From 94e9e6a21b26c8bd0b194d4c2a65cbcb9464a553 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Mon, 9 May 2016 13:29:01 +0200
Subject: OpenSSL: Upgrade to 1.0.1t to fix multiple CVEs

Upgrade 1.0.1p --> 1.0.1t addresses following vulnerabilities:

CVE-2016-2107
CVE-2016-2108
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176

Reference:
URL for the OpenSSL Security Advisory:
https://www.openssl.org/news/secadv/20160503.txt

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch')

diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index 36aa442223..57e39eb673 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -10,15 +10,19 @@ Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
 
 ported the patch to the 1.0.0m version
 Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
+
+Ported the patch to 1.0.1t version.
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
 ---
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+diff -ruN a/crypto/evp/digest.c b/crypto/evp/digest.c
+--- a/crypto/evp/digest.c	2016-05-03 15:49:00.000000000 +0200
++++ b/crypto/evp/digest.c	2016-05-04 09:17:47.629259835 +0200
+@@ -199,7 +199,7 @@
          type = ctx->digest;
      }
  #endif
 -    if (ctx->digest != type) {
 +    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size)
+         if (ctx->digest && ctx->digest->ctx_size) {
              OPENSSL_free(ctx->md_data);
-         ctx->digest = type;
+             ctx->md_data = NULL;
-- 
cgit v1.2.3-54-g00ecf