21240304 Upgrade OpenSSL version to 1.0.1o
21240457 problem in LIBRARY/OPENSSL
21240446 problem in LIBRARY/OPENSSL
21240467 problem in LIBRARY/OPENSSL
21240436 problem in LIBRARY/OPENSSL
21240415 problem in LIBRARY/OPENSSL
21240488 problem in LIBRARY/OPENSSL
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile Tue Jun 16 09:54:45 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Tue Jun 16 10:14:56 2015 -0700
@@ -32,18 +32,18 @@
COMPONENT_NAME = openssl-fips-140
# Note that this is the OpenSSL version that is used to build FIPS-140 certified
# libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION = 1.0.1m
+COMPONENT_VERSION = 1.0.1o
IPS_COMPONENT_VERSION = 2.0.6
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC_NAME = openssl
COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74
+ sha256:16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 21965
+TPNO= 23126
# OpenSSL FIPS directory
OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
--- a/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch Tue Jun 16 09:54:45 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch Tue Jun 16 10:14:56 2015 -0700
@@ -205,6 +205,6 @@
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-partial_chain"))
+ flags |= X509_V_FLAG_PARTIAL_CHAIN;
+ else if (!strcmp(arg, "-no_alt_chains"))
+ flags |= X509_V_FLAG_NO_ALT_CHAINS;
else
- return 0;
-
--- a/components/openssl/openssl-1.0.1/Makefile Tue Jun 16 09:54:45 2015 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile Tue Jun 16 10:14:56 2015 -0700
@@ -28,20 +28,20 @@
# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
# For more information about wanboot-openssl testing, please refer to
# ../README.
-COMPONENT_VERSION = 1.0.1m
+COMPONENT_VERSION = 1.0.1o
# Version for IPS. It is easier to do it manually than convert the letter to a
# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.1.13
+IPS_COMPONENT_VERSION = 1.0.1.15
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74
+ sha256:16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 21965
+TPNO= 23126
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
--- a/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch Tue Jun 16 09:54:45 2015 -0700
+++ b/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch Tue Jun 16 10:14:56 2015 -0700
@@ -205,6 +205,6 @@
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-partial_chain"))
+ flags |= X509_V_FLAG_PARTIAL_CHAIN;
+ else if (!strcmp(arg, "-no_alt_chains"))
+ flags |= X509_V_FLAG_NO_ALT_CHAINS;
else
- return 0;
-