openssl: upgrade to 1.0.2c
upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176 remove a backport patch update the c_rehash-compat.patch (From OE-Core rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
dc5813d8d0
commit
2d65e23f2d
|
@ -1,30 +0,0 @@
|
|||
From 60c268b21ac81cc6b1af5c5470282a613b96f6fd Mon Sep 17 00:00:00 2001
|
||||
From: Andy Polyakov <appro@openssl.org>
|
||||
Date: Mon, 25 May 2015 10:17:14 +0200
|
||||
Subject: [PATCH] bn/bn_lcl.h: fix MIPS-specific gcc version check.
|
||||
|
||||
RT#3859
|
||||
|
||||
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
||||
---
|
||||
Upstream-Status: Backport
|
||||
|
||||
crypto/bn/bn_lcl.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
|
||||
index 196df7e..b9d124a 100644
|
||||
--- a/crypto/bn/bn_lcl.h
|
||||
+++ b/crypto/bn/bn_lcl.h
|
||||
@@ -443,7 +443,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
||||
# endif
|
||||
# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
|
||||
# if defined(__GNUC__) && __GNUC__>=2
|
||||
-# if __GNUC__>=4 && __GNUC_MINOR__>=4
|
||||
+# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
|
||||
/* "h" constraint is no more since 4.4 */
|
||||
# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
|
||||
# define BN_UMULT_LOHI(low,high,a,b) ({ \
|
||||
--
|
||||
2.1.4
|
||||
|
|
@ -5,14 +5,10 @@ Subject: [PATCH] also create old hash for compatibility
|
|||
|
||||
Upstream-Status: Backport [debian]
|
||||
|
||||
---
|
||||
tools/c_rehash.in | 8 +++++++-
|
||||
1 files changed, 7 insertions(+), 1 deletions(-)
|
||||
|
||||
Index: openssl-1.0.2~beta3/tools/c_rehash.in
|
||||
===================================================================
|
||||
--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
|
||||
+++ openssl-1.0.2~beta3/tools/c_rehash.in
|
||||
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
|
||||
index b086ff9..b777d79 100644
|
||||
--- a/tools/c_rehash.in
|
||||
+++ b/tools/c_rehash.in
|
||||
@@ -8,8 +8,6 @@ my $prefix;
|
||||
|
||||
my $openssl = $ENV{OPENSSL} || "openssl";
|
||||
|
@ -23,14 +19,14 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in
|
|||
my $symlink_exists=eval {symlink("",""); 1};
|
||||
my $removelinks = 1;
|
||||
@@ -18,10 +16,7 @@ my $removelinks = 1;
|
||||
while ( $ARGV[0] =~ '-.*' ) {
|
||||
while ( $ARGV[0] =~ /^-/ ) {
|
||||
my $flag = shift @ARGV;
|
||||
last if ( $flag eq '--');
|
||||
- if ( $flag =~ /-old/) {
|
||||
- if ( $flag eq '-old') {
|
||||
- $x509hash = "-subject_hash_old";
|
||||
- $crlhash = "-hash_old";
|
||||
- } elsif ( $flag =~ /-h/) {
|
||||
+ if ( $flag =~ /-h/) {
|
||||
- } elsif ( $flag eq '-h') {
|
||||
+ if ( $flag eq '-h') {
|
||||
help();
|
||||
} elsif ( $flag eq '-n' ) {
|
||||
$removelinks = 0;
|
||||
|
@ -52,7 +48,7 @@ Index: openssl-1.0.2~beta3/tools/c_rehash.in
|
|||
$fname =~ s/'/'\\''/g;
|
||||
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
||||
chomp $hash;
|
||||
@@ -177,10 +175,20 @@ sub link_hash_cert {
|
||||
@@ -176,11 +174,21 @@ sub link_hash_cert {
|
||||
$hashlist{$hash} = $fprint;
|
||||
}
|
||||
|
||||
|
|
|
@ -36,12 +36,11 @@ SRC_URI += "file://configure-targets.patch \
|
|||
file://ptest-deps.patch \
|
||||
file://run-ptest \
|
||||
file://crypto_use_bigint_in_x86-64_perl.patch \
|
||||
file://0001-bn-bn_lcl.h-fix-MIPS-specific-gcc-version-check.patch \
|
||||
file://openssl-1.0.2a-x32-asm.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "a06c547dac9044161a477211049f60ef"
|
||||
SRC_URI[sha256sum] = "15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a"
|
||||
SRC_URI[md5sum] = "8c8d81a9ae7005276e486702edbcd4b6"
|
||||
SRC_URI[sha256sum] = "0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83"
|
||||
|
||||
PACKAGES =+ " \
|
||||
${PN}-engines \
|
Loading…
Reference in New Issue