subject:"\[OE\-core\] \[\[kirkstone\]\[PATCH\] openssl \: Upgrade OpenSSL 3.0.7 \-> 3.0.8\] openssl\: Upgrade 3.0.7 \-> 3.0.8"

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

2023-02-19 Thread Alexandre Belloni via lists.openembedded.org

On 19/02/2023 16:05:11+0100, Martin Jansa wrote:
> On Sun, Feb 19, 2023 at 3:13 PM Steve Sakoman  wrote:
> 
> > On Sun, Feb 19, 2023 at 2:36 AM Martin Jansa 
> > wrote:
> > >
> > > Hello Steve, Siddharth,
> > >
> > > are you waiting for PATCHv3 with commit summary update requested in
> > corresponding langdale review:
> > >
> > https://patchwork.yoctoproject.org/project/oe-core/patch/20230209143708.20705-1-sdo...@mvista.com/
> > ?
> > >
> > > or is something else blocking this upgrade?
> > >
> > > I'm a bit surprised that this high security issue wasn't yet merged even
> > in oe-core/master-next and I don't see it in
> > oe-core-contrib/stable/kirkstone-nut nor
> > oe-core-contrib/stable/langdale-nut.
> >
> > If a patch is intended for multiple branches I typically wait until
> > master has merged the patch before taking it into the other branches.
> >
> > So that is why it isn't yet in langdale/kirkstone.
> >
> 
> Thanks Steve!
> 
> So I guess it's now question for Alexandre or RP as it isn't in:
> https://git.openembedded.org/openembedded-core-contrib/log/?h=abelloni/master-next
> https://git.openembedded.org/openembedded-core/log/?h=master-next

Changes were requested on all the versions of the patches that were sent
so I guess we are waiting for v3


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177334): 
https://lists.openembedded.org/g/openembedded-core/message/177334
Mute This Topic: https://lists.openembedded.org/mt/96849077/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

2023-02-19 Thread Martin Jansa

On Sun, Feb 19, 2023 at 3:13 PM Steve Sakoman  wrote:

> On Sun, Feb 19, 2023 at 2:36 AM Martin Jansa 
> wrote:
> >
> > Hello Steve, Siddharth,
> >
> > are you waiting for PATCHv3 with commit summary update requested in
> corresponding langdale review:
> >
> https://patchwork.yoctoproject.org/project/oe-core/patch/20230209143708.20705-1-sdo...@mvista.com/
> ?
> >
> > or is something else blocking this upgrade?
> >
> > I'm a bit surprised that this high security issue wasn't yet merged even
> in oe-core/master-next and I don't see it in
> oe-core-contrib/stable/kirkstone-nut nor
> oe-core-contrib/stable/langdale-nut.
>
> If a patch is intended for multiple branches I typically wait until
> master has merged the patch before taking it into the other branches.
>
> So that is why it isn't yet in langdale/kirkstone.
>

Thanks Steve!

So I guess it's now question for Alexandre or RP as it isn't in:
https://git.openembedded.org/openembedded-core-contrib/log/?h=abelloni/master-next
https://git.openembedded.org/openembedded-core/log/?h=master-next

FWIW: I've this commit included with the updated commit message my builds
for master, langdale, kirkstone since it was sent to ML (e.g.
https://git.openembedded.org/openembedded-core-contrib/commit/?h=jansa/kirkstone=e761db1cdef7fe62503b899a7762a8eb030e566f
) and haven't seen any issues related to it.

Cheers,

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177333): 
https://lists.openembedded.org/g/openembedded-core/message/177333
Mute This Topic: https://lists.openembedded.org/mt/96849077/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

2023-02-19 Thread Steve Sakoman

On Sun, Feb 19, 2023 at 2:36 AM Martin Jansa  wrote:
>
> Hello Steve, Siddharth,
>
> are you waiting for PATCHv3 with commit summary update requested in 
> corresponding langdale review:
> https://patchwork.yoctoproject.org/project/oe-core/patch/20230209143708.20705-1-sdo...@mvista.com/?
>
> or is something else blocking this upgrade?
>
> I'm a bit surprised that this high security issue wasn't yet merged even in 
> oe-core/master-next and I don't see it in 
> oe-core-contrib/stable/kirkstone-nut nor oe-core-contrib/stable/langdale-nut.

If a patch is intended for multiple branches I typically wait until
master has merged the patch before taking it into the other branches.

So that is why it isn't yet in langdale/kirkstone.

Steve

> Siddharth are you going to send v3 of all 3 (or should I send them)?
> https://patchwork.yoctoproject.org/project/oe-core/list/?series3.0.8==
> if that's all what is needed to get this merged?
>
> Regards,
>
> On Thu, Feb 9, 2023 at 9:00 AM mv  wrote:
>>
>> From: Siddharth Doshi 
>>
>> OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level 
>> security vulnerability [1].
>>
>> Upgrade the recipe to point to 3.0.8.
>>
>> CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
>> well.
>>
>> [1] https://www.openssl.org/news/vulnerabilities.html
>>
>> CVEs Fixed:
>> https://www.openssl.org/news/secadv/20230207.txt
>>
>> Signed-off-by: Siddharth Doshi 
>> ---
>>  .../openssl/openssl/CVE-2022-3996.patch   | 43 ---
>>  .../{openssl_3.0.7.bb => openssl_3.0.8.bb}|  2 +-
>>  2 files changed, 1 insertion(+), 44 deletions(-)
>>  delete mode 100644 
>> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
>>  rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb => 
>> openssl_3.0.8.bb} (99%)
>>
>> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch 
>> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
>> deleted file mode 100644
>> index 6d70b323d1..00
>> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
>> +++ /dev/null
>> @@ -1,43 +0,0 @@
>> -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
>> -From: Pauli 
>> -Date: Fri, 11 Nov 2022 09:40:19 +1100
>> -Subject: [PATCH] x509: fix double locking problem
>> -
>> -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
>> -redundant flag setting.
>> -
>> -Fixes #19643
>> -
>> -Fixes LOW CVE-2022-3996
>> -
>> -Reviewed-by: Dmitry Belyavskiy 
>> -Reviewed-by: Tomas Mraz 
>> -(Merged from https://github.com/openssl/openssl/pull/19652)
>> -
>> -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
>> -
>> -Upstream-Status: Backport 
>> [https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
>> -CVE: CVE-2022-3996
>> -Signed-off-by: Vivek Kumbhar 
>> 
>> - crypto/x509/pcy_map.c | 4 
>> - 1 file changed, 4 deletions(-)
>> -
>> -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
>> -index 05406c6493..60dfd1e320 100644
>>  a/crypto/x509/pcy_map.c
>> -+++ b/crypto/x509/pcy_map.c
>> -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, 
>> POLICY_MAPPINGS *maps)
>> -
>> - ret = 1;
>> -  bad_mapping:
>> --if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
>> --x->ex_flags |= EXFLAG_INVALID_POLICY;
>> --CRYPTO_THREAD_unlock(x->lock);
>> --}
>> - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
>> - return ret;
>> -
>> ---
>> -2.30.2
>> -
>> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb 
>> b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
>> similarity index 99%
>> rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
>> rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
>> index 1842148592..c80df7b2ae 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
>> @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
>> file://environment.d-openssl.sh \
>> "
>>
>> -SRC_URI[sha256sum] = 
>> "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
>> +SRC_URI[sha256sum] = 
>> "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
>>
>>  inherit lib_package multilib_header multilib_script ptest perlnative
>>  MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
>> --
>> 2.25.1
>>
>>
>> 
>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177329): 
https://lists.openembedded.org/g/openembedded-core/message/177329
Mute This Topic: https://lists.openembedded.org/mt/96849077/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

2023-02-19 Thread Martin Jansa

Hello Steve, Siddharth,

are you waiting for PATCHv3 with commit summary update requested in
corresponding langdale review:
https://patchwork.yoctoproject.org/project/oe-core/patch/20230209143708.20705-1-sdo...@mvista.com/
?

or is something else blocking this upgrade?

I'm a bit surprised that this high security issue wasn't yet merged even in
oe-core/master-next and I don't see it in
oe-core-contrib/stable/kirkstone-nut nor
oe-core-contrib/stable/langdale-nut.

Siddharth are you going to send v3 of all 3 (or should I send them)?
https://patchwork.yoctoproject.org/project/oe-core/list/?series3.0.8==
if that's all what is needed to get this merged?

Regards,

On Thu, Feb 9, 2023 at 9:00 AM mv  wrote:

> From: Siddharth Doshi 
>
> OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE
> level security vulnerability [1].
>
> Upgrade the recipe to point to 3.0.8.
>
> CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
> well.
>
> [1] https://www.openssl.org/news/vulnerabilities.html
>
> CVEs Fixed:
> https://www.openssl.org/news/secadv/20230207.txt
>
> Signed-off-by: Siddharth Doshi 
> ---
>  .../openssl/openssl/CVE-2022-3996.patch   | 43 ---
>  .../{openssl_3.0.7.bb => openssl_3.0.8.bb}|  2 +-
>  2 files changed, 1 insertion(+), 44 deletions(-)
>  delete mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
>  rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb =>
> openssl_3.0.8.bb} (99%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> deleted file mode 100644
> index 6d70b323d1..00
> --- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> -From: Pauli 
> -Date: Fri, 11 Nov 2022 09:40:19 +1100
> -Subject: [PATCH] x509: fix double locking problem
> -
> -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed
> the
> -redundant flag setting.
> -
> -Fixes #19643
> -
> -Fixes LOW CVE-2022-3996
> -
> -Reviewed-by: Dmitry Belyavskiy 
> -Reviewed-by: Tomas Mraz 
> -(Merged from https://github.com/openssl/openssl/pull/19652)
> -
> -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> -
> -Upstream-Status: Backport [
> https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
> ]
> -CVE: CVE-2022-3996
> -Signed-off-by: Vivek Kumbhar 
> 
> - crypto/x509/pcy_map.c | 4 
> - 1 file changed, 4 deletions(-)
> -
> -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> -index 05406c6493..60dfd1e320 100644
>  a/crypto/x509/pcy_map.c
> -+++ b/crypto/x509/pcy_map.c
> -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x,
> POLICY_MAPPINGS *maps)
> -
> - ret = 1;
> -  bad_mapping:
> --if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> --x->ex_flags |= EXFLAG_INVALID_POLICY;
> --CRYPTO_THREAD_unlock(x->lock);
> --}
> - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> - return ret;
> -
> ---
> -2.30.2
> -
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> similarity index 99%
> rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> index 1842148592..c80df7b2ae 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
> @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
> file://environment.d-openssl.sh \
> "
>
> -SRC_URI[sha256sum] =
> "83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
> +SRC_URI[sha256sum] =
> "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
>
>  inherit lib_package multilib_header multilib_script ptest perlnative
>  MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
> --
> 2.25.1
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177327): 
https://lists.openembedded.org/g/openembedded-core/message/177327
Mute This Topic: https://lists.openembedded.org/mt/96849077/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

2023-02-09 Thread mv

From: Siddharth Doshi 

OpenSSL 3.0.8 fixes 1 HIGH level security vulnerability and 7 MODERATE level 
security vulnerability [1].

Upgrade the recipe to point to 3.0.8.

CVE-2022-3996 is reported fixed in 3.0.8, so drop the patch for that as
well.

[1] https://www.openssl.org/news/vulnerabilities.html

CVEs Fixed:
https://www.openssl.org/news/secadv/20230207.txt

Signed-off-by: Siddharth Doshi 
---
 .../openssl/openssl/CVE-2022-3996.patch   | 43 ---
 .../{openssl_3.0.7.bb => openssl_3.0.8.bb}|  2 +-
 2 files changed, 1 insertion(+), 44 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.7.bb => 
openssl_3.0.8.bb} (99%)

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch 
b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
deleted file mode 100644
index 6d70b323d1..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli 
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy 
-Reviewed-by: Tomas Mraz 
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
-
-Upstream-Status: Backport 
[https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
-CVE: CVE-2022-3996
-Signed-off-by: Vivek Kumbhar 

- crypto/x509/pcy_map.c | 4 
- 1 file changed, 4 deletions(-)
-
-diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
-index 05406c6493..60dfd1e320 100644
 a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS 
*maps)
- 
- ret = 1;
-  bad_mapping:
--if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
--x->ex_flags |= EXFLAG_INVALID_POLICY;
--CRYPTO_THREAD_unlock(x->lock);
--}
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
- 
--- 
-2.30.2
-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb 
b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.7.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.8.bb
index 1842148592..c80df7b2ae 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
 
-SRC_URI[sha256sum] = 
"83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e"
+SRC_URI[sha256sum] = 
"6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
 
 inherit lib_package multilib_header multilib_script ptest perlnative
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176918): 
https://lists.openembedded.org/g/openembedded-core/message/176918
Mute This Topic: https://lists.openembedded.org/mt/96849077/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

Re: [OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

[OE-core] [[kirkstone][PATCH] openssl : Upgrade OpenSSL 3.0.7 -> 3.0.8] openssl: Upgrade 3.0.7 -> 3.0.8

5 matches

Site Navigation

Mail list logo

Footer information