diff options
author | Patrick Ohly <patrick.ohly@intel.com> | 2016-09-23 15:26:05 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-24 07:30:09 +0100 |
commit | d9e1bb679eb4d625a751ad668a18eaaefeaed850 (patch) | |
tree | 91d678182f2c08db9d61f01e37ecbd9e89f8a907 /meta/recipes-connectivity/openssl/openssl/debian | |
parent | 2f4b80b3061368917ecad432094e7128f8f3b740 (diff) | |
download | poky-d9e1bb679eb4d625a751ad668a18eaaefeaed850.tar.gz |
openssl: update to 1.0.2i (CVE-2016-6304 and more)
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
(From OE-Core rev: d6b69279b5d1370d9c4982d5b1842a471cfd2b0e)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/debian')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/ca.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch index aba4d42983..fb745e4394 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch | |||
@@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in | |||
7 | @@ -65,6 +65,7 @@ | 7 | @@ -65,6 +65,7 @@ |
8 | foreach (@ARGV) { | 8 | foreach (@ARGV) { |
9 | if ( /^(-\?|-h|-help)$/ ) { | 9 | if ( /^(-\?|-h|-help)$/ ) { |
10 | print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; | 10 | print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; |
11 | + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; | 11 | + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; |
12 | exit 0; | 12 | exit 0; |
13 | } elsif (/^-newcert$/) { | 13 | } elsif (/^-newcert$/) { |