23207138 Upgrade OpenSSL version to 1.0.2h
authorMisaki Miyashita <Misaki.Miyashita@Oracle.COM>
Wed, 04 May 2016 07:10:45 -0700
changeset 5914 b2220d33b0b8
parent 5913 02e8b39413b9
child 5915 9a9d3be0766e
23207138 Upgrade OpenSSL version to 1.0.2h 23206902 problem in LIBRARY/OPENSSL 23207083 problem in LIBRARY/OPENSSL 23207086 problem in LIBRARY/OPENSSL 23207121 problem in LIBRARY/OPENSSL 23207118 problem in LIBRARY/OPENSSL
components/openssl/common/patches/041_rm_sslv2_v3.patch
components/openssl/openssl-default/Makefile
components/openssl/openssl-default/patches/102-wanboot.patch
components/openssl/openssl-fips-140/Makefile
--- a/components/openssl/common/patches/041_rm_sslv2_v3.patch	Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/common/patches/041_rm_sslv2_v3.patch	Wed May 04 07:10:45 2016 -0700
@@ -51,16 +51,10 @@
  # endif
 --- openssl-1.0.1/ssl/ssl.h	Tue May 26 11:13:15 2015
 +++ openssl-1.0.1/ssl/ssl.h.new	Tue May 26 11:32:09 2015
[email protected]@ -2345,12 +2345,26 @@
[email protected]@ -2345,10 +2345,23 @@
  /* This sets the 'default' SSL version that SSL_new() will create */
  int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
  
--# ifndef OPENSSL_NO_SSL2
--const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
--const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
--const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
--# endif
-
 +#ifndef __has_attribute
 +# define __has_attribute(x) 0
 +#endif
@@ -74,15 +68,16 @@
 +# define DEPRECATED
 +#endif
 +
-+# ifndef OPENSSL_NO_SSL2
+ # ifndef OPENSSL_NO_SSL2_METHOD
+-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
 +DEPRECATED const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
 +DEPRECATED const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
 +DEPRECATED const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-+# endif
-+
+ # endif
+ 
  # ifndef OPENSSL_NO_SSL3_METHOD
- const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
- const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
 --- openssl/ssl/s3_meth.c.orig	Fri Sep 11 12:19:54 2015
 +++ openssl/ssl/s3_meth.c	Fri Sep 11 12:22:24 2015
 @@ -71,4 +71,13 @@
--- a/components/openssl/openssl-default/Makefile	Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/openssl-default/Makefile	Wed May 04 07:10:45 2016 -0700
@@ -30,19 +30,19 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.2g
+COMPONENT_VERSION =	1.0.2h
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.2.7
+IPS_COMPONENT_VERSION = 1.0.2.8
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
+    sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
 
-TPNO=			27085
+TPNO=			28137
 
 # Clone the patch files to the patches-all dir.
 # COPY_COMMON_FILES is there so that rsync is called as soon as
@@ -115,7 +115,7 @@
 CONFIGURE_OPTIONS += no-seed
 
 # Disable SSLv2 and SSLv3 protocols
-CONFIGURE_OPTIONS += no-ssl2
+CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
 CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
 
 # We use both no-whirlpool and no-whrlpool since there is an inconsistency in
--- a/components/openssl/openssl-default/patches/102-wanboot.patch	Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/openssl-default/patches/102-wanboot.patch	Wed May 04 07:10:45 2016 -0700
@@ -568,6 +568,8 @@
 +#ifndef	_BOOT
      custom_exts_free(&c->cli_ext);
      custom_exts_free(&c->srv_ext);
+     if (c->alpn_proposed)
+         OPENSSL_free(c->alpn_proposed);
  #endif
 +#endif
      OPENSSL_free(c);
--- a/components/openssl/openssl-fips-140/Makefile	Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/openssl-fips-140/Makefile	Wed May 04 07:10:45 2016 -0700
@@ -35,18 +35,18 @@
 # is the FIPS module version. The COMPONENT_VERSION changes with the core
 # OpenSSL version, but the IPS_COMPONENT_VERSION is purposely only to change if
 # the FIPS module version changes.
-COMPONENT_VERSION =	1.0.2g
+COMPONENT_VERSION =	1.0.2h
 IPS_COMPONENT_VERSION = 2.0.12
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC_NAME =	openssl
 COMPONENT_SRC =		$(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
+    sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	library/openssl
 
-TPNO=			27085
+TPNO=			28137
 
 # Clone the patch files to the patches-all dir.
 # COPY_COMMON_FILES is there so that rsync is called as soon as
@@ -117,7 +117,7 @@
 CONFIGURE_OPTIONS += no-seed
 
 # Disable SSLv2 and SSLv3 protocols
-CONFIGURE_OPTIONS += no-ssl2
+CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
 CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
 
 # We define our own compiler and linker option sets for Solaris. See Configure