[PATCH 0/2] Recipe security updates: libpng and openssl

[PATCH 0/2] Recipe security updates: libpng and openssl

[Scott Garman]

Hello,

This upgrades libpng and openssl to adddress some recent CVEs. They
have been build tested on all 5 of our QEMU architectures. 

There is another outstanding pull request that updated distro tracking
for libpng, so I'm going to hold off on updating the distro tracking
file until that gets into master.

Scott

The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:

  self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe

Scott Garman (2):
  libpng: upgrade to 1.2.49
  openssl: upgrade to 1.0.0i

 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
 .../{openssl_1.0.0h.bb => openssl_1.0.0i.bb}       |    4 ++--
 .../libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb}  |   10 +++++-----
 19 files changed, 8 insertions(+), 9 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb => openssl_1.0.0i.bb} (90%)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb} (60%)

-- 
1.7.5.4

[PATCH 1/2] libpng: upgrade to 1.2.49

[Scott Garman]

License hasn't changed, just updated the md5 checksums due to trivial
date changes within the text (and the position of the license text
within png.h).

Addresses CVE-2011-3045

Fixes [YOCTO #2352]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb}  |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb} (60%)

diff --git a/meta/recipes-multimedia/libpng/libpng_1.2.46.bb b/meta/recipes-multimedia/libpng/libpng_1.2.49.bb
similarity index 60%
rename from meta/recipes-multimedia/libpng/libpng_1.2.46.bb
rename to meta/recipes-multimedia/libpng/libpng_1.2.49.bb
index 142f2b9..c24e691 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.2.46.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.2.49.bb
@@ -3,15 +3,15 @@ DESCRIPTION = "PNG Library"
 HOMEPAGE = "http://www.libpng.org/"
 SECTION = "libs"
 LICENSE = "Libpng"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=21b4b6e3523afa9f03f00b43b991dad0 \
-                    file://png.h;startline=172;endline=261;md5=996460063a9bf2de35b2d61d2776dabc"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=20110633230abd47fe8680afa75f1492 \
+                    file://png.h;startline=308;endline=422;md5=edd1c552386a8c3773d90e278ae30891"
 DEPENDS = "zlib"
-PR = "r4"
+PR = "r0"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng12/${PV}/libpng-${PV}.tar.bz2"
 
-SRC_URI[md5sum] = "e8b43dc78ef95b3949af7f961d76874b"
-SRC_URI[sha256sum] = "a5e796e1802b2e221498bda09ff9850bc7ec9068b6788948cc2c42af213914d8"
+SRC_URI[md5sum] = "d5106b70b4f8b464a7da66bffe4565fb"
+SRC_URI[sha256sum] = "fbf8faa70ebca2ed2ee6df6f2249f4722517b581af5b6c3c71bbdaf925d5954e"
 
 inherit autotools binconfig pkgconfig
 
-- 
1.7.5.4

[PATCH 2/2] openssl: upgrade to 1.0.0i

[Scott Garman]

Addresses CVE-2012-2110

Fixes bug [YOCTO #2368]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
 .../{openssl_1.0.0h.bb => openssl_1.0.0i.bb}       |    4 ++--
 18 files changed, 3 insertions(+), 4 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb => openssl_1.0.0i.bb} (90%)

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/configure-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/configure-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/configure-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/c_rehash-compat.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/c_rehash-compat.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/c_rehash-compat.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/ca.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/ca.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/debian-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/debian-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/debian-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/make-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/make-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/make-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-dir.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-dir.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-dir.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-section.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-section.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-section.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-rpath.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-rpath.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-rpath.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-symbolic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-symbolic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-symbolic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/pic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/pic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/pic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/version-script.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/version-script.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/engines-install-in-libdir-ssl.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/engines-install-in-libdir-ssl.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/oe-ldflags.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/oe-ldflags.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/oe-ldflags.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl-fix-link.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl-fix-link.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl-fix-link.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl-fix-link.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl_fix_for_x32.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl_fix_for_x32.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/shared-libs.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/shared-libs.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/shared-libs.patch
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 089b9a4..78cf272 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -4,8 +4,7 @@ HOMEPAGE = "http://www.openssl.org/"
 BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
 SECTION = "libs/network"
 
-# Big Jump for OpenSSL 1.0 support with meta-oe
-INC_PR = "r15"
+INC_PR = "r0"
 
 # "openssl | SSLeay" dual license
 LICENSE = "openssl"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
similarity index 90%
rename from meta/recipes-connectivity/openssl/openssl_1.0.0h.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
index 744fe2a..68b092f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
@@ -31,8 +31,8 @@ SRC_URI += "file://configure-targets.patch \
             file://openssl_fix_for_x32.patch \
            "
 
-SRC_URI[md5sum] = "a5bc483c570f2ac3758ce5c19b667fab"
-SRC_URI[sha256sum] = "7e3dfc21aa57ed33ea673170053d1921322803b8a6a624a4f0d2e4c308bd418d"
+SRC_URI[md5sum] = "b4df9c11af454fd68178c85a1d5f328f"
+SRC_URI[sha256sum] = "548262d15777c504be1ab9bb8fabef1e14a3de54837a6593c8f403dd843d5e57"
 
 PACKAGES =+ " \
 	${PN}-engines \
-- 
1.7.5.4

Re: [PATCH 0/2] Recipe security updates: libpng and openssl

[Saul Wold]

On 04/24/2012 10:13 PM, Scott Garman wrote:
> Hello,
>
> This upgrades libpng and openssl to adddress some recent CVEs. They
> have been build tested on all 5 of our QEMU architectures.
>
> There is another outstanding pull request that updated distro tracking
> for libpng, so I'm going to hold off on updating the distro tracking
> file until that gets into master.
>
> Scott
>
> The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:
>
>    self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe
>
> Scott Garman (2):
>    libpng: upgrade to 1.2.49
>    openssl: upgrade to 1.0.0i
>
>   .../configure-targets.patch                        |    0
>   .../debian/c_rehash-compat.patch                   |    0
>   .../debian/ca.patch                                |    0
>   .../debian/debian-targets.patch                    |    0
>   .../debian/make-targets.patch                      |    0
>   .../debian/man-dir.patch                           |    0
>   .../debian/man-section.patch                       |    0
>   .../debian/no-rpath.patch                          |    0
>   .../debian/no-symbolic.patch                       |    0
>   .../debian/pic.patch                               |    0
>   .../debian/version-script.patch                    |    0
>   .../engines-install-in-libdir-ssl.patch            |    0
>   .../oe-ldflags.patch                               |    0
>   .../openssl-fix-link.patch                         |    0
>   .../openssl_fix_for_x32.patch                      |    0
>   .../shared-libs.patch                              |    0
>   meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
>   .../{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb}       |    4 ++--
>   .../libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb}  |   10 +++++-----
>   19 files changed, 8 insertions(+), 9 deletions(-)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/configure-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/ca.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/debian-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/make-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-dir.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-section.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-rpath.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-symbolic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/pic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/version-script.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/oe-ldflags.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl-fix-link.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/shared-libs.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb} (90%)
>   rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb} (60%)
>

Merged these into OE-Core

Thanks
	Sau!

Re: [PATCH 2/2] openssl: upgrade to 1.0.0i

[Andreas Oberritter]

Hello Scott,

On 25.04.2012 07:13, Scott Garman wrote:
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -4,8 +4,7 @@ HOMEPAGE = "http://www.openssl.org/"
>  BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
>  SECTION = "libs/network"
>  
> -# Big Jump for OpenSSL 1.0 support with meta-oe
> -INC_PR = "r15"
> +INC_PR = "r0"
>  
>  # "openssl | SSLeay" dual license
>  LICENSE = "openssl"

this hunk broke the upgrade path of out-of-tree users of openssl.inc,
e.g. users of openssl 0.9.8 in their own layer.

Please reset INC_PR to r15. You should have reset only PR (if it wasn't
already "${INC_PR}.0"), not INC_PR.

Regards,
Andreas

Re: [PATCH 2/2] openssl: upgrade to 1.0.0i

[Scott Garman]

On 05/08/2012 12:06 AM, Andreas Oberritter wrote:
> Hello Scott,
>
> On 25.04.2012 07:13, Scott Garman wrote:
>> --- a/meta/recipes-connectivity/openssl/openssl.inc
>> +++ b/meta/recipes-connectivity/openssl/openssl.inc
>> @@ -4,8 +4,7 @@ HOMEPAGE = "http://www.openssl.org/"
>>   BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
>>   SECTION = "libs/network"
>>
>> -# Big Jump for OpenSSL 1.0 support with meta-oe
>> -INC_PR = "r15"
>> +INC_PR = "r0"
>>
>>   # "openssl | SSLeay" dual license
>>   LICENSE = "openssl"
>
> this hunk broke the upgrade path of out-of-tree users of openssl.inc,
> e.g. users of openssl 0.9.8 in their own layer.
>
> Please reset INC_PR to r15. You should have reset only PR (if it wasn't
> already "${INC_PR}.0"), not INC_PR.

Ouch. Sorry about that. I will submit a patch in the next few minutes to 
correct this and will keep this in mind in the future.

Scott

-- 
Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center