[OE-core] [PATCH] openssl: upgrade from 1.0.1g to 1.0.1h
Paul Eggleton
paul.eggleton at linux.intel.com
Mon Jun 9 10:44:55 UTC 2014
Hi there,
On Saturday 07 June 2014 14:27:02 Yao Xinpan wrote:
> The following bugs had been fixed in 1.0.1h:
> CVE-2014-0224, CVE-2014-0221, CVE-2014-3470
> CVE-2014-0198, CVE-2010-5298.
>
> Signed-off-by: Yao Xinpan <yaoxp at cn.fujitsu.com>
> Signed-off-by: Lei Maohui <leimaohui at cn.fujitsu.com>
> ---
> .../0001-add-functions-into-openssl.ld.patch | 35 ++
> .../openssl/openssl/openssl-CVE-2010-5298.patch | 24 --
> .../openssl/openssl-CVE-2014-0198-fix.patch | 23 --
> .../openssl/openssl/openssl-fix-doc.patch | 401
> --------------------- .../{openssl_1.0.1g.bb => openssl_1.0.1h.bb} |
> 8 +-
> 5 files changed, 38 insertions(+), 453 deletions(-)
> create mode 100644
> meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl.l
> d.patch delete mode 100644
> meta/recipes-connectivity/openssl/openssl/openssl-CVE-2010-5298.patch
> delete mode 100644
> meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch
> delete mode 100644
> meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch rename
> meta/recipes-connectivity/openssl/{openssl_1.0.1g.bb => openssl_1.0.1h.bb}
> (86%)
>
> diff --git
> a/meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl
> .ld.patch
> b/meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl
> .ld.patch new file mode 100644
> index 0000000..2bd261d
> --- /dev/null
> +++
> b/meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl
> .ld.patch @@ -0,0 +1,35 @@
> +From 7d41b2ae4dff7a4caffb06e0d6dd533f77be8437 Mon Sep 17 00:00:00 2001
> +From: Yao Xinpan <yaoxp at cn.fujitsu.com>
> +Date: Sat, 7 Jun 2014 04:59:23 +0900
> +Subject: [PATCH] add functions into openssl.ld
> +
> +add ssl_init_wbio_buffer ssl3_setup_buffers dtls1_process_heartbeat and
> +tls1_process_heartbeat into openssl.ld
So it turns out I've been working on this as well; however the preferred fix
discussed upstream for the heartbeat_test failure (that the above patch
attempts to fix) instead links heartbeat_test against the static version of the
library. Also, patches included in recipes need to have signed-off-by and
Upstream-Status.
Since this is a critical fix I'll be sending out my version shortly, however I
will include your names in the commit message.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-core
mailing list