On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote: > Robert, > > > On 05/10/2016 11:22 PM, Robert Yang wrote: > > > > > > On 05/04/2016 07:46 AM, Armin Kuster wrote: > >> From: Armin Kuster <[email protected]> > >> > >> CVE-2016-2105 > >> CVE-2016-2106 > >> CVE-2016-2109 > >> CVE-2016-2176 > >> > >> https://www.openssl.org/news/secadv/20160503.txt > >> > >> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > >> > >> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. > > > > After I looked into the code, it seems that this patch is not in latest > > code ? > > hmm, my old eyes deceive me. > > thanks for checking. > > I will send a correcting.
1.0.2h is already in fido, jethro and master, can we quickly get it to krogoth which is still using older version 1.0.2g? It's always strange to see recipe version downgrades when upgrading to newer Yocto release. > - armin > > It is a backported patch from gentoo. > > > > // Robert > > > >> > >> Signed-off-by: Armin Kuster <[email protected]> > >> --- > >> ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 > >> +++++++------- > >> .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} | 6 ++---- > >> 2 files changed, 9 insertions(+), 11 deletions(-) > >> rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => > >> openssl_1.0.2h.bb} (91%) > >> > >> diff --git > >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > >> > >> index cebc8cf..f736e5c 100644 > >> --- > >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > >> > >> +++ > >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > >> > >> @@ -8,16 +8,16 @@ > >> http://www.mail-archive.com/[email protected]/msg32860.html > >> > >> Signed-off-by: Xufeng Zhang <[email protected]> > >> --- > >> -Index: openssl-1.0.2/crypto/evp/digest.c > >> +Index: openssl-1.0.2h/crypto/evp/digest.c > >> =================================================================== > >> ---- openssl-1.0.2.orig/crypto/evp/digest.c > >> -+++ openssl-1.0.2/crypto/evp/digest.c > >> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c > >> - return 0; > >> +--- openssl-1.0.2h.orig/crypto/evp/digest.c > >> ++++ openssl-1.0.2h/crypto/evp/digest.c > >> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c > >> + type = ctx->digest; > >> } > >> #endif > >> - if (ctx->digest != type) { > >> + if (type && (ctx->digest != type)) { > >> - if (ctx->digest && ctx->digest->ctx_size) > >> + if (ctx->digest && ctx->digest->ctx_size) { > >> OPENSSL_free(ctx->md_data); > >> - ctx->digest = type; > >> + ctx->md_data = NULL; > >> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb > >> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb > >> similarity index 91% > >> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb > >> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb > >> index 290f129..ae65992 100644 > >> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb > >> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb > >> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ > >> file://openssl-fix-des.pod-error.patch \ > >> file://Makefiles-ptest.patch \ > >> file://ptest-deps.patch \ > >> - file://crypto_use_bigint_in_x86-64_perl.patch \ > >> file://openssl-1.0.2a-x32-asm.patch \ > >> file://ptest_makefile_deps.patch \ > >> file://configure-musl-target.patch \ > >> file://parallel.patch \ > >> " > >> - > >> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa" > >> -SRC_URI[sha256sum] = > >> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33" > >> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" > >> +SRC_URI[sha256sum] = > >> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" > >> > >> PACKAGES =+ "${PN}-engines" > >> FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" > >> > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: [email protected]
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
