summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
Commit message (Collapse)AuthorAgeFilesLines
* openssl-native: Compile with -fPICKhem Raj2017-08-291-0/+1
| | | | | | | | | | | | | | Fixes | /usr/bin/ld: libcrypto.a(sha1-x86_64.o): relocation R_X86_64_PC32 against undefined symbol `OPENSSL_ia32cap_P' can not be used when making a shared object; recompile with -fPIC | /usr/bin/ld: final link failed: Bad value (From OE-Core rev: 9e6a0da06aa832fbce06326622744b2a5ab9c091) Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0a19e72081771fca8ed94fb2a2a8996fd3dce00c) Signed-off-by: Mirza Krak <mirza.krak@endian.se> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: CVE: CVE-2017-3731Alexandru Moise2017-02-081-0/+2
| | | | | | | | | | | | | | | | | | | | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Backported from: https://github.com/openssl/openssl/commit/8e20499629b6bcf868d0072c7011e590b5c2294d https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23edb0586afe13f438051 * CVE: CVE-2017-3731 Upstream-status: Backport (From OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70) Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-7055Yi Zhao2017-01-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. External References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055 https://www.openssl.org/news/secadv/20161110.txt Patch from: https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a (From OE-Core rev: 07cfa9e2bceb07f3baf40681f8c57f4d3da0aee5) (From OE-Core rev: 090c2ff292a4d92142c3f33c7517be69d9c16c24) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.0.2i -> 1.0.2jRichard Purdie2016-09-281-0/+58
Deals with a CVE issue Drops a patch applied upstream and no longer needed. (From OE-Core rev: ee590ac736ca2a378605fa1272a1c57a1dbc7a57) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-21 21:31:47 +0000