From: Eneas U de Queiroz Date: Tue, 28 May 2019 20:07:57 +0000 (+0000) Subject: openssl: update to version 1.1.1c X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=f22ef1f1de8816201c6d8551e1bb3f3fc58c4328;p=openwrt%2Fstaging%2Fthess.git openssl: update to version 1.1.1c Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz Signed-off-by: Christian Lamparter [DMARC removal] --- diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index c173ede9b3..f16c24f7c6 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=b +PKG_BUGFIX:=c PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=5 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ -PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b +PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch deleted file mode 100644 index 3923ac41da..0000000000 --- a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001 -From: Richard Levitte -Date: Wed, 20 Mar 2019 10:18:13 +0100 -Subject: [PATCH] OPENSSL_config(): restore error agnosticism - -Great effort has been made to make initialization more configurable. -However, the behavior of OPENSSL_config() was lost in the process, -having it suddenly generate errors it didn't previously, which is not -how it's documented to behave. - -A simple setting of default flags fixes this problem. - -Fixes #8528 - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/8533) - -(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52) - -diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c -index 2ce42f0c67..3805c426d8 100644 ---- a/crypto/conf/conf_sap.c -+++ b/crypto/conf/conf_sap.c -@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname) - memset(&settings, 0, sizeof(settings)); - if (appname != NULL) - settings.appname = strdup(appname); -+ settings.flags = DEFAULT_CONF_MFLAGS; - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); - } - #endif