RE: [OE-core][scarthgap][RFC PATCH 0/1] openssl: upgrade 3.2.6 -> 3.5.4

["Marko, Peter" <Peter.Marko@siemens.com>]

[-- Attachment #1: Type: text/plain, Size: 4405 bytes --]

I have checked the m2crypto build issue and found out that I had to fix this for newer Yocto releases already.
https://git.openembedded.org/meta-openembedded/commit/?id=f9158ce32fffa6f18eed4008c3295146c81d55ea
Applying this commit to scarthgap works, so I have submitted it.
https://lists.openembedded.org/g/openembedded-devel/message/124019

Peter

From: Yoann Congal <yoann.congal@smile.fr>
Sent: Wednesday, January 28, 2026 12:05
To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][scarthgap][RFC PATCH 0/1] openssl: upgrade 3.2.6 -> 3.5.4

Le ven. 23 janv. 2026 à 18:02, Yoann Congal <yoann.congal@smile.fr<mailto:yoann.congal@smile.fr>> a écrit :
Le ven. 23 janv. 2026 à 13:33, Peter Marko via lists.openembedded.org<http://lists.openembedded.org> <peter.marko=siemens.com@lists.openembedded.org<mailto:siemens.com@lists.openembedded.org>> a écrit :
Intention of this RFC is to run full autobuilder job matrix to see if
there are any failures not detected by my local testsuite.

I created a poky branch with this patch : https://git.yoctoproject.org/poky-contrib/log/?h=ycongal/scarthgap/openssl_3.5_upgrade
(above my -nut branch to decrease the probability of an unrelated AB-INT failure)

I've started the build : https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3118

Hello,

As discussed during the tech call of last tuesday, I've started builds:
* a new a-full with rebased branch on the latest scarthgap (now, the branch is only scarthgap+this upgrade)
  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3133/ failed on a unrelated AB-INT issue (#15945) but is otherwise OK
* a meta-oe build (which includes a world build for meta-oe, meta-python, meta-networking & meta-filesystems):
  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1277
  * *Failed on python3-m2crypto* (log.do_compile => https://gist.github.com/ycongal-smile/4c6501ecd81c9f475b793234cceb7a74)
* to compare, I've started the same build with a vanilla scarthgap branch (without the openssl upgrade):
  * https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1278 => success (albeit with warnings)

Can you investigate this python3-m2crypto failure?

Also, the "meta-oe" build does not cover every layer in meta-openembedded, I think I will increase coverage to all the meta-openembedded layers for the next run...


Topic for discussion is especially what should be the final form of this
upgrade as some users may want to stay on openssl 3.2.x originally
shipped with Yocto 5.0 Scarthgap.
Current form was chosen to easily review recipe/patch differences.
Is it fine to overwrite or do we need to keep both version and make one
the default and other optional? Which would be tested on AB?

Peter Marko (1):
  openssl: upgrade 3.2.6 -> 3.5.4

 .../openssl/files/environment.d-openssl.sh<http://environment.d-openssl.sh>    |  9 ++-
 ...ke-history-reporting-when-test-fails.patch | 19 +++--
 ...1-Configure-do-not-tweak-mips-cflags.patch |  4 +-
 ...sysroot-and-debug-prefix-map-from-co.patch | 26 ++++---
 .../0001-extend-check_cwm-test-timeout.patch  | 32 ++++++++
 .../openssl/openssl/CVE-2024-41996.patch      | 44 -----------
 .../{openssl_3.2.6.bb<http://openssl_3.2.6.bb> => openssl_3.5.4.bb<http://openssl_3.5.4.bb>}    | 76 +++++++++++++------
 7 files changed, 116 insertions(+), 94 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.2.6.bb<http://openssl_3.2.6.bb> => openssl_3.5.4.bb<http://openssl_3.5.4.bb>} (75%)


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#229884): https://lists.openembedded.org/g/openembedded-core/message/229884
Mute This Topic: https://lists.openembedded.org/mt/117416674/4316185
Group Owner: openembedded-core+owner@lists.openembedded.org<mailto:openembedded-core%2Bowner@lists.openembedded.org>
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [yoann.congal@smile.fr<mailto:yoann.congal@smile.fr>]
-=-=-=-=-=-=-=-=-=-=-=-


--
Yoann Congal
Smile ECS


--
Yoann Congal
Smile ECS

[-- Attachment #2: Type: text/html, Size: 11544 bytes --]