openssl: Update to version 3.0.18

OpenSSL 3.0.18 is a security patch release. The most severe CVE fixed in this release is Moderate. This release incorporates the following bug fixes and mitigations: * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) * Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) The removed patch is included upstream: c0d968f0ac Link: https://github.com/openwrt/openwrt/pull/20312 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6e068b7052)
openssl: correct PKG_LICENSE_FILES
2025-12-10 06:24:40 +01:00 · 2025-12-04 15:13:14 +01:00 · 2025-12-04 15:13:07 +01:00 · 2025-12-04 15:13:00 +01:00 · 2025-12-04 15:12:51 +01:00 · 2025-12-04 15:12:41 +01:00
2 changed files with 8 additions and 12 deletions
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=openssl
-PKG_VERSION:=3.0.16
+PKG_VERSION:=3.0.18
 PKG_RELEASE:=1
 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto

@ -17,18 +17,14 @@ PKG_BUILD_PARALLEL:=1
 PKG_BASE:=$(subst $(space),.,$(wordlist 1,2,$(subst .,$(space),$(PKG_VERSION))))
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
-	http://www.openssl.org/source/ \
-	http://www.openssl.org/source/old/$(PKG_BASE)/ \
-	https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ \
-	http://ftp.fi.muni.cz/pub/openssl/source/ \
-	http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
-	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
-	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
+	https://www.openssl.org/source/ \
+	https://www.openssl.org/source/old/$(PKG_BASE)/ \
+	https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/

-PKG_HASH:=57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86
+PKG_HASH:=d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b

 PKG_LICENSE:=Apache-2.0
-PKG_LICENSE_FILES:=LICENSE
+PKG_LICENSE_FILES:=LICENSE.txt
 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_CPE_ID:=cpe:/a:openssl:openssl
 PKG_CONFIG_DEPENDS:= \
@ -74,7 +70,7 @@ endif

 define Package/openssl/Default
  TITLE:=Open source SSL toolkit
-  URL:=http://www.openssl.org/
+  URL:=https://www.openssl.org/
  SECTION:=libs
  CATEGORY:=Libraries
 endef
--- a/package/libs/openssl/patches/100-Configure-afalg-support.patch
+++ b/package/libs/openssl/patches/100-Configure-afalg-support.patch
@ -10,7 +10,7 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

 --- a/Configure
 +++ b/Configure
-@@ -1677,7 +1677,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
+@@ -1678,7 +1678,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
 
 unless ($disabled{afalgeng}) {
     $config{afalgeng}="";
Author	SHA1	Message	Date
Hauke Mehrtens	b6d7048c8b	openssl: Update to version 3.0.18 Some checks failed Build all core packages / Build all core packages for selected target (push) Has been cancelled Details OpenSSL 3.0.18 is a security patch release. The most severe CVE fixed in this release is Moderate. This release incorporates the following bug fixes and mitigations: * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) * Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) The removed patch is included upstream: `c0d968f0ac` Link: https://github.com/openwrt/openwrt/pull/20312 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `6e068b7052`)	2025-12-04 15:13:14 +01:00
Linus Kardell	a25c76d8c7	openssl: correct PKG_LICENSE_FILES Point to correct file name. Signed-off-by: Linus Kardell <linus.kardell@infobric.com> Link: https://github.com/openwrt/openwrt/pull/19999 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `bcfc3f01a4`) (cherry picked from commit `daca7c049b`)	2025-12-04 15:13:07 +01:00
Hauke Mehrtens	26433c2168	openssl: Backport fix for OpenSSL 3.5.2 and 3.0.17 regression Fixes segmentation faults in openssl. This problem was introduced in version 3.5.2 and 3.0.17. Backport a fix from the OpenSSL 3.0 branch. Link: https://forum.openwrt.org/t/openssl-3-0-17-libcrypto-segmentation-faults-regression/240650/9 Link: https://github.com/openssl/openssl/issues/28171 Link: `c0d968f0ac` Fixes: `f68c3e5057` ("openssl: Update to version 3.0.17") Link: https://github.com/openwrt/openwrt/pull/20069 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `aa3c98f821`) (cherry picked from commit `640e364ec0`)	2025-12-04 15:13:00 +01:00
Hauke Mehrtens	1ff42fc429	openssl: Update to version 3.0.17 This release incorporates the following bug fixes and mitigations: Miscellaneous minor bug fixes. Link: https://github.com/openwrt/openwrt/pull/19325 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `f68c3e5057`)	2025-12-04 15:12:51 +01:00
Chukun Pan	93a08f1534	openssl: update download mirrors New releases of openssl are only published on GitHub, and official downloads are also redirected to GitHub. So remove the old download mirrors (file 404), and replace the current address with https. Link: https://openssl-library.org/source/ Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn> Link: https://github.com/openwrt/openwrt/pull/16470 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit `38bb47c36c`)	2025-12-04 15:12:41 +01:00