aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2021-03-26openssl: Fix various CVEsHEADmasterMark Hatle
Fix CVE-2021-23839 Backport from OpenSSL 1.1.1 Fix CVE-2021-23840 Fix CVE-2021-23841 Patches are from openssl_1.0.2g-1ubuntu4.19.debian.tar.xz Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2021-03-26layer.conf: Support hardknottMark Hatle
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2021-01-07layer.conf: Set to gatesgarthMark Hatle
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2021-01-07openssl: Add fixes for CVE-2020-1968 and CVE-2020-1971Mark Hatle
Fixed sourced from: openssl1.0_1.0.2n-1ubuntu5.5.debian.tar.xz Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2020-06-09conf/layer.conf: Set layer compatible with dunfellFabio Berton
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
2019-12-21openssl: Update to OpenSSL 1.0.2u (CVE-2019-1551)Mark Hatle
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2019-11-23conf/layer.conf: Add zeus to LAYERSERIES_COMPATHongxu Jia
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2019-09-16openssl: Update to OpenSSL 1.0.2tMark Hatle
See: https://www.openssl.org/news/openssl-1.0.2-notes.html Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547) Document issue with installation paths in diverse Windows builds (CVE-2019-1552) Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
2019-09-16Prep for Yocto Project submissionMark Hatle
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-09-16conf/layer.conf: add meta-openssl-one-zero-two-dl to LAYERRECOMMENDSHongxu Jia
Issue: LIN1019-2416 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
2019-08-26template.conf: Add whitelisting of openssl from this layerMark Hatle
Issue: LIN1019-2231 Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-08-26templates: rename features to featureMark Hatle
Issue: LIN1019-2229 Fix an issue w/ the original implementation to match other WR layers. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-26openssl: Fix missing conf file, add a way to disable weak cryptoMark Hatle
Note, disabling weak crypto may cause issues with linking with the FIPS module -- as well as other protocols that may require the weak crypto. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21feature/openssl102: Add a feature template to enable this preferred versionMark Hatle
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21openssl_1.0.2s: Uprev from r to sMark Hatle
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21openssl: move patches to common openssl directoryMark Hatle
This should make things easier to manage in the future. Let rename commits. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21openssl_1.0.2r: Add lib_package inheritMark Hatle
oe-core openssl_1.1.1 has this inherit which created the openssl-bin package. This is needed for compatibility. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21openssl10: Upgrade 1.0.2q -> 1.0.2rOtavio Salvador
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: 31b0f25026145b81aca2b58aada2dbc7c8b0e420) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21openssl10: Fix mutliple include assumptions for des.h in opensslconf.hDenys Dmytriyenko
The fix is heavily based on Khem's previous fix for bn.h/BN_LLONG breakage: https://git.openembedded.org/openembedded-core/commit/?id=f787b0bb9b0626ddbf2ac94cb206c76716a3773d Signed-off-by: Denys Dmytriyenko <denys@ti.com> Cc: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: 914e1520bf9c45e14bce9993c9131a2c0702b9c9) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-21openssl10: Fix mutliple include assumptions for bn.h in opensslconf.hKhem Raj
After adding #pragma once to wrapper header ( opensslconf.h ) this latent issue got to bite us, where it expect bn.h to be including openssl.h to define BN_* defines, which is fragile. This patch removes the contraints for nested includes for bn.h Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: f787b0bb9b0626ddbf2ac94cb206c76716a3773d) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19apr/openssl10: Enable ccache for themRobert Yang
They work well now. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> (oe-core commit: 5514c6c136b4ea48cba7edb0831eb12e1870d7d2) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl: Skip assembler optimized code for powerpc64 with muslSerhey Popovych
This code is written for elfv1 ABI in mind and linked as such: disable all optimizations at the moment when building for powerpc64 with musl. Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: bee9e807430178426b2a5635b573ae285e889c39) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl10: update to 1.0.2qAlexander Kanavin
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: 03149ca307282c22dd9ceb6fe3224bf586b03f6d) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl: fix CVE-2018-0734 for both 1.0.2p and 1.1.1Kai Kang
Backport patches to fix CVE-2018-0734 for both openssl 1.0.2p and 1.1.1 versions. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: 9d5c6a87eb72a8b8b8d417126a831565982ca9a6) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl10: remove extra slash from libdir pathMikko Rapeli
The configure script ended up creating Makefile with LIBDIR=/lib which got leaked into various places including all pkg-config .pc files where lines like (note the double slash //): libdir=${exec_prefix}//lib ... Libs: -L${libdir} -lcrypto which causes pkg-config --libs to include the full absolute path to the recipe specific sysroot. This isn't a big problem until something like CMake projects start generating their own .cmake modules using this absolute path and exposing them to sysroots of other bitbake recipes thus escaping their recipe specific sysroots. Then the fun begins when these users of the .cmake module start to randomly fail builds with error messages like: /home/builder/src/base/build/tmp/work/corei7-64-linux/package/1.0-r0/recipe-sysroot-native/usr/bin/x86_64-linux/../../libexec/x86_64-linux/gcc/x86_64-linux/7.3.0/ld: cannot find /lib/libpthread.so.0 /home/builder/src/base/build/tmp/work/corei7-64-linux/package/1.0-r0/recipe-sysroot-native/usr/bin/x86_64-linux/../../libexec/x86_64-linux/gcc/x86_64-linux/7.3.0/ld: cannot find /usr/lib/libpthread_nonshared.a collect2: error: ld returned 1 exit status ninja: build stopped: subcommand failed. WARNING: exit code 1 from a shell command. As luck has it, this problem goes away by recompiling the recipes alone but repeats with multiple recipes here and there when full images are build. A careful inspection of multi page linker command lines shows that some linker paramaters point to libraries in a different recipes sysroot than what bitbake was building when the task failed. So, fix is to remove this one extra slash from openssl library path configuration option. This changes openssl Makefile to have: LIBDIR=lib and all users of LIBDIR variable in the Makefile are already adding slashes as path separators if that is needed. With this the generated .pc files have: libdir=${exec_prefix}/lib and pkg-config --libs knows to strip the already default sysroot path away. This then fixes the generated .cmake files to not include these absolute paths and fixes the random build failures when building images. Thanks to Thomas, Michael and Ross for debugging support! Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Cc: Thomas Witt <thomas.witt@bmw.de> Cc: Michael Ho <michael.ho@bmw.de> Cc: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: d286e91bbdcecef16153313fe5e1e0e0cb469612) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl: Add support for ARCAlexey Brodkin
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (oe-core: 479d0e0d1002c025c9cbb0f03ed038c3feba44a7) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl10: fix compile error for debian-mips64Changqing Li
Current configuration for debian-mips64 is not correct, 'SIXTY_FOUR_BIT_LONG' need to be specified. otherwise, it will cause other recipe like crda compile failed since use default THIRTY_TWO_BIT mode. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (oe-core: 68f82ceb289149885eb0b04547cb4f79a680183b) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl: remove dependency on relative_symlinks classAndre McCurdy
Although the relative_symlinks class converts any absolute symlinks in ${D} into relative symlinks automatically, it's a little clearer to create relative symlinks directly where possible. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: 959b4d30b5b11e4a098654b0d4469bbdf01b3812) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl: minor reformatting to align the 1.0 and 1.1 recipesAndre McCurdy
Formatting and comment tweaks only, no functional changes. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: 06da559b5becee1b5fcc2263f6edd95f6d305fc2) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl: consolidate target name mapping rulesAndre McCurdy
Merge duplicates + minor reformatting (no functional changes). Note that the openssl 1.1 recipe still needs to be updated to handle MIPS Release 6 ISA targets (e.g. linux-mipsisa32r6, etc). Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (oe-core: bdc9e773c240716c2e2a60ca5d4313cfaa6188b1) Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl_1.0.2p: Remove the openssl10 changesMark Hatle
Since this will be the primary openssl, we don't need the openssl10 components. This can cause compatibility issues if we don't have another OpenSSL version. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19openssl_1.0.2p: Copy in latest sumo version, the last YP versionMark Hatle
Bring in OpenSSL 1.0.2p: repo: git://git.openembedded.org/openembedded-core branch: sumo commit: 84233553e963e26ca5f9f983662d4bd133176bb9 Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2019-06-19Initial layer commitMark Hatle
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>