* [rocko][PATCH v2 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m
@ 2017-11-18 9:00 Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 2/4] openssl10: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Stefan Agner @ 2017-11-18 9:00 UTC (permalink / raw)
To: openembedded-core; +Cc: Stefan Agner, otavio
From: Stefan Agner <stefan.agner@toradex.com>
Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
---
.../0001-Fix-build-with-clang-using-external-assembler.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch | 0
.../Use-SHA256-not-MD5-as-default-digest.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch | 0
.../debian1.0.2/block_digicert_malaysia.patch | 0
.../debian1.0.2/block_diginotar.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch | 0
.../debian1.0.2/version-script.patch | 0
.../engines-install-in-libdir-ssl.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/find.pl | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/oe-ldflags.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/openssl-1.0.2a-x32-asm.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-c_rehash.sh | 0
.../openssl-fix-des.pod-error.patch | 0
.../openssl-util-perlpath.pl-cwd.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/openssl_fix_for_x32.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/parallel.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest-deps.patch | 0
.../{openssl-1.0.2l => openssl-1.0.2m}/ptest_makefile_deps.patch | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/run-ptest | 0
.../openssl/{openssl-1.0.2l => openssl-1.0.2m}/shared-libs.patch | 0
.../openssl/{openssl_1.0.2l.bb => openssl_1.0.2m.bb} | 4 ++--
32 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/0001-Fix-build-with-clang-using-external-assembler.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/Makefiles-ptest.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/Use-SHA256-not-MD5-as-default-digest.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/configure-musl-target.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/configure-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/c_rehash-compat.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/ca.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/debian-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-dir.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/man-section.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-rpath.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/no-symbolic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/pic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian/version-script.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/block_digicert_malaysia.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/block_diginotar.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/soname.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/debian1.0.2/version-script.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/engines-install-in-libdir-ssl.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/find.pl (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/oe-ldflags.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-1.0.2a-x32-asm.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-c_rehash.sh (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-fix-des.pod-error.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl-util-perlpath.pl-cwd.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/openssl_fix_for_x32.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/parallel.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest-deps.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/ptest_makefile_deps.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/run-ptest (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.2l => openssl-1.0.2m}/shared-libs.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl_1.0.2l.bb => openssl_1.0.2m.bb} (94%)
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-Fix-build-with-clang-using-external-assembler.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-Fix-build-with-clang-using-external-assembler.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-Fix-build-with-clang-using-external-assembler.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-Fix-build-with-clang-using-external-assembler.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/Makefiles-ptest.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/Makefiles-ptest.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/Makefiles-ptest.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/Use-SHA256-not-MD5-as-default-digest.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/Use-SHA256-not-MD5-as-default-digest.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/Use-SHA256-not-MD5-as-default-digest.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-musl-target.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-musl-target.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-musl-target.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-musl-target.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/configure-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/c_rehash-compat.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/c_rehash-compat.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/c_rehash-compat.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/ca.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/ca.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/debian-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/debian-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/debian-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-dir.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-dir.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-dir.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-section.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-section.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/man-section.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-rpath.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-rpath.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-rpath.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-symbolic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-symbolic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/no-symbolic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/pic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/pic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/pic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/version-script.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_digicert_malaysia.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_digicert_malaysia.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_digicert_malaysia.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_diginotar.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_diginotar.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/block_diginotar.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/soname.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/soname.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/soname.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/version-script.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/version-script.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/debian1.0.2/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/engines-install-in-libdir-ssl.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/engines-install-in-libdir-ssl.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/find.pl b/meta/recipes-connectivity/openssl/openssl-1.0.2m/find.pl
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/find.pl
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/find.pl
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/oe-ldflags.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/oe-ldflags.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/oe-ldflags.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-1.0.2a-x32-asm.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-1.0.2a-x32-asm.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-1.0.2a-x32-asm.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-1.0.2a-x32-asm.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-c_rehash.sh
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-c_rehash.sh
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-c_rehash.sh
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-fix-des.pod-error.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-fix-des.pod-error.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-fix-des.pod-error.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-util-perlpath.pl-cwd.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-util-perlpath.pl-cwd.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl-util-perlpath.pl-cwd.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl_fix_for_x32.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/openssl_fix_for_x32.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/parallel.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/parallel.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/parallel.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/parallel.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest-deps.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest-deps.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest-deps.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest_makefile_deps.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest_makefile_deps.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/ptest_makefile_deps.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/run-ptest b/meta/recipes-connectivity/openssl/openssl-1.0.2m/run-ptest
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/run-ptest
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/run-ptest
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.2l/shared-libs.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.2m/shared-libs.patch
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
similarity index 94%
rename from meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
index 8c34ea60e5..b28420b075 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
@@ -42,8 +42,8 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
"
-SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
-SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
+SRC_URI[md5sum] = "10e9e37f492094b9ef296f68f24a7666"
+SRC_URI[sha256sum] = "8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
--
2.13.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [rocko][PATCH v2 2/4] openssl10: fix runtime errors with Thumb2 when using binutils 2.29
2017-11-18 9:00 [rocko][PATCH v2 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m Stefan Agner
@ 2017-11-18 9:00 ` Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 3/4] openssl: Upgrade 1.1.0f -> 1.1.0g Stefan Agner
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Agner @ 2017-11-18 9:00 UTC (permalink / raw)
To: openembedded-core; +Cc: Stefan Agner, otavio
From: Stefan Agner <stefan.agner@toradex.com>
When compiling OpenSSL with binutils 2.29 for ARM with Thumb2 enabled
crashes and unexpected behavior occurs. E.g. connecting to a OpenSSH
server using the affected binary fails with:
ssh_dispatch_run_fatal: Connection to 192.168.10.171 port 22: incorrect signature
Backport upstream bugfix:
https://github.com/openssl/openssl/issues/4659
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
---
...saes-armv7-sha256-armv4-.pl-make-it-work-.patch | 100 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2m.bb | 1 +
2 files changed, 101 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
new file mode 100644
index 0000000000..2ce0320c49
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2m/0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
@@ -0,0 +1,100 @@
+From d1d6c69b6fd25e71dbae67fad17b2c7737f6b2dc Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 5 Nov 2017 17:08:16 +0100
+Subject: [PATCH] {aes-armv4|bsaes-armv7|sha256-armv4}.pl: make it work with
+ binutils-2.29
+
+It's not clear if it's a feature or bug, but binutils-2.29[.1]
+interprets 'adr' instruction with Thumb2 code reference differently,
+in a way that affects calculation of addresses of constants' tables.
+
+Upstream-Status: Backport
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
+(Merged from https://github.com/openssl/openssl/pull/4673)
+---
+ crypto/aes/asm/aes-armv4.pl | 6 +++---
+ crypto/aes/asm/bsaes-armv7.pl | 6 +++---
+ crypto/sha/asm/sha256-armv4.pl | 2 +-
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
+index 4f8917089f..c1b5e352d7 100644
+--- a/crypto/aes/asm/aes-armv4.pl
++++ b/crypto/aes/asm/aes-armv4.pl
+@@ -184,7 +184,7 @@ AES_encrypt:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ AES_encrypt
+ #else
+- adr r3,AES_encrypt
++ adr r3,.
+ #endif
+ stmdb sp!,{r1,r4-r12,lr}
+ mov $rounds,r0 @ inp
+@@ -430,7 +430,7 @@ _armv4_AES_set_encrypt_key:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ AES_set_encrypt_key
+ #else
+- adr r3,private_AES_set_encrypt_key
++ adr r3,.
+ #endif
+ teq r0,#0
+ #if __ARM_ARCH__>=7
+@@ -952,7 +952,7 @@ AES_decrypt:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ AES_decrypt
+ #else
+- adr r3,AES_decrypt
++ adr r3,.
+ #endif
+ stmdb sp!,{r1,r4-r12,lr}
+ mov $rounds,r0 @ inp
+diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
+index 70b3f9656f..ec66b0502a 100644
+--- a/crypto/aes/asm/bsaes-armv7.pl
++++ b/crypto/aes/asm/bsaes-armv7.pl
+@@ -724,7 +724,7 @@ $code.=<<___;
+ .type _bsaes_decrypt8,%function
+ .align 4
+ _bsaes_decrypt8:
+- adr $const,_bsaes_decrypt8
++ adr $const,.
+ vldmia $key!, {@XMM[9]} @ round 0 key
+ add $const,$const,#.LM0ISR-_bsaes_decrypt8
+
+@@ -819,7 +819,7 @@ _bsaes_const:
+ .type _bsaes_encrypt8,%function
+ .align 4
+ _bsaes_encrypt8:
+- adr $const,_bsaes_encrypt8
++ adr $const,.
+ vldmia $key!, {@XMM[9]} @ round 0 key
+ sub $const,$const,#_bsaes_encrypt8-.LM0SR
+
+@@ -923,7 +923,7 @@ $code.=<<___;
+ .type _bsaes_key_convert,%function
+ .align 4
+ _bsaes_key_convert:
+- adr $const,_bsaes_key_convert
++ adr $const,.
+ vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
+ sub $const,$const,#_bsaes_key_convert-.LM0
+ vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key
+diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
+index 4fee74d832..750216eb42 100644
+--- a/crypto/sha/asm/sha256-armv4.pl
++++ b/crypto/sha/asm/sha256-armv4.pl
+@@ -205,7 +205,7 @@ sha256_block_data_order:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ sha256_block_data_order
+ #else
+- adr r3,sha256_block_data_order
++ adr r3,.
+ #endif
+ #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+ ldr r12,.LOPENSSL_armcap
+--
+2.15.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
index b28420b075..72862fedda 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
@@ -41,6 +41,7 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
file://openssl-util-perlpath.pl-cwd.patch \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
+ file://0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch \
"
SRC_URI[md5sum] = "10e9e37f492094b9ef296f68f24a7666"
SRC_URI[sha256sum] = "8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f"
--
2.13.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [rocko][PATCH v2 3/4] openssl: Upgrade 1.1.0f -> 1.1.0g
2017-11-18 9:00 [rocko][PATCH v2 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 2/4] openssl10: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
@ 2017-11-18 9:00 ` Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 4/4] openssl: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
2017-11-18 9:32 ` ✗ patchtest: failure for "[rocko,v2] openssl10: Upgrade ..." and 3 more Patchwork
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Agner @ 2017-11-18 9:00 UTC (permalink / raw)
To: openembedded-core; +Cc: Stefan Agner, otavio
From: Stefan Agner <stefan.agner@toradex.com>
Deals with two CVEs:
* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
---
.../openssl/{openssl_1.1.0f.bb => openssl_1.1.0g.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_1.1.0f.bb => openssl_1.1.0g.bb} (96%)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
similarity index 96%
rename from meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
index 711a95985a..5f3e9a9dfa 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
@@ -10,8 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32"
BBCLASSEXTEND = "native nativesdk"
-SRC_URI[md5sum] = "7b521dea79ab159e8ec879d2333369fa"
-SRC_URI[sha256sum] = "12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765"
+SRC_URI[md5sum] = "ba5f1b8b835b88cadbce9b35ed9531a6"
+SRC_URI[sha256sum] = "de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
--
2.13.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [rocko][PATCH v2 4/4] openssl: fix runtime errors with Thumb2 when using binutils 2.29
2017-11-18 9:00 [rocko][PATCH v2 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 2/4] openssl10: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 3/4] openssl: Upgrade 1.1.0f -> 1.1.0g Stefan Agner
@ 2017-11-18 9:00 ` Stefan Agner
2017-11-18 9:32 ` ✗ patchtest: failure for "[rocko,v2] openssl10: Upgrade ..." and 3 more Patchwork
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Agner @ 2017-11-18 9:00 UTC (permalink / raw)
To: openembedded-core; +Cc: Stefan Agner, otavio
From: Stefan Agner <stefan.agner@toradex.com>
When compiling OpenSSL with binutils 2.29 for ARM with Thumb2 enabled
crashes and unexpected behavior occurs. E.g. connecting to a OpenSSH
server using the affected binary fails with:
ssh_dispatch_run_fatal: Connection to 192.168.10.171 port 22: incorrect signature
Backport upstream bugfix:
https://github.com/openssl/openssl/issues/4659
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
---
...-armv4-bsaes-armv7-.pl-make-it-work-with-.patch | 88 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.1.0g.bb | 1 +
2 files changed, 89 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
new file mode 100644
index 0000000000..bb0a1689ed
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
@@ -0,0 +1,88 @@
+From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Fri, 3 Nov 2017 23:30:01 +0100
+Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with
+ binutils-2.29.
+
+It's not clear if it's a feature or bug, but binutils-2.29[.1]
+interprets 'adr' instruction with Thumb2 code reference differently,
+in a way that affects calculation of addresses of constants' tables.
+
+Upstream-Status: Backport
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
+(Merged from https://github.com/openssl/openssl/pull/4669)
+
+(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda)
+---
+ crypto/aes/asm/aes-armv4.pl | 6 +++---
+ crypto/aes/asm/bsaes-armv7.pl | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
+index 16d79aae53..c6474b8aad 100644
+--- a/crypto/aes/asm/aes-armv4.pl
++++ b/crypto/aes/asm/aes-armv4.pl
+@@ -200,7 +200,7 @@ AES_encrypt:
+ #ifndef __thumb2__
+ sub r3,pc,#8 @ AES_encrypt
+ #else
+- adr r3,AES_encrypt
++ adr r3,.
+ #endif
+ stmdb sp!,{r1,r4-r12,lr}
+ #ifdef __APPLE__
+@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key:
+ #ifndef __thumb2__
+ sub r3,pc,#8 @ AES_set_encrypt_key
+ #else
+- adr r3,AES_set_encrypt_key
++ adr r3,.
+ #endif
+ teq r0,#0
+ #ifdef __thumb2__
+@@ -976,7 +976,7 @@ AES_decrypt:
+ #ifndef __thumb2__
+ sub r3,pc,#8 @ AES_decrypt
+ #else
+- adr r3,AES_decrypt
++ adr r3,.
+ #endif
+ stmdb sp!,{r1,r4-r12,lr}
+ #ifdef __APPLE__
+diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
+index 9f288660ef..a27bb4a179 100644
+--- a/crypto/aes/asm/bsaes-armv7.pl
++++ b/crypto/aes/asm/bsaes-armv7.pl
+@@ -744,7 +744,7 @@ $code.=<<___;
+ .type _bsaes_decrypt8,%function
+ .align 4
+ _bsaes_decrypt8:
+- adr $const,_bsaes_decrypt8
++ adr $const,.
+ vldmia $key!, {@XMM[9]} @ round 0 key
+ #ifdef __APPLE__
+ adr $const,.LM0ISR
+@@ -843,7 +843,7 @@ _bsaes_const:
+ .type _bsaes_encrypt8,%function
+ .align 4
+ _bsaes_encrypt8:
+- adr $const,_bsaes_encrypt8
++ adr $const,.
+ vldmia $key!, {@XMM[9]} @ round 0 key
+ #ifdef __APPLE__
+ adr $const,.LM0SR
+@@ -951,7 +951,7 @@ $code.=<<___;
+ .type _bsaes_key_convert,%function
+ .align 4
+ _bsaes_key_convert:
+- adr $const,_bsaes_key_convert
++ adr $const,.
+ vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
+ #ifdef __APPLE__
+ adr $const,.LM0
+--
+2.15.0
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
index 5f3e9a9dfa..1649bffaa1 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://openssl-c_rehash.sh \
file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
file://0001-Remove-test-that-requires-running-as-non-root.patch \
+ file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \
"
S = "${WORKDIR}/openssl-${PV}"
--
2.13.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* ✗ patchtest: failure for "[rocko,v2] openssl10: Upgrade ..." and 3 more
2017-11-18 9:00 [rocko][PATCH v2 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m Stefan Agner
` (2 preceding siblings ...)
2017-11-18 9:00 ` [rocko][PATCH v2 4/4] openssl: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
@ 2017-11-18 9:32 ` Patchwork
3 siblings, 0 replies; 5+ messages in thread
From: Patchwork @ 2017-11-18 9:32 UTC (permalink / raw)
To: Stefan Agner; +Cc: openembedded-core
== Series Details ==
Series: "[rocko,v2] openssl10: Upgrade ..." and 3 more
Revision: 1
URL : https://patchwork.openembedded.org/series/9869/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch master (currently at a17f3ec910)
* Patch [rocko,v2,1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m
Issue Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format]
Suggested fix Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-11-18 9:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-18 9:00 [rocko][PATCH v2 1/4] openssl10: Upgrade 1.0.2l -> 1.0.2m Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 2/4] openssl10: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 3/4] openssl: Upgrade 1.1.0f -> 1.1.0g Stefan Agner
2017-11-18 9:00 ` [rocko][PATCH v2 4/4] openssl: fix runtime errors with Thumb2 when using binutils 2.29 Stefan Agner
2017-11-18 9:32 ` ✗ patchtest: failure for "[rocko,v2] openssl10: Upgrade ..." and 3 more Patchwork
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox