[OE-core] [PATCH] OpenSSL: CVE-2004-2761 replace MD5 hash algorithm

Burton, Ross ross.burton at intel.com
Tue Nov 15 19:59:15 UTC 2016


On 15 November 2016 at 19:43, T.O. Radzy Radzykewycz <radzy at windriver.com>
wrote:

>  .../recipes-connectivity/openssl/openssl_1.0.2h.bb |  1 +
>

oe-core master is on openssl 1.0.2j now, so please rebase.


>  2 files changed, 60 insertions(+)
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-
> not-MD5-as-default-digest.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/Use-SHA256-
> not-MD5-as-default-digest.patch b/meta/recipes-connectivity/
> openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> new file mode 100644
> index 000000000000..766af67e1db9
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-
> not-MD5-as-default-digest.patch
> @@ -0,0 +1,59 @@
> +From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
> +From: Rich Salz <rsalz at akamai.com>
> +Date: Sat, 13 Jun 2015 17:03:39 -0400
> +Subject: [PATCH] Use SHA256 not MD5 as default digest.
> +
> +Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
> +
> +Upstream Status: Backport
>

I'm such a pedant but we do have automated tooling around this, so please
use "Upstream-Status".  Also adding a CVE tag in the patch (CVE:
CVE-2004-2761) would be appreciated for tracking.

Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20161115/b986d4c0/attachment-0002.html>


More information about the Openembedded-core mailing list