From: Nicolas Thill <nico@openwrt.org>
Date: Mon, 24 Aug 2009 21:15:17 +0000 (+0000)
Subject: [8.09] cosmetic: use coherent CVE patches naming[8.09] cosmetic: use coherent CVE... 
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=42c7c0a109e38b137db673d8c93ee757d36b6f12;p=openwrt%2Fsvn-archive%2Farchive.git

[8.09] cosmetic: use coherent CVE patches naming[8.09] cosmetic: use coherent CVE patches naming[8.09] cosmetic: use coherent CVE patches naming[8.09] cosmetic: use coherent CVE patches naming[8.09] cosmetic: use coherent CVE patches naming


SVN-Revision: 17381
---

diff --git a/package/openssl/patches/400-cve-2008-5077.patch b/package/openssl/patches/400-cve-2008-5077.patch
new file mode 100644
index 0000000000..bc16ffd1ea
--- /dev/null
+++ b/package/openssl/patches/400-cve-2008-5077.patch
@@ -0,0 +1,151 @@
+diff -ur openssl-0.9.8i-ORIG/apps/speed.c openssl-0.9.8i/apps/speed.c
+--- openssl-0.9.8i/apps/speed.c	2007-11-15 13:33:47.000000000 +0000
++++ openssl-0.9.8i/apps/speed-new.c	2008-12-04 00:00:00.000000000 +0000
+@@ -2132,7 +2132,7 @@
+ 				{
+ 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+ 					rsa_num, rsa_key[j]);
+-				if (ret == 0)
++				if (ret <= 0)
+ 					{
+ 					BIO_printf(bio_err,
+ 						"RSA verify failure\n");
+diff -ur openssl-0.9.8i-ORIG/apps/spkac.c openssl-0.9.8i/apps/spkac.c
+--- openssl-0.9.8i-ORIG/apps/spkac.c	2005-04-05 19:11:18.000000000 +0000
++++ openssl-0.9.8i/apps/spkac.c	2008-12-04 00:00:00.000000000 +0000
+@@ -285,7 +285,7 @@
+ 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ 	if(verify) {
+ 		i = NETSCAPE_SPKI_verify(spki, pkey);
+-		if(i) BIO_printf(bio_err, "Signature OK\n");
++		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+ 		else {
+ 			BIO_printf(bio_err, "Signature Failure\n");
+ 			ERR_print_errors(bio_err);
+diff -ur openssl-0.9.8i-ORIG/apps/verify.c openssl-0.9.8i/apps/verify.c
+--- openssl-0.9.8i-ORIG/apps/verify.c	2004-11-29 11:28:07.000000000 +0000
++++ openssl-0.9.8i/apps/verify.c	2008-12-04 00:00:00.600000000 +0000
+@@ -266,7 +266,7 @@
+ 
+ 	ret=0;
+ end:
+-	if (i)
++	if (i > 0)
+ 		{
+ 		fprintf(stdout,"OK\n");
+ 		ret=1;
+@@ -367,4 +367,3 @@
+ 		ERR_clear_error();
+ 	return(ok);
+ 	}
+-
+diff -ur openssl-0.9.8i-ORIG/apps/x509.c openssl-0.9.8i/apps/x509.c
+--- openssl-0.9.8i-ORIG/apps/x509.c	2007-10-12 00:00:10.000000000 +0000
++++ openssl-0.9.8i/apps/x509.c	2008-12-04 00:00:00.400000000 +0000
+@@ -1151,7 +1151,7 @@
+ 	/* NOTE: this certificate can/should be self signed, unless it was
+ 	 * a certificate request in which case it is not. */
+ 	X509_STORE_CTX_set_cert(&xsc,x);
+-	if (!reqfile && !X509_verify_cert(&xsc))
++	if (!reqfile && X509_verify_cert(&xsc) <= 0)
+ 		goto end;
+ 
+ 	if (!X509_check_private_key(xca,pkey))
+diff -ur openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c openssl-0.9.8i/crypto/cms/cms_sd.c
+--- openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c	2008-04-06 16:30:38.000000000 +0000
++++ openssl-0.9.8i/crypto/cms/cms_sd.c	2008-12-04 00:00:00.400000000 +0000
+@@ -830,7 +830,7 @@
+ 	cms_fixup_mctx(&mctx, si->pkey);
+ 	r = EVP_VerifyFinal(&mctx,
+ 			si->signature->data, si->signature->length, si->pkey);
+-	if (!r)
++	if (r <= 0)
+ 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+ 	err:
+ 	EVP_MD_CTX_cleanup(&mctx);
+diff -ur openssl-0.9.8i-ORIG/ssl/s2_clnt.c openssl-0.9.8i/ssl/s2_clnt.c
+--- openssl-0.9.8i-ORIG/ssl/s2_clnt.c	2007-09-06 12:43:53.000000000 +0000
++++ openssl-0.9.8i/ssl/s2_clnt.c	2008-12-04 00:00:00.100000000 +0000
+@@ -1044,7 +1044,7 @@
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+ 		
+-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
++	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
+ 		{
+ 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+ 		goto err;
+diff -ur openssl-0.9.8i-ORIG/ssl/s2_srvr.c openssl-0.9.8i/ssl/s2_srvr.c
+--- openssl-0.9.8i-ORIG/ssl/s2_srvr.c	2007-09-06 12:43:53.000000000 +0000
++++ openssl-0.9.8i/ssl/s2_srvr.c	2008-12-04 00:00:00.900000000 +0000
+@@ -1054,7 +1054,7 @@
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+ 
+-	if (i)	/* we like the packet, now check the chksum */
++	if (i > 0)	/* we like the packet, now check the chksum */
+ 		{
+ 		EVP_MD_CTX ctx;
+ 		EVP_PKEY *pkey=NULL;
+@@ -1083,7 +1083,7 @@
+ 		EVP_PKEY_free(pkey);
+ 		EVP_MD_CTX_cleanup(&ctx);
+ 
+-		if (i) 
++		if (i > 0)
+ 			{
+ 			if (s->session->peer != NULL)
+ 				X509_free(s->session->peer);
+diff -ur openssl-0.9.8i-ORIG/ssl/s3_clnt.c openssl-0.9.8i/ssl/s3_clnt.c
+--- openssl-0.9.8i-ORIG/ssl/s3_clnt.c	2008-06-16 16:56:41.000000000 +0000
++++ openssl-0.9.8i/ssl/s3_clnt.c	2008-12-04 00:00:00.100000000 +0000
+@@ -972,7 +972,7 @@
+ 		}
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
++	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
+ #ifndef OPENSSL_NO_KRB5
+ 	        && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ 	        != (SSL_aKRB5|SSL_kKRB5)
+@@ -1459,7 +1459,7 @@
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,param,param_len);
+-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
++			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
+ 				{
+ 				/* bad signature */
+ 				al=SSL_AD_DECRYPT_ERROR;
+@@ -1477,7 +1477,7 @@
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,param,param_len);
+-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
++			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
+ 				{
+ 				/* bad signature */
+ 				al=SSL_AD_DECRYPT_ERROR;
+diff -ur openssl-0.9.8i-ORIG/ssl/s3_srvr.c openssl-0.9.8i/ssl/s3_srvr.c
+--- openssl-0.9.8i-ORIG/ssl/s3_srvr.c	2008-09-14 18:16:09.000000000 +0000
++++ openssl-0.9.8i/ssl/s3_srvr.c	2008-12-04 00:00:00.100000000 +0000
+@@ -2560,7 +2560,7 @@
+ 	else
+ 		{
+ 		i=ssl_verify_cert_chain(s,sk);
+-		if (!i)
++		if (i <= 0)
+ 			{
+ 			al=ssl_verify_alarm_type(s->verify_result);
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+diff -ur openssl-0.9.8i-ORIG/ssl/ssltest.c openssl-0.9.8i/ssl/ssltest.c
+--- openssl-0.9.8i-ORIG/ssl/ssltest.c	2008-06-16 16:56:42.000000000 +0000
++++ openssl-0.9.8i/ssl/ssltest.c	2008-12-04 00:00:00.900000000 +0000
+@@ -2093,7 +2093,7 @@
+ 
+ 	if (cb_arg->proxy_auth)
+ 		{
+-		if (ok)
++		if (ok > 0)
+ 			{
+ 			const char *cond_end = NULL;
diff --git a/package/openssl/patches/400-cve_2008_5077.patch b/package/openssl/patches/400-cve_2008_5077.patch
deleted file mode 100644
index bc16ffd1ea..0000000000
--- a/package/openssl/patches/400-cve_2008_5077.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-diff -ur openssl-0.9.8i-ORIG/apps/speed.c openssl-0.9.8i/apps/speed.c
---- openssl-0.9.8i/apps/speed.c	2007-11-15 13:33:47.000000000 +0000
-+++ openssl-0.9.8i/apps/speed-new.c	2008-12-04 00:00:00.000000000 +0000
-@@ -2132,7 +2132,7 @@
- 				{
- 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
- 					rsa_num, rsa_key[j]);
--				if (ret == 0)
-+				if (ret <= 0)
- 					{
- 					BIO_printf(bio_err,
- 						"RSA verify failure\n");
-diff -ur openssl-0.9.8i-ORIG/apps/spkac.c openssl-0.9.8i/apps/spkac.c
---- openssl-0.9.8i-ORIG/apps/spkac.c	2005-04-05 19:11:18.000000000 +0000
-+++ openssl-0.9.8i/apps/spkac.c	2008-12-04 00:00:00.000000000 +0000
-@@ -285,7 +285,7 @@
- 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
- 	if(verify) {
- 		i = NETSCAPE_SPKI_verify(spki, pkey);
--		if(i) BIO_printf(bio_err, "Signature OK\n");
-+		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
- 		else {
- 			BIO_printf(bio_err, "Signature Failure\n");
- 			ERR_print_errors(bio_err);
-diff -ur openssl-0.9.8i-ORIG/apps/verify.c openssl-0.9.8i/apps/verify.c
---- openssl-0.9.8i-ORIG/apps/verify.c	2004-11-29 11:28:07.000000000 +0000
-+++ openssl-0.9.8i/apps/verify.c	2008-12-04 00:00:00.600000000 +0000
-@@ -266,7 +266,7 @@
- 
- 	ret=0;
- end:
--	if (i)
-+	if (i > 0)
- 		{
- 		fprintf(stdout,"OK\n");
- 		ret=1;
-@@ -367,4 +367,3 @@
- 		ERR_clear_error();
- 	return(ok);
- 	}
--
-diff -ur openssl-0.9.8i-ORIG/apps/x509.c openssl-0.9.8i/apps/x509.c
---- openssl-0.9.8i-ORIG/apps/x509.c	2007-10-12 00:00:10.000000000 +0000
-+++ openssl-0.9.8i/apps/x509.c	2008-12-04 00:00:00.400000000 +0000
-@@ -1151,7 +1151,7 @@
- 	/* NOTE: this certificate can/should be self signed, unless it was
- 	 * a certificate request in which case it is not. */
- 	X509_STORE_CTX_set_cert(&xsc,x);
--	if (!reqfile && !X509_verify_cert(&xsc))
-+	if (!reqfile && X509_verify_cert(&xsc) <= 0)
- 		goto end;
- 
- 	if (!X509_check_private_key(xca,pkey))
-diff -ur openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c openssl-0.9.8i/crypto/cms/cms_sd.c
---- openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c	2008-04-06 16:30:38.000000000 +0000
-+++ openssl-0.9.8i/crypto/cms/cms_sd.c	2008-12-04 00:00:00.400000000 +0000
-@@ -830,7 +830,7 @@
- 	cms_fixup_mctx(&mctx, si->pkey);
- 	r = EVP_VerifyFinal(&mctx,
- 			si->signature->data, si->signature->length, si->pkey);
--	if (!r)
-+	if (r <= 0)
- 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
- 	err:
- 	EVP_MD_CTX_cleanup(&mctx);
-diff -ur openssl-0.9.8i-ORIG/ssl/s2_clnt.c openssl-0.9.8i/ssl/s2_clnt.c
---- openssl-0.9.8i-ORIG/ssl/s2_clnt.c	2007-09-06 12:43:53.000000000 +0000
-+++ openssl-0.9.8i/ssl/s2_clnt.c	2008-12-04 00:00:00.100000000 +0000
-@@ -1044,7 +1044,7 @@
- 
- 	i=ssl_verify_cert_chain(s,sk);
- 		
--	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
-+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
- 		{
- 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- 		goto err;
-diff -ur openssl-0.9.8i-ORIG/ssl/s2_srvr.c openssl-0.9.8i/ssl/s2_srvr.c
---- openssl-0.9.8i-ORIG/ssl/s2_srvr.c	2007-09-06 12:43:53.000000000 +0000
-+++ openssl-0.9.8i/ssl/s2_srvr.c	2008-12-04 00:00:00.900000000 +0000
-@@ -1054,7 +1054,7 @@
- 
- 	i=ssl_verify_cert_chain(s,sk);
- 
--	if (i)	/* we like the packet, now check the chksum */
-+	if (i > 0)	/* we like the packet, now check the chksum */
- 		{
- 		EVP_MD_CTX ctx;
- 		EVP_PKEY *pkey=NULL;
-@@ -1083,7 +1083,7 @@
- 		EVP_PKEY_free(pkey);
- 		EVP_MD_CTX_cleanup(&ctx);
- 
--		if (i) 
-+		if (i > 0)
- 			{
- 			if (s->session->peer != NULL)
- 				X509_free(s->session->peer);
-diff -ur openssl-0.9.8i-ORIG/ssl/s3_clnt.c openssl-0.9.8i/ssl/s3_clnt.c
---- openssl-0.9.8i-ORIG/ssl/s3_clnt.c	2008-06-16 16:56:41.000000000 +0000
-+++ openssl-0.9.8i/ssl/s3_clnt.c	2008-12-04 00:00:00.100000000 +0000
-@@ -972,7 +972,7 @@
- 		}
- 
- 	i=ssl_verify_cert_chain(s,sk);
--	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
-+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
- #ifndef OPENSSL_NO_KRB5
- 	        && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- 	        != (SSL_aKRB5|SSL_kKRB5)
-@@ -1459,7 +1459,7 @@
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,param,param_len);
--			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
-+			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
- 				{
- 				/* bad signature */
- 				al=SSL_AD_DECRYPT_ERROR;
-@@ -1477,7 +1477,7 @@
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,param,param_len);
--			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
-+			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
- 				{
- 				/* bad signature */
- 				al=SSL_AD_DECRYPT_ERROR;
-diff -ur openssl-0.9.8i-ORIG/ssl/s3_srvr.c openssl-0.9.8i/ssl/s3_srvr.c
---- openssl-0.9.8i-ORIG/ssl/s3_srvr.c	2008-09-14 18:16:09.000000000 +0000
-+++ openssl-0.9.8i/ssl/s3_srvr.c	2008-12-04 00:00:00.100000000 +0000
-@@ -2560,7 +2560,7 @@
- 	else
- 		{
- 		i=ssl_verify_cert_chain(s,sk);
--		if (!i)
-+		if (i <= 0)
- 			{
- 			al=ssl_verify_alarm_type(s->verify_result);
- 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
-diff -ur openssl-0.9.8i-ORIG/ssl/ssltest.c openssl-0.9.8i/ssl/ssltest.c
---- openssl-0.9.8i-ORIG/ssl/ssltest.c	2008-06-16 16:56:42.000000000 +0000
-+++ openssl-0.9.8i/ssl/ssltest.c	2008-12-04 00:00:00.900000000 +0000
-@@ -2093,7 +2093,7 @@
- 
- 	if (cb_arg->proxy_auth)
- 		{
--		if (ok)
-+		if (ok > 0)
- 			{
- 			const char *cond_end = NULL;
diff --git a/package/openssl/patches/401-cve-2009-0590.patch b/package/openssl/patches/401-cve-2009-0590.patch
new file mode 100644
index 0000000000..c6e22befb5
--- /dev/null
+++ b/package/openssl/patches/401-cve-2009-0590.patch
@@ -0,0 +1,75 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
+
+--- a/crypto/asn1/asn1.h
++++ b/crypto/asn1/asn1.h
+@@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void);
+ #define ASN1_R_BAD_OBJECT_HEADER			 102
+ #define ASN1_R_BAD_PASSWORD_READ			 103
+ #define ASN1_R_BAD_TAG					 104
++#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
+ #define ASN1_R_BN_LIB					 105
+ #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+ #define ASN1_R_BUFFER_TOO_SMALL				 107
+@@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void);
+ #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+ #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+ #define ASN1_R_UNEXPECTED_EOC				 159
++#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
+ #define ASN1_R_UNKNOWN_FORMAT				 160
+ #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
+ #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
+--- a/crypto/asn1/asn1_err.c
++++ b/crypto/asn1/asn1_err.c
+@@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
++{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
+ {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
+ {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+ {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
+@@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+ {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
++{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
+ {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
+ {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+ {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
+--- a/crypto/asn1/tasn_dec.c
++++ b/crypto/asn1/tasn_dec.c
+@@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VAL
+ 
+ 	err:
+ 	ASN1_template_free(val, tt);
+-	*val = NULL;
+ 	return 0;
+ 	}
+ 
+@@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_
+ 
+ 	err:
+ 	ASN1_template_free(val, tt);
+-	*val = NULL;
+ 	return 0;
+ 	}
+ 
+@@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
+ 		case V_ASN1_SET:
+ 		case V_ASN1_SEQUENCE:
+ 		default:
++		if (utype == V_ASN1_BMPSTRING && (len & 1))
++			{
++			ASN1err(ASN1_F_ASN1_EX_C2I,
++					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
++			goto err;
++			}
++		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
++			{
++			ASN1err(ASN1_F_ASN1_EX_C2I,
++					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
++			goto err;
++			}
+ 		/* All based on ASN1_STRING and handled the same */
+ 		if (!*pval)
+ 			{
diff --git a/package/openssl/patches/401_cve_2009_0590.patch b/package/openssl/patches/401_cve_2009_0590.patch
deleted file mode 100644
index c6e22befb5..0000000000
--- a/package/openssl/patches/401_cve_2009_0590.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
-
---- a/crypto/asn1/asn1.h
-+++ b/crypto/asn1/asn1.h
-@@ -1217,6 +1217,7 @@ void ERR_load_ASN1_strings(void);
- #define ASN1_R_BAD_OBJECT_HEADER			 102
- #define ASN1_R_BAD_PASSWORD_READ			 103
- #define ASN1_R_BAD_TAG					 104
-+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
- #define ASN1_R_BN_LIB					 105
- #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
- #define ASN1_R_BUFFER_TOO_SMALL				 107
-@@ -1306,6 +1307,7 @@ void ERR_load_ASN1_strings(void);
- #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
- #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
- #define ASN1_R_UNEXPECTED_EOC				 159
-+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
- #define ASN1_R_UNKNOWN_FORMAT				 160
- #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
- #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
---- a/crypto/asn1/asn1_err.c
-+++ b/crypto/asn1/asn1_err.c
-@@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
- {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
- {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
-+{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
- {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
- {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
- {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
-@@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
- {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
- {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
- {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
-+{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
- {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
- {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
- {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
---- a/crypto/asn1/tasn_dec.c
-+++ b/crypto/asn1/tasn_dec.c
-@@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VAL
- 
- 	err:
- 	ASN1_template_free(val, tt);
--	*val = NULL;
- 	return 0;
- 	}
- 
-@@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_
- 
- 	err:
- 	ASN1_template_free(val, tt);
--	*val = NULL;
- 	return 0;
- 	}
- 
-@@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
- 		case V_ASN1_SET:
- 		case V_ASN1_SEQUENCE:
- 		default:
-+		if (utype == V_ASN1_BMPSTRING && (len & 1))
-+			{
-+			ASN1err(ASN1_F_ASN1_EX_C2I,
-+					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
-+			goto err;
-+			}
-+		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
-+			{
-+			ASN1err(ASN1_F_ASN1_EX_C2I,
-+					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
-+			goto err;
-+			}
- 		/* All based on ASN1_STRING and handled the same */
- 		if (!*pval)
- 			{
diff --git a/target/linux/generic-2.4/patches/900-CVE-2008-2136.patch b/target/linux/generic-2.4/patches/900-CVE-2008-2136.patch
deleted file mode 100644
index 8e8be488df..0000000000
--- a/target/linux/generic-2.4/patches/900-CVE-2008-2136.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Backport of:
-
-From: David S. Miller <davem@davemloft.net>
-Date: Fri, 9 May 2008 06:40:26 +0000 (-0700)
-Subject: sit: Add missing kfree_skb() on pskb_may_pull() failure.
-X-Git-Tag: v2.6.26-rc2~19^2
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
-
-sit: Add missing kfree_skb() on pskb_may_pull() failure.
-
-Noticed by Paul Marks <paul@pmarks.net>.
-
-Signed-off-by: David S. Miller <davem@davemloft.net>
---- a/net/ipv6/sit.c
-+++ b/net/ipv6/sit.c
-@@ -410,9 +410,9 @@ int ipip6_rcv(struct sk_buff *skb)
- 	}
- 
- 	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0);
--	kfree_skb(skb);
- 	read_unlock(&ipip6_lock);
- out:
-+	kfree_skb(skb);
- 	return 0;
- }
- 
diff --git a/target/linux/generic-2.4/patches/900-cve-2008-2136.patch b/target/linux/generic-2.4/patches/900-cve-2008-2136.patch
new file mode 100644
index 0000000000..8e8be488df
--- /dev/null
+++ b/target/linux/generic-2.4/patches/900-cve-2008-2136.patch
@@ -0,0 +1,26 @@
+Backport of:
+
+From: David S. Miller <davem@davemloft.net>
+Date: Fri, 9 May 2008 06:40:26 +0000 (-0700)
+Subject: sit: Add missing kfree_skb() on pskb_may_pull() failure.
+X-Git-Tag: v2.6.26-rc2~19^2
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
+
+sit: Add missing kfree_skb() on pskb_may_pull() failure.
+
+Noticed by Paul Marks <paul@pmarks.net>.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -410,9 +410,9 @@ int ipip6_rcv(struct sk_buff *skb)
+ 	}
+ 
+ 	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0);
+-	kfree_skb(skb);
+ 	read_unlock(&ipip6_lock);
+ out:
++	kfree_skb(skb);
+ 	return 0;
+ }
+ 
diff --git a/target/linux/generic-2.4/patches/901-CVE-2009-2692.patch b/target/linux/generic-2.4/patches/901-CVE-2009-2692.patch
deleted file mode 100644
index 641c87ddff..0000000000
--- a/target/linux/generic-2.4/patches/901-CVE-2009-2692.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
-
---- a/net/socket.c
-+++ b/net/socket.c
-@@ -607,6 +607,9 @@ ssize_t sock_sendpage(struct file *file,
- 	if (more)
- 		flags |= MSG_MORE;
- 
-+	if (!sock->ops->sendpage)
-+		return sock_no_sendpage(sock, page, offset, size, flags);
-+
- 	return sock->ops->sendpage(sock, page, offset, size, flags);
- }
- 
diff --git a/target/linux/generic-2.4/patches/901-cve-2009-2692.patch b/target/linux/generic-2.4/patches/901-cve-2009-2692.patch
new file mode 100644
index 0000000000..641c87ddff
--- /dev/null
+++ b/target/linux/generic-2.4/patches/901-cve-2009-2692.patch
@@ -0,0 +1,14 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -607,6 +607,9 @@ ssize_t sock_sendpage(struct file *file,
+ 	if (more)
+ 		flags |= MSG_MORE;
+ 
++	if (!sock->ops->sendpage)
++		return sock_no_sendpage(sock, page, offset, size, flags);
++
+ 	return sock->ops->sendpage(sock, page, offset, size, flags);
+ }
+