* [Buildroot] [PATCH v2] openssl: security bump to version 1.0.2e
@ 2015-12-03 17:49 gustavo.zacarias at free-electrons.com
2015-12-03 21:09 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: gustavo.zacarias at free-electrons.com @ 2015-12-03 17:49 UTC (permalink / raw)
To: buildroot
From: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Fixes:
CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64
CVE-2015-3194 - Certificate verify crash with missing PSS parameter
CVE-2015-3195 - X509_ATTRIBUTE memory leak
Enable IDEA as well since otherwise the build breaks (always great
upstream) - it's no longer patent encumbered.
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
---
package/openssl/openssl.hash | 4 ++--
package/openssl/openssl.mk | 3 +--
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
index 355be79..bed1c1c 100644
--- a/package/openssl/openssl.hash
+++ b/package/openssl/openssl.hash
@@ -1,2 +1,2 @@
-# From https://www.openssl.org/source/openssl-1.0.2d.tar.gz.sha256
-sha256 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 openssl-1.0.2d.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2e.tar.gz.sha256
+sha256 eee11def03647aa2267434a779608af6fca645023c9a194ddb82f14426835537 openssl-1.0.2e.tar.gz
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index da492ff..1f07df1 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENSSL_VERSION = 1.0.2d
+OPENSSL_VERSION = 1.0.2e
OPENSSL_SITE = http://www.openssl.org/source
OPENSSL_LICENSE = OpenSSL or SSLeay
OPENSSL_LICENSE_FILES = LICENSE
@@ -77,7 +77,6 @@ define OPENSSL_CONFIGURE_CMDS
--libdir=/lib \
$(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
$(if $(BR2_STATIC_LIBS),no-shared,shared) \
- no-idea \
no-rc5 \
enable-camellia \
enable-mdc2 \
--
2.4.10
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH v2] openssl: security bump to version 1.0.2e
2015-12-03 17:49 [Buildroot] [PATCH v2] openssl: security bump to version 1.0.2e gustavo.zacarias at free-electrons.com
@ 2015-12-03 21:09 ` Peter Korsgaard
2015-12-03 22:03 ` Mike Frysinger
0 siblings, 1 reply; 3+ messages in thread
From: Peter Korsgaard @ 2015-12-03 21:09 UTC (permalink / raw)
To: buildroot
>>>>> "gustavo" == gustavo zacarias <gustavo.zacarias@free-electrons.com> writes:
> From: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
> Fixes:
> CVE-2015-3193 - BN_mod_exp may produce incorrect results on x86_64
> CVE-2015-3194 - Certificate verify crash with missing PSS parameter
> CVE-2015-3195 - X509_ATTRIBUTE memory leak
> Enable IDEA as well since otherwise the build breaks (always great
> upstream) - it's no longer patent encumbered.
> Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
> ---
> package/openssl/openssl.hash | 4 ++--
> package/openssl/openssl.mk | 3 +--
> 2 files changed, 3 insertions(+), 4 deletions(-)
> diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
> index 355be79..bed1c1c 100644
> --- a/package/openssl/openssl.hash
> +++ b/package/openssl/openssl.hash
> @@ -1,2 +1,2 @@
> -# From https://www.openssl.org/source/openssl-1.0.2d.tar.gz.sha256
> -sha256 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 openssl-1.0.2d.tar.gz
> +# From https://www.openssl.org/source/openssl-1.0.2e.tar.gz.sha256
> +sha256 eee11def03647aa2267434a779608af6fca645023c9a194ddb82f14426835537 openssl-1.0.2e.tar.gz
I'm not sure if you got it wrong of if upstream changed the tarball, but
that isn't the correct sha256:
curl https://www.openssl.org/source/openssl-1.0.2e.tar.gz.sha256
e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff
curl -s https://www.openssl.org/source/openssl-1.0.2e.tar.gz | sha256sum
e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff -
Committed with that fixed, thanks. I'll also add it to the 2015.11.x
branch.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH v2] openssl: security bump to version 1.0.2e
2015-12-03 21:09 ` Peter Korsgaard
@ 2015-12-03 22:03 ` Mike Frysinger
0 siblings, 0 replies; 3+ messages in thread
From: Mike Frysinger @ 2015-12-03 22:03 UTC (permalink / raw)
To: buildroot
On 03 Dec 2015 22:09, Peter Korsgaard wrote:
> >>>>> "gustavo" == gustavo zacarias <gustavo.zacarias@free-electrons.com> writes:
>
> > From: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
> > --- a/package/openssl/openssl.hash
> > +++ b/package/openssl/openssl.hash
> > @@ -1,2 +1,2 @@
> > -# From https://www.openssl.org/source/openssl-1.0.2d.tar.gz.sha256
> > -sha256 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 openssl-1.0.2d.tar.gz
> > +# From https://www.openssl.org/source/openssl-1.0.2e.tar.gz.sha256
> > +sha256 eee11def03647aa2267434a779608af6fca645023c9a194ddb82f14426835537 openssl-1.0.2e.tar.gz
>
> I'm not sure if you got it wrong of if upstream changed the tarball, but
> that isn't the correct sha256:
upstream re-released the tarballs because they messed up the release and
didn't include a few files. so `make install` failed.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20151203/6a0911fd/attachment.asc>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-03 22:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-03 17:49 [Buildroot] [PATCH v2] openssl: security bump to version 1.0.2e gustavo.zacarias at free-electrons.com
2015-12-03 21:09 ` Peter Korsgaard
2015-12-03 22:03 ` Mike Frysinger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.