From c476954633887d8a1fcd80482e821074d7c4a36e Mon Sep 17 00:00:00 2001 From: Daniel Bailey Date: Thu, 18 Apr 2019 12:36:38 -0700 Subject: [PATCH] openssl: bump to 1.0.2r This fixes the following security problems: 1.0.2r: * CVE-2019-1559: 0-byte record padding oracle Signed-off-by: Daniel Bailey Signed-off-by: Christian Lamparter [fixed patch, refreshed patches] --- package/libs/openssl/Makefile | 4 ++-- package/libs/openssl/patches/200-parallel_build.patch | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 7167a64f3d..331fbada12 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.0.2 -PKG_BUGFIX:=q +PKG_BUGFIX:=r PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -23,7 +23,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 +PKG_HASH:=ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch index 37134e4030..cbe5d51241 100644 --- a/package/libs/openssl/patches/200-parallel_build.patch +++ b/package/libs/openssl/patches/200-parallel_build.patch @@ -92,7 +92,7 @@ fi; \ --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -85,11 +85,11 @@ testapps: +@@ -87,11 +87,11 @@ testapps: @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi subdirs: @@ -106,7 +106,7 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ links: +@@ -102,7 +102,7 @@ links: # lib: $(LIB): are splitted to avoid end-less loop lib: $(LIB) @touch lib @@ -115,7 +115,7 @@ $(AR) $(LIB) $(LIBOBJ) test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs +@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs fi libs: @@ -124,7 +124,7 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ install: +@@ -122,7 +122,7 @@ install: (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; -- 2.25.1