diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2014-04-08 09:04:35 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2014-04-08 09:04:35 +0000 |
| commit | 2e388b5fb691fe2c4dce2630ba3eba17ac959dda (patch) | |
| tree | 4e76689f85d6c2e6d033c9f19a29b771cacbb726 | |
| parent | e3b430d4c955773cb425da42a5be2ef1f5c001f9 (diff) | |
| download | upstream-2e388b5fb691fe2c4dce2630ba3eba17ac959dda.tar.gz upstream-2e388b5fb691fe2c4dce2630ba3eba17ac959dda.tar.bz2 upstream-2e388b5fb691fe2c4dce2630ba3eba17ac959dda.zip | |
AA: security fix for CVE-2014-0160 - upgrade OpenSSL to version 1.0.1g
Signed-off-by: Mirko Vogt <mirko@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@40423 3c298f89-4303-0410-b956-a3cf2f4a3e73
| -rw-r--r-- | package/openssl/Makefile | 4 | ||||
| -rw-r--r-- | package/openssl/patches/120-cisco-dtls-fix.patch | 31 |
2 files changed, 2 insertions, 33 deletions
diff --git a/package/openssl/Makefile b/package/openssl/Makefile index fa08774a3a..92bc445926 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=1.0.1e +PKG_VERSION:=1.0.1g PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=66bf6f10f060d561929de96f9dfe5b8c +PKG_MD5SUM:=de62b43dfcd858e66a74bee1c834e959 PKG_LICENSE:=SSLEAY OPENSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/openssl/patches/120-cisco-dtls-fix.patch b/package/openssl/patches/120-cisco-dtls-fix.patch deleted file mode 100644 index 11e6bb5f2f..0000000000 --- a/package/openssl/patches/120-cisco-dtls-fix.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001 -From: David Woodhouse <dwmw2@infradead.org> -Date: Tue, 12 Feb 2013 14:55:32 +0000 -Subject: [PATCH] Check DTLS_BAD_VER for version number. - -The version check for DTLS1_VERSION was redundant as -DTLS1_VERSION > TLS1_1_VERSION, however we do need to -check for DTLS1_BAD_VER for compatibility. - -PR:2984 -(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) ---- - ssl/s3_cbc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c -index 02edf3f..443a31e 100644 ---- a/ssl/s3_cbc.c -+++ b/ssl/s3_cbc.c -@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, - unsigned padding_length, good, to_check, i; - const unsigned overhead = 1 /* padding length byte */ + mac_size; - /* Check if version requires explicit IV */ -- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) -+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) - { - /* These lengths are all public so we can test them in - * non-constant time. --- -1.8.1.2 - |