From 96dde9513c08430e12f4f1f6e6e54ca2a244bfcd Mon Sep 17 00:00:00 2001
From: Scott Garman <scott.a.garman@intel.com>
Date: Mon, 19 Mar 2012 23:11:25 -0700
Subject: openssl: upgrade to 1.0.0.h

Removed pkg-config.patch, which was incorporated upstream.

Addresses CVE-2012-0884.

Fixes bug [YOCTO #2139].

(From OE-Core rev: 50d99fc8c5a158c7f3ce3e72377827f53406d88f)

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../openssl-1.0.0h/openssl_fix_for_x32.patch       | 90 ++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch

(limited to 'meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch')

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch
new file mode 100644
index 0000000000..3191ce9632
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch
@@ -0,0 +1,90 @@
+Upstream-Status: Pending
+
+Received from H J Liu @ Intel
+Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+
+ported the patch to the 1.0.0e version
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Index: openssl-1.0.0e/Configure
+===================================================================
+--- openssl-1.0.0e.orig/Configure
++++ openssl-1.0.0e/Configure
+@@ -393,6 +393,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+ "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
+===================================================================
+--- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+  *    machine.
+  */
+ 
+-#ifdef _WIN64
++#if defined _WIN64 || !defined __LP64__
+ #define BN_ULONG unsigned long long
+ #else
+ #define BN_ULONG unsigned long
+@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
+ 	asm (
+ 	"	subq	%2,%2		\n"
+ 	".p2align 4			\n"
+-	"1:	movq	(%4,%2,8),%0	\n"
+-	"	adcq	(%5,%2,8),%0	\n"
+-	"	movq	%0,(%3,%2,8)	\n"
++	"1:	movq	(%q4,%2,8),%0	\n"
++	"	adcq	(%q5,%2,8),%0	\n"
++	"	movq	%0,(%q3,%2,8)	\n"
+ 	"	leaq	1(%2),%2	\n"
+ 	"	loop	1b		\n"
+ 	"	sbbq	%0,%0		\n"
+@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
+ 	asm (
+ 	"	subq	%2,%2		\n"
+ 	".p2align 4			\n"
+-	"1:	movq	(%4,%2,8),%0	\n"
+-	"	sbbq	(%5,%2,8),%0	\n"
+-	"	movq	%0,(%3,%2,8)	\n"
++	"1:	movq	(%q4,%2,8),%0	\n"
++	"	sbbq	(%q5,%2,8),%0	\n"
++	"	movq	%0,(%q3,%2,8)	\n"
+ 	"	leaq	1(%2),%2	\n"
+ 	"	loop	1b		\n"
+ 	"	sbbq	%0,%0		\n"
+Index: openssl-1.0.0e/crypto/bn/bn.h
+===================================================================
+--- openssl-1.0.0e.orig/crypto/bn/bn.h
++++ openssl-1.0.0e/crypto/bn/bn.h
+@@ -172,6 +172,13 @@ extern "C" {
+ # endif
+ #endif
+ 
++/* Address type.  */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
+ /* assuming long is 64bit - this is the DEC Alpha
+  * unsigned long long is only 64 bits :-(, don't define
+  * BN_LLONG for the DEC Alpha */
+Index: openssl-1.0.0e/crypto/bn/bn_exp.c
+===================================================================
+--- openssl-1.0.0e.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.0e/crypto/bn/bn_exp.c
+@@ -561,7 +561,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ 
+ /* Given a pointer value, compute the next address that is a cache line multiple. */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+-	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ 
+ /* This variant of BN_mod_exp_mont() uses fixed windows and the special
+  * precomputation memory layout to limit data-dependency to a minimum
-- 
cgit v1.2.3-54-g00ecf