[OE-core] [PATCH v2] openssl: Upgrade 1.0.2k -> 1.0.2l
Khem Raj
raj.khem at gmail.com
Fri Jun 9 13:13:05 UTC 2017
On Thu, Jun 8, 2017 at 5:52 AM Changhyeok Bae <changhyeok.bae at gmail.com>
wrote:
> Dropped obsolete patches, because the new version contains them:
> - fix-cipher-des-ede3-cfb1.patch
> - openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>
> Signed-off-by: Changhyeok Bae <changhyeok.bae at gmail.com>
> ---
> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21
> --------------------
> ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 23
> ----------------------
> .../{openssl_1.0.2k.bb => openssl_1.0.2l.bb} | 8 +++-----
> 3 files changed, 3 insertions(+), 49 deletions(-)
> delete mode 100644
> meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> delete mode 100644
> meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> rename meta/recipes-connectivity/openssl/{openssl_1.0.2k.bb =>
> openssl_1.0.2l.bb} (86%)
>
> diff --git
> a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> deleted file mode 100644
> index 2a318a4..0000000
> ---
> a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
> +++ /dev/null
> @@ -1,21 +0,0 @@
> -Upstream-Status: Submitted
> -
> -This patch adds the fix for one of the ciphers used in openssl, namely
> -the cipher des-ede3-cfb1. Complete bug log and patch is present here:
> -http://rt.openssl.org/Ticket/Display.html?id=2867
> -
> -Signed-off-by: Muhammad Shakeel <muhammad_shakeel at mentor.com>
> -
> -Index: openssl-1.0.2/crypto/evp/e_des3.c
> -===================================================================
> ---- openssl-1.0.2.orig/crypto/evp/e_des3.c
> -+++ openssl-1.0.2/crypto/evp/e_des3.c
> -@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
> - size_t n;
> - unsigned char c[1], d[1];
> -
> -- for (n = 0; n < inl; ++n) {
> -+ for (n = 0; n * 8 < inl; ++n) {
> - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
> - DES_ede3_cfb_encrypt(c, d, 1, 1,
> - &data(ctx)->ks1, &data(ctx)->ks2,
> diff --git
> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> deleted file mode 100644
> index f736e5c..0000000
> ---
> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> +++ /dev/null
> @@ -1,23 +0,0 @@
> -openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
> -
> -We should avoid accessing the type pointer if it's NULL,
> -this could happen if ctx->digest is not NULL.
> -
> -Upstream-Status: Submitted
> -http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
> -
> -Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
> ----
> -Index: openssl-1.0.2h/crypto/evp/digest.c
> -===================================================================
> ---- openssl-1.0.2h.orig/crypto/evp/digest.c
> -+++ openssl-1.0.2h/crypto/evp/digest.c
> -@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> - type = ctx->digest;
> - }
> - #endif
> -- if (ctx->digest != type) {
> -+ if (type && (ctx->digest != type)) {
> - if (ctx->digest && ctx->digest->ctx_size) {
> - OPENSSL_free(ctx->md_data);
> - ctx->md_data = NULL;
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
> similarity index 86%
> rename from meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
> index 83d1a50..a2ef2ac 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
> @@ -7,7 +7,7 @@ DEPENDS += "cryptodev-linux"
> CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> CFLAG_append_class-native = " -fPIC"
>
> -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
>
What resulted in this change
>
> export DIRS = "crypto ssl apps engines"
> export OE_LDFLAGS="${LDFLAGS}"
> @@ -32,8 +32,6 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> file://debian1.0.2/version-script.patch \
> file://debian1.0.2/soname.patch \
> file://openssl_fix_for_x32.patch \
> - file://fix-cipher-des-ede3-cfb1.patch \
> -
> file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> file://openssl-fix-des.pod-error.patch \
> file://Makefiles-ptest.patch \
> file://ptest-deps.patch \
> @@ -45,8 +43,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> file://Use-SHA256-not-MD5-as-default-digest.patch \
>
> file://0001-Fix-build-with-clang-using-external-assembler.patch \
> "
> -SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
> -SRC_URI[sha256sum] =
> "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
> +SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
> +SRC_URI[sha256sum] =
> "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
>
> PACKAGES =+ "${PN}-engines"
> FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170609/0db8627a/attachment-0002.html>
More information about the Openembedded-core
mailing list