[PATCH] openssl: Address CVE-2014-0160

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH] openssl: Address CVE-2014-0160
@ 2014-04-07 22:05 Saul Wold
  2014-04-07 22:48 ` Mark Hatle
  0 siblings, 1 reply; 2+ messages in thread
From: Saul Wold @ 2014-04-07 22:05 UTC (permalink / raw)
  To: openembedded-core

This was the suggested fix for those unable to update to the new 1.0.1g version.
Since we are so close to our release, we should hold of on the update until 1.7

Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 618ba68..874aa21 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -4,7 +4,7 @@ require openssl.inc
 # if they are available.
 DEPENDS += "cryptodev-linux"
 
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_NO_HEARTBEATS"
 
 PR = "${INC_PR}.0"
 
-- 
1.8.3.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] openssl: Address CVE-2014-0160
  2014-04-07 22:05 [PATCH] openssl: Address CVE-2014-0160 Saul Wold
@ 2014-04-07 22:48 ` Mark Hatle
  0 siblings, 0 replies; 2+ messages in thread
From: Mark Hatle @ 2014-04-07 22:48 UTC (permalink / raw)
  To: openembedded-core

On 4/7/14, 5:05 PM, Saul Wold wrote:
> This was the suggested fix for those unable to update to the new 1.0.1g version.
> Since we are so close to our release, we should hold of on the update until 1.7
>
> Signed-off-by: Saul Wold <sgw@linux.intel.com>
> ---
>   meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> index 618ba68..874aa21 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> @@ -4,7 +4,7 @@ require openssl.inc
>   # if they are available.
>   DEPENDS += "cryptodev-linux"
>
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_NO_HEARTBEATS"
>
>   PR = "${INC_PR}.0"
>
>

Between 1.0.1e and f there are 3 CVEs.  'g' adds two more.

This is a very low risk change, as the API and other components are stable.

--Mark


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-04-07 22:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-07 22:05 [PATCH] openssl: Address CVE-2014-0160 Saul Wold
2014-04-07 22:48 ` Mark Hatle

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox