diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-11-29 20:45:17 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-12-04 11:23:37 +0000 |
commit | 5369e2f5c5db497b798fcce96eb597235e4c952a (patch) | |
tree | d7a75505faa3be135d36a4ae60d571760bbf9911 /meta/recipes-connectivity/openssl | |
parent | 87fdb2fb6f4af9231c2ef690f57e253dabd87393 (diff) | |
download | poky-5369e2f5c5db497b798fcce96eb597235e4c952a.tar.gz |
openssl: upgrade to 3.2.0
upgrade include fix for CVE-2023-5678.
Changes in 3.2.0
https://www.openssl.org/news/cl32.txt
drop upstreamed 0001-Link-libatomic-on-riscv32.patch.
drop fix_random_labels.patch as fixed by
https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf
(From OE-Core rev: 5a40f27051a1d40af41e7260b9f693a3c27c321f)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch | 35 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch | 22 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_3.2.0.bb (renamed from meta/recipes-connectivity/openssl/openssl_3.1.4.bb) | 4 |
3 files changed, 1 insertions, 60 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch b/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch deleted file mode 100644 index 2c54d8f685..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Link-libatomic-on-riscv32.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From 73266b8573c71e6720453c4c5a9e6e8fa4daec65 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Sat, 21 Oct 2023 13:03:52 -0700 | ||
4 | Subject: [PATCH] Link libatomic on riscv32 | ||
5 | |||
6 | GCC toolchains on linux are not able to build libcrypto without linking | ||
7 | to libatomic as it does not have all needed atomics implemented as | ||
8 | intrinsics | ||
9 | |||
10 | Fixes errors like | ||
11 | |||
12 | | ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free' | ||
13 | |||
14 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22460] | ||
15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
16 | --- | ||
17 | Configurations/10-main.conf | 2 +- | ||
18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf | ||
21 | index 46094f59c2..d1a15a1152 100644 | ||
22 | --- a/Configurations/10-main.conf | ||
23 | +++ b/Configurations/10-main.conf | ||
24 | @@ -816,7 +816,7 @@ my %targets = ( | ||
25 | }, | ||
26 | |||
27 | "linux32-riscv32" => { | ||
28 | - inherit_from => [ "linux-generic32"], | ||
29 | + inherit_from => [ "linux-latomic" ], | ||
30 | perlasm_scheme => "linux32", | ||
31 | asm_arch => 'riscv32', | ||
32 | }, | ||
33 | -- | ||
34 | 2.42.0 | ||
35 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch deleted file mode 100644 index 78dcd81685..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | The perl script adds random suffixes to the local function names to ensure | ||
2 | it doesn't clash with other parts of openssl. Set the random number seed | ||
3 | to something predictable so the assembler files are generated consistently | ||
4 | and our own reproducible builds tests pass. | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
8 | |||
9 | Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl | ||
10 | =================================================================== | ||
11 | --- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl | ||
12 | +++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl | ||
13 | @@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable = (16 * 6); | ||
14 | # ;;; Helper functions | ||
15 | # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||
16 | |||
17 | +# Ensure the local labels are reproduicble | ||
18 | +srand(10000); | ||
19 | + | ||
20 | # ; Generates "random" local labels | ||
21 | sub random_string() { | ||
22 | my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_'); | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb index c6c70a1213..ab0562bd73 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb | |||
@@ -11,8 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | |||
11 | file://run-ptest \ | 11 | file://run-ptest \ |
12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | 12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ |
13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ | 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ |
14 | file://fix_random_labels.patch \ | ||
15 | file://0001-Link-libatomic-on-riscv32.patch \ | ||
16 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ | 14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ |
17 | " | 15 | " |
18 | 16 | ||
@@ -20,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ | |||
20 | file://environment.d-openssl.sh \ | 18 | file://environment.d-openssl.sh \ |
21 | " | 19 | " |
22 | 20 | ||
23 | SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3" | 21 | SRC_URI[sha256sum] = "14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e" |
24 | 22 | ||
25 | inherit lib_package multilib_header multilib_script ptest perlnative manpages | 23 | inherit lib_package multilib_header multilib_script ptest perlnative manpages |
26 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | 24 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" |