From d6b69279b5d1370d9c4982d5b1842a471cfd2b0e Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Fri, 23 Sep 2016 15:26:05 +0200 Subject: openssl: update to 1.0.2i (CVE-2016-6304 and more) This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. Signed-off-by: Patrick Ohly Signed-off-by: Richard Purdie --- meta/recipes-connectivity/openssl/openssl.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-connectivity/openssl/openssl.inc') diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index f83664c271..cb7ec0aac2 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -211,6 +211,7 @@ do_install_ptest () { ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps + cp apps/server.pem ${D}${PTEST_PATH}/apps cp apps/server2.pem ${D}${PTEST_PATH}/apps mkdir -p ${D}${PTEST_PATH}/util install util/opensslwrap.sh ${D}${PTEST_PATH}/util -- cgit 1.2.3-korg