[OpenWrt-Devel] openssl: update to version 1.1.1c
diff mbox series

Message ID mailman.43208.1559074076.2376.openwrt-devel@lists.openwrt.org
State Accepted, archived
Delegated to: Christian Lamparter
Headers show
Series
  • [OpenWrt-Devel] openssl: update to version 1.1.1c
Related show

Commit Message

SAn via openwrt-devel May 28, 2019, 8:07 p.m. UTC
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Patch
diff mbox series

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index c173ede9b3..f16c24f7c6 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,9 +9,9 @@  include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=b
+PKG_BUGFIX:=c
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=5
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
 
@@ -24,7 +24,7 @@  PKG_SOURCE_URL:= \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 	http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
+PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
deleted file mode 100644
index 3923ac41da..0000000000
--- a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
+++ /dev/null
@@ -1,31 +0,0 @@ 
-From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Wed, 20 Mar 2019 10:18:13 +0100
-Subject: [PATCH] OPENSSL_config(): restore error agnosticism
-
-Great effort has been made to make initialization more configurable.
-However, the behavior of OPENSSL_config() was lost in the process,
-having it suddenly generate errors it didn't previously, which is not
-how it's documented to behave.
-
-A simple setting of default flags fixes this problem.
-
-Fixes #8528
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8533)
-
-(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
-
-diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
-index 2ce42f0c67..3805c426d8 100644
---- a/crypto/conf/conf_sap.c
-+++ b/crypto/conf/conf_sap.c
-@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
-     memset(&settings, 0, sizeof(settings));
-     if (appname != NULL)
-         settings.appname = strdup(appname);
-+    settings.flags = DEFAULT_CONF_MFLAGS;
-     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
- }
- #endif