From 2665f08604ea948344b1758c34bfe63ee669a5fb Mon Sep 17 00:00:00 2001 From: agb Date: Mon, 19 Jan 2009 09:50:41 +0000 Subject: [PATCH] [package] openssl: update to 0.9.8j. thanks puchu. - addresses CVE-2008-5077 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14102 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/openssl/Makefile | 10 ++--- .../openssl/patches/100-parallel-build.patch | 24 +++++++++++ .../openssl/patches/140-makefile-dirs.patch | 18 ++++----- .../patches/160-disable_doc_tests.patch | 40 +++++++++---------- 4 files changed, 56 insertions(+), 36 deletions(-) create mode 100644 package/openssl/patches/100-parallel-build.patch diff --git a/package/openssl/Makefile b/package/openssl/Makefile index 43ca3bed7..a2de0e0ca 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -9,15 +9,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=0.9.8i -PKG_RELEASE:=3 +PKG_VERSION:=0.9.8j +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \ ftp://ftp.webmonster.de/pub/openssl/source/ \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=561e00f18821c74b2b86c8c7786f9d8b +PKG_MD5SUM:=a5cb5f6c3d11affb387ecf7a997cac0c PKG_BUILD_DEPENDS:=ocf-crypto-headers @@ -70,10 +70,10 @@ endef OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-smime \ no-rmd160 no-aes192 no-ripemd no-camellia no-ans1 no-krb5 ifeq ($(BOARD),ixp4xx) -OPENSSL_OPTIONS:= shared no-ec no-err no-fips no-hw no-threads zlib-dynamic \ +OPENSSL_OPTIONS:= shared no-ec no-err no-hw no-threads zlib-dynamic \ no-sse2 no-perlasm --with-cryptodev else -OPENSSL_OPTIONS:= shared no-ec no-err no-fips no-hw no-threads zlib-dynamic \ +OPENSSL_OPTIONS:= shared no-ec no-err no-hw no-threads zlib-dynamic \ no-engines no-sse2 no-perlasm endif diff --git a/package/openssl/patches/100-parallel-build.patch b/package/openssl/patches/100-parallel-build.patch new file mode 100644 index 000000000..eace0f491 --- /dev/null +++ b/package/openssl/patches/100-parallel-build.patch @@ -0,0 +1,24 @@ +diff -uNr openssl-0.9.8j.ORIG/Makefile.org openssl-0.9.8j/Makefile.org +--- openssl-0.9.8j.ORIG/Makefile.org 2009-01-07 18:06:31.000000000 +0000 ++++ openssl-0.9.8j/Makefile.org 2009-01-07 18:08:38.000000000 +0000 +@@ -333,15 +333,15 @@ + dir=crypto; target=all; $(BUILD_ONE_CMD) + build_fips: + @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto + @dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto + @dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_libs + @dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_libs + @dir=test; target=all; $(BUILD_ONE_CMD) +-build_tools: ++build_tools: build_libs + @dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps diff --git a/package/openssl/patches/140-makefile-dirs.patch b/package/openssl/patches/140-makefile-dirs.patch index b35c8de0e..d0eaec912 100644 --- a/package/openssl/patches/140-makefile-dirs.patch +++ b/package/openssl/patches/140-makefile-dirs.patch @@ -1,13 +1,11 @@ -Index: openssl-0.9.8e/Makefile.org -=================================================================== ---- openssl-0.9.8e.orig/Makefile.org 2007-06-04 13:23:32.048861728 +0200 -+++ openssl-0.9.8e/Makefile.org 2007-06-04 13:23:32.857738760 +0200 -@@ -104,7 +104,7 @@ - ZLIB_INCLUDE= - LIBZLIB= +--- openssl-0.9.8j/Makefile.org 2008-12-30 14:26:26.000000000 +0100 ++++ openssl-0.9.8j.patched/Makefile.org 2009-01-17 13:41:52.610868317 +0100 +@@ -131,7 +131,7 @@ --DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl apps - SHLIBDIRS= crypto ssl + BASEADDR= + +-DIRS= crypto fips ssl engines apps test tools ++DIRS= crypto fips ssl apps + SHLIBDIRS= crypto ssl fips # dirs in crypto to build diff --git a/package/openssl/patches/160-disable_doc_tests.patch b/package/openssl/patches/160-disable_doc_tests.patch index 9706a0b2a..07c8e576b 100644 --- a/package/openssl/patches/160-disable_doc_tests.patch +++ b/package/openssl/patches/160-disable_doc_tests.patch @@ -1,17 +1,16 @@ -Index: openssl-0.9.8e/Makefile -=================================================================== ---- openssl-0.9.8e.orig/Makefile 2007-06-04 13:23:31.995869784 +0200 -+++ openssl-0.9.8e/Makefile 2007-06-04 13:23:33.246679632 +0200 -@@ -106,7 +106,7 @@ - ZLIB_INCLUDE= - LIBZLIB= - --DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl engines apps tools +diff -burN openssl-0.9.8j/Makefile openssl-0.9.8j.patched/Makefile +--- openssl-0.9.8j/Makefile 2009-01-07 12:57:01.000000000 +0100 ++++ openssl-0.9.8j.patched/Makefile 2009-01-17 14:16:50.279667198 +0100 +@@ -133,7 +133,7 @@ + + BASEADDR=0xFB00000 + +-DIRS= crypto fips ssl engines apps test tools ++DIRS= crypto fips ssl engines apps tools SHLIBDIRS= crypto ssl # dirs in crypto to build -@@ -123,7 +123,7 @@ +@@ -150,7 +150,7 @@ # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -20,7 +19,7 @@ Index: openssl-0.9.8e/Makefile MAKEFILE= Makefile -@@ -135,7 +135,7 @@ +@@ -162,7 +162,7 @@ TOP= . ONEDIRS=out tmp @@ -29,16 +28,16 @@ Index: openssl-0.9.8e/Makefile WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -@@ -225,7 +225,7 @@ - @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) +@@ -321,7 +321,7 @@ + ../crypto/uid.o sub_all: build_all -build_all: build_libs build_apps build_tests build_tools +build_all: build_libs build_apps build_tools - build_libs: build_crypto build_ssl build_engines + build_libs: build_crypto build_fips build_ssl build_shared build_engines -@@ -475,7 +475,7 @@ +@@ -610,7 +610,7 @@ dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -47,11 +46,10 @@ Index: openssl-0.9.8e/Makefile install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ -Index: openssl-0.9.8e/Makefile.org -=================================================================== ---- openssl-0.9.8e.orig/Makefile.org 2007-06-04 13:23:32.857738760 +0200 -+++ openssl-0.9.8e/Makefile.org 2007-06-04 13:23:33.246679632 +0200 -@@ -473,7 +473,7 @@ +diff -burN openssl-0.9.8j/Makefile.org openssl-0.9.8j.patched/Makefile.org +--- openssl-0.9.8j/Makefile.org 2008-12-30 14:26:26.000000000 +0100 ++++ openssl-0.9.8j.patched/Makefile.org 2009-01-17 14:14:18.874409981 +0100 +@@ -608,7 +608,7 @@ dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) -- 2.35.1