[OE-core] [PATCH 0/1] openssl upgrade

Cristiana Voicu cristiana.voicu at intel.com
Tue Apr 8 11:49:47 UTC 2014 

The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). 
More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Tested locally on a core-image-sato. Tested with  openssl speed benchmark and
commands like version and help.
I am currently building on localautobuilder on major archs, but this will take some time.
I will announce in case of failure.

The following changes since commit bb66113bde5361b869dce2bdaece5b938f077ea8:

  bitbake: fetch2: Fix bug in file checksum generation (2014-04-06 11:31:26 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib cvoicu/openssl-upgrade
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=cvoicu/openssl-upgrade

Cristiana Voicu (1):
  openssl: Upgrade to v1.0.1g

 ...DTLS-retransmission-from-previous-session.patch |   81 ------
 ...or-TLS-record-tampering-bug-CVE-2013-4353.patch |   31 ---
 ...e-version-in-SSL_METHOD-not-SSL-structure.patch |   33 ---
 meta/recipes-connectivity/openssl/openssl.inc      |    3 -
 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../{openssl-1.0.1e => openssl}/debian/ca.patch    |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../{openssl-1.0.1e => openssl}/debian/pic.patch   |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../openssl/{openssl-1.0.1e => openssl}/find.pl    |    0
 .../fix-cipher-des-ede3-cfb1.patch                 |    0
 .../initial-aarch64-bits.patch                     |  108 ++++----
 .../{openssl-1.0.1e => openssl}/oe-ldflags.patch   |    0
 ...-pointer-dereference-in-EVP_DigestInit_ex.patch |    0
 ...NULL-pointer-dereference-in-dh_pub_encode.patch |    0
 .../openssl-fix-des.pod-error.patch                |    0
 .../openssl-fix-doc.patch                          |  280 +++++++++-----------
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../{openssl-1.0.1e => openssl}/shared-libs.patch  |    0
 .../{openssl_1.0.1e.bb => openssl_1.0.1g.bb}       |    9 +-
 28 files changed, 183 insertions(+), 362 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/find.pl (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/fix-cipher-des-ede3-cfb1.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/initial-aarch64-bits.patch (43%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-fix-des.pod-error.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-fix-doc.patch (47%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.1e.bb => openssl_1.0.1g.bb} (81%)

-- 
1.7.9.5

More information about the Openembedded-core mailing list