summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl
Commit message (Collapse)AuthorAgeFilesLines
* openssl: upgrade 3.2.1 -> 3.3.0Wang Mingyu7 days1-120/+0
| | | | | | | | | | | | | CVE-2024-2511.patch revmoed since it's included in 3.3.0 Changelog: https://github.com/openssl/openssl/blob/openssl-3.3.0/NEWS.md (From OE-Core rev: 1d6cb1592d6883cc504ff0776810312f732664ae) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: openssl: patch CVE-2024-2511Peter Marko2024-04-161-0/+120
| | | | | | | | | | Patch: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 News: https://github.com/openssl/openssl/commit/b7acb6731a96b073d6150465bd090e2052a595c2 (From OE-Core rev: b439d1c9e5a115bbb5193a2df25e84291cc07bec) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructionsRoss Burton2024-03-301-0/+58
| | | | | | | | | | | | | | | | On aarch64, if the processor doesn't have the Crypto instructions then OpenSSL will fall back onto the "bit-sliced" assembler routines. When branch protection (BTI) was enabled in OpenSSL these routines were missed, so if BTI is available libssl will immediately abort when it enters this assembler. Backport a patch submitted upstream to add the required call target annotations so that BTI doesn't believe the code is being exploited. (From OE-Core rev: 438a390e8e1811bc2d3820c1cd2b8e099e70064a) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 3.2.0 -> 3.2.1Peter Marko2024-02-053-179/+0
| | | | | | | | | | | | | | | | | Fixes CVE-2024-0727 and CVE-2023-6237 Removed included patch backports. New module was implemented in tests and needs to be installed to successfully pass 04-test_provider.t test. Release information: https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-320-and-openssl-321-30-jan-2024 (From OE-Core rev: b50f1c4ccac12e9dbdeb5a6fec0413c9cd901d88) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: backport fix for CVE-2023-6129Ross Burton2024-02-021-0/+113
| | | | | | | | (From OE-Core rev: 7fa10f29b31f8aae572026a00a6354aec539d044) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix build on riscvKhem Raj2024-01-191-0/+31
| | | | | | | | | Backport a typo fix RISCV_HAS_ZKND_ZKNE -> RISCV_HAS_ZKND_AND_ZKNE (From OE-Core rev: 2b2bf78c7250a23a476f168d3f1789496c1c27e9) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: mark assembler sections as call targets for PAC/BTI support on aarch64Ross Burton2023-12-211-0/+35
| | | | | | | | | | | The assembler sections in OpenSSL were not marked as valid call targets, so branch protection could not be enabled for libcrypto.so. (From OE-Core rev: 4bf06bc5487da05e6b4a4895e5ca2da65cdc25d8) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 3.2.0Lee Chee Yang2023-12-042-57/+0
| | | | | | | | | | | | | | | | | upgrade include fix for CVE-2023-5678. Changes in 3.2.0 https://www.openssl.org/news/cl32.txt drop upstreamed 0001-Link-libatomic-on-riscv32.patch. drop fix_random_labels.patch as fixed by https://github.com/openssl/openssl/commit/0fbc50ef0cb8894973d4739af62e95be825b7ccf (From OE-Core rev: 5a40f27051a1d40af41e7260b9f693a3c27c321f) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: improve handshake test error reportingWilliam Lyu2023-11-051-0/+374
| | | | | | | | | | | | | | Fixes [YOCTO #15225] Yocto Bug #15255 is not reproducible. To obtain more useful information for debugging, the OpenSSL test code is improved so that more detailed state information in the handshake loop is printed when an error occurs. (From OE-Core rev: 5bf9a70f580357badd01f39822998985654b0bfc) Signed-off-by: William Lyu <William.Lyu@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Inherit riscv32 config from latomic config on linuxKhem Raj2023-10-251-0/+35
| | | | | | | | | | | We still need this option for riscv32, the patch is also submitted upstream (From OE-Core rev: 2e923a5a67e51463dcf938079c4a199873ccba85) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: ensure all ptest fails are caughtAlexander Kanavin2023-09-181-1/+1
| | | | | | | | | Piping results through sed may mask failures that sed isn't catching. (From OE-Core rev: 2b1b0e9e4d5011e7c2fd1b59fc277a7cfdc41194) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: parallelize testsAlexander Kanavin2023-09-181-1/+1
| | | | | | | | | This brings them from 15 minutes to just over 4. (From OE-Core rev: 9eeee78aa94aaa441da012aeb904a0f1cbcd4d91) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 3.1.0 -> 3.1.1Tim Orling2023-06-012-234/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop CVE-2023-0464.patch (merged upstream). * Refresh 0001-Configure-do-not-tweak-mips-cflags.patch https://github.com/openssl/openssl/blob/openssl-3.1.1/NEWS.md Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023] * Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650) * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255) * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465) * Limited the number of nodes created in a policy tree (CVE-2023-0464) Security Advisory: https://www.openssl.org/news/secadv/20230530.txt CVE: CVE-2023-2650 CVE: CVE-2023-1255 CVE: CVE-2023-0466 CVE: CVE-2023-0465 CVE: CVE-2023-0464 (From OE-Core rev: 26ce9a5fd31c27812ce8784a398b600cc0e9aa80) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* OpenSSL: Security fix for CVE-2023-0464Siddharth Doshi2023-03-261-0/+226
| | | | | | | | | Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545] (From OE-Core rev: 20ae485ef65bef2ddbffe05fd29cc7d411c38448) Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix reproducibility issueRichard Purdie2023-03-161-0/+22
| | | | | | | | | | | Fix an issue introduced in the new openssl version where an assembler file isn't generated in a reproducible way by seeding the perl random number generator consistently. It has no crypto impact, it is just used to avoid function name clashes. (From OE-Core rev: 448df3e1c02fe224d62f59a236fdcd47ea7e695f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update from 3.0.8 to 3.1.0Randy MacLeod2023-03-161-31/+0
| | | | | | | | | | | | | | | | | | | | >From the NEWS.md file: ### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023] * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. * Performance enhancements and new platform support including new assembler code algorithm implementations. * Deprecated LHASH statistics functions. * FIPS 140-3 compliance changes. Drop the upstreamed afalg.patch: c425e365f4 Configure: don't try to be clever when configuring afalgeng (From OE-Core rev: 71c763ed4fbbea22a6a0b145e4e29436c7e59625) Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 3.0.7 -> 3.0.8Siddharth Doshi2023-02-201-43/+0
| | | | | | | | | | | | | | | | | | | | OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level security vulnerability [1]. Upgrade the recipe to point to 3.0.8. CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as well. [1] https://www.openssl.org/news/vulnerabilities.html CVEs Fixed: https://www.openssl.org/news/secadv/20230207.txt (From OE-Core rev: 8461466f63200a0b1c9c247b70fdf5819651544c) Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2022-3996 double locking leads to denial of serviceVivek Kumbhar2023-02-011-0/+43
| | | | | | | (From OE-Core rev: c20b7b864dc6726a2ed4a40cf5a30661ad28c6e0) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 3.0.5 -> 3.0.7Ed Tanous2022-11-021-55/+0
| | | | | | | | | | | | | | | | | | | OpenSSL 3.0.5 includes a HIGH level security vulnerability [1]. Upgrade the recipe to point to 3.0.7. CVE-2022-3358 is reported fixed in 3.0.6, so drop the patch for that as well. [1] https://www.openssl.org/news/vulnerabilities.html Fixes CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ (From OE-Core rev: a69ea1f7db96ec8b853573bd581438edd42ad6e0) Signed-off-by: Ed Tanous <edtanous@google.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL ↵Hitendra Prajapati2022-10-261-0/+55
| | | | | | | | | | | | | | | encryption Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b] Description: CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption. Affects "openssl < 3.0.6" (From OE-Core rev: f98b2273c6f03f8f6029a7a409600ce290817e27) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 3.0.3 -> 3.0.4Richard Purdie2022-07-014-75/+20
| | | | | | | | Includes a fix for CVE-2022-2068. (From OE-Core rev: f034faebd45e63385849078e6ee4b51257763e99) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Backport fix for ptest cert expiryRichard Purdie2022-06-021-0/+55
| | | | | | | | | | ptests in in openssl have started failing as one of the test certificates has expired. Backport a fix for this from upstream, replacing the test certificate to allow the ptests to pass again. (From OE-Core rev: f26f0b34f12bbca2beed153da402a3594d127374) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 3.0.2Ross Burton2022-03-161-22/+0
| | | | | | | | | | * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli ([CVE-2022-0778]) (From OE-Core rev: 30f054a1e0afaa26d16a411df2a6310104342e63) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add reproducibility fixRichard Purdie2022-01-041-0/+22
| | | | | | | | | | When the date rolled from one year to another, it highlighted a reproducibility issue in openssl. Patch a workaround for this to avoid autobuilder failures. Help submitting upstream welcome. (From OE-Core rev: f8281e290737dba16a46d7ae937c66b3266e0fe8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 3.0.1Ross Burton2021-12-212-137/+0
| | | | | | | | | | | | | | | | | | | | | Major changes in 3.0.1: * Fixed invalid handling of X509_verify_cert() internal errors in libssl ([CVE-2021-4044]) * Allow fetching an operation from the provider that owns an unexportable key as a fallback if that is still allowed by the property query. Drop patches which were backported. Add sed to openssl-ptest as the tests use 'sed -u', which isn't supported by busybox. Ensure that we package the dummy async engine, needed by the test suite. (From OE-Core rev: 5cd40648b0ba88cd9905800e748ae98f08c10ac7) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a valueRoss Burton2021-12-031-0/+108
| | | | | | | | | | Backport a patch from upstream. Specifically, this fixes signature validation in trusted-firmware-a with OpenSSL 3. (From OE-Core rev: ac670fd4f543f439efdea26e813a4b5121161289) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix builds on ARMv8 targets without Aarch64Ross Burton2021-11-031-0/+29
| | | | | | | | | | | ARMv8 doesn't imply Aarch64, so correct a check that was making that assumption. This fixes the build on 32-bit ARMv8 targets such as Cortex-A32. (From OE-Core rev: 78ae8b02bfbf0d98ae481682179439845d30c797) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Drop riscv32 upstreamed patchesKhem Raj2021-10-152-161/+0
| | | | | | | | | These patches are already available in 3.0 (From OE-Core rev: 063d085534b7b3659c5721228bb58f4e8115b5ee) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.1.1l -> 3.0.0Alexander Kanavin2021-10-145-88/+49
| | | | | | | | | | | | | | | | | | | | | | | | Drop 0001-skip-test_symbol_presence.patch - testing revealed no need for it, and I couldn't quite understand what it does. Drop reproducible.patch - upstream has removed the non-reproducible bit. Process lines in run-ptest with sed one by one rather than with perl after the test completes, avoiding ptest-runner timeout errors. License-Update: openssl relicense to apache 2.0. Goodbye awkward gpl exceptions in consumers. DEPRECATED_CRYPTO_FLAGS is now empty by default but available by anyone who wants to set it. Trying to come up with a working set was not a good idea as shown in the deleted comment. (From OE-Core rev: f028a55383588d68c052f19f16d0f3f4d0560c57) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Filter out -ffile-prefix-map as wellKhem Raj2021-05-011-9/+8
| | | | | | | (From OE-Core rev: 1829fa0bda9a9388c3134866c471f26ec5658c36) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Enable building for RISC-V 32-bitAlistair Francis2021-03-112-0/+161
| | | | | | | (From OE-Core rev: 22691df60abe22bafb83f391549ee9e5026cabef) Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.1d -> 1.1.1eAdrian Bunk2020-03-241-758/+0
| | | | | | | | | Backported patch removed. (From OE-Core rev: 710bc0f8544f54750c8fb7b8affa243932927a24) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix reproducibility issueRichard Purdie2020-02-081-0/+32
| | | | | | | | | | | There was a build architecture leaking into the target ptest which could vary depending upon host. Remove it as its cosmetic. [YOCTO #13770] (From OE-Core rev: 37db519eedb7eb5cd4f14d05f30f5d580aa7458d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2019-1551Anuj Mittal2019-12-161-0/+758
| | | | | | | (From OE-Core rev: 7a8165e0d833bc64c824fa2aee2ddad21d866675) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.1c -> 1.1.1dAdrian Bunk2019-09-162-78/+0
| | | | | | | | | Backported patches removed. (From OE-Core rev: 24174c6dafefec4ff3bd79b3c871b17cbfa3e840) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix valgrind errors on v1.1.1cBonnans, Laurent2019-07-221-0/+35
| | | | | | | | | | Running valgrind against code using Openssl v1.1.1c reports a large number of uninitialized memory errors. This fix from upstream solves this problem. (From OE-Core rev: 8081d645353ed934a0158329f2f36ea49d663e19) Signed-off-by: Laurent Bonnans <laurent.bonnans@here.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix a build bug on aarch64BE.Lei Maohui2019-06-191-0/+43
| | | | | | | | | | | Fix bug as following on aarch64BE: Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b' (From OE-Core rev: f29572f70a89fd88ab3898d334c126422b66755c) Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.1.1b -> 1.1.1cAdrian Bunk2019-06-072-72/+3
| | | | | | | | | Backported patch removed. (From OE-Core rev: 147d66495622332fdbf3cb1d0c3f0948402e1d1b) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: follow OE's rule for specifying CVE IDChen Qi2019-03-291-1/+1
| | | | | | | (From OE-Core rev: 7e29e7cb13ed13a7049328cd2169cd515b630fc3) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Remove the c_rehash shell re-implementationOtavio Salvador2019-03-191-222/+0
| | | | | | | | | | | We had a c_rehash shell re-implementation being used for the native package however the ca-certificates now uses the openssl rehash internal application so there is no use for the c_rehash anymore. (From OE-Core rev: 672b076158247f823a518b7c33b50c82272d6388) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2019-1543Ross Burton2019-03-181-0/+69
| | | | | | | (From OE-Core rev: 0f65b1192067a101d9a035f0ef26bae0ea13afeb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix ptest test output translationRichard Purdie2019-02-271-1/+1
| | | | | | | | | openssl-ptest was recording now results, despite most tests passing. Fix so that the successes/skips/failures are reported correctly. (From OE-Core rev: a4565d62297af62ff86a83685f8d55194cd4db48) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update patch to fix buildpaths qa issue for -fmacro-prefix-mapKai Kang2019-02-151-1/+7
| | | | | | | | | | | | Gcc option '-fmacro-prefix-map' is added to DEBUG_PREFIX_MAP. It has a patch to deal option '-fdebug-prefix-map' already. Update the patch 0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch to fix buildpaths qa issue for '-fmacro-prefix-map' too. (From OE-Core rev: 0851e03daebeeb7e0579baa3aa195c228652d97b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.1.1aAlexander Kanavin2018-11-272-158/+0
| | | | | | | (From OE-Core rev: eec95f90093a6aa1d8be145e351fc9df4abef172) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: don't disable the AFALG engine based on host kernelRoss Burton2018-11-231-0/+31
| | | | | | | | | | | | | Whether the AFALG engine (use of hardware crypto via AF_ALG) is enable or disable depends on whether the host kernel is 4.1 or above, which has no bearing on whether the target system supports it. Remove the complicated logic and simply enable/disable as requested. (From OE-Core rev: 4b6c566c0540fe8e560d0feeb9c765c0eb6e5182) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl-1.1.1: remove build path from version infoMartin Hundebøll2018-11-141-0/+70
| | | | | | | | | | | | | | | | | | The openssl build system generates buildinf.h containing the full compiler command line used to compile objects. This breaks reproducibility, as the compile command is baked into libcrypto, where it is used when running `openssl version -f`. Add stripped build variables for the compiler and cflags lines, and use those when generating buildinfo.h. This is based on a similar patch for older openssl versions: https://patchwork.openembedded.org/patch/147229/ (From OE-Core rev: cbc9b743a711f07c04cf9f5b2fc3f83da6d28913) Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2018-0735 for 1.1.1Kai Kang2018-11-071-0/+50
| | | | | | | | | Backport patch to fix CVE-2018-0735 for openssl 1.1.1. (From OE-Core rev: 78e751e33d3ec4394d96391e737cc39cad960ebe) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2018-0734 for both 1.0.2p and 1.1.1Kai Kang2018-11-071-0/+108
| | | | | | | | | | Backport patches to fix CVE-2018-0734 for both openssl 1.0.2p and 1.1.1 versions. (From OE-Core rev: 9d5c6a87eb72a8b8b8d417126a831565982ca9a6) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptestRoss Burton2018-10-201-3/+11
| | | | | | | | | | | | | | | | | | | | Previously the ptest installation was simply a copy of the entire build tree, which is terribly ugly. Instead copy just the pieces we need, symlink to /usr as appropriate, and add missing dependencies. Remove PRIVATE_LIBS as we don't ship copies of the libraries now. Also remember to do 'set -x' in run-ptest, so if the tests fail the runner knows! [ YOCTO #12965 ] [ YOCTO #12967 ] (From OE-Core rev: 7831d2d3a1069b9d3a8d32e41f0a292e1add56ba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: skip ptest case `test_symbol_presence'Hongxu Jia2018-10-041-0/+46
| | | | | | | | | | | | | The case in ptest use `nm -Pg libcrypto.so' to check symbol presence, if library is stripped or debug split, the case will fail. The test case needs debug symbols then we just disable that test. (From OE-Core rev: 28d3a4cb1ffb508018faebf088eabfd14bcf3113) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-02 12:00:13 +0000