* [PATCH 0/1] OpenSSL upgrade
@ 2014-08-10 16:06 Paul Eggleton
2014-08-10 16:06 ` [PATCH 1/1] openssl: upgrade to 1.0.1i Paul Eggleton
0 siblings, 1 reply; 5+ messages in thread
From: Paul Eggleton @ 2014-08-10 16:06 UTC (permalink / raw)
To: openembedded-core
The following change since commit 1fafe7ccc563d5ac9e41f5c1de93d2736745b512:
ghostscript: Remove bogus gsfonts reference from DESCRIPTION (2014-08-06 11:14:21 +0100)
is available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib paule/openssl101i
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl101i
Paul Eggleton (1):
openssl: upgrade to 1.0.1i
.../openssl/heartbeat-test-private-api.patch | 45 ----------------------
.../{openssl_1.0.1h.bb => openssl_1.0.1i.bb} | 5 +--
2 files changed, 2 insertions(+), 48 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/heartbeat-test-private-api.patch
rename meta/recipes-connectivity/openssl/{openssl_1.0.1h.bb => openssl_1.0.1i.bb} (90%)
--
1.9.3
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH 1/1] openssl: upgrade to 1.0.1i
2014-08-10 16:06 [PATCH 0/1] OpenSSL upgrade Paul Eggleton
@ 2014-08-10 16:06 ` Paul Eggleton
0 siblings, 0 replies; 5+ messages in thread
From: Paul Eggleton @ 2014-08-10 16:06 UTC (permalink / raw)
To: openembedded-core
Removed one patch merged upstream.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/heartbeat-test-private-api.patch | 45 ----------------------
.../{openssl_1.0.1h.bb => openssl_1.0.1i.bb} | 5 +--
2 files changed, 2 insertions(+), 48 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/heartbeat-test-private-api.patch
rename meta/recipes-connectivity/openssl/{openssl_1.0.1h.bb => openssl_1.0.1i.bb} (90%)
diff --git a/meta/recipes-connectivity/openssl/openssl/heartbeat-test-private-api.patch b/meta/recipes-connectivity/openssl/openssl/heartbeat-test-private-api.patch
deleted file mode 100644
index 3c77dfc..0000000
--- a/meta/recipes-connectivity/openssl/openssl/heartbeat-test-private-api.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 2e251ba8feaa696f9408a19336d1fbab148df55e Mon Sep 17 00:00:00 2001
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Sat, 7 Jun 2014 13:32:23 +0200
-Subject: [PATCH] Link heartbeat_test with the static version of the libraries
-
-It's using an internal API that that might not be available in the shared
-library.
-
-Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/125]
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
----
- test/Makefile | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/test/Makefile b/test/Makefile
-index f1816ac..1dd7bb9 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -420,6 +420,13 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- link_app.$${shlib_target}
-
-+BUILD_CMD_STATIC=shlib_target=; \
-+ LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \
-+ $(MAKE) -f $(TOP)/Makefile.shared -e \
-+ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-+ link_app.$${shlib_target}
-+
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
-
-@@ -618,7 +625,7 @@ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
- @target=$(V3NAMETEST); $(BUILD_CMD)
-
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
-- @target=$(HEARTBEATTEST); $(BUILD_CMD)
-+ @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
---
-1.9.3
-
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1i.bb
similarity index 90%
rename from meta/recipes-connectivity/openssl/openssl_1.0.1h.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.1i.bb
index ddaaba8..4f88784 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1i.bb
@@ -34,13 +34,12 @@ SRC_URI += "file://configure-targets.patch \
file://find.pl \
file://openssl-fix-des.pod-error.patch \
file://Makefiles-ptest.patch \
- file://heartbeat-test-private-api.patch \
file://ptest-deps.patch \
file://run-ptest \
"
-SRC_URI[md5sum] = "8d6d684a9430d5cc98a62a5d8fbda8cf"
-SRC_URI[sha256sum] = "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093"
+SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972"
+SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7"
PACKAGES =+ " \
${PN}-engines \
--
1.9.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 0/1] openssl upgrade
@ 2014-04-08 11:49 Cristiana Voicu
0 siblings, 0 replies; 5+ messages in thread
From: Cristiana Voicu @ 2014-04-08 11:49 UTC (permalink / raw)
To: openembedded-core
The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160).
More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Tested locally on a core-image-sato. Tested with openssl speed benchmark and
commands like version and help.
I am currently building on localautobuilder on major archs, but this will take some time.
I will announce in case of failure.
The following changes since commit bb66113bde5361b869dce2bdaece5b938f077ea8:
bitbake: fetch2: Fix bug in file checksum generation (2014-04-06 11:31:26 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib cvoicu/openssl-upgrade
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=cvoicu/openssl-upgrade
Cristiana Voicu (1):
openssl: Upgrade to v1.0.1g
...DTLS-retransmission-from-previous-session.patch | 81 ------
...or-TLS-record-tampering-bug-CVE-2013-4353.patch | 31 ---
...e-version-in-SSL_METHOD-not-SSL-structure.patch | 33 ---
meta/recipes-connectivity/openssl/openssl.inc | 3 -
.../configure-targets.patch | 0
.../debian/c_rehash-compat.patch | 0
.../{openssl-1.0.1e => openssl}/debian/ca.patch | 0
.../debian/debian-targets.patch | 0
.../debian/make-targets.patch | 0
.../debian/man-dir.patch | 0
.../debian/man-section.patch | 0
.../debian/no-rpath.patch | 0
.../debian/no-symbolic.patch | 0
.../{openssl-1.0.1e => openssl}/debian/pic.patch | 0
.../debian/version-script.patch | 0
.../engines-install-in-libdir-ssl.patch | 0
.../openssl/{openssl-1.0.1e => openssl}/find.pl | 0
.../fix-cipher-des-ede3-cfb1.patch | 0
.../initial-aarch64-bits.patch | 108 ++++----
.../{openssl-1.0.1e => openssl}/oe-ldflags.patch | 0
...-pointer-dereference-in-EVP_DigestInit_ex.patch | 0
...NULL-pointer-dereference-in-dh_pub_encode.patch | 0
.../openssl-fix-des.pod-error.patch | 0
.../openssl-fix-doc.patch | 280 +++++++++-----------
.../openssl-fix-link.patch | 0
.../openssl_fix_for_x32.patch | 0
.../{openssl-1.0.1e => openssl}/shared-libs.patch | 0
.../{openssl_1.0.1e.bb => openssl_1.0.1g.bb} | 9 +-
28 files changed, 183 insertions(+), 362 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/configure-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/c_rehash-compat.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/ca.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/debian-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/make-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/man-dir.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/man-section.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/no-rpath.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/no-symbolic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/pic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/debian/version-script.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/engines-install-in-libdir-ssl.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/find.pl (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/fix-cipher-des-ede3-cfb1.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/initial-aarch64-bits.patch (43%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/oe-ldflags.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-fix-des.pod-error.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-fix-doc.patch (47%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl-fix-link.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/openssl_fix_for_x32.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.1e => openssl}/shared-libs.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl_1.0.1e.bb => openssl_1.0.1g.bb} (81%)
--
1.7.9.5
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH 0/1] openssl upgrade
@ 2012-07-20 15:38 Scott Garman
2012-07-23 18:12 ` Saul Wold
0 siblings, 1 reply; 5+ messages in thread
From: Scott Garman @ 2012-07-20 15:38 UTC (permalink / raw)
To: openembedded-core
Hello,
This pull request upgrades openssl to 1.0.0j to address a security
vulnerability.
This pull request is intended for both master and denzil.
It has been build-tested on all 5 of our QEMU architectures and
run through our buildhistory system without problems.
Thanks,
Scott
The following changes since commit ef637e417ae1c2dff7fc0ad6cb30989e72ac35ab:
grub-efi-native: remove help2man dependency (2012-07-20 12:32:13 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib sgarman/openssl-upgrade-oe
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/openssl-upgrade-oe
Scott Garman (1):
openssl: upgrade to 1.0.0j
.../configure-targets.patch | 0
.../debian/c_rehash-compat.patch | 0
.../debian/ca.patch | 0
.../debian/debian-targets.patch | 0
.../debian/make-targets.patch | 0
.../debian/man-dir.patch | 0
.../debian/man-section.patch | 0
.../debian/no-rpath.patch | 0
.../debian/no-symbolic.patch | 0
.../debian/pic.patch | 0
.../debian/version-script.patch | 0
.../engines-install-in-libdir-ssl.patch | 0
.../{openssl-1.0.0i => openssl-1.0.0j}/find.pl | 0
.../oe-ldflags.patch | 0
.../openssl-fix-link.patch | 0
.../openssl_fix_for_x32.patch | 0
.../shared-libs.patch | 0
.../{openssl_1.0.0i.bb => openssl_1.0.0j.bb} | 4 ++--
18 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/configure-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/c_rehash-compat.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/ca.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/debian-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/make-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-dir.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-section.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-rpath.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-symbolic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/pic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/version-script.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/engines-install-in-libdir-ssl.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/find.pl (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/oe-ldflags.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl-fix-link.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl_fix_for_x32.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/shared-libs.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl_1.0.0i.bb => openssl_1.0.0j.bb} (90%)
--
1.7.9.5
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH 0/1] openssl upgrade
2012-07-20 15:38 Scott Garman
@ 2012-07-23 18:12 ` Saul Wold
0 siblings, 0 replies; 5+ messages in thread
From: Saul Wold @ 2012-07-23 18:12 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Scott Garman
On 07/20/2012 08:38 AM, Scott Garman wrote:
> Hello,
>
> This pull request upgrades openssl to 1.0.0j to address a security
> vulnerability.
>
> This pull request is intended for both master and denzil.
>
> It has been build-tested on all 5 of our QEMU architectures and
> run through our buildhistory system without problems.
>
> Thanks,
>
> Scott
>
> The following changes since commit ef637e417ae1c2dff7fc0ad6cb30989e72ac35ab:
>
> grub-efi-native: remove help2man dependency (2012-07-20 12:32:13 +0100)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib sgarman/openssl-upgrade-oe
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/openssl-upgrade-oe
>
> Scott Garman (1):
> openssl: upgrade to 1.0.0j
>
> .../configure-targets.patch | 0
> .../debian/c_rehash-compat.patch | 0
> .../debian/ca.patch | 0
> .../debian/debian-targets.patch | 0
> .../debian/make-targets.patch | 0
> .../debian/man-dir.patch | 0
> .../debian/man-section.patch | 0
> .../debian/no-rpath.patch | 0
> .../debian/no-symbolic.patch | 0
> .../debian/pic.patch | 0
> .../debian/version-script.patch | 0
> .../engines-install-in-libdir-ssl.patch | 0
> .../{openssl-1.0.0i => openssl-1.0.0j}/find.pl | 0
> .../oe-ldflags.patch | 0
> .../openssl-fix-link.patch | 0
> .../openssl_fix_for_x32.patch | 0
> .../shared-libs.patch | 0
> .../{openssl_1.0.0i.bb => openssl_1.0.0j.bb} | 4 ++--
> 18 files changed, 2 insertions(+), 2 deletions(-)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/configure-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/c_rehash-compat.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/ca.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/debian-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/make-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-dir.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/man-section.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-rpath.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/no-symbolic.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/pic.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/debian/version-script.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/engines-install-in-libdir-ssl.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/find.pl (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/oe-ldflags.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl-fix-link.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/openssl_fix_for_x32.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl-1.0.0i => openssl-1.0.0j}/shared-libs.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl_1.0.0i.bb => openssl_1.0.0j.bb} (90%)
>
Merged into OE-Core
Thanks
Sau!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-08-10 16:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-10 16:06 [PATCH 0/1] OpenSSL upgrade Paul Eggleton
2014-08-10 16:06 ` [PATCH 1/1] openssl: upgrade to 1.0.1i Paul Eggleton
-- strict thread matches above, loose matches on Subject: below --
2014-04-08 11:49 [PATCH 0/1] openssl upgrade Cristiana Voicu
2012-07-20 15:38 Scott Garman
2012-07-23 18:12 ` Saul Wold
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox