* [dora][PATCH 1/4] Security Advisory - openssl - CVE-2013-4353
2014-04-08 18:15 [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Paul Eggleton
@ 2014-04-08 18:15 ` Paul Eggleton
2014-04-08 18:15 ` [dora][PATCH 2/4] Security Advisory - openssl - CVE-2013-6450 Paul Eggleton
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-04-08 18:15 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
(From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
...or-TLS-record-tampering-bug-CVE-2013-4353.patch | 31 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
new file mode 100644
index 0000000..d03dc06
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
@@ -0,0 +1,31 @@
+From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Mon, 6 Jan 2014 14:35:04 +0000
+Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
+
+Upstream-Status: Backport
+commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream
+
+ ssl/s3_both.c | 6 +++++-
+ 3 files changed, 11 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
+--
+1.7.5.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index ac27dba..3476d84 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -34,6 +34,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
file://find.pl \
+ file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [dora][PATCH 2/4] Security Advisory - openssl - CVE-2013-6450
2014-04-08 18:15 [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Paul Eggleton
2014-04-08 18:15 ` [dora][PATCH 1/4] Security Advisory - openssl - CVE-2013-4353 Paul Eggleton
@ 2014-04-08 18:15 ` Paul Eggleton
2014-04-08 18:15 ` [dora][PATCH 3/4] Security Advisory - openssl - CVE-2013-6449 Paul Eggleton
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-04-08 18:15 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
(From OE-Core master rev: 94352e694cd828aa84abd846149712535f48ab0f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
...DTLS-retransmission-from-previous-session.patch | 81 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 82 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
new file mode 100644
index 0000000..39592e2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
@@ -0,0 +1,81 @@
+From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Fri, 20 Dec 2013 15:26:50 +0000
+Subject: [PATCH] Fix DTLS retransmission from previous session.
+
+Upstream-Status: Backport
+commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream
+
+For DTLS we might need to retransmit messages from the previous session
+so keep a copy of write context in DTLS retransmission buffers instead
+of replacing it after sending CCS. CVE-2013-6450.
+---
+ ssl/d1_both.c | 6 ++++++
+ ssl/ssl_locl.h | 2 ++
+ ssl/t1_enc.c | 17 +++++++++++------
+ 4 files changed, 24 insertions(+), 6 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 65ec001..7a5596a 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+index 96ce9a7..e485907 100644
+--- a/ssl/ssl_locl.h
++++ b/ssl/ssl_locl.h
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 72015f5..56db834 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
+- else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
++ else
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
+--
+1.7.5.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 3476d84..32e03a5 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -35,6 +35,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
file://find.pl \
file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
+ file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [dora][PATCH 3/4] Security Advisory - openssl - CVE-2013-6449
2014-04-08 18:15 [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Paul Eggleton
2014-04-08 18:15 ` [dora][PATCH 1/4] Security Advisory - openssl - CVE-2013-4353 Paul Eggleton
2014-04-08 18:15 ` [dora][PATCH 2/4] Security Advisory - openssl - CVE-2013-6450 Paul Eggleton
@ 2014-04-08 18:15 ` Paul Eggleton
2014-04-08 18:15 ` [dora][PATCH 4/4] openssl: backport fix for CVE-2014-0160 Paul Eggleton
2014-04-10 2:32 ` [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Robert Yang
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-04-08 18:15 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <Yue.Tao@windriver.com>
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
(From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
...e-version-in-SSL_METHOD-not-SSL-structure.patch | 33 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
new file mode 100644
index 0000000..e5a8ade
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
@@ -0,0 +1,33 @@
+From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 19 Dec 2013 14:37:39 +0000
+Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
+
+Upstream-Status: Backport
+commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream
+
+When deciding whether to use TLS 1.2 PRF and record hash algorithms
+use the version number in the corresponding SSL_METHOD structure
+instead of the SSL structure. The SSL structure version is sometimes
+inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
+(CVE-2013-6449)
+---
+ ssl/s3_lib.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+--
+1.7.5.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 32e03a5..3313ed5 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -36,6 +36,7 @@ SRC_URI += "file://configure-targets.patch \
file://find.pl \
file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
+ file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [dora][PATCH 4/4] openssl: backport fix for CVE-2014-0160
2014-04-08 18:15 [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Paul Eggleton
` (2 preceding siblings ...)
2014-04-08 18:15 ` [dora][PATCH 3/4] Security Advisory - openssl - CVE-2013-6449 Paul Eggleton
@ 2014-04-08 18:15 ` Paul Eggleton
2014-04-10 2:32 ` [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Robert Yang
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-04-08 18:15 UTC (permalink / raw)
To: openembedded-core
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More
information here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Patch borrowed from Debian; this is just a tweaked version of the
upstream commit (without patching the CHANGES file which otherwise
would fail to apply on top of this version).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/openssl-1.0.1e/CVE-2014-0160.patch | 118 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 119 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
new file mode 100644
index 0000000..c06cd64
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
@@ -0,0 +1,118 @@
+From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sun, 6 Apr 2014 00:51:06 +0100
+Subject: [PATCH] Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+preparing the fix (CVE-2014-0160)
+
+Patch (tweaked version of upstream fix without CHANGES change) borrowed
+from Debian.
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ ssl/d1_both.c | 26 ++++++++++++++++++--------
+ ssl/t1_lib.c | 14 +++++++++-----
+ 3 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
++ unsigned int write_length = 1 /* heartbeat type */ +
++ 2 /* heartbeat length */ +
++ payload + padding;
+ int r;
+
++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++ return 0;
++
+ /* Allocate memory for the response, size is 1 byte
+ * message type, plus 2 bytes payload length, plus
+ * payload, plus padding
+ */
+- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++ buffer = OPENSSL_malloc(write_length);
+ bp = buffer;
+
+ /* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ /* Random padding */
+ RAND_pseudo_bytes(bp, padding);
+
+- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+ if (r >= 0 && s->msg_callback)
+ s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+- buffer, 3 + payload + padding,
++ buffer, write_length,
+ s, s->msg_callback_arg);
+
+ OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
+--
+1.9.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 3313ed5..949f3a1 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
+ file://CVE-2014-0160.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch
2014-04-08 18:15 [dora][PATCH 0/4] OpenSSL CVE fixes for the dora branch Paul Eggleton
` (3 preceding siblings ...)
2014-04-08 18:15 ` [dora][PATCH 4/4] openssl: backport fix for CVE-2014-0160 Paul Eggleton
@ 2014-04-10 2:32 ` Robert Yang
4 siblings, 0 replies; 6+ messages in thread
From: Robert Yang @ 2014-04-10 2:32 UTC (permalink / raw)
To: Paul Eggleton, openembedded-core
Reviewed and Tested by Robert Yang <liezhi.yang@windriver.com>
// Robert
On 04/09/2014 02:15 AM, Paul Eggleton wrote:
> Three backports for CVE fixes from master, plus one new fix for the
> latest CVE (CVE-2014-0160). The latter is not needed for master with
> Cristiana's upgrade to version 1.0.1g sent out today.
>
>
> The following changes since commit 590c2135858bb5d0cfc375c0d82ca610550ccd4a:
>
> Revert "buildhistory_analysis: fix error when comparing image contents" (2014-04-04 16:16:39 +0100)
>
> are available in the git repository at:
>
> git://git.openembedded.org/openembedded-core-contrib paule/openssl-cves
> http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl-cves
>
> Paul Eggleton (1):
> openssl: backport fix for CVE-2014-0160
>
> Yue Tao (3):
> Security Advisory - openssl - CVE-2013-4353
> Security Advisory - openssl - CVE-2013-6450
> Security Advisory - openssl - CVE-2013-6449
>
> ...DTLS-retransmission-from-previous-session.patch | 81 ++++++++++++++
> ...or-TLS-record-tampering-bug-CVE-2013-4353.patch | 31 ++++++
> ...e-version-in-SSL_METHOD-not-SSL-structure.patch | 33 ++++++
> .../openssl/openssl-1.0.1e/CVE-2014-0160.patch | 118 +++++++++++++++++++++
> .../recipes-connectivity/openssl/openssl_1.0.1e.bb | 4 +
> 5 files changed, 267 insertions(+)
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
>
^ permalink raw reply [flat|nested] 6+ messages in thread