[poky] [PATCH] openssl: drop the valgrind patch that introduce a security hole

Ilya Yanok yanok at emcraft.com
Mon Jan 17 14:36:17 PST 2011 

debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible
for everyone using Debian and derivatives changing their keys. All keys
generated with the patched OpenSSL are compromised so at very least we
have to drop this patch for good.

Signed-off-by: Ilya Yanok <yanok at emcraft.com>
---
 .../openssl/openssl-0.9.8p/debian/valgrind.patch   |   15 ---------------
 .../recipes-connectivity/openssl/openssl_0.9.8p.bb |    1 -
 2 files changed, 0 insertions(+), 16 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch

diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
deleted file mode 100644
index e9f86ea..0000000
--- a/meta/recipes-connectivity/openssl/openssl-0.9.8p/debian/valgrind.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: openssl-0.9.8k/crypto/rand/md_rand.c
-===================================================================
---- openssl-0.9.8k.orig/crypto/rand/md_rand.c	2008-09-16 13:50:05.000000000 +0200
-+++ openssl-0.9.8k/crypto/rand/md_rand.c	2009-07-19 11:36:05.000000000 +0200
-@@ -477,8 +477,10 @@
- 		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- 		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- #ifndef PURIFY
-+#if 0 /* Don't add uninitialised data. */
- 		MD_Update(&m,buf,j); /* purify complains */
- #endif
-+#endif
- 		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
- 		if (k > 0)
- 			{
diff --git a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
index 3ae6bf4..283b82a 100644
--- a/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
+++ b/meta/recipes-connectivity/openssl/openssl_0.9.8p.bb
@@ -13,7 +13,6 @@ SRC_URI += "file://debian/ca.patch \
             file://debian/no-symbolic.patch \
             file://debian/pic.patch \
             file://debian/pkg-config.patch \
-            file://debian/valgrind.patch \
             file://debian/rc4-amd64.patch \
             file://debian/rehash-crt.patch \
             file://debian/rehash_pod.patch \
-- 
1.7.2.3

More information about the poky mailing list