diff options
author | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-06-09 16:51:17 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-06-10 17:10:35 +0100 |
commit | d3d6eee3353fcce09e1d6b0181a0ea7b52b7a937 (patch) | |
tree | 6dc5efd43ec7baf56b4fe43c31fc956cb5ae7bc9 /meta | |
parent | 5bcb997663a6bd7a4d7395dcdb5e027d7f2bab81 (diff) | |
download | openembedded-core-contrib-d3d6eee3353fcce09e1d6b0181a0ea7b52b7a937.tar.gz |
openssl: use upstream fix for CVE-2014-0198
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta')
3 files changed, 39 insertions, 24 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch new file mode 100644 index 0000000000..12dcfb7f3a --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch @@ -0,0 +1,38 @@ +From: Matt Caswell <matt@openssl.org> +Date: Sun, 11 May 2014 23:38:37 +0000 (+0100) +Subject: Fixed NULL pointer dereference. See PR#3321 +X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586 + +Fixed NULL pointer dereference. See PR#3321 + +Patch borrowed from Fedora +Upstream-Status: Backport +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> + +--- + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 40eb0dd..d961d12 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL_SESSION *sess; + +- if (wb->buf == NULL) +- if (!ssl3_setup_write_buffer(s)) +- return -1; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ +@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + /* if it went, fall through and send more stuff */ + } + ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; ++ + if (len == 0 && !create_empty_fragment) + return 0; + diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch deleted file mode 100644 index 4c51d746ff..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch +++ /dev/null @@ -1,23 +0,0 @@ -Upstream-Status: Backport - -Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837 - -CVE-2014-0198: An attacker can trigger generation of an SSL -alert which could cause a null pointer dereference. - -Signed-off-by: Maxin B. John <maxin.john@enea.com> ---- -diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c ---- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200 -@@ -657,6 +657,10 @@ - if (i <= 0) - return(i); - /* if it went, fall through and send more stuff */ -+ /* we may have released our buffer, so get it again */ -+ if (wb->buf == NULL) -+ if (!ssl3_setup_write_buffer(s)) -+ return -1; - } - - if (len == 0 && !create_empty_fragment) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb index d4fc91d851..18f0bafda1 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb @@ -34,8 +34,8 @@ SRC_URI += "file://configure-targets.patch \ file://initial-aarch64-bits.patch \ file://find.pl \ file://openssl-fix-des.pod-error.patch \ - file://openssl-CVE-2014-0198-fix.patch \ file://openssl-1.0.1e-cve-2014-0195.patch \ + file://openssl-1.0.1e-cve-2014-0198.patch \ file://openssl-CVE-2010-5298.patch \ " |