openssl: upgrade to 3.2.0

upgrade include fix for CVE-2023-5678. Changes in 3.2.0 https://www.openssl.org/news/cl32.txt drop upstreamed 0001-Link-libatomic-on-riscv32.patch. drop fix_random_labels.patch as fixed by https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf (From OE-Core rev: 5a40f27051a1d40af41e7260b9f693a3c27c321f) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2023-11-29 20:45:17 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-12-04 11:23:37 +0000
commit: 5369e2f5c5db497b798fcce96eb597235e4c952a (patch)
tree: d7a75505faa3be135d36a4ae60d571760bbf9911 /meta/recipes-connectivity/openssl
parent: 87fdb2fb6f4af9231c2ef690f57e253dabd87393 (diff)
download: poky-5369e2f5c5db497b798fcce96eb597235e4c952a.tar.gz
3 files changed, 1 insertions, 60 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch b/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch
deleted file mode 100644
index 2c54d8f685..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 73266b8573c71e6720453c4c5a9e6e8fa4daec65 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 21 Oct 2023 13:03:52 -0700
-Subject: [PATCH] Link libatomic on riscv32
-GCC toolchains on linux are not able to build libcrypto without linking
-to libatomic as it does not have all needed atomics implemented as
-intrinsics
-Fixes errors like
-| ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free'
-Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22460]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- Configurations/10-main.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
-index 46094f59c2..d1a15a1152 100644
--- a/Configurations/10-main.conf
-+++ b/Configurations/10-main.conf
-@@ -816,7 +816,7 @@ my %targets = (
-     },
- 
-     "linux32-riscv32" => {
-        inherit_from     => [ "linux-generic32"],
-+        inherit_from     => [ "linux-latomic" ],
-         perlasm_scheme   => "linux32",
-         asm_arch         => 'riscv32',
-     },
-- 
-2.42.0
diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
deleted file mode 100644
index 78dcd81685..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-The perl script adds random suffixes to the local function names to ensure
-it doesn't clash with other parts of openssl. Set the random number seed
-to something predictable so the assembler files are generated consistently
-and our own reproducible builds tests pass.
-Upstream-Status: Pending
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-===================================================================
--- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
-+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable    = (16 * 6);
- # ;;; Helper functions
- # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- 
-+# Ensure the local labels are reproduicble
-+srand(10000);
-+
- # ; Generates "random" local labels
- sub random_string() {
-   my @chars  = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
index c6c70a1213..ab0562bd73 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -11,8 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://run-ptest \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
-           file://fix_random_labels.patch \
-           file://0001-Link-libatomic-on-riscv32.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
           "
@@ -20,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
           file://environment.d-openssl.sh \
           "
-SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
+SRC_URI[sha256sum] = "14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e"
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
author	Lee Chee Yang <chee.yang.lee@intel.com>	2023-11-29 20:45:17 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-04 11:23:37 +0000
commit	5369e2f5c5db497b798fcce96eb597235e4c952a (patch)
tree	d7a75505faa3be135d36a4ae60d571760bbf9911 /meta/recipes-connectivity/openssl
parent	87fdb2fb6f4af9231c2ef690f57e253dabd87393 (diff)
download	poky-5369e2f5c5db497b798fcce96eb597235e4c952a.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch b/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch deleted file mode 100644 index 2c54d8f685..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch +++ /dev/null
@@ -1,35 +0,0 @@
1	From 73266b8573c71e6720453c4c5a9e6e8fa4daec65 Mon Sep 17 00:00:00 2001
2	From: Khem Raj <raj.khem@gmail.com>
3	Date: Sat, 21 Oct 2023 13:03:52 -0700
4	Subject: [PATCH] Link libatomic on riscv32
5
6	GCC toolchains on linux are not able to build libcrypto without linking
7	to libatomic as it does not have all needed atomics implemented as
8	intrinsics
9
10	Fixes errors like
11
12	\| ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free'
13
14	Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22460]
15	Signed-off-by: Khem Raj <raj.khem@gmail.com>
16	---
17	Configurations/10-main.conf \| 2 +-
18	1 file changed, 1 insertion(+), 1 deletion(-)
19
20	diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
21	index 46094f59c2..d1a15a1152 100644
22	--- a/Configurations/10-main.conf
23	+++ b/Configurations/10-main.conf
24	@@ -816,7 +816,7 @@ my %targets = (
25	},
26
27	"linux32-riscv32" => {
28	- inherit_from => [ "linux-generic32"],
29	+ inherit_from => [ "linux-latomic" ],
30	perlasm_scheme => "linux32",
31	asm_arch => 'riscv32',
32	},
33	--
34	2.42.0
35


diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch deleted file mode 100644 index 78dcd81685..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch +++ /dev/null
@@ -1,22 +0,0 @@
1	The perl script adds random suffixes to the local function names to ensure
2	it doesn't clash with other parts of openssl. Set the random number seed
3	to something predictable so the assembler files are generated consistently
4	and our own reproducible builds tests pass.
5
6	Upstream-Status: Pending
7	Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
8
9	Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
10	===================================================================
11	--- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
12	+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
13	@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable = (16 * 6);
14	# ;;; Helper functions
15	# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
16
17	+# Ensure the local labels are reproduicble
18	+srand(10000);
19	+
20	# ; Generates "random" local labels
21	sub random_string() {
22	my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');


diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb index c6c70a1213..ab0562bd73 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -11,8 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
11	file://run-ptest \	11	file://run-ptest \
12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \	12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13	file://0001-Configure-do-not-tweak-mips-cflags.patch \	13	file://0001-Configure-do-not-tweak-mips-cflags.patch \
14	file://fix_random_labels.patch \
15	file://0001-Link-libatomic-on-riscv32.patch \
16	file://0001-Added-handshake-history-reporting-when-test-fails.patch \	14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \
17	"	15	"
18		16
@@ -20,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
20	file://environment.d-openssl.sh \	18	file://environment.d-openssl.sh \
21	"	19	"
22		20
23	SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"	21	SRC_URI[sha256sum] = "14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e"
24		22
25	inherit lib_package multilib_header multilib_script ptest perlnative manpages	23	inherit lib_package multilib_header multilib_script ptest perlnative manpages
26	MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"	24	MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"