openssl: Security fix Drown via 1.0.2g update
CVE-2016-0800 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 https://www.openssl.org/news/secadv/20160301.txt Updated 2 debian patches to match changes in 1.0.2g (From OE-Core rev: 7933fbbc6372ec8edaec82dd5c7b44fa2d15a4d5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
ed14aef273
commit
73a43fc15e
|
@ -9,14 +9,15 @@ Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
|
||||||
Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
|
Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
|
||||||
|
|
||||||
This is not meant as final patch.
|
This is not meant as final patch.
|
||||||
|
|
||||||
Upstream-Status: Backport [debian]
|
Upstream-Status: Backport [debian]
|
||||||
|
|
||||||
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||||
|
|
||||||
Index: openssl-1.0.2/crypto/x509/x509_vfy.c
|
Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
|
--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
|
||||||
+++ openssl-1.0.2/crypto/x509/x509_vfy.c
|
+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
|
||||||
@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
|
@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
|
||||||
static int check_revocation(X509_STORE_CTX *ctx);
|
static int check_revocation(X509_STORE_CTX *ctx);
|
||||||
static int check_cert(X509_STORE_CTX *ctx);
|
static int check_cert(X509_STORE_CTX *ctx);
|
||||||
|
@ -25,17 +26,17 @@ Index: openssl-1.0.2/crypto/x509/x509_vfy.c
|
||||||
|
|
||||||
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
|
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
|
||||||
unsigned int *preasons, X509_CRL *crl, X509 *x);
|
unsigned int *preasons, X509_CRL *crl, X509 *x);
|
||||||
@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||||
if (!ok)
|
if (!ok)
|
||||||
goto end;
|
goto err;
|
||||||
|
|
||||||
+ ok = check_ca_blacklist(ctx);
|
+ ok = check_ca_blacklist(ctx);
|
||||||
+ if(!ok) goto end;
|
+ if(!ok) goto err;
|
||||||
+
|
+
|
||||||
#ifndef OPENSSL_NO_RFC3779
|
#ifndef OPENSSL_NO_RFC3779
|
||||||
/* RFC 3779 path validation, now that CRL check has been done */
|
/* RFC 3779 path validation, now that CRL check has been done */
|
||||||
ok = v3_asid_validate_path(ctx);
|
ok = v3_asid_validate_path(ctx);
|
||||||
@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
|
@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -27,7 +27,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
|
||||||
file://debian/no-rpath.patch \
|
file://debian/no-rpath.patch \
|
||||||
file://debian/no-symbolic.patch \
|
file://debian/no-symbolic.patch \
|
||||||
file://debian/pic.patch \
|
file://debian/pic.patch \
|
||||||
file://debian/version-script.patch \
|
file://debian1.0.2/version-script.patch \
|
||||||
file://openssl_fix_for_x32.patch \
|
file://openssl_fix_for_x32.patch \
|
||||||
file://fix-cipher-des-ede3-cfb1.patch \
|
file://fix-cipher-des-ede3-cfb1.patch \
|
||||||
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
|
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
|
||||||
|
@ -40,8 +40,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
|
||||||
file://configure-musl-target.patch \
|
file://configure-musl-target.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "b3bf73f507172be9292ea2a8c28b659d"
|
SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
|
||||||
SRC_URI[sha256sum] = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c"
|
SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
|
||||||
|
|
||||||
PACKAGES =+ "${PN}-engines"
|
PACKAGES =+ "${PN}-engines"
|
||||||
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
|
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
|
Loading…
Reference in New Issue