[master,mickledore] openssl: Upgrade 3.1.1 -> 3.1.2

Message ID	20230801163641.1234605-1-peter.marko@siemens.com
State	New
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.65.226, mailfrom: fm-256628-2023080116372706f1a69833472b7c59-1taug4@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][master][mickledore][PATCH] openssl: Upgrade 3.1.1 -> 3.1.2 Date: Tue, 1 Aug 2023 18:36:41 +0200 Message-Id: <20230801163641.1234605-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[master,mickledore] openssl: Upgrade 3.1.1 -> 3.1.2 \| expand [master,mickledore] openssl: Upgrade 3.1.1 -> 3.1.2

Message ID

20230801163641.1234605-1-peter.marko@siemens.com

State

New

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][master][mickledore][PATCH] openssl: Upgrade 3.1.1 -> 3.1.2
Date: Tue,  1 Aug 2023 18:36:41 +0200
Message-Id: <20230801163641.1234605-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[master,mickledore] openssl: Upgrade 3.1.1 -> 3.1.2 | expand

Commit Message

Peter Marko Aug. 1, 2023, 4:36 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

https://github.com/openssl/openssl/blob/openssl-3.1/NEWS.md#major-changes-between-openssl-311-and-openssl-312-1-aug-2023
Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
* Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
* Do not ignore empty associated data entries with AES-SIV (CVE-2023-2975)
* When building with the enable-fips option and using the resulting FIPS provider, TLS 1.2 will, by default, mandate the use of an extended master secret and the Hash and HMAC DRBGs will not operate with truncated digests.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../openssl/{openssl_3.1.1.bb => openssl_3.1.2.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.1.1.bb => openssl_3.1.2.bb} (99%)

Comments

Peter Marko Aug. 13, 2023, 10:49 a.m. UTC | #1

Gentle ping.
Is there any problem with this patch?

Peter

Randy MacLeod Aug. 15, 2023, 5:17 p.m. UTC | #2

On 2023-08-13 06:49, Peter Marko via lists.openembedded.org wrote:
> Gentle ping.
> Is there any problem with this patch?
>
> Peter
>
Peter,

We'd all like to see this openssl update merged but I suspect, that for 
master,
it's backed up behind the 6.4 kernel update and some glibc update 
problems summarize here:
https://lists.yoctoproject.org/g/yocto/message/60802

and (I confirmed with Steve) because it's not in master, as a matter of 
policy, it's not in mickledore-nut:
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/mickledore-nut

Stay tuned, check on:
https://git.openembedded.org/openembedded-core/log/?qt=range&q=master-next
and ping again if it's not in oe-core/master-next/master in a week and  
mickledore-nut a while after that.

Note that, it won't be in mickledore-nut until after a week or two after 
it hits master.

diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.1.bb b/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.1.1.bb
rename to meta/recipes-connectivity/openssl/openssl_3.1.2.bb
index c2a7173c84..817bfedee1 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
@@ -18,7 +18,7 @@  SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674"
+SRC_URI[sha256sum] = "a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539"
 
 inherit lib_package multilib_header multilib_script ptest perlnative
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

[master,mickledore] openssl: Upgrade 3.1.1 -> 3.1.2

Commit Message

Comments

Patch