Fix for OpenSSL security vulnerabilities

 1) DTLS invalid fragment vulnerability (CVE-2014-0195)
 2) DTLS recursion flaw (CVE-2014-0221)
 3) SSL/TLS MITM vulnerability (CVE-2014-0224)
 4) Anonymous ECDH denial of service (CVE-2014-3470)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index dad89f0a22..d7d2b7f00e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -36,6 +36,12 @@ SRC_URI += "file://configure-targets.patch \
             file://find.pl \
             file://openssl-fix-des.pod-error.patch \
             file://openssl-CVE-2014-0198-fix.patch \
+            file://0001-Fix-for-CVE-2014-0195.patch \
+            file://0001-Fix-CVE-2014-0221.patch \
+            file://0001-Fix-for-CVE-2014-0224.patch \
+            file://0002-Additional-CVE-2014-0224-protection.patch \
+            file://0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch \
+            file://0001-Fix-CVE-2014-3470.patch \
             file://run-ptest \
            "