On Fri, May 13, 2016 at 04:31:39PM +0200, Martin Jansa wrote: > On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote: > > Robert, > > > > > > On 05/10/2016 11:22 PM, Robert Yang wrote: > > > > > > > > > On 05/04/2016 07:46 AM, Armin Kuster wrote: > > >> From: Armin Kuster <[email protected]> > > >> > > >> CVE-2016-2105 > > >> CVE-2016-2106 > > >> CVE-2016-2109 > > >> CVE-2016-2176 > > >> > > >> https://www.openssl.org/news/secadv/20160503.txt > > >> > > >> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > > >> > > >> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest. > > > > > > After I looked into the code, it seems that this patch is not in latest > > > code ? > > > > hmm, my old eyes deceive me. > > > > thanks for checking. > > > > I will send a correcting. > > 1.0.2h is already in fido, jethro and master, can we quickly get it to krogoth > which is still using older version 1.0.2g? > > It's always strange to see recipe version downgrades when upgrading to > newer Yocto release.
It also seems to break python-cryptography again: http://errors.yoctoproject.org/Errors/Details/62854/ You have fixed compatibility with 1.0.2g in: http://git.openembedded.org/meta-openembedded/commit/?id=44f0e74954628d6a3d04fa5249dbe0c94f6dff59 Maybe it needs another update for 1.0.2h and the same fix should be backported to fido and jethro, now when they all have newer openssl as well? > > - armin > > > It is a backported patch from gentoo. > > > > > > // Robert > > > > > >> > > >> Signed-off-by: Armin Kuster <[email protected]> > > >> --- > > >> ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 > > >> +++++++------- > > >> .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} | 6 ++---- > > >> 2 files changed, 9 insertions(+), 11 deletions(-) > > >> rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => > > >> openssl_1.0.2h.bb} (91%) > > >> > > >> diff --git > > >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > > >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > > >> > > >> index cebc8cf..f736e5c 100644 > > >> --- > > >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > > >> > > >> +++ > > >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch > > >> > > >> @@ -8,16 +8,16 @@ > > >> http://www.mail-archive.com/[email protected]/msg32860.html > > >> > > >> Signed-off-by: Xufeng Zhang <[email protected]> > > >> --- > > >> -Index: openssl-1.0.2/crypto/evp/digest.c > > >> +Index: openssl-1.0.2h/crypto/evp/digest.c > > >> =================================================================== > > >> ---- openssl-1.0.2.orig/crypto/evp/digest.c > > >> -+++ openssl-1.0.2/crypto/evp/digest.c > > >> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c > > >> - return 0; > > >> +--- openssl-1.0.2h.orig/crypto/evp/digest.c > > >> ++++ openssl-1.0.2h/crypto/evp/digest.c > > >> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c > > >> + type = ctx->digest; > > >> } > > >> #endif > > >> - if (ctx->digest != type) { > > >> + if (type && (ctx->digest != type)) { > > >> - if (ctx->digest && ctx->digest->ctx_size) > > >> + if (ctx->digest && ctx->digest->ctx_size) { > > >> OPENSSL_free(ctx->md_data); > > >> - ctx->digest = type; > > >> + ctx->md_data = NULL; > > >> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb > > >> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb > > >> similarity index 91% > > >> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb > > >> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb > > >> index 290f129..ae65992 100644 > > >> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb > > >> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb > > >> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ > > >> file://openssl-fix-des.pod-error.patch \ > > >> file://Makefiles-ptest.patch \ > > >> file://ptest-deps.patch \ > > >> - file://crypto_use_bigint_in_x86-64_perl.patch \ > > >> file://openssl-1.0.2a-x32-asm.patch \ > > >> file://ptest_makefile_deps.patch \ > > >> file://configure-musl-target.patch \ > > >> file://parallel.patch \ > > >> " > > >> - > > >> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa" > > >> -SRC_URI[sha256sum] = > > >> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33" > > >> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" > > >> +SRC_URI[sha256sum] = > > >> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" > > >> > > >> PACKAGES =+ "${PN}-engines" > > >> FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" > > >> > > -- > > _______________________________________________ > > Openembedded-core mailing list > > [email protected] > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > -- > Martin 'JaMa' Jansa jabber: [email protected] -- Martin 'JaMa' Jansa jabber: [email protected]
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
