From b451e3efc79d29c39c85f7da2dc75becf3fdf5a2 Mon Sep 17 00:00:00 2001 From: Andre McCurdy Date: Thu, 28 Jan 2016 12:55:45 -0800 Subject: openssl: update 1.0.2e -> 1.0.2f ( CVE-2016-0701 CVE-2015-3197 ) Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) Updated LICENSE hash due to change in copyright year. Signed-off-by: Andre McCurdy Signed-off-by: Ross Burton --- .../recipes-connectivity/openssl/openssl_1.0.2e.bb | 57 ---------------------- .../recipes-connectivity/openssl/openssl_1.0.2f.bb | 57 ++++++++++++++++++++++ 2 files changed, 57 insertions(+), 57 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2e.bb create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2f.bb diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2e.bb deleted file mode 100644 index d2a265a79c..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2e.bb +++ /dev/null @@ -1,57 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://find.pl;subdir=${BP}/util/ \ - file://run-ptest \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian/version-script.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://crypto_use_bigint_in_x86-64_perl.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - " - -SRC_URI[md5sum] = "5262bfa25b60ed9de9f28d5d52d77fc5" -SRC_URI[sha256sum] = "e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" - -# The crypto_use_bigint patch means that perl's bignum module needs to be -# installed, but some distributions (for example Fedora 23) don't ship it by -# default. As the resulting error is very misleading check for bignum before -# building. -do_configure_prepend() { - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi -} diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2f.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2f.bb new file mode 100644 index 0000000000..fbc78e1b58 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2f.bb @@ -0,0 +1,57 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=${BP}/util/ \ + file://run-ptest \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian/version-script.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://crypto_use_bigint_in_x86-64_perl.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + " + +SRC_URI[md5sum] = "b3bf73f507172be9292ea2a8c28b659d" +SRC_URI[sha256sum] = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} -- cgit 1.2.3-korg