Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160


Tim Orling
 



On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@...> wrote:
On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@...> wrote:
>
> Changes are only security and bug fixes.

I'm seeing ptest errors:

WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were
failing ptests.
Traceback (most recent call last):
  File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
    return func(*args, **kwargs)
  File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
    return func(*args, **kwargs)
  File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
    return func(*args, **kwargs)
  File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
line 25, in test_ptestrunner_expectfail
    self.do_ptestrunner()
  File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
line 108, in do_ptestrunner
    self.fail(failmsg)
AssertionError: Failed ptests:
{'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']}

I saw this on qemux86-64, but was not sure it was due to the upgrade or a one off infra issue. I’ll dig deeper and see what might be happening.


Happens with both qemuarm64-ptest and qemux86-64-ptest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124

Steve

> https://www.openssl.org/news/cl111.txt
> https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m
>
> CVE: CVE-2021-4160
>
> https://nvd.nist.gov/vuln/detail/CVE-2021-4160
>
> Signed-off-by: Tim Orling <tim.orling@...>
> ---
> Changes in v2:
>  - drop SRC_URI[md5sum] that devtool snuck in.
>
>  .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb}            | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> similarity index 98%
> rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> index bf7cd6527ef..c6f8499d4f5 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
>             file://environment.d-openssl.sh \
>             "
>
> -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
> +SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"
>
>  inherit lib_package multilib_header multilib_script ptest
>  MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
> --
> 2.30.2
>

Join openembedded-core@lists.openembedded.org to automatically receive all group messages.