diff options
| author | Florian Fainelli <florian@openwrt.org> | 2013-03-19 13:36:32 +0000 |
|---|---|---|
| committer | Florian Fainelli <florian@openwrt.org> | 2013-03-19 13:36:32 +0000 |
| commit | 4379e46cd7328d0ccc31f23d86184062b06ddd6e (patch) | |
| tree | 227c3b73e65c76904032ae6f93c2f90f99e5a632 | |
| parent | 453d20849b198e9afd015e0009f6ade32db69a52 (diff) | |
| download | upstream-12.09.tar.gz upstream-12.09.tar.bz2 upstream-12.09.zip | |
AA: backport openssl update from r35600v12.09
git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@36088 3c298f89-4303-0410-b956-a3cf2f4a3e73
| -rw-r--r-- | package/openssl/Makefile | 7 | ||||
| -rw-r--r-- | package/openssl/patches/120-cisco-dtls-fix.patch | 31 |
2 files changed, 34 insertions, 4 deletions
diff --git a/package/openssl/Makefile b/package/openssl/Makefile index 39ec4cfd70..a8b32570ff 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -8,15 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=1.0.1d +PKG_VERSION:=1.0.1e PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ - ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \ - ftp://ftp.webmonster.de/pub/openssl/source/ \ + ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=b92fc634f0f1f31a67ed4175adc5ba33 +PKG_MD5SUM:=66bf6f10f060d561929de96f9dfe5b8c PKG_LICENSE:=SSLEAY OPENSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/openssl/patches/120-cisco-dtls-fix.patch b/package/openssl/patches/120-cisco-dtls-fix.patch new file mode 100644 index 0000000000..11e6bb5f2f --- /dev/null +++ b/package/openssl/patches/120-cisco-dtls-fix.patch @@ -0,0 +1,31 @@ +From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001 +From: David Woodhouse <dwmw2@infradead.org> +Date: Tue, 12 Feb 2013 14:55:32 +0000 +Subject: [PATCH] Check DTLS_BAD_VER for version number. + +The version check for DTLS1_VERSION was redundant as +DTLS1_VERSION > TLS1_1_VERSION, however we do need to +check for DTLS1_BAD_VER for compatibility. + +PR:2984 +(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) +--- + ssl/s3_cbc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index 02edf3f..443a31e 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned padding_length, good, to_check, i; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + /* Check if version requires explicit IV */ +- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) + { + /* These lengths are all public so we can test them in + * non-constant time. +-- +1.8.1.2 + |