mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-27 18:23:09 +02:00
update openssl to 0.9.8l -- thanks puchu
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18398 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
6e4aacf42a
commit
26862c3e56
@ -8,15 +8,15 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=openssl
|
||||
PKG_VERSION:=0.9.8k
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=0.9.8l
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://www.openssl.org/source/ \
|
||||
ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \
|
||||
ftp://ftp.webmonster.de/pub/openssl/source/ \
|
||||
ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
|
||||
PKG_MD5SUM:=e555c6d58d276aec7fdc53363e338ab3
|
||||
PKG_MD5SUM:=05a0ece1372392a2cf310ebb96333025
|
||||
|
||||
PKG_BUILD_DEPENDS:=ocf-crypto-headers
|
||||
|
||||
|
53
package/openssl/patches/900-CVE-2009-1377.patch
Normal file
53
package/openssl/patches/900-CVE-2009-1377.patch
Normal file
@ -0,0 +1,53 @@
|
||||
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
|
||||
|
||||
Index: openssl/crypto/pqueue/pqueue.c
|
||||
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
|
||||
rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
|
||||
--- pqueue.c 2005/06/28 12:53:33 1.2.2.4
|
||||
+++ pqueue.c 2009/05/16 16:18:44 1.2.2.5
|
||||
@@ -234,3 +234,17 @@
|
||||
|
||||
return ret;
|
||||
}
|
||||
+
|
||||
+int
|
||||
+pqueue_size(pqueue_s *pq)
|
||||
+{
|
||||
+ pitem *item = pq->items;
|
||||
+ int count = 0;
|
||||
+
|
||||
+ while(item != NULL)
|
||||
+ {
|
||||
+ count++;
|
||||
+ item = item->next;
|
||||
+ }
|
||||
+ return count;
|
||||
+}
|
||||
Index: openssl/crypto/pqueue/pqueue.h
|
||||
RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
|
||||
rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
|
||||
--- pqueue.h 2005/05/30 22:34:27 1.2.2.1
|
||||
+++ pqueue.h 2009/05/16 16:18:44 1.2.2.2
|
||||
@@ -91,5 +91,6 @@
|
||||
pitem *pqueue_next(piterator *iter);
|
||||
|
||||
void pqueue_print(pqueue pq);
|
||||
+int pqueue_size(pqueue pq);
|
||||
|
||||
#endif /* ! HEADER_PQUEUE_H */
|
||||
Index: openssl/ssl/d1_pkt.c
|
||||
RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
|
||||
rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
|
||||
--- d1_pkt.c 2009/05/16 15:51:59 1.4.2.17
|
||||
+++ d1_pkt.c 2009/05/16 16:18:45 1.4.2.18
|
||||
@@ -167,6 +167,10 @@
|
||||
DTLS1_RECORD_DATA *rdata;
|
||||
pitem *item;
|
||||
|
||||
+ /* Limit the size of the queue to prevent DOS attacks */
|
||||
+ if (pqueue_size(queue->q) >= 100)
|
||||
+ return 0;
|
||||
+
|
||||
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
|
||||
item = pitem_new(priority, rdata);
|
||||
if (rdata == NULL || item == NULL)
|
24
package/openssl/patches/900-CVE-2009-1378.patch
Normal file
24
package/openssl/patches/900-CVE-2009-1378.patch
Normal file
@ -0,0 +1,24 @@
|
||||
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
|
||||
|
||||
Index: openssl/ssl/d1_both.c
|
||||
===================================================================
|
||||
--- d1_both.c.orig
|
||||
+++ d1_both.c
|
||||
@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
|
||||
if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
|
||||
goto err;
|
||||
|
||||
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
|
||||
+ /* Try to find item in queue, to prevent duplicate entries */
|
||||
+ pq_64bit_init(&seq64);
|
||||
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
|
||||
+ item = pqueue_find(s->d1->buffered_messages, seq64);
|
||||
+ pq_64bit_free(&seq64);
|
||||
+
|
||||
+ /* Discard the message if sequence number was already there, is
|
||||
+ * too far in the future or the fragment is already in the queue */
|
||||
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
|
||||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
|
||||
{
|
||||
unsigned char devnull [256];
|
||||
|
22
package/openssl/patches/900-CVE-2009-1379.patch
Normal file
22
package/openssl/patches/900-CVE-2009-1379.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: openssl/ssl/d1_both.c
|
||||
RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
|
||||
rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
|
||||
--- d1_both.c 2009/04/22 12:17:02 1.14.2.6
|
||||
+++ d1_both.c 2009/05/13 11:51:30 1.14.2.7
|
||||
@@ -519,6 +519,7 @@
|
||||
|
||||
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
|
||||
{
|
||||
+ unsigned long frag_len = frag->msg_header.frag_len;
|
||||
pqueue_pop(s->d1->buffered_messages);
|
||||
|
||||
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
|
||||
@@ -536,7 +537,7 @@
|
||||
if (al==0)
|
||||
{
|
||||
*ok = 1;
|
||||
- return frag->msg_header.frag_len;
|
||||
+ return frag_len;
|
||||
}
|
||||
|
||||
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
20
package/openssl/patches/901-remove_rej.patch
Normal file
20
package/openssl/patches/901-remove_rej.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -burN openssl-0.9.8l/Configure.rej openssl-0.9.8l.patched/Configure.rej
|
||||
--- openssl-0.9.8l/Configure.rej 2009-11-05 13:07:06.000000000 +0100
|
||||
+++ openssl-0.9.8l.patched/Configure.rej 1970-01-01 01:00:00.000000000 +0100
|
||||
@@ -1,16 +0,0 @@
|
||||
-***************
|
||||
-*** 162,167 ****
|
||||
- "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
|
||||
- "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
|
||||
- "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
|
||||
- "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
|
||||
- "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
- "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
---- 162,168 ----
|
||||
- "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
|
||||
- "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
|
||||
- "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
|
||||
-+ "debug-ben-no-renegotiation", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DNO_RENEGOTIATION -g3 -O2 -pipe::(unknown)::::::",
|
||||
- "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
|
||||
- "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
||||
- "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
|
Loading…
Reference in New Issue
Block a user