[OE-core] [PATCH][dizzy] Update openssl to 1.0.1m
akuster808
akuster808 at gmail.com
Wed Mar 25 14:32:20 UTC 2015
On 3/25/15 6:15 AM, brendan.le.foll at intel.com wrote:
Thank you for your support on Dizzy.
If it isn't too mush trouble, is it possible to get the CVE's list are
are being addressed by this update?
regards,
Armin
> From: Brendan Le Foll <brendan.le.foll at intel.com>
>
> Due to recent security fixes it's advisable to update to the latest openssl
> version. I propose an update to 1.0.1m rather than simply patching the
> individual CVEs which is much more time consuming/error prone
>
> This is exactly the same patch as for daisy since they share openssl version/patches
>
> Brendan Le Foll (1):
> openssl: Upgrade to 1.0.1m
>
> .../openssl/openssl/configure-targets.patch | 28 +++----
> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 17 +++--
> .../openssl/openssl/initial-aarch64-bits.patch | 87 ++++++++++++++--------
> ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 19 +++--
> ...NULL-pointer-dereference-in-dh_pub_encode.patch | 39 ----------
> .../openssl/openssl/openssl_fix_for_x32.patch | 83 ++++++++-------------
> .../recipes-connectivity/openssl/openssl_1.0.1j.bb | 57 --------------
> .../recipes-connectivity/openssl/openssl_1.0.1m.bb | 56 ++++++++++++++
> 8 files changed, 175 insertions(+), 211 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.1j.bb
> create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
>
More information about the Openembedded-core
mailing list