From: akuster808 <akuster808@gmail.com>
To: Robert Yang <liezhi.yang@windriver.com>,
Armin Kuster <akuster808@gmail.com>,
openembedded-core@lists.openembedded.org
Subject: Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h
Date: Wed, 11 May 2016 03:37:59 -0700 [thread overview]
Message-ID: <57330B87.5080300@gmail.com> (raw)
In-Reply-To: <5732CFA3.7080302@windriver.com>
Robert,
On 05/10/2016 11:22 PM, Robert Yang wrote:
>
>
> On 05/04/2016 07:46 AM, Armin Kuster wrote:
>> From: Armin Kuster <akuster@mvista.com>
>>
>> CVE-2016-2105
>> CVE-2016-2106
>> CVE-2016-2109
>> CVE-2016-2176
>>
>> https://www.openssl.org/news/secadv/20160503.txt
>>
>> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
>
> After I looked into the code, it seems that this patch is not in latest
> code ?
hmm, my old eyes deceive me.
thanks for checking.
I will send a correcting.
- armin
> It is a backported patch from gentoo.
>
> // Robert
>
>>
>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> ---
>> ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14
>> +++++++-------
>> .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} | 6 ++----
>> 2 files changed, 9 insertions(+), 11 deletions(-)
>> rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb =>
>> openssl_1.0.2h.bb} (91%)
>>
>> diff --git
>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> index cebc8cf..f736e5c 100644
>> ---
>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> +++
>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> @@ -8,16 +8,16 @@
>> http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>>
>> Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>> ---
>> -Index: openssl-1.0.2/crypto/evp/digest.c
>> +Index: openssl-1.0.2h/crypto/evp/digest.c
>> ===================================================================
>> ---- openssl-1.0.2.orig/crypto/evp/digest.c
>> -+++ openssl-1.0.2/crypto/evp/digest.c
>> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>> - return 0;
>> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
>> ++++ openssl-1.0.2h/crypto/evp/digest.c
>> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>> + type = ctx->digest;
>> }
>> #endif
>> - if (ctx->digest != type) {
>> + if (type && (ctx->digest != type)) {
>> - if (ctx->digest && ctx->digest->ctx_size)
>> + if (ctx->digest && ctx->digest->ctx_size) {
>> OPENSSL_free(ctx->md_data);
>> - ctx->digest = type;
>> + ctx->md_data = NULL;
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>> similarity index 91%
>> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>> index 290f129..ae65992 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
>> file://openssl-fix-des.pod-error.patch \
>> file://Makefiles-ptest.patch \
>> file://ptest-deps.patch \
>> - file://crypto_use_bigint_in_x86-64_perl.patch \
>> file://openssl-1.0.2a-x32-asm.patch \
>> file://ptest_makefile_deps.patch \
>> file://configure-musl-target.patch \
>> file://parallel.patch \
>> "
>> -
>> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
>> -SRC_URI[sha256sum] =
>> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
>> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
>> +SRC_URI[sha256sum] =
>> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
>>
>> PACKAGES =+ "${PN}-engines"
>> FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
>>
next prev parent reply other threads:[~2016-05-11 10:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-03 23:46 [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h Armin Kuster
2016-05-11 5:44 ` Robert Yang
2016-05-11 6:22 ` Robert Yang
2016-05-11 10:37 ` akuster808 [this message]
2016-05-13 14:31 ` Martin Jansa
2016-05-13 16:19 ` Martin Jansa
2016-05-15 20:17 ` akuster808
2016-05-13 20:07 ` akuster808
2016-05-14 8:36 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57330B87.5080300@gmail.com \
--to=akuster808@gmail.com \
--cc=liezhi.yang@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox