From 3cea047b6cc9e93308e5aebbacc74183438fae57 Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Wed, 11 May 2016 00:43:28 -0700 Subject: openssl: 1.0.2d -> 1.0.2h (mainly for CVEs) * CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch') diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch index cebc8cf0d0..f736e5c098 100644 --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html Signed-off-by: Xufeng Zhang --- -Index: openssl-1.0.2/crypto/evp/digest.c +Index: openssl-1.0.2h/crypto/evp/digest.c =================================================================== ---- openssl-1.0.2.orig/crypto/evp/digest.c -+++ openssl-1.0.2/crypto/evp/digest.c -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - return 0; +--- openssl-1.0.2h.orig/crypto/evp/digest.c ++++ openssl-1.0.2h/crypto/evp/digest.c +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + type = ctx->digest; } #endif - if (ctx->digest != type) { + if (type && (ctx->digest != type)) { - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); - ctx->digest = type; + ctx->md_data = NULL; -- cgit v1.2.3-54-g00ecf