diff options
Diffstat (limited to 'poky/meta/recipes-connectivity/openssl')
-rw-r--r-- | poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-broken-change-from-b3d113e.patch | 35 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb | 6 |
2 files changed, 40 insertions, 1 deletions
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-broken-change-from-b3d113e.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-broken-change-from-b3d113e.patch new file mode 100644 index 000000000..6b4789fc7 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-broken-change-from-b3d113e.patch @@ -0,0 +1,35 @@ +From 711a161f03ef9ed7cd149a22bf1203700c103e96 Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Fri, 29 Mar 2019 09:24:07 +1000 +Subject: [PATCH] Fix broken change from b3d113e. + +Reviewed-by: Tim Hudson <tjh@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/8606) + +Running valgrind against code using Openssl v1.1.1c reports a large number of +uninitialized memory errors. This fix from upstream solves this problem. + +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/711a161f03ef9ed7cd149a22bf1203700c103e96] +Signed-off-by: Laurent Bonnans <laurent.bonnans@here.com> +--- + crypto/rand/rand_lib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c +index 23abbde156..a298b7515b 100644 +--- a/crypto/rand/rand_lib.c ++++ b/crypto/rand/rand_lib.c +@@ -235,8 +235,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg, + struct { + void * instance; + int count; +- } data = { NULL, 0 }; ++ } data; + ++ memset(&data, 0, sizeof(data)); + pool = rand_pool_new(0, min_len, max_len); + if (pool == NULL) + return 0; +-- +2.20.1 + diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb index 011740731..75159ac72 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1c.bb @@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Fix-build-error-for-aarch64-big-endian.patch \ + file://0001-Fix-broken-change-from-b3d113e.patch \ " SRC_URI_append_class-nativesdk = " \ @@ -26,7 +27,8 @@ SRC_URI_append_class-nativesdk = " \ SRC_URI[md5sum] = "15e21da6efe8aa0e0768ffd8cd37a5f6" SRC_URI[sha256sum] = "f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90" -inherit lib_package multilib_header ptest +inherit lib_package multilib_header multilib_script ptest +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" PACKAGECONFIG ?= "" PACKAGECONFIG_class-native = "" @@ -200,3 +202,5 @@ RRECOMMENDS_libcrypto += "openssl-conf" RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" |