Message ID | 20220513133521.904120-1-davide.gardenal@huawei.com |
---|---|
State | Accepted, archived |
Commit | 62bc43a8ca705384fb60742f2f044f4355aaabca |
Headers | show |
Series | [kirkstone,v2] openssl: minor security upgrade 3.0.2 -> 3.0.3 | expand |
On Fri, May 13, 2022 at 3:35 AM Davide Gardenal <davidegarde2000@gmail.com> wrote: > > This minor version include fixes for several CVEs > > CVE: CVE-2022-1292 > CVE: CVE-2022-1343 > CVE: CVE-2022-1434 > CVE: CVE-2022-1473 > > Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> > --- > Updates: > -v2 add kirkstone tag in the title Actually, since master is also at version 3.0.2 this patch will have to go to master first. I'll then backport it. In cases like this you should probably tag [master][kirkstone] so Richard and I both take notice. Steve > --- > .../openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} (99%) > > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb > similarity index 99% > rename from meta/recipes-connectivity/openssl/openssl_3.0.2.bb > rename to meta/recipes-connectivity/openssl/openssl_3.0.3.bb > index a809666aa7..fd88ae807d 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb > @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63" > +SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" > > inherit lib_package multilib_header multilib_script ptest perlnative > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > -- > 2.32.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165563): https://lists.openembedded.org/g/openembedded-core/message/165563 > Mute This Topic: https://lists.openembedded.org/mt/91080703/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
I see, I’m sorry but I haven’t checked master because I’m working on kirkstone right now, next time I’ll do it. Davide > Il giorno 13 mag 2022, alle ore 17:53, Steve Sakoman <steve@sakoman.com> ha scritto: > > On Fri, May 13, 2022 at 3:35 AM Davide Gardenal > <davidegarde2000@gmail.com <mailto:davidegarde2000@gmail.com>> wrote: >> >> This minor version include fixes for several CVEs >> >> CVE: CVE-2022-1292 >> CVE: CVE-2022-1343 >> CVE: CVE-2022-1434 >> CVE: CVE-2022-1473 >> >> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com <mailto:davide.gardenal@huawei.com>> >> --- >> Updates: >> -v2 add kirkstone tag in the title > > Actually, since master is also at version 3.0.2 this patch will have > to go to master first. I'll then backport it. > > In cases like this you should probably tag [master][kirkstone] so > Richard and I both take notice. > > Steve > >> --- >> .../openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> rename meta/recipes-connectivity/openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} (99%) >> >> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb >> similarity index 99% >> rename from meta/recipes-connectivity/openssl/openssl_3.0.2.bb >> rename to meta/recipes-connectivity/openssl/openssl_3.0.3.bb >> index a809666aa7..fd88ae807d 100644 >> --- a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb >> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb >> @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ >> file://environment.d-openssl.sh \ >> " >> >> -SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63" >> +SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" >> >> inherit lib_package multilib_header multilib_script ptest perlnative >> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" >> -- >> 2.32.0 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#165563): https://lists.openembedded.org/g/openembedded-core/message/165563 <https://lists.openembedded.org/g/openembedded-core/message/165563> >> Mute This Topic: https://lists.openembedded.org/mt/91080703/3620601 <https://lists.openembedded.org/mt/91080703/3620601> >> Group Owner: openembedded-core+owner@lists.openembedded.org <mailto:openembedded-core+owner@lists.openembedded.org> >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub <https://lists.openembedded.org/g/openembedded-core/unsub> [steve@sakoman.com <mailto:steve@sakoman.com>] >> -=-=-=-=-=-=-=-=-=-=-=-
On Fri, May 13, 2022 at 5:56 AM Davide Gardenal <davidegarde2000@gmail.com> wrote: > > I see, I’m sorry but I haven’t checked master because I’m working on kirkstone right now, next time I’ll do it. No worries. If you don't catch it I probably will :-) BTW, I really appreciate your help with CVEs! Steve > > Davide > > Il giorno 13 mag 2022, alle ore 17:53, Steve Sakoman <steve@sakoman.com> ha scritto: > > On Fri, May 13, 2022 at 3:35 AM Davide Gardenal > <davidegarde2000@gmail.com> wrote: > > > This minor version include fixes for several CVEs > > CVE: CVE-2022-1292 > CVE: CVE-2022-1343 > CVE: CVE-2022-1434 > CVE: CVE-2022-1473 > > Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> > --- > Updates: > -v2 add kirkstone tag in the title > > > Actually, since master is also at version 3.0.2 this patch will have > to go to master first. I'll then backport it. > > In cases like this you should probably tag [master][kirkstone] so > Richard and I both take notice. > > Steve > > --- > .../openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} (99%) > > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb > similarity index 99% > rename from meta/recipes-connectivity/openssl/openssl_3.0.2.bb > rename to meta/recipes-connectivity/openssl/openssl_3.0.3.bb > index a809666aa7..fd88ae807d 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb > @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63" > +SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" > > inherit lib_package multilib_header multilib_script ptest perlnative > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > -- > 2.32.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#165563): https://lists.openembedded.org/g/openembedded-core/message/165563 > Mute This Topic: https://lists.openembedded.org/mt/91080703/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
I’m always glad to help :) > Il giorno 13 mag 2022, alle ore 18:57, Steve Sakoman <steve@sakoman.com> ha scritto: > > On Fri, May 13, 2022 at 5:56 AM Davide Gardenal > <davidegarde2000@gmail.com> wrote: >> >> I see, I’m sorry but I haven’t checked master because I’m working on kirkstone right now, next time I’ll do it. > > No worries. If you don't catch it I probably will :-) > > BTW, I really appreciate your help with CVEs! > > Steve > >> >> Davide >> >> Il giorno 13 mag 2022, alle ore 17:53, Steve Sakoman <steve@sakoman.com> ha scritto: >> >> On Fri, May 13, 2022 at 3:35 AM Davide Gardenal >> <davidegarde2000@gmail.com> wrote: >> >> >> This minor version include fixes for several CVEs >> >> CVE: CVE-2022-1292 >> CVE: CVE-2022-1343 >> CVE: CVE-2022-1434 >> CVE: CVE-2022-1473 >> >> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> >> --- >> Updates: >> -v2 add kirkstone tag in the title >> >> >> Actually, since master is also at version 3.0.2 this patch will have >> to go to master first. I'll then backport it. >> >> In cases like this you should probably tag [master][kirkstone] so >> Richard and I both take notice. >> >> Steve >> >> --- >> .../openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> rename meta/recipes-connectivity/openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} (99%) >> >> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb >> similarity index 99% >> rename from meta/recipes-connectivity/openssl/openssl_3.0.2.bb >> rename to meta/recipes-connectivity/openssl/openssl_3.0.3.bb >> index a809666aa7..fd88ae807d 100644 >> --- a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb >> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb >> @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ >> file://environment.d-openssl.sh \ >> " >> >> -SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63" >> +SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" >> >> inherit lib_package multilib_header multilib_script ptest perlnative >> MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" >> -- >> 2.32.0 >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#165563): https://lists.openembedded.org/g/openembedded-core/message/165563 >> Mute This Topic: https://lists.openembedded.org/mt/91080703/3620601 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> >>
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.0.2.bb rename to meta/recipes-connectivity/openssl/openssl_3.0.3.bb index a809666aa7..fd88ae807d 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb @@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63" +SRC_URI[sha256sum] = "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
This minor version include fixes for several CVEs CVE: CVE-2022-1292 CVE: CVE-2022-1343 CVE: CVE-2022-1434 CVE: CVE-2022-1473 Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> --- Updates: -v2 add kirkstone tag in the title --- .../openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/openssl/{openssl_3.0.2.bb => openssl_3.0.3.bb} (99%)