openssl: Security fix Drown via 1.0.2g update
CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g (From OE-Core rev: 7933fbbc6372ec8edaec82dd5c7b44fa2d15a4d5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
ed14aef273
commit
73a43fc15e
|
@ -9,14 +9,15 @@ Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
|
|||
Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
|
||||
|
||||
This is not meant as final patch.
|
||||
|
||||
|
||||
Upstream-Status: Backport [debian]
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
Index: openssl-1.0.2/crypto/x509/x509_vfy.c
|
||||
Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
|
||||
+++ openssl-1.0.2/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
|
||||
+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
|
||||
@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
|
||||
static int check_revocation(X509_STORE_CTX *ctx);
|
||||
static int check_cert(X509_STORE_CTX *ctx);
|
||||
|
@ -25,17 +26,17 @@ Index: openssl-1.0.2/crypto/x509/x509_vfy.c
|
|||
|
||||
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
|
||||
unsigned int *preasons, X509_CRL *crl, X509 *x);
|
||||
@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||
@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||
if (!ok)
|
||||
goto end;
|
||||
goto err;
|
||||
|
||||
+ ok = check_ca_blacklist(ctx);
|
||||
+ if(!ok) goto end;
|
||||
+ if(!ok) goto err;
|
||||
+
|
||||
#ifndef OPENSSL_NO_RFC3779
|
||||
/* RFC 3779 path validation, now that CRL check has been done */
|
||||
ok = v3_asid_validate_path(ctx);
|
||||
@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
|
||||
@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -27,7 +27,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
|
|||
file://debian/no-rpath.patch \
|
||||
file://debian/no-symbolic.patch \
|
||||
file://debian/pic.patch \
|
||||
file://debian/version-script.patch \
|
||||
file://debian1.0.2/version-script.patch \
|
||||
file://openssl_fix_for_x32.patch \
|
||||
file://fix-cipher-des-ede3-cfb1.patch \
|
||||
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
|
||||
|
@ -40,8 +40,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
|
|||
file://configure-musl-target.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "b3bf73f507172be9292ea2a8c28b659d"
|
||||
SRC_URI[sha256sum] = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c"
|
||||
SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
|
||||
SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
|
||||
|
||||
PACKAGES =+ "${PN}-engines"
|
||||
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
|
Loading…
Reference in New Issue