The following defect(s) have been fixed in this cumulative patch for the Wind River openssl:
WIND00228114 Security Advisory - openssl - CVE-2010-2939
WIND00240428 Security Advisory - openssl - CVE-2010-3864
WIND00247359 Security Advisory - OpenSSL - CVE-2010-4252
WIND00247372 Security Advisory - OpenSSL - CVE-2010-4180
-----------------------------------------------------------------------------------------------------------------------------------------------
Change List:
/layers/wrll-userspace/core/dist/openssl/Makefile
/layers/wrll-userspace/core/dist/openssl/openssl.spec
/layers/wrll-userspace/core/dist/openssl/patches/openssl-1.0.0-CVE-2010-2939.patch
/layers/wrll-userspace/core/dist/openssl/patches/openssl-1.0.0-CVE-2010-3864.patch
/layers/wrll-userspace/core/dist/openssl/patches/openssl-1.0.0-CVE-2010-4252.patch
/layers/wrll-userspace/core/dist/openssl/patches/openssl-1.0.0-CVE-2010-4180.patch
1. Unzip this patch under [install_dir]/updates.
2. From the [install_dir]/updates directory, run the command "../maintenance/wrInstaller/x86-linux2/wrInstaller".
3. Follow the instructions for installing the point patch.
4. This is a source only patch so you will have to rebuild the
openssl package. This can be done by executing the command "make
-C build openssl.distclean" followed by "make -C build
openssl.rebuild"
5. Run "make fs" next
6. Upload the kernel and rootfs into the target and boot it up.
DATE: 22 Oct 2010
REVISION: Add file WRL_4_0-layers-wrll_userspace-tgt-openssl-20101020-spin1.zip and includes fix to defect WIND00228114
