From a45c291927d7477f79ed86d1fed7eb8b8993610b Mon Sep 17 00:00:00 2001 From: Ivan Pavlov Date: Thu, 5 Sep 2024 11:21:57 +0300 Subject: [PATCH] openssl: update to 3.0.15 OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate. This release incorporates the following bug fixes and mitigations: * Fixed possible denial of service in X.509 name checks (CVE-2024-6119) * Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535) Added github releases url as source mirror Signed-off-by: Ivan Pavlov Signed-off-by: Hauke Mehrtens --- package/libs/openssl/Makefile | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 0067723ed..c5b72ffff 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=3.0.14 +PKG_VERSION:=3.0.15 PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_BUILD_FLAGS:=gc-sections no-lto @@ -17,17 +17,9 @@ PKG_BUILD_PARALLEL:=1 PKG_BASE:=$(subst $(space),.,$(wordlist 1,2,$(subst .,$(space),$(PKG_VERSION)))) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:= \ - https://mirrors.tencent.com/openssl/source/ \ - https://mirrors.tencent.com/openssl/source/old/$(PKG_BASE)/ \ - https://www.openssl.org/source/ \ - https://www.openssl.org/source/old/$(PKG_BASE)/ \ - https://ftp.fi.muni.cz/pub/openssl/source/ \ - https://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \ - ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ - ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ +PKG_SOURCE_URL:=https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca +PKG_HASH:=23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE @@ -409,9 +401,7 @@ define Package/libopenssl/install chmod 0700 $(1)/etc/ssl/private $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/ - $(LN) libcrypto.so.3 $(1)/usr/lib/libcrypto.so.1.1 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/ - $(LN) libssl.so.3 $(1)/usr/lib/libssl.so.1.1 $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)) endef @@ -421,6 +411,8 @@ define Package/libopenssl-conf/install $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl touch $(1)/etc/config/openssl + $(if $(CONFIG_OPENSSL_ENGINE),, + $(SED) 's!engines = engines_sect!#&!' $(1)/etc/ssl/openssl.cnf) $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO), $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/modules.cnf.d/ echo -e "config engine 'devcrypto'\n\toption enabled '1'\n\toption builtin '1'" >> $(1)/etc/config/openssl)