Age | Commit message (Collapse) | Author |
|
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
https://www.openssl.org/news/secadv/20160503.txt
fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
(From OE-Core rev: c693f34f54257a8eca9fe8c5a9eee5647b7eeb0c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|