diff options
author | Cristiana Voicu <cristiana.voicu@intel.com> | 2014-04-08 14:49:48 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-04-08 17:45:04 +0100 |
commit | ff52836e1838590eeec7d7658e15b21d83cf8455 (patch) | |
tree | c10df5c56df5e2fc26079f27774fe04581389ec4 /meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch | |
parent | eaf176eaabb4c558ad76512b30b28ec97fd90bc6 (diff) | |
download | openembedded-core-contrib-ff52836e1838590eeec7d7658e15b21d83cf8455.tar.gz |
openssl: Upgrade to v1.0.1g
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch | 401 |
1 files changed, 401 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch new file mode 100644 index 0000000000..451256eaa5 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch @@ -0,0 +1,401 @@ +Fix documentation build errors with Perl 5.18 pod2man + +This fixes errors building man pages with newer versions of pod2man +included with Perl 5.18. + +Upstream-Status: Submitted +Signed-off-by: Jonathan Liu + +Index: openssl-1.0.1f/doc/apps/cms.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/apps/cms.pod 2014-02-28 10:13:51.899979213 +0200 +@@ -450,28 +450,28 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + the operation was completely successfully. + +-=item 1 ++=item Z<>1 + + an error occurred parsing the command options. + +-=item 2 ++=item Z<>2 + + one of the input files could not be read. + +-=item 3 ++=item Z<>3 + + an error occurred creating the CMS file or when reading the MIME + message. + +-=item 4 ++=item Z<>4 + + an error occurred decrypting or verifying the message. + +-=item 5 ++=item Z<>5 + + the message was verified correctly but an error occurred writing out + the signers certificates. +Index: openssl-1.0.1f/doc/apps/smime.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/apps/smime.pod 2014-02-28 10:16:57.795979233 +0200 +@@ -308,28 +308,28 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + the operation was completely successfully. + +-=item 1 ++=item Z<>1 + + an error occurred parsing the command options. + +-=item 2 ++=item Z<>2 + + one of the input files could not be read. + +-=item 3 ++=item Z<>3 + + an error occurred creating the PKCS#7 file or when reading the MIME + message. + +-=item 4 ++=item Z<>4 + + an error occurred decrypting or verifying the message. + +-=item 5 ++=item Z<>5 + + the message was verified correctly but an error occurred writing out + the signers certificates. +Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-02-28 10:18:09.679979225 +0200 +@@ -53,11 +53,11 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The operation succeeded. + +-=item 1 ++=item Z<>1 + + The operation failed. Check the error queue to find out the reason. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-02-28 10:18:42.687979221 +0200 +@@ -52,13 +52,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The operation failed. In case of the add operation, it was tried to add + the same (identical) session twice. In case of the remove operation, the + session was not found in the cache. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-02-28 10:19:09.079979218 +0200 +@@ -100,13 +100,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The operation failed because B<CAfile> and B<CApath> are NULL or the + processing at one of the locations specified failed. Check the error + stack to find out the reason. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-02-28 10:19:42.999979220 +0200 +@@ -66,13 +66,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + A failure while manipulating the STACK_OF(X509_NAME) object occurred or + the X509_NAME could not be extracted from B<cacert>. Check the error stack + to find out the reason. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-02-28 10:20:06.495979211 +0200 +@@ -64,13 +64,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded + the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error + is logged to the error stack. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-02-28 10:20:32.111979208 +0200 +@@ -42,11 +42,11 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The new choice failed, check the error stack to find out the reason. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-02-28 10:21:12.351979203 +0200 +@@ -96,7 +96,7 @@ + connection will fail with decryption_error before it will be finished + completely. + +-=item 0 ++=item Z<>0 + + PSK identity was not found. An "unknown_psk_identity" alert message + will be sent and the connection setup fails. +Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-02-28 10:21:51.535979215 +0200 +@@ -44,13 +44,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B<ret> to find out the reason. + +-=item 1 ++=item Z<>1 + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-02-28 10:22:13.087979196 +0200 +@@ -56,12 +56,12 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The SSL_clear() operation could not be performed. Check the error stack to + find out the reason. + +-=item 1 ++=item Z<>1 + + The SSL_clear() operation was successful. + +Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-02-28 10:22:33.991979193 +0200 +@@ -41,13 +41,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B<ret> to find out the reason. + +-=item 1 ++=item Z<>1 + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-02-28 10:22:56.887979159 +0200 +@@ -45,13 +45,13 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B<ret> to find out the reason. + +-=item 1 ++=item Z<>1 + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +Index: openssl-1.0.1f/doc/ssl/SSL_read.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-02-28 10:23:15.303979188 +0200 +@@ -86,7 +86,7 @@ + The read operation was successful; the return value is the number of + bytes actually read from the TLS/SSL connection. + +-=item 0 ++=item Z<>0 + + The read operation was not successful. The reason may either be a clean + shutdown due to a "close notify" alert sent by the peer (in which case +Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-02-28 10:23:36.615979186 +0200 +@@ -27,11 +27,11 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + A new session was negotiated. + +-=item 1 ++=item Z<>1 + + A session was reused. + +Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-02-28 10:23:57.599979183 +0200 +@@ -35,11 +35,11 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The operation failed. Check the error stack to find out why. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-02-28 10:24:16.943979181 +0200 +@@ -37,11 +37,11 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The operation failed; check the error stack to find out the reason. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-02-28 10:25:03.623979175 +0200 +@@ -92,19 +92,19 @@ + + =over 4 + +-=item 0 ++=item Z<>0 + + The shutdown is not yet finished. Call SSL_shutdown() for a second time, + if a bidirectional shutdown shall be performed. + The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an + erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +-=item 1 ++=item Z<>1 + + The shutdown was successfully completed. The "close notify" alert was sent + and the peer's "close notify" alert was received. + +-=item -1 ++=item Z<>-1 + + The shutdown was not successful because a fatal error occurred either + at the protocol level or a connection failure occurred. It can also occur if +Index: openssl-1.0.1f/doc/ssl/SSL_write.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 15:47:42.000000000 +0200 ++++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-02-28 10:25:36.031979168 +0200 +@@ -79,7 +79,7 @@ + The write operation was successful, the return value is the number of + bytes actually written to the TLS/SSL connection. + +-=item 0 ++=item Z<>0 + + The write operation was not successful. Probably the underlying connection + was closed. Call SSL_get_error() with the return value B<ret> to find out, |