From 94e9e6a21b26c8bd0b194d4c2a65cbcb9464a553 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Mon, 9 May 2016 13:29:01 +0200
Subject: OpenSSL: Upgrade to 1.0.1t to fix multiple CVEs

Upgrade 1.0.1p --> 1.0.1t addresses following vulnerabilities:

CVE-2016-2107
CVE-2016-2108
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176

Reference:
URL for the OpenSSL Security Advisory:
https://www.openssl.org/news/secadv/20160503.txt

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 .../openssl/openssl/debian/version-script.patch    | 80 +++++++++++-----------
 1 file changed, 40 insertions(+), 40 deletions(-)

(limited to 'meta/recipes-connectivity/openssl/openssl/debian/version-script.patch')

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
index ece8b9b46c..ac78adb802 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -1,10 +1,11 @@
 Upstream-Status: Backport [debian]
 
-Index: openssl-1.0.1d/Configure
-===================================================================
---- openssl-1.0.1d.orig/Configure	2013-02-06 19:41:43.000000000 +0100
-+++ openssl-1.0.1d/Configure	2013-02-06 19:41:43.000000000 +0100
-@@ -1621,6 +1621,8 @@
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/Configure b/Configure
+--- a/Configure	2016-05-09 12:05:53.135685172 +0200
++++ b/Configure	2016-05-09 12:07:43.962952937 +0200
+@@ -1667,6 +1667,8 @@
  		}
  	}
  
@@ -13,11 +14,38 @@ Index: openssl-1.0.1d/Configure
  open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
  unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
  open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1d/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/openssl.ld	2013-02-06 19:44:25.000000000 +0100
-@@ -0,0 +1,4620 @@
+diff -ruN a/engines/ccgost/openssl.ld b/engines/ccgost/openssl.ld
+--- a/engines/ccgost/openssl.ld	1970-01-01 01:00:00.000000000 +0100
++++ b/engines/ccgost/openssl.ld	2016-05-09 12:07:44.034949863 +0200
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++	global:
++		bind_engine;
++		v_check;
++		OPENSSL_init;
++		OPENSSL_finish;
++	local:
++		*;
++};
++
+diff -ruN a/engines/openssl.ld b/engines/openssl.ld
+--- a/engines/openssl.ld	1970-01-01 01:00:00.000000000 +0100
++++ b/engines/openssl.ld	2016-05-09 12:07:43.990951742 +0200
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.0 {
++	global:
++		bind_engine;
++		v_check;
++		OPENSSL_init;
++		OPENSSL_finish;
++	local:
++		*;
++};
++
+diff -ruN a/openssl.ld b/openssl.ld
+--- a/openssl.ld	1970-01-01 01:00:00.000000000 +0100
++++ b/openssl.ld	2016-05-09 12:34:19.174771028 +0200
+@@ -0,0 +1,4622 @@
 +OPENSSL_1.0.0 {
 +	global:
 +		BIO_f_ssl;
@@ -4526,6 +4554,8 @@ Index: openssl-1.0.1d/openssl.ld
 +		SSL_SESSION_get_compress_id;
 +
 +		SRP_VBASE_get_by_user;
++		SRP_VBASE_get1_by_user;
++		SRP_user_pwd_free;
 +		SRP_Calc_server_key;
 +		SRP_create_verifier;
 +		SRP_create_verifier_BN;
@@ -4638,33 +4668,3 @@ Index: openssl-1.0.1d/openssl.ld
 +		CRYPTO_memcmp;
 +} OPENSSL_1.0.1;
 +
-Index: openssl-1.0.1d/engines/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/openssl.ld	2013-02-06 19:41:43.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-Index: openssl-1.0.1d/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/ccgost/openssl.ld	2013-02-06 19:41:43.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-- 
cgit v1.2.3-54-g00ecf