summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTudor Florea <tudor.florea@enea.com>2015-07-06 22:38:40 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-07-06 22:38:40 (GMT)
commitb031ebb35ec461c0ca25e1117c81e359d5c6bb21 (patch)
tree912e85c3f3e9fc651f8dac6de1df733fce2ea358
parent59469018432f7b2cf490a1cefe9855cfccdf0508 (diff)
downloadpoky-b031ebb35ec461c0ca25e1117c81e359d5c6bb21.tar.gz
openssl: Upgrade to 1.0.1o to address some CVEs
Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities: CVE-2015-4000, DHE man-in-the-middle protection (Logjam) CVE-2015-1788, Malformed ECParameters causes infinite loop CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1790, PKCS7 crash with missing EnvelopedContent CVE-2015-1791, Race condition handling NewSessionTicket CVE-2015-1792, CMS verify infinite loop with unknown hash function Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues: Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. References: http://openssl.org/news/secadv_20150611.txt https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/man-section.patch15
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1o.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.1m.bb)4
2 files changed, 9 insertions, 10 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
index 21c1d1a..dfe4877 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
@@ -1,11 +1,10 @@
1Upstream-Status: Backport [debian] 1Upstream-Status: Backport [debian]
2 2
3Index: openssl-1.0.0c/Makefile.org 3diff -Naur openssl-1.0.1o-orig/Makefile openssl-1.0.1o/Makefile
4=================================================================== 4--- openssl-1.0.1o-orig/Makefile 2015-06-12 17:20:59.000000000 +0200
5--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 5+++ openssl-1.0.1o/Makefile 2015-06-15 10:40:20.243874349 +0200
6+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 6@@ -162,7 +162,8 @@
7@@ -160,7 +160,8 @@ 7 MANDIR=$(OPENSSLDIR)/man
8 MANDIR=/usr/share/man
9 MAN1=1 8 MAN1=1
10 MAN3=3 9 MAN3=3
11-MANSUFFIX= 10-MANSUFFIX=
@@ -14,7 +13,7 @@ Index: openssl-1.0.0c/Makefile.org
14 HTMLSUFFIX=html 13 HTMLSUFFIX=html
15 HTMLDIR=$(OPENSSLDIR)/html 14 HTMLDIR=$(OPENSSLDIR)/html
16 SHELL=/bin/sh 15 SHELL=/bin/sh
17@@ -651,7 +652,7 @@ 16@@ -644,7 +645,7 @@
18 echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ 17 echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
19 (cd `$(PERL) util/dirname.pl $$i`; \ 18 (cd `$(PERL) util/dirname.pl $$i`; \
20 sh -c "$$pod2man \ 19 sh -c "$$pod2man \
@@ -23,7 +22,7 @@ Index: openssl-1.0.0c/Makefile.org
23 --release=$(VERSION) `basename $$i`") \ 22 --release=$(VERSION) `basename $$i`") \
24 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ 23 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
25 $(PERL) util/extract-names.pl < $$i | \ 24 $(PERL) util/extract-names.pl < $$i | \
26@@ -668,7 +669,7 @@ 25@@ -661,7 +662,7 @@
27 echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ 26 echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
28 (cd `$(PERL) util/dirname.pl $$i`; \ 27 (cd `$(PERL) util/dirname.pl $$i`; \
29 sh -c "$$pod2man \ 28 sh -c "$$pod2man \
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1o.bb
index cab6b3f..44d4d27 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1o.bb
@@ -37,8 +37,8 @@ SRC_URI += "file://configure-targets.patch \
37 file://run-ptest \ 37 file://run-ptest \
38 " 38 "
39 39
40SRC_URI[md5sum] = "d143d1555d842a069cb7cc34ba745a06" 40SRC_URI[md5sum] = "af1096f500a612e2e2adacb958d7eab1"
41SRC_URI[sha256sum] = "095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74" 41SRC_URI[sha256sum] = "16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13"
42 42
43PACKAGES =+ " \ 43PACKAGES =+ " \
44 ${PN}-engines \ 44 ${PN}-engines \