* [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l
@ 2017-06-12 11:11 Changhyeok Bae
2017-06-12 11:51 ` Burton, Ross
0 siblings, 1 reply; 5+ messages in thread
From: Changhyeok Bae @ 2017-06-12 11:11 UTC (permalink / raw)
To: openembedded-core
1. Dropped obsolete patches, because the new version contains them:
- fix-cipher-des-ede3-cfb1.patch
- openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
2. LICENSE checksum change due to copyright years and wording tweak.
3. Test binaries (x86-64) are included in source code. So remove those
only for ptest.
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
---
.../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 --------------------
...-pointer-dereference-in-EVP_DigestInit_ex.patch | 23 ----------------------
.../{openssl_1.0.2k.bb => openssl_1.0.2l.bb} | 15 +++++++++-----
3 files changed, 10 insertions(+), 49 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
rename meta/recipes-connectivity/openssl/{openssl_1.0.2k.bb => openssl_1.0.2l.bb} (85%)
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
deleted file mode 100644
index 2a318a4..0000000
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Upstream-Status: Submitted
-
-This patch adds the fix for one of the ciphers used in openssl, namely
-the cipher des-ede3-cfb1. Complete bug log and patch is present here:
-http://rt.openssl.org/Ticket/Display.html?id=2867
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
-Index: openssl-1.0.2/crypto/evp/e_des3.c
-===================================================================
---- openssl-1.0.2.orig/crypto/evp/e_des3.c
-+++ openssl-1.0.2/crypto/evp/e_des3.c
-@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
- size_t n;
- unsigned char c[1], d[1];
-
-- for (n = 0; n < inl; ++n) {
-+ for (n = 0; n * 8 < inl; ++n) {
- c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
- DES_ede3_cfb_encrypt(c, d, 1, 1,
- &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
deleted file mode 100644
index f736e5c..0000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
-
-We should avoid accessing the type pointer if it's NULL,
-this could happen if ctx->digest is not NULL.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
----
-Index: openssl-1.0.2h/crypto/evp/digest.c
-===================================================================
---- openssl-1.0.2h.orig/crypto/evp/digest.c
-+++ openssl-1.0.2h/crypto/evp/digest.c
-@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- type = ctx->digest;
- }
- #endif
-- if (ctx->digest != type) {
-+ if (type && (ctx->digest != type)) {
- if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_free(ctx->md_data);
- ctx->md_data = NULL;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
similarity index 85%
rename from meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
index 83d1a50..3638414 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
@@ -7,7 +7,7 @@ DEPENDS += "cryptodev-linux"
CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
CFLAG_append_class-native = " -fPIC"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
export DIRS = "crypto ssl apps engines"
export OE_LDFLAGS="${LDFLAGS}"
@@ -32,8 +32,6 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
file://debian1.0.2/version-script.patch \
file://debian1.0.2/soname.patch \
file://openssl_fix_for_x32.patch \
- file://fix-cipher-des-ede3-cfb1.patch \
- file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
file://openssl-fix-des.pod-error.patch \
file://Makefiles-ptest.patch \
file://ptest-deps.patch \
@@ -45,8 +43,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
"
-SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
-SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
+SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
+SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
@@ -60,3 +58,10 @@ do_configure_prepend() {
bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
fi
}
+
+do_install_ptest() {
+ # exclude binary files or the package won't install
+ for d in ssltest_old v3ext x509aux; do
+ rm -rf ${D}${libdir}/${PN}/ptest/test/$d
+ done
+}
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l
2017-06-12 11:11 [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l Changhyeok Bae
@ 2017-06-12 11:51 ` Burton, Ross
2017-06-12 12:02 ` Changhyeok Bae
0 siblings, 1 reply; 5+ messages in thread
From: Burton, Ross @ 2017-06-12 11:51 UTC (permalink / raw)
To: Changhyeok Bae; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 344 bytes --]
On 12 June 2017 at 12:11, Changhyeok Bae <changhyeok.bae@gmail.com> wrote:
> +do_install_ptest() {
> + # exclude binary files or the package won't install
> + for d in ssltest_old v3ext x509aux; do
> + rm -rf ${D}${libdir}/${PN}/ptest/test/$d
> + done
> +}
>
I think you meant do_install_ptest_append here?
Ross
[-- Attachment #2: Type: text/html, Size: 855 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l
2017-06-12 11:51 ` Burton, Ross
@ 2017-06-12 12:02 ` Changhyeok Bae
2017-06-12 12:03 ` Burton, Ross
0 siblings, 1 reply; 5+ messages in thread
From: Changhyeok Bae @ 2017-06-12 12:02 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 555 bytes --]
I think that do_install_ptest is fine. Why would you think that?
Thanks
Changhyeok
2017-06-12 20:51 GMT+09:00 Burton, Ross <ross.burton@intel.com>:
>
> On 12 June 2017 at 12:11, Changhyeok Bae <changhyeok.bae@gmail.com> wrote:
>
>> +do_install_ptest() {
>> + # exclude binary files or the package won't install
>> + for d in ssltest_old v3ext x509aux; do
>> + rm -rf ${D}${libdir}/${PN}/ptest/test/$d
>> + done
>> +}
>>
>
> I think you meant do_install_ptest_append here?
>
> Ross
>
--
Thanks
Changhyeok
[-- Attachment #2: Type: text/html, Size: 1734 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l
2017-06-12 12:02 ` Changhyeok Bae
@ 2017-06-12 12:03 ` Burton, Ross
2017-06-12 12:07 ` Changhyeok Bae
0 siblings, 1 reply; 5+ messages in thread
From: Burton, Ross @ 2017-06-12 12:03 UTC (permalink / raw)
To: Changhyeok Bae; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 1659 bytes --]
On 12 June 2017 at 13:02, Changhyeok Bae <changhyeok.bae@gmail.com> wrote:
> I think that do_install_ptest is fine. Why would you think that?
>
packages/corei7-64-poky-linux/openssl/openssl-ptest:
* PKGSIZE changed from 6192634 to 26 (-99%)
* FILELIST: removed "/usr/lib/openssl/ptest/test/dtlstest.c
/usr/lib/openssl/ptest/test/certs/pss1.pem
/usr/lib/openssl/ptest/test/destest.c /usr/lib/openssl/ptest/test/md5test.o
/usr/lib/openssl/ptest/test/rsa_test.o
/usr/lib/openssl/ptest/test/evp_extra_test.o
/usr/lib/openssl/ptest/certs/README.RootCerts
/usr/lib/openssl/ptest/include/openssl/asn1.h
/usr/lib/openssl/ptest/test/ocsp-tests/D3_Issuer_Root.pem
/usr/lib/openssl/ptest/libcrypto.a /usr/lib/openssl/ptest/test/srptest.o
/usr/lib/openssl/ptest/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem
/usr/lib/openssl/ptest/test/certs/rootCA.key
/usr/lib/openssl/ptest/test/VMSca-response.2
/usr/lib/openssl/ptest/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem
/usr/lib/openssl/ptest/test/ideatest.c
/usr/lib/openssl/ptest/test/certs/rootCA.pem
/usr/lib/openssl/ptest/test/ocsp-tests/D1_Cert_EE.pem
/usr/lib/openssl/ptest/certs/demo/73912336.0
/usr/lib/openssl/ptest/test/hmactest.o /usr/lib/openssl/ptest/test/
maketests.com /usr/lib/openssl/ptest/test/smime-certs/smec1.pem
/usr/lib/openssl/ptest/certs/demo/cbdbd8bc.0
/usr/lib/openssl/ptest/test/ocsp-tests/WKIC_D2_Issuer_Root.pem
/usr/lib/openssl/ptest/test/verify_extra_test.c
/usr/lib/openssl/ptest/test/serverinfo.pem
/usr/lib/openssl/ptest/test/shatest.c /usr/lib/openssl/ptest/test/CAss.cnf
...
(lots more lines)
None of the test suite is actually being installed.
Ross
[-- Attachment #2: Type: text/html, Size: 2332 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l
2017-06-12 12:03 ` Burton, Ross
@ 2017-06-12 12:07 ` Changhyeok Bae
0 siblings, 0 replies; 5+ messages in thread
From: Changhyeok Bae @ 2017-06-12 12:07 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 1881 bytes --]
Ok. Thanks for your comments. I'll add it soon
Thanks
Changhyeok
2017-06-12 21:03 GMT+09:00 Burton, Ross <ross.burton@intel.com>:
>
> On 12 June 2017 at 13:02, Changhyeok Bae <changhyeok.bae@gmail.com> wrote:
>
>> I think that do_install_ptest is fine. Why would you think that?
>>
>
> packages/corei7-64-poky-linux/openssl/openssl-ptest:
> * PKGSIZE changed from 6192634 to 26 (-99%)
> * FILELIST: removed "/usr/lib/openssl/ptest/test/dtlstest.c
> /usr/lib/openssl/ptest/test/certs/pss1.pem /usr/lib/openssl/ptest/test/destest.c
> /usr/lib/openssl/ptest/test/md5test.o /usr/lib/openssl/ptest/test/rsa_test.o
> /usr/lib/openssl/ptest/test/evp_extra_test.o /usr/lib/openssl/ptest/certs/README.RootCerts
> /usr/lib/openssl/ptest/include/openssl/asn1.h /usr/lib/openssl/ptest/test/ocsp-tests/D3_Issuer_Root.pem
> /usr/lib/openssl/ptest/libcrypto.a /usr/lib/openssl/ptest/test/srptest.o
> /usr/lib/openssl/ptest/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem
> /usr/lib/openssl/ptest/test/certs/rootCA.key /usr/lib/openssl/ptest/test/VMSca-response.2
> /usr/lib/openssl/ptest/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem
> /usr/lib/openssl/ptest/test/ideatest.c /usr/lib/openssl/ptest/test/certs/rootCA.pem
> /usr/lib/openssl/ptest/test/ocsp-tests/D1_Cert_EE.pem
> /usr/lib/openssl/ptest/certs/demo/73912336.0 /usr/lib/openssl/ptest/test/hmactest.o
> /usr/lib/openssl/ptest/test/maketests.com /usr/lib/openssl/ptest/test/smime-certs/smec1.pem
> /usr/lib/openssl/ptest/certs/demo/cbdbd8bc.0 /usr/lib/openssl/ptest/test/
> ocsp-tests/WKIC_D2_Issuer_Root.pem /usr/lib/openssl/ptest/test/verify_extra_test.c
> /usr/lib/openssl/ptest/test/serverinfo.pem /usr/lib/openssl/ptest/test/shatest.c
> /usr/lib/openssl/ptest/test/CAss.cnf ...
>
> (lots more lines)
>
> None of the test suite is actually being installed.
>
> Ross
>
--
Thanks
Changhyeok
[-- Attachment #2: Type: text/html, Size: 3210 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-06-12 12:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-12 11:11 [PATCH v4] openssl: Upgrade 1.0.2k -> 1.0.2l Changhyeok Bae
2017-06-12 11:51 ` Burton, Ross
2017-06-12 12:02 ` Changhyeok Bae
2017-06-12 12:03 ` Burton, Ross
2017-06-12 12:07 ` Changhyeok Bae
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.