1. Messages
  2. [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160

Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160

Steve Sakoman
 

On Fri, Feb 18, 2022 at 2:27 PM Tim Orling <ticotimo@...> wrote:



On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@...> wrote:

On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@...> wrote:

Changes are only security and bug fixes.
I'm seeing ptest errors:

WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were
failing ptests.
Traceback (most recent call last):
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
return func(*args, **kwargs)
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
return func(*args, **kwargs)
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
return func(*args, **kwargs)
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
line 25, in test_ptestrunner_expectfail
self.do_ptestrunner()
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
line 108, in do_ptestrunner
self.fail(failmsg)
AssertionError: Failed ptests:
{'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']}

I saw this on qemux86-64, but was not sure it was due to the upgrade or a one off infra issue. I’ll dig deeper and see what might be happening.
I re-ran the test and got the same error, so it doesn't seem to be intermittent.

Thanks!

Steve



Happens with both qemuarm64-ptest and qemux86-64-ptest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124

Steve

https://www.openssl.org/news/cl111.txt
https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m

CVE: CVE-2021-4160

https://nvd.nist.gov/vuln/detail/CVE-2021-4160

Signed-off-by: Tim Orling <tim.orling@...>
---
Changes in v2:
- drop SRC_URI[md5sum] that devtool snuck in.

.../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
index bf7cd6527ef..c6f8499d4f5 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
@@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"

-SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
+SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"

inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.30.2
Join openembedded-core@lists.openembedded.org to automatically receive all group messages.