openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)

* CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Robert Yang <liezhi.yang@windriver.com> 2016-05-11 00:43:28 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-11 18:00:11 +0100
commit: 3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree: 0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
parent: 8463c062909dba7367d56105cc56126ba971984e (diff)
download: poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz
1 files changed, 0 insertions, 45 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
deleted file mode 100644
index 13d48913b3..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Fri, 2 Oct 2015 12:35:19 +0100
-Subject: [PATCH] Add PSS parameter check.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Avoid seg fault by checking mgf1 parameter is not NULL. This can be
-triggered during certificate verification so could be a DoS attack
-against a client or a server enabling client authentication.
-Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
-CVE-2015-3194
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Upstream-Status: Backport
-This patch was imported from 
-https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- crypto/rsa/rsa_ameth.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index ca3922e..4e06218 100644
--- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
- {
-     const unsigned char *p;
-     int plen;
-    if (alg == NULL)
-+    if (alg == NULL || alg->parameter == NULL)
-         return NULL;
-     if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
-         return NULL;
-- 
-2.3.5
author	Robert Yang <liezhi.yang@windriver.com>	2016-05-11 00:43:28 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-05-11 18:00:11 +0100
commit	3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree	0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
parent	8463c062909dba7367d56105cc56126ba971984e (diff)
download	poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch deleted file mode 100644 index 13d48913b3..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch +++ /dev/null
@@ -1,45 +0,0 @@
1	From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001
2	From: "Dr. Stephen Henson" <steve@openssl.org>
3	Date: Fri, 2 Oct 2015 12:35:19 +0100
4	Subject: [PATCH] Add PSS parameter check.
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	Avoid seg fault by checking mgf1 parameter is not NULL. This can be
10	triggered during certificate verification so could be a DoS attack
11	against a client or a server enabling client authentication.
12
13	Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
14
15	CVE-2015-3194
16
17	Reviewed-by: Richard Levitte <levitte@openssl.org>
18
19	Upstream-Status: Backport
20
21	This patch was imported from
22	https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
23
24	Signed-off-by: Armin Kuster <akuster@mvista.com>
25
26	---
27	crypto/rsa/rsa_ameth.c \| 2 +-
28	1 file changed, 1 insertion(+), 1 deletion(-)
29
30	diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
31	index ca3922e..4e06218 100644
32	--- a/crypto/rsa/rsa_ameth.c
33	+++ b/crypto/rsa/rsa_ameth.c
34	@@ -268,7 +268,7 @@ static X509_ALGOR rsa_mgf1_decode(X509_ALGOR alg)
35	{
36	const unsigned char *p;
37	int plen;
38	- if (alg == NULL)
39	+ if (alg == NULL \|\| alg->parameter == NULL)
40	return NULL;
41	if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
42	return NULL;
43	--
44	2.3.5
45