccf1 +PKG_MD5SUM:=a5bc483c570f2ac3758ce5c19b667fab PKG_BUILD_DEPENDS:=ocf-crypto-headers PKG_CONFIG_DEPENDS:=CONFIG_OPENSSL_ENGINE diff --git a/package/openssl/patches/150-no_engines.patch b/package/openssl/patches/150-no_engines.patch index 09d733a..f245fae 100644 --- a/package/openssl/patches/150-no_engines.patch +++ b/package/openssl/patches/150-no_engines.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -1886,6 +1886,11 @@ EOF +@@ -1888,6 +1888,11 @@ EOF close(OUT); } @@ -14,7 +14,7 @@ Configured for $target. --- a/util/libeay.num +++ b/util/libeay.num -@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it +@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: @@ -22,7 +22,7 @@ ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new +@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: @@ -30,7 +30,7 @@ OCSP_onereq_get0_id 3028 EXIST::FUNCTION: ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2576,7 +2574,6 @@ ASN1_primitive_free +@@ -2576,7 +2574,6 @@ ASN1_primitive_free i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: @@ -38,7 +38,7 @@ _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2600,7 +2597,6 @@ asn1_get_choice_selector +@@ -2600,7 +2597,6 @@ asn1_get_choice_selector i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES @@ -46,7 +46,7 @@ OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: -@@ -2667,7 +2663,6 @@ OCSP_CRLID_it +@@ -2667,7 +2663,6 @@ OCSP_CRLID_it OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: @@ -54,7 +54,7 @@ X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2762,8 +2757,6 @@ DES_read_2passwords +@@ -2762,8 +2757,6 @@ DES_read_2passwords DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: @@ -63,7 +63,7 @@ OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: -@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules +@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES @@ -71,7 +71,7 @@ _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES -@@ -3107,7 +3099,6 @@ EC_GFp_nist_method +@@ -3107,7 +3099,6 @@ EC_GFp_nist_method STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION: STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: diff --git a/package/openssl/patches/160-disable_doc_tests.patch b/package/openssl/patches/160-disable_doc_tests.patch index ca6c8c2..90f553a 100644 --- a/package/openssl/patches/160-disable_doc_tests.patch +++ b/package/openssl/patches/160-disable_doc_tests.patch @@ -36,7 +36,7 @@ build_libs: build_crypto build_ssl build_engines -@@ -494,7 +494,7 @@ dist: +@@ -497,7 +497,7 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -47,7 +47,7 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ --- a/Makefile.org +++ b/Makefile.org -@@ -492,7 +492,7 @@ dist: +@@ -495,7 +495,7 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) diff --git a/package/openssl/patches/190-remove_timestamp_check.patch b/package/openssl/patches/190-remove_timestamp_check.patch index f30c649..d6ec497 100644 --- a/package/openssl/patches/190-remove_timestamp_check.patch +++ b/package/openssl/patches/190-remove_timestamp_check.patch @@ -9,8 +9,8 @@ # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -@@ -351,11 +351,6 @@ openssl.pc: Makefile - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ +@@ -354,11 +354,6 @@ openssl.pc: Makefile + echo 'Libs.private: $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc -Makefile: Makefile.org Configure config
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
