From 952bafa03cbc21df134374dc949970a50beb6585 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 17 Sep 2019 16:01:24 -0300 Subject: [PATCH] openssl: bump to 1.0.2t, add maintainer This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed, and Eneas U de Queiroz added as maintainer. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/Makefile | 5 +++-- package/libs/openssl/patches/150-no_engines.patch | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 99f1b861b4..50939568c8 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.0.2 -PKG_BUGFIX:=s +PKG_BUGFIX:=t PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -24,10 +24,11 @@ PKG_SOURCE_URL:= \ http://gd.tuwien.ac.at/infosys/security/openssl/source/ \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ -PKG_HASH:=cabd5c9492825ce5bd23f3c3aeed6a97f8142f606d893df216411f07d1abab96 +PKG_HASH:=14cb464efe7ac6b54799b34456bd69558a749a4931ecfd9cf9f71d7881cac7bc PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Eneas U de Queiroz PKG_CPE_ID:=cpe:/a:openssl:openssl PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_ENGINE_CRYPTO \ diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch index a518a00496..314075a910 100644 --- a/package/libs/openssl/patches/150-no_engines.patch +++ b/package/libs/openssl/patches/150-no_engines.patch @@ -1,6 +1,6 @@ --- a/Configure +++ b/Configure -@@ -2144,6 +2144,11 @@ EOF +@@ -2145,6 +2145,11 @@ EOF close(OUT); }