openssl: upgrade 3.4.0 -> 3.4.1

Release information: https://github.com/openssl/openssl/blob/openssl-3.4/NEWS.md#major-changes-between-openssl-340-and-openssl-341-11-feb-2025 Handles CVE-2024-12797 and CVE-2024-13176. Remove two patches included in the new version. (From OE-Core rev: d7ac886d91ccf6b91f67fb0c843fc1765d9dafb1) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2025-02-11 19:37:33 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-02-18 11:56:03 +0000
commit: 36c3bfa64b5a8d780e6d4976dda95936e1e15014 (patch)
tree: 21d5cd30ac9a28fb064ef285e64939e1cfec6b53
parent: 36be59464ca56c209a4a67bd99f9a5cb6f29558d (diff)
download: poky-36c3bfa64b5a8d780e6d4976dda95936e1e15014.tar.gz
3 files changed, 1 insertions, 91 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch
deleted file mode 100644
index 0ec8c93748..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9131291716073c4ea65a29575880a9d796c22ed6 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 23 Oct 2024 14:57:20 +0100
-Subject: [PATCH] Fix builds on riscv64 using musl
-Some environments using musl are reported to have the hwprobe.h include
-file but not have the __NR_riscv_hwprobe define.
-Fixes #25772
-Upstream-Status: Backport [https://github.com/openssl/openssl/pull/25787]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- include/crypto/riscv_arch.h | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-diff --git a/include/crypto/riscv_arch.h b/include/crypto/riscv_arch.h
-index 4b3573f..8858427 100644
--- a/include/crypto/riscv_arch.h
-+++ b/include/crypto/riscv_arch.h
-@@ -15,7 +15,14 @@
- 
- # if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE)
- #  if __has_include(<asm/hwprobe.h>)
-#   define OSSL_RISCV_HWPROBE
-+#   include <sys/syscall.h>
-+#   /*
-+     * Some environments using musl are reported to have the hwprobe.h include
-+     * file but not have the __NR_riscv_hwprobe define.
-+     */
-+#   ifdef __NR_riscv_hwprobe
-+#    define OSSL_RISCV_HWPROBE
-+#   endif
- #  endif
- # endif
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch
deleted file mode 100644
index f9773a6183..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 3ad2277e4522d363ae31a1888531915bb68964dc Mon Sep 17 00:00:00 2001
-From: Julian Andres Klode <julian.klode@canonical.com>
-Date: Sat, 18 Jan 2025 21:12:45 +0100
-Subject: [PATCH] Restore correct registers in aarch64 AES-CTR code
-Commit 1d1ca79fe35dbe5c05faed5a2ef8c4de9c5adc49 introduced
-save and restore for the registers, saving them as
-        stp             d8,d9,[sp, #16]
-        stp             d10,d11,[sp, #32]
-        stp             d12,d13,[sp, #48]
-        stp             d14,d15,[sp, #64]
-But the restore code was inadvertently typoed:
-        ldp             d8,d9,[sp, #16]
-        ldp             d10,d11,[sp, #32]
-        ldp             d12,d13,[sp, #48]
-        ldp             d15,d16,[sp, #64]
-Restoring [sp, #64] into d15,d16 instead of d14,d15.
-Fixes: #26466
-CLA: trivial
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Paul Dale <ppzgs1@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/26469)
-(cherry picked from commit 5261f3ca41cda7ad5767e399e9a2dc008bbad5d6)
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
---
- crypto/aes/asm/aesv8-armx.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index 33a2dd53dae19..dc019b04ccd25 100755
--- a/crypto/aes/asm/aesv8-armx.pl
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -2493,7 +2493,7 @@ ()
-        ldp             d8,d9,[sp, #16]
-        ldp             d10,d11,[sp, #32]
-        ldp             d12,d13,[sp, #48]
-       ldp             d15,d16,[sp, #64]
-+       ldp             d14,d15,[sp, #64]
-        ldr             x29,[sp],#80
-        ret
- .size  ${prefix}_ctr32_encrypt_blocks_unroll12_eor3,.-${prefix}_ctr32_encrypt_blocks_unroll12_eor3
diff --git a/meta/recipes-connectivity/openssl/openssl_3.4.0.bb b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
index cc413e39ba..ec7688b7af 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.4.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
@@ -12,15 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
-           file://0001-Fix-builds-on-riscv64-using-musl.patch \
-           file://aarch64-regs.patch \
           "
 SRC_URI:append:class-nativesdk = " \
           file://environment.d-openssl.sh \
           "
-SRC_URI[sha256sum] = "e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf"
+SRC_URI[sha256sum] = "002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3"
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
author	Peter Marko <peter.marko@siemens.com>	2025-02-11 19:37:33 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-02-18 11:56:03 +0000
commit	36c3bfa64b5a8d780e6d4976dda95936e1e15014 (patch)
tree	21d5cd30ac9a28fb064ef285e64939e1cfec6b53
parent	36be59464ca56c209a4a67bd99f9a5cb6f29558d (diff)
download	poky-36c3bfa64b5a8d780e6d4976dda95936e1e15014.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch deleted file mode 100644 index 0ec8c93748..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch +++ /dev/null
@@ -1,36 +0,0 @@
1	From 9131291716073c4ea65a29575880a9d796c22ed6 Mon Sep 17 00:00:00 2001
2	From: Matt Caswell <matt@openssl.org>
3	Date: Wed, 23 Oct 2024 14:57:20 +0100
4	Subject: [PATCH] Fix builds on riscv64 using musl
5
6	Some environments using musl are reported to have the hwprobe.h include
7	file but not have the __NR_riscv_hwprobe define.
8
9	Fixes #25772
10
11	Upstream-Status: Backport [https://github.com/openssl/openssl/pull/25787]
12	Signed-off-by: Khem Raj <raj.khem@gmail.com>
13	---
14	include/crypto/riscv_arch.h \| 9 ++++++++-
15	1 file changed, 8 insertions(+), 1 deletion(-)
16
17	diff --git a/include/crypto/riscv_arch.h b/include/crypto/riscv_arch.h
18	index 4b3573f..8858427 100644
19	--- a/include/crypto/riscv_arch.h
20	+++ b/include/crypto/riscv_arch.h
21	@@ -15,7 +15,14 @@
22
23	# if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE)
24	# if __has_include(<asm/hwprobe.h>)
25	-# define OSSL_RISCV_HWPROBE
26	+# include <sys/syscall.h>
27	+# /*
28	+ * Some environments using musl are reported to have the hwprobe.h include
29	+ * file but not have the __NR_riscv_hwprobe define.
30	+ */
31	+# ifdef __NR_riscv_hwprobe
32	+# define OSSL_RISCV_HWPROBE
33	+# endif
34	# endif
35	# endif
36


diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch deleted file mode 100644 index f9773a6183..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From 3ad2277e4522d363ae31a1888531915bb68964dc Mon Sep 17 00:00:00 2001
2	From: Julian Andres Klode <julian.klode@canonical.com>
3	Date: Sat, 18 Jan 2025 21:12:45 +0100
4	Subject: [PATCH] Restore correct registers in aarch64 AES-CTR code
5
6	Commit 1d1ca79fe35dbe5c05faed5a2ef8c4de9c5adc49 introduced
7	save and restore for the registers, saving them as
8
9	stp d8,d9,[sp, #16]
10	stp d10,d11,[sp, #32]
11	stp d12,d13,[sp, #48]
12	stp d14,d15,[sp, #64]
13
14	But the restore code was inadvertently typoed:
15
16	ldp d8,d9,[sp, #16]
17	ldp d10,d11,[sp, #32]
18	ldp d12,d13,[sp, #48]
19	ldp d15,d16,[sp, #64]
20
21	Restoring [sp, #64] into d15,d16 instead of d14,d15.
22
23	Fixes: #26466
24
25	CLA: trivial
26
27	Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
28	Reviewed-by: Paul Dale <ppzgs1@gmail.com>
29	Reviewed-by: Tomas Mraz <tomas@openssl.org>
30	(Merged from https://github.com/openssl/openssl/pull/26469)
31
32	(cherry picked from commit 5261f3ca41cda7ad5767e399e9a2dc008bbad5d6)
33
34	Upstream-Status: Backport
35	Signed-off-by: Ross Burton <ross.burton@arm.com>
36	---
37	crypto/aes/asm/aesv8-armx.pl \| 2 +-
38	1 file changed, 1 insertion(+), 1 deletion(-)
39
40	diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
41	index 33a2dd53dae19..dc019b04ccd25 100755
42	--- a/crypto/aes/asm/aesv8-armx.pl
43	+++ b/crypto/aes/asm/aesv8-armx.pl
44	@@ -2493,7 +2493,7 @@ ()
45	ldp d8,d9,[sp, #16]
46	ldp d10,d11,[sp, #32]
47	ldp d12,d13,[sp, #48]
48	- ldp d15,d16,[sp, #64]
49	+ ldp d14,d15,[sp, #64]
50	ldr x29,[sp],#80
51	ret
52	.size ${prefix}_ctr32_encrypt_blocks_unroll12_eor3,.-${prefix}_ctr32_encrypt_blocks_unroll12_eor3


diff --git a/meta/recipes-connectivity/openssl/openssl_3.4.0.bb b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb index cc413e39ba..ec7688b7af 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.4.0.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
@@ -12,15 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \	12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13	file://0001-Configure-do-not-tweak-mips-cflags.patch \	13	file://0001-Configure-do-not-tweak-mips-cflags.patch \
14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \	14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \
15	file://0001-Fix-builds-on-riscv64-using-musl.patch \
16	file://aarch64-regs.patch \
17	"	15	"
18		16
19	SRC_URI:append:class-nativesdk = " \	17	SRC_URI:append:class-nativesdk = " \
20	file://environment.d-openssl.sh \	18	file://environment.d-openssl.sh \
21	"	19	"
22		20
23	SRC_URI[sha256sum] = "e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf"	21	SRC_URI[sha256sum] = "002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3"
24		22
25	inherit lib_package multilib_header multilib_script ptest perlnative manpages	23	inherit lib_package multilib_header multilib_script ptest perlnative manpages
26	MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"	24	MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"