From 1930286e3fa4a144dae963fb531e7caa1311c225 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Tue, 15 Dec 2015 11:07:48 +0100
Subject: openssl: CVE-2015-3194, CVE-2015-3195

Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)

References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195

Upstream patches:
CVE-2015-3194:
https://git.openssl.org/?p=openssl.git;a=commit;h=
d8541d7e9e63bf5f343af24644046c8d96498c17

CVE-2015-3195:
https://git.openssl.org/?p=openssl.git;a=commit;h=
b29ffa392e839d05171206523e84909146f7a77c

(From OE-Core rev: 09c3a0f01572a6a65e9f87ce16817ee7de3296f1)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/openssl/openssl_1.0.1p.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta/recipes-connectivity/openssl/openssl_1.0.1p.bb')

diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb
index 3f6179089b..1d0242f504 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb
@@ -34,6 +34,8 @@ SRC_URI += "file://configure-targets.patch \
             file://Makefiles-ptest.patch \
             file://ptest-deps.patch \
             file://run-ptest \
+            file://CVE-2015-3194-Add-PSS-parameter-check.patch \
+            file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \
            "
 
 SRC_URI[md5sum] = "7563e92327199e0067ccd0f79f436976"
-- 
cgit v1.2.3-54-g00ecf