From 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb Mon Sep 17 00:00:00 2001 From: Roy Li Date: Wed, 24 Jun 2015 10:10:18 +0800 Subject: openssl: upgrade to 1.0.2c upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176 remove a backport patch update the c_rehash-compat.patch Signed-off-by: Roy Li Signed-off-by: Richard Purdie --- ...lcl.h-fix-MIPS-specific-gcc-version-check.patch | 30 ---------------------- .../openssl/openssl/debian/c_rehash-compat.patch | 22 +++++++--------- 2 files changed, 9 insertions(+), 43 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch (limited to 'meta/recipes-connectivity/openssl/openssl') diff --git a/meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch b/meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch deleted file mode 100644 index 7308f8fc3e..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 60c268b21ac81cc6b1af5c5470282a613b96f6fd Mon Sep 17 00:00:00 2001 -From: Andy Polyakov -Date: Mon, 25 May 2015 10:17:14 +0200 -Subject: [PATCH] bn/bn_lcl.h: fix MIPS-specific gcc version check. - -RT#3859 - -Reviewed-by: Tim Hudson ---- -Upstream-Status: Backport - - crypto/bn/bn_lcl.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h -index 196df7e..b9d124a 100644 ---- a/crypto/bn/bn_lcl.h -+++ b/crypto/bn/bn_lcl.h -@@ -443,7 +443,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - # endif - # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) - # if defined(__GNUC__) && __GNUC__>=2 --# if __GNUC__>=4 && __GNUC_MINOR__>=4 -+# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) - /* "h" constraint is no more since 4.4 */ - # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) - # define BN_UMULT_LOHI(low,high,a,b) ({ \ --- -2.1.4 - diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch index 3943e2c2e7..68e54d561e 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch @@ -5,14 +5,10 @@ Subject: [PATCH] also create old hash for compatibility Upstream-Status: Backport [debian] ---- - tools/c_rehash.in | 8 +++++++- - 1 files changed, 7 insertions(+), 1 deletions(-) - -Index: openssl-1.0.2~beta3/tools/c_rehash.in -=================================================================== ---- openssl-1.0.2~beta3.orig/tools/c_rehash.in -+++ openssl-1.0.2~beta3/tools/c_rehash.in +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index b086ff9..b777d79 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in @@ -8,8 +8,6 @@ my $prefix; my $openssl = $ENV{OPENSSL} || "openssl"; @@ -23,14 +19,14 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; @@ -18,10 +16,7 @@ my $removelinks = 1; - while ( $ARGV[0] =~ '-.*' ) { + while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); -- if ( $flag =~ /-old/) { +- if ( $flag eq '-old') { - $x509hash = "-subject_hash_old"; - $crlhash = "-hash_old"; -- } elsif ( $flag =~ /-h/) { -+ if ( $flag =~ /-h/) { +- } elsif ( $flag eq '-h') { ++ if ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; @@ -52,7 +48,7 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; chomp $hash; -@@ -177,10 +175,20 @@ sub link_hash_cert { +@@ -176,11 +174,21 @@ sub link_hash_cert { $hashlist{$hash} = $fprint; } -- cgit 1.2.3-korg