| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
(From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
do_patch failed after upgrading to openssl-1.0.1e. Log:
| ERROR: Command Error: exit status: 1 Output:
| Applying patch man-section.patch
| patching file Makefile.org
| Hunk #1 succeeded at 160 (offset 26 lines).
| Hunk #2 succeeded at 626 (offset 19 lines).
| misordered hunks! output would be garbled
| Hunk #3 FAILED at 633.
| 1 out of 3 hunks FAILED -- rejects in file Makefile.org
| Patch man-section.patch does not apply (enforce with -f)
| ERROR: Function failed: patch_do_patch
| ERROR: Logfile of failure stored in:temp/log.do_patch.14679
| ERROR: Task 646 (virtual:native:openssl_1.0.1e.bb, do_patch) failed with exit code '1'
Change-Id: Ib63031fdbd09443e387ee57efa70381e0aca382c
(From OE-Core rev: ded738b945b6af6c73a1c5f1b4cd5ad1b6ac06c0)
Signed-off-by: Ting Liu <b28495@freescale.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped obolete patches and pulled updates for debian patches.
Addresses CVEs:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2686
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169
[YOCTO #3965]
(From OE-Core rev: 0470edd01c0aebaa78db137e365a7e22bfb199e9)
Signed-off-by: Radu Moisan <radu.moisan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|