| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
(From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a formatting fix, '=back' is required before
'=head1' on Ubuntu 12.04.
(From OE-Core rev: 362d20e04e64a7437d7f61761057c721066e805f)
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ocf-linux only provides header files but no implementation in kernel.
And Yocto kernel linux-yocto use cryptodev-linux to implement
/dev/crypto interface. So replace dependency ocf-linux with
cryptodev-linux for openssl.
(From OE-Core rev: b36b15cddbe52e6770b96e06af2959cea0e2436f)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
(From OE-Core rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
(From OE-Core rev: 94352e694cd828aa84abd846149712535f48ab0f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
(From OE-Core rev: 35ccce7002188c8270d2fead35f9763b22776877)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update configure-targets.patch:
- drop linux-aarch64 configuration
Update do_configure():
- add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be
- use linux-generic64 target in above case
Backport initial-aarch64-bits.patch:
- first order optimizations for Aarch64
(From OE-Core rev: 3252110ee5c8272a1f09563f2a794cac545e29d5)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are three potential NULL pointer dereference in
EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode()
functions.
Fix them by adding proper null pointer check.
[YOCTO #4600]
[ CQID: WIND00373257 ]
(From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021)
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add patch file for one of the ciphers used in openssl, namely the cipher
des-ede3-cfb1. Details of the bug, without this patch, can be found here.
http://rt.openssl.org/Ticket/Display.html?id=2867
(From OE-Core rev: ed61c28b9af2f11f46488332b80752b734a3cdeb)
Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8792b7fb4ef8d66336d52de7e81efbb818e16b08)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise you get errors like:
| ../libcrypto.so: file not recognized: File truncated
| collect2: error: ld returned 1 exit status
| make[2]: *** [link_o.gnu] Error 1
(From OE-Core rev: 61c21a0f7a2041446a82b76ee3658fda5dfbff1d)
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
Dropped obolete patches and pulled updates for debian patches.
Addresses CVEs:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2686
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169
[YOCTO #3965]
(From OE-Core rev: 0470edd01c0aebaa78db137e365a7e22bfb199e9)
Signed-off-by: Radu Moisan <radu.moisan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
