Re: [OE-core] [rocko][PATCH v3 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m
> Op 19 dec. 2017, om 22:26 heeft Stefan Agner het volgende > geschreven: > > From: Stefan Agner > > Deals with two CVEs: > * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) > * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) > > Signed-off-by: Stefan Agner > Acked-by: Otavio Salvador Tested-by: Koen Kooi > --- > Changes since v2: > - Rebased to rocko-next > > .../0001-Fix-build-with-clang-using-external-assembler.patch | 0 > .../0001-openssl-force-soft-link-to-avoid-rare-race.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch | 0 > .../Use-SHA256-not-MD5-as-default-digest.patch| 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch| 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch| 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch| 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch| 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch | 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch | 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch | 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch| 0 > .../debian1.0.2/block_digicert_malaysia.patch | 0 > .../debian1.0.2/block_diginotar.patch | 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch | 0 > .../debian1.0.2/version-script.patch | 0 > .../engines-install-in-libdir-ssl.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/find.pl| 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/oe-ldflags.patch | 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/openssl-1.0.2a-x32-asm.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-c_rehash.sh| 0 > .../openssl-fix-des.pod-error.patch | 0 > .../openssl-util-perlpath.pl-cwd.patch| 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/openssl_fix_for_x32.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/parallel.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest-deps.patch | 0 > .../{openssl-1.0.2l => openssl-1.0.2m}/ptest_makefile_deps.patch | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/run-ptest | 0 > .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/shared-libs.patch | 0 > .../openssl/{openssl_1.0.2l.bb => openssl_1.0.2m.bb} | 4 ++-- > 33 files changed, 2 insertions(+), 2 deletions(-) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/0001-Fix-build-with-clang-using-external-assembler.patch > (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/0001-openssl-force-soft-link-to-avoid-rare-race.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/Makefiles-ptest.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/Use-SHA256-not-MD5-as-default-digest.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/configure-musl-target.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/configure-targets.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/c_rehash-compat.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/ca.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/debian-targets.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/man-dir.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/man-section.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/no-rpath.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/no-symbolic.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/pic.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian/version-script.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian1.0.2/block_digicert_malaysia.patch (100%) > rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => > openssl-1.0.2m}/debian1.0.2/block_diginotar.patch (100%) > rename meta/rec
[OE-core] [rocko][PATCH v3 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m
From: Stefan Agner Deals with two CVEs: * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Signed-off-by: Stefan Agner Acked-by: Otavio Salvador --- Changes since v2: - Rebased to rocko-next .../0001-Fix-build-with-clang-using-external-assembler.patch | 0 .../0001-openssl-force-soft-link-to-avoid-rare-race.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch | 0 .../Use-SHA256-not-MD5-as-default-digest.patch| 0 .../{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch| 0 .../{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch| 0 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch| 0 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch| 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch | 0 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch | 0 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch | 0 .../{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch| 0 .../debian1.0.2/block_digicert_malaysia.patch | 0 .../debian1.0.2/block_diginotar.patch | 0 .../{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch | 0 .../debian1.0.2/version-script.patch | 0 .../engines-install-in-libdir-ssl.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/find.pl| 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/oe-ldflags.patch | 0 .../{openssl-1.0.2l => openssl-1.0.2m}/openssl-1.0.2a-x32-asm.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-c_rehash.sh| 0 .../openssl-fix-des.pod-error.patch | 0 .../openssl-util-perlpath.pl-cwd.patch| 0 .../{openssl-1.0.2l => openssl-1.0.2m}/openssl_fix_for_x32.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/parallel.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest-deps.patch | 0 .../{openssl-1.0.2l => openssl-1.0.2m}/ptest_makefile_deps.patch | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/run-ptest | 0 .../openssl/{openssl-1.0.2l => openssl-1.0.2m}/shared-libs.patch | 0 .../openssl/{openssl_1.0.2l.bb => openssl_1.0.2m.bb} | 4 ++-- 33 files changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/0001-Fix-build-with-clang-using-external-assembler.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/0001-openssl-force-soft-link-to-avoid-rare-race.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/Use-SHA256-not-MD5-as-default-digest.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/block_digicert_malaysia.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/block_diginotar.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch (100%) rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/version-script.patch (100%) renam