aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2020-03-31 17:51:45 -0300
committerHans Dedecker <dedeckeh@gmail.com>2020-04-01 08:12:20 +0200
commitaf5ccfbac74b859801cf174460fb8dbf9ed9e181 (patch)
tree29836c020357329d97b372443e31b41d4b73573e
parent9f14216a2c4c9d669d8033df31f40f2ca05ce41d (diff)
downloadupstream-af5ccfbac74b859801cf174460fb8dbf9ed9e181.tar.gz
upstream-af5ccfbac74b859801cf174460fb8dbf9ed9e181.tar.bz2
upstream-af5ccfbac74b859801cf174460fb8dbf9ed9e181.zip
openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
-rw-r--r--package/libs/openssl/Makefile6
-rw-r--r--package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch80
2 files changed, 3 insertions, 83 deletions
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index ca45549800..e2f2661566 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_BASE:=1.1.1
-PKG_BUGFIX:=e
+PKG_BUGFIX:=f
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe
+PKG_HASH:=186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch b/package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch
deleted file mode 100644
index c269dff07c..0000000000
--- a/package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 30d190caf311d534867df97e26b552e628cb7d85 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Wed, 25 Mar 2020 14:15:31 +0100
-Subject: [PATCH] Partially revert "Detect EOF while reading in libssl"
-
-This partially reverts commit db943f43a60d1b5b1277e4b5317e8f288e7a0a3a.
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/11400)
-
-diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
-index f5324c6819..35512f9caf 100644
---- a/crypto/err/openssl.txt
-+++ b/crypto/err/openssl.txt
-@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
- SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
- SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
- SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
--SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
- SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
- SSL_R_UNEXPECTED_RECORD:245:unexpected record
- SSL_R_UNINITIALIZED:276:uninitialized
-diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
-index 0ef684f3c1..ba4c4ae5fb 100644
---- a/include/openssl/sslerr.h
-+++ b/include/openssl/sslerr.h
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
- # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
- # define SSL_R_UNEXPECTED_CCS_MESSAGE 262
- # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
--# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
- # define SSL_R_UNEXPECTED_MESSAGE 244
- # define SSL_R_UNEXPECTED_RECORD 245
- # define SSL_R_UNINITIALIZED 276
-diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
-index 1c885a664f..b2a7a47eb0 100644
---- a/ssl/record/rec_layer_s3.c
-+++ b/ssl/record/rec_layer_s3.c
-@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
- ret = BIO_read(s->rbio, pkt + len + left, max - left);
- if (ret >= 0)
- bioread = ret;
-- if (ret <= 0
-- && !BIO_should_retry(s->rbio)
-- && BIO_eof(s->rbio)) {
-- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
-- SSL_R_UNEXPECTED_EOF_WHILE_READING);
-- }
- } else {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
- SSL_R_READ_BIO_NOT_SET);
-diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
-index a0c7b79659..4b12ed1485 100644
---- a/ssl/ssl_err.c
-+++ b/ssl/ssl_err.c
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
- "unexpected ccs message"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
- "unexpected end of early data"},
-- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
-- "unexpected eof while reading"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},