From 631632addbc81b06b7accfca8f8a9871d6b09111 Mon Sep 17 00:00:00 2001 From: Jan Wetter Date: Thu, 9 Jul 2015 17:33:48 +0200 Subject: openssl: upgrade to 1.0.2d This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. Signed-off-by: Jan Wetter Signed-off-by: Richard Purdie --- .../openssl/openssl/openssl-fix-link.patch | 35 ------------- .../recipes-connectivity/openssl/openssl_1.0.2c.bb | 58 ---------------------- .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 57 +++++++++++++++++++++ 3 files changed, 57 insertions(+), 93 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2c.bb create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2d.bb (limited to 'meta/recipes-connectivity') diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch deleted file mode 100644 index 154106cbcd..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch +++ /dev/null @@ -1,35 +0,0 @@ -From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Thu, 22 Sep 2011 08:55:26 +0200 -Subject: [PATCH] fix the parallel build regarding shared libraries. - -Upstream-Status: Pending ---- - .../openssl-1.0.0e/Makefile.org | 8 ++++---- - 1 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile.org -index 3c7aea1..6326cd6 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines - - build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto - @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto - @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_crypto build_ssl - @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_crypto build_ssl - @dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: - @dir=tools; target=all; $(BUILD_ONE_CMD) --- -1.6.6.1 - diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb deleted file mode 100644 index fd4ba6c5fa..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2c.bb +++ /dev/null @@ -1,58 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://openssl-fix-link.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian/version-script.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://find.pl \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://run-ptest \ - file://crypto_use_bigint_in_x86-64_perl.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - " - -SRC_URI[md5sum] = "8c8d81a9ae7005276e486702edbcd4b6" -SRC_URI[sha256sum] = "0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83" - -PACKAGES =+ " \ - ${PN}-engines \ - ${PN}-engines-dbg \ - " - -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug" - -PARALLEL_MAKE = "" -PARALLEL_MAKEINST = "" - -do_configure_prepend() { - cp ${WORKDIR}/find.pl ${S}/util/find.pl -} diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb new file mode 100644 index 0000000000..32d8dce269 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb @@ -0,0 +1,57 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian/version-script.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://find.pl \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://run-ptest \ + file://crypto_use_bigint_in_x86-64_perl.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + " + +SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a" +SRC_URI[sha256sum] = "671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8" + +PACKAGES =+ " \ + ${PN}-engines \ + ${PN}-engines-dbg \ + " + +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" +FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug" + +PARALLEL_MAKE = "" +PARALLEL_MAKEINST = "" + +do_configure_prepend() { + cp ${WORKDIR}/find.pl ${S}/util/find.pl +} -- cgit 1.2.3-korg