Re: [OpenWrt-Devel] [PATCH] openssl: bump to 1.1.1d

2019-09-22 Thread Petr Štetiar 
Eneas Queiroz  [2019-09-22 22:29:07]:

Hi,

> Can someone please cherry pick this to 19.07:
> d868d0a5d7e1d76bb1a8980346d222fae55fa18b

done.

-- ynezz

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] openssl: bump to 1.1.1d

2019-09-22 Thread Eneas Queiroz 
On Tue, Sep 17, 2019 at 10:52 AM Eneas U de Queiroz
 wrote:
>
> This version fixes 3 low-severity vulnerabilities:
>
> - CVE-2019-1547: ECDSA remote timing attack
> - CVE-2019-1549: Fork Protection
> - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
>  CMS_decrypt_set1_pkey
>
> Patches were refreshed.
>
> Signed-off-by: Eneas U de Queiroz 
>
> --
> Run-tested on WRT3200ACM, mvebu, running openwrt master, using uhttpd,
> nginx, openssl-util, and uclient-fetch; devcrypto engine specifically
> tested.
>
> This should be cherry-picked to openwrt-19.07 as well.
>

Can someone please cherry pick this to 19.07:
d868d0a5d7e1d76bb1a8980346d222fae55fa18b

If I should rather send a proper patch to list, please let me know.

BR

Eneas

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] openssl: bump to 1.1.1d

2019-09-17 Thread Eneas U de Queiroz 
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz 

--
Run-tested on WRT3200ACM, mvebu, running openwrt master, using uhttpd,
nginx, openssl-util, and uclient-fetch; devcrypto engine specifically
tested.

This should be cherry-picked to openwrt-19.07 as well.

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 5663fd4b95..28625bad05 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=c
+PKG_BUGFIX:=d
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
 
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
+PKG_HASH:=1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/100-Configure-afalg-support.patch 
b/package/libs/openssl/patches/100-Configure-afalg-support.patch
index 274a4f1cf9..0f91a9d5da 100644
--- a/package/libs/openssl/patches/100-Configure-afalg-support.patch
+++ b/package/libs/openssl/patches/100-Configure-afalg-support.patch
@@ -1,4 +1,4 @@
-From bf4f3a5696c65b4a48935599ccba43311c114c95 Mon Sep 17 00:00:00 2001
+From 559fbff13af9ce2fbc0b9bc5727a7323e1db6217 Mon Sep 17 00:00:00 2001
 From: Eneas U de Queiroz 
 Date: Thu, 27 Sep 2018 08:29:21 -0300
 Subject: Do not use host kernel version to disable AFALG
@@ -8,9 +8,11 @@ version to disable building the AFALG engine on openwrt 
targets.
 
 Signed-off-by: Eneas U de Queiroz 
 
+diff --git a/Configure b/Configure
+index 5a699836f3..74d057c219 100755
 --- a/Configure
 +++ b/Configure
-@@ -1535,7 +1535,9 @@ unless ($disabled{"crypto-mdebug-backtra
+@@ -1532,7 +1532,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
  
  unless ($disabled{afalgeng}) {
  $config{afalgeng}="";
diff --git a/package/libs/openssl/patches/110-openwrt_targets.patch 
b/package/libs/openssl/patches/110-openwrt_targets.patch
index bc49e27aeb..d0530b4661 100644
--- a/package/libs/openssl/patches/110-openwrt_targets.patch
+++ b/package/libs/openssl/patches/110-openwrt_targets.patch
@@ -1,4 +1,4 @@
-From 9a83f8fb7c46215dfb8d6dc2e2cc612bc2a0fd01 Mon Sep 17 00:00:00 2001
+From 3d43acc6068f00dbfc0c9a06355e2c8f7d302d0f Mon Sep 17 00:00:00 2001
 From: Eneas U de Queiroz 
 Date: Thu, 27 Sep 2018 08:30:24 -0300
 Subject: Add openwrt targets
@@ -7,6 +7,9 @@ Targets are named: linux-$(CONFIG_ARCH)-openwrt
 
 Signed-off-by: Eneas U de Queiroz 
 
+diff --git a/Configurations/25-openwrt.conf b/Configurations/25-openwrt.conf
+new file mode 100644
+index 00..86a86d31e4
 --- /dev/null
 +++ b/Configurations/25-openwrt.conf
 @@ -0,0 +1,48 @@
diff --git a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch 
b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
index d6e35b7451..75fb9d1684 100644
--- a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
+++ b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
@@ -1,16 +1,18 @@
-From f453f3eccb852740e37e9436dac5670d311c13b0 Mon Sep 17 00:00:00 2001
+From 4ad8f2fe6bf3b91df7904fcbe960e5fdfca36336 Mon Sep 17 00:00:00 2001
 From: Eneas U de Queiroz 
 Date: Thu, 27 Sep 2018 08:31:38 -0300
-Subject: void exposing build directories
+Subject: Avoid exposing build directories
 
 The CFLAGS contain the build directories, and are shown by calling
 OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
 
 Signed-off-by: Eneas U de Queiroz 
 
+diff --git a/crypto/build.info b/crypto/build.info
+index 2c619c62e8..893128345a 100644
 --- a/crypto/build.info
 +++ b/crypto/build.info
-@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
  ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
  
  DEPEND[cversion.o]=buildinf.h
diff --git a/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch 
b/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
index 7c61b1e292..fa79cc6022 100644
--- a/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
+++ b/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
@@ -1,4 +1,4 @@
-From e2339aa9c68837089d17cf309022cee497fe2412 Mon Sep 17 00:00:00 2001
+From ba2fe646f2d9104a18b066e43582154049e9ffcb Mon Sep 17 00:00:00 2001
 From: Eneas U de Queiroz 
 Date: Thu, 27 Sep 2018 08:34:38 -0300
 Subject: Do not build tests and fuzz directories
@@ -7,9 +7,11 @@ This shortens build