openssl: Security fix via update to 1.0.2h

author Armin Kuster <akuster@mvista.com>

Tue, 3 May 2016 23:46:05 +0000 (16:46 -0700)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Mon, 9 May 2016 07:03:57 +0000 (08:03 +0100)
author Armin Kuster <akuster@mvista.com>
Tue, 3 May 2016 23:46:05 +0000 (16:46 -0700)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Mon, 9 May 2016 07:03:57 +0000 (08:03 +0100)
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch

index cebc8cf0d05699efdce0cb9980417f16382ca2b4..f736e5c09838e713dffbb903364695681fe3676c 100644 (file)
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
  
  Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
  ---
-Index: openssl-1.0.2/crypto/evp/digest.c
+Index: openssl-1.0.2h/crypto/evp/digest.c
  ===================================================================
---- openssl-1.0.2.orig/crypto/evp/digest.c
-+++ openssl-1.0.2/crypto/evp/digest.c
-@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         return 0;
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
++++ openssl-1.0.2h/crypto/evp/digest.c
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         type = ctx->digest;
       }
   #endif
  -    if (ctx->digest != type) {
  +    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size)
+         if (ctx->digest && ctx->digest->ctx_size) {
               OPENSSL_free(ctx->md_data);
-         ctx->digest = type;
+             ctx->md_data = NULL;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb

similarity index 91%

rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb

rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb

index 290f129fc09fa15b7fc017133cb54d6939dad086..ae65992b4ee505bff884e56ef84c37c6a1e490f9 100644 (file)
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
              file://openssl-fix-des.pod-error.patch \
              file://Makefiles-ptest.patch \
              file://ptest-deps.patch \
-            file://crypto_use_bigint_in_x86-64_perl.patch \
              file://openssl-1.0.2a-x32-asm.patch \
              file://ptest_makefile_deps.patch  \
              file://configure-musl-target.patch \
              file://parallel.patch \
             "
-
-SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
-SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
+SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
+SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
  
  PACKAGES =+ "${PN}-engines"
  FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
author	Armin Kuster <akuster@mvista.com>
	Tue, 3 May 2016 23:46:05 +0000 (16:46 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 9 May 2016 07:03:57 +0000 (08:03 +0100)
meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch		patch \| blob \| history
meta/recipes-connectivity/openssl/openssl_1.0.2h.bb	[moved from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb with 91% similarity]	patch \| blob \| history