Hi there, On Saturday 07 June 2014 14:27:02 Yao Xinpan wrote: > The following bugs had been fixed in 1.0.1h: > CVE-2014-0224, CVE-2014-0221, CVE-2014-3470 > CVE-2014-0198, CVE-2010-5298. > > Signed-off-by: Yao Xinpan <[email protected]> > Signed-off-by: Lei Maohui <[email protected]> > --- > .../0001-add-functions-into-openssl.ld.patch | 35 ++ > .../openssl/openssl/openssl-CVE-2010-5298.patch | 24 -- > .../openssl/openssl-CVE-2014-0198-fix.patch | 23 -- > .../openssl/openssl/openssl-fix-doc.patch | 401 > --------------------- .../{openssl_1.0.1g.bb => openssl_1.0.1h.bb} | > 8 +- > 5 files changed, 38 insertions(+), 453 deletions(-) > create mode 100644 > meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl.l > d.patch delete mode 100644 > meta/recipes-connectivity/openssl/openssl/openssl-CVE-2010-5298.patch > delete mode 100644 > meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch > delete mode 100644 > meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch rename > meta/recipes-connectivity/openssl/{openssl_1.0.1g.bb => openssl_1.0.1h.bb} > (86%) > > diff --git > a/meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl > .ld.patch > b/meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl > .ld.patch new file mode 100644 > index 0000000..2bd261d > --- /dev/null > +++ > b/meta/recipes-connectivity/openssl/openssl/0001-add-functions-into-openssl > .ld.patch @@ -0,0 +1,35 @@ > +From 7d41b2ae4dff7a4caffb06e0d6dd533f77be8437 Mon Sep 17 00:00:00 2001 > +From: Yao Xinpan <[email protected]> > +Date: Sat, 7 Jun 2014 04:59:23 +0900 > +Subject: [PATCH] add functions into openssl.ld > + > +add ssl_init_wbio_buffer ssl3_setup_buffers dtls1_process_heartbeat and > +tls1_process_heartbeat into openssl.ld
So it turns out I've been working on this as well; however the preferred fix discussed upstream for the heartbeat_test failure (that the above patch attempts to fix) instead links heartbeat_test against the static version of the library. Also, patches included in recipes need to have signed-off-by and Upstream-Status. Since this is a critical fix I'll be sending out my version shortly, however I will include your names in the commit message. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
