From: Armin Kuster <[email protected]> CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176
https://www.openssl.org/news/secadv/20160503.txt fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. Signed-off-by: Armin Kuster <[email protected]> --- ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++------- .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} | 6 ++---- 2 files changed, 9 insertions(+), 11 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} (91%) diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch index cebc8cf..f736e5c 100644 --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -8,16 +8,16 @@ http://www.mail-archive.com/[email protected]/msg32860.html Signed-off-by: Xufeng Zhang <[email protected]> --- -Index: openssl-1.0.2/crypto/evp/digest.c +Index: openssl-1.0.2h/crypto/evp/digest.c =================================================================== ---- openssl-1.0.2.orig/crypto/evp/digest.c -+++ openssl-1.0.2/crypto/evp/digest.c -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - return 0; +--- openssl-1.0.2h.orig/crypto/evp/digest.c ++++ openssl-1.0.2h/crypto/evp/digest.c +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + type = ctx->digest; } #endif - if (ctx->digest != type) { + if (type && (ctx->digest != type)) { - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); - ctx->digest = type; + ctx->md_data = NULL; diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb similarity index 91% rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb index 290f129..ae65992 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ file://openssl-fix-des.pod-error.patch \ file://Makefiles-ptest.patch \ file://ptest-deps.patch \ - file://crypto_use_bigint_in_x86-64_perl.patch \ file://openssl-1.0.2a-x32-asm.patch \ file://ptest_makefile_deps.patch \ file://configure-musl-target.patch \ file://parallel.patch \ " - -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa" -SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33" +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" +SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" PACKAGES =+ "${PN}-engines" FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -- 2.3.5 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
