Difuse/difos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openssl: security update to 1.0.1d to address CBC TLS issue

Browse source 
addressing
CVE-2013-0169: 4th February 2013

Signed-off-by: Tim Yardley <yardley@gmail.com>

SVN-Revision: 35524
This commit is contained in:
Tim Yardley 2013-02-08 19:36:06 +00:00
parent 6ff973bdda
commit b521113aa1
6 changed files with 15 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package/libs/openssl/Makefile
View file

@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=openssl PKG_NAME:=openssl
PKG_VERSION:=1.0.1c PKG_VERSION:=1.0.1d
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@ -16,7 +16,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \ ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \
ftp://ftp.webmonster.de/pub/openssl/source/ \ ftp://ftp.webmonster.de/pub/openssl/source/ \
ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
PKG_MD5SUM:=ae412727c8c15b67880aef7bd2999b2e PKG_MD5SUM:=b92fc634f0f1f31a67ed4175adc5ba33
PKG_LICENSE:=SSLEAY OPENSSL PKG_LICENSE:=SSLEAY OPENSSL
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE

2
package/libs/openssl/patches/110-optimize-for-size.patch
View file

@ -1,6 +1,6 @@
--- a/Configure --- a/Configure
+++ b/Configure +++ b/Configure
@@ -401,6 +401,10 @@ my %table=( @@ -402,6 +402,10 @@ my %table=(
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

18
package/libs/openssl/patches/150-no_engines.patch
View file

@ -1,6 +1,6 @@
--- a/Configure --- a/Configure
+++ b/Configure +++ b/Configure
@@ -2000,6 +2000,11 @@ EOF @@ -2003,6 +2003,11 @@ EOF
close(OUT); close(OUT);
} }
@ -14,7 +14,7 @@
Configured for $target. Configured for $target.
--- a/util/libeay.num --- a/util/libeay.num
+++ b/util/libeay.num +++ b/util/libeay.num
@@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it @@ -2071,7 +2071,6 @@ PKCS7_ATTR_SIGN_it
UI_add_error_string 2633 EXIST::FUNCTION: UI_add_error_string 2633 EXIST::FUNCTION:
KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
@ -22,7 +22,7 @@
ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new @@ -2545,7 +2544,6 @@ OCSP_RESPONSE_new
AES_set_encrypt_key 3024 EXIST::FUNCTION:AES AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
OCSP_resp_count 3025 EXIST::FUNCTION: OCSP_resp_count 3025 EXIST::FUNCTION:
KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
@ -30,7 +30,7 @@
OCSP_onereq_get0_id 3028 EXIST::FUNCTION: OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2576,7 +2574,6 @@ ASN1_primitive_free @@ -2576,7 +2574,6 @@ ASN1_primitive_free
i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
asn1_enc_save 3054 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION:
@ -38,7 +38,7 @@
_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2600,7 +2597,6 @@ asn1_get_choice_selector @@ -2600,7 +2597,6 @@ asn1_get_choice_selector
i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
AES_options 3074 EXIST::FUNCTION:AES AES_options 3074 EXIST::FUNCTION:AES
@ -46,7 +46,7 @@
OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_id_cmp 3076 EXIST::FUNCTION:
OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
@@ -2667,7 +2663,6 @@ OCSP_CRLID_it @@ -2667,7 +2663,6 @@ OCSP_CRLID_it
OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
@ -54,7 +54,7 @@
X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2762,8 +2757,6 @@ DES_read_2passwords @@ -2762,8 +2757,6 @@ DES_read_2passwords
DES_read_password 3207 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES
UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw 3208 EXIST::FUNCTION:
UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
@ -63,7 +63,7 @@
OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
@@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules @@ -2772,7 +2765,6 @@ OPENSSL_load_builtin_modules
AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
@ -71,7 +71,7 @@
_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
@@ -3107,7 +3099,6 @@ EC_GFp_nist_method @@ -3107,7 +3099,6 @@ EC_GFp_nist_method
STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION: STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION:
STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: STORE_method_set_modify_function 3530 NOEXIST::FUNCTION:
STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: STORE_parse_attrs_next 3531 NOEXIST::FUNCTION:

4
package/libs/openssl/patches/160-disable_doc_tests.patch
View file

@ -36,7 +36,7 @@
build_libs: build_crypto build_ssl build_engines build_libs: build_crypto build_ssl build_engines
@@ -539,7 +539,7 @@ dist: @@ -539,7 +539,7 @@ dist:
dist_pem_h: dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@ -47,7 +47,7 @@
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--- a/Makefile.org --- a/Makefile.org
+++ b/Makefile.org +++ b/Makefile.org
@@ -537,7 +537,7 @@ dist: @@ -537,7 +537,7 @@ dist:
dist_pem_h: dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)

2
package/libs/openssl/patches/200-etrax_support.patch
View file

@ -1,6 +1,6 @@
--- a/Configure --- a/Configure
+++ b/Configure +++ b/Configure
@@ -440,6 +440,10 @@ my %table=( @@ -443,6 +443,10 @@ my %table=(
"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", "beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so", "beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",

64
package/libs/openssl/patches/210-fix_aes_mips.patch
View file

@ -1,64 +0,0 @@
--- a/crypto/aes/asm/aes-mips.pl
+++ b/crypto/aes/asm/aes-mips.pl
@@ -1036,9 +1036,9 @@ _mips_AES_set_encrypt_key:
nop
.end _mips_AES_set_encrypt_key
-.globl AES_set_encrypt_key
-.ent AES_set_encrypt_key
-AES_set_encrypt_key:
+.globl private_AES_set_encrypt_key
+.ent private_AES_set_encrypt_key
+private_AES_set_encrypt_key:
.frame $sp,$FRAMESIZE,$ra
.mask $SAVED_REGS_MASK,-$SZREG
.set noreorder
@@ -1060,7 +1060,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); #
___
$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
.cplocal $Tbl
- .cpsetup $pf,$zero,AES_set_encrypt_key
+ .cpsetup $pf,$zero,private_AES_set_encrypt_key
___
$code.=<<___;
.set reorder
@@ -1083,7 +1083,7 @@ ___
$code.=<<___;
jr $ra
$PTR_ADD $sp,$FRAMESIZE
-.end AES_set_encrypt_key
+.end private_AES_set_encrypt_key
___
my ($head,$tail)=($inp,$bits);
@@ -1091,9 +1091,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$
my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
$code.=<<___;
.align 5
-.globl AES_set_decrypt_key
-.ent AES_set_decrypt_key
-AES_set_decrypt_key:
+.globl private_AES_set_decrypt_key
+.ent private_AES_set_decrypt_key
+private_AES_set_decrypt_key:
.frame $sp,$FRAMESIZE,$ra
.mask $SAVED_REGS_MASK,-$SZREG
.set noreorder
@@ -1115,7 +1115,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); #
___
$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification
.cplocal $Tbl
- .cpsetup $pf,$zero,AES_set_decrypt_key
+ .cpsetup $pf,$zero,private_AES_set_decrypt_key
___
$code.=<<___;
.set reorder
@@ -1226,7 +1226,7 @@ ___
$code.=<<___;
jr $ra
$PTR_ADD $sp,$FRAMESIZE
-.end AES_set_decrypt_key
+.end private_AES_set_decrypt_key
___
}}}