From 85e7efff1afd1f00c2e83e7f71a80375824f42d4 Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Thu, 19 Mar 2015 11:34:40 -0300 Subject: [PATCH] openssl: security bump to version 1.0.2a Fixes: CVE-2015-0291 - ClientHello sigalgs DoS CVE-2015-0290 - Multiblock corrupted pointer CVE-2015-0207 - Segmentation fault in DTLSv1_listen CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0208 - Segmentation fault for invalid PSS parameters CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences CVE-2015-0293 - DoS via reachable assert in SSLv2 servers CVE-2015-1787 - Empty CKE with client auth and DHE CVE-2015-0285 - Handshake with unseeded PRNG CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref musl patch removed since it's no longer necessary. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- package/openssl/004-musl-termios.patch | 46 -------------------------- package/openssl/openssl.hash | 8 ++--- package/openssl/openssl.mk | 2 +- 3 files changed, 5 insertions(+), 51 deletions(-) delete mode 100644 package/openssl/004-musl-termios.patch diff --git a/package/openssl/004-musl-termios.patch b/package/openssl/004-musl-termios.patch deleted file mode 100644 index 66631d1129..0000000000 --- a/package/openssl/004-musl-termios.patch +++ /dev/null @@ -1,46 +0,0 @@ -http://rt.openssl.org/Ticket/Display.html?id=3123 - -From: Kevin Bortis - -The attached patch fixes issues with musl libc on linux. musl does -implement the POSIX 2008 standard termios.h on linux and does not -include the non standard interface termio.h. - -The problem with dlinfo does no longer exists, since musl has -implemented the required interface. - -This closes #2823 for me. - -Tested version: -musl libc: 0.9.13 -openssl git: 1769dfab06dcf93a1c310ca7ea9531afcc448d0a - -Comparison of termios.h implementation on linux: - -glibc 2.17: does implement termios.h, passes make test -musl 0.9.13: does implement termios.h, passes make test -uClibc 0.9.33.2: does implement termios.h, not tested -dietlibc 0.33: does implement termios.h, not tested - -I don't know the reason why termio.h is prefered on linux, since -termios.h is generally prefered and implemented by all major libc -implementations. - -Regards -Kevin - ---- a/crypto/ui/ui_openssl.c 2013-09-08 11:00:10.130572803 +0200 -+++ b/crypto/ui/ui_openssl.c 2013-09-08 11:29:35.806580447 +0200 -@@ -190,9 +190,9 @@ - # undef SGTTY - #endif - --#if defined(linux) && !defined(TERMIO) --# undef TERMIOS --# define TERMIO -+#if defined(linux) -+# define TERMIOS -+# undef TERMIO - # undef SGTTY - #endif - diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash index a8cb172005..c9987fca79 100644 --- a/package/openssl/openssl.hash +++ b/package/openssl/openssl.hash @@ -1,4 +1,4 @@ -# From https://www.openssl.org/source/openssl-1.0.2.tar.gz.md5 -# From https://www.openssl.org/source/openssl-1.0.2.tar.gz.sha1 -md5 38373013fc85c790aabf8837969c5eba openssl-1.0.2.tar.gz -sha1 2f264f7f6bb973af444cd9fc6ee65c8588f610cc openssl-1.0.2.tar.gz +# From https://www.openssl.org/source/openssl-1.0.2a.tar.gz.md5 +# From https://www.openssl.org/source/openssl-1.0.2a.tar.gz.sha1 +md5 a06c547dac9044161a477211049f60ef openssl-1.0.2a.tar.gz +sha1 46ecd325b8e587fa491f6bb02ad4a9fb9f382f5f openssl-1.0.2a.tar.gz diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk index 48f287e2c1..5ed59c0dad 100644 --- a/package/openssl/openssl.mk +++ b/package/openssl/openssl.mk @@ -4,7 +4,7 @@ # ################################################################################ -OPENSSL_VERSION = 1.0.2 +OPENSSL_VERSION = 1.0.2a OPENSSL_SITE = http://www.openssl.org/source OPENSSL_LICENSE = OpenSSL or SSLeay OPENSSL_LICENSE_FILES = LICENSE