openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)

* CVEs:
  - CVE-2016-0705
  - CVE-2016-0798
  - CVE-2016-0797
  - CVE-2016-0799
  - CVE-2016-0702
  - CVE-2016-0703
  - CVE-2016-0704
  - CVE-2016-2105
  - CVE-2016-2106
  - CVE-2016-2109
  - CVE-2016-2176

* The LICENSE's checksum is changed because of date changes (2011 ->
  2016), the contents are the same.

* Remove backport patches
  - 0001-Add-test-for-CVE-2015-3194.patch
  - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
  - CVE-2015-3194-1-Add-PSS-parameter-check.patch
  - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
  - CVE-2015-3197.patch
  - CVE-2016-0701_1.patch
  - CVE-2016-0701_2.patch
  - CVE-2016-0800.patch
  - CVE-2016-0800_2.patch
  - CVE-2016-0800_3.patch

* Update crypto_use_bigint_in_x86-64_perl.patch

* Add version-script.patch and update block_diginotar.patch (From master branch)

* Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
  (From Armin)

(From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>

1 files changed, 0 insertions, 63 deletions

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
deleted file mode 100644
index dd288c93fb..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Wed, 30 Dec 2015 22:44:51 -0500
-Subject: [PATCH] Better SSLv2 cipher-suite enforcement
-
-Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com>
-
-CVE-2015-3197
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-
-Upstream-Status: Backport
-https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245
-
-CVE: CVE-2015-3197
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/s2_srvr.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-Index: openssl-1.0.2d/ssl/s2_srvr.c
-===================================================================
---- openssl-1.0.2d.orig/ssl/s2_srvr.c
-+++ openssl-1.0.2d/ssl/s2_srvr.c
-@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
-         }
- 
-         cp = ssl2_get_cipher_by_char(p);
--        if (cp == NULL) {
-+        if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
-             ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-             SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
-             return (-1);
-@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
-             prio = cs;
-             allow = cl;
-         }
-+
-+        /* Generate list of SSLv2 ciphers shared between client and server */
-         for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
--            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
-+            const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
-+            if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
-+                sk_SSL_CIPHER_find(allow, cp) < 0) {
-                 (void)sk_SSL_CIPHER_delete(prio, z);
-                 z--;
-             }
-@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
-             sk_SSL_CIPHER_free(s->session->ciphers);
-             s->session->ciphers = prio;
-         }
-+
-+        /* Make sure we have at least one cipher in common */
-+        if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
-+            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-+            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
-+            return -1;
-+        }
-         /*
-          * s->session->ciphers should now have a list of ciphers that are on
-          * both the client and server. This list is ordered by the order the