summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity/openssl/openssl.inc
diff options
context:
space:
mode:
authorPatrick Ohly <patrick.ohly@intel.com>2016-09-23 15:26:05 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-09-23 18:06:10 +0100
commitd6b69279b5d1370d9c4982d5b1842a471cfd2b0e (patch)
tree996e51823dcd4afc80200fe2afd1107c4a846f43 /meta/recipes-connectivity/openssl/openssl.inc
parent4c10376bdfd54af75de840bd4a31386e6e89477e (diff)
downloadopenembedded-core-d6b69279b5d1370d9c4982d5b1842a471cfd2b0e.tar.gz
openembedded-core-d6b69279b5d1370d9c4982d5b1842a471cfd2b0e.tar.bz2
openembedded-core-d6b69279b5d1370d9c4982d5b1842a471cfd2b0e.zip
openssl: update to 1.0.2i (CVE-2016-6304 and more)
This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl.inc')
-rw-r--r--meta/recipes-connectivity/openssl/openssl.inc1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index f83664c271..cb7ec0aac2 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -211,6 +211,7 @@ do_install_ptest () {
ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ cp apps/server.pem ${D}${PTEST_PATH}/apps
cp apps/server2.pem ${D}${PTEST_PATH}/apps
mkdir -p ${D}${PTEST_PATH}/util
install util/opensslwrap.sh ${D}${PTEST_PATH}/util