Age | Commit message (Collapse) | Author |
|
Existing openssl 1.0 recipe is renamed to openssl10; it will
continue to be provided for as long as upstream supports it
(and there are still several recipes which do not work with openssl
1.1 due to API differences).
A few files (such as openssl binary) are no longer installed by openssl 1.0,
because they clash with openssl 1.1.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176
remove a backport patch
update the c_rehash-compat.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|