From d450e490e1f5581ddb508d5e3220565f7f95dc03 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Tue, 13 Mar 2012 22:09:48 +0000
Subject: [PATCH] openssl 1.0.0h update patch

Hi

this patch updates openssl to 1.0.0h and refreshes all patches.
This fixes CVE-2012-0884.

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 30939
---
 package/openssl/Makefile                       |  4 ++--
 package/openssl/patches/150-no_engines.patch   | 18 +++++++++---------
 .../patches/160-disable_doc_tests.patch        |  4 ++--
 .../patches/190-remove_timestamp_check.patch   |  4 ++--
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/package/openssl/Makefile b/package/openssl/Makefile
index d72b06a88e..22e85ec7a8 100644
--- a/package/openssl/Makefile
+++ b/package/openssl/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.0g
+PKG_VERSION:=1.0.0h
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -16,7 +16,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \
 	ftp://ftp.webmonster.de/pub/openssl/source/ \
 	ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=07ecbe4324f140d157478637d6beccf1
+PKG_MD5SUM:=a5bc483c570f2ac3758ce5c19b667fab
 
 PKG_BUILD_DEPENDS:=ocf-crypto-headers
 PKG_CONFIG_DEPENDS:=CONFIG_OPENSSL_ENGINE
diff --git a/package/openssl/patches/150-no_engines.patch b/package/openssl/patches/150-no_engines.patch
index 09d733ad0b..f245fae27b 100644
--- a/package/openssl/patches/150-no_engines.patch
+++ b/package/openssl/patches/150-no_engines.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -1886,6 +1886,11 @@ EOF
+@@ -1888,6 +1888,11 @@ EOF
  	close(OUT);
    }
    
@@ -14,7 +14,7 @@
  Configured for $target.
 --- a/util/libeay.num
 +++ b/util/libeay.num
-@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it                      
+@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it
  UI_add_error_string                     2633	EXIST::FUNCTION:
  KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
  OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
@@ -22,7 +22,7 @@
  ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
  PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new                       
+@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new
  AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
  OCSP_resp_count                         3025	EXIST::FUNCTION:
  KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
@@ -30,7 +30,7 @@
  OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
  ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
  NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2576,7 +2574,6 @@ ASN1_primitive_free                     
+@@ -2576,7 +2574,6 @@ ASN1_primitive_free
  i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
  i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
  asn1_enc_save                           3054	EXIST::FUNCTION:
@@ -38,7 +38,7 @@
  _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
  PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2600,7 +2597,6 @@ asn1_get_choice_selector                
+@@ -2600,7 +2597,6 @@ asn1_get_choice_selector
  i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
  ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
  AES_options                             3074	EXIST::FUNCTION:AES
@@ -46,7 +46,7 @@
  OCSP_id_cmp                             3076	EXIST::FUNCTION:
  OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
  OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
-@@ -2667,7 +2663,6 @@ OCSP_CRLID_it                           
+@@ -2667,7 +2663,6 @@ OCSP_CRLID_it
  OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
  OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
@@ -54,7 +54,7 @@
  X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2762,8 +2757,6 @@ DES_read_2passwords                     
+@@ -2762,8 +2757,6 @@ DES_read_2passwords
  DES_read_password                       3207	EXIST::FUNCTION:DES
  UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
  UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
@@ -63,7 +63,7 @@
  OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
  OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
  OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
-@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules            
+@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules
  AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
  AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
  AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
@@ -71,7 +71,7 @@
  _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
  EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
  EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
-@@ -3107,7 +3099,6 @@ EC_GFp_nist_method                      
+@@ -3107,7 +3099,6 @@ EC_GFp_nist_method
  STORE_meth_set_modify_fn                3530	NOEXIST::FUNCTION:
  STORE_method_set_modify_function        3530	NOEXIST::FUNCTION:
  STORE_parse_attrs_next                  3531	NOEXIST::FUNCTION:
diff --git a/package/openssl/patches/160-disable_doc_tests.patch b/package/openssl/patches/160-disable_doc_tests.patch
index ca6c8c2a5f..90f553a536 100644
--- a/package/openssl/patches/160-disable_doc_tests.patch
+++ b/package/openssl/patches/160-disable_doc_tests.patch
@@ -36,7 +36,7 @@
  
  build_libs: build_crypto build_ssl build_engines
  
-@@ -494,7 +494,7 @@ dist:   
+@@ -497,7 +497,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -47,7 +47,7 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -492,7 +492,7 @@ dist:   
+@@ -495,7 +495,7 @@ dist:
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
diff --git a/package/openssl/patches/190-remove_timestamp_check.patch b/package/openssl/patches/190-remove_timestamp_check.patch
index f30c649b6a..d6ec497fd1 100644
--- a/package/openssl/patches/190-remove_timestamp_check.patch
+++ b/package/openssl/patches/190-remove_timestamp_check.patch
@@ -9,8 +9,8 @@
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -351,11 +351,6 @@ openssl.pc: Makefile
- 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+@@ -354,11 +354,6 @@ openssl.pc: Makefile
+ 	    echo 'Libs.private: $(EX_LIBS)'; \
  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
  
 -Makefile: Makefile.org Configure config
-- 
2.30.2