* [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
@ 2022-02-16 3:59 Tim Orling
2022-02-18 23:36 ` Steve Sakoman
0 siblings, 1 reply; 6+ messages in thread
From: Tim Orling @ 2022-02-16 3:59 UTC (permalink / raw)
To: openembedded-core; +Cc: steve, Tim Orling
Changes are only security and bug fixes.
https://www.openssl.org/news/cl111.txt
https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m
CVE: CVE-2021-4160
https://nvd.nist.gov/vuln/detail/CVE-2021-4160
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
---
Changes in v2:
- drop SRC_URI[md5sum] that devtool snuck in.
.../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
index bf7cd6527ef..c6f8499d4f5 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
@@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
+SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
--
2.30.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
2022-02-16 3:59 [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 Tim Orling
@ 2022-02-18 23:36 ` Steve Sakoman
2022-02-19 0:27 ` Tim Orling
0 siblings, 1 reply; 6+ messages in thread
From: Steve Sakoman @ 2022-02-18 23:36 UTC (permalink / raw)
To: Tim Orling; +Cc: openembedded-core, Tim Orling
On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@gmail.com> wrote:
>
> Changes are only security and bug fixes.
I'm seeing ptest errors:
WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were
failing ptests.
Traceback (most recent call last):
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
return func(*args, **kwargs)
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
return func(*args, **kwargs)
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
line 36, in wrapped_f
return func(*args, **kwargs)
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
line 25, in test_ptestrunner_expectfail
self.do_ptestrunner()
File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
line 108, in do_ptestrunner
self.fail(failmsg)
AssertionError: Failed ptests:
{'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']}
Happens with both qemuarm64-ptest and qemux86-64-ptest:
https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124
Steve
> https://www.openssl.org/news/cl111.txt
> https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m
>
> CVE: CVE-2021-4160
>
> https://nvd.nist.gov/vuln/detail/CVE-2021-4160
>
> Signed-off-by: Tim Orling <tim.orling@konsulko.com>
> ---
> Changes in v2:
> - drop SRC_URI[md5sum] that devtool snuck in.
>
> .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> similarity index 98%
> rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> index bf7cd6527ef..c6f8499d4f5 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
> file://environment.d-openssl.sh \
> "
>
> -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
> +SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"
>
> inherit lib_package multilib_header multilib_script ptest
> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
> --
> 2.30.2
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
2022-02-18 23:36 ` Steve Sakoman
@ 2022-02-19 0:27 ` Tim Orling
2022-02-19 2:37 ` Steve Sakoman
0 siblings, 1 reply; 6+ messages in thread
From: Tim Orling @ 2022-02-19 0:27 UTC (permalink / raw)
To: Steve Sakoman; +Cc: Tim Orling, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3223 bytes --]
On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@sakoman.com> wrote:
> On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@gmail.com> wrote:
> >
> > Changes are only security and bug fixes.
>
> I'm seeing ptest errors:
>
> WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were
> failing ptests.
> Traceback (most recent call last):
> File
> "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
> line 36, in wrapped_f
> return func(*args, **kwargs)
> File
> "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
> line 36, in wrapped_f
> return func(*args, **kwargs)
> File
> "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
> line 36, in wrapped_f
> return func(*args, **kwargs)
> File
> "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
> line 25, in test_ptestrunner_expectfail
> self.do_ptestrunner()
> File
> "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
> line 108, in do_ptestrunner
> self.fail(failmsg)
> AssertionError: Failed ptests:
> {'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']}
>
I saw this on qemux86-64, but was not sure it was due to the upgrade or a
one off infra issue. I’ll dig deeper and see what might be happening.
> Happens with both qemuarm64-ptest and qemux86-64-ptest:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863
> https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124
>
> Steve
>
> > https://www.openssl.org/news/cl111.txt
> > https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m
> >
> > CVE: CVE-2021-4160
> >
> > https://nvd.nist.gov/vuln/detail/CVE-2021-4160
> >
> > Signed-off-by: Tim Orling <tim.orling@konsulko.com>
> > ---
> > Changes in v2:
> > - drop SRC_URI[md5sum] that devtool snuck in.
> >
> > .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb =>
> openssl_1.1.1m.bb} (98%)
> >
> > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> > similarity index 98%
> > rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> > rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> > index bf7cd6527ef..c6f8499d4f5 100644
> > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
> > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
> > @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
> > file://environment.d-openssl.sh \
> > "
> >
> > -SRC_URI[sha256sum] =
> "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
> > +SRC_URI[sha256sum] =
> "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"
> >
> > inherit lib_package multilib_header multilib_script ptest
> > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
> > --
> > 2.30.2
> >
>
[-- Attachment #2: Type: text/html, Size: 5511 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
2022-02-19 0:27 ` Tim Orling
@ 2022-02-19 2:37 ` Steve Sakoman
2022-02-21 7:04 ` [OE-core] " Mikko.Rapeli
0 siblings, 1 reply; 6+ messages in thread
From: Steve Sakoman @ 2022-02-19 2:37 UTC (permalink / raw)
To: Tim Orling; +Cc: Tim Orling, openembedded-core
On Fri, Feb 18, 2022 at 2:27 PM Tim Orling <ticotimo@gmail.com> wrote:
>
>
>
> On Fri, Feb 18, 2022 at 3:36 PM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> On Tue, Feb 15, 2022 at 5:59 PM Tim Orling <ticotimo@gmail.com> wrote:
>> >
>> > Changes are only security and bug fixes.
>>
>> I'm seeing ptest errors:
>>
>> WARNING: core-image-sato-sdk-ptest-1.0-r0 do_testimage: There were
>> failing ptests.
>> Traceback (most recent call last):
>> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
>> line 36, in wrapped_f
>> return func(*args, **kwargs)
>> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
>> line 36, in wrapped_f
>> return func(*args, **kwargs)
>> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/core/decorator/__init__.py",
>> line 36, in wrapped_f
>> return func(*args, **kwargs)
>> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
>> line 25, in test_ptestrunner_expectfail
>> self.do_ptestrunner()
>> File "/home/pokybuild/yocto-worker/qemux86-64-ptest/build/meta/lib/oeqa/runtime/cases/ptest.py",
>> line 108, in do_ptestrunner
>> self.fail(failmsg)
>> AssertionError: Failed ptests:
>> {'openssl': ['test/recipes/30-test_evp_extra.t,_test_returned_1']}
>
>
> I saw this on qemux86-64, but was not sure it was due to the upgrade or a one off infra issue. I’ll dig deeper and see what might be happening.
I re-ran the test and got the same error, so it doesn't seem to be intermittent.
Thanks!
Steve
>
>>
>> Happens with both qemuarm64-ptest and qemux86-64-ptest:
>>
>> https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/2863
>> https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/3124
>>
>> Steve
>>
>> > https://www.openssl.org/news/cl111.txt
>> > https://git.openssl.org/?p=openssl.git;a=log;h=refs/tags/OpenSSL_1_1_1m
>> >
>> > CVE: CVE-2021-4160
>> >
>> > https://nvd.nist.gov/vuln/detail/CVE-2021-4160
>> >
>> > Signed-off-by: Tim Orling <tim.orling@konsulko.com>
>> > ---
>> > Changes in v2:
>> > - drop SRC_URI[md5sum] that devtool snuck in.
>> >
>> > .../openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>> > rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb => openssl_1.1.1m.bb} (98%)
>> >
>> > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
>> > similarity index 98%
>> > rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
>> > rename to meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
>> > index bf7cd6527ef..c6f8499d4f5 100644
>> > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
>> > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1m.bb
>> > @@ -24,7 +24,7 @@ SRC_URI_append_class-nativesdk = " \
>> > file://environment.d-openssl.sh \
>> > "
>> >
>> > -SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
>> > +SRC_URI[sha256sum] = "f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96"
>> >
>> > inherit lib_package multilib_header multilib_script ptest
>> > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
>> > --
>> > 2.30.2
>> >
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [OE-core] [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
2022-02-19 2:37 ` Steve Sakoman
@ 2022-02-21 7:04 ` Mikko.Rapeli
2022-02-21 14:06 ` Steve Sakoman
0 siblings, 1 reply; 6+ messages in thread
From: Mikko.Rapeli @ 2022-02-21 7:04 UTC (permalink / raw)
To: steve; +Cc: ticotimo, tim.orling, openembedded-core
FWIW, there is also the pure patch to fix CVE-2021-4160 in openssl 1.1.1l for dunfell:
https://lists.openembedded.org/g/openembedded-core/message/161652
Patch versus letter version update, which one is preferred?
-Mikko
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [OE-core] [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160
2022-02-21 7:04 ` [OE-core] " Mikko.Rapeli
@ 2022-02-21 14:06 ` Steve Sakoman
0 siblings, 0 replies; 6+ messages in thread
From: Steve Sakoman @ 2022-02-21 14:06 UTC (permalink / raw)
To: Mikko.Rapeli; +Cc: ticotimo, tim.orling, openembedded-core
On Sun, Feb 20, 2022 at 9:04 PM <Mikko.Rapeli@bmw.de> wrote:
>
> FWIW, there is also the pure patch to fix CVE-2021-4160 in openssl 1.1.1l for dunfell:
>
> https://lists.openembedded.org/g/openembedded-core/message/161652
>
> Patch versus letter version update, which one is preferred?
Yes, I'm aware of the CVE only patch. In this case I'd prefer the
letter version update since it also contains bug fixes. But if we
can't fix the ptest regression in the next couple of days I'll fall
back to the CVE only patch.
Steve
>
> -Mikko
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-02-21 14:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-16 3:59 [dunfell][PATCH v2] openssl: upgrade to 1.1.1m for CVE-2021-4160 Tim Orling
2022-02-18 23:36 ` Steve Sakoman
2022-02-19 0:27 ` Tim Orling
2022-02-19 2:37 ` Steve Sakoman
2022-02-21 7:04 ` [OE-core] " Mikko.Rapeli
2022-02-21 14:06 ` Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.