openssl: update to 1.0.2j
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Patches applied upstream: * 301-fix_no_nextprotoneg_build.patch * 302-Fix_typo_introduced_by_a03f81f4.patch Security advisory: https://www.openssl.org/news/secadv/20160926.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This commit is contained in:
Magnus Kroken
committed by
John Crispin
John Crispin
parent
142ec7ada9
commit
b1f39d3d7e
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=openssl
|
PKG_NAME:=openssl
|
||||||
PKG_BASE:=1.0.2
|
PKG_BASE:=1.0.2
|
||||||
PKG_BUGFIX:=i
|
PKG_BUGFIX:=j
|
||||||
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
@@ -23,7 +23,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
|
|||||||
http://www.openssl.org/source/old/$(PKG_BASE)/ \
|
http://www.openssl.org/source/old/$(PKG_BASE)/ \
|
||||||
ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
|
ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
|
||||||
ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
|
ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
|
||||||
PKG_MD5SUM:=9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f
|
PKG_MD5SUM:=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
|
||||||
|
|
||||||
PKG_LICENSE:=OpenSSL
|
PKG_LICENSE:=OpenSSL
|
||||||
PKG_LICENSE_FILES:=LICENSE
|
PKG_LICENSE_FILES:=LICENSE
|
||||||
|
|||||||
@@ -1,26 +0,0 @@
|
|||||||
From f15a7e39a1f7d41716ca5f07faef74f55147d2cf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dirk Feytons <dirk.feytons@gmail.com>
|
|
||||||
Date: Thu, 22 Sep 2016 16:17:45 +0200
|
|
||||||
Subject: [PATCH] Fix build with no-nextprotoneg
|
|
||||||
|
|
||||||
Add a missing ifdef. Same change is already present in master.
|
|
||||||
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/1100)
|
|
||||||
---
|
|
||||||
ssl/t1_ext.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
--- a/ssl/t1_ext.c
|
|
||||||
+++ b/ssl/t1_ext.c
|
|
||||||
@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int
|
|
||||||
case TLSEXT_TYPE_ec_point_formats:
|
|
||||||
case TLSEXT_TYPE_elliptic_curves:
|
|
||||||
case TLSEXT_TYPE_heartbeat:
|
|
||||||
+# ifndef OPENSSL_NO_NEXTPROTONEG
|
|
||||||
case TLSEXT_TYPE_next_proto_neg:
|
|
||||||
+# endif
|
|
||||||
case TLSEXT_TYPE_padding:
|
|
||||||
case TLSEXT_TYPE_renegotiate:
|
|
||||||
case TLSEXT_TYPE_server_name:
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
From 581215a519c66db7255ea360ed25bb00033ccd52 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rich Salz <rsalz@openssl.org>
|
|
||||||
Date: Thu, 22 Sep 2016 08:47:45 -0400
|
|
||||||
Subject: [PATCH] Fix typo introduced by a03f81f4
|
|
||||||
|
|
||||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
||||||
---
|
|
||||||
crypto/engine/eng_cryptodev.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
--- a/crypto/engine/eng_cryptodev.c
|
|
||||||
+++ b/crypto/engine/eng_cryptodev.c
|
|
||||||
@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_
|
|
||||||
if (fstate->mac_len != 0) {
|
|
||||||
if (fstate->mac_data != NULL) {
|
|
||||||
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
|
|
||||||
- if (dstate->ac_data == NULL) {
|
|
||||||
+ if (dstate->mac_data == NULL) {
|
|
||||||
printf("cryptodev_digest_init: malloc failed\n");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user