| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: df7e4fdba42e9fcb799e812f6706bd56967858d9)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: 963c69e1e8e9cefccccb59619cb07ee31f07ffa1)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: bf3918d613b6b2a9707af1eb3c253d23f84d09a3)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: c3d4cc8e452b29d4ca620b5c93d22a88c5aa1f03)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: ed8bed3bf2d2460ff93bdaa255091e0d388a8209)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
affects openssl <= 1.0.2h
CVSS v2 Base Score: 2.1 LOW
(From OE-Core rev: 82fe0e8c98244794531f0e24ceb93953fe68dda5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 5b3df0c5e8885ea34f66b41fcf209a9960fbbf5e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Affects openssl <= 1.0.2h
CVSS v2 Base Score: 7.5 HIGH
(From OE-Core rev: 5781eb9a6e6bf8984b090a488d2a326bf9fafcf8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 2848c7d3e454cbc84cba9183f23ccdf3e9200ec9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make
races.
(From OE-Core rev: 7ab2f49107cf491d602880205a3ea1222cb5e616)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d806d59a4c5e8ff35c7e7c5a3a6ef85e2b4b259)
Minor fixup to get patch to apply to jethro
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The backported upgrade to 1.0.2h included an updated GNU LD
version-script which results in an ABI change. In order to try and
respect ABI for existing binaries built against fido this commit
partially reverts the version-script to maintain the existing ABI
and instead only add the new symbols required by 1.0.2h.
Suggested-by: Martin Jansa <martin.jansa@gmail.com>
(From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f)
(From OE-Core rev: 528541845df34843c14be5de62e9f53004d292ac)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVEs:
- CVE-2016-0705
- CVE-2016-0798
- CVE-2016-0797
- CVE-2016-0799
- CVE-2016-0702
- CVE-2016-0703
- CVE-2016-0704
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
* The LICENSE's checksum is changed because of date changes (2011 ->
2016), the contents are the same.
* Remove backport patches
- 0001-Add-test-for-CVE-2015-3194.patch
- CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
- CVE-2015-3194-1-Add-PSS-parameter-check.patch
- CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
- CVE-2015-3197.patch
- CVE-2016-0701_1.patch
- CVE-2016-0701_2.patch
- CVE-2016-0800.patch
- CVE-2016-0800_2.patch
- CVE-2016-0800_3.patch
* Update crypto_use_bigint_in_x86-64_perl.patch
* Add version-script.patch and update block_diginotar.patch (From master branch)
* Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
(From Armin)
(From OE-Core rev: bca156013af0a98cb18d8156626b9acc8f9883e3)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://www.openssl.org/news/secadv/20160301.txt
(From OE-Core rev: c99ed6b73f397906475c09323b03b53deb83de55)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Not required for master, an update to 1.0.2g has been submitted.
Backport to fido is required.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2016-0701 OpenSSL: DH small subgroups
(From OE-Core rev: c5868a7cd0a28c5800dfa4be1c9d98d3de08cd12)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers
(From OE-Core rev: b387d9b8dff8e2c572ca14f9628ab8298347fd4f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 85841412db0b1e22c53e62a839d03f7672b07b64)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: ce9f78296101772655809036e21009acec78da24)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 4d9006b1217ee7e97108f36db19aebd93e1d9850)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove dependencies for test targets. Otherwise, during ptest
execution, "make" tries to rebuild those executables and fails
there.
[YOCTO #8059]
(From OE-Core rev: 0efdd2236ec7f16f99847c6c372f372f81c56869)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This upgrade fixes CVE-2015-1793
Removed openssl-fix-link.patch. The linking issue has been fixed in openssl.
(From OE-Core rev: 631632addbc81b06b7accfca8f8a9871d6b09111)
Signed-off-by: Jan Wetter <jan.wetter@mikrom.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176
remove a backport patch
update the c_rehash-compat.patch
(From OE-Core rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix build on Fedora 21 i686.
When building on x32 systems where the default type is 32bit,
make sure that 64bit integers can be represented transparently.
(From OE-Core rev: cd3eddcf2842b9a360f72caf4337ab2968462bb2)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Previous patch had a concern as well and this is a direct backport of
the patch fixing the problem.
(From OE-Core rev: 3d48bb6d2d65d0837dcacc262633a55053652e5f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Patch is submitted upstream as well
(From OE-Core rev: 40016c7c19abdbdae4fcd86fab9672631f26712b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
padlock_conf.patch will enable the padlock engine by default,
but this engine does not work on some 32bit machine, and lead
to openssl unable to work
(From OE-Core rev: f7d186abca6ed9b48ae7393b8f244e1bfb46cb41)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed:
- openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
- upgate-vegsion-script-for-1.0.2.patch
Since they are already in the source.
- make-targets.patch
It removed test dir from DIRS, which is not needed any more since we
need build it.
(From OE-Core rev: 5fa533c69f92f2dd46c795509b0830b36413b814)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
on some hosts openssl fails to build with this error:
ghash-x86_64.s: Assembler messages:
ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
backported fix from community.
(From OE-Core rev: 8230f873921d5c16106e3ebf57053a646bc6ad78)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Patch updated to drop TERMIO flags since these are the default on
Linux anyway (see https://git.openssl.org/?p=openssl.git;a=commit;h=64e6bf64b36136d487e2fbf907f09612e69ae911)
Also drop patch merged upstream.
(From OE-Core rev: 6cc1315b77bbdcc8f3a0d1e3132ad79ebbeeb2de)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
(From OE-Core rev: 10b689033551c37d6cafa284d82bdccd43f6113e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Removed one patch merged upstream.
(From OE-Core rev: fc1d2b4ec7e7f5c5e2b3434bc8208967ead6f336)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add some missing dependencies and fix the Makefile in order to get most
of the ptest tests working (specifically test_bn, test_verify, test_cms,
test_srp and test_heartbeat). test_verify still fails for unknown
reasons (perhaps some of the now expired certificates weren't meant to
have expired as far as the test is concerned?) but at least it has the
certificates to run now.
(From OE-Core rev: c679ec81c19dd2b5e366b713801785ce0ba5b49a)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security issues:
* CVE-2014-0224
* CVE-2014-0221
* CVE-2014-0195
* CVE-2014-3470
The patch for CVE-2010-5298, CVE-2014-0198 and a fix for building the
documentation are integrated upstream in this release and so were
dropped. Additionally, a patch from upstream was added in order to
fix a failure during do_compile_ptest_base.
A similar upgrade was also submitted by Yao Xinpan <yaoxp@cn.fujitsu.com>
and Lei Maohui <leimaohui@cn.fujitsu.com>.
(From OE-Core rev: a3e80de6d423c272a287bf3538196b48ac5ddec1)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
make openssl-CVE-2010-5298.patch truely work
(From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The patch is not included in 1.0.1g, but it is included on 1.0.2
branch.
(From OE-Core rev: f99ca886da274fafa212e354f9e4871eb7e59e87)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
(From OE-Core rev: 580033721abbbb4302bc803ebc70c90e331e4587)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Install openssl test suite and run it as ptest.
(From OE-Core rev: c48981d2d24a20978a17866fa478dde21bd96b91)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
(From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
