diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:38:40 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:38:40 +0200 |
commit | b031ebb35ec461c0ca25e1117c81e359d5c6bb21 (patch) | |
tree | 912e85c3f3e9fc651f8dac6de1df733fce2ea358 /meta/recipes-connectivity/openssl/openssl_1.0.1o.bb | |
parent | 59469018432f7b2cf490a1cefe9855cfccdf0508 (diff) | |
download | poky-b031ebb35ec461c0ca25e1117c81e359d5c6bb21.tar.gz |
openssl: Upgrade to 1.0.1o to address some CVEs
Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities:
CVE-2015-4000, DHE man-in-the-middle protection (Logjam)
CVE-2015-1788, Malformed ECParameters causes infinite loop
CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790, PKCS7 crash with missing EnvelopedContent
CVE-2015-1791, Race condition handling NewSessionTicket
CVE-2015-1792, CMS verify infinite loop with unknown hash function
Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues:
Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
References:
http://openssl.org/news/secadv_20150611.txt
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl_1.0.1o.bb')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.1o.bb | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1o.bb new file mode 100644 index 0000000000..44d4d27c4b --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1o.bb | |||
@@ -0,0 +1,56 @@ | |||
1 | require openssl.inc | ||
2 | |||
3 | # For target side versions of openssl enable support for OCF Linux driver | ||
4 | # if they are available. | ||
5 | DEPENDS += "cryptodev-linux" | ||
6 | |||
7 | CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" | ||
8 | |||
9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" | ||
10 | |||
11 | export DIRS = "crypto ssl apps engines" | ||
12 | export OE_LDFLAGS="${LDFLAGS}" | ||
13 | |||
14 | SRC_URI += "file://configure-targets.patch \ | ||
15 | file://shared-libs.patch \ | ||
16 | file://oe-ldflags.patch \ | ||
17 | file://engines-install-in-libdir-ssl.patch \ | ||
18 | file://openssl-fix-link.patch \ | ||
19 | file://debian/version-script.patch \ | ||
20 | file://debian/pic.patch \ | ||
21 | file://debian/c_rehash-compat.patch \ | ||
22 | file://debian/ca.patch \ | ||
23 | file://debian/make-targets.patch \ | ||
24 | file://debian/no-rpath.patch \ | ||
25 | file://debian/man-dir.patch \ | ||
26 | file://debian/man-section.patch \ | ||
27 | file://debian/no-symbolic.patch \ | ||
28 | file://debian/debian-targets.patch \ | ||
29 | file://openssl_fix_for_x32.patch \ | ||
30 | file://fix-cipher-des-ede3-cfb1.patch \ | ||
31 | file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ | ||
32 | file://initial-aarch64-bits.patch \ | ||
33 | file://find.pl \ | ||
34 | file://openssl-fix-des.pod-error.patch \ | ||
35 | file://Makefiles-ptest.patch \ | ||
36 | file://ptest-deps.patch \ | ||
37 | file://run-ptest \ | ||
38 | " | ||
39 | |||
40 | SRC_URI[md5sum] = "af1096f500a612e2e2adacb958d7eab1" | ||
41 | SRC_URI[sha256sum] = "16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13" | ||
42 | |||
43 | PACKAGES =+ " \ | ||
44 | ${PN}-engines \ | ||
45 | ${PN}-engines-dbg \ | ||
46 | " | ||
47 | |||
48 | FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" | ||
49 | FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug" | ||
50 | |||
51 | PARALLEL_MAKE = "" | ||
52 | PARALLEL_MAKEINST = "" | ||
53 | |||
54 | do_configure_prepend() { | ||
55 | cp ${WORKDIR}/find.pl ${S}/util/find.pl | ||
56 | } | ||