diff options
| author | Roy Li <rongqing.li@windriver.com> | 2015-06-24 10:10:18 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-07-01 15:39:59 +0100 |
| commit | 2d65e23f2d86726f5e6957f275821cd296e05ca2 (patch) | |
| tree | acdec000c204afc924393f9a26187d59c6d09ae6 /meta/recipes-connectivity/openssl | |
| parent | dc5813d8d057a5d48ba42032558bfa1508e2409e (diff) | |
| download | poky-2d65e23f2d86726f5e6957f275821cd296e05ca2.tar.gz | |
openssl: upgrade to 1.0.2c
upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176
remove a backport patch
update the c_rehash-compat.patch
(From OE-Core rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch | 22 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.2c.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.2a.bb) | 5 |
3 files changed, 11 insertions, 46 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch b/meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch deleted file mode 100644 index 7308f8fc3e..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch +++ /dev/null | |||
| @@ -1,30 +0,0 @@ | |||
| 1 | From 60c268b21ac81cc6b1af5c5470282a613b96f6fd Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andy Polyakov <appro@openssl.org> | ||
| 3 | Date: Mon, 25 May 2015 10:17:14 +0200 | ||
| 4 | Subject: [PATCH] bn/bn_lcl.h: fix MIPS-specific gcc version check. | ||
| 5 | |||
| 6 | RT#3859 | ||
| 7 | |||
| 8 | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||
| 9 | --- | ||
| 10 | Upstream-Status: Backport | ||
| 11 | |||
| 12 | crypto/bn/bn_lcl.h | 2 +- | ||
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h | ||
| 16 | index 196df7e..b9d124a 100644 | ||
| 17 | --- a/crypto/bn/bn_lcl.h | ||
| 18 | +++ b/crypto/bn/bn_lcl.h | ||
| 19 | @@ -443,7 +443,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, | ||
| 20 | # endif | ||
| 21 | # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) | ||
| 22 | # if defined(__GNUC__) && __GNUC__>=2 | ||
| 23 | -# if __GNUC__>=4 && __GNUC_MINOR__>=4 | ||
| 24 | +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) | ||
| 25 | /* "h" constraint is no more since 4.4 */ | ||
| 26 | # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) | ||
| 27 | # define BN_UMULT_LOHI(low,high,a,b) ({ \ | ||
| 28 | -- | ||
| 29 | 2.1.4 | ||
| 30 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch index 3943e2c2e7..68e54d561e 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch | |||
| @@ -5,14 +5,10 @@ Subject: [PATCH] also create old hash for compatibility | |||
| 5 | 5 | ||
| 6 | Upstream-Status: Backport [debian] | 6 | Upstream-Status: Backport [debian] |
| 7 | 7 | ||
| 8 | --- | 8 | diff --git a/tools/c_rehash.in b/tools/c_rehash.in |
| 9 | tools/c_rehash.in | 8 +++++++- | 9 | index b086ff9..b777d79 100644 |
| 10 | 1 files changed, 7 insertions(+), 1 deletions(-) | 10 | --- a/tools/c_rehash.in |
| 11 | 11 | +++ b/tools/c_rehash.in | |
| 12 | Index: openssl-1.0.2~beta3/tools/c_rehash.in | ||
| 13 | =================================================================== | ||
| 14 | --- openssl-1.0.2~beta3.orig/tools/c_rehash.in | ||
| 15 | +++ openssl-1.0.2~beta3/tools/c_rehash.in | ||
| 16 | @@ -8,8 +8,6 @@ my $prefix; | 12 | @@ -8,8 +8,6 @@ my $prefix; |
| 17 | 13 | ||
| 18 | my $openssl = $ENV{OPENSSL} || "openssl"; | 14 | my $openssl = $ENV{OPENSSL} || "openssl"; |
| @@ -23,14 +19,14 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in | |||
| 23 | my $symlink_exists=eval {symlink("",""); 1}; | 19 | my $symlink_exists=eval {symlink("",""); 1}; |
| 24 | my $removelinks = 1; | 20 | my $removelinks = 1; |
| 25 | @@ -18,10 +16,7 @@ my $removelinks = 1; | 21 | @@ -18,10 +16,7 @@ my $removelinks = 1; |
| 26 | while ( $ARGV[0] =~ '-.*' ) { | 22 | while ( $ARGV[0] =~ /^-/ ) { |
| 27 | my $flag = shift @ARGV; | 23 | my $flag = shift @ARGV; |
| 28 | last if ( $flag eq '--'); | 24 | last if ( $flag eq '--'); |
| 29 | - if ( $flag =~ /-old/) { | 25 | - if ( $flag eq '-old') { |
| 30 | - $x509hash = "-subject_hash_old"; | 26 | - $x509hash = "-subject_hash_old"; |
| 31 | - $crlhash = "-hash_old"; | 27 | - $crlhash = "-hash_old"; |
| 32 | - } elsif ( $flag =~ /-h/) { | 28 | - } elsif ( $flag eq '-h') { |
| 33 | + if ( $flag =~ /-h/) { | 29 | + if ( $flag eq '-h') { |
| 34 | help(); | 30 | help(); |
| 35 | } elsif ( $flag eq '-n' ) { | 31 | } elsif ( $flag eq '-n' ) { |
| 36 | $removelinks = 0; | 32 | $removelinks = 0; |
| @@ -52,7 +48,7 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in | |||
| 52 | $fname =~ s/'/'\\''/g; | 48 | $fname =~ s/'/'\\''/g; |
| 53 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; | 49 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; |
| 54 | chomp $hash; | 50 | chomp $hash; |
| 55 | @@ -177,10 +175,20 @@ sub link_hash_cert { | 51 | @@ -176,11 +174,21 @@ sub link_hash_cert { |
| 56 | $hashlist{$hash} = $fprint; | 52 | $hashlist{$hash} = $fprint; |
| 57 | } | 53 | } |
| 58 | 54 | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2a.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb index d7f0259683..fd4ba6c5fa 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2a.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb | |||
| @@ -36,12 +36,11 @@ SRC_URI += "file://configure-targets.patch \ | |||
| 36 | file://ptest-deps.patch \ | 36 | file://ptest-deps.patch \ |
| 37 | file://run-ptest \ | 37 | file://run-ptest \ |
| 38 | file://crypto_use_bigint_in_x86-64_perl.patch \ | 38 | file://crypto_use_bigint_in_x86-64_perl.patch \ |
| 39 | file://0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch \ | ||
| 40 | file://openssl-1.0.2a-x32-asm.patch \ | 39 | file://openssl-1.0.2a-x32-asm.patch \ |
| 41 | " | 40 | " |
| 42 | 41 | ||
| 43 | SRC_URI[md5sum] = "a06c547dac9044161a477211049f60ef" | 42 | SRC_URI[md5sum] = "8c8d81a9ae7005276e486702edbcd4b6" |
| 44 | SRC_URI[sha256sum] = "15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a" | 43 | SRC_URI[sha256sum] = "0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83" |
| 45 | 44 | ||
| 46 | PACKAGES =+ " \ | 45 | PACKAGES =+ " \ |
| 47 | ${PN}-engines \ | 46 | ${PN}-engines \ |