openssl: upgrade to 1.0.2c

upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176 remove a backport patch update the c_rehash-compat.patch (From OE-Core master rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb) (From OE-Core rev: 7bc77f508a6ba6a409568be818a1795770261dc6) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Roy Li <rongqing.li@windriver.com> 2015-06-24 10:10:18 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-07-15 15:25:40 +0100
commit: 0b506a72f4423385d408bf11c54a73b97b7853e4 (patch)
tree: ed058fe7759cf07e69407d1712e8210c05923dc8 /meta
parent: ee88b51cf2853ab075c9bd2ef7cf4d65d1c96674 (diff)
download: poky-0b506a72f4423385d408bf11c54a73b97b7853e4.tar.gz
2 files changed, 11 insertions, 15 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
index 3943e2c2e7..68e54d561e 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -5,14 +5,10 @@ Subject: [PATCH] also create old hash for compatibility
 Upstream-Status: Backport [debian]
---
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
- tools/c_rehash.in |    8 +++++++-
+index b086ff9..b777d79 100644
- 1 files changed, 7 insertions(+), 1 deletions(-)
+--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
-Index: openssl-1.0.2~beta3/tools/c_rehash.in
-===================================================================
--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
-+++ openssl-1.0.2~beta3/tools/c_rehash.in
 @@ -8,8 +8,6 @@ my $prefix;
 
 my $openssl = $ENV{OPENSSL} || "openssl";
@@ -23,14 +19,14 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in
 my $symlink_exists=eval {symlink("",""); 1};
 my $removelinks = 1;
 @@ -18,10 +16,7 @@ my $removelinks = 1;
- while ( $ARGV[0] =~ '-.*' ) {
+ while ( $ARGV[0] =~ /^-/ ) {
     my $flag = shift @ARGV;
     last if ( $flag eq '--');
-    if ( $flag =~ /-old/) {
+-    if ( $flag eq '-old') {
 -           $x509hash = "-subject_hash_old";
 -           $crlhash = "-hash_old";
-    } elsif ( $flag =~ /-h/) {
+-    } elsif ( $flag eq '-h') {
-+    if ( $flag =~ /-h/) {
+    if ( $flag eq '-h') {
            help();
     } elsif ( $flag eq '-n' ) {
            $removelinks = 0;
@@ -52,7 +48,7 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in
                $fname =~ s/'/'\\''/g;
                my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
                chomp $hash;
-@@ -177,10 +175,20 @@ sub link_hash_cert {
+@@ -176,11 +174,21 @@ sub link_hash_cert {
                $hashlist{$hash} = $fprint;
 }
 
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2a.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb
index 0a04aeaaaa..74319ff5b1 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2a.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb
@@ -38,8 +38,8 @@ SRC_URI += "file://configure-targets.patch \
            file://crypto_use_bigint_in_x86-64_perl.patch \
           "
-SRC_URI[md5sum] = "a06c547dac9044161a477211049f60ef"
+SRC_URI[md5sum] = "8c8d81a9ae7005276e486702edbcd4b6"
-SRC_URI[sha256sum] = "15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a"
+SRC_URI[sha256sum] = "0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83"
 PACKAGES =+ " \
        ${PN}-engines \
author	Roy Li <rongqing.li@windriver.com>	2015-06-24 10:10:18 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-07-15 15:25:40 +0100
commit	0b506a72f4423385d408bf11c54a73b97b7853e4 (patch)
tree	ed058fe7759cf07e69407d1712e8210c05923dc8 /meta
parent	ee88b51cf2853ab075c9bd2ef7cf4d65d1c96674 (diff)
download	poky-0b506a72f4423385d408bf11c54a73b97b7853e4.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch index 3943e2c2e7..68e54d561e 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -5,14 +5,10 @@ Subject: [PATCH] also create old hash for compatibility
5		5
6	Upstream-Status: Backport [debian]	6	Upstream-Status: Backport [debian]
7		7
8	---	8	diff --git a/tools/c_rehash.in b/tools/c_rehash.in
9	tools/c_rehash.in \| 8 +++++++-	9	index b086ff9..b777d79 100644
10	1 files changed, 7 insertions(+), 1 deletions(-)	10	--- a/tools/c_rehash.in
11		11	+++ b/tools/c_rehash.in
12	Index: openssl-1.0.2~beta3/tools/c_rehash.in
13	===================================================================
14	--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
15	+++ openssl-1.0.2~beta3/tools/c_rehash.in
16	@@ -8,8 +8,6 @@ my $prefix;	12	@@ -8,8 +8,6 @@ my $prefix;
17		13
18	my $openssl = $ENV{OPENSSL} \|\| "openssl";	14	my $openssl = $ENV{OPENSSL} \|\| "openssl";
@@ -23,14 +19,14 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in
23	my $symlink_exists=eval {symlink("",""); 1};	19	my $symlink_exists=eval {symlink("",""); 1};
24	my $removelinks = 1;	20	my $removelinks = 1;
25	@@ -18,10 +16,7 @@ my $removelinks = 1;	21	@@ -18,10 +16,7 @@ my $removelinks = 1;
26	while ( $ARGV[0] =~ '-.*' ) {	22	while ( $ARGV[0] =~ /^-/ ) {
27	my $flag = shift @ARGV;	23	my $flag = shift @ARGV;
28	last if ( $flag eq '--');	24	last if ( $flag eq '--');
29	- if ( $flag =~ /-old/) {	25	- if ( $flag eq '-old') {
30	- $x509hash = "-subject_hash_old";	26	- $x509hash = "-subject_hash_old";
31	- $crlhash = "-hash_old";	27	- $crlhash = "-hash_old";
32	- } elsif ( $flag =~ /-h/) {	28	- } elsif ( $flag eq '-h') {
33	+ if ( $flag =~ /-h/) {	29	+ if ( $flag eq '-h') {
34	help();	30	help();
35	} elsif ( $flag eq '-n' ) {	31	} elsif ( $flag eq '-n' ) {
36	$removelinks = 0;	32	$removelinks = 0;
@@ -52,7 +48,7 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in
52	$fname =~ s/'/'\\''/g;	48	$fname =~ s/'/'\\''/g;
53	my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;	49	my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
54	chomp $hash;	50	chomp $hash;
55	@@ -177,10 +175,20 @@ sub link_hash_cert {	51	@@ -176,11 +174,21 @@ sub link_hash_cert {
56	$hashlist{$hash} = $fprint;	52	$hashlist{$hash} = $fprint;
57	}	53	}
58		54


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2a.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb index 0a04aeaaaa..74319ff5b1 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2a.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb
@@ -38,8 +38,8 @@ SRC_URI += "file://configure-targets.patch \
38	file://crypto_use_bigint_in_x86-64_perl.patch \	38	file://crypto_use_bigint_in_x86-64_perl.patch \
39	"	39	"
40		40
41	SRC_URI[md5sum] = "a06c547dac9044161a477211049f60ef"	41	SRC_URI[md5sum] = "8c8d81a9ae7005276e486702edbcd4b6"
42	SRC_URI[sha256sum] = "15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a"	42	SRC_URI[sha256sum] = "0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83"
43		43
44	PACKAGES =+ " \	44	PACKAGES =+ " \
45	${PN}-engines \	45	${PN}-engines \