23207138 Upgrade OpenSSL version to 1.0.2h
23206902 problem in LIBRARY/OPENSSL
23207083 problem in LIBRARY/OPENSSL
23207086 problem in LIBRARY/OPENSSL
23207121 problem in LIBRARY/OPENSSL
23207118 problem in LIBRARY/OPENSSL
--- a/components/openssl/common/patches/041_rm_sslv2_v3.patch Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/common/patches/041_rm_sslv2_v3.patch Wed May 04 07:10:45 2016 -0700
@@ -51,16 +51,10 @@
# endif
--- openssl-1.0.1/ssl/ssl.h Tue May 26 11:13:15 2015
+++ openssl-1.0.1/ssl/ssl.h.new Tue May 26 11:32:09 2015
-@@ -2345,12 +2345,26 @@
+@@ -2345,10 +2345,23 @@
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
--# ifndef OPENSSL_NO_SSL2
--const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
--const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
--const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
--# endif
-
+#ifndef __has_attribute
+# define __has_attribute(x) 0
+#endif
@@ -74,15 +68,16 @@
+# define DEPRECATED
+#endif
+
-+# ifndef OPENSSL_NO_SSL2
+ # ifndef OPENSSL_NO_SSL2_METHOD
+-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-+# endif
-+
+ # endif
+
# ifndef OPENSSL_NO_SSL3_METHOD
- const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
- const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
--- openssl/ssl/s3_meth.c.orig Fri Sep 11 12:19:54 2015
+++ openssl/ssl/s3_meth.c Fri Sep 11 12:22:24 2015
@@ -71,4 +71,13 @@
--- a/components/openssl/openssl-default/Makefile Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/openssl-default/Makefile Wed May 04 07:10:45 2016 -0700
@@ -30,19 +30,19 @@
# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
# For more information about wanboot-openssl testing, please refer to
# ../README.
-COMPONENT_VERSION = 1.0.2g
+COMPONENT_VERSION = 1.0.2h
# Version for IPS. It is easier to do it manually than convert the letter to a
# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.2.7
+IPS_COMPONENT_VERSION = 1.0.2.8
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
+ sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 27085
+TPNO= 28137
# Clone the patch files to the patches-all dir.
# COPY_COMMON_FILES is there so that rsync is called as soon as
@@ -115,7 +115,7 @@
CONFIGURE_OPTIONS += no-seed
# Disable SSLv2 and SSLv3 protocols
-CONFIGURE_OPTIONS += no-ssl2
+CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
# We use both no-whirlpool and no-whrlpool since there is an inconsistency in
--- a/components/openssl/openssl-default/patches/102-wanboot.patch Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/openssl-default/patches/102-wanboot.patch Wed May 04 07:10:45 2016 -0700
@@ -568,6 +568,8 @@
+#ifndef _BOOT
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
+ if (c->alpn_proposed)
+ OPENSSL_free(c->alpn_proposed);
#endif
+#endif
OPENSSL_free(c);
--- a/components/openssl/openssl-fips-140/Makefile Tue Apr 26 12:09:07 2016 +0200
+++ b/components/openssl/openssl-fips-140/Makefile Wed May 04 07:10:45 2016 -0700
@@ -35,18 +35,18 @@
# is the FIPS module version. The COMPONENT_VERSION changes with the core
# OpenSSL version, but the IPS_COMPONENT_VERSION is purposely only to change if
# the FIPS module version changes.
-COMPONENT_VERSION = 1.0.2g
+COMPONENT_VERSION = 1.0.2h
IPS_COMPONENT_VERSION = 2.0.12
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC_NAME = openssl
COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
+ sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 27085
+TPNO= 28137
# Clone the patch files to the patches-all dir.
# COPY_COMMON_FILES is there so that rsync is called as soon as
@@ -117,7 +117,7 @@
CONFIGURE_OPTIONS += no-seed
# Disable SSLv2 and SSLv3 protocols
-CONFIGURE_OPTIONS += no-ssl2
+CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
# We define our own compiler and linker option sets for Solaris. See Configure