From a200115c769eff4b9b0241d54ed5ad86da08fdbc Mon Sep 17 00:00:00 2001
From: Stefan Agner <stefan.agner@toradex.com>
Date: Sat, 18 Nov 2017 09:53:54 +0100
Subject: openssl10: Upgrade 1.0.2l -> 1.0.2m

Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 .../openssl/openssl-1.0.2m/shared-libs.patch       | 41 ++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch

(limited to 'meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch')

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch
new file mode 100644
index 0000000000..a7ca0a3078
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
++++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB):	$(LIBOBJ)
+ 
+ shared: buildinf.h lib subdirs
+ 	if [ -n "$(SHARED_LIBS)" ]; then \
+-		(cd ..; $(MAKE) $(SHARED_LIB)); \
++		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ 	fi
+ 
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
++++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+ 
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
++		$(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+ 	else \
+ 		echo "There's no support for shared libraries on this platform" >&2; \
+ 		exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
++++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib:	$(LIBOBJ)
+ 
+ shared: lib
+ 	if [ -n "$(SHARED_LIBS)" ]; then \
+-		(cd ..; $(MAKE) $(SHARED_LIB)); \
++		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ 	fi
+ 
+ files:
-- 
cgit 1.2.3-korg