diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-03-16 10:54:31 +0100 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-03-21 11:29:21 +0100 |
commit | 7e14191bb3bf457907727f3125e5cbc846d39b9f (patch) | |
tree | 9770da8380271fe318845b69262590263ee0ebe9 /meta/recipes-connectivity/openssl/openssl/parallel.patch | |
parent | dfde5b94e82264ea16a189252d615d67366e3d98 (diff) | |
download | poky-7e14191bb3bf457907727f3125e5cbc846d39b9f.tar.gz |
openssl: upgrade to 1.0.2k
Following vulnerabilities have been solved between 1.0.2h and
1.0.2k releases:
Vulnerabilities detected in 1.0.2h and fixed in 1.0.2i
======================================================
Ref: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6304 (High): OCSP Status Request extension unbounded memory growth
CVE-2016-2183 (Low): SWEET32 Mitigation
CVE-2016-6303 (Low): OOB write in MDC2_Update()
CVE-2016-6302 (Low): Malformed SHA512 ticket DoS
CVE-2016-2182 (Low): OOB write in BN_bn2dec()
CVE-2016-2180 (Low): OOB read in TS_OBJ_print_bio()
CVE-2016-2177 (Low): Pointer arithmetic undefined behaviour
CVE-2016-2178 (Low): Constant time flag not preserved in DSA signing
CVE-2016-2179 (Low): DTLS buffered message DoS
CVE-2016-2181 (Low): DTLS replay protection DoS
CVE-2016-6306 (Low): Certificate message OOB reads
Vulnerabilities detected in 1.0.ih and fixed in 1.0.2j
======================================================
https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-7052 (Moderate): This issue only affects OpenSSL 1.0.2i
1.0.2j - 1.0.2k
Vulnerabilities detected in 1.0.2j and fixed in 1.0.2k
======================================================
CVE-2017-3731 (Moderate): For Openssl 1.0.2, the crash can be triggered when using
RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k
CVE-2017-3732 (Moderate): BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055 (Low): Montgomery multiplication may produce incorrect results
References:
https://www.openssl.org/news/secadv/20160922.txt
https://www.openssl.org/news/secadv/20160926.txt
https://www.openssl.org/news/secadv/20170126.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/parallel.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/parallel.patch | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch index b6c2c148b1..f3f4c99888 100644 --- a/meta/recipes-connectivity/openssl/openssl/parallel.patch +++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch | |||
@@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1 | |||
6 | Upstream-Status: Pending | 6 | Upstream-Status: Pending |
7 | Signed-off-by: Ross Burton <ross.burton@intel.com> | 7 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
8 | 8 | ||
9 | Refreshed for 1.0.2i | ||
10 | Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> | ||
11 | |||
9 | --- openssl-1.0.2g/crypto/Makefile | 12 | --- openssl-1.0.2g/crypto/Makefile |
10 | +++ openssl-1.0.2g/crypto/Makefile | 13 | +++ openssl-1.0.2g/crypto/Makefile |
11 | @@ -85,11 +85,11 @@ | 14 | @@ -85,11 +85,11 @@ |
@@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> | |||
133 | fi; \ | 136 | fi; \ |
134 | --- openssl-1.0.2g/test/Makefile | 137 | --- openssl-1.0.2g/test/Makefile |
135 | +++ openssl-1.0.2g/test/Makefile | 138 | +++ openssl-1.0.2g/test/Makefile |
136 | @@ -139,7 +139,7 @@ | 139 | @@ -144,7 +144,7 @@ |
137 | tags: | 140 | tags: |
138 | ctags $(SRC) | 141 | ctags $(SRC) |
139 | 142 | ||
@@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> | |||
142 | 145 | ||
143 | apps: | 146 | apps: |
144 | @(cd ..; $(MAKE) DIRS=apps all) | 147 | @(cd ..; $(MAKE) DIRS=apps all) |
145 | @@ -421,130 +421,130 @@ | 148 | @@ -438,136 +438,136 @@ |
146 | link_app.$${shlib_target} | 149 | link_app.$${shlib_target} |
147 | 150 | ||
148 | $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) | 151 | $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) |
@@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> | |||
309 | - @target=$(CLIENTHELLOTEST) $(BUILD_CMD) | 312 | - @target=$(CLIENTHELLOTEST) $(BUILD_CMD) |
310 | + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) | 313 | + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) |
311 | 314 | ||
315 | $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o | ||
316 | - @target=$(BADDTLSTEST) $(BUILD_CMD) | ||
317 | + +@target=$(BADDTLSTEST) $(BUILD_CMD) | ||
318 | |||
312 | $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o | 319 | $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o |
313 | - @target=$(SSLV2CONFTEST) $(BUILD_CMD) | 320 | - @target=$(SSLV2CONFTEST) $(BUILD_CMD) |
314 | + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) | 321 | + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) |
315 | 322 | ||
323 | $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) | ||
324 | - @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) | ||
325 | + +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) | ||
326 | |||
316 | #$(AESTEST).o: $(AESTEST).c | 327 | #$(AESTEST).o: $(AESTEST).c |
317 | # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c | 328 | # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c |
318 | @@ -557,7 +557,7 @@ | 329 | @@ -580,6 +580,6 @@ |
319 | # fi | 330 | # fi |
320 | 331 | ||
321 | dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) | 332 | dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) |