* [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
@ 2022-02-16 3:59 Tim Orling
2022-02-18 23:36 ` Steve Sakoman
0 siblings, 1 reply; 6+ messages in thread
From: Tim Orling @ 2022-02-16 3:59 UTC (permalink / raw)
To: openembedded-core; +Cc: steve, Tim Orling
Changes are only security and bug fixes.
https://www.openssl.org/news/cl111.txt
https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m
CVE: CVE-2021-4160
https://nvd.nist.gov/vuln/detail/CVE-2021-4160
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
---
Changes in v2:
- drop SRC_URI[md5sum] that devtool snuck in.
.../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
index bf7cd6527ef..c6f8499d4f5 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
@@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
+SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.30.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 2022-02-16 3:59 [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 Tim Orling @ 2022-02-18 23:36 ` Steve Sakoman 2022-02-19 0:27 ` Tim Orling 0 siblings, 1 reply; 6+ messages in thread From: Steve Sakoman @ 2022-02-18 23:36 UTC (permalink / raw) To: Tim Orling; +Cc: openembedded-core, Tim Orling On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@gmail.com> wrote: > > Changes are only security and bug fixes. I'm seeing ptest errors: WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were failing ptests. Traceback (most recent call last): File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", line 36, in wrapped_f return func(*args, **kwargs) File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", line 36, in wrapped_f return func(*args, **kwargs) File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", line 36, in wrapped_f return func(*args, **kwargs) File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", line 25, in test_ptestrunner_expectfail self.do_ptestrunner() File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", line 108, in do_ptestrunner self.fail(failmsg) AssertionError: Failed ptests: {'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']} Happens with both qemuarm64-ptest and qemux86-64-ptest: https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863 https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124 Steve > https://www.openssl.org/news/cl111.txt > https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m > > CVE: CVE-2021-4160 > > https://nvd.nist.gov/vuln/detail/CVE-2021-4160 > > Signed-off-by: Tim Orling <tim.orling@konsulko.com> > --- > Changes in v2: > - drop SRC_URI[md5sum] that devtool snuck in. > > .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%) > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb > similarity index 98% > rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb > rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb > index bf7cd6527ef..c6f8499d4f5 100644 > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb > @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" > +SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" > > inherit lib_package multilib_header multilib_script ptest > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > -- > 2.30.2 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 2022-02-18 23:36 ` Steve Sakoman @ 2022-02-19 0:27 ` Tim Orling 2022-02-19 2:37 ` Steve Sakoman 0 siblings, 1 reply; 6+ messages in thread From: Tim Orling @ 2022-02-19 0:27 UTC (permalink / raw) To: Steve Sakoman; +Cc: Tim Orling, openembedded-core [-- Attachment #1: Type: text/plain, Size: 3223 bytes --] On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@sakoman.com> wrote: > On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@gmail.com> wrote: > > > > Changes are only security and bug fixes. > > I'm seeing ptest errors: > > WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were > failing ptests. > Traceback (most recent call last): > File > "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", > line 36, in wrapped_f > return func(*args, **kwargs) > File > "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", > line 36, in wrapped_f > return func(*args, **kwargs) > File > "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", > line 36, in wrapped_f > return func(*args, **kwargs) > File > "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", > line 25, in test_ptestrunner_expectfail > self.do_ptestrunner() > File > "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", > line 108, in do_ptestrunner > self.fail(failmsg) > AssertionError: Failed ptests: > {'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']} > I saw this on qemux86-64, but was not sure it was due to the upgrade or a one off infra issue. I’ll dig deeper and see what might be happening. > Happens with both qemuarm64-ptest and qemux86-64-ptest: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863 > https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124 > > Steve > > > https://www.openssl.org/news/cl111.txt > > https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m > > > > CVE: CVE-2021-4160 > > > > https://nvd.nist.gov/vuln/detail/CVE-2021-4160 > > > > Signed-off-by: Tim Orling <tim.orling@konsulko.com> > > --- > > Changes in v2: > > - drop SRC_URI[md5sum] that devtool snuck in. > > > > .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => > openssl_1.1.1m.bb} (98%) > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb > b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb > > similarity index 98% > > rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb > > rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb > > index bf7cd6527ef..c6f8499d4f5 100644 > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb > > @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \ > > file://environment.d-openssl.sh \ > > " > > > > -SRC_URI[sha256sum] = > "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" > > +SRC_URI[sha256sum] = > "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" > > > > inherit lib_package multilib_header multilib_script ptest > > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > > -- > > 2.30.2 > > > [-- Attachment #2: Type: text/html, Size: 5511 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 2022-02-19 0:27 ` Tim Orling @ 2022-02-19 2:37 ` Steve Sakoman 2022-02-21 7:04 ` [OE-core] " Mikko.Rapeli 0 siblings, 1 reply; 6+ messages in thread From: Steve Sakoman @ 2022-02-19 2:37 UTC (permalink / raw) To: Tim Orling; +Cc: Tim Orling, openembedded-core On Fri, Feb 18, 2022 at 2:27 PM Tim Orling <ticotimo@gmail.com> wrote: > > > > On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@sakoman.com> wrote: >> >> On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@gmail.com> wrote: >> > >> > Changes are only security and bug fixes. >> >> I'm seeing ptest errors: >> >> WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were >> failing ptests. >> Traceback (most recent call last): >> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", >> line 36, in wrapped_f >> return func(*args, **kwargs) >> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", >> line 36, in wrapped_f >> return func(*args, **kwargs) >> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", >> line 36, in wrapped_f >> return func(*args, **kwargs) >> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", >> line 25, in test_ptestrunner_expectfail >> self.do_ptestrunner() >> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", >> line 108, in do_ptestrunner >> self.fail(failmsg) >> AssertionError: Failed ptests: >> {'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']} > > > I saw this on qemux86-64, but was not sure it was due to the upgrade or a one off infra issue. I’ll dig deeper and see what might be happening. I re-ran the test and got the same error, so it doesn't seem to be intermittent. Thanks! Steve > >> >> Happens with both qemuarm64-ptest and qemux86-64-ptest: >> >> https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863 >> https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124 >> >> Steve >> >> > https://www.openssl.org/news/cl111.txt >> > https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m >> > >> > CVE: CVE-2021-4160 >> > >> > https://nvd.nist.gov/vuln/detail/CVE-2021-4160 >> > >> > Signed-off-by: Tim Orling <tim.orling@konsulko.com> >> > --- >> > Changes in v2: >> > - drop SRC_URI[md5sum] that devtool snuck in. >> > >> > .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%) >> > >> > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb >> > similarity index 98% >> > rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb >> > rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb >> > index bf7cd6527ef..c6f8499d4f5 100644 >> > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb >> > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb >> > @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \ >> > file://environment.d-openssl.sh \ >> > " >> > >> > -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" >> > +SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" >> > >> > inherit lib_package multilib_header multilib_script ptest >> > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" >> > -- >> > 2.30.2 >> > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [OE-core] [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 2022-02-19 2:37 ` Steve Sakoman @ 2022-02-21 7:04 ` Mikko.Rapeli 2022-02-21 14:06 ` Steve Sakoman 0 siblings, 1 reply; 6+ messages in thread From: Mikko.Rapeli @ 2022-02-21 7:04 UTC (permalink / raw) To: steve; +Cc: ticotimo, tim.orling, openembedded-core FWIW, there is also the pure patch to fix CVE-2021-4160 in openssl 1.1.1l for dunfell: https://lists.openembedded.org/g/openembedded-core/message/161652 Patch versus letter version update, which one is preferred? -Mikko ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [OE-core] [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 2022-02-21 7:04 ` [OE-core] " Mikko.Rapeli @ 2022-02-21 14:06 ` Steve Sakoman 0 siblings, 0 replies; 6+ messages in thread From: Steve Sakoman @ 2022-02-21 14:06 UTC (permalink / raw) To: Mikko.Rapeli; +Cc: ticotimo, tim.orling, openembedded-core On Sun, Feb 20, 2022 at 9:04 PM <Mikko.Rapeli@bmw.de> wrote: > > FWIW, there is also the pure patch to fix CVE-2021-4160 in openssl 1.1.1l for dunfell: > > https://lists.openembedded.org/g/openembedded-core/message/161652 > > Patch versus letter version update, which one is preferred? Yes, I'm aware of the CVE only patch. In this case I'd prefer the letter version update since it also contains bug fixes. But if we can't fix the ptest regression in the next couple of days I'll fall back to the CVE only patch. Steve > > -Mikko ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-02-21 14:06 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-02-16 3:59 [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 Tim Orling 2022-02-18 23:36 ` Steve Sakoman 2022-02-19 0:27 ` Tim Orling 2022-02-19 2:37 ` Steve Sakoman 2022-02-21 7:04 ` [OE-core] " Mikko.Rapeli 2022-02-21 14:06 ` Steve Sakoman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox