main/openssl: security upgrade to 1.0.1k

fixes #3687 CVE-2014-3571 DTLS segmentation fault in dtls1_get_record CVE-2015-0206 DTLS memory leak in dtls1_buffer_record CVE-2014-3569 no-ssl3 configuration sets method to NULL CVE-2014-3572 ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 DH client certificates accepted without verification [Server] CVE-2014-8275 Certificate fingerprints can be modified CVE-2014-3570 Bignum squaring may produce incorrect results (cherry picked from commit 26dd384585d2182a35bd9450091726b6472b3b24) Conflicts: main/openssl/APKBUILD
author: Timo Teräs <timo.teras@iki.fi> 2015-01-09 08:16:24 +0200
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-01-09 12:27:29 +0000
commit: 7975405988032a93310f438f5e6e73c532233dc4 (patch)
tree: eea84c0eb67360251c3f474158babbf1ee552341
parent: 1253f80db0b24722e01268175fe6982c37f1ee78 (diff)
download: aports-7975405988032a93310f438f5e6e73c532233dc4.tar.bz2
aports-7975405988032a93310f438f5e6e73c532233dc4.tar.xz
2 files changed, 19 insertions, 29 deletions
diff --git a/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch
index c508c9c5a2..74fc3d8e74 100644
--- a/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch
+++ b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch
@@ -1,22 +1,11 @@
-From 6e182155643a6aeb07cbba1e7f79ac1adfcddad2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Wed, 28 Jul 2010 08:29:09 +0300
-Subject: [PATCH 2/4] engines/e_padlock: backport cvs head changes
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
+Backport changes from upstream padlock module.
 Includes support for VIA Nano 64-bit mode.
 
 Signed-off-by: Timo Teräs <timo.teras@iki.fi>
----
- engines/e_padlock.c | 140 +++++++++++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 122 insertions(+), 18 deletions(-)
 
-diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index 9f7a85a..6ab42d2 100644
---- a/engines/e_padlock.c
-+++ b/engines/e_padlock.c
+diff -ru openssl-1.0.1k.orig/engines/e_padlock.c openssl-1.0.1k/engines/e_padlock.c
+--- openssl-1.0.1k.orig/engines/e_padlock.c	2015-01-08 16:00:56.000000000 -0200
++++ openssl-1.0.1k/engines/e_padlock.c	2015-01-09 08:08:35.421516799 -0200
 @@ -101,7 +101,10 @@
     compiler choice is limited to GCC and Microsoft C. */
  #undef COMPILE_HW_PADLOCK
@@ -29,7 +18,7 @@ index 9f7a85a..6ab42d2 100644
       (defined(_MSC_VER) && defined(_M_IX86))
  #  define COMPILE_HW_PADLOCK
  # endif
-@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
+@@ -304,6 +307,7 @@
   * =======================================================
   */
  #if defined(__GNUC__) && __GNUC__>=2
@@ -37,11 +26,12 @@ index 9f7a85a..6ab42d2 100644
  /*
   * As for excessive "push %ebx"/"pop %ebx" found all over.
   * When generating position-independent code GCC won't let
-@@ -383,21 +387,6 @@ padlock_available(void)
+@@ -383,23 +387,6 @@
  	return padlock_use_ace + padlock_use_rng;
  }
  
 -#ifndef OPENSSL_NO_AES
+-#ifndef AES_ASM
 -/* Our own htonl()/ntohl() */
 -static inline void
 -padlock_bswapl(AES_KEY *ks)
@@ -55,11 +45,12 @@ index 9f7a85a..6ab42d2 100644
 -	}
 -}
 -#endif
+-#endif
 -
  /* Force key reload from memory to the CPU microcode.
     Loading EFLAGS from the stack clears EFLAGS[30] 
     which does the trick. */
-@@ -455,12 +444,127 @@ static inline void *name(size_t cnt,		\
+@@ -457,12 +444,129 @@
  		: "edx", "cc", "memory");	\
  	return iv;				\
  }
@@ -172,6 +163,7 @@ index 9f7a85a..6ab42d2 100644
  PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */
  PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */
 +
++#ifndef AES_ASM
 +/* Our own htonl()/ntohl() */
 +static inline void
 +padlock_bswapl(AES_KEY *ks)
@@ -184,10 +176,11 @@ index 9f7a85a..6ab42d2 100644
 +		key++;
 +	}
 +}
++#endif
  #endif
  
  /* The RNG call itself */
-@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
+@@ -493,8 +597,8 @@
  static inline unsigned char *
  padlock_memcpy(void *dst,const void *src,size_t n)
  {
@@ -198,6 +191,3 @@ index 9f7a85a..6ab42d2 100644
  
  	n /= sizeof(*d);
  	do { *d++ = *s++; } while (--n);
--- 
-1.7.11.3
-
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index c1a2d604a2..f81602c487 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openssl
-pkgver=1.0.1j
+pkgver=1.0.1k
 pkgrel=0
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
@@ -104,33 +104,33 @@ libssl() {
 	done
 }
 
-md5sums="f7175c9cd3c39bb1907ac8bba9df8ed3  openssl-1.0.1j.tar.gz
+md5sums="d4f002bd22a56881340105028842ae1f  openssl-1.0.1k.tar.gz
 f75151bfdd0e1f5191e0d0e7147e1638  fix-manpages.patch
 c6a9857a5dbd30cead0404aa7dd73977  openssl-bb-basename.patch
 ddb5fc155145d5b852425adaec32234d  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
-4a7b9e20beb33a5e262ab64c2b8e5b48  0002-engines-e_padlock-backport-cvs-head-changes.patch
+a7717dd564ef876d4923a80751714d63  0002-engines-e_padlock-backport-cvs-head-changes.patch
 cef4633142031b59960200e87ce3bb18  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 c32f42451a07267ee5dfb3781fa40c00  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 c5b1042a3acaf3591f3f5620b7086e12  0005-s_client-ircv3-starttls.patch
 d1f3aaad7c36590f21355682983cd14e  openssl-1.0.1-version-eglibc.patch
 efec1bce615256961b1756e575ee1d0a  fix-default-apps-capath.patch
 b1068a6dd30ec8adf63b4fd0057491a0  c_rehash.sh"
-sha256sums="1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3  openssl-1.0.1j.tar.gz
+sha256sums="8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c  openssl-1.0.1k.tar.gz
 92296c9e121af10ecc1e302695bf2ceacaa9b00702e580504fc0ed04a9fba86e  fix-manpages.patch
 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8  openssl-bb-basename.patch
 18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
-39c31c2e33cded09543a2d1fd2e3238e9d11c672ba71a14d13095baad3ec9696  0002-engines-e_padlock-backport-cvs-head-changes.patch
+30fbadf31dc13d9bcc758741f5560f6e13dd66c067f62d1b9066fb656f6aaaf2  0002-engines-e_padlock-backport-cvs-head-changes.patch
 cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46  0005-s_client-ircv3-starttls.patch
 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93  openssl-1.0.1-version-eglibc.patch
 1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d  fix-default-apps-capath.patch
 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0  c_rehash.sh"
-sha512sums="a786bb99b68d88c1de79d3c5372767f091ebeefb5abc1d4883253fd3ab5a86af53389f5ff36fdd8faa27c5fb78be8bbff406392c373358697da80d250eadebb8  openssl-1.0.1j.tar.gz
+sha512sums="8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8  openssl-1.0.1k.tar.gz
 b0eda7e9b53195b0855da68617201c3c7026eb7464ab58f0bc9923013663ec6b826d1868fe88b87118d3134114cbd9ac15d2c8389c85ef9c1bb4d18575b68a5b  fix-manpages.patch
 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5  openssl-bb-basename.patch
 ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
-96cdd28d1ad5efd3f5836b4c57c9c6ea8e790fbf919e32a8c4acd3883a3531b8d295053a4aa20e6165600153b141ce7b0a3d1d736fdfc325d59862b845aa4d98  0002-engines-e_padlock-backport-cvs-head-changes.patch
+c86694b1931ef16eb467f5228a7ea2c36c90570daedb405bb24e7915b2e29f9ba20386cdef0ebea6af23ca04839d713bd05f0c8f3b7f6377331a6ab96c505f44  0002-engines-e_padlock-backport-cvs-head-changes.patch
 b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3  0005-s_client-ircv3-starttls.patch
author	Timo Teräs <timo.teras@iki.fi>	2015-01-09 08:16:24 +0200
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-01-09 12:27:29 +0000
commit	7975405988032a93310f438f5e6e73c532233dc4 (patch)
tree	eea84c0eb67360251c3f474158babbf1ee552341
parent	1253f80db0b24722e01268175fe6982c37f1ee78 (diff)
download	aports-7975405988032a93310f438f5e6e73c532233dc4.tar.bz2 aports-7975405988032a93310f438f5e6e73c532233dc4.tar.xz