openssl: Address CVE-2014-0160

Submitted by Saul Wold on April 7, 2014, 10:05 p.m.

Details

Message ID 1396908301-27124-1-git-send-email-sgw@linux.intel.com
State New
Headers show

Commit Message

Saul Wold April 7, 2014, 10:05 p.m.
This was the suggested fix for those unable to update to the new 1.0.1g version.
Since we are so close to our release, we should hold of on the update until 1.7

Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 618ba68..874aa21 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -4,7 +4,7 @@  require openssl.inc
 # if they are available.
 DEPENDS += "cryptodev-linux"
 
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_NO_HEARTBEATS"
 
 PR = "${INC_PR}.0"
 

Comments

Mark Hatle April 7, 2014, 10:48 p.m.
On 4/7/14, 5:05 PM, Saul Wold wrote:
> This was the suggested fix for those unable to update to the new 1.0.1g version.
> Since we are so close to our release, we should hold of on the update until 1.7
>
> Signed-off-by: Saul Wold <sgw@linux.intel.com>
> ---
>   meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> index 618ba68..874aa21 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
> @@ -4,7 +4,7 @@ require openssl.inc
>   # if they are available.
>   DEPENDS += "cryptodev-linux"
>
> -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
> +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DOPENSSL_NO_HEARTBEATS"
>
>   PR = "${INC_PR}.0"
>
>

Between 1.0.1e and f there are 3 CVEs.  'g' adds two more.

This is a very low risk change, as the API and other components are stable.

--Mark