]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 05cb09b)
openssl: drop the valgrind patch that introduce a security hole
authorIlya Yanok <yanok@emcraft.com>
Mon, 17 Jan 2011 22:36:17 +0000 (01:36 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 20 Jan 2011 21:36:59 +0000 (21:36 +0000)
debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible
for everyone using Debian and derivatives changing their keys. All keys
generated with the patched OpenSSL are compromised so at very least we
have to drop this patch for good.

Signed-off-by: Ilya Yanok <yanok@emcraft.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch [deleted file] patch | blob | history
meta/recipes-connectivity/openssl/openssl_0.9.8p.bb patch | blob | history

diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
deleted file mode 100644 (file)
index e9f86ea..0000000
--- a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: openssl-0.9.8k/crypto/rand/md_rand.c
-===================================================================
---- openssl-0.9.8k.orig/crypto/rand/md_rand.c  2008-09-16 13:50:05.000000000 +0200
-+++ openssl-0.9.8k/crypto/rand/md_rand.c       2009-07-19 11:36:05.000000000 +0200
-@@ -477,8 +477,10 @@
-               MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-               MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- #ifndef PURIFY
-+#if 0 /* Don't add uninitialised data. */
-               MD_Update(&m,buf,j); /* purify complains */
- #endif
-+#endif
-               k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
-               if (k > 0)
-                       {
diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
index 3ae6bf456ede8d0eeab09652e10d8e81f6b02b2a..283b82add0175ac17a9a5cf9e4b337815af75084 100644 (file)
--- a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
+++ b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
@@ -13,7 +13,6 @@ SRC_URI += "file://debian/ca.patch \
             file://debian/no-symbolic.patch \
             file://debian/pic.patch \
             file://debian/pkg-config.patch \
-            file://debian/valgrind.patch \
             file://debian/rc4-amd64.patch \
             file://debian/rehash-crt.patch \
             file://debian/rehash_pod.patch \
Mirror of the official openembedded-core repository