Includes a fix for CVE-2022-2068. Signed-off-by: Richard Purdie <[email protected]> --- ...1-Configure-do-not-tweak-mips-cflags.patch | 10 +++++----- ...sysroot-and-debug-prefix-map-from-co.patch | 20 +++++++++---------- .../openssl/openssl/afalg.patch | 10 +++++----- .../{openssl_3.0.3.bb => openssl_3.0.4.bb} | 3 +-- 4 files changed, 21 insertions(+), 22 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_3.0.3.bb => openssl_3.0.4.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch index 5effa6c6f61..0b7abc3a112 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -13,11 +13,11 @@ Signed-off-by: Alexander Kanavin <[email protected]> Configure | 10 ---------- 1 file changed, 10 deletions(-) -diff --git a/Configure b/Configure -index 821e680..0387a74 100755 ---- a/Configure -+++ b/Configure -@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) +Index: openssl-3.0.4/Configure +=================================================================== +--- openssl-3.0.4.orig/Configure ++++ openssl-3.0.4/Configure +@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC} push @{$config{shared_ldflag}}, "-mno-cygwin"; } diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 60890c666d1..bafdbaa46fc 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -34,11 +34,11 @@ Signed-off-by: Khem Raj <[email protected]> crypto/build.info | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) -diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index f88a70f..528cdef 100644 ---- a/Configurations/unix-Makefile.tmpl -+++ b/Configurations/unix-Makefile.tmpl -@@ -471,13 +471,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl +=================================================================== +--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl ++++ openssl-3.0.4/Configurations/unix-Makefile.tmpl +@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -63,10 +63,10 @@ index f88a70f..528cdef 100644 PERLASM_SCHEME= {- $target{perlasm_scheme} -} # For x86 assembler: Set PROCESSOR to 386 if you want to support -diff --git a/crypto/build.info b/crypto/build.info -index efca6cc..eda433e 100644 ---- a/crypto/build.info -+++ b/crypto/build.info +Index: openssl-3.0.4/crypto/build.info +=================================================================== +--- openssl-3.0.4.orig/crypto/build.info ++++ openssl-3.0.4/crypto/build.info @@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF DEPEND[info.o]=buildinf.h @@ -74,5 +74,5 @@ index efca6cc..eda433e 100644 -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" - GENERATE[uplink-x86.s]=../ms/uplink-x86.pl + GENERATE[uplink-x86.S]=../ms/uplink-x86.pl GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch index b7c0e9697f8..cf77e873a2a 100644 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch @@ -3,11 +3,11 @@ Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] Signed-off-by: Ross Burton <[email protected]> -diff --git a/Configure b/Configure -index 3baa8ce..9ef52ed 100755 ---- a/Configure -+++ b/Configure -@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) +Index: openssl-3.0.4/Configure +=================================================================== +--- openssl-3.0.4.orig/Configure ++++ openssl-3.0.4/Configure +@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl- unless ($disabled{afalgeng}) { $config{afalgeng}=""; if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.3.bb b/meta/recipes-connectivity/openssl/openssl_3.0.4.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_3.0.3.bb rename to meta/recipes-connectivity/openssl/openssl_3.0.4.bb index 35a62755ad4..d9d17378d43 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.3.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.4.bb @@ -12,14 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ - file://770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch \ " SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" +SRC_URI[sha256sum] = "2831843e9a668a0ab478e7020ad63d2d65e51f72977472dc73efcefbafc0c00f" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167415): https://lists.openembedded.org/g/openembedded-core/message/167415 Mute This Topic: https://lists.openembedded.org/mt/92090196/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
