Message ID | 20230512100845.1243349-2-m.otto@phytec.de |
---|---|
State | New, archived |
Headers | show |
Series | openssl: update from 3.0.8 to 3.1.0 | expand |
Yocto stable branch policy does not allow major component updates which introduce new features, it must be bugfixes only. Openssl 3.0.x is an LTS release and will be getting updates for a few more years. https://www.openssl.org/source/ Alex On Fri, 12 May 2023 at 12:09, Maik Otto <m.otto@phytec.de> wrote: > > From: Randy MacLeod <randy.macleod@windriver.com> > > >From the NEWS.md file: > > ### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023] > > * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. > * Performance enhancements and new platform support including new > assembler code algorithm implementations. > * Deprecated LHASH statistics functions. > * FIPS 140-3 compliance changes. > > Drop the upstreamed afalg.patch: > c425e365f4 Configure: don't try to be clever when configuring afalgeng > > Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > --- > .../openssl/openssl/afalg.patch | 31 ------------------- > .../{openssl_3.0.8.bb => openssl_3.1.0.bb} | 3 +- > 2 files changed, 1 insertion(+), 33 deletions(-) > delete mode 100644 meta/recipes-connectivity/openssl/openssl/afalg.patch > rename meta/recipes-connectivity/openssl/{openssl_3.0.8.bb => openssl_3.1.0.bb} (98%) > > diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch > deleted file mode 100644 > index cf77e873a2..0000000000 > --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch > +++ /dev/null > @@ -1,31 +0,0 @@ > -Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. > - > -Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] > -Signed-off-by: Ross Burton <ross.burton@intel.com> > - > -Index: openssl-3.0.4/Configure > -=================================================================== > ---- openssl-3.0.4.orig/Configure > -+++ openssl-3.0.4/Configure > -@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl- > - unless ($disabled{afalgeng}) { > - $config{afalgeng}=""; > - if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { > -- my $minver = 4*10000 + 1*100 + 0; > -- if ($config{CROSS_COMPILE} eq "") { > -- my $verstr = `uname -r`; > -- my ($ma, $mi1, $mi2) = split("\\.", $verstr); > -- ($mi2) = $mi2 =~ /(\d+)/; > -- my $ver = $ma*10000 + $mi1*100 + $mi2; > -- if ($ver < $minver) { > -- disable('too-old-kernel', 'afalgeng'); > -- } else { > -- push @{$config{engdirs}}, "afalg"; > -- } > -- } else { > -- disable('cross-compiling', 'afalgeng'); > -- } > -+ push @{$config{engdirs}}, "afalg"; > - } else { > - disable('not-linux', 'afalgeng'); > - } > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.8.bb b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb > similarity index 98% > rename from meta/recipes-connectivity/openssl/openssl_3.0.8.bb > rename to meta/recipes-connectivity/openssl/openssl_3.1.0.bb > index 82f3e18dd7..b7251cb68e 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.0.8.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb > @@ -10,7 +10,6 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" > SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ > file://run-ptest \ > file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ > - file://afalg.patch \ > file://0001-Configure-do-not-tweak-mips-cflags.patch \ > file://CVE-2023-0464.patch \ > file://CVE-2023-0465.patch \ > @@ -21,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" > +SRC_URI[sha256sum] = "aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4" > > inherit lib_package multilib_header multilib_script ptest perlnative > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#181175): https://lists.openembedded.org/g/openembedded-core/message/181175 > Mute This Topic: https://lists.openembedded.org/mt/98846329/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch deleted file mode 100644 index cf77e873a2..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ /dev/null @@ -1,31 +0,0 @@ -Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. - -Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] -Signed-off-by: Ross Burton <ross.burton@intel.com> - -Index: openssl-3.0.4/Configure -=================================================================== ---- openssl-3.0.4.orig/Configure -+++ openssl-3.0.4/Configure -@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl- - unless ($disabled{afalgeng}) { - $config{afalgeng}=""; - if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { -- my $minver = 4*10000 + 1*100 + 0; -- if ($config{CROSS_COMPILE} eq "") { -- my $verstr = `uname -r`; -- my ($ma, $mi1, $mi2) = split("\\.", $verstr); -- ($mi2) = $mi2 =~ /(\d+)/; -- my $ver = $ma*10000 + $mi1*100 + $mi2; -- if ($ver < $minver) { -- disable('too-old-kernel', 'afalgeng'); -- } else { -- push @{$config{engdirs}}, "afalg"; -- } -- } else { -- disable('cross-compiling', 'afalgeng'); -- } -+ push @{$config{engdirs}}, "afalg"; - } else { - disable('not-linux', 'afalgeng'); - } diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.8.bb b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb similarity index 98% rename from meta/recipes-connectivity/openssl/openssl_3.0.8.bb rename to meta/recipes-connectivity/openssl/openssl_3.1.0.bb index 82f3e18dd7..b7251cb68e 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.8.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb @@ -10,7 +10,6 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://CVE-2023-0464.patch \ file://CVE-2023-0465.patch \ @@ -21,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" +SRC_URI[sha256sum] = "aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"