Date
1 - 6 of 6
[dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
|
Changes are only security and bug fixes.
https://www.openssl.org/news/cl111.txt https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m CVE: CVE-2021-4160 https://nvd.nist.gov/vuln/detail/CVE-2021-4160 Signed-off-by: Tim Orling <tim.orling@...> --- Changes in v2: - drop SRC_URI[md5sum] that devtool snuck in. .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb index bf7cd6527ef..c6f8499d4f5 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" +SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" -- 2.30.2 |
|
|
|
Steve Sakoman
On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@...> wrote:
I'm seeing ptest errors: WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were failing ptests. Traceback (most recent call last): File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", line 36, in wrapped_f return func(*args, **kwargs) File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", line 36, in wrapped_f return func(*args, **kwargs) File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py", line 36, in wrapped_f return func(*args, **kwargs) File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", line 25, in test_ptestrunner_expectfail self.do_ptestrunner() File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py", line 108, in do_ptestrunner self.fail(failmsg) AssertionError: Failed ptests: {'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']} Happens with both qemuarm64-ptest and qemux86-64-ptest: https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863 https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124 Steve https://www.openssl.org/news/cl111.txt |
|
|
|
On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@...> wrote: On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@...> wrote: I saw this on qemux86-64, but was not sure it was due to the upgrade or a one off infra issue. I’ll dig deeper and see what might be happening.
|
|
|
|
Steve Sakoman
On Fri, Feb 18, 2022 at 2:27 PM Tim Orling <ticotimo@...> wrote:
I re-ran the test and got the same error, so it doesn't seem to be intermittent. Thanks! Steve
|
|
|
|
Mikko Rapeli <mikko.rapeli@...>
FWIW, there is also the pure patch to fix CVE-2021-4160 in openssl 1.1.1l for dunfell:
https://lists.openembedded.org/g/openembedded-core/message/161652 Patch versus letter version update, which one is preferred? -Mikko |
|
|
|
Steve Sakoman
On Sun, Feb 20, 2022 at 9:04 PM <Mikko.Rapeli@...> wrote:
Yes, I'm aware of the CVE only patch. In this case I'd prefer the letter version update since it also contains bug fixes. But if we can't fix the ptest regression in the next couple of days I'll fall back to the CVE only patch. Steve
|
|
|