From 54b8f4be3a8e4f3b98b18be062063d6834acf6b9 Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
Date: Tue, 15 Nov 2005 14:59:59 +0000
Subject: [PATCH] openssl security update from trunk, thx Kaloz for the
 reminder

SVN-Revision: 2500
---
 openwrt/package/openssl/Makefile              |  4 ++--
 .../patches/110-optimize-for-size.patch       |  3 ++-
 .../openssl/patches/150-remove-fips.patch     | 20 ++++++++++++++-----
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/openwrt/package/openssl/Makefile b/openwrt/package/openssl/Makefile
index f1e6c5ed90..b48f6b0c05 100644
--- a/openwrt/package/openssl/Makefile
+++ b/openwrt/package/openssl/Makefile
@@ -3,9 +3,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=0.9.7g
+PKG_VERSION:=0.9.7i
 PKG_RELEASE:=1
-PKG_MD5SUM:=991615f73338a571b6a1be7d74906934
+PKG_MD5SUM:=f69d82b206ff8bff9d0e721f97380b9e
 
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
 	ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \
diff --git a/openwrt/package/openssl/patches/110-optimize-for-size.patch b/openwrt/package/openssl/patches/110-optimize-for-size.patch
index 256e58999a..13375c8248 100644
--- a/openwrt/package/openssl/patches/110-optimize-for-size.patch
+++ b/openwrt/package/openssl/patches/110-optimize-for-size.patch
@@ -1,7 +1,7 @@
 diff -Nur openssl-0.9.7g/Configure openssl-0.9.7g-Os/Configure
 --- openssl-0.9.7g/Configure	2005-04-07 18:06:01.000000000 +0200
 +++ openssl-0.9.7g-Os/Configure	2005-05-01 00:13:09.000000000 +0200
-@@ -401,8 +401,8 @@
+@@ -401,8 +401,9 @@
  "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
@@ -9,6 +9,7 @@ diff -Nur openssl-0.9.7g/Configure openssl-0.9.7g-Os/Configure
 -"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO \$(CCOPTS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO \$(CCOPTS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-i386",	"gcc:-DL_ENDIAN -DTERMIO \$(CCOPTS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc32.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  # -bpowerpc64-linux is transient option, -m64 should be the one to use...
  "linux-ppc64",  "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc64.o:::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/openwrt/package/openssl/patches/150-remove-fips.patch b/openwrt/package/openssl/patches/150-remove-fips.patch
index 3af1550a30..e4e3cb4870 100644
--- a/openwrt/package/openssl/patches/150-remove-fips.patch
+++ b/openwrt/package/openssl/patches/150-remove-fips.patch
@@ -1,11 +1,21 @@
-diff -Nur openssl-0.9.7f/Makefile.org openssl-0.9.7f.new/Makefile.org
---- openssl-0.9.7f/Makefile.org	2005-03-15 10:46:13.000000000 +0100
-+++ openssl-0.9.7f.new/Makefile.org	2005-04-03 20:15:26.000000000 +0200
-@@ -229,7 +229,6 @@
+diff -ruN openssl-0.9.7h-old/Makefile.org openssl-0.9.7h-new/Makefile.org
+--- openssl-0.9.7h-old/Makefile.org	2005-10-12 23:12:38.000000000 +0200
++++ openssl-0.9.7h-new/Makefile.org	2005-10-12 23:13:38.000000000 +0200
+@@ -230,7 +230,6 @@
  libcrypto.a.sha1: libcrypto.a
  	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
  		$(RANLIB) libcrypto.a; \
--		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
+-		fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
  	fi
  
  sub_all:
+@@ -258,9 +257,6 @@
+ libcrypto$(SHLIB_EXT): libcrypto.a
+ 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+ 		$(MAKE) SHLIBDIRS=crypto build-shared; \
+-        	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+-                    fips/sha/fips_standalone_sha1 -binary $@ > $@.$${HMAC_EXT:-sha1}; \
+-		fi; \
+ 	else \
+ 		echo "There's no support for shared libraries on this platform" >&2; \
+ 	fi
-- 
2.30.2