diff options
| author | Ilya Yanok <yanok@emcraft.com> | 2011-01-18 01:36:17 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2011-01-20 21:36:59 +0000 |
| commit | 81f1457d7e5092ced648993f3507fdee0165580f (patch) | |
| tree | 9a6eaee771ea4bc35a431d05d7e30f032c72cc89 /meta/recipes-connectivity | |
| parent | 05cb09b2ff8134ad66c19373a1f229f774314a15 (diff) | |
| download | poky-81f1457d7e5092ced648993f3507fdee0165580f.tar.gz | |
openssl: drop the valgrind patch that introduce a security hole
debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible
for everyone using Debian and derivatives changing their keys. All keys
generated with the patched OpenSSL are compromised so at very least we
have to drop this patch for good.
Signed-off-by: Ilya Yanok <yanok@emcraft.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/recipes-connectivity')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch | 15 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl_0.9.8p.bb | 1 |
2 files changed, 0 insertions, 16 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch deleted file mode 100644 index e9f86eabbf..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch +++ /dev/null | |||
| @@ -1,15 +0,0 @@ | |||
| 1 | Index: openssl-0.9.8k/crypto/rand/md_rand.c | ||
| 2 | =================================================================== | ||
| 3 | --- openssl-0.9.8k.orig/crypto/rand/md_rand.c 2008-09-16 13:50:05.000000000 +0200 | ||
| 4 | +++ openssl-0.9.8k/crypto/rand/md_rand.c 2009-07-19 11:36:05.000000000 +0200 | ||
| 5 | @@ -477,8 +477,10 @@ | ||
| 6 | MD_Update(&m,local_md,MD_DIGEST_LENGTH); | ||
| 7 | MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); | ||
| 8 | #ifndef PURIFY | ||
| 9 | +#if 0 /* Don't add uninitialised data. */ | ||
| 10 | MD_Update(&m,buf,j); /* purify complains */ | ||
| 11 | #endif | ||
| 12 | +#endif | ||
| 13 | k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; | ||
| 14 | if (k > 0) | ||
| 15 | { | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb index 3ae6bf456e..283b82add0 100644 --- a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb +++ b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb | |||
| @@ -13,7 +13,6 @@ SRC_URI += "file://debian/ca.patch \ | |||
| 13 | file://debian/no-symbolic.patch \ | 13 | file://debian/no-symbolic.patch \ |
| 14 | file://debian/pic.patch \ | 14 | file://debian/pic.patch \ |
| 15 | file://debian/pkg-config.patch \ | 15 | file://debian/pkg-config.patch \ |
| 16 | file://debian/valgrind.patch \ | ||
| 17 | file://debian/rc4-amd64.patch \ | 16 | file://debian/rc4-amd64.patch \ |
| 18 | file://debian/rehash-crt.patch \ | 17 | file://debian/rehash-crt.patch \ |
| 19 | file://debian/rehash_pod.patch \ | 18 | file://debian/rehash_pod.patch \ |