Patchwork openssl: Address CVE-2014-0160

login
register
mail settings
Submitter Saul Wold
Date April 7, 2014, 10:05 p.m.
Message ID <1396908301-27124-1-git-send-email-sgw@linux.intel.com>
Download mbox | patch
Permalink /patch/70223/
State New
Headers show

Comments

Saul Wold - April 7, 2014, 10:05 p.m.
This was the suggested fix for those unable to update to the new 1.0.1g version.
Since we are so close to our release, we should hold of on the update until 1.7

Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Mark Hatle - April 7, 2014, 10:48 p.m.
On 4/7/14, 5:05 PM, Saul Wold wrote:
> This was the suggested fix for those unable to update to the new 1.0.1g version.
> Since we are so close to our release, we should hold of on the update until 1.7
>
> Signed-off-by: Saul Wold <sgw@linux.intel.com>
> ---
>   meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> index 618ba68..874aa21 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> @@ -4,7 +4,7 @@ require openssl.inc
>   # if they are available.
>   DEPENDS += "cryptodev-linux"
>
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_NO_HEARTBEATS"
>
>   PR = "${INC_PR}.0"
>
>

Between 1.0.1e and f there are 3 CVEs.  'g' adds two more.

This is a very low risk change, as the API and other components are stable.

--Mark

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 618ba68..874aa21 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -4,7 +4,7 @@  require openssl.inc
 # if they are available.
 DEPENDS += "cryptodev-linux"
 
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_NO_HEARTBEATS"
 
 PR = "${INC_PR}.0"