openssl: biweekly critical security update
authorSteven Barth <cyrus@openwrt.org>
Fri, 20 Mar 2015 08:14:42 +0000 (08:14 +0000)
committerSteven Barth <cyrus@openwrt.org>
Fri, 20 Mar 2015 08:14:42 +0000 (08:14 +0000)
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 44900

package/libs/openssl/Makefile
package/libs/openssl/patches/110-optimize-for-size.patch
package/libs/openssl/patches/150-no_engines.patch
package/libs/openssl/patches/200-parallel_build.patch
package/libs/openssl/patches/210-termios_fix.patch

index 40f4061..8bcc628 100644 (file)
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.2
-PKG_RELEASE:=3
+PKG_VERSION:=1.0.2a
+PKG_RELEASE:=0
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
@@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
        ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
        ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=38373013fc85c790aabf8837969c5eba
+PKG_MD5SUM:=a06c547dac9044161a477211049f60ef
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
index 23dc139..c944322 100644 (file)
@@ -1,8 +1,8 @@
 --- a/Configure
 +++ b/Configure
 @@ -443,6 +443,12 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
 +# OpenWrt targets
 +"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -10,6 +10,6 @@
 +"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
  "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
index 790da30..df3f866 100644 (file)
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2075,6 +2075,11 @@ EOF
+@@ -2076,6 +2076,11 @@ EOF
        close(OUT);
    }
    
@@ -14,7 +14,7 @@
  Configured for $target.
 --- a/util/libeay.num
 +++ b/util/libeay.num
-@@ -2072,7 +2072,6 @@ PKCS7_ATTR_SIGN_it
+@@ -2073,7 +2073,6 @@ PKCS7_ATTR_SIGN_it
  UI_add_error_string                     2633  EXIST::FUNCTION:
  KRB5_CHECKSUM_free                      2634  EXIST::FUNCTION:
  OCSP_REQUEST_get_ext                    2635  EXIST::FUNCTION:
@@ -22,7 +22,7 @@
  ENGINE_register_all_digests             2637  EXIST::FUNCTION:ENGINE
  PKEY_USAGE_PERIOD_it                    2638  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  PKEY_USAGE_PERIOD_it                    2638  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2546,7 +2545,6 @@ OCSP_RESPONSE_new
+@@ -2547,7 +2546,6 @@ OCSP_RESPONSE_new
  AES_set_encrypt_key                     3024  EXIST::FUNCTION:AES
  OCSP_resp_count                         3025  EXIST::FUNCTION:
  KRB5_CHECKSUM_new                       3026  EXIST::FUNCTION:
@@ -30,7 +30,7 @@
  OCSP_onereq_get0_id                     3028  EXIST::FUNCTION:
  ENGINE_set_default_ciphers              3029  EXIST::FUNCTION:ENGINE
  NOTICEREF_it                            3030  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2577,7 +2575,6 @@ ASN1_primitive_free
+@@ -2578,7 +2576,6 @@ ASN1_primitive_free
  i2d_EXTENDED_KEY_USAGE                  3052  EXIST::FUNCTION:
  i2d_OCSP_SIGNATURE                      3053  EXIST::FUNCTION:
  asn1_enc_save                           3054  EXIST::FUNCTION:
@@ -38,7 +38,7 @@
  _ossl_old_des_pcbc_encrypt              3056  EXIST::FUNCTION:DES
  PKCS12_MAC_DATA_it                      3057  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  PKCS12_MAC_DATA_it                      3057  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2601,7 +2598,6 @@ asn1_get_choice_selector
+@@ -2602,7 +2599,6 @@ asn1_get_choice_selector
  i2d_KRB5_CHECKSUM                       3072  EXIST::FUNCTION:
  ENGINE_set_table_flags                  3073  EXIST::FUNCTION:ENGINE
  AES_options                             3074  EXIST::FUNCTION:AES
@@ -46,7 +46,7 @@
  OCSP_id_cmp                             3076  EXIST::FUNCTION:
  OCSP_BASICRESP_new                      3077  EXIST::FUNCTION:
  OCSP_REQUEST_get_ext_by_NID             3078  EXIST::FUNCTION:
-@@ -2668,7 +2664,6 @@ OCSP_CRLID_it
+@@ -2669,7 +2665,6 @@ OCSP_CRLID_it
  OCSP_CRLID_it                           3127  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  i2d_KRB5_AUTHENTBODY                    3128  EXIST::FUNCTION:
  OCSP_REQUEST_get_ext_count              3129  EXIST::FUNCTION:
@@ -54,7 +54,7 @@
  X509_NAME_it                            3131  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  X509_NAME_it                            3131  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  USERNOTICE_it                           3132  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2763,8 +2758,6 @@ DES_read_2passwords
+@@ -2764,8 +2759,6 @@ DES_read_2passwords
  DES_read_password                       3207  EXIST::FUNCTION:DES
  UI_UTIL_read_pw                         3208  EXIST::FUNCTION:
  UI_UTIL_read_pw_string                  3209  EXIST::FUNCTION:
@@ -63,7 +63,7 @@
  OPENSSL_add_all_algorithms_noconf       3212  EXIST:!VMS:FUNCTION:
  OPENSSL_add_all_algo_noconf             3212  EXIST:VMS:FUNCTION:
  OPENSSL_add_all_algorithms_conf         3213  EXIST:!VMS:FUNCTION:
-@@ -2773,7 +2766,6 @@ OPENSSL_load_builtin_modules
+@@ -2774,7 +2767,6 @@ OPENSSL_load_builtin_modules
  AES_ofb128_encrypt                      3215  EXIST::FUNCTION:AES
  AES_ctr128_encrypt                      3216  EXIST::FUNCTION:AES
  AES_cfb128_encrypt                      3217  EXIST::FUNCTION:AES
@@ -71,7 +71,7 @@
  _ossl_096_des_random_seed               3219  EXIST::FUNCTION:DES
  EVP_aes_256_ofb                         3220  EXIST::FUNCTION:AES
  EVP_aes_192_ofb                         3221  EXIST::FUNCTION:AES
-@@ -3108,7 +3100,6 @@ EC_GFp_nist_method
+@@ -3109,7 +3101,6 @@ EC_GFp_nist_method
  STORE_meth_set_modify_fn                3530  NOEXIST::FUNCTION:
  STORE_method_set_modify_function        3530  NOEXIST::FUNCTION:
  STORE_parse_attrs_next                  3531  NOEXIST::FUNCTION:
index 0416eab..c2eeb38 100644 (file)
        ctags $(SRC)
 --- a/test/Makefile
 +++ b/test/Makefile
-@@ -132,7 +132,7 @@ install:
+@@ -133,7 +133,7 @@ install:
  tags:
        ctags $(SRC)
  
  
  apps:
        @(cd ..; $(MAKE) DIRS=apps all)
-@@ -398,109 +398,109 @@ BUILD_CMD_STATIC=shlib_target=; \
-               link_app.$${shlib_target}
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--      @target=$(RSATEST); $(BUILD_CMD)
-+      +@target=$(RSATEST); $(BUILD_CMD)
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--      @target=$(BNTEST); $(BUILD_CMD)
-+      +@target=$(BNTEST); $(BUILD_CMD)
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--      @target=$(ECTEST); $(BUILD_CMD)
-+      +@target=$(ECTEST); $(BUILD_CMD)
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--      @target=$(EXPTEST); $(BUILD_CMD)
-+      +@target=$(EXPTEST); $(BUILD_CMD)
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--      @target=$(IDEATEST); $(BUILD_CMD)
-+      +@target=$(IDEATEST); $(BUILD_CMD)
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--      @target=$(MD2TEST); $(BUILD_CMD)
-+      +@target=$(MD2TEST); $(BUILD_CMD)
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--      @target=$(SHATEST); $(BUILD_CMD)
-+      +@target=$(SHATEST); $(BUILD_CMD)
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--      @target=$(SHA1TEST); $(BUILD_CMD)
-+      +@target=$(SHA1TEST); $(BUILD_CMD)
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--      @target=$(SHA256TEST); $(BUILD_CMD)
-+      +@target=$(SHA256TEST); $(BUILD_CMD)
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--      @target=$(SHA512TEST); $(BUILD_CMD)
-+      +@target=$(SHA512TEST); $(BUILD_CMD)
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--      @target=$(RMDTEST); $(BUILD_CMD)
-+      +@target=$(RMDTEST); $(BUILD_CMD)
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--      @target=$(MDC2TEST); $(BUILD_CMD)
-+      +@target=$(MDC2TEST); $(BUILD_CMD)
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--      @target=$(MD4TEST); $(BUILD_CMD)
-+      +@target=$(MD4TEST); $(BUILD_CMD)
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--      @target=$(MD5TEST); $(BUILD_CMD)
-+      +@target=$(MD5TEST); $(BUILD_CMD)
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--      @target=$(HMACTEST); $(BUILD_CMD)
-+      +@target=$(HMACTEST); $(BUILD_CMD)
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--      @target=$(WPTEST); $(BUILD_CMD)
-+      +@target=$(WPTEST); $(BUILD_CMD)
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--      @target=$(RC2TEST); $(BUILD_CMD)
-+      +@target=$(RC2TEST); $(BUILD_CMD)
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--      @target=$(BFTEST); $(BUILD_CMD)
-+      +@target=$(BFTEST); $(BUILD_CMD)
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--      @target=$(CASTTEST); $(BUILD_CMD)
-+      +@target=$(CASTTEST); $(BUILD_CMD)
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--      @target=$(RC4TEST); $(BUILD_CMD)
-+      +@target=$(RC4TEST); $(BUILD_CMD)
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--      @target=$(RC5TEST); $(BUILD_CMD)
-+      +@target=$(RC5TEST); $(BUILD_CMD)
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--      @target=$(DESTEST); $(BUILD_CMD)
-+      +@target=$(DESTEST); $(BUILD_CMD)
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--      @target=$(RANDTEST); $(BUILD_CMD)
-+      +@target=$(RANDTEST); $(BUILD_CMD)
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--      @target=$(DHTEST); $(BUILD_CMD)
-+      +@target=$(DHTEST); $(BUILD_CMD)
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--      @target=$(DSATEST); $(BUILD_CMD)
-+      +@target=$(DSATEST); $(BUILD_CMD)
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--      @target=$(METHTEST); $(BUILD_CMD)
-+      +@target=$(METHTEST); $(BUILD_CMD)
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--      @target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+      +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--      @target=$(ENGINETEST); $(BUILD_CMD)
-+      +@target=$(ENGINETEST); $(BUILD_CMD)
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--      @target=$(EVPTEST); $(BUILD_CMD)
-+      +@target=$(EVPTEST); $(BUILD_CMD)
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--      @target=$(ECDSATEST); $(BUILD_CMD)
-+      +@target=$(ECDSATEST); $(BUILD_CMD)
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--      @target=$(ECDHTEST); $(BUILD_CMD)
-+      +@target=$(ECDHTEST); $(BUILD_CMD)
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--      @target=$(IGETEST); $(BUILD_CMD)
-+      +@target=$(IGETEST); $(BUILD_CMD)
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--      @target=$(JPAKETEST); $(BUILD_CMD)
-+      +@target=$(JPAKETEST); $(BUILD_CMD)
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--      @target=$(ASN1TEST); $(BUILD_CMD)
-+      +@target=$(ASN1TEST); $(BUILD_CMD)
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--      @target=$(SRPTEST); $(BUILD_CMD)
-+      +@target=$(SRPTEST); $(BUILD_CMD)
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
-       @target=$(V3NAMETEST); $(BUILD_CMD)
-@@ -522,7 +522,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
+@@ -529,7 +529,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
  #     fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
index 957c5cf..e69de29 100644 (file)
@@ -1,11 +0,0 @@
---- a/crypto/ui/ui_openssl.c
-+++ b/crypto/ui/ui_openssl.c
-@@ -194,7 +194,7 @@
- # undef  SGTTY
- #endif
--#if defined(linux) && !defined(TERMIO)
-+#if defined(linux) && !defined(TERMIO) && !defined(TERMIOS)
- # undef  TERMIOS
- # define TERMIO
- # undef  SGTTY