[0/1] openssl security upgrade

Submitted by Scott Garman on March 20, 2012, 6:10 p.m.

Details

Message ID cover.1332266918.git.scott.a.garman@intel.com
State New
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib sgarman/openssl-upgrade-oe

Commit Message

Scott Garman March 20, 2012, 6:10 p.m.
Hello,

This upgrade to the openssl recipe addresses a security vulnerability,
CVE-2012-0884. I would like to ensure it gets included in our upcoming
1.2 release.

This upgrade has been build-tested on all 5 of our qemu architectures,
and I have inspected the image and package output to ensure there were
no significant differences between the output of this recipe upgrade
and the last version of openssl we were using.

Scott

The following changes since commit 5d404fdb36b0535ce758d98408b02134cdbce4ee:

  xserver-kdrive: compile xserver without dtrace support (2012-03-20 15:21:18 +0000)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/openssl-upgrade-oe
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/openssl-upgrade-oe

Scott Garman (1):
  openssl: upgrade to 1.0.0.h

 .../openssl/openssl-1.0.0g/debian/pkg-config.patch |   36 --------------------
 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 .../{openssl_1.0.0g.bb => openssl_1.0.0h.bb}       |    5 +--
 18 files changed, 2 insertions(+), 39 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.0g/debian/pkg-config.patch
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0g => openssl-1.0.0h}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0g.bb => openssl_1.0.0h.bb} (87%)

Comments

Scott Garman March 21, 2012, 12:35 a.m.
On 03/20/2012 11:10 AM, Scott Garman wrote:
> Hello,
>
> This upgrade to the openssl recipe addresses a security vulnerability,
> CVE-2012-0884. I would like to ensure it gets included in our upcoming
> 1.2 release.
>
> This upgrade has been build-tested on all 5 of our qemu architectures,
> and I have inspected the image and package output to ensure there were
> no significant differences between the output of this recipe upgrade
> and the last version of openssl we were using.

I had forgotten to update the distro_tracking fields with this pull 
request - so I've pushed a commit onto this branch to do so.

Scott
Richard Purdie March 21, 2012, 2:05 p.m.
On Tue, 2012-03-20 at 11:10 -0700, Scott Garman wrote:
> This upgrade to the openssl recipe addresses a security vulnerability,
> CVE-2012-0884. I would like to ensure it gets included in our upcoming
> 1.2 release.
> 
> This upgrade has been build-tested on all 5 of our qemu architectures,
> and I have inspected the image and package output to ensure there were
> no significant differences between the output of this recipe upgrade
> and the last version of openssl we were using.

Merged to master, thanks.

Richard