From patchwork Thu Feb 1 18:00:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 38647 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AFA3C54E7A for ; Thu, 1 Feb 2024 18:00:20 +0000 (UTC) Received: from a27-33.smtp-out.us-west-2.amazonses.com (a27-33.smtp-out.us-west-2.amazonses.com [54.240.27.33]) by mx.groups.io with SMTP id smtpd.web10.2147.1706810404343627901 for ; Thu, 01 Feb 2024 10:00:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky header.b=fOJuzZJe; dkim=pass header.i=@amazonses.com header.s=hsbnp7p3ensaochzwyq5wwmceodymuwv header.b=Ij/KcrZ0; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.33, mailfrom: 0101018d65d3e995-5fcb9709-0edd-4b6b-b97b-032372436b7b-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky; d=yoctoproject.org; t=1706810403; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=GIZSkJLHFDhj1009SayQ9VeUGOmUTzCziHGhhxWYPeU=; b=fOJuzZJexKy2HafEtBUJiWuVUKuZkB8VxmJZiyw72fpBVa3vVivuUgPRrC0QvC+F lUhcaE6J8/y5qtZ61oPvNAx88nFul3Qm1foK8MN/obo3jA2CehrL+3LNdBHOkDXVi6o 0YZPcCpE3k4A3GdtqIbg24mpLF2Bbc4QW0hmaDrc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=hsbnp7p3ensaochzwyq5wwmceodymuwv; d=amazonses.com; t=1706810403; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=GIZSkJLHFDhj1009SayQ9VeUGOmUTzCziHGhhxWYPeU=; b=Ij/KcrZ02oCnYH8o3MbuXp6RiaFlEiDczkxZDsJJ8jqInEzDyd60VXsTJdt7wa6p B19l2/m0Xj+lRWIAKRg3Dzg88KdgZgKopaeU7eT4lc2bwPwfR32VoVxzWkCevLNUVNI TyrfEbC0QZOoqGvpmawbzx+8dI6OYHRFmBCRqgAo= MIME-Version: 1.0 From: auh@yoctoproject.org To: Alexander Kanavin Cc: openembedded-core@lists.openembedded.org Subject: [AUH] openssl: upgrading to 3.2.1 SUCCEEDED Message-ID: <0101018d65d3e995-5fcb9709-0edd-4b6b-b97b-032372436b7b-000000@us-west-2.amazonses.com> Date: Thu, 1 Feb 2024 18:00:03 +0000 Feedback-ID: 1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2024.02.01-54.240.27.33 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 01 Feb 2024 18:00:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194600 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *openssl* to *3.2.1* has Succeeded. Next steps: - apply the patch: git am 0001-openssl-upgrade-3.2.0-3.2.1.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 2b386454da751183fbf2be59ab5d57b9d9acc8ef Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Thu, 1 Feb 2024 05:31:49 +0000 Subject: [PATCH] openssl: upgrade 3.2.0 -> 3.2.1 --- ...ke-history-reporting-when-test-fails.patch | 40 +++++++++---------- ...1-Configure-do-not-tweak-mips-cflags.patch | 7 ++-- ...sysroot-and-debug-prefix-map-from-co.patch | 22 +++++----- ...x-mispelling-of-extension-test-macro.patch | 31 -------------- .../openssl/openssl/aarch64-bti.patch | 35 ---------------- .../{openssl_3.2.0.bb => openssl_3.2.1.bb} | 5 +-- 6 files changed, 36 insertions(+), 104 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-riscv-Fix-mispelling-of-extension-test-macro.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch rename meta/recipes-connectivity/openssl/{openssl_3.2.0.bb => openssl_3.2.1.bb} (97%) diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch index aa2e5bb800..cb98dcd151 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch @@ -1,4 +1,4 @@ -From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 +From 9169682ce2fe687d6464768a3a0b89c7c491376e Mon Sep 17 00:00:00 2001 From: William Lyu Date: Fri, 20 Oct 2023 16:22:37 -0400 Subject: [PATCH] Added handshake history reporting when test fails @@ -6,6 +6,7 @@ Subject: [PATCH] Added handshake history reporting when test fails Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] Signed-off-by: William Lyu + --- test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- test/helpers/handshake.h | 70 +++++++++++++++++++- @@ -13,7 +14,7 @@ Signed-off-by: William Lyu 3 files changed, 218 insertions(+), 35 deletions(-) diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c -index e0422469e4..ae2ad59dd4 100644 +index e042246..ae2ad59 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1,5 +1,5 @@ @@ -26,7 +27,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -24,6 +24,102 @@ #include #endif - + +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ +/* Maps string names to various enumeration type */ +typedef struct { @@ -129,7 +130,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, SSL_set_post_handshake_auth(client, 1); } - + -/* The status for each connection phase. */ -typedef enum { - PEER_SUCCESS, @@ -145,7 +146,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) } } - + -typedef enum { - HANDSHAKE, - RENEG_APPLICATION_DATA, @@ -163,7 +164,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, } } - + -typedef enum { - /* Both parties succeeded. */ - HANDSHAKE_SUCCESS, @@ -181,9 +182,9 @@ index e0422469e4..ae2ad59dd4 100644 * Determine the handshake outcome. * last_status: the status of the peer to have acted last. @@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( - + start = time(NULL); - + + save_loop_history(&(ret->history), + phase, status, server.status, client.status, + client_turn_count, client_turn); @@ -194,7 +195,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( 0 /* server went last */); } - + + save_loop_history(&(ret->history), + phase, status, server.status, client.status, + client_turn_count, client_turn); @@ -203,7 +204,7 @@ index e0422469e4..ae2ad59dd4 100644 case HANDSHAKE_SUCCESS: client_turn_count = 0; diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h -index 78b03f9f4b..b9967c2623 100644 +index 78b03f9..b9967c2 100644 --- a/test/helpers/handshake.h +++ b/test/helpers/handshake.h @@ -1,5 +1,5 @@ @@ -214,9 +215,9 @@ index 78b03f9f4b..b9967c2623 100644 * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,11 @@ - + #include "ssl_test_ctx.h" - + +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ @@ -228,7 +229,7 @@ index 78b03f9f4b..b9967c2623 100644 @@ -22,6 +27,63 @@ typedef struct ctx_data_st { char *session_ticket_app_data; } CTX_DATA; - + +typedef enum { + HANDSHAKE, + RENEG_APPLICATION_DATA, @@ -296,25 +297,25 @@ index 78b03f9f4b..b9967c2623 100644 + /* handshake loop history */ + HANDSHAKE_HISTORY history; } HANDSHAKE_RESULT; - + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, CTX_DATA *server2_ctx_data, CTX_DATA *client_ctx_data); - + +const char *handshake_connect_phase_name(connect_phase_t phase); +const char *handshake_status_name(handshake_status_t handshake_status); +const char *handshake_peer_status_name(peer_status_t peer_status); + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ diff --git a/test/ssl_test.c b/test/ssl_test.c -index ea608518f9..9d6b093c81 100644 +index ea60851..9d6b093 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; /* Currently the section names are of the form test-, e.g. test-15. */ #define MAX_TESTCASE_NAME_LENGTH 100 - + +static void print_handshake_history(const HANDSHAKE_HISTORY *history) +{ + size_t first_idx; @@ -368,7 +369,4 @@ index ea608518f9..9d6b093c81 100644 + return ret; } - --- -2.25.1 - + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch index 502a7aaf32..665c843d78 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -1,4 +1,4 @@ -From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 +From e335d662b63000b672222ce8cd7e832cf7a4150f Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Tue, 30 May 2023 09:11:27 -0700 Subject: [PATCH] Configure: do not tweak mips cflags @@ -12,15 +12,16 @@ Signed-off-by: Alexander Kanavin Refreshed for openssl-3.1.1 Signed-off-by: Tim Orling + --- Configure | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Configure b/Configure -index 4569952..adf019b 100755 +index cca1ac8..45a12b1 100755 --- a/Configure +++ b/Configure -@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) +@@ -1485,16 +1485,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) push @{$config{shared_ldflag}}, "-mno-cygwin"; } diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index bafdbaa46f..5a51e9fd9d 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -1,4 +1,4 @@ -From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 +From bc8aacbe96b1716d060622d7dba0a05fabe6c17b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= Date: Tue, 6 Nov 2018 14:50:47 +0100 Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler @@ -34,11 +34,11 @@ Signed-off-by: Khem Raj crypto/build.info | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) -Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl -=================================================================== ---- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl -+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl -@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index b3350a1..5e8879a 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -481,13 +481,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -63,11 +63,11 @@ Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl PERLASM_SCHEME= {- $target{perlasm_scheme} -} # For x86 assembler: Set PROCESSOR to 386 if you want to support -Index: openssl-3.0.4/crypto/build.info -=================================================================== ---- openssl-3.0.4.orig/crypto/build.info -+++ openssl-3.0.4/crypto/build.info -@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF +diff --git a/crypto/build.info b/crypto/build.info +index 2d5b22f..9623f02 100644 +--- a/crypto/build.info ++++ b/crypto/build.info +@@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF DEPEND[info.o]=buildinf.h DEPEND[cversion.o]=buildinf.h diff --git a/meta/recipes-connectivity/openssl/openssl/0001-riscv-Fix-mispelling-of-extension-test-macro.patch b/meta/recipes-connectivity/openssl/openssl/0001-riscv-Fix-mispelling-of-extension-test-macro.patch deleted file mode 100644 index 1d217bd8e3..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-riscv-Fix-mispelling-of-extension-test-macro.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b51031b05f72923ff1cf3b6a4767450dee89d7f4 Mon Sep 17 00:00:00 2001 -From: Grant Nichol -Date: Fri, 22 Dec 2023 23:46:39 -0600 -Subject: [PATCH] riscv: Fix mispelling of extension test macro - -When refactoring the riscv extension test macros, -RISCV_HAS_ZKND_AND_ZKNE was mispelled. - -CLA: trivial -Upstream-Status: Backport [https://github.com/openssl/openssl/pull/23139] -Signed-off-by: Khem Raj ---- - providers/implementations/ciphers/cipher_aes_xts_hw.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c -index 564d6d6..4cf1361 100644 ---- a/providers/implementations/ciphers/cipher_aes_xts_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c -@@ -225,7 +225,7 @@ static const PROV_CIPHER_HW aes_xts_rv32i_zbkb_zknd_zkne = { \ - # define PROV_CIPHER_HW_select_xts() \ - if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE()) \ - return &aes_xts_rv32i_zbkb_zknd_zkne; \ --if (RISCV_HAS_ZKND_ZKNE()) \ -+if (RISCV_HAS_ZKND_AND_ZKNE()) \ - return &aes_xts_rv32i_zknd_zkne; - # else - /* The generic case */ --- -2.43.0 - diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch deleted file mode 100644 index 2a16debb76..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch +++ /dev/null @@ -1,35 +0,0 @@ -From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001 -From: "fangming.fang" -Date: Thu, 7 Dec 2023 06:17:51 +0000 -Subject: [PATCH] Enable BTI feature for md5 on aarch64 - -Fixes: #22959 - -Reviewed-by: Tom Cosgrove -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/22971) - -Upstream-Status: Backport -Signed-off-by: Ross Burton ---- - crypto/md5/asm/md5-aarch64.pl | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl -index 3200a0fa9bff0..5a8608069691d 100755 ---- a/crypto/md5/asm/md5-aarch64.pl -+++ b/crypto/md5/asm/md5-aarch64.pl -@@ -28,10 +28,13 @@ - *STDOUT=*OUT; - - $code .= <