From 4d20e8295dbca4bd6e0c8ad36ab922d9dd4d8616 Mon Sep 17 00:00:00 2001 From: Andrej Valek Date: Thu, 2 Feb 2017 09:35:00 +0100 Subject: openssl: Updgrade 1.0.2j -> 1.0.2k Signed-off-by: Andrej Valek Signed-off-by: Pascal Bach Signed-off-by: Ross Burton --- .../openssl/openssl/CVE-2016-7055.patch | 43 ---------------- .../recipes-connectivity/openssl/openssl_1.0.2j.bb | 60 ---------------------- .../recipes-connectivity/openssl/openssl_1.0.2k.bb | 59 +++++++++++++++++++++ 3 files changed, 59 insertions(+), 103 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2j.bb create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2k.bb (limited to 'meta') diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch deleted file mode 100644 index 83a74cdacb..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a Mon Sep 17 00:00:00 2001 -From: Andy Polyakov -Date: Sun, 6 Nov 2016 18:33:17 +0100 -Subject: [PATCH] bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). - -Reviewed-by: Rich Salz -(cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a) - -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a] -CVE: CVE-2016-7055 -Signed-off-by: Yi Zhao ---- - crypto/bn/asm/x86_64-mont.pl | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl -index 044fd7e..80492d8 100755 ---- a/crypto/bn/asm/x86_64-mont.pl -+++ b/crypto/bn/asm/x86_64-mont.pl -@@ -1148,18 +1148,17 @@ $code.=<<___; - mulx 2*8($aptr),%r15,%r13 # ... - adox -3*8($tptr),%r11 - adcx %r15,%r12 -- adox $zero,%r12 -+ adox -2*8($tptr),%r12 - adcx $zero,%r13 -+ adox $zero,%r13 - - mov $bptr,8(%rsp) # off-load &b[i] -- .byte 0x67 - mov $mi,%r15 - imulq 24(%rsp),$mi # "t[0]"*n0 - xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 - - mulx 3*8($aptr),%rax,%r14 - mov $mi,%rdx -- adox -2*8($tptr),%r12 - adcx %rax,%r13 - adox -1*8($tptr),%r13 - adcx $zero,%r14 --- -2.7.4 - diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb deleted file mode 100644 index 94672f90bc..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb +++ /dev/null @@ -1,60 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" -CFLAG_append_class-native = " -fPIC" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://find.pl;subdir=${BP}/util/ \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian1.0.2/version-script.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - file://parallel.patch \ - file://openssl-util-perlpath.pl-cwd.patch \ - file://CVE-2016-7055.patch \ - " -SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b" -SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" - -# The crypto_use_bigint patch means that perl's bignum module needs to be -# installed, but some distributions (for example Fedora 23) don't ship it by -# default. As the resulting error is very misleading check for bignum before -# building. -do_configure_prepend() { - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi -} diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb new file mode 100644 index 0000000000..1973f81a24 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb @@ -0,0 +1,59 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" +CFLAG_append_class-native = " -fPIC" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=${BP}/util/ \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian1.0.2/version-script.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + file://parallel.patch \ + file://openssl-util-perlpath.pl-cwd.patch \ + " +SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65" +SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} -- cgit v1.2.3