diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:38:40 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:38:40 +0200 |
commit | b031ebb35ec461c0ca25e1117c81e359d5c6bb21 (patch) | |
tree | 912e85c3f3e9fc651f8dac6de1df733fce2ea358 /meta/recipes-connectivity/openssl/openssl/debian/man-section.patch | |
parent | 59469018432f7b2cf490a1cefe9855cfccdf0508 (diff) | |
download | poky-b031ebb35ec461c0ca25e1117c81e359d5c6bb21.tar.gz |
openssl: Upgrade to 1.0.1o to address some CVEs
Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities:
CVE-2015-4000, DHE man-in-the-middle protection (Logjam)
CVE-2015-1788, Malformed ECParameters causes infinite loop
CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790, PKCS7 crash with missing EnvelopedContent
CVE-2015-1791, Race condition handling NewSessionTicket
CVE-2015-1792, CMS verify infinite loop with unknown hash function
Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues:
Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
References:
http://openssl.org/news/secadv_20150611.txt
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/debian/man-section.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/man-section.patch | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch index 21c1d1a4eb..dfe4877f46 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch | |||
@@ -1,11 +1,10 @@ | |||
1 | Upstream-Status: Backport [debian] | 1 | Upstream-Status: Backport [debian] |
2 | 2 | ||
3 | Index: openssl-1.0.0c/Makefile.org | 3 | diff -Naur openssl-1.0.1o-orig/Makefile openssl-1.0.1o/Makefile |
4 | =================================================================== | 4 | --- openssl-1.0.1o-orig/Makefile 2015-06-12 17:20:59.000000000 +0200 |
5 | --- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 | 5 | +++ openssl-1.0.1o/Makefile 2015-06-15 10:40:20.243874349 +0200 |
6 | +++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 | 6 | @@ -162,7 +162,8 @@ |
7 | @@ -160,7 +160,8 @@ | 7 | MANDIR=$(OPENSSLDIR)/man |
8 | MANDIR=/usr/share/man | ||
9 | MAN1=1 | 8 | MAN1=1 |
10 | MAN3=3 | 9 | MAN3=3 |
11 | -MANSUFFIX= | 10 | -MANSUFFIX= |
@@ -14,7 +13,7 @@ Index: openssl-1.0.0c/Makefile.org | |||
14 | HTMLSUFFIX=html | 13 | HTMLSUFFIX=html |
15 | HTMLDIR=$(OPENSSLDIR)/html | 14 | HTMLDIR=$(OPENSSLDIR)/html |
16 | SHELL=/bin/sh | 15 | SHELL=/bin/sh |
17 | @@ -651,7 +652,7 @@ | 16 | @@ -644,7 +645,7 @@ |
18 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ | 17 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ |
19 | (cd `$(PERL) util/dirname.pl $$i`; \ | 18 | (cd `$(PERL) util/dirname.pl $$i`; \ |
20 | sh -c "$$pod2man \ | 19 | sh -c "$$pod2man \ |
@@ -23,7 +22,7 @@ Index: openssl-1.0.0c/Makefile.org | |||
23 | --release=$(VERSION) `basename $$i`") \ | 22 | --release=$(VERSION) `basename $$i`") \ |
24 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ | 23 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ |
25 | $(PERL) util/extract-names.pl < $$i | \ | 24 | $(PERL) util/extract-names.pl < $$i | \ |
26 | @@ -668,7 +669,7 @@ | 25 | @@ -661,7 +662,7 @@ |
27 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ | 26 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ |
28 | (cd `$(PERL) util/dirname.pl $$i`; \ | 27 | (cd `$(PERL) util/dirname.pl $$i`; \ |
29 | sh -c "$$pod2man \ | 28 | sh -c "$$pod2man \ |