From patchwork Tue May 28 20:07:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Richard via openwrt-devel X-Patchwork-Id: 1106526 X-Patchwork-Delegate: chunkeey@googlemail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lists.openwrt.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="TJmbnE8D"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45D4fC6FT3z9s3Z for ; Wed, 29 May 2019 06:08:19 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Date:Sender:Content-Type: Subject:List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:From: List-Post:List-Id:Message-ID:MIME-Version:To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=JCv6Rh6BmmIDWMALtWyvKARf7a3KLNbWFPP54I0Pe5k=; b=TJmbnE8DP2AaIFxixsaYbjqbaf SosKun75yHwT+Cu7R996KKyLxXR1ZuCGOn2xvFlG4rZUfv86G9brz/6+citTQhcRGexAWShoKWhdx Un1kCLf3Cz0RDDxB2Q+guP0RJ9NnvNUGTi1TQKeycZpRYvJPCaPMAJb2x2CEUck8fffVU7qm6T32L eT5JKoSzNyoUdq+/oIV8kovTGLagtSvBfpMm31uwoFSlX1UnuLIrszaSZNLOzc6l0nej+0Qdvz0fs JJuniuzQ4JHLzdlAZG3IJSzp3FQHjqMaalKSHSo7Qr2eZBpgnJrVhUacLVj9bYB72cnimf1qYT0uW /N1BzxKA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hViO5-0001kf-1d; Tue, 28 May 2019 20:07:57 +0000 To: openwrt-devel@lists.openwrt.org MIME-Version: 1.0 Message-ID: List-Id: List-Post: X-Patchwork-Original-From: Eneas U de Queiroz via openwrt-devel From: Thomas Richard via openwrt-devel Precedence: list X-Mailman-Version: 2.1.21 X-BeenThere: openwrt-devel@lists.openwrt.org List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Eneas U de Queiroz List-Help: Subject: [OpenWrt-Devel] [PATCH] openssl: update to version 1.1.1c Sender: "openwrt-devel" Date: Tue, 28 May 2019 20:07:57 +0000 Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index c173ede9b3..f16c24f7c6 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=b +PKG_BUGFIX:=c PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=5 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ -PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b +PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch deleted file mode 100644 index 3923ac41da..0000000000 --- a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001 -From: Richard Levitte -Date: Wed, 20 Mar 2019 10:18:13 +0100 -Subject: [PATCH] OPENSSL_config(): restore error agnosticism - -Great effort has been made to make initialization more configurable. -However, the behavior of OPENSSL_config() was lost in the process, -having it suddenly generate errors it didn't previously, which is not -how it's documented to behave. - -A simple setting of default flags fixes this problem. - -Fixes #8528 - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/8533) - -(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52) - -diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c -index 2ce42f0c67..3805c426d8 100644 ---- a/crypto/conf/conf_sap.c -+++ b/crypto/conf/conf_sap.c -@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname) - memset(&settings, 0, sizeof(settings)); - if (appname != NULL) - settings.appname = strdup(appname); -+ settings.flags = DEFAULT_CONF_MFLAGS; - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); - } - #endif