openssl: Update to 1.1.0h

CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Reported by OSS-fuzz. This patch also entirely removes support for SSLv3. The patch to disable it didn't apply and since nobody has been using this before, we will not compile it into OpenSSL any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-25 10:22:59 +02:00 · 2018-03-27 15:59:04 +01:00
parent c98304604b
commit 166ceacd6b
2 changed files with 2 additions and 91 deletions
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@

 include Config

-VER        = 1.1.0g
+VER        = 1.1.0h

 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -51,8 +51,6 @@ CONFIGURE_OPTIONS = \
 	enable-md2 \
 	enable-seed \
 	enable-rfc3779 \
-	enable-ssl3 \
-	enable-ssl3-method \
 	no-idea \
 	no-mdc2 \
 	no-rc5 \
@@ -89,7 +87,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = ba5f1b8b835b88cadbce9b35ed9531a6
+$(DL_FILE)_MD5 = 5271477e4d93f4ea032b665ef095ff24

 install : $(TARGET)

@@ -119,7 +117,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.0-disable-ssl3.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.0g-weak-ciphers.patch

 	# Apply our CFLAGS