Patchwork [2/2] openssl: upgrade to 1.0.0i

login
register
mail settings
Submitter Scott Garman
Date April 25, 2012, 5:13 a.m.
Message ID <2141be5ebcb7b14e348ad7e8a516a19333388eeb.1335330662.git.scott.a.garman@intel.com>
Download mbox | patch
Permalink /patch/26397/
State New
Headers show

Comments

Scott Garman - April 25, 2012, 5:13 a.m.
Addresses CVE-2012-2110

Fixes bug [YOCTO #2368]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
 .../{openssl_1.0.0h.bb => openssl_1.0.0i.bb}       |    4 ++--
 18 files changed, 3 insertions(+), 4 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb => openssl_1.0.0i.bb} (90%)
Andreas Oberritter - May 8, 2012, 7:06 a.m.
Hello Scott,

On 25.04.2012 07:13, Scott Garman wrote:
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -4,8 +4,7 @@ HOMEPAGE = "http://www.openssl.org/"
>  BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
>  SECTION = "libs/network"
>  
> -# Big Jump for OpenSSL 1.0 support with meta-oe
> -INC_PR = "r15"
> +INC_PR = "r0"
>  
>  # "openssl | SSLeay" dual license
>  LICENSE = "openssl"

this hunk broke the upgrade path of out-of-tree users of openssl.inc,
e.g. users of openssl 0.9.8 in their own layer.

Please reset INC_PR to r15. You should have reset only PR (if it wasn't
already "${INC_PR}.0"), not INC_PR.

Regards,
Andreas
Scott Garman - May 8, 2012, 2:38 p.m.
On 05/08/2012 12:06 AM, Andreas Oberritter wrote:
> Hello Scott,
>
> On 25.04.2012 07:13, Scott Garman wrote:
>> --- a/meta/recipes-connectivity/openssl/openssl.inc
>> +++ b/meta/recipes-connectivity/openssl/openssl.inc
>> @@ -4,8 +4,7 @@ HOMEPAGE = "http://www.openssl.org/"
>>   BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
>>   SECTION = "libs/network"
>>
>> -# Big Jump for OpenSSL 1.0 support with meta-oe
>> -INC_PR = "r15"
>> +INC_PR = "r0"
>>
>>   # "openssl | SSLeay" dual license
>>   LICENSE = "openssl"
>
> this hunk broke the upgrade path of out-of-tree users of openssl.inc,
> e.g. users of openssl 0.9.8 in their own layer.
>
> Please reset INC_PR to r15. You should have reset only PR (if it wasn't
> already "${INC_PR}.0"), not INC_PR.

Ouch. Sorry about that. I will submit a patch in the next few minutes to 
correct this and will keep this in mind in the future.

Scott

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/configure-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/configure-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/configure-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/c_rehash-compat.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/c_rehash-compat.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/c_rehash-compat.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/ca.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/ca.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/debian-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/debian-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/debian-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/make-targets.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/make-targets.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/make-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-dir.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-dir.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-dir.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-section.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/man-section.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/man-section.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-rpath.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-rpath.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-rpath.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-symbolic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/no-symbolic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/no-symbolic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/pic.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/pic.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/pic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/version-script.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/debian/version-script.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/debian/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/engines-install-in-libdir-ssl.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/engines-install-in-libdir-ssl.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/engines-install-in-libdir-ssl.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/oe-ldflags.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/oe-ldflags.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/oe-ldflags.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl-fix-link.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl-fix-link.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl-fix-link.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl-fix-link.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl_fix_for_x32.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/openssl_fix_for_x32.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/openssl_fix_for_x32.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0h/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.0i/shared-libs.patch
similarity index 100%
rename from meta/recipes-connectivity/openssl/openssl-1.0.0h/shared-libs.patch
rename to meta/recipes-connectivity/openssl/openssl-1.0.0i/shared-libs.patch
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 089b9a4..78cf272 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -4,8 +4,7 @@  HOMEPAGE = "http://www.openssl.org/"
 BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
 SECTION = "libs/network"
 
-# Big Jump for OpenSSL 1.0 support with meta-oe
-INC_PR = "r15"
+INC_PR = "r0"
 
 # "openssl | SSLeay" dual license
 LICENSE = "openssl"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
similarity index 90%
rename from meta/recipes-connectivity/openssl/openssl_1.0.0h.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
index 744fe2a..68b092f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.0i.bb
@@ -31,8 +31,8 @@  SRC_URI += "file://configure-targets.patch \
             file://openssl_fix_for_x32.patch \
            "
 
-SRC_URI[md5sum] = "a5bc483c570f2ac3758ce5c19b667fab"
-SRC_URI[sha256sum] = "7e3dfc21aa57ed33ea673170053d1921322803b8a6a624a4f0d2e4c308bd418d"
+SRC_URI[md5sum] = "b4df9c11af454fd68178c85a1d5f328f"
+SRC_URI[sha256sum] = "548262d15777c504be1ab9bb8fabef1e14a3de54837a6593c8f403dd843d5e57"
 
 PACKAGES =+ " \
 	${PN}-engines \