From patchwork Tue Apr 16 06:13:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 42466 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F1A6C2BD09 for ; Tue, 16 Apr 2024 06:14:12 +0000 (UTC) Received: from a27-31.smtp-out.us-west-2.amazonses.com (a27-31.smtp-out.us-west-2.amazonses.com [54.240.27.31]) by mx.groups.io with SMTP id smtpd.web11.13429.1713248038370661688 for ; Mon, 15 Apr 2024 23:13:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky header.b=Ga6456m0; dkim=pass header.i=@amazonses.com header.s=7v7vs6w47njt4pimodk5mmttbegzsi6n header.b=fAM1cGhI; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.31, mailfrom: 0101018ee58a6aba-bd78e152-3e62-455b-a5fe-878a36afabd6-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky; d=yoctoproject.org; t=1713248037; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=dC9ucSaYimz3V0HuBxs8GpDlCNdH5sCGQEOs0RmQ1k0=; b=Ga6456m0SkFVyRoZF+OnP6SAxHcppaBBRzDe3y7dfQUW3HTza2Q6tNbtbMlm6gm9 lF2xrc7PoKakUIRSAM3EWS9ZYpl1ViNhG42GfkXQIjGicEPQJ2tn2+k7w/jaztXx54H OpjQ7VTNPkObO68W04Ku3zSRnWyFL6FkZzerlSXE= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=7v7vs6w47njt4pimodk5mmttbegzsi6n; d=amazonses.com; t=1713248037; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=dC9ucSaYimz3V0HuBxs8GpDlCNdH5sCGQEOs0RmQ1k0=; b=fAM1cGhIeynQzZweYDyvQLv5bX/7V7LCjaJfwzNisG9uBvfU2aALwhjWmG69uJ/h KkYQWbiyqg+zucloTZCq0zcHd4RQEdrgok7Q8rlbbZ9Q+L2eYXAGbYKgCdodd0UO+Gt AqvviCmfJdj2urKTTSFpOapEKKchZ/mfefu+Z8UU= MIME-Version: 1.0 From: auh@yoctoproject.org To: Alexander Kanavin Cc: openembedded-core@lists.openembedded.org Subject: [AUH] openssl: upgrading to 3.3.0 SUCCEEDED Message-ID: <0101018ee58a6aba-bd78e152-3e62-455b-a5fe-878a36afabd6-000000@us-west-2.amazonses.com> Date: Tue, 16 Apr 2024 06:13:57 +0000 Feedback-ID: 1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2024.04.16-54.240.27.31 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 06:14:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198266 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *openssl* to *3.3.0* has Succeeded. Next steps: - apply the patch: git am 0001-openssl-upgrade-3.2.1-3.3.0.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 5e322191dfac7a5ac85beb77ebfcec7c7f5bd056 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Mon, 15 Apr 2024 17:44:29 +0000 Subject: [PATCH] openssl: upgrade 3.2.1 -> 3.3.0 --- ...ke-history-reporting-when-test-fails.patch | 39 +++++++++---------- ...1-Configure-do-not-tweak-mips-cflags.patch | 6 +-- ...sysroot-and-debug-prefix-map-from-co.patch | 23 ++++++----- .../openssl/openssl/bti.patch | 7 +--- .../{openssl_3.2.1.bb => openssl_3.3.0.bb} | 2 +- 5 files changed, 35 insertions(+), 42 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_3.2.1.bb => openssl_3.3.0.bb} (99%) diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch index aa2e5bb800..7107552f3c 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch @@ -1,4 +1,4 @@ -From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 +From 5d0dbca96faf710f90bb07c51a2864b591209866 Mon Sep 17 00:00:00 2001 From: William Lyu Date: Fri, 20 Oct 2023 16:22:37 -0400 Subject: [PATCH] Added handshake history reporting when test fails @@ -13,7 +13,7 @@ Signed-off-by: William Lyu 3 files changed, 218 insertions(+), 35 deletions(-) diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c -index e0422469e4..ae2ad59dd4 100644 +index e042246..ae2ad59 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1,5 +1,5 @@ @@ -26,7 +26,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -24,6 +24,102 @@ #include #endif - + +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ +/* Maps string names to various enumeration type */ +typedef struct { @@ -129,7 +129,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, SSL_set_post_handshake_auth(client, 1); } - + -/* The status for each connection phase. */ -typedef enum { - PEER_SUCCESS, @@ -145,7 +145,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) } } - + -typedef enum { - HANDSHAKE, - RENEG_APPLICATION_DATA, @@ -163,7 +163,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, } } - + -typedef enum { - /* Both parties succeeded. */ - HANDSHAKE_SUCCESS, @@ -181,9 +181,9 @@ index e0422469e4..ae2ad59dd4 100644 * Determine the handshake outcome. * last_status: the status of the peer to have acted last. @@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( - + start = time(NULL); - + + save_loop_history(&(ret->history), + phase, status, server.status, client.status, + client_turn_count, client_turn); @@ -194,7 +194,7 @@ index e0422469e4..ae2ad59dd4 100644 @@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( 0 /* server went last */); } - + + save_loop_history(&(ret->history), + phase, status, server.status, client.status, + client_turn_count, client_turn); @@ -203,7 +203,7 @@ index e0422469e4..ae2ad59dd4 100644 case HANDSHAKE_SUCCESS: client_turn_count = 0; diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h -index 78b03f9f4b..b9967c2623 100644 +index 78b03f9..b9967c2 100644 --- a/test/helpers/handshake.h +++ b/test/helpers/handshake.h @@ -1,5 +1,5 @@ @@ -214,9 +214,9 @@ index 78b03f9f4b..b9967c2623 100644 * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,11 @@ - + #include "ssl_test_ctx.h" - + +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ @@ -228,7 +228,7 @@ index 78b03f9f4b..b9967c2623 100644 @@ -22,6 +27,63 @@ typedef struct ctx_data_st { char *session_ticket_app_data; } CTX_DATA; - + +typedef enum { + HANDSHAKE, + RENEG_APPLICATION_DATA, @@ -296,25 +296,25 @@ index 78b03f9f4b..b9967c2623 100644 + /* handshake loop history */ + HANDSHAKE_HISTORY history; } HANDSHAKE_RESULT; - + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, CTX_DATA *server2_ctx_data, CTX_DATA *client_ctx_data); - + +const char *handshake_connect_phase_name(connect_phase_t phase); +const char *handshake_status_name(handshake_status_t handshake_status); +const char *handshake_peer_status_name(peer_status_t peer_status); + #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ diff --git a/test/ssl_test.c b/test/ssl_test.c -index ea608518f9..9d6b093c81 100644 +index ea60851..9d6b093 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; /* Currently the section names are of the form test-, e.g. test-15. */ #define MAX_TESTCASE_NAME_LENGTH 100 - + +static void print_handshake_history(const HANDSHAKE_HISTORY *history) +{ + size_t first_idx; @@ -368,7 +368,4 @@ index ea608518f9..9d6b093c81 100644 + return ret; } - --- -2.25.1 - + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch index 502a7aaf32..d661c07d5e 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -1,4 +1,4 @@ -From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 +From 8e475cc42647d79ee55123ce0bf0c18272e9169f Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Tue, 30 May 2023 09:11:27 -0700 Subject: [PATCH] Configure: do not tweak mips cflags @@ -17,10 +17,10 @@ Signed-off-by: Tim Orling 1 file changed, 10 deletions(-) diff --git a/Configure b/Configure -index 4569952..adf019b 100755 +index 3b6617c..a7ff31d 100755 --- a/Configure +++ b/Configure -@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) +@@ -1494,16 +1494,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) push @{$config{shared_ldflag}}, "-mno-cygwin"; } diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index bafdbaa46f..bfd512d77c 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -1,4 +1,4 @@ -From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 +From 193b83f88b614ca53dc3748881d40ca5ae355e0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= Date: Tue, 6 Nov 2018 14:50:47 +0100 Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler @@ -28,17 +28,16 @@ Signed-off-by: Kai Kang Update to fix buildpaths qa issue for '-ffile-prefix-map'. Signed-off-by: Khem Raj - --- Configurations/unix-Makefile.tmpl | 12 +++++++++++- crypto/build.info | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) -Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl -=================================================================== ---- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl -+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl -@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 4c24cae..dbcdad9 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -501,13 +501,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) @@ -63,11 +62,11 @@ Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl PERLASM_SCHEME= {- $target{perlasm_scheme} -} # For x86 assembler: Set PROCESSOR to 386 if you want to support -Index: openssl-3.0.4/crypto/build.info -=================================================================== ---- openssl-3.0.4.orig/crypto/build.info -+++ openssl-3.0.4/crypto/build.info -@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF +diff --git a/crypto/build.info b/crypto/build.info +index 2d5b22f..9623f02 100644 +--- a/crypto/build.info ++++ b/crypto/build.info +@@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF DEPEND[info.o]=buildinf.h DEPEND[cversion.o]=buildinf.h diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch index 748576c30c..5e518432e2 100644 --- a/meta/recipes-connectivity/openssl/openssl/bti.patch +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch @@ -1,4 +1,4 @@ -From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 +From 3555fa349eb0e48e51d02b69b420b89181406928 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 26 Mar 2024 13:18:00 +0000 Subject: [PATCH] aarch64: fix BTI in bsaes assembly code @@ -17,7 +17,7 @@ Signed-off-by: Ross Burton 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl -index b3c97e439f..c3c5ff3e05 100644 +index b3c97e4..c3c5ff3 100644 --- a/crypto/aes/asm/bsaes-armv8.pl +++ b/crypto/aes/asm/bsaes-armv8.pl @@ -1018,6 +1018,7 @@ _bsaes_key_convert: @@ -53,6 +53,3 @@ index b3c97e439f..c3c5ff3e05 100644 // Stack layout: // sp -> // nrounds*128-96 bytes: key schedule --- -2.34.1 - diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.2.1.bb rename to meta/recipes-connectivity/openssl/openssl_3.3.0.bb index c7134c54db..2cdaf4c75d 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39" +SRC_URI[sha256sum] = "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"