[master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176

https://www.openssl.org/news/secadv/20160503.txt

fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch

drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++-------
 .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
 2 files changed, 9 insertions(+), 11 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} (91%)

diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index cebc8cf..f736e5c 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
 
 Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
 ---
-Index: openssl-1.0.2/crypto/evp/digest.c
+Index: openssl-1.0.2h/crypto/evp/digest.c
 ===================================================================
---- openssl-1.0.2.orig/crypto/evp/digest.c
-+++ openssl-1.0.2/crypto/evp/digest.c
-@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         return 0;
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
++++ openssl-1.0.2h/crypto/evp/digest.c
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         type = ctx->digest;
      }
  #endif
 -    if (ctx->digest != type) {
 +    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size)
+         if (ctx->digest && ctx->digest->ctx_size) {
              OPENSSL_free(ctx->md_data);
-         ctx->digest = type;
+             ctx->md_data = NULL;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
similarity index 91%
rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index 290f129..ae65992 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
             file://openssl-fix-des.pod-error.patch \
             file://Makefiles-ptest.patch \
             file://ptest-deps.patch \
-            file://crypto_use_bigint_in_x86-64_perl.patch \
             file://openssl-1.0.2a-x32-asm.patch \
             file://ptest_makefile_deps.patch  \
             file://configure-musl-target.patch \
             file://parallel.patch \
            "
-
-SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
-SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
+SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
+SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
 
 PACKAGES =+ "${PN}-engines"
 FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-- 
2.3.5

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[Robert Yang]

On 05/04/2016 07:46 AM, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> CVE-2016-2105
> CVE-2016-2106
> CVE-2016-2109
> CVE-2016-2176
>
> https://www.openssl.org/news/secadv/20160503.txt
>
> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>
> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++-------
>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
>   2 files changed, 9 insertions(+), 11 deletions(-)
>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} (91%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> index cebc8cf..f736e5c 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> @@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>
>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>   ---
> -Index: openssl-1.0.2/crypto/evp/digest.c
> +Index: openssl-1.0.2h/crypto/evp/digest.c
>   ===================================================================
> ---- openssl-1.0.2.orig/crypto/evp/digest.c
> -+++ openssl-1.0.2/crypto/evp/digest.c
> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> -         return 0;
> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
> ++++ openssl-1.0.2h/crypto/evp/digest.c
> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> +         type = ctx->digest;
>        }
>    #endif
>   -    if (ctx->digest != type) {
>   +    if (type && (ctx->digest != type)) {
> -         if (ctx->digest && ctx->digest->ctx_size)
> +         if (ctx->digest && ctx->digest->ctx_size) {
>                OPENSSL_free(ctx->md_data);
> -         ctx->digest = type;
> +             ctx->md_data = NULL;
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> similarity index 91%
> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> index 290f129..ae65992 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
>               file://openssl-fix-des.pod-error.patch \
>               file://Makefiles-ptest.patch \
>               file://ptest-deps.patch \
> -            file://crypto_use_bigint_in_x86-64_perl.patch \

Hi,

Please remove file crypto_use_bigint_in_x86-64_perl.patch if it is not needed 
any more.

// Robert

>               file://openssl-1.0.2a-x32-asm.patch \
>               file://ptest_makefile_deps.patch  \
>               file://configure-musl-target.patch \
>               file://parallel.patch \
>              "
> -
> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
> -SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
> +SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
>
>   PACKAGES =+ "${PN}-engines"
>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
>

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[Robert Yang]

On 05/04/2016 07:46 AM, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
>
> CVE-2016-2105
> CVE-2016-2106
> CVE-2016-2109
> CVE-2016-2176
>
> https://www.openssl.org/news/secadv/20160503.txt
>
> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>
> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.

After I looked into the code, it seems that this patch is not in latest code ?
It is a backported patch from gentoo.

// Robert

>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++-------
>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
>   2 files changed, 9 insertions(+), 11 deletions(-)
>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} (91%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> index cebc8cf..f736e5c 100644
> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> @@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>
>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>   ---
> -Index: openssl-1.0.2/crypto/evp/digest.c
> +Index: openssl-1.0.2h/crypto/evp/digest.c
>   ===================================================================
> ---- openssl-1.0.2.orig/crypto/evp/digest.c
> -+++ openssl-1.0.2/crypto/evp/digest.c
> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> -         return 0;
> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
> ++++ openssl-1.0.2h/crypto/evp/digest.c
> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> +         type = ctx->digest;
>        }
>    #endif
>   -    if (ctx->digest != type) {
>   +    if (type && (ctx->digest != type)) {
> -         if (ctx->digest && ctx->digest->ctx_size)
> +         if (ctx->digest && ctx->digest->ctx_size) {
>                OPENSSL_free(ctx->md_data);
> -         ctx->digest = type;
> +             ctx->md_data = NULL;
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> similarity index 91%
> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> index 290f129..ae65992 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
>               file://openssl-fix-des.pod-error.patch \
>               file://Makefiles-ptest.patch \
>               file://ptest-deps.patch \
> -            file://crypto_use_bigint_in_x86-64_perl.patch \
>               file://openssl-1.0.2a-x32-asm.patch \
>               file://ptest_makefile_deps.patch  \
>               file://configure-musl-target.patch \
>               file://parallel.patch \
>              "
> -
> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
> -SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
> +SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
>
>   PACKAGES =+ "${PN}-engines"
>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
>

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[akuster808]

Robert,


On 05/10/2016 11:22 PM, Robert Yang wrote:
> 
> 
> On 05/04/2016 07:46 AM, Armin Kuster wrote:
>> From: Armin Kuster <akuster@mvista.com>
>>
>> CVE-2016-2105
>> CVE-2016-2106
>> CVE-2016-2109
>> CVE-2016-2176
>>
>> https://www.openssl.org/news/secadv/20160503.txt
>>
>> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
> 
> After I looked into the code, it seems that this patch is not in latest
> code ?

hmm, my old eyes deceive me.

thanks for checking.

I will send a correcting.

- armin
> It is a backported patch from gentoo.
> 
> // Robert
> 
>>
>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> ---
>>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14
>> +++++++-------
>>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
>>   2 files changed, 9 insertions(+), 11 deletions(-)
>>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb =>
>> openssl_1.0.2h.bb} (91%)
>>
>> diff --git
>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> index cebc8cf..f736e5c 100644
>> ---
>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> +++
>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>
>> @@ -8,16 +8,16 @@
>> http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>>
>>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>>   ---
>> -Index: openssl-1.0.2/crypto/evp/digest.c
>> +Index: openssl-1.0.2h/crypto/evp/digest.c
>>   ===================================================================
>> ---- openssl-1.0.2.orig/crypto/evp/digest.c
>> -+++ openssl-1.0.2/crypto/evp/digest.c
>> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>> -         return 0;
>> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
>> ++++ openssl-1.0.2h/crypto/evp/digest.c
>> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>> +         type = ctx->digest;
>>        }
>>    #endif
>>   -    if (ctx->digest != type) {
>>   +    if (type && (ctx->digest != type)) {
>> -         if (ctx->digest && ctx->digest->ctx_size)
>> +         if (ctx->digest && ctx->digest->ctx_size) {
>>                OPENSSL_free(ctx->md_data);
>> -         ctx->digest = type;
>> +             ctx->md_data = NULL;
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>> similarity index 91%
>> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>> index 290f129..ae65992 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
>>               file://openssl-fix-des.pod-error.patch \
>>               file://Makefiles-ptest.patch \
>>               file://ptest-deps.patch \
>> -            file://crypto_use_bigint_in_x86-64_perl.patch \
>>               file://openssl-1.0.2a-x32-asm.patch \
>>               file://ptest_makefile_deps.patch  \
>>               file://configure-musl-target.patch \
>>               file://parallel.patch \
>>              "
>> -
>> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
>> -SRC_URI[sha256sum] =
>> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
>> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
>> +SRC_URI[sha256sum] =
>> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
>>
>>   PACKAGES =+ "${PN}-engines"
>>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
>>

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 4831 bytes --]

On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote:
> Robert,
> 
> 
> On 05/10/2016 11:22 PM, Robert Yang wrote:
> > 
> > 
> > On 05/04/2016 07:46 AM, Armin Kuster wrote:
> >> From: Armin Kuster <akuster@mvista.com>
> >>
> >> CVE-2016-2105
> >> CVE-2016-2106
> >> CVE-2016-2109
> >> CVE-2016-2176
> >>
> >> https://www.openssl.org/news/secadv/20160503.txt
> >>
> >> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> >>
> >> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
> > 
> > After I looked into the code, it seems that this patch is not in latest
> > code ?
> 
> hmm, my old eyes deceive me.
> 
> thanks for checking.
> 
> I will send a correcting.

1.0.2h is already in fido, jethro and master, can we quickly get it to krogoth
which is still using older version 1.0.2g?

It's always strange to see recipe version downgrades when upgrading to
newer Yocto release.

> - armin
> > It is a backported patch from gentoo.
> > 
> > // Robert
> > 
> >>
> >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> ---
> >>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14
> >> +++++++-------
> >>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
> >>   2 files changed, 9 insertions(+), 11 deletions(-)
> >>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb =>
> >> openssl_1.0.2h.bb} (91%)
> >>
> >> diff --git
> >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> >>
> >> index cebc8cf..f736e5c 100644
> >> ---
> >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> >>
> >> +++
> >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> >>
> >> @@ -8,16 +8,16 @@
> >> http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
> >>
> >>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> >>   ---
> >> -Index: openssl-1.0.2/crypto/evp/digest.c
> >> +Index: openssl-1.0.2h/crypto/evp/digest.c
> >>   ===================================================================
> >> ---- openssl-1.0.2.orig/crypto/evp/digest.c
> >> -+++ openssl-1.0.2/crypto/evp/digest.c
> >> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> >> -         return 0;
> >> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
> >> ++++ openssl-1.0.2h/crypto/evp/digest.c
> >> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> >> +         type = ctx->digest;
> >>        }
> >>    #endif
> >>   -    if (ctx->digest != type) {
> >>   +    if (type && (ctx->digest != type)) {
> >> -         if (ctx->digest && ctx->digest->ctx_size)
> >> +         if (ctx->digest && ctx->digest->ctx_size) {
> >>                OPENSSL_free(ctx->md_data);
> >> -         ctx->digest = type;
> >> +             ctx->md_data = NULL;
> >> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> >> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> >> similarity index 91%
> >> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> >> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> >> index 290f129..ae65992 100644
> >> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> >> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> >> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> >>               file://openssl-fix-des.pod-error.patch \
> >>               file://Makefiles-ptest.patch \
> >>               file://ptest-deps.patch \
> >> -            file://crypto_use_bigint_in_x86-64_perl.patch \
> >>               file://openssl-1.0.2a-x32-asm.patch \
> >>               file://ptest_makefile_deps.patch  \
> >>               file://configure-musl-target.patch \
> >>               file://parallel.patch \
> >>              "
> >> -
> >> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
> >> -SRC_URI[sha256sum] =
> >> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
> >> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
> >> +SRC_URI[sha256sum] =
> >> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
> >>
> >>   PACKAGES =+ "${PN}-engines"
> >>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> >>
> -- 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 5611 bytes --]

On Fri, May 13, 2016 at 04:31:39PM +0200, Martin Jansa wrote:
> On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote:
> > Robert,
> > 
> > 
> > On 05/10/2016 11:22 PM, Robert Yang wrote:
> > > 
> > > 
> > > On 05/04/2016 07:46 AM, Armin Kuster wrote:
> > >> From: Armin Kuster <akuster@mvista.com>
> > >>
> > >> CVE-2016-2105
> > >> CVE-2016-2106
> > >> CVE-2016-2109
> > >> CVE-2016-2176
> > >>
> > >> https://www.openssl.org/news/secadv/20160503.txt
> > >>
> > >> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > >>
> > >> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
> > > 
> > > After I looked into the code, it seems that this patch is not in latest
> > > code ?
> > 
> > hmm, my old eyes deceive me.
> > 
> > thanks for checking.
> > 
> > I will send a correcting.
> 
> 1.0.2h is already in fido, jethro and master, can we quickly get it to krogoth
> which is still using older version 1.0.2g?
> 
> It's always strange to see recipe version downgrades when upgrading to
> newer Yocto release.

It also seems to break python-cryptography again:
http://errors.yoctoproject.org/Errors/Details/62854/

You have fixed compatibility with 1.0.2g in:
http://git.openembedded.org/meta-openembedded/commit/?id=44f0e74954628d6a3d04fa5249dbe0c94f6dff59

Maybe it needs another update for 1.0.2h and the same fix should be
backported to fido and jethro, now when they all have newer openssl as
well?

> > - armin
> > > It is a backported patch from gentoo.
> > > 
> > > // Robert
> > > 
> > >>
> > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> ---
> > >>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14
> > >> +++++++-------
> > >>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
> > >>   2 files changed, 9 insertions(+), 11 deletions(-)
> > >>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb =>
> > >> openssl_1.0.2h.bb} (91%)
> > >>
> > >> diff --git
> > >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > >>
> > >> index cebc8cf..f736e5c 100644
> > >> ---
> > >> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > >>
> > >> +++
> > >> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
> > >>
> > >> @@ -8,16 +8,16 @@
> > >> http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
> > >>
> > >>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> > >>   ---
> > >> -Index: openssl-1.0.2/crypto/evp/digest.c
> > >> +Index: openssl-1.0.2h/crypto/evp/digest.c
> > >>   ===================================================================
> > >> ---- openssl-1.0.2.orig/crypto/evp/digest.c
> > >> -+++ openssl-1.0.2/crypto/evp/digest.c
> > >> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> > >> -         return 0;
> > >> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
> > >> ++++ openssl-1.0.2h/crypto/evp/digest.c
> > >> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
> > >> +         type = ctx->digest;
> > >>        }
> > >>    #endif
> > >>   -    if (ctx->digest != type) {
> > >>   +    if (type && (ctx->digest != type)) {
> > >> -         if (ctx->digest && ctx->digest->ctx_size)
> > >> +         if (ctx->digest && ctx->digest->ctx_size) {
> > >>                OPENSSL_free(ctx->md_data);
> > >> -         ctx->digest = type;
> > >> +             ctx->md_data = NULL;
> > >> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> > >> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> > >> similarity index 91%
> > >> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> > >> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> > >> index 290f129..ae65992 100644
> > >> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
> > >> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
> > >> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> > >>               file://openssl-fix-des.pod-error.patch \
> > >>               file://Makefiles-ptest.patch \
> > >>               file://ptest-deps.patch \
> > >> -            file://crypto_use_bigint_in_x86-64_perl.patch \
> > >>               file://openssl-1.0.2a-x32-asm.patch \
> > >>               file://ptest_makefile_deps.patch  \
> > >>               file://configure-musl-target.patch \
> > >>               file://parallel.patch \
> > >>              "
> > >> -
> > >> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
> > >> -SRC_URI[sha256sum] =
> > >> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
> > >> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
> > >> +SRC_URI[sha256sum] =
> > >> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
> > >>
> > >>   PACKAGES =+ "${PN}-engines"
> > >>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
> > >>
> > -- 
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> 
> -- 
> Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com



-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[akuster808]

On 05/13/2016 07:31 AM, Martin Jansa wrote:
> On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote:
>> Robert,
>>
>>
>> On 05/10/2016 11:22 PM, Robert Yang wrote:
>>>
>>>
>>> On 05/04/2016 07:46 AM, Armin Kuster wrote:
>>>> From: Armin Kuster <akuster@mvista.com>
>>>>
>>>> CVE-2016-2105
>>>> CVE-2016-2106
>>>> CVE-2016-2109
>>>> CVE-2016-2176
>>>>
>>>> https://www.openssl.org/news/secadv/20160503.txt
>>>>
>>>> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>
>>>> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
>>>
>>> After I looked into the code, it seems that this patch is not in latest
>>> code ?
>>
>> hmm, my old eyes deceive me.
>>
>> thanks for checking.
>>
>> I will send a correcting.
> 
> 1.0.2h is already in fido, jethro and master, can we quickly get it to krogoth
> which is still using older version 1.0.2g?

this hit master 2 days ago. I just sync'd changes over to krogth and am
doing sanity checks.  The last time I backported something before master
folks got the shorts-in-a-twist.

> 
> It's always strange to see recipe version downgrades when upgrading to
> newer Yocto release.

yes it is. I have no control when the other maintainers do their merges.

- armin
> 
>> - armin
>>> It is a backported patch from gentoo.
>>>
>>> // Robert
>>>
>>>>
>>>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>>>> ---
>>>>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14
>>>> +++++++-------
>>>>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
>>>>   2 files changed, 9 insertions(+), 11 deletions(-)
>>>>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb =>
>>>> openssl_1.0.2h.bb} (91%)
>>>>
>>>> diff --git
>>>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>
>>>> index cebc8cf..f736e5c 100644
>>>> ---
>>>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>
>>>> +++
>>>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>
>>>> @@ -8,16 +8,16 @@
>>>> http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>>>>
>>>>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>>>>   ---
>>>> -Index: openssl-1.0.2/crypto/evp/digest.c
>>>> +Index: openssl-1.0.2h/crypto/evp/digest.c
>>>>   ===================================================================
>>>> ---- openssl-1.0.2.orig/crypto/evp/digest.c
>>>> -+++ openssl-1.0.2/crypto/evp/digest.c
>>>> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>>>> -         return 0;
>>>> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
>>>> ++++ openssl-1.0.2h/crypto/evp/digest.c
>>>> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>>>> +         type = ctx->digest;
>>>>        }
>>>>    #endif
>>>>   -    if (ctx->digest != type) {
>>>>   +    if (type && (ctx->digest != type)) {
>>>> -         if (ctx->digest && ctx->digest->ctx_size)
>>>> +         if (ctx->digest && ctx->digest->ctx_size) {
>>>>                OPENSSL_free(ctx->md_data);
>>>> -         ctx->digest = type;
>>>> +             ctx->md_data = NULL;
>>>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>>>> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>>>> similarity index 91%
>>>> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>>>> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>>>> index 290f129..ae65992 100644
>>>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>>>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>>>> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
>>>>               file://openssl-fix-des.pod-error.patch \
>>>>               file://Makefiles-ptest.patch \
>>>>               file://ptest-deps.patch \
>>>> -            file://crypto_use_bigint_in_x86-64_perl.patch \
>>>>               file://openssl-1.0.2a-x32-asm.patch \
>>>>               file://ptest_makefile_deps.patch  \
>>>>               file://configure-musl-target.patch \
>>>>               file://parallel.patch \
>>>>              "
>>>> -
>>>> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
>>>> -SRC_URI[sha256sum] =
>>>> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
>>>> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
>>>> +SRC_URI[sha256sum] =
>>>> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
>>>>
>>>>   PACKAGES =+ "${PN}-engines"
>>>>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
>>>>
>> -- 
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> 

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[Richard Purdie]

On Fri, 2016-05-13 at 13:07 -0700, akuster808 wrote:
> 
> On 05/13/2016 07:31 AM, Martin Jansa wrote:
> > On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote:
> > > Robert,
> > > 
> > > 
> > > On 05/10/2016 11:22 PM, Robert Yang wrote:
> > > > 
> > > > 
> > > > On 05/04/2016 07:46 AM, Armin Kuster wrote:
> > > > > From: Armin Kuster <akuster@mvista.com>
> > > > > 
> > > > > CVE-2016-2105
> > > > > CVE-2016-2106
> > > > > CVE-2016-2109
> > > > > CVE-2016-2176
> > > > > 
> > > > > https://www.openssl.org/news/secadv/20160503.txt
> > > > > 
> > > > > fixup openssl-avoid-NULL-pointer-dereference-in
> > > > > -EVP_DigestInit_ex.patch
> > > > > 
> > > > > drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in
> > > > > latest.
> > > > 
> > > > After I looked into the code, it seems that this patch is not
> > > > in latest
> > > > code ?
> > > 
> > > hmm, my old eyes deceive me.
> > > 
> > > thanks for checking.
> > > 
> > > I will send a correcting.
> > 
> > 1.0.2h is already in fido, jethro and master, can we quickly get it
> > to krogoth
> > which is still using older version 1.0.2g?
> 
> this hit master 2 days ago. I just sync'd changes over to krogth and
> am
> doing sanity checks.  The last time I backported something before
> master
> folks got the shorts-in-a-twist.
> 
> > 
> > It's always strange to see recipe version downgrades when upgrading
> > to
> > newer Yocto release.
> 
> yes it is. I have no control when the other maintainers do their
> merges.

I should explain that in this case we had 1.8.2 pretty much ready to
go, then the openssl issue came to light. I therefore fast tracked that
merge on the basis that getting it into the release and a build into QA
was "a good thing", and on the assumption that getting this into jethro
would follow quickly.

In general we do fallow the waterfall model and this was an exception
to the rule, purely to try and help my sanity and keep builds/releases
moving.

Cheers,

Richard

Re: [master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

[akuster808]

On 05/13/2016 09:19 AM, Martin Jansa wrote:
> On Fri, May 13, 2016 at 04:31:39PM +0200, Martin Jansa wrote:
>> On Wed, May 11, 2016 at 03:37:59AM -0700, akuster808 wrote:
>>> Robert,
>>>
>>>
>>> On 05/10/2016 11:22 PM, Robert Yang wrote:
>>>>
>>>>
>>>> On 05/04/2016 07:46 AM, Armin Kuster wrote:
>>>>> From: Armin Kuster <akuster@mvista.com>
>>>>>
>>>>> CVE-2016-2105
>>>>> CVE-2016-2106
>>>>> CVE-2016-2109
>>>>> CVE-2016-2176
>>>>>
>>>>> https://www.openssl.org/news/secadv/20160503.txt
>>>>>
>>>>> fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>>
>>>>> drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.
>>>>
>>>> After I looked into the code, it seems that this patch is not in latest
>>>> code ?
>>>
>>> hmm, my old eyes deceive me.
>>>
>>> thanks for checking.
>>>
>>> I will send a correcting.
>>
>> 1.0.2h is already in fido, jethro and master, can we quickly get it to krogoth
>> which is still using older version 1.0.2g?
>>
>> It's always strange to see recipe version downgrades when upgrading to
>> newer Yocto release.
> 
> It also seems to break python-cryptography again:
> http://errors.yoctoproject.org/Errors/Details/62854/

yeah. just hit this in krogoth-next after looking at the logs again.
There is an upstream fix I am bac porting. There are a version 1.4 for
this package we should update master if possible. I will send a patch
later today.

- armin

> 
> You have fixed compatibility with 1.0.2g in:
> http://git.openembedded.org/meta-openembedded/commit/?id=44f0e74954628d6a3d04fa5249dbe0c94f6dff59
> 
> Maybe it needs another update for 1.0.2h and the same fix should be
> backported to fido and jethro, now when they all have newer openssl as
> well?
> 
>>> - armin
>>>> It is a backported patch from gentoo.
>>>>
>>>> // Robert
>>>>
>>>>>
>>>>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>>>>> ---
>>>>>   ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14
>>>>> +++++++-------
>>>>>   .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
>>>>>   2 files changed, 9 insertions(+), 11 deletions(-)
>>>>>   rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb =>
>>>>> openssl_1.0.2h.bb} (91%)
>>>>>
>>>>> diff --git
>>>>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>>
>>>>> index cebc8cf..f736e5c 100644
>>>>> ---
>>>>> a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>>
>>>>> +++
>>>>> b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
>>>>>
>>>>> @@ -8,16 +8,16 @@
>>>>> http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
>>>>>
>>>>>   Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
>>>>>   ---
>>>>> -Index: openssl-1.0.2/crypto/evp/digest.c
>>>>> +Index: openssl-1.0.2h/crypto/evp/digest.c
>>>>>   ===================================================================
>>>>> ---- openssl-1.0.2.orig/crypto/evp/digest.c
>>>>> -+++ openssl-1.0.2/crypto/evp/digest.c
>>>>> -@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>>>>> -         return 0;
>>>>> +--- openssl-1.0.2h.orig/crypto/evp/digest.c
>>>>> ++++ openssl-1.0.2h/crypto/evp/digest.c
>>>>> +@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
>>>>> +         type = ctx->digest;
>>>>>        }
>>>>>    #endif
>>>>>   -    if (ctx->digest != type) {
>>>>>   +    if (type && (ctx->digest != type)) {
>>>>> -         if (ctx->digest && ctx->digest->ctx_size)
>>>>> +         if (ctx->digest && ctx->digest->ctx_size) {
>>>>>                OPENSSL_free(ctx->md_data);
>>>>> -         ctx->digest = type;
>>>>> +             ctx->md_data = NULL;
>>>>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>>>>> b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>>>>> similarity index 91%
>>>>> rename from meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>>>>> rename to meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>>>>> index 290f129..ae65992 100644
>>>>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
>>>>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
>>>>> @@ -34,15 +34,13 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
>>>>>               file://openssl-fix-des.pod-error.patch \
>>>>>               file://Makefiles-ptest.patch \
>>>>>               file://ptest-deps.patch \
>>>>> -            file://crypto_use_bigint_in_x86-64_perl.patch \
>>>>>               file://openssl-1.0.2a-x32-asm.patch \
>>>>>               file://ptest_makefile_deps.patch  \
>>>>>               file://configure-musl-target.patch \
>>>>>               file://parallel.patch \
>>>>>              "
>>>>> -
>>>>> -SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
>>>>> -SRC_URI[sha256sum] =
>>>>> "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
>>>>> +SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
>>>>> +SRC_URI[sha256sum] =
>>>>> "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
>>>>>
>>>>>   PACKAGES =+ "${PN}-engines"
>>>>>   FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
>>>>>
>>> -- 
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
>> -- 
>> Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com
> 
> 
>