NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl: security bump to version 1.0.2a

Browse Source 
Fixes:
CVE-2015-0291 - ClientHello sigalgs DoS
CVE-2015-0290 - Multiblock corrupted pointer
CVE-2015-0207 - Segmentation fault in DTLSv1_listen
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0208 - Segmentation fault for invalid PSS parameters
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
CVE-2015-0293 - DoS via reachable assert in SSLv2 servers
CVE-2015-1787 - Empty CKE with client auth and DHE
CVE-2015-0285 - Handshake with unseeded PRNG
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref

musl patch removed since it's no longer necessary.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2015-03-19 11:34:40 -03:00 committed by Peter Korsgaard
parent 6e404d5294
commit 85e7efff1a
3 changed files with 5 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
package/openssl/004-musl-termios.patch
View File

@ -1,46 +0,0 @@
http://rt.openssl.org/Ticket/Display.html?id=3123
From: Kevin Bortis <pkgs@bortis.ch>
The attached patch fixes issues with musl libc on linux. musl does
implement the POSIX 2008 standard termios.h on linux and does not
include the non standard interface termio.h.
The problem with dlinfo does no longer exists, since musl has
implemented the required interface.
This closes #2823 for me.
Tested version:
musl libc: 0.9.13
openssl git: 1769dfab06dcf93a1c310ca7ea9531afcc448d0a
Comparison of termios.h implementation on linux:
glibc 2.17: does implement termios.h, passes make test
musl 0.9.13: does implement termios.h, passes make test
uClibc 0.9.33.2: does implement termios.h, not tested
dietlibc 0.33: does implement termios.h, not tested
I don't know the reason why termio.h is prefered on linux, since
termios.h is generally prefered and implemented by all major libc
implementations.
Regards
Kevin
--- a/crypto/ui/ui_openssl.c 2013-09-08 11:00:10.130572803 +0200
+++ b/crypto/ui/ui_openssl.c 2013-09-08 11:29:35.806580447 +0200
@@ -190,9 +190,9 @@
# undef SGTTY
#endif
-#if defined(linux) && !defined(TERMIO)
-# undef TERMIOS
-# define TERMIO
+#if defined(linux)
+# define TERMIOS
+# undef TERMIO
# undef SGTTY
#endif

8
package/openssl/openssl.hash
View File

@ -1,4 +1,4 @@
# From https://www.openssl.org/source/openssl-1.0.2.tar.gz.md5
# From https://www.openssl.org/source/openssl-1.0.2.tar.gz.sha1
md5 38373013fc85c790aabf8837969c5eba openssl-1.0.2.tar.gz
sha1 2f264f7f6bb973af444cd9fc6ee65c8588f610cc openssl-1.0.2.tar.gz
# From https://www.openssl.org/source/openssl-1.0.2a.tar.gz.md5
# From https://www.openssl.org/source/openssl-1.0.2a.tar.gz.sha1
md5 a06c547dac9044161a477211049f60ef openssl-1.0.2a.tar.gz
sha1 46ecd325b8e587fa491f6bb02ad4a9fb9f382f5f openssl-1.0.2a.tar.gz

2
package/openssl/openssl.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
OPENSSL_VERSION = 1.0.2
OPENSSL_VERSION = 1.0.2a
OPENSSL_SITE = http://www.openssl.org/source
OPENSSL_LICENSE = OpenSSL or SSLeay
OPENSSL_LICENSE_FILES = LICENSE