summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2022-06-30 17:16:44 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-07-01 11:31:42 +0100
commit2106f39272cc36a88f4867c92ada182e6ac47917 (patch)
treea3755f483df4e2cac7a7fe95126584fe6a1a3238 /meta/recipes-connectivity/openssl
parentf062b02ba8a0fed40f2ac6c09ca55ea2081cd19f (diff)
downloadpoky-2106f39272cc36a88f4867c92ada182e6ac47917.tar.gz
openssl: Upgrade 3.0.3 -> 3.0.4
Includes a fix for CVE-2022-2068. (From OE-Core rev: f034faebd45e63385849078e6ee4b51257763e99) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch10
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch20
-rw-r--r--meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch55
-rw-r--r--meta/recipes-connectivity/openssl/openssl/afalg.patch10
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.0.4.bb (renamed from meta/recipes-connectivity/openssl/openssl_3.0.3.bb)3
5 files changed, 21 insertions, 77 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
index 5effa6c6f6..0b7abc3a11 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -13,11 +13,11 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
13 Configure | 10 ---------- 13 Configure | 10 ----------
14 1 file changed, 10 deletions(-) 14 1 file changed, 10 deletions(-)
15 15
16diff --git a/Configure b/Configure 16Index: openssl-3.0.4/Configure
17index 821e680..0387a74 100755 17===================================================================
18--- a/Configure 18--- openssl-3.0.4.orig/Configure
19+++ b/Configure 19+++ openssl-3.0.4/Configure
20@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) 20@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC}
21 push @{$config{shared_ldflag}}, "-mno-cygwin"; 21 push @{$config{shared_ldflag}}, "-mno-cygwin";
22 } 22 }
23 23
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 60890c666d..bafdbaa46f 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -34,11 +34,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
34 crypto/build.info | 2 +- 34 crypto/build.info | 2 +-
35 2 files changed, 12 insertions(+), 2 deletions(-) 35 2 files changed, 12 insertions(+), 2 deletions(-)
36 36
37diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl 37Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
38index f88a70f..528cdef 100644 38===================================================================
39--- a/Configurations/unix-Makefile.tmpl 39--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
40+++ b/Configurations/unix-Makefile.tmpl 40+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
41@@ -471,13 +471,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), 41@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
42 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} 42 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
43 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) 43 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
44 44
@@ -63,10 +63,10 @@ index f88a70f..528cdef 100644
63 PERLASM_SCHEME= {- $target{perlasm_scheme} -} 63 PERLASM_SCHEME= {- $target{perlasm_scheme} -}
64 64
65 # For x86 assembler: Set PROCESSOR to 386 if you want to support 65 # For x86 assembler: Set PROCESSOR to 386 if you want to support
66diff --git a/crypto/build.info b/crypto/build.info 66Index: openssl-3.0.4/crypto/build.info
67index efca6cc..eda433e 100644 67===================================================================
68--- a/crypto/build.info 68--- openssl-3.0.4.orig/crypto/build.info
69+++ b/crypto/build.info 69+++ openssl-3.0.4/crypto/build.info
70@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF 70@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
71 71
72 DEPEND[info.o]=buildinf.h 72 DEPEND[info.o]=buildinf.h
@@ -74,5 +74,5 @@ index efca6cc..eda433e 100644
74-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" 74-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
75+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" 75+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
76 76
77 GENERATE[uplink-x86.s]=../ms/uplink-x86.pl 77 GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
78 GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl 78 GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
diff --git a/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch b/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
deleted file mode 100644
index 0249d4181b..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
+++ /dev/null
@@ -1,55 +0,0 @@
1From 770aea88c3888cc5cb3ebc94ffcef706c68bc1d2 Mon Sep 17 00:00:00 2001
2From: Tomas Mraz <tomas@openssl.org>
3Date: Wed, 1 Jun 2022 12:06:33 +0200
4Subject: [PATCH] Update expired SCT issuer certificate
5
6Fixes #15179
7
8Reviewed-by: Matt Caswell <matt@openssl.org>
9Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
10(Merged from https://github.com/openssl/openssl/pull/18444)
11
12Upstream-Status: Backport
13[Fixes ptest failures in OE-Core]
14---
15 test/certs/embeddedSCTs1_issuer.pem | 30 ++++++++++++++---------------
16 1 file changed, 15 insertions(+), 15 deletions(-)
17
18diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
19index 1fa449d5a098..6aa9455f09ed 100644
20--- a/test/certs/embeddedSCTs1_issuer.pem
21+++ b/test/certs/embeddedSCTs1_issuer.pem
22@@ -1,18 +1,18 @@
23 -----BEGIN CERTIFICATE-----
24-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
25+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
26 MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
27-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
28-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
29-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
30-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
31-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
32-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
33-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
34-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
35-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
36-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
37-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
38-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
39-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
40-OwqULg==
41+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
42+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
43+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
44+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
45+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
46+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
47+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
48+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
49+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
50+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
51+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
52++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
53+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
54+Doud4XrO
55 -----END CERTIFICATE-----
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
index b7c0e9697f..cf77e873a2 100644
--- a/meta/recipes-connectivity/openssl/openssl/afalg.patch
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -3,11 +3,11 @@ Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
3Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] 3Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
4Signed-off-by: Ross Burton <ross.burton@intel.com> 4Signed-off-by: Ross Burton <ross.burton@intel.com>
5 5
6diff --git a/Configure b/Configure 6Index: openssl-3.0.4/Configure
7index 3baa8ce..9ef52ed 100755 7===================================================================
8--- a/Configure 8--- openssl-3.0.4.orig/Configure
9+++ b/Configure 9+++ openssl-3.0.4/Configure
10@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) 10@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
11 unless ($disabled{afalgeng}) { 11 unless ($disabled{afalgeng}) {
12 $config{afalgeng}=""; 12 $config{afalgeng}="";
13 if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { 13 if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.3.bb b/meta/recipes-connectivity/openssl/openssl_3.0.4.bb
index 35a62755ad..d9d17378d4 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.3.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.4.bb
@@ -12,14 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ 12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13 file://afalg.patch \ 13 file://afalg.patch \
14 file://0001-Configure-do-not-tweak-mips-cflags.patch \ 14 file://0001-Configure-do-not-tweak-mips-cflags.patch \
15 file://770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch \
16 " 15 "
17 16
18SRC_URI:append:class-nativesdk = " \ 17SRC_URI:append:class-nativesdk = " \
19 file://environment.d-openssl.sh \ 18 file://environment.d-openssl.sh \
20 " 19 "
21 20
22SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" 21SRC_URI[sha256sum] = "2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f"
23 22
24inherit lib_package multilib_header multilib_script ptest perlnative 23inherit lib_package multilib_header multilib_script ptest perlnative
25MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" 24MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-02 10:25:41 +0000