Patchwork [dora,0/4] OpenSSL CVE fixes for the dora branch

login
register
mail settings
Submitter Paul Eggleton
Date April 8, 2014, 6:15 p.m.
Message ID <cover.1396980809.git.paul.eggleton@linux.intel.com>
Download mbox
Permalink /patch/70315/
State Accepted, archived
Headers show

Pull-request

git://git.openembedded.org/openembedded-core-contrib paule/openssl-cves

Comments

Paul Eggleton - April 8, 2014, 6:15 p.m.
Three backports for CVE fixes from master, plus one new fix for the 
latest CVE (CVE-2014-0160). The latter is not needed for master with
Cristiana's upgrade to version 1.0.1g sent out today.


The following changes since commit 590c2135858bb5d0cfc375c0d82ca610550ccd4a:

  Revert "buildhistory_analysis: fix error when comparing image contents" (2014-04-04 16:16:39 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib paule/openssl-cves
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl-cves

Paul Eggleton (1):
  openssl: backport fix for CVE-2014-0160

Yue Tao (3):
  Security Advisory - openssl - CVE-2013-4353
  Security Advisory - openssl - CVE-2013-6450
  Security Advisory - openssl - CVE-2013-6449

 ...DTLS-retransmission-from-previous-session.patch |  81 ++++++++++++++
 ...or-TLS-record-tampering-bug-CVE-2013-4353.patch |  31 ++++++
 ...e-version-in-SSL_METHOD-not-SSL-structure.patch |  33 ++++++
 .../openssl/openssl-1.0.1e/CVE-2014-0160.patch     | 118 +++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.0.1e.bb |   4 +
 5 files changed, 267 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
Robert Yang - April 10, 2014, 2:32 a.m.
Reviewed and Tested by Robert Yang <liezhi.yang@windriver.com>

// Robert

On 04/09/2014 02:15 AM, Paul Eggleton wrote:
> Three backports for CVE fixes from master, plus one new fix for the
> latest CVE (CVE-2014-0160). The latter is not needed for master with
> Cristiana's upgrade to version 1.0.1g sent out today.
>
>
> The following changes since commit 590c2135858bb5d0cfc375c0d82ca610550ccd4a:
>
>    Revert "buildhistory_analysis: fix error when comparing image contents" (2014-04-04 16:16:39 +0100)
>
> are available in the git repository at:
>
>    git://git.openembedded.org/openembedded-core-contrib paule/openssl-cves
>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl-cves
>
> Paul Eggleton (1):
>    openssl: backport fix for CVE-2014-0160
>
> Yue Tao (3):
>    Security Advisory - openssl - CVE-2013-4353
>    Security Advisory - openssl - CVE-2013-6450
>    Security Advisory - openssl - CVE-2013-6449
>
>   ...DTLS-retransmission-from-previous-session.patch |  81 ++++++++++++++
>   ...or-TLS-record-tampering-bug-CVE-2013-4353.patch |  31 ++++++
>   ...e-version-in-SSL_METHOD-not-SSL-structure.patch |  33 ++++++
>   .../openssl/openssl-1.0.1e/CVE-2014-0160.patch     | 118 +++++++++++++++++++++
>   .../recipes-connectivity/openssl/openssl_1.0.1e.bb |   4 +
>   5 files changed, 267 insertions(+)
>   create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
>   create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
>   create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
>   create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
>