openssl: Upgrade to v1.0.1g

The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Cristiana Voicu <cristiana.voicu@intel.com> 2014-04-08 14:49:48 +0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-04-08 17:45:09 +0100
commit: 5dd1d7566964c90d33c0c44f569d9336fb0724ce (patch)
tree: 6c9516db6873f1254723cbeeca204a43d5d410ba /meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
parent: c0ac09ab49d7a2b9cc7601ceef2852d690cdf3d1 (diff)
download: poky-5dd1d7566964c90d33c0c44f569d9336fb0724ce.tar.gz
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
new file mode 100644
index 0000000000..ac1b19b943
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Backport [debian]
+From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+---
+ tools/c_rehash.in |    8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+Index: openssl-1.0.0d/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.0d.orig/tools/c_rehash.in       2011-04-13 20:41:28.000000000 +0000
+++ openssl-1.0.0d/tools/c_rehash.in    2011-04-13 20:41:28.000000000 +0000
+@@ -86,6 +86,7 @@
+                        }
+                }
+                link_hash_cert($fname) if($cert);
+               link_hash_cert_old($fname) if($cert);
+                link_hash_crl($fname) if($crl);
+        }
+ }
+@@ -119,8 +120,9 @@
+ 
+ sub link_hash_cert {
+                my $fname = $_[0];
+               my $hashopt = $_[1] || '-subject_hash';
+                $fname =~ s/'/'\\''/g;
+-               my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
+               my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+                chomp $hash;
+                chomp $fprint;
+                $fprint =~ s/^.*=//;
+@@ -150,6 +152,10 @@
+                $hashlist{$hash} = $fprint;
+ }
+ 
+sub link_hash_cert_old {
+               link_hash_cert($_[0], '-subject_hash_old');
+}
+
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {
author	Cristiana Voicu <cristiana.voicu@intel.com>	2014-04-08 14:49:48 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-04-08 17:45:09 +0100
commit	5dd1d7566964c90d33c0c44f569d9336fb0724ce (patch)
tree	6c9516db6873f1254723cbeeca204a43d5d410ba /meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
parent	c0ac09ab49d7a2b9cc7601ceef2852d690cdf3d1 (diff)
download	poky-5dd1d7566964c90d33c0c44f569d9336fb0724ce.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch new file mode 100644 index 0000000000..ac1b19b943 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -0,0 +1,45 @@
	1	Upstream-Status: Backport [debian]
	2
	3	From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
	4	From: Ludwig Nussel <ludwig.nussel@suse.de>
	5	Date: Wed, 21 Apr 2010 15:52:10 +0200
	6	Subject: [PATCH] also create old hash for compatibility
	7
	8	---
	9	tools/c_rehash.in \| 8 +++++++-
	10	1 files changed, 7 insertions(+), 1 deletions(-)
	11
	12	Index: openssl-1.0.0d/tools/c_rehash.in
	13	===================================================================
	14	--- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
	15	+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
	16	@@ -86,6 +86,7 @@
	17	}
	18	}
	19	link_hash_cert($fname) if($cert);
	20	+ link_hash_cert_old($fname) if($cert);
	21	link_hash_crl($fname) if($crl);
	22	}
	23	}
	24	@@ -119,8 +120,9 @@
	25
	26	sub link_hash_cert {
	27	my $fname = $_[0];
	28	+ my $hashopt = $_[1] \|\| '-subject_hash';
	29	$fname =~ s/'/'\\''/g;
	30	- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
	31	+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
	32	chomp $hash;
	33	chomp $fprint;
	34	$fprint =~ s/^.*=//;
	35	@@ -150,6 +152,10 @@
	36	$hashlist{$hash} = $fprint;
	37	}
	38
	39	+sub link_hash_cert_old {
	40	+ link_hash_cert($_[0], '-subject_hash_old');
	41	+}
	42	+
	43	# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
	44
	45	sub link_hash_crl {