summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl-1.0.1e
Commit message (Collapse)AuthorAgeFilesLines
* openssl: add openssl-CVE-2010-5298.patch SRC_URIRoy Li2014-05-291-24/+0
| | | | | | | | | | make openssl-CVE-2010-5298.patch truely work (From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2010-5298Yue Tao2014-05-211-0/+24
| | | | | | | | | | | | | | | | | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to v1.0.1gCristiana Voicu2014-04-0826-6200/+0
| | | | | | | | | | | | | | | | | | | | | | | | The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix pod2man des.pod error on Ubuntu 12.04Baogen Shang2014-04-011-0/+19
| | | | | | | | | | | | This is a formatting fix, '=back' is required before '=head1' on Ubuntu 12.04. (From OE-Core rev: 362d20e04e64a7437d7f61761057c721066e805f) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Security Advisory - openssl - CVE-2013-6449Yue Tao2014-03-271-0/+33
| | | | | | | | | | | | | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (From OE-Core rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Security Advisory - openssl - CVE-2013-6450Yue Tao2014-03-271-0/+81
| | | | | | | | | | | | | | The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (From OE-Core rev: 94352e694cd828aa84abd846149712535f48ab0f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Security Advisory - openssl - CVE-2013-4353Yue Tao2014-03-271-0/+31
| | | | | | | | | | | | | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (From OE-Core rev: 35ccce7002188c8270d2fead35f9763b22776877) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: use linux-generic64 target for Aarch64 (LE and BE)Fathi Boudra2013-10-262-8/+116
| | | | | | | | | | | | | | | | Update configure-targets.patch: - drop linux-aarch64 configuration Update do_configure(): - add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be - use linux-generic64 target in above case Backport initial-aarch64-bits.patch: - first order optimizations for Aarch64 (From OE-Core rev: 3252110ee5c8272a1f09563f2a794cac545e29d5) Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: avoid NULL pointer dereference in three placesXufeng Zhang2013-08-262-0/+60
| | | | | | | | | | | | | | | | There are three potential NULL pointer dereference in EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode() functions. Fix them by adding proper null pointer check. [YOCTO #4600] [ CQID: WIND00373257 ] (From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021) Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add fix for cipher des-ede3-cfb1Muhammad Shakeel2013-06-171-0/+22
| | | | | | | | | | | | Add patch file for one of the ciphers used in openssl, namely the cipher des-ede3-cfb1. Details of the bug, without this patch, can be found here. http://rt.openssl.org/Ticket/Display.html?id=2867 (From OE-Core rev: ed61c28b9af2f11f46488332b80752b734a3cdeb) Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix documentation build errors with Perl 5.18 pod2manJonathan Liu2013-05-301-0/+435
| | | | | | | (From OE-Core rev: 8792b7fb4ef8d66336d52de7e81efbb818e16b08) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update range information in man-section.patchTing Liu2013-04-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | do_patch failed after upgrading to openssl-1.0.1e. Log: | ERROR: Command Error: exit status: 1 Output: | Applying patch man-section.patch | patching file Makefile.org | Hunk #1 succeeded at 160 (offset 26 lines). | Hunk #2 succeeded at 626 (offset 19 lines). | misordered hunks! output would be garbled | Hunk #3 FAILED at 633. | 1 out of 3 hunks FAILED -- rejects in file Makefile.org | Patch man-section.patch does not apply (enforce with -f) | ERROR: Function failed: patch_do_patch | ERROR: Logfile of failure stored in:temp/log.do_patch.14679 | ERROR: Task 646 (virtual:native:openssl_1.0.1e.bb, do_patch) failed with exit code '1' Change-Id: Ib63031fdbd09443e387ee57efa70381e0aca382c (From OE-Core rev: ded738b945b6af6c73a1c5f1b4cd5ad1b6ac06c0) Signed-off-by: Ting Liu <b28495@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to v1.0.1eRadu Moisan2013-04-0917-0/+5411
Dropped obolete patches and pulled updates for debian patches. Addresses CVEs: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2686 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 [YOCTO #3965] (From OE-Core rev: 0470edd01c0aebaa78db137e365a7e22bfb199e9) Signed-off-by: Radu Moisan <radu.moisan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-03 18:31:52 +0000