openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)

* CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Robert Yang <liezhi.yang@windriver.com> 2016-05-11 00:43:28 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-11 18:00:11 +0100
commit: 3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree: 0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
parent: 8463c062909dba7367d56105cc56126ba971984e (diff)
download: poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz
1 files changed, 0 insertions, 66 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
deleted file mode 100644
index 6fc4d0e839..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Tue, 10 Nov 2015 19:03:07 +0000
-Subject: [PATCH] Fix leak with ASN.1 combine.
-When parsing a combined structure pass a flag to the decode routine
-so on error a pointer to the parent structure is not zeroed as
-this will leak any additional components in the parent.
-This can leak memory in any application parsing PKCS#7 or CMS structures.
-CVE-2015-3195.
-Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
-libFuzzer.
-PR#4131
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Upstream-Status: Backport
-This patch was imported from
-https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- crypto/asn1/tasn_dec.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
-index febf605..9256049 100644
--- a/crypto/asn1/tasn_dec.c
-+++ b/crypto/asn1/tasn_dec.c
-@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-     int otag;
-     int ret = 0;
-     ASN1_VALUE **pchptr, *ptmpval;
-+    int combine = aclass & ASN1_TFLG_COMBINE;
-+    aclass &= ~ASN1_TFLG_COMBINE;
-     if (!pval)
-         return 0;
-     if (aux && aux->asn1_cb)
-@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-  auxerr:
-     ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
-  err:
-    ASN1_item_ex_free(pval, it);
-+    if (combine == 0)
-+        ASN1_item_ex_free(pval, it);
-     if (errtt)
-         ERR_add_error_data(4, "Field=", errtt->field_name,
-                            ", Type=", it->sname);
-@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-     } else {
-         /* Nothing special */
-         ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-                               -1, 0, opt, ctx);
-+                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
-         if (!ret) {
-             ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
-             goto err;
-- 
-2.3.5
author	Robert Yang <liezhi.yang@windriver.com>	2016-05-11 00:43:28 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-05-11 18:00:11 +0100
commit	3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree	0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
parent	8463c062909dba7367d56105cc56126ba971984e (diff)
download	poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch deleted file mode 100644 index 6fc4d0e839..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch +++ /dev/null
@@ -1,66 +0,0 @@
1	From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001
2	From: "Dr. Stephen Henson" <steve@openssl.org>
3	Date: Tue, 10 Nov 2015 19:03:07 +0000
4	Subject: [PATCH] Fix leak with ASN.1 combine.
5
6	When parsing a combined structure pass a flag to the decode routine
7	so on error a pointer to the parent structure is not zeroed as
8	this will leak any additional components in the parent.
9
10	This can leak memory in any application parsing PKCS#7 or CMS structures.
11
12	CVE-2015-3195.
13
14	Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
15	libFuzzer.
16
17	PR#4131
18
19	Reviewed-by: Richard Levitte <levitte@openssl.org>
20
21	Upstream-Status: Backport
22
23	This patch was imported from
24	https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
25
26	Signed-off-by: Armin Kuster <akuster@mvista.com>
27
28	---
29	crypto/asn1/tasn_dec.c \| 7 +++++--
30	1 file changed, 5 insertions(+), 2 deletions(-)
31
32	diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
33	index febf605..9256049 100644
34	--- a/crypto/asn1/tasn_dec.c
35	+++ b/crypto/asn1/tasn_dec.c
36	@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
37	int otag;
38	int ret = 0;
39	ASN1_VALUE *pchptr, ptmpval;
40	+ int combine = aclass & ASN1_TFLG_COMBINE;
41	+ aclass &= ~ASN1_TFLG_COMBINE;
42	if (!pval)
43	return 0;
44	if (aux && aux->asn1_cb)
45	@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
46	auxerr:
47	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
48	err:
49	- ASN1_item_ex_free(pval, it);
50	+ if (combine == 0)
51	+ ASN1_item_ex_free(pval, it);
52	if (errtt)
53	ERR_add_error_data(4, "Field=", errtt->field_name,
54	", Type=", it->sname);
55	@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
56	} else {
57	/* Nothing special */
58	ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
59	- -1, 0, opt, ctx);
60	+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
61	if (!ret) {
62	ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
63	goto err;
64	--
65	2.3.5
66