diff options
author | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-04-06 09:56:43 +0200 |
---|---|---|
committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-04-06 09:56:43 +0200 |
commit | 2c7ba109910c171acea3561746f8ee37dc6de361 (patch) | |
tree | a8f614f8c5799c4fac43dccd3988eb787fd6d4a0 /recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch | |
parent | 947ffa0680228c52c6aed322a84ad451e1c140c1 (diff) |
openssl: update 1.0.2d -> 1.0.2k
This is basically a back port of the following commits from the
openembedded-core master branch:
openssl: actually apply Use-SHA256-not-MD5-as-default-digest.patch
openssl: Fix symlink creation
openssl: Updgrade 1.0.2j -> 1.0.2k
openssl: Use linux-aarch64 target for aarch64
openssl-native: Compile with -fPIC
openssl: Security fix CVE-2016-7055
OpenSSL: CVE-2004-2761 replace MD5 hash algorithm
openssl: fix bashism in c_rehash shell script
openssl: rehash actual mozilla certificates inside rootfs
openssl: Upgrade 1.0.2i -> 1.0.2j
openssl.inc: avoid random ptest failures
openssl: update to 1.0.2i (CVE-2016-6304 and more)
openssl: fix do_configure error when cwd is not in @INC
openssl: fix add missing dependencies building for test directory
openssl: Security fix CVE-2016-2178
openssl: Security fix CVE-2016-2177
openssl: prevent warnings from openssl-c_rehash.sh
openssl: fix the dangling libcrypto.a symlink
openssl: Ensure SSL certificates are stored on sysconfdir
openssl: Add Shell-Script based c_rehash utility
openssl: Security fix via update to 1.0.2h
openssl.inc: minor packaging cleanup
openssl: don't move libcrypto to base_libdir
openssl: add a patch to fix parallel builds
openssl: Security fix Drown via 1.0.2g update
openssl.inc: drop obsolete mtx-1 and mtx-2 over-rides
openssl: Explicitly set EXTRA_OEMAKE as required
openssl: update 1.0.2e -> 1.0.2f ( CVE-2016-0701 CVE-2015-3197 )
openssl: Add musl configuration support
openssl: update to 1.0.2e
openssl: enable parallel make
openssl: fix ptest issues
openssl: use subdir= instead of moving files in do_configure_prepend()
openssl: sanity check that the bignum module is present
openssl: fix ptest failures
Note that this requires a complete image rebuild due to ABI breakage. If
that is not desired something along those lines would need to be
integrated as well:
http://cgit.openembedded.org/openembedded-core/commit?id=480db6be99f9a53d8657b31b846f0079ee1a124f
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Diffstat (limited to 'recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch')
-rw-r--r-- | recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch new file mode 100644 index 0000000..06d1ea6 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch @@ -0,0 +1,21 @@ +Upstream-Status: Submitted + +This patch adds the fix for one of the ciphers used in openssl, namely +the cipher des-ede3-cfb1. Complete bug log and patch is present here: +http://rt.openssl.org/Ticket/Display.html?id=2867 + +Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com> + +Index: openssl-1.0.2/crypto/evp/e_des3.c +=================================================================== +--- openssl-1.0.2.orig/crypto/evp/e_des3.c ++++ openssl-1.0.2/crypto/evp/e_des3.c +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH + size_t n; + unsigned char c[1], d[1]; + +- for (n = 0; n < inl; ++n) { ++ for (n = 0; n * 8 < inl; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c, d, 1, 1, + &data(ctx)->ks1, &data(ctx)->ks2, |