From patchwork Tue Mar 14 12:49:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 95294 Delivered-To: patch@linaro.org Received: by 10.140.89.134 with SMTP id v6csp244044qgd; Tue, 14 Mar 2017 05:49:55 -0700 (PDT) X-Received: by 10.84.215.23 with SMTP id k23mr54765955pli.58.1489495795150; Tue, 14 Mar 2017 05:49:55 -0700 (PDT) Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id j5si14675332pgk.394.2017.03.14.05.49.54; Tue, 14 Mar 2017 05:49:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org Received: from review.yoctoproject.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 10F29776D2; Tue, 14 Mar 2017 12:49:52 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) by mail.openembedded.org (Postfix) with ESMTP id 0D5E17017D for ; Tue, 14 Mar 2017 12:49:49 +0000 (UTC) Received: by mail-wm0-f44.google.com with SMTP id t189so63011566wmt.1 for ; Tue, 14 Mar 2017 05:49:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=Qz2idaacJ11gH5BancV0sWjEOQ7GWHLAObuRG/Bx77s=; b=b1eBC0C3D7H2UI21J4AFsfLhcwe8vjhojwU+6YDz/dZeUt0Ee1vM1kqgCraQysCuBS zVgJsdlC2t+/h8MbLSYfwTOy1Vs9fdar6V0ge7WQVnnxnoiecGOKAcDBB8D1l1R9BxTV /9/mJT31/rsT5WyBg9ZpndevnD/2+/Rcs5p+LyKURRjQro2rkUQEN1vtf8A5P9ifnhJf NPTB2tAJCYuYJ/TNnToXSTu/hyKuo7QwkuYtTVPDkG7YjuM+bbSFadT7jALIgWMz+wHo HzG4htCdE4sNEc8z46ai/MK3jLu030lu5RXvoFMSttO5x0KGkHmxDsmvOCZR388FPHzd F0mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=Qz2idaacJ11gH5BancV0sWjEOQ7GWHLAObuRG/Bx77s=; b=l0UoRDWAYrqIGrnjRG3Q3tfKRRxHJLz6nHYzVBRT3J33HkxdcvIIgXd/awo7SMJsSC ro/oHl80g+/v/UCDfjOqHKGQ0SaUnX0VxBkebQJp/IXZhNyTyEDRXajJyItcEF/ifpiT 5IzbUMTRnvKqZYUxMJ5Gq1M+1hCB1g9rRJQ2DbF5k6Dk1bZr+va87NMkBVyZSCr6hFBm gUiAvkOfxMwX1nIWxQjTs14Ibnj31SBWr0cdj/3xnLVKartxPXcS0LqeG0S5EI+eXmMA bNFKgAiiECf4KpKz4dYXM9eCUKzMaDTI+r83nXab9mmQCdbXIglXeo3opgy/QleXdtHC KjIQ== X-Gm-Message-State: AFeK/H3gsu2jZ7JanAR9PR5SLaMsA77a8jxpenJ3ntwDv8E2WsYJujquwB21RzScIVN3wIBK X-Received: by 10.28.73.196 with SMTP id w187mr13676559wma.5.1489495790188; Tue, 14 Mar 2017 05:49:50 -0700 (PDT) Received: from flashheart.burtonini.com (home.burtonini.com. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id 63sm15333646wmp.9.2017.03.14.05.49.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Mar 2017 05:49:49 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Tue, 14 Mar 2017 12:49:47 +0000 Message-Id: <1489495787-6306-1-git-send-email-ross.burton@intel.com> X-Mailer: git-send-email 2.8.1 Subject: [OE-core] [PATCH] openssl: actually apply Use-SHA256-not-MD5-as-default-digest.patch X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org This patch was added to fix a CVE, but wasn't actually added to SRC_URI: CVE: CVE-2004-2761 The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Signed-off-by: Ross Burton --- meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 1 + 1 file changed, 1 insertion(+) -- 2.8.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb index 1973f81..922819b 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb @@ -41,6 +41,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ file://configure-musl-target.patch \ file://parallel.patch \ file://openssl-util-perlpath.pl-cwd.patch \ + file://Use-SHA256-not-MD5-as-default-digest.patch \ " SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65" SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"