From cde940bc6a5fcd98c30b9af2cbcd247acc240134 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Wed, 8 Sep 2021 17:08:50 -0400 Subject: [PATCH] openssl: bump to 1.1.1l This version fixes two vulnerabilities: - SM2 Decryption Buffer Overflow (CVE-2021-3711) Severity: High - Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Severity: Medium Upstream commits : fdea0036a210427477b6cc1de7cee036e18aff39 40c03b101cf40af4a6f6e1efb4731edabfe88ea9 --- package/libs/openssl/Makefile | 7 +++---- .../410-eng_devcrypto-add-configuration-options.patch | 5 ++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 07af0b5e86..af01eda6d2 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=k +PKG_BUGFIX:=l PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ -PKG_HASH:=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5 +PKG_HASH:=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE @@ -333,6 +333,7 @@ define Build/Configure --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ + --cross-compile-prefix="$(TARGET_CROSS)" \ $(TARGET_CPPFLAGS) \ $(TARGET_LDFLAGS) \ $(OPENSSL_OPTIONS) && \ @@ -345,14 +346,12 @@ TARGET_LDFLAGS += -Wl,--gc-sections define Build/Compile +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ - CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ LIBRECMC_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ $(OPENSSL_MAKEFLAGS) \ all $(MAKE) -C $(PKG_BUILD_DIR) \ - CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ DESTDIR="$(PKG_INSTALL_DIR)" \ $(OPENSSL_MAKEFLAGS) \ diff --git a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch index 8745364cf2..6d0fbfc982 100644 --- a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch +++ b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch @@ -1,4 +1,4 @@ -From 1c2fabcdb34e436286b4a8760cfbfbff11ea551a Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Sat, 3 Nov 2018 15:41:10 -0300 Subject: eng_devcrypto: add configuration options @@ -14,7 +14,6 @@ Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7585) diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c -index a2c9a966f7..5ec38ca8f3 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -16,6 +16,7 @@ @@ -558,7 +557,7 @@ index a2c9a966f7..5ec38ca8f3 100644 /****************************************************************************** * * LOAD / UNLOAD -@@ -793,6 +1109,8 @@ void engine_load_devcrypto_int() +@@ -806,6 +1122,8 @@ void engine_load_devcrypto_int() if (!ENGINE_set_id(e, "devcrypto") || !ENGINE_set_name(e, "/dev/crypto engine") -- 2.25.1