diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-05-09 13:29:01 +0200 |
|---|---|---|
| committer | Tudor Florea <tudor.florea@enea.com> | 2016-05-10 10:26:16 +0200 |
| commit | 94e9e6a21b26c8bd0b194d4c2a65cbcb9464a553 (patch) | |
| tree | 9d5cf6f89dadcdf9365e632962b393c9fb35c828 | |
| parent | 9c5b66788d746491a471bed3c7c7333862f95ea7 (diff) | |
| download | poky-dizzy-enea.tar.gz | |
OpenSSL: Upgrade to 1.0.1t to fix multiple CVEsdizzy-enea
Upgrade 1.0.1p --> 1.0.1t addresses following vulnerabilities:
CVE-2016-2107
CVE-2016-2108
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
Reference:
URL for the OpenSSL Security Advisory:
https://www.openssl.org/news/secadv/20160503.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/man-section.patch | 17 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/version-script.patch | 80 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch | 76 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.1t.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.1p.bb) | 9 |
5 files changed, 97 insertions, 99 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch index 21c1d1a4eb..1bd42efc9c 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch | |||
| @@ -1,9 +1,10 @@ | |||
| 1 | Upstream-Status: Backport [debian] | 1 | Upstream-Status: Backport [debian] |
| 2 | 2 | ||
| 3 | Index: openssl-1.0.0c/Makefile.org | 3 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> |
| 4 | =================================================================== | 4 | --- |
| 5 | --- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 | 5 | diff -ruN a/Makefile.org b/Makefile.org |
| 6 | +++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 | 6 | --- a/Makefile.org 2016-05-04 08:24:51.982013676 +0200 |
| 7 | +++ b/Makefile.org 2016-05-04 08:35:43.581929188 +0200 | ||
| 7 | @@ -160,7 +160,8 @@ | 8 | @@ -160,7 +160,8 @@ |
| 8 | MANDIR=/usr/share/man | 9 | MANDIR=/usr/share/man |
| 9 | MAN1=1 | 10 | MAN1=1 |
| @@ -14,21 +15,21 @@ Index: openssl-1.0.0c/Makefile.org | |||
| 14 | HTMLSUFFIX=html | 15 | HTMLSUFFIX=html |
| 15 | HTMLDIR=$(OPENSSLDIR)/html | 16 | HTMLDIR=$(OPENSSLDIR)/html |
| 16 | SHELL=/bin/sh | 17 | SHELL=/bin/sh |
| 17 | @@ -651,7 +652,7 @@ | 18 | @@ -650,7 +651,7 @@ |
| 18 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ | 19 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ |
| 19 | (cd `$(PERL) util/dirname.pl $$i`; \ | 20 | (cd `$(PERL) util/dirname.pl $$i`; \ |
| 20 | sh -c "$$pod2man \ | 21 | sh -c "$$pod2man \ |
| 21 | - --section=$$sec --center=OpenSSL \ | 22 | - --section=$$sec --center=OpenSSL \ |
| 22 | + --section=$${sec}$(MANSECTION) --center=OpenSSL \ | 23 | + --section=$${sec}$(MANSECTION) --center=OpenSSL \ |
| 23 | --release=$(VERSION) `basename $$i`") \ | 24 | --release=$(VERSION) `basename $$i`") \ |
| 24 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ | 25 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ |
| 25 | $(PERL) util/extract-names.pl < $$i | \ | 26 | $(PERL) util/extract-names.pl < $$i | \ |
| 26 | @@ -668,7 +669,7 @@ | 27 | @@ -667,7 +668,7 @@ |
| 27 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ | 28 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ |
| 28 | (cd `$(PERL) util/dirname.pl $$i`; \ | 29 | (cd `$(PERL) util/dirname.pl $$i`; \ |
| 29 | sh -c "$$pod2man \ | 30 | sh -c "$$pod2man \ |
| 30 | - --section=$$sec --center=OpenSSL \ | 31 | - --section=$$sec --center=OpenSSL \ |
| 31 | + --section=$${sec}$(MANSECTION) --center=OpenSSL \ | 32 | + --section=$${sec}$(MANSECTION) --center=OpenSSL \ |
| 32 | --release=$(VERSION) `basename $$i`") \ | 33 | --release=$(VERSION) `basename $$i`") \ |
| 33 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ | 34 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ |
| 34 | $(PERL) util/extract-names.pl < $$i | \ | 35 | $(PERL) util/extract-names.pl < $$i | \ |
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch index ece8b9b46c..ac78adb802 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch | |||
| @@ -1,10 +1,11 @@ | |||
| 1 | Upstream-Status: Backport [debian] | 1 | Upstream-Status: Backport [debian] |
| 2 | 2 | ||
| 3 | Index: openssl-1.0.1d/Configure | 3 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> |
| 4 | =================================================================== | 4 | --- |
| 5 | --- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 | 5 | diff -ruN a/Configure b/Configure |
| 6 | +++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 | 6 | --- a/Configure 2016-05-09 12:05:53.135685172 +0200 |
| 7 | @@ -1621,6 +1621,8 @@ | 7 | +++ b/Configure 2016-05-09 12:07:43.962952937 +0200 |
| 8 | @@ -1667,6 +1667,8 @@ | ||
| 8 | } | 9 | } |
| 9 | } | 10 | } |
| 10 | 11 | ||
| @@ -13,11 +14,38 @@ Index: openssl-1.0.1d/Configure | |||
| 13 | open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; | 14 | open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; |
| 14 | unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; | 15 | unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; |
| 15 | open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; | 16 | open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; |
| 16 | Index: openssl-1.0.1d/openssl.ld | 17 | diff -ruN a/engines/ccgost/openssl.ld b/engines/ccgost/openssl.ld |
| 17 | =================================================================== | 18 | --- a/engines/ccgost/openssl.ld 1970-01-01 01:00:00.000000000 +0100 |
| 18 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | 19 | +++ b/engines/ccgost/openssl.ld 2016-05-09 12:07:44.034949863 +0200 |
| 19 | +++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 | 20 | @@ -0,0 +1,10 @@ |
| 20 | @@ -0,0 +1,4620 @@ | 21 | +OPENSSL_1.0.0 { |
| 22 | + global: | ||
| 23 | + bind_engine; | ||
| 24 | + v_check; | ||
| 25 | + OPENSSL_init; | ||
| 26 | + OPENSSL_finish; | ||
| 27 | + local: | ||
| 28 | + *; | ||
| 29 | +}; | ||
| 30 | + | ||
| 31 | diff -ruN a/engines/openssl.ld b/engines/openssl.ld | ||
| 32 | --- a/engines/openssl.ld 1970-01-01 01:00:00.000000000 +0100 | ||
| 33 | +++ b/engines/openssl.ld 2016-05-09 12:07:43.990951742 +0200 | ||
| 34 | @@ -0,0 +1,10 @@ | ||
| 35 | +OPENSSL_1.0.0 { | ||
| 36 | + global: | ||
| 37 | + bind_engine; | ||
| 38 | + v_check; | ||
| 39 | + OPENSSL_init; | ||
| 40 | + OPENSSL_finish; | ||
| 41 | + local: | ||
| 42 | + *; | ||
| 43 | +}; | ||
| 44 | + | ||
| 45 | diff -ruN a/openssl.ld b/openssl.ld | ||
| 46 | --- a/openssl.ld 1970-01-01 01:00:00.000000000 +0100 | ||
| 47 | +++ b/openssl.ld 2016-05-09 12:34:19.174771028 +0200 | ||
| 48 | @@ -0,0 +1,4622 @@ | ||
| 21 | +OPENSSL_1.0.0 { | 49 | +OPENSSL_1.0.0 { |
| 22 | + global: | 50 | + global: |
| 23 | + BIO_f_ssl; | 51 | + BIO_f_ssl; |
| @@ -4526,6 +4554,8 @@ Index: openssl-1.0.1d/openssl.ld | |||
| 4526 | + SSL_SESSION_get_compress_id; | 4554 | + SSL_SESSION_get_compress_id; |
| 4527 | + | 4555 | + |
| 4528 | + SRP_VBASE_get_by_user; | 4556 | + SRP_VBASE_get_by_user; |
| 4557 | + SRP_VBASE_get1_by_user; | ||
| 4558 | + SRP_user_pwd_free; | ||
| 4529 | + SRP_Calc_server_key; | 4559 | + SRP_Calc_server_key; |
| 4530 | + SRP_create_verifier; | 4560 | + SRP_create_verifier; |
| 4531 | + SRP_create_verifier_BN; | 4561 | + SRP_create_verifier_BN; |
| @@ -4638,33 +4668,3 @@ Index: openssl-1.0.1d/openssl.ld | |||
| 4638 | + CRYPTO_memcmp; | 4668 | + CRYPTO_memcmp; |
| 4639 | +} OPENSSL_1.0.1; | 4669 | +} OPENSSL_1.0.1; |
| 4640 | + | 4670 | + |
| 4641 | Index: openssl-1.0.1d/engines/openssl.ld | ||
| 4642 | =================================================================== | ||
| 4643 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
| 4644 | +++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 | ||
| 4645 | @@ -0,0 +1,10 @@ | ||
| 4646 | +OPENSSL_1.0.0 { | ||
| 4647 | + global: | ||
| 4648 | + bind_engine; | ||
| 4649 | + v_check; | ||
| 4650 | + OPENSSL_init; | ||
| 4651 | + OPENSSL_finish; | ||
| 4652 | + local: | ||
| 4653 | + *; | ||
| 4654 | +}; | ||
| 4655 | + | ||
| 4656 | Index: openssl-1.0.1d/engines/ccgost/openssl.ld | ||
| 4657 | =================================================================== | ||
| 4658 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
| 4659 | +++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 | ||
| 4660 | @@ -0,0 +1,10 @@ | ||
| 4661 | +OPENSSL_1.0.0 { | ||
| 4662 | + global: | ||
| 4663 | + bind_engine; | ||
| 4664 | + v_check; | ||
| 4665 | + OPENSSL_init; | ||
| 4666 | + OPENSSL_finish; | ||
| 4667 | + local: | ||
| 4668 | + *; | ||
| 4669 | +}; | ||
| 4670 | + | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch index 36aa442223..57e39eb673 100644 --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | |||
| @@ -10,15 +10,19 @@ Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> | |||
| 10 | 10 | ||
| 11 | ported the patch to the 1.0.0m version | 11 | ported the patch to the 1.0.0m version |
| 12 | Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24 | 12 | Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24 |
| 13 | |||
| 14 | Ported the patch to 1.0.1t version. | ||
| 15 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 13 | --- | 16 | --- |
| 14 | --- a/crypto/evp/digest.c | 17 | diff -ruN a/crypto/evp/digest.c b/crypto/evp/digest.c |
| 15 | +++ b/crypto/evp/digest.c | 18 | --- a/crypto/evp/digest.c 2016-05-03 15:49:00.000000000 +0200 |
| 16 | @@ -199,7 +199,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 19 | +++ b/crypto/evp/digest.c 2016-05-04 09:17:47.629259835 +0200 |
| 20 | @@ -199,7 +199,7 @@ | ||
| 17 | type = ctx->digest; | 21 | type = ctx->digest; |
| 18 | } | 22 | } |
| 19 | #endif | 23 | #endif |
| 20 | - if (ctx->digest != type) { | 24 | - if (ctx->digest != type) { |
| 21 | + if (type && (ctx->digest != type)) { | 25 | + if (type && (ctx->digest != type)) { |
| 22 | if (ctx->digest && ctx->digest->ctx_size) | 26 | if (ctx->digest && ctx->digest->ctx_size) { |
| 23 | OPENSSL_free(ctx->md_data); | 27 | OPENSSL_free(ctx->md_data); |
| 24 | ctx->digest = type; | 28 | ctx->md_data = NULL; |
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch index ab1434a0e7..59a4b7ce9a 100644 --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch | |||
| @@ -9,22 +9,24 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 | |||
| 9 | 9 | ||
| 10 | ported the patch to the 1.0.0m version | 10 | ported the patch to the 1.0.0m version |
| 11 | Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24 | 11 | Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24 |
| 12 | Index: openssl-1.0.1e/Configure | 12 | |
| 13 | =================================================================== | 13 | Ported the patch to 1.0.1t version. |
| 14 | --- openssl-1.0.1e.orig/Configure | 14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2016/05/09 |
| 15 | +++ openssl-1.0.1e/Configure | 15 | --- |
| 16 | @@ -402,6 +402,7 @@ my %table=( | 16 | diff -ruN a/Configure b/Configure |
| 17 | --- a/Configure 2016-05-04 08:24:51.630028856 +0200 | ||
| 18 | +++ b/Configure 2016-05-04 09:09:14.987332751 +0200 | ||
| 19 | @@ -417,6 +417,7 @@ | ||
| 17 | "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 20 | "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 18 | "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 21 | "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 19 | "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | 22 | "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", |
| 20 | +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", | 23 | +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", |
| 24 | "linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | ||
| 21 | "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | 25 | "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", |
| 22 | #### So called "highgprs" target for z/Architecture CPUs | 26 | #### So called "highgprs" target for z/Architecture CPUs |
| 23 | # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see | 27 | diff -ruN a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c |
| 24 | Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | 28 | --- a/crypto/bn/asm/x86_64-gcc.c 2016-05-03 15:49:00.000000000 +0200 |
| 25 | =================================================================== | 29 | +++ b/crypto/bn/asm/x86_64-gcc.c 2016-05-04 09:07:52.974863300 +0200 |
| 26 | --- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c | ||
| 27 | +++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | ||
| 28 | @@ -55,7 +55,7 @@ | 30 | @@ -55,7 +55,7 @@ |
| 29 | * machine. | 31 | * machine. |
| 30 | */ | 32 | */ |
| @@ -34,30 +36,8 @@ Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | |||
| 34 | # define BN_ULONG unsigned long long | 36 | # define BN_ULONG unsigned long long |
| 35 | # else | 37 | # else |
| 36 | # define BN_ULONG unsigned long | 38 | # define BN_ULONG unsigned long |
| 37 | Index: openssl-1.0.1e/crypto/bn/bn.h | ||
| 38 | =================================================================== | ||
| 39 | --- openssl-1.0.1e.orig/crypto/bn/bn.h | ||
| 40 | +++ openssl-1.0.1e/crypto/bn/bn.h | ||
| 41 | @@ -173,6 +173,13 @@ extern "C" { | ||
| 42 | # endif | ||
| 43 | # endif | ||
| 44 | |||
| 45 | +/* Address type. */ | ||
| 46 | +# ifdef _WIN64 | ||
| 47 | +# define BN_ADDR unsigned long long | ||
| 48 | +# else | ||
| 49 | +# define BN_ADDR unsigned long | ||
| 50 | +# endif | ||
| 51 | + | ||
| 52 | /* | ||
| 53 | * assuming long is 64bit - this is the DEC Alpha unsigned long long is only | ||
| 54 | * 64 bits :-(, don't define BN_LLONG for the DEC Alpha | ||
| 55 | Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | ||
| 56 | =================================================================== | ||
| 57 | --- openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c 2015-03-19 13:37:10.000000000 +0000 | ||
| 58 | +++ openssl-1.0.1m-modif/crypto/bn/asm/x86_64-gcc.c 2015-04-14 17:09:11.876533194 +0100 | ||
| 59 | @@ -211,9 +211,9 @@ | 39 | @@ -211,9 +211,9 @@ |
| 60 | 40 | ||
| 61 | asm volatile (" subq %2,%2 \n" | 41 | asm volatile (" subq %2,%2 \n" |
| 62 | ".p2align 4 \n" | 42 | ".p2align 4 \n" |
| 63 | - "1: movq (%4,%2,8),%0 \n" | 43 | - "1: movq (%4,%2,8),%0 \n" |
| @@ -70,7 +50,7 @@ Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | |||
| 70 | " loop 1b \n" | 50 | " loop 1b \n" |
| 71 | " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), | 51 | " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), |
| 72 | @@ -235,9 +235,9 @@ | 52 | @@ -235,9 +235,9 @@ |
| 73 | 53 | ||
| 74 | asm volatile (" subq %2,%2 \n" | 54 | asm volatile (" subq %2,%2 \n" |
| 75 | ".p2align 4 \n" | 55 | ".p2align 4 \n" |
| 76 | - "1: movq (%4,%2,8),%0 \n" | 56 | - "1: movq (%4,%2,8),%0 \n" |
| @@ -81,12 +61,11 @@ Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | |||
| 81 | + " movq %0,(%q3,%2,8) \n" | 61 | + " movq %0,(%q3,%2,8) \n" |
| 82 | " leaq 1(%2),%2 \n" | 62 | " leaq 1(%2),%2 \n" |
| 83 | " loop 1b \n" | 63 | " loop 1b \n" |
| 84 | " sbbq %0,%0 \n":"=&a" (ret), "+c"(n) | 64 | " sbbq %0,%0 \n":"=&a" (ret), "+c"(n), |
| 85 | Index: openssl-1.0.1e/crypto/bn/bn_exp.c | 65 | diff -ruN a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c |
| 86 | =================================================================== | 66 | --- a/crypto/bn/bn_exp.c 2016-05-03 15:49:00.000000000 +0200 |
| 87 | --- openssl-1.0.1e.orig/crypto/bn/bn_exp.c | 67 | +++ b/crypto/bn/bn_exp.c 2016-05-04 09:07:52.974863300 +0200 |
| 88 | +++ openssl-1.0.1e/crypto/bn/bn_exp.c | 68 | @@ -622,7 +622,7 @@ |
| 89 | @@ -572,7 +572,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, | ||
| 90 | * multiple. | 69 | * multiple. |
| 91 | */ | 70 | */ |
| 92 | #define MOD_EXP_CTIME_ALIGN(x_) \ | 71 | #define MOD_EXP_CTIME_ALIGN(x_) \ |
| @@ -95,3 +74,20 @@ Index: openssl-1.0.1e/crypto/bn/bn_exp.c | |||
| 95 | 74 | ||
| 96 | /* | 75 | /* |
| 97 | * This variant of BN_mod_exp_mont() uses fixed windows and the special | 76 | * This variant of BN_mod_exp_mont() uses fixed windows and the special |
| 77 | diff -ruN a/crypto/bn/bn.h b/crypto/bn/bn.h | ||
| 78 | --- a/crypto/bn/bn.h 2016-05-03 15:49:00.000000000 +0200 | ||
| 79 | +++ b/crypto/bn/bn.h 2016-05-04 09:07:52.974863300 +0200 | ||
| 80 | @@ -174,6 +174,13 @@ | ||
| 81 | # endif | ||
| 82 | # endif | ||
| 83 | |||
| 84 | +/* Address type. */ | ||
| 85 | +# ifdef _WIN64 | ||
| 86 | +# define BN_ADDR unsigned long long | ||
| 87 | +# else | ||
| 88 | +# define BN_ADDR unsigned long | ||
| 89 | +# endif | ||
| 90 | + | ||
| 91 | /* | ||
| 92 | * assuming long is 64bit - this is the DEC Alpha unsigned long long is only | ||
| 93 | * 64 bits :-(, don't define BN_LLONG for the DEC Alpha | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1t.bb index 0fa3572969..1737730065 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1t.bb | |||
| @@ -6,7 +6,7 @@ DEPENDS += "cryptodev-linux" | |||
| 6 | 6 | ||
| 7 | CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" | 7 | CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" |
| 8 | 8 | ||
| 9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" | 9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" |
| 10 | 10 | ||
| 11 | export DIRS = "crypto ssl apps engines" | 11 | export DIRS = "crypto ssl apps engines" |
| 12 | export OE_LDFLAGS="${LDFLAGS}" | 12 | export OE_LDFLAGS="${LDFLAGS}" |
| @@ -34,13 +34,10 @@ SRC_URI += "file://configure-targets.patch \ | |||
| 34 | file://Makefiles-ptest.patch \ | 34 | file://Makefiles-ptest.patch \ |
| 35 | file://ptest-deps.patch \ | 35 | file://ptest-deps.patch \ |
| 36 | file://run-ptest \ | 36 | file://run-ptest \ |
| 37 | file://CVE-2015-3194-Add-PSS-parameter-check.patch \ | ||
| 38 | file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \ | ||
| 39 | file://CVE-2016-0800.patch \ | ||
| 40 | " | 37 | " |
| 41 | 38 | ||
| 42 | SRC_URI[md5sum] = "7563e92327199e0067ccd0f79f436976" | 39 | SRC_URI[md5sum] = "9837746fcf8a6727d46d22ca35953da1" |
| 43 | SRC_URI[sha256sum] = "bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1" | 40 | SRC_URI[sha256sum] = "4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088" |
| 44 | 41 | ||
| 45 | PACKAGES =+ " \ | 42 | PACKAGES =+ " \ |
| 46 | ${PN}-engines \ | 43 | ${PN}-engines \ |