| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security update, some patches modified to apply correctly mostly due to
upstream changing indentation/styling
* configure-targets.patch updated
* fix-cipher-des-ede3-cfb1.patch updated
* openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated
* openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no
merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream
(From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d)
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This address the latest set of CVE issues
(From OE-Core rev: 461e598815f8749bb26e97369e3b877f7ce749cf)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5163eb2c3c492d3640aa0628c29f6b8d446a8261)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Conflicts:
meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
meta/recipes-connectivity/openssl/openssl_1.0.1i.bb
meta/recipes-connectivity/openssl/openssl_1.0.1j.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
(From OE-Core rev: 595f2fc7dd642d729ab61f20a6719a2cc6c80426)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: fd1d740437017d3ed75684768d6915041cdb0631)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 833920fadd58fe353d27f94f340e3a9f6923afb8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
(From OE-Core rev: d3d6eee3353fcce09e1d6b0181a0ea7b52b7a937)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 5bcb997663a6bd7a4d7395dcdb5e027d7f2bab81)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make openssl-CVE-2010-5298.patch truely work
(From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9)
(From OE-Core rev: 1bd77c28fdb51d1a0dad55c8d1af2991046c801d)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: e7aace7658fabe41839a3ec1b596bf28c6a4c02e)
(From OE-Core rev: 421e8aa969135097fcc2da0625ad74c1934297a2)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
(From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)
(From OE-Core rev: da3ba2886c27ce222f8c394e8fa56bbf8a128de6)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
(From OE-Core rev: 580033721abbbb4302bc803ebc70c90e331e4587)
(From OE-Core rev: c3f6cea0b8f1de1e2042087c26ebe42ff909c1ed)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
(From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a formatting fix, '=back' is required before
'=head1' on Ubuntu 12.04.
(From OE-Core rev: 362d20e04e64a7437d7f61761057c721066e805f)
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ocf-linux only provides header file and no kernel module is built. We
can't use ocf-linux without its implementation. And linux-yocto uses an
alternative project cryptodev-linux, so we remove ocf-linux and use
cryptodev-linux instead.
(From OE-Core rev: 45f1659f49edbceed0b75c0319880151161fdc8e)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ocf-linux only provides header files but no implementation in kernel.
And Yocto kernel linux-yocto use cryptodev-linux to implement
/dev/crypto interface. So replace dependency ocf-linux with
cryptodev-linux for openssl.
(From OE-Core rev: b36b15cddbe52e6770b96e06af2959cea0e2436f)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Yocto kernel linux-yocto uses cryptodev-linux to use device /dev/crypto.
So add cryptodev-linux which is one alternative of ocf-linux and then
remove ocf-linux later.
(From OE-Core rev: 6b6c24eccdb0030ecccadefe94c1c5b4387e46d1)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
(From OE-Core rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
(From OE-Core rev: 94352e694cd828aa84abd846149712535f48ab0f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
(From OE-Core rev: 35ccce7002188c8270d2fead35f9763b22776877)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
we need to map OS string correctly to include linux-uclibcspe
which is what we use with ppc+spe on uclibc, additionally move
gnuspe triplet mapping to same code as well
(From OE-Core rev: d9ee01e4043b8b321d7c374797492ef3c4c2e0de)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
(From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adding perl to the RDEPENDS caused a performance hit to the overall build time since this was
the only package that depended on perl. The openssl-misc package is not installed by default
so use a PACKAGECONFIG which can be overridden to allow the perl scripts along with perl to
be installed.
(From OE-Core rev: 421e927bd453259f4b3cdbd1676f6e12f97bf34f)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
c_rehash utility is not being installed with openssl.It conveniently
generates hash and symbolic links based on it for CA certificates
stored locally for SSL based server authentication
(From OE-Core rev: 3c2f9cf615c964e8303fd3e225ea7dd7b5485155)
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add the openssl-conf package to the list of packages to
be created. This package contains the openssl.cnf file
which is used by both the openssl executable in the
openssl package and the libcrypto library.
* This is to avoid messages like:
WARNING: can't open config file: /usr/lib/ssl/openssl.cnf
* When running "openssl req" to request and generate a certificate
the command will fail without the openssl.cnf file being
installed on the target system.
* Made this package an RRECOMMENDS for libcrypto since:
* libcrypto is a RDEPENDS for the openssl package
* Users can specify a configuration file at another
location so it is not stricly required and many
commands will work without it (with warnings)
(From OE-Core rev: 5c3ec044838e23539f9fe4cc74da4db2e5b59166)
Signed-off-by: Chase Maupin <Chase.Maupin@ti.com>
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables aes and sha1 assembly at buildtime. Openssl does a
runtime check to see which portion gets enabled.
'./Configure TABLE' gives the following:
*** linux-elf-arm
$cc =
$cflags = -DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = BN_LLONG DES_RISC1
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$modes_obj =
$engines_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** linux-armv4
$cc = gcc
$cflags = -DTERMIO -O3 -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
$cpuid_obj = armcap.o armv4cpuid.o
$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o
$des_obj =
$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o
$bf_obj =
$md5_obj =
$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$modes_obj = ghash-armv4.o
$engines_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
Build tested on armv7a/angstrom and armv8/distroless, runtime tested on armv7a/angstrom.
'openssl speed' results:
Algo blocksize ops/s after
ops/s before difference
-------------------------------------------
MD5 16 308,766 264,664 -14.28%
64 277,090 263,340 -4.96%
256 212,652 197,043 -7.34%
1024 103,604 100,157 -3.33%
8192 17,936 17,796 -0.78%
sha1 16 290,011 385,098 32.79%
64 234,939 302,788 28.88%
256 144,831 177,028 22.23%
1024 57,043 67,374 18.11%
8192 8,586 9,932 15.68%
sha256 16 290,443 605,747 108.56%
64 178,010 370,598 108.19%
256 82,107 168,770 105.55%
1024 26,064 53,068 103.61%
8192 3,550 7,211 103.10%
sha512 16 59,618 259,354 335.03%
64 59,616 258,265 333.22%
256 21,727 98,057 351.31%
1024 7,449 34,304 360.49%
8192 1,047 4,842 362.63%
des cbc 16 964,682 1,124,459 16.56%
64 260,188 298,910 14.88%
256 65,945 76,273 15.66%
1024 16,570 19,110 15.33%
8192 2,082 2,398 15.17%
des ede3 16 370,442 429,906 16.05%
64 95,429 110,147 15.42%
256 23,928 27,808 16.21%
1024 5,993 6,960 16.13%
8192 752 868 15.36%
aes128 16 1,712,050 2,301,100 34.41%
64 466,491 651,155 39.59%
256 120,181 168,953 40.58%
1024 30,177 42,792 41.80%
8192 3,791 5,361 41.41%
aes192 16 1,472,560 1,964,900 33.43%
64 400,087 544,971 36.21%
256 103,245 141,062 36.63%
1024 25,902 35,389 36.63%
8192 3,256 4,451 36.67%
eas256 16 1,330,524 1,772,143 33.19%
64 355,025 486,221 36.95%
256 90,663 125,281 38.18%
1024 22,725 31,484 38.54%
8192 2,837 3,952 39.31%
rsa 2048bit 15 25 69.94%
public 547 832 52.00%
dsa 2048bit 55 86 54.26%
verify 47 73 53.33%
(From OE-Core rev: 8f29346a755d0a7690be9374cce6c88076541a3f)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update configure-targets.patch:
- drop linux-aarch64 configuration
Update do_configure():
- add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be
- use linux-generic64 target in above case
Backport initial-aarch64-bits.patch:
- first order optimizations for Aarch64
(From OE-Core rev: 3252110ee5c8272a1f09563f2a794cac545e29d5)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are three potential NULL pointer dereference in
EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode()
functions.
Fix them by adding proper null pointer check.
[YOCTO #4600]
[ CQID: WIND00373257 ]
(From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021)
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
opensslconf.h conflicts between 32-bit and 64-bit versions.
(From OE-Core rev: 9b1ba604793015aad15c442f590464d0c224794c)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add patch file for one of the ciphers used in openssl, namely the cipher
des-ede3-cfb1. Details of the bug, without this patch, can be found here.
http://rt.openssl.org/Ticket/Display.html?id=2867
(From OE-Core rev: ed61c28b9af2f11f46488332b80752b734a3cdeb)
Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8792b7fb4ef8d66336d52de7e81efbb818e16b08)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise you get errors like:
| ../libcrypto.so: file not recognized: File truncated
| collect2: error: ld returned 1 exit status
| make[2]: *** [link_o.gnu] Error 1
(From OE-Core rev: 61c21a0f7a2041446a82b76ee3658fda5dfbff1d)
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
do_patch failed after upgrading to openssl-1.0.1e. Log:
| ERROR: Command Error: exit status: 1 Output:
| Applying patch man-section.patch
| patching file Makefile.org
| Hunk #1 succeeded at 160 (offset 26 lines).
| Hunk #2 succeeded at 626 (offset 19 lines).
| misordered hunks! output would be garbled
| Hunk #3 FAILED at 633.
| 1 out of 3 hunks FAILED -- rejects in file Makefile.org
| Patch man-section.patch does not apply (enforce with -f)
| ERROR: Function failed: patch_do_patch
| ERROR: Logfile of failure stored in:temp/log.do_patch.14679
| ERROR: Task 646 (virtual:native:openssl_1.0.1e.bb, do_patch) failed with exit code '1'
Change-Id: Ib63031fdbd09443e387ee57efa70381e0aca382c
(From OE-Core rev: ded738b945b6af6c73a1c5f1b4cd5ad1b6ac06c0)
Signed-off-by: Ting Liu <b28495@freescale.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dropped obolete patches and pulled updates for debian patches.
Addresses CVEs:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2686
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169
[YOCTO #3965]
(From OE-Core rev: 0470edd01c0aebaa78db137e365a7e22bfb199e9)
Signed-off-by: Radu Moisan <radu.moisan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is no reason to disable exec-stack only for -native builds;
binaries on the target will suffer from the same SELinux ACLs.
OpenSSL does not use executable stack so this option can be disabled
unconditionally.
(From OE-Core rev: 9c32b62d6494139daf4bab3279779c392fead116)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
There are various usages of ALLOW_EMPTY with no packages specified. This
is not recommended syntax, nor is it likely to be supported in the future.
This patch improves the references in OE-Core, either removing them if they're
pointless (e.g. when PACKAGES="") or specifying which package it applies to.
(From OE-Core rev: fe81bd4f600877e63433184cfc2e22c33bb77db6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add mips64 configure support but assume mips(32) userspace.
(From OE-Core rev: 7d775b071b902ee0de6391b2c30d36e3003643e1)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
README changes to update the CHKSUM
ocf directory is now in main tarball so no need to untar now.
(From OE-Core rev: 445fba6ef2d1ae10e80d73b09fa0d9a0f2a09715)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
[YOCTO #3297]
(From OE-Core rev: 37429a94133c0d0bfae71d1d4329aee6dd5eb98b)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The latter variable is only applicable for target builds and could
result in passing incompatible options (and/or failing to pass
required options) to ${BUILD_CC} for a virtclass-native build.
(From OE-Core rev: 0e90a303bc5cb0ede21ff4346843f9daeddfff45)
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 490b12126aff7e8e59569ebb471ce04ba4962b7c)
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Addresses CVE-2012-2333
Fixes [YOCTO #2682]
(From OE-Core rev: 57f45fca7b8e1c0cf98d295bc0fd8839799dfa86)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
perlpath.pl
* openembedded-core/meta/recipes-connectivity/openssl/openssl.inc
*
* is using perlpath.pl:
*
* do_configure () {
* cd util
* perl perlpath.pl ${STAGING_BINDIR_NATIVE}
* ...
*
* and perlpath.pl is using find.pl:
* openssl-1.0.0i/util/perlpath.pl:
* #!/usr/local/bin/perl
* #
* # modify the '#!/usr/local/bin/perl'
* # line in all scripts that rely on perl.
* #
*
* require "find.pl";
* ...
*
* which was removed in perl-5.16.0 and marked as deprecated and
* unmaintained in 5.14 and older:
* /tmp/usr/lib/perl5/5.14.2/find.pl:
* warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl
* core distribution in the next major release. Please install it from the
* CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]},
* line @{[(caller)[2]]}.\n";
*
* # This library is deprecated and unmaintained. It is included for
* # compatibility with Perl 4 scripts which may use it, but it will be
* # removed in a future version of Perl. Please use the File::Find module
* # instead.
(From OE-Core rev: c09bf5d177a7ecd2045ef7e13fff4528137a9775)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: b2f89bd7bf3ae86b7db8cbef4b103d61cb68a218)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Restore INC_PR to r15 to prevent breakage with out of tree openssl
recipes (e.g, meta-oe).
(From OE-Core rev: 370b186b7c39897b868a5e3798a11a285277f145)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Addresses CVE-2012-2110
Fixes bug [YOCTO #2368]
(From OE-Core rev: 88d17caf6d0eb241f54b1af1704405d5f47eadc5)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Removed pkg-config.patch, which was incorporated upstream.
Addresses CVE-2012-0884.
Fixes bug [YOCTO #2139].
(From OE-Core rev: 50d99fc8c5a158c7f3ce3e72377827f53406d88f)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fix is for dhclient. It needs libcrypto at runtime and if
libcrypto is in libdir, it's path can be inaccessible on systems
where /usr is on nfs for example or dhclient is needed before
/usr is mounted.
(From OE-Core rev: 01ea85f7f6c53c66c76d6f832518b28bf06ec072)
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
[Fix comment to from /usr -> /lib - sgw]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Now that Openssl 1.0.0 has been out for a while, there is no need to
keep multiple versions.
(From OE-Core rev: 6017251a1de93ff3d509a040a220e30d0ee9cd5e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: d58903b22aa879484a5eaa01efad5c031ea485fa)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
