* [PATCH] openssl: drop the valgrind patch that introduce a security hole
@ 2011-01-17 22:36 Ilya Yanok
2011-01-18 23:03 ` Scott Garman
2011-01-21 1:04 ` Saul Wold
0 siblings, 2 replies; 3+ messages in thread
From: Ilya Yanok @ 2011-01-17 22:36 UTC (permalink / raw)
To: poky; +Cc: Ilya Yanok
debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible
for everyone using Debian and derivatives changing their keys. All keys
generated with the patched OpenSSL are compromised so at very least we
have to drop this patch for good.
Signed-off-by: Ilya Yanok <yanok@emcraft.com>
---
.../openssl/openssl-0.9.8p/debian/valgrind.patch | 15 ---------------
.../recipes-connectivity/openssl/openssl_0.9.8p.bb | 1 -
2 files changed, 0 insertions(+), 16 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
deleted file mode 100644
index e9f86ea..0000000
--- a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: openssl-0.9.8k/crypto/rand/md_rand.c
-===================================================================
---- openssl-0.9.8k.orig/crypto/rand/md_rand.c 2008-09-16 13:50:05.000000000 +0200
-+++ openssl-0.9.8k/crypto/rand/md_rand.c 2009-07-19 11:36:05.000000000 +0200
-@@ -477,8 +477,10 @@
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- #ifndef PURIFY
-+#if 0 /* Don't add uninitialised data. */
- MD_Update(&m,buf,j); /* purify complains */
- #endif
-+#endif
- k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
- if (k > 0)
- {
diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
index 3ae6bf4..283b82a 100644
--- a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
+++ b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
@@ -13,7 +13,6 @@ SRC_URI += "file://debian/ca.patch \
file://debian/no-symbolic.patch \
file://debian/pic.patch \
file://debian/pkg-config.patch \
- file://debian/valgrind.patch \
file://debian/rc4-amd64.patch \
file://debian/rehash-crt.patch \
file://debian/rehash_pod.patch \
--
1.7.2.3
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] openssl: drop the valgrind patch that introduce a security hole
2011-01-17 22:36 [PATCH] openssl: drop the valgrind patch that introduce a security hole Ilya Yanok
@ 2011-01-18 23:03 ` Scott Garman
2011-01-21 1:04 ` Saul Wold
1 sibling, 0 replies; 3+ messages in thread
From: Scott Garman @ 2011-01-18 23:03 UTC (permalink / raw)
To: poky
On 01/17/2011 02:36 PM, Ilya Yanok wrote:
> debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible
> for everyone using Debian and derivatives changing their keys. All keys
> generated with the patched OpenSSL are compromised so at very least we
> have to drop this patch for good.
>
> Signed-off-by: Ilya Yanok<yanok@emcraft.com>
Thank you for catching this!
Acked-by: Scott Garman <scott.a.garman@intel.com>
> ---
> .../openssl/openssl-0.9.8p/debian/valgrind.patch | 15 ---------------
> .../recipes-connectivity/openssl/openssl_0.9.8p.bb | 1 -
> 2 files changed, 0 insertions(+), 16 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
> deleted file mode 100644
> index e9f86ea..0000000
> --- a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -Index: openssl-0.9.8k/crypto/rand/md_rand.c
> -===================================================================
> ---- openssl-0.9.8k.orig/crypto/rand/md_rand.c 2008-09-16 13:50:05.000000000 +0200
> -+++ openssl-0.9.8k/crypto/rand/md_rand.c 2009-07-19 11:36:05.000000000 +0200
> -@@ -477,8 +477,10 @@
> - MD_Update(&m,local_md,MD_DIGEST_LENGTH);
> - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
> - #ifndef PURIFY
> -+#if 0 /* Don't add uninitialised data. */
> - MD_Update(&m,buf,j); /* purify complains */
> - #endif
> -+#endif
> - k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
> - if (k> 0)
> - {
> diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
> index 3ae6bf4..283b82a 100644
> --- a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
> @@ -13,7 +13,6 @@ SRC_URI += "file://debian/ca.patch \
> file://debian/no-symbolic.patch \
> file://debian/pic.patch \
> file://debian/pkg-config.patch \
> - file://debian/valgrind.patch \
> file://debian/rc4-amd64.patch \
> file://debian/rehash-crt.patch \
> file://debian/rehash_pod.patch \
--
Scott Garman
Embedded Linux Distro Engineer - Yocto Project
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] openssl: drop the valgrind patch that introduce a security hole
2011-01-17 22:36 [PATCH] openssl: drop the valgrind patch that introduce a security hole Ilya Yanok
2011-01-18 23:03 ` Scott Garman
@ 2011-01-21 1:04 ` Saul Wold
1 sibling, 0 replies; 3+ messages in thread
From: Saul Wold @ 2011-01-21 1:04 UTC (permalink / raw)
To: Ilya Yanok; +Cc: poky
On 01/17/2011 02:36 PM, Ilya Yanok wrote:
> debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible
> for everyone using Debian and derivatives changing their keys. All keys
> generated with the patched OpenSSL are compromised so at very least we
> have to drop this patch for good.
>
> Signed-off-by: Ilya Yanok<yanok@emcraft.com>
> ---
> .../openssl/openssl-0.9.8p/debian/valgrind.patch | 15 ---------------
> .../recipes-connectivity/openssl/openssl_0.9.8p.bb | 1 -
> 2 files changed, 0 insertions(+), 16 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
> deleted file mode 100644
> index e9f86ea..0000000
> --- a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -Index: openssl-0.9.8k/crypto/rand/md_rand.c
> -===================================================================
> ---- openssl-0.9.8k.orig/crypto/rand/md_rand.c 2008-09-16 13:50:05.000000000 +0200
> -+++ openssl-0.9.8k/crypto/rand/md_rand.c 2009-07-19 11:36:05.000000000 +0200
> -@@ -477,8 +477,10 @@
> - MD_Update(&m,local_md,MD_DIGEST_LENGTH);
> - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
> - #ifndef PURIFY
> -+#if 0 /* Don't add uninitialised data. */
> - MD_Update(&m,buf,j); /* purify complains */
> - #endif
> -+#endif
> - k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
> - if (k> 0)
> - {
> diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
> index 3ae6bf4..283b82a 100644
> --- a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
> @@ -13,7 +13,6 @@ SRC_URI += "file://debian/ca.patch \
> file://debian/no-symbolic.patch \
> file://debian/pic.patch \
> file://debian/pkg-config.patch \
> - file://debian/valgrind.patch \
> file://debian/rc4-amd64.patch \
> file://debian/rehash-crt.patch \
> file://debian/rehash_pod.patch \
Pulled into Master
Thanks
Sau!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-01-21 1:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-17 22:36 [PATCH] openssl: drop the valgrind patch that introduce a security hole Ilya Yanok
2011-01-18 23:03 ` Scott Garman
2011-01-21 1:04 ` Saul Wold
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.