summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl
Commit message (Collapse)AuthorAgeFilesLines
* openssl: upgrade to 1.0.2kSona Sarmadi2017-03-215-4/+341
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following vulnerabilities have been solved between 1.0.2h and 1.0.2k releases: Vulnerabilities detected in 1.0.2h and fixed in 1.0.2i ====================================================== Ref: https://www.openssl.org/news/secadv/20160922.txt CVE-2016-6304 (High): OCSP Status Request extension unbounded memory growth CVE-2016-2183 (Low): SWEET32 Mitigation CVE-2016-6303 (Low): OOB write in MDC2_Update() CVE-2016-6302 (Low): Malformed SHA512 ticket DoS CVE-2016-2182 (Low): OOB write in BN_bn2dec() CVE-2016-2180 (Low): OOB read in TS_OBJ_print_bio() CVE-2016-2177 (Low): Pointer arithmetic undefined behaviour CVE-2016-2178 (Low): Constant time flag not preserved in DSA signing CVE-2016-2179 (Low): DTLS buffered message DoS CVE-2016-2181 (Low): DTLS replay protection DoS CVE-2016-6306 (Low): Certificate message OOB reads Vulnerabilities detected in 1.0.ih and fixed in 1.0.2j ====================================================== https://www.openssl.org/news/secadv/20160926.txt CVE-2016-7052 (Moderate): This issue only affects OpenSSL 1.0.2i 1.0.2j - 1.0.2k Vulnerabilities detected in 1.0.2j and fixed in 1.0.2k ====================================================== CVE-2017-3731 (Moderate): For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k CVE-2017-3732 (Moderate): BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055 (Low): Montgomery multiplication may produce incorrect results References: https://www.openssl.org/news/secadv/20160922.txt https://www.openssl.org/news/secadv/20160926.txt https://www.openssl.org/news/secadv/20170126.txt Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* openssl: Security fix CVE-2016-8610Armin Kuster2017-02-101-0/+124
| | | | | | | | | | | affects openssl < 1.0.2i (From OE-Core rev: 0256b61cdafe540edb3cec2a34429e24b037cfae) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* openssl: Security fix CVE-2016-6306Armin Kuster2016-09-271-0/+71
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: 378e58a93127cbf7c330aa1ae4df9a96681bc410) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-6304Armin Kuster2016-09-271-0/+75
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: ae1db7aea891978e42e5205d2ffc93c16703134c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-6303Armin Kuster2016-09-271-0/+36
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: bb812836c2c8d89da54d905b65487a9f1acd5f3c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-6302Armin Kuster2016-09-271-0/+53
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: 6d26328bd1d950ddc5ca1cda47da4b8f3d432a1e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-2182Armin Kuster2016-09-271-0/+70
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: 4be4162d5a03af6a20adc2314575e4d0baa5337a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-2181Armin Kuster2016-09-273-0/+360
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: 401f3ccd509d012c4b048eb9fcb5d0f4ab5cc7d2) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-2180Armin Kuster2016-09-271-0/+44
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: 94b44f40fb52f642eeab1211bd5fc57ceba29f7e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-2179Armin Kuster2016-09-271-0/+255
| | | | | | | | | affects openssl < 1.0.1i (From OE-Core rev: 8eb58cf801a26ec17dfc67bae2881f0fc03ea49b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-2178Armin Kuster2016-09-271-0/+54
| | | | | | | | | affects openssl < 1.0.2i (From OE-Core rev: 2752dba61da730ccd914b7720490754a476d1024) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "openssl: prevent ABI break from earlier krogoth releases"Armin Kuster2016-07-061-22/+9
| | | | | | | | | | | This patch should not have been back ported. This reverts commit 18b0a78f439ce26ea475537cc20ebbc1d091920c. (From OE-Core rev: 08f85da10b3a7fc6165f163fd0f23784a2c9c8e4) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: prevent ABI break from earlier krogoth releasesJoshua Lock2016-06-291-9/+22
| | | | | | | | | | | | | | | | | | | The backported upgrade to 1.0.2h included an updated GNU LD version-script which results in an ABI change. In order to try and respect ABI for existing binaries built against fido this commit partially reverts the version-script to maintain the existing ABI and instead only add the new symbols required by 1.0.2h. Suggested-by: Martin Jansa <martin.jansa@gmail.com> (From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f) (From OE-Core rev: 4d1cb0646eafca44fae5321f48c6114a32fbf164) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix via update to 1.0.2hArmin Kuster2016-05-171-7/+7
| | | | | | | | | | | | | | | | | | | | | | | CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 https://www.openssl.org/news/secadv/20160503.txt fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. (From OE-Core rev: c693f34f54257a8eca9fe8c5a9eee5647b7eeb0c) (From OE-Core rev: 73daaa207754e48efef59b516ad5601129cf4bac) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add a patch to fix parallel buildsRoss Burton2016-03-071-0/+326
| | | | | | | | | | Apply a patch taken from Gentoo to hopefully fix the remaining parallel make races. (From OE-Core rev: 3d806d59a4c5e8ff35c7e7c5a3a6ef85e2b4b259) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix Drown via 1.0.2g updateArmin Kuster2016-03-032-8/+4665
| | | | | | | | | | | | | | | | | | | | CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g (From OE-Core rev: 7933fbbc6372ec8edaec82dd5c7b44fa2d15a4d5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add musl configuration supportKhem Raj2015-12-121-0/+27
| | | | | | | | | | use termios instead of termio (From OE-Core rev: 753b6233e5da66d9e64952b8089589a1beebf8a9) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix typos in Upstream-Status labelsPaul Eggleton2015-11-161-1/+1
| | | | | | | | | | | We need these to be consistent so they are possible to programmatically read. (From OE-Core rev: c64fdfd27103a4962c74c88f4ef7940cda6832eb) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptest failuresMaxin B. John2015-10-011-0/+248
| | | | | | | | | | | | | Remove dependencies for test targets. Otherwise, during ptest execution, "make" tries to rebuild those executables and fails there. [YOCTO #8059] (From OE-Core rev: 0efdd2236ec7f16f99847c6c372f372f81c56869) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.2dJan Wetter2015-07-101-35/+0
| | | | | | | | | | This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. (From OE-Core rev: 631632addbc81b06b7accfca8f8a9871d6b09111) Signed-off-by: Jan Wetter <jan.wetter@mikrom.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.2cRoy Li2015-07-012-43/+9
| | | | | | | | | | | upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176 remove a backport patch update the c_rehash-compat.patch (From OE-Core rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix building on x32 systemsCristian Iorga2015-06-231-0/+46
| | | | | | | | | | | | | Fix build on Fedora 21 i686. When building on x32 systems where the default type is 32bit, make sure that 64bit integers can be represented transparently. (From OE-Core rev: cd3eddcf2842b9a360f72caf4337ab2968462bb2) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Backport upstreamed version of patch to fix build on mips64Khem Raj2015-05-302-53/+30
| | | | | | | | | | Previous patch had a concern as well and this is a direct backport of the patch fixing the problem. (From OE-Core rev: 3d48bb6d2d65d0837dcacc262633a55053652e5f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix build with gcc5 on mips64Khem Raj2015-05-241-0/+53
| | | | | | | | | Patch is submitted upstream as well (From OE-Core rev: 40016c7c19abdbdae4fcd86fab9672631f26712b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: drop the padlock_conf.patchRoy Li2015-05-241-31/+0
| | | | | | | | | | | | padlock_conf.patch will enable the padlock engine by default, but this engine does not work on some 32bit machine, and lead to openssl unable to work (From OE-Core rev: f7d186abca6ed9b48ae7393b8f244e1bfb46cb41) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: remove 3 patchesRobert Yang2015-04-303-107/+0
| | | | | | | | | | | | | | | Removed: - openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch - upgate-vegsion-script-for-1.0.2.patch Since they are already in the source. - make-targets.patch It removed test dir from DIRS, which is not needed any more since we need build it. (From OE-Core rev: 5fa533c69f92f2dd46c795509b0830b36413b814) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* crypto: use bigint in x86-64 perlArmin Kuster2015-04-151-0/+35
| | | | | | | | | | | | | | on some hosts openssl fails to build with this error: ghash-x86_64.s: Assembler messages: ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression backported fix from community. (From OE-Core rev: 8230f873921d5c16106e3ebf57053a646bc6ad78) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: 1.0.2 -> 1.0.2aRichard Purdie2015-03-251-18/+21
| | | | | | | | | | | Patch updated to drop TERMIO flags since these are the default on Linux anyway (see https://git.openssl.org/?p=openssl.git;a=commit;h=64e6bf64b36136d487e2fbf907f09612e69ae911) Also drop patch merged upstream. (From OE-Core rev: 6cc1315b77bbdcc8f3a0d1e3132ad79ebbeeb2de) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to 1.0.2Saul Wold2015-03-1015-458/+512
| | | | | | | | | | | | | Rebased numerous patches removed aarch64 initial work since it's part of upstream now Imported a few additional patches from Debian to support the version-script and blacklist additional bad certificates. (From OE-Core rev: 10b689033551c37d6cafa284d82bdccd43f6113e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1iPaul Eggleton2014-08-111-45/+0
| | | | | | | | | Removed one patch merged upstream. (From OE-Core rev: fc1d2b4ec7e7f5c5e2b3434bc8208967ead6f336) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptestsPaul Eggleton2014-06-101-0/+30
| | | | | | | | | | | | | | Add some missing dependencies and fix the Makefile in order to get most of the ptest tests working (specifically test_bn, test_verify, test_cms, test_srp and test_heartbeat). test_verify still fails for unknown reasons (perhaps some of the now expired certificates weren't meant to have expired as far as the test is concerned?) but at least it has the certificates to run now. (From OE-Core rev: c679ec81c19dd2b5e366b713801785ce0ba5b49a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1hPaul Eggleton2014-06-104-448/+45
| | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: * CVE-2014-0224 * CVE-2014-0221 * CVE-2014-0195 * CVE-2014-3470 The patch for CVE-2010-5298, CVE-2014-0198 and a fix for building the documentation are integrated upstream in this release and so were dropped. Additionally, a patch from upstream was added in order to fix a failure during do_compile_ptest_base. A similar upgrade was also submitted by Yao Xinpan <yaoxp@cn.fujitsu.com> and Lei Maohui <leimaohui@cn.fujitsu.com>. (From OE-Core rev: a3e80de6d423c272a287bf3538196b48ac5ddec1) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add openssl-CVE-2010-5298.patch SRC_URIRoy Li2014-05-291-0/+24
| | | | | | | | | | make openssl-CVE-2010-5298.patch truely work (From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update upstream status for a patchCristiana Voicu2014-05-081-0/+1
| | | | | | | | | | | The patch is not included in 1.0.1g, but it is included on 1.0.2 branch. (From OE-Core rev: f99ca886da274fafa212e354f9e4871eb7e59e87) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2014-0198Maxin B. John2014-05-081-0/+23
| | | | | | | | | | | | | | A null pointer dereference bug was discovered in do_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. https://access.redhat.com/security/cve/CVE-2014-0198 (From OE-Core rev: 580033721abbbb4302bc803ebc70c90e331e4587) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: enable ptest supportMaxin B. John2014-04-292-0/+77
| | | | | | | | | | Install openssl test suite and run it as ptest. (From OE-Core rev: c48981d2d24a20978a17866fa478dde21bd96b91) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to v1.0.1gCristiana Voicu2014-04-0823-0/+6029
The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-27 05:40:21 +0000