openssl: bump to 1.0.2

Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44332 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 3e55614..7a21e51 100644 (file)
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=1.0.1l
+PKG_VERSION:=1.0.2
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
@@ -18,7 +18,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
        ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
        ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=cdb22925fc9bc97ccbf1e007661f2aa6
+PKG_MD5SUM:=38373013fc85c790aabf8837969c5eba
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE

diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch
index 2683819..b0adfc1 100644 (file)
--- a/package/libs/openssl/patches/110-optimize-for-size.patch
+++ b/package/libs/openssl/patches/110-optimize-for-size.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -403,6 +403,11 @@ my %table=(
+@@ -443,6 +443,11 @@ my %table=(
  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  

diff --git a/package/libs/openssl/patches/130-perl-path.patch b/package/libs/openssl/patches/130-perl-path.patch
index dd4fa54..2dbdc76 100644 (file)
--- a/package/libs/openssl/patches/130-perl-path.patch
+++ b/package/libs/openssl/patches/130-perl-path.patch
@@ -12,8 +12,8 @@
 -#!/usr/local/bin/perl
 +#!/usr/bin/perl
  
- 
  # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
 --- a/util/clean-depend.pl
 +++ b/util/clean-depend.pl
 @@ -1,4 +1,4 @@

diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/140-makefile-dirs.patch
index b51ca28..7503dfc 100644 (file)
--- a/package/libs/openssl/patches/140-makefile-dirs.patch
+++ b/package/libs/openssl/patches/140-makefile-dirs.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -135,7 +135,7 @@ FIPSCANLIB=
+@@ -136,7 +136,7 @@ FIPSCANLIB=
  
  BASEADDR=
  

diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
index 161cd29..790da30 100644 (file)
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ b/package/libs/openssl/patches/150-no_engines.patch
@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2017,6 +2017,11 @@ EOF
+@@ -2075,6 +2075,11 @@ EOF
        close(OUT);
    }
    

diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch
index 54f58fb..e31ffa5 100644 (file)
--- a/package/libs/openssl/patches/160-disable_doc_tests.patch
+++ b/package/libs/openssl/patches/160-disable_doc_tests.patch
@@ -1,6 +1,6 @@
 --- a/Makefile
 +++ b/Makefile
-@@ -137,7 +137,7 @@ FIPSCANLIB=
+@@ -138,7 +138,7 @@ FIPSCANLIB=
  
  BASEADDR=0xFB00000
  
@@ -9,7 +9,7 @@
  ENGDIRS= ccgost
  SHLIBDIRS= crypto ssl
  
-@@ -155,7 +155,7 @@ SDIRS=  \
+@@ -156,7 +156,7 @@ SDIRS=  \
  
  # tests to perform.  "alltests" is a special word indicating that all tests
  # should be performed.
@@ -18,7 +18,7 @@
  
  MAKEFILE= Makefile
  
-@@ -169,7 +169,7 @@ SHELL=/bin/sh
+@@ -170,7 +170,7 @@ SHELL=/bin/sh
  
  TOP=    .
  ONEDIRS=out tmp
@@ -27,7 +27,7 @@
  WDIRS=  windows
  LIBS=   libcrypto.a libssl.a
  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -270,7 +270,7 @@ reflect:
+@@ -271,7 +271,7 @@ reflect:
        @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
  
  sub_all: build_all
@@ -36,7 +36,7 @@
  
  build_libs: build_crypto build_ssl build_engines
  
-@@ -540,7 +540,7 @@ dist:
+@@ -538,7 +538,7 @@ dist:
  dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -47,7 +47,7 @@
        @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -538,7 +538,7 @@ dist:
+@@ -536,7 +536,7 @@ dist:
  dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  

diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch
index 4600688..86b17d0 100644 (file)
--- a/package/libs/openssl/patches/190-remove_timestamp_check.patch
+++ b/package/libs/openssl/patches/190-remove_timestamp_check.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -184,7 +184,7 @@ WTARFILE=       $(NAME)-win.tar
+@@ -185,7 +185,7 @@ WTARFILE=       $(NAME)-win.tar
  EXHEADER=       e_os2.h
  HEADER=         e_os.h
  
@@ -9,9 +9,9 @@
  
  # as we stick to -e, CLEARENV ensures that local variables in lower
  # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -397,11 +397,6 @@ openssl.pc: Makefile
-           echo 'Libs.private: $(EX_LIBS)'; \
-           echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+@@ -395,11 +395,6 @@ openssl.pc: Makefile
+           echo 'Version: '$(VERSION); \
+           echo 'Requires: libssl libcrypto' ) > openssl.pc
  
 -Makefile: Makefile.org Configure config
 -      @echo "Makefile is older than Makefile.org, Configure or config."

diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
index b63e5ee..0416eab 100644 (file)
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/200-parallel_build.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -273,17 +273,17 @@ build_all: build_libs build_apps build_t
+@@ -274,17 +274,17 @@ build_all: build_libs build_apps build_t
  build_libs: build_crypto build_ssl build_engines
  
  build_crypto:
@@ -29,7 +29,7 @@
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -455,7 +455,7 @@ report:
+@@ -453,7 +453,7 @@ report:
        @$(PERL) util/selftest.pl
  
  depend:
@@ -38,7 +38,7 @@
  
  lint:
        @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -533,9 +533,9 @@ dist:
+@@ -531,9 +531,9 @@ dist:
  dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -50,7 +50,7 @@
        @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
                $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -544,12 +544,19 @@ install_sw:
+@@ -542,12 +542,19 @@ install_sw:
                $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
                $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
                $(INSTALL_PREFIX)$(OPENSSLDIR)/private
@@ -71,7 +71,7 @@
        @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
        do \
                if [ -f "$$i" ]; then \
-@@ -629,12 +636,7 @@ install_html_docs:
+@@ -631,12 +638,7 @@ install_html_docs:
                done; \
        done
  
@@ -105,7 +105,7 @@
 +      +@target=all; $(RECURSIVE_MAKE)
  
  files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+       $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
 -      @target=files; $(RECURSIVE_MAKE)
 +      +@target=files; $(RECURSIVE_MAKE)
  
@@ -118,7 +118,7 @@
 -$(LIB):       $(LIBOBJ)
 +$(LIB):       $(LIBOBJ) | subdirs
        $(AR) $(LIB) $(LIBOBJ)
-       [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+       test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
        $(RANLIB) $(LIB) || echo Never mind.
 @@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
        fi
@@ -169,7 +169,7 @@
        ctags $(SRC)
 --- a/test/Makefile
 +++ b/test/Makefile
-@@ -129,7 +129,7 @@ install:
+@@ -132,7 +132,7 @@ install:
  tags:
        ctags $(SRC)
  
@@ -178,7 +178,7 @@
  
  apps:
        @(cd ..; $(MAKE) DIRS=apps all)
-@@ -384,109 +384,109 @@ BUILD_CMD_STATIC=shlib_target=; \
+@@ -398,109 +398,109 @@ BUILD_CMD_STATIC=shlib_target=; \
                link_app.$${shlib_target}
  
  $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -321,9 +321,9 @@
 -      @target=$(SRPTEST); $(BUILD_CMD)
 +      +@target=$(SRPTEST); $(BUILD_CMD)
  
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
-       @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-@@ -505,7 +505,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+       @target=$(V3NAMETEST); $(BUILD_CMD)
+@@ -522,7 +522,7 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMET
  #     fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)

diff --git a/package/libs/openssl/patches/210-termios_fix.patch b/package/libs/openssl/patches/210-termios_fix.patch
index f14960c..957c5cf 100644 (file)
--- a/package/libs/openssl/patches/210-termios_fix.patch
+++ b/package/libs/openssl/patches/210-termios_fix.patch
@@ -1,6 +1,6 @@
 --- a/crypto/ui/ui_openssl.c
 +++ b/crypto/ui/ui_openssl.c
-@@ -190,7 +190,7 @@
+@@ -194,7 +194,7 @@
  # undef  SGTTY
  #endif