| Age | Commit message (Collapse) | Author | Files |
|---|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.1i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssl < 1.0.2i
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
This patch should not have been back ported.
This reverts commit 18b0a78f439ce26ea475537cc20ebbc1d091920c.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The backported upgrade to 1.0.2h included an updated GNU LD
version-script which results in an ABI change. In order to try and
respect ABI for existing binaries built against fido this commit
partially reverts the version-script to maintain the existing ABI
and instead only add the new symbols required by 1.0.2h.
Suggested-by: Martin Jansa <martin.jansa@gmail.com>
(From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
https://www.openssl.org/news/secadv/20160503.txt
fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
(From OE-Core rev: c693f34f54257a8eca9fe8c5a9eee5647b7eeb0c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving
libcrypto from libdir -> base_libdir to support dhclient [1].
However, the line has been unnecessary since ${base_libdir}/lib*.so
files started to be included in FILES_${PN}-dev by default [2] (and
it's still unnecessary now, after moving libcrypto from back to libdir
to support ntp [3]).
[1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072
[2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a
[3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc
Also define FILES_libssl using SOLIBS instead of a hardcoded pattern.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For now, if 'openssl' is enabled for ntp, ntp would still be built
without openssl & libcrypto. This is because that ntp thinks openssl
and libcrypto locates under the same directory.
This patch removes the codes of moving libcrypto to base_libdir.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make
races.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-0800
CVE-2016-0705
CVE-2016-0798
CVE-2016-0797
CVE-2016-0799
CVE-2016-0702
CVE-2016-0703
CVE-2016-0704
https://www.openssl.org/news/secadv/20160301.txt
Updated 2 debian patches to match changes in 1.0.2g
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Machine specific over-rides for mtx-1 (aka MeshCube) and
mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The openssl recipe currently relies on EXTRA_OEMAKE having been set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this
explicit so that the default in bitbake.conf can be changed.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
o DH small subgroups (CVE-2016-0701)
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
Updated LICENSE hash due to change in copyright year.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The code in native.bbclass adds -native suffix to the package
names that don't have it. perl-native-runtime becomes
perl-native-runtime-native because of this.
Renamed perl-native-runtime -> hostperl-runtime-native to avoid
mangling it and to conform with the naming convetion for native
packages.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In some recipes overly-split -dbg packages were merged into PN-dbg. Unless
there's a very good reason, recipes should have a single -dev and -dbg package.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
use termios instead of termio
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
[YOCTO #8765]
[YOCTO #8758]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
openssl 1.0.2d fixes the parallel make problems (commit 8e6bb99), so enable
parallel make again.
[ YOCTO #7347 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* follow symbolic links while copying sources from test/*
* install required target files to remove Make errors:
make[2]: *** No rule to make target 'xxx', needed by 'yyy'.
* fix hardcode pathes:
/usr/lib -> ${libdir}, /usr/bin -> ${bindir}
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For clarity and correctness of source archiving, don't move find.pl from WORKDIR
to S in do_configure_prepend but tell the fetcher to put it in the right place
when unpacking.
Also re-order the files in SRC_URI so that patches are grouped together.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The crypto_use_bigint_in_x86-64_perl patch uses the "bigint" module to
transparently support 64-bit integers on 32-bit hosts. Whilst bigint (part of
bignum) is a core Perl module not all distributions install it (notable Fedora
23).
As the error message when bignum isn't installed is obscure, add a task to check
that it is available and alert the user if it isn't.
[ YOCTO #8562 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We need these to be consistent so they are possible to programmatically
read.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Match target name linux-mips64 as well, all mips64 targets will have
mips(32) userspace.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove dependencies for test targets. Otherwise, during ptest
execution, "make" tries to rebuild those executables and fails
there.
[YOCTO #8059]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Map nios2 architecture to linux-generic32 target.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This upgrade fixes CVE-2015-1793
Removed openssl-fix-link.patch. The linking issue has been fixed in openssl.
Signed-off-by: Jan Wetter <jan.wetter@mikrom.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176
remove a backport patch
update the c_rehash-compat.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix build on Fedora 21 i686.
When building on x32 systems where the default type is 32bit,
make sure that 64bit integers can be represented transparently.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Previous patch had a concern as well and this is a direct backport of
the patch fixing the problem.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Patch is submitted upstream as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
padlock_conf.patch will enable the padlock engine by default,
but this engine does not work on some 32bit machine, and lead
to openssl unable to work
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The virtclass-native is out of date.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed:
- openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
- upgate-vegsion-script-for-1.0.2.patch
Since they are already in the source.
- make-targets.patch
It removed test dir from DIRS, which is not needed any more since we
need build it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
on some hosts openssl fails to build with this error:
ghash-x86_64.s: Assembler messages:
ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
backported fix from community.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Patch updated to drop TERMIO flags since these are the default on
Linux anyway (see https://git.openssl.org/?p=openssl.git;a=commit;h=64e6bf64b36136d487e2fbf907f09612e69ae911)
Also drop patch merged upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This reverts commit 7502fa5febdd7a2281d626f7040782fb1f9af59e.
We keep seeing parallel make failures in openssl :(
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable
SSLv3 even if patched with the TLS_FALLBACK_SCSV
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade includes 8 CVE bug fixes
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed:
Cannot create directory image/usr: File exists
make: *** [install_sw] Error 17
Create /usr to avoid race issues.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Map the microblaze architecture to the linux-generic32 target.
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This causes the package to not be relocateable from sstate
The OpenSSL binaries respect a few environment variables for determining
locations of files, so we now use these to point the binaries to the
relocated locations.
[YOCTO #6827]
Signed-off-by: André Draszik <adraszik@digisoft.tv>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
With last restructuring for musl, some of uclibc targets got ignored
fsl/ppc and ARM worked ok since they use special target triplets which
were already considered but other like mips, x86 and so on failed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
