2 files changed, 38 insertions, 23 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
new file mode 100644
index 0000000000..12dcfb7f3a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
@@ -0,0 +1,38 @@
+From: Matt Caswell <matt@openssl.org>
+Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
+Subject: Fixed NULL pointer dereference. See PR#3321
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
+Fixed NULL pointer dereference. See PR#3321
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+---
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+        SSL3_BUFFER *wb=&(s->s3->wbuf);
+        SSL_SESSION *sess;
+ 
+-       if (wb->buf == NULL)
+-               if (!ssl3_setup_write_buffer(s))
+-                       return -1;
+ 
+        /* first check if there is a SSL3_BUFFER still being written
+         * out.  This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                /* if it went, fall through and send more stuff */
+                }
+ 
+       if (wb->buf == NULL)
+               if (!ssl3_setup_write_buffer(s))
+                       return -1;
+
+        if (len == 0 && !create_empty_fragment)
+                return 0;
+ 
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch
deleted file mode 100644
index 4c51d746ff..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Upstream-Status: Backport
-Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
-CVE-2014-0198: An attacker can trigger generation of an SSL
-alert which could cause a null pointer dereference.
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
---
-diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
--- openssl-1.0.1g-orig/ssl/s3_pkt.c    2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200
-@@ -657,6 +657,10 @@
-                if (i <= 0)
-                        return(i);
-                /* if it went, fall through and send more stuff */
-+               /* we may have released our buffer, so get it again */
-+               if (wb->buf == NULL)
-+                       if (!ssl3_setup_write_buffer(s))
-+                               return -1;
-                }
- 
-        if (len == 0 && !create_empty_fragment)

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch new file mode 100644 index 0000000000..12dcfb7f3a --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch
@@ -0,0 +1,38 @@
		1	From: Matt Caswell <matt@openssl.org>
		2	Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
		3	Subject: Fixed NULL pointer dereference. See PR#3321
		4	X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
		5
		6	Fixed NULL pointer dereference. See PR#3321
		7
		8	Patch borrowed from Fedora
		9	Upstream-Status: Backport
		10	Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
		11
		12	---
		13
		14	diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
		15	index 40eb0dd..d961d12 100644
		16	--- a/ssl/s3_pkt.c
		17	+++ b/ssl/s3_pkt.c
		18	@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
		19	SSL3_BUFFER *wb=&(s->s3->wbuf);
		20	SSL_SESSION *sess;
		21
		22	- if (wb->buf == NULL)
		23	- if (!ssl3_setup_write_buffer(s))
		24	- return -1;
		25
		26	/* first check if there is a SSL3_BUFFER still being written
		27	* out. This will happen with non blocking IO */
		28	@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
		29	/* if it went, fall through and send more stuff */
		30	}
		31
		32	+ if (wb->buf == NULL)
		33	+ if (!ssl3_setup_write_buffer(s))
		34	+ return -1;
		35	+
		36	if (len == 0 && !create_empty_fragment)
		37	return 0;
		38


diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch deleted file mode 100644 index 4c51d746ff..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch +++ /dev/null
@@ -1,23 +0,0 @@
1	Upstream-Status: Backport
2
3	Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
4
5	CVE-2014-0198: An attacker can trigger generation of an SSL
6	alert which could cause a null pointer dereference.
7
8	Signed-off-by: Maxin B. John <maxin.john@enea.com>
9	---
10	diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
11	--- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100
12	+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200
13	@@ -657,6 +657,10 @@
14	if (i <= 0)
15	return(i);
16	/* if it went, fall through and send more stuff */
17	+ /* we may have released our buffer, so get it again */
18	+ if (wb->buf == NULL)
19	+ if (!ssl3_setup_write_buffer(s))
20	+ return -1;
21	}
22
23	if (len == 0 && !create_empty_fragment)