From 3cea047b6cc9e93308e5aebbacc74183438fae57 Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Wed, 11 May 2016 00:43:28 -0700 Subject: openssl: 1.0.2d -> 1.0.2h (mainly for CVEs) * CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- ...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 66 ---------------------- 1 file changed, 66 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch') diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch deleted file mode 100644 index 6fc4d0e839..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch +++ /dev/null @@ -1,66 +0,0 @@ -From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" -Date: Tue, 10 Nov 2015 19:03:07 +0000 -Subject: [PATCH] Fix leak with ASN.1 combine. - -When parsing a combined structure pass a flag to the decode routine -so on error a pointer to the parent structure is not zeroed as -this will leak any additional components in the parent. - -This can leak memory in any application parsing PKCS#7 or CMS structures. - -CVE-2015-3195. - -Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using -libFuzzer. - -PR#4131 - -Reviewed-by: Richard Levitte - -Upstream-Status: Backport - -This patch was imported from -https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d - -Signed-off-by: Armin Kuster - ---- - crypto/asn1/tasn_dec.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c -index febf605..9256049 100644 ---- a/crypto/asn1/tasn_dec.c -+++ b/crypto/asn1/tasn_dec.c -@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - int otag; - int ret = 0; - ASN1_VALUE **pchptr, *ptmpval; -+ int combine = aclass & ASN1_TFLG_COMBINE; -+ aclass &= ~ASN1_TFLG_COMBINE; - if (!pval) - return 0; - if (aux && aux->asn1_cb) -@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - auxerr: - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); - err: -- ASN1_item_ex_free(pval, it); -+ if (combine == 0) -+ ASN1_item_ex_free(pval, it); - if (errtt) - ERR_add_error_data(4, "Field=", errtt->field_name, - ", Type=", it->sname); -@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, - } else { - /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -- -1, 0, opt, ctx); -+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); - if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; --- -2.3.5 - -- cgit v1.2.3-54-g00ecf