Age | Commit message (Collapse) | Author |
|
Patch is submitted upstream as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
padlock_conf.patch will enable the padlock engine by default,
but this engine does not work on some 32bit machine, and lead
to openssl unable to work
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Removed:
- openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
- upgate-vegsion-script-for-1.0.2.patch
Since they are already in the source.
- make-targets.patch
It removed test dir from DIRS, which is not needed any more since we
need build it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
on some hosts openssl fails to build with this error:
ghash-x86_64.s: Assembler messages:
ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
backported fix from community.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Patch updated to drop TERMIO flags since these are the default on
Linux anyway (see https://git.openssl.org/?p=openssl.git;a=commit;h=64e6bf64b36136d487e2fbf907f09612e69ae911)
Also drop patch merged upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Removed one patch merged upstream.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add some missing dependencies and fix the Makefile in order to get most
of the ptest tests working (specifically test_bn, test_verify, test_cms,
test_srp and test_heartbeat). test_verify still fails for unknown
reasons (perhaps some of the now expired certificates weren't meant to
have expired as far as the test is concerned?) but at least it has the
certificates to run now.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
Fixes the following security issues:
* CVE-2014-0224
* CVE-2014-0221
* CVE-2014-0195
* CVE-2014-3470
The patch for CVE-2010-5298, CVE-2014-0198 and a fix for building the
documentation are integrated upstream in this release and so were
dropped. Additionally, a patch from upstream was added in order to
fix a failure during do_compile_ptest_base.
A similar upgrade was also submitted by Yao Xinpan <yaoxp@cn.fujitsu.com>
and Lei Maohui <leimaohui@cn.fujitsu.com>.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
make openssl-CVE-2010-5298.patch truely work
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch is not included in 1.0.1g, but it is included on 1.0.2
branch.
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install openssl test suite and run it as ptest.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|