From 94e9e6a21b26c8bd0b194d4c2a65cbcb9464a553 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Mon, 9 May 2016 13:29:01 +0200 Subject: OpenSSL: Upgrade to 1.0.1t to fix multiple CVEs Upgrade 1.0.1p --> 1.0.1t addresses following vulnerabilities: CVE-2016-2107 CVE-2016-2108 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 Reference: URL for the OpenSSL Security Advisory: https://www.openssl.org/news/secadv/20160503.txt Signed-off-by: Sona Sarmadi Signed-off-by: Tudor Florea --- .../openssl/openssl/debian/man-section.patch | 17 ++--- .../openssl/openssl/debian/version-script.patch | 80 +++++++++++----------- 2 files changed, 49 insertions(+), 48 deletions(-) (limited to 'meta/recipes-connectivity/openssl/openssl/debian') diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch index 21c1d1a4eb..1bd42efc9c 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch @@ -1,9 +1,10 @@ Upstream-Status: Backport [debian] -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 +Signed-off-by: Sona Sarmadi +--- +diff -ruN a/Makefile.org b/Makefile.org +--- a/Makefile.org 2016-05-04 08:24:51.982013676 +0200 ++++ b/Makefile.org 2016-05-04 08:35:43.581929188 +0200 @@ -160,7 +160,8 @@ MANDIR=/usr/share/man MAN1=1 @@ -14,21 +15,21 @@ Index: openssl-1.0.0c/Makefile.org HTMLSUFFIX=html HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh -@@ -651,7 +652,7 @@ +@@ -650,7 +651,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ -+ --section=$${sec}$(MANSECTION) --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ -@@ -668,7 +669,7 @@ +@@ -667,7 +668,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ -+ --section=$${sec}$(MANSECTION) --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch index ece8b9b46c..ac78adb802 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch @@ -1,10 +1,11 @@ Upstream-Status: Backport [debian] -Index: openssl-1.0.1d/Configure -=================================================================== ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 -@@ -1621,6 +1621,8 @@ +Signed-off-by: Sona Sarmadi +--- +diff -ruN a/Configure b/Configure +--- a/Configure 2016-05-09 12:05:53.135685172 +0200 ++++ b/Configure 2016-05-09 12:07:43.962952937 +0200 +@@ -1667,6 +1667,8 @@ } } @@ -13,11 +14,38 @@ Index: openssl-1.0.1d/Configure open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.1d/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 -@@ -0,0 +1,4620 @@ +diff -ruN a/engines/ccgost/openssl.ld b/engines/ccgost/openssl.ld +--- a/engines/ccgost/openssl.ld 1970-01-01 01:00:00.000000000 +0100 ++++ b/engines/ccgost/openssl.ld 2016-05-09 12:07:44.034949863 +0200 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ +diff -ruN a/engines/openssl.ld b/engines/openssl.ld +--- a/engines/openssl.ld 1970-01-01 01:00:00.000000000 +0100 ++++ b/engines/openssl.ld 2016-05-09 12:07:43.990951742 +0200 +@@ -0,0 +1,10 @@ ++OPENSSL_1.0.0 { ++ global: ++ bind_engine; ++ v_check; ++ OPENSSL_init; ++ OPENSSL_finish; ++ local: ++ *; ++}; ++ +diff -ruN a/openssl.ld b/openssl.ld +--- a/openssl.ld 1970-01-01 01:00:00.000000000 +0100 ++++ b/openssl.ld 2016-05-09 12:34:19.174771028 +0200 +@@ -0,0 +1,4622 @@ +OPENSSL_1.0.0 { + global: + BIO_f_ssl; @@ -4526,6 +4554,8 @@ Index: openssl-1.0.1d/openssl.ld + SSL_SESSION_get_compress_id; + + SRP_VBASE_get_by_user; ++ SRP_VBASE_get1_by_user; ++ SRP_user_pwd_free; + SRP_Calc_server_key; + SRP_create_verifier; + SRP_create_verifier_BN; @@ -4638,33 +4668,3 @@ Index: openssl-1.0.1d/openssl.ld + CRYPTO_memcmp; +} OPENSSL_1.0.1; + -Index: openssl-1.0.1d/engines/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ -Index: openssl-1.0.1d/engines/ccgost/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 -@@ -0,0 +1,10 @@ -+OPENSSL_1.0.0 { -+ global: -+ bind_engine; -+ v_check; -+ OPENSSL_init; -+ OPENSSL_finish; -+ local: -+ *; -+}; -+ -- cgit v1.2.3-54-g00ecf