subject:"\[OE\-core\] \[rocko\]\[PATCH v3 1\/4\] openssl10\: Upgrade 1.0.2l \-> 1.0.2m"

Re: [OE-core] [rocko][PATCH v3 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m

2017-12-21 Thread Koen Kooi



> Op 19 dec. 2017, om 22:26 heeft Stefan Agner  het volgende 
> geschreven:
> 
> From: Stefan Agner 
> 
> Deals with two CVEs:
> * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
> * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
> 
> Signed-off-by: Stefan Agner 
> Acked-by: Otavio Salvador 

Tested-by: Koen Kooi 

> ---
> Changes since v2:
> - Rebased to rocko-next
> 
> .../0001-Fix-build-with-clang-using-external-assembler.patch  | 0
> .../0001-openssl-force-soft-link-to-avoid-rare-race.patch | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch  | 0
> .../Use-SHA256-not-MD5-as-default-digest.patch| 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch| 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch| 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch   | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch| 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch| 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch   | 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch   | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch  | 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch   | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch   | 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch| 0
> .../debian1.0.2/block_digicert_malaysia.patch | 0
> .../debian1.0.2/block_diginotar.patch | 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch   | 0
> .../debian1.0.2/version-script.patch  | 0
> .../engines-install-in-libdir-ssl.patch   | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/find.pl| 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/oe-ldflags.patch   | 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/openssl-1.0.2a-x32-asm.patch   | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-c_rehash.sh| 0
> .../openssl-fix-des.pod-error.patch   | 0
> .../openssl-util-perlpath.pl-cwd.patch| 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/openssl_fix_for_x32.patch  | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/parallel.patch | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest-deps.patch   | 0
> .../{openssl-1.0.2l => openssl-1.0.2m}/ptest_makefile_deps.patch  | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/run-ptest  | 0
> .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/shared-libs.patch  | 0
> .../openssl/{openssl_1.0.2l.bb => openssl_1.0.2m.bb}  | 4 ++--
> 33 files changed, 2 insertions(+), 2 deletions(-)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/0001-Fix-build-with-clang-using-external-assembler.patch 
> (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/0001-openssl-force-soft-link-to-avoid-rare-race.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/Makefiles-ptest.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/Use-SHA256-not-MD5-as-default-digest.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/configure-musl-target.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/configure-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/c_rehash-compat.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/ca.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/debian-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/man-dir.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/man-section.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/no-rpath.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/no-symbolic.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/pic.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian/version-script.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian1.0.2/block_digicert_malaysia.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
> openssl-1.0.2m}/debian1.0.2/block_diginotar.patch (100%)
> rename meta/rec

[OE-core] [rocko][PATCH v3 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m

2017-12-19 Thread Stefan Agner

From: Stefan Agner 

Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Signed-off-by: Stefan Agner 
Acked-by: Otavio Salvador 
---
Changes since v2:
- Rebased to rocko-next

 .../0001-Fix-build-with-clang-using-external-assembler.patch  | 0
 .../0001-openssl-force-soft-link-to-avoid-rare-race.patch | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch  | 0
 .../Use-SHA256-not-MD5-as-default-digest.patch| 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch| 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch| 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch   | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch| 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch| 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch   | 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch   | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch  | 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch   | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch   | 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch| 0
 .../debian1.0.2/block_digicert_malaysia.patch | 0
 .../debian1.0.2/block_diginotar.patch | 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch   | 0
 .../debian1.0.2/version-script.patch  | 0
 .../engines-install-in-libdir-ssl.patch   | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/find.pl| 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/oe-ldflags.patch   | 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/openssl-1.0.2a-x32-asm.patch   | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-c_rehash.sh| 0
 .../openssl-fix-des.pod-error.patch   | 0
 .../openssl-util-perlpath.pl-cwd.patch| 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/openssl_fix_for_x32.patch  | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/parallel.patch | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest-deps.patch   | 0
 .../{openssl-1.0.2l => openssl-1.0.2m}/ptest_makefile_deps.patch  | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/run-ptest  | 0
 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/shared-libs.patch  | 0
 .../openssl/{openssl_1.0.2l.bb => openssl_1.0.2m.bb}  | 4 ++--
 33 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/0001-Fix-build-with-clang-using-external-assembler.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/0001-openssl-force-soft-link-to-avoid-rare-race.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/Makefiles-ptest.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/Use-SHA256-not-MD5-as-default-digest.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/configure-musl-target.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian1.0.2/block_digicert_malaysia.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian1.0.2/block_diginotar.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian1.0.2/soname.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => 
openssl-1.0.2m}/debian1.0.2/version-script.patch (100%)
 renam

Re: [OE-core] [rocko][PATCH v3 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m

[OE-core] [rocko][PATCH v3 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m

2 matches

Site Navigation

Mail list logo

Footer information