From: Magnus Kroken Date: Mon, 26 Sep 2016 15:21:52 +0000 (+0200) Subject: openssl: update to 1.0.2j X-Git-Tag: v17.01.0-rc1~1347 X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=commitdiff_plain;h=b1f39d3d7ee7ba0714e45af64a935b01877a5175 openssl: update to 1.0.2j A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Patches applied upstream: * 301-fix_no_nextprotoneg_build.patch * 302-Fix_typo_introduced_by_a03f81f4.patch Security advisory: https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Magnus Kroken --- diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index a41686fd9b..a09c148f7b 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.0.2 -PKG_BUGFIX:=i +PKG_BUGFIX:=j PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -23,7 +23,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f +PKG_MD5SUM:=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch b/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch deleted file mode 100644 index 91465a33ea..0000000000 --- a/package/libs/openssl/patches/301-fix_no_nextprotoneg_build.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f15a7e39a1f7d41716ca5f07faef74f55147d2cf Mon Sep 17 00:00:00 2001 -From: Dirk Feytons -Date: Thu, 22 Sep 2016 16:17:45 +0200 -Subject: [PATCH] Fix build with no-nextprotoneg - -Add a missing ifdef. Same change is already present in master. - -Reviewed-by: Matt Caswell -Reviewed-by: Rich Salz -(Merged from https://github.com/openssl/openssl/pull/1100) ---- - ssl/t1_ext.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/ssl/t1_ext.c -+++ b/ssl/t1_ext.c -@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int - case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: - case TLSEXT_TYPE_heartbeat: -+# ifndef OPENSSL_NO_NEXTPROTONEG - case TLSEXT_TYPE_next_proto_neg: -+# endif - case TLSEXT_TYPE_padding: - case TLSEXT_TYPE_renegotiate: - case TLSEXT_TYPE_server_name: diff --git a/package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch b/package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch deleted file mode 100644 index 8b14365fe1..0000000000 --- a/package/libs/openssl/patches/302-Fix_typo_introduced_by_a03f81f4.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 581215a519c66db7255ea360ed25bb00033ccd52 Mon Sep 17 00:00:00 2001 -From: Rich Salz -Date: Thu, 22 Sep 2016 08:47:45 -0400 -Subject: [PATCH] Fix typo introduced by a03f81f4 - -Reviewed-by: Richard Levitte ---- - crypto/engine/eng_cryptodev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/crypto/engine/eng_cryptodev.c -+++ b/crypto/engine/eng_cryptodev.c -@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_ - if (fstate->mac_len != 0) { - if (fstate->mac_data != NULL) { - dstate->mac_data = OPENSSL_malloc(fstate->mac_len); -- if (dstate->ac_data == NULL) { -+ if (dstate->mac_data == NULL) { - printf("cryptodev_digest_init: malloc failed\n"); - return 0; - }