summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl
Commit message (Collapse)AuthorAgeFilesLines
* Revert "openssl: prevent ABI break from earlier krogoth releases"Armin Kuster2016-07-061-22/+9
| | | | | | | | | | | This patch should not have been back ported. This reverts commit 18b0a78f439ce26ea475537cc20ebbc1d091920c. (From OE-Core rev: 08f85da10b3a7fc6165f163fd0f23784a2c9c8e4) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: prevent ABI break from earlier krogoth releasesJoshua Lock2016-06-291-9/+22
| | | | | | | | | | | | | | | | | | | The backported upgrade to 1.0.2h included an updated GNU LD version-script which results in an ABI change. In order to try and respect ABI for existing binaries built against fido this commit partially reverts the version-script to maintain the existing ABI and instead only add the new symbols required by 1.0.2h. Suggested-by: Martin Jansa <martin.jansa@gmail.com> (From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f) (From OE-Core rev: 4d1cb0646eafca44fae5321f48c6114a32fbf164) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix via update to 1.0.2hArmin Kuster2016-05-172-11/+9
| | | | | | | | | | | | | | | | | | | | | | | CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 https://www.openssl.org/news/secadv/20160503.txt fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. (From OE-Core rev: c693f34f54257a8eca9fe8c5a9eee5647b7eeb0c) (From OE-Core rev: 73daaa207754e48efef59b516ad5601129cf4bac) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: minor packaging cleanupAndre McCurdy2016-04-091-2/+1
| | | | | | | | | | | | | | | | | | | | | libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving libcrypto from libdir -> base_libdir to support dhclient [1]. However, the line has been unnecessary since ${base_libdir}/lib*.so files started to be included in FILES_${PN}-dev by default [2] (and it's still unnecessary now, after moving libcrypto from back to libdir to support ntp [3]). [1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072 [2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a [3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc Also define FILES_libssl using SOLIBS instead of a hardcoded pattern. (From OE-Core rev: 3f81b516e2f23683ce6129bb79bcc08263cb7fe1) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: don't move libcrypto to base_libdirChen Qi2016-03-201-9/+2
| | | | | | | | | | | | | | For now, if 'openssl' is enabled for ntp, ntp would still be built without openssl & libcrypto. This is because that ntp thinks openssl and libcrypto locates under the same directory. This patch removes the codes of moving libcrypto to base_libdir. (From OE-Core rev: 0be2ab32f690a2fcba0e821abe11460958bbc6dc) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add a patch to fix parallel buildsRoss Burton2016-03-072-0/+327
| | | | | | | | | | Apply a patch taken from Gentoo to hopefully fix the remaining parallel make races. (From OE-Core rev: 3d806d59a4c5e8ff35c7e7c5a3a6ef85e2b4b259) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix Drown via 1.0.2g updateArmin Kuster2016-03-033-11/+4668
| | | | | | | | | | | | | | | | | | | | CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g (From OE-Core rev: 7933fbbc6372ec8edaec82dd5c7b44fa2d15a4d5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: drop obsolete mtx-1 and mtx-2 over-ridesAndre McCurdy2016-02-061-4/+0
| | | | | | | | | | Machine specific over-rides for mtx-1 (aka MeshCube) and mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core. (From OE-Core rev: cf0b94629d135b2fa211fae89f48e00469974279) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Explicitly set EXTRA_OEMAKE as requiredMike Crowe2016-02-041-0/+1
| | | | | | | | | | | The openssl recipe currently relies on EXTRA_OEMAKE having been set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. (From OE-Core rev: a384ab5cb4701fd1c1475bca4449def66b42c799) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.0.2e -> 1.0.2f ( CVE-2016-0701 CVE-2015-3197 )Andre McCurdy2016-01-301-3/+3
| | | | | | | | | | | | | | | Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Updated LICENSE hash due to change in copyright year. (From OE-Core rev: b451e3efc79d29c39c85f7da2dc75becf3fdf5a2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: rename perl-native-runtimeEd Bartosh2016-01-111-1/+1
| | | | | | | | | | | | | | | | The code in native.bbclass adds -native suffix to the package names that don't have it. perl-native-runtime becomes perl-native-runtime-native because of this. Renamed perl-native-runtime -> hostperl-runtime-native to avoid mangling it and to conform with the naming convetion for native packages. (From OE-Core rev: f4dade8e765a8c7bfd131728b9e0a34631e24950) Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: more removals of redunant FILES_${PN}-dbgRoss Burton2015-12-161-6/+1
| | | | | | | | | | In some recipes overly-split -dbg packages were merged into PN-dbg. Unless there's a very good reason, recipes should have a single -dev and -dbg package. (From OE-Core rev: a3b000643898d7402b9e57c02e8d10e677cc9722) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add musl configuration supportKhem Raj2015-12-123-1/+31
| | | | | | | | | | use termios instead of termio (From OE-Core rev: 753b6233e5da66d9e64952b8089589a1beebf8a9) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.0.2eAlexander Kanavin2015-12-121-2/+2
| | | | | | | | | | | [YOCTO #8765] [YOCTO #8758] (From OE-Core rev: 2dbc06d880cc2e764fb2970de37ea5206b080445) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: enable parallel makeRoss Burton2015-12-011-3/+0
| | | | | | | | | | | | openssl 1.0.2d fixes the parallel make problems (commit 8e6bb99), so enable parallel make again. [ YOCTO #7347 ] (From OE-Core rev: ea89857f17a374b6095371ebe2422d2e83735cee) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptest issuesWenzong Fan2015-11-251-4/+10
| | | | | | | | | | | | | | | | * follow symbolic links while copying sources from test/* * install required target files to remove Make errors: make[2]: *** No rule to make target 'xxx', needed by 'yyy'. * fix hardcode pathes: /usr/lib -> ${libdir}, /usr/bin -> ${bindir} (From OE-Core rev: 928adfc807d3c812fcd748e2cf65f392eebd852c) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: use subdir= instead of moving files in do_configure_prepend()Ross Burton2015-11-251-7/+3
| | | | | | | | | | | | | For clarity and correctness of source archiving, don't move find.pl from WORKDIR to S in do_configure_prepend but tell the fetcher to put it in the right place when unpacking. Also re-order the files in SRC_URI so that patches are grouped together. (From OE-Core rev: a960b6024f1b17994b0f4683a4e70fd2a079bd90) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: sanity check that the bignum module is presentRoss Burton2015-11-251-0/+10
| | | | | | | | | | | | | | | | | The crypto_use_bigint_in_x86-64_perl patch uses the "bigint" module to transparently support 64-bit integers on 32-bit hosts. Whilst bigint (part of bignum) is a core Perl module not all distributions install it (notable Fedora 23). As the error message when bignum isn't installed is obscure, add a task to check that it is available and alert the user if it isn't. [ YOCTO #8562 ] (From OE-Core rev: 2f9a2fbc46aa435a0a7f7662bb62029ac714f25a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix typos in Upstream-Status labelsPaul Eggleton2015-11-161-1/+1
| | | | | | | | | | | We need these to be consistent so they are possible to programmatically read. (From OE-Core rev: c64fdfd27103a4962c74c88f4ef7940cda6832eb) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix mips64 configure supportWenzong Fan2015-11-161-1/+1
| | | | | | | | | | | Match target name linux-mips64 as well, all mips64 targets will have mips(32) userspace. (From OE-Core rev: 245113ca1075bc3f0c47952e80b437229f855080) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptest failuresMaxin B. John2015-10-012-0/+249
| | | | | | | | | | | | | Remove dependencies for test targets. Otherwise, during ptest execution, "make" tries to rebuild those executables and fails there. [YOCTO #8059] (From OE-Core rev: 0efdd2236ec7f16f99847c6c372f372f81c56869) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add mapping for nios2Marek Vasut2015-09-281-1/+1
| | | | | | | | | | Map nios2 architecture to linux-generic32 target. (From OE-Core rev: f601a0df106fb1da188a4b1f1155d85fad4627bb) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.2dJan Wetter2015-07-102-38/+2
| | | | | | | | | | This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. (From OE-Core rev: 631632addbc81b06b7accfca8f8a9871d6b09111) Signed-off-by: Jan Wetter <jan.wetter@mikrom.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.2cRoy Li2015-07-013-46/+11
| | | | | | | | | | | upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176 remove a backport patch update the c_rehash-compat.patch (From OE-Core rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix building on x32 systemsCristian Iorga2015-06-232-0/+47
| | | | | | | | | | | | | Fix build on Fedora 21 i686. When building on x32 systems where the default type is 32bit, make sure that 64bit integers can be represented transparently. (From OE-Core rev: cd3eddcf2842b9a360f72caf4337ab2968462bb2) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Backport upstreamed version of patch to fix build on mips64Khem Raj2015-05-303-54/+31
| | | | | | | | | | Previous patch had a concern as well and this is a direct backport of the patch fixing the problem. (From OE-Core rev: 3d48bb6d2d65d0837dcacc262633a55053652e5f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix build with gcc5 on mips64Khem Raj2015-05-242-0/+54
| | | | | | | | | Patch is submitted upstream as well (From OE-Core rev: 40016c7c19abdbdae4fcd86fab9672631f26712b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: drop the padlock_conf.patchRoy Li2015-05-242-32/+0
| | | | | | | | | | | | padlock_conf.patch will enable the padlock engine by default, but this engine does not work on some 32bit machine, and lead to openssl unable to work (From OE-Core rev: f7d186abca6ed9b48ae7393b8f244e1bfb46cb41) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl/orc: virtclass-native -> class-nativeRobert Yang2015-05-141-1/+1
| | | | | | | | | The virtclass-native is out of date. (From OE-Core rev: ed51b382928ee5f14d524e08a00a0c8931c491c5) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: remove 3 patchesRobert Yang2015-04-303-107/+0
| | | | | | | | | | | | | | | Removed: - openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch - upgate-vegsion-script-for-1.0.2.patch Since they are already in the source. - make-targets.patch It removed test dir from DIRS, which is not needed any more since we need build it. (From OE-Core rev: 5fa533c69f92f2dd46c795509b0830b36413b814) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* crypto: use bigint in x86-64 perlArmin Kuster2015-04-152-0/+36
| | | | | | | | | | | | | | on some hosts openssl fails to build with this error: ghash-x86_64.s: Assembler messages: ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression backported fix from community. (From OE-Core rev: 8230f873921d5c16106e3ebf57053a646bc6ad78) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: 1.0.2 -> 1.0.2aRichard Purdie2015-03-252-21/+23
| | | | | | | | | | | Patch updated to drop TERMIO flags since these are the default on Linux anyway (see https://git.openssl.org/?p=openssl.git;a=commit;h=64e6bf64b36136d487e2fbf907f09612e69ae911) Also drop patch merged upstream. (From OE-Core rev: 6cc1315b77bbdcc8f3a0d1e3132ad79ebbeeb2de) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to 1.0.2Saul Wold2015-03-1016-467/+522
| | | | | | | | | | | | | Rebased numerous patches removed aarch64 initial work since it's part of upstream now Imported a few additional patches from Debian to support the version-script and blacklist additional bad certificates. (From OE-Core rev: 10b689033551c37d6cafa284d82bdccd43f6113e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "openssl: fix and enable parallel build"Richard Purdie2015-02-231-0/+3
| | | | | | | | | | This reverts commit 7502fa5febdd7a2281d626f7040782fb1f9af59e. We keep seeing parallel make failures in openssl :( (From OE-Core rev: 9afc85a7be203c5a0eac1977e777a24504cb3088) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: disable SSLv3 by defaultBrendan Le Foll2015-02-191-0/+4
| | | | | | | | | | Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable SSLv3 even if patched with the TLS_FALLBACK_SCSV (From OE-Core rev: 4e691d06ffdb4d1fd940996f419308fe53454df7) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1kMaxin B. John2015-02-151-2/+2
| | | | | | | | | | Upgrade includes 8 CVE bug fixes (From OE-Core rev: 5dc197f0b2a088d8a88480da0afc886c745f551b) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix and enable parallel buildRobert Yang2015-02-152-3/+3
| | | | | | | | | | | | | Fixed: Cannot create directory image/usr: File exists make: *** [install_sw] Error 17 Create /usr to avoid race issues. (From OE-Core rev: a831cbe6cce67396148b41d56cbc12f99a972bd1) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add mapping for microblaze architectureNathan Rossi2015-02-151-0/+3
| | | | | | | | | | Map the microblaze architecture to the linux-generic32 target. (From OE-Core rev: 7ea1979f687777bcafec393b6ab126ec11017074) Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix hard paths in native opensslAndré Draszik2015-01-071-1/+8
| | | | | | | | | | | | | | | | This causes the package to not be relocateable from sstate The OpenSSL binaries respect a few environment variables for determining locations of files, so we now use these to point the binaries to the relocated locations. [YOCTO #6827] (From OE-Core rev: 771d3123331fbfab1eb9ce47e3013eabcb2248f5) Signed-off-by: André Draszik <adraszik@digisoft.tv> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1jRoss Burton2014-10-181-2/+2
| | | | | | | (From OE-Core rev: 390916b8400a46088c71183aef6e17b947cf4b74) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Re-add linux-uclibc tupleKhem Raj2014-08-271-0/+1
| | | | | | | | | | | With last restructuring for musl, some of uclibc targets got ignored fsl/ppc and ARM worked ok since they use special target triplets which were already considered but other like mips, x86 and so on failed (From OE-Core rev: 63ab0ce2103bcf3a42ce5812a22409779126e114) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add DEPENDS on openssl-native for rehashJackie Huang2014-08-231-0/+5
| | | | | | | | | | | | | | | | | 'make rehash' used the compiled openssl to get hash value for files, it always failed when cross compiling: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/shlib_wrap.sh: line 96: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/../apps/openssl: cannot execute binary file so add DEPENDS on openssl-native for target package and use it instead of the one compiled from target package. (From OE-Core rev: 9705586b6eca157e8f8fd6071f489a49bf1db181) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Repace if-else with case and add musl tripletKhem Raj2014-08-161-10/+10
| | | | | | | | | Simplifies the code and adds knowlwdge about musl targets (From OE-Core rev: 106305227003761c3fc562c21bb859a5256f2b36) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1iPaul Eggleton2014-08-112-48/+2
| | | | | | | | | Removed one patch merged upstream. (From OE-Core rev: fc1d2b4ec7e7f5c5e2b3434bc8208967ead6f336) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptestsPaul Eggleton2014-06-103-1/+33
| | | | | | | | | | | | | | Add some missing dependencies and fix the Makefile in order to get most of the ptest tests working (specifically test_bn, test_verify, test_cms, test_srp and test_heartbeat). test_verify still fails for unknown reasons (perhaps some of the now expired certificates weren't meant to have expired as far as the test is concerned?) but at least it has the certificates to run now. (From OE-Core rev: c679ec81c19dd2b5e366b713801785ce0ba5b49a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1hPaul Eggleton2014-06-105-453/+48
| | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: * CVE-2014-0224 * CVE-2014-0221 * CVE-2014-0195 * CVE-2014-3470 The patch for CVE-2010-5298, CVE-2014-0198 and a fix for building the documentation are integrated upstream in this release and so were dropped. Additionally, a patch from upstream was added in order to fix a failure during do_compile_ptest_base. A similar upgrade was also submitted by Yao Xinpan <yaoxp@cn.fujitsu.com> and Lei Maohui <leimaohui@cn.fujitsu.com>. (From OE-Core rev: a3e80de6d423c272a287bf3538196b48ac5ddec1) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add openssl-CVE-2010-5298.patch SRC_URIRoy Li2014-05-292-0/+1
| | | | | | | | | | make openssl-CVE-2010-5298.patch truely work (From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2010-5298Yue Tao2014-05-211-0/+24
| | | | | | | | | | | | | | | | | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update upstream status for a patchCristiana Voicu2014-05-081-0/+1
| | | | | | | | | | | The patch is not included in 1.0.1g, but it is included on 1.0.2 branch. (From OE-Core rev: f99ca886da274fafa212e354f9e4871eb7e59e87) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2014-0198Maxin B. John2014-05-082-0/+24
| | | | | | | | | | | | | | A null pointer dereference bug was discovered in do_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. https://access.redhat.com/security/cve/CVE-2014-0198 (From OE-Core rev: 580033721abbbb4302bc803ebc70c90e331e4587) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-18 18:04:56 +0000