diff options
| author |   Patrick Ohly <patrick.ohly@intel.com> | 2016-09-23 15:26:05 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-23 18:06:10 +0100 |
| commit | d6b69279b5d1370d9c4982d5b1842a471cfd2b0e (patch) | |
| tree | 996e51823dcd4afc80200fe2afd1107c4a846f43 /meta/recipes-connectivity/openssl/openssl/parallel.patch | |
| parent | 4c10376bdfd54af75de840bd4a31386e6e89477e (diff) | |
| download | openembedded-core-contrib-d6b69279b5d1370d9c4982d5b1842a471cfd2b0e.tar.gz | |
openssl: update to 1.0.2i (CVE-2016-6304 and more)
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/parallel.patch')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/parallel.patch | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch index b6c2c148b1..f3f4c99888 100644 --- a/meta/recipes-connectivity/openssl/openssl/parallel.patch +++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch @@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1 Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> +Refreshed for 1.0.2i +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> + --- openssl-1.0.2g/crypto/Makefile +++ openssl-1.0.2g/crypto/Makefile @@ -85,11 +85,11 @@ @@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> fi; \ --- openssl-1.0.2g/test/Makefile +++ openssl-1.0.2g/test/Makefile -@@ -139,7 +139,7 @@ +@@ -144,7 +144,7 @@ tags: ctags $(SRC) @@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -421,130 +421,130 @@ +@@ -438,136 +438,136 @@ link_app.$${shlib_target} $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> - @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) + $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o +- @target=$(BADDTLSTEST) $(BUILD_CMD) ++ +@target=$(BADDTLSTEST) $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o - @target=$(SSLV2CONFTEST) $(BUILD_CMD) + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) + $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) ++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -557,7 +557,7 @@ +@@ -580,6 +580,6 @@ # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) |