| Message ID | 20251006081341.3653614-1-archana.polampalli@windriver.com |
|---|---|
| State | Under Review |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone,1/1] openssl: upgrade 3.0.17 -> 3.0.18 | expand |
I have sent out another patch which also refreshed patches. Here I'd like to ask the maintainers regarding patch refresh policy. Should I be doing it also when the do_patch does not report any fuzz, only when some line numbers moved a bit? Peter > -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Polampalli, Archana via > lists.openembedded.org > Sent: Monday, October 6, 2025 10:14 > To: openembedded-core@lists.openembedded.org > Subject: [oe-core][kirkstone][PATCH 1/1] openssl: upgrade 3.0.17 -> 3.0.18 > > From: Archana Polampalli <archana.polampalli@windriver.com> > > This release incorporates the following bug fixes and mitigations: > Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) > Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) > > Changelog: > https://github.com/openssl/openssl/blob/openssl-3.0.18/NEWS.md#openssl-30 > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > .../openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => > openssl_3.0.18.bb} (99%) > > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb b/meta/recipes- > connectivity/openssl/openssl_3.0.18.bb > similarity index 99% > rename from meta/recipes-connectivity/openssl/openssl_3.0.17.bb > rename to meta/recipes-connectivity/openssl/openssl_3.0.18.bb > index a50bd2edbf..a8dd338327 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.18.bb > @@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = > "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce" > +SRC_URI[sha256sum] = > "d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b" > > inherit lib_package multilib_header multilib_script ptest perlnative > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > -- > 2.40.0
On Mon, Oct 6, 2025 at 2:52 AM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > I have sent out another patch which also refreshed patches. > Here I'd like to ask the maintainers regarding patch refresh policy. > Should I be doing it also when the do_patch does not report any fuzz, only when some line numbers moved a bit? Definitely eliminate fuzz, but if the patches apply I'm not too concerned about line numbers moving a bit. However I notice that your version of this patch also changed the content of one of the patches (CVE-2024-41996.patch). Was this intentional? Steve > > Peter > > > -----Original Message----- > > From: openembedded-core@lists.openembedded.org <openembedded- > > core@lists.openembedded.org> On Behalf Of Polampalli, Archana via > > lists.openembedded.org > > Sent: Monday, October 6, 2025 10:14 > > To: openembedded-core@lists.openembedded.org > > Subject: [oe-core][kirkstone][PATCH 1/1] openssl: upgrade 3.0.17 -> 3.0.18 > > > > From: Archana Polampalli <archana.polampalli@windriver.com> > > > > This release incorporates the following bug fixes and mitigations: > > Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) > > Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) > > > > Changelog: > > https://github.com/openssl/openssl/blob/openssl-3.0.18/NEWS.md#openssl-30 > > > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > > --- > > .../openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => > > openssl_3.0.18.bb} (99%) > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb b/meta/recipes- > > connectivity/openssl/openssl_3.0.18.bb > > similarity index 99% > > rename from meta/recipes-connectivity/openssl/openssl_3.0.17.bb > > rename to meta/recipes-connectivity/openssl/openssl_3.0.18.bb > > index a50bd2edbf..a8dd338327 100644 > > --- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb > > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.18.bb > > @@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \ > > file://environment.d-openssl.sh \ > > " > > > > -SRC_URI[sha256sum] = > > "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce" > > +SRC_URI[sha256sum] = > > "d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b" > > > > inherit lib_package multilib_header multilib_script ptest perlnative > > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > > -- > > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#224472): https://lists.openembedded.org/g/openembedded-core/message/224472 > Mute This Topic: https://lists.openembedded.org/mt/115613876/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
> -----Original Message----- > From: Steve Sakoman <steve@sakoman.com> > Sent: Monday, October 6, 2025 17:51 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > Cc: archana.polampalli@windriver.com; openembedded- > core@lists.openembedded.org > Subject: Re: [oe-core][kirkstone][PATCH 1/1] openssl: upgrade 3.0.17 -> 3.0.18 > > On Mon, Oct 6, 2025 at 2:52 AM Peter Marko via lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > I have sent out another patch which also refreshed patches. > > Here I'd like to ask the maintainers regarding patch refresh policy. > > Should I be doing it also when the do_patch does not report any fuzz, only when > some line numbers moved a bit? > > Definitely eliminate fuzz, but if the patches apply I'm not too > concerned about line numbers moving a bit. > > However I notice that your version of this patch also changed the > content of one of the patches (CVE-2024-41996.patch). Was this > intentional? > > Steve That's what devtool did and I assessed it as correct change. It looks like the patch was not 100% per specification as patch needs to have leading "+", "-" or " ". Probably patch edited manually and editor stripped the space due to editorconfig? Peter > > > > > Peter > > > > > -----Original Message----- > > > From: openembedded-core@lists.openembedded.org <openembedded- > > > core@lists.openembedded.org> On Behalf Of Polampalli, Archana via > > > lists.openembedded.org > > > Sent: Monday, October 6, 2025 10:14 > > > To: openembedded-core@lists.openembedded.org > > > Subject: [oe-core][kirkstone][PATCH 1/1] openssl: upgrade 3.0.17 -> 3.0.18 > > > > > > From: Archana Polampalli <archana.polampalli@windriver.com> > > > > > > This release incorporates the following bug fixes and mitigations: > > > Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) > > > Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) > > > > > > Changelog: > > > https://github.com/openssl/openssl/blob/openssl-3.0.18/NEWS.md#openssl-30 > > > > > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > > > --- > > > .../openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => > > > openssl_3.0.18.bb} (99%) > > > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb > b/meta/recipes- > > > connectivity/openssl/openssl_3.0.18.bb > > > similarity index 99% > > > rename from meta/recipes-connectivity/openssl/openssl_3.0.17.bb > > > rename to meta/recipes-connectivity/openssl/openssl_3.0.18.bb > > > index a50bd2edbf..a8dd338327 100644 > > > --- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb > > > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.18.bb > > > @@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \ > > > file://environment.d-openssl.sh \ > > > " > > > > > > -SRC_URI[sha256sum] = > > > "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce" > > > +SRC_URI[sha256sum] = > > > "d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b" > > > > > > inherit lib_package multilib_header multilib_script ptest perlnative > > > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > > > -- > > > 2.40.0 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#224472): https://lists.openembedded.org/g/openembedded- > core/message/224472 > > Mute This Topic: https://lists.openembedded.org/mt/115613876/3620601 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub > [steve@sakoman.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb b/meta/recipes-connectivity/openssl/openssl_3.0.18.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.0.17.bb rename to meta/recipes-connectivity/openssl/openssl_3.0.18.bb index a50bd2edbf..a8dd338327 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.17.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.18.bb @@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce" +SRC_URI[sha256sum] = "d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"