From d868d0a5d7e1d76bb1a8980346d222fae55fa18b Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 17 Sep 2019 10:52:11 -0300 Subject: openssl: bump to 1.1.1d This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz --- .../510-e_devcrypto-ignore-error-when-closing-session.patch | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch') diff --git a/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch b/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch index fb69599aeb..087994376d 100644 --- a/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch +++ b/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch @@ -1,16 +1,18 @@ -From b6e6d157367bae91a8015434769572e430257d40 Mon Sep 17 00:00:00 2001 +From b6b2744f06f64922b449b3cb4bf0ad3df3efba71 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 11 Mar 2019 10:15:14 -0300 -Subject: [PATCH] e_devcrypto: ignore error when closing session +Subject: e_devcrypto: ignore error when closing session In cipher_init, ignore an eventual error when closing the previous session. It may have been closed by another process after a fork. Signed-off-by: Eneas U de Queiroz +diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c +index 7741138b82..2480bdbd57 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c -@@ -197,9 +197,8 @@ static int cipher_init(EVP_CIPHER_CTX *c +@@ -197,9 +197,8 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); /* cleanup a previous session */ -- cgit v1.2.3