From: Peter Marko <peter.marko@siemens.com>
Date: Tue, 11 Feb 2025 18:37:33 +0000 (+0100)
Subject: openssl: upgrade 3.4.0 -> 3.4.1
X-Git-Tag: yocto-5.2~504
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d7ac886d91ccf6b91f67fb0c843fc1765d9dafb1;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

openssl: upgrade 3.4.0 -> 3.4.1

Release information:
https://github.com/openssl/openssl/blob/openssl-3.4/NEWS.md#major-changes-between-openssl-340-and-openssl-341-11-feb-2025

Handles CVE-2024-12797 and CVE-2024-13176.

Remove two patches included in the new version.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch
deleted file mode 100644
index 0ec8c937483..00000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Fix-builds-on-riscv64-using-musl.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9131291716073c4ea65a29575880a9d796c22ed6 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 23 Oct 2024 14:57:20 +0100
-Subject: [PATCH] Fix builds on riscv64 using musl
-
-Some environments using musl are reported to have the hwprobe.h include
-file but not have the __NR_riscv_hwprobe define.
-
-Fixes #25772
-
-Upstream-Status: Backport [https://github.com/openssl/openssl/pull/25787]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- include/crypto/riscv_arch.h | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/include/crypto/riscv_arch.h b/include/crypto/riscv_arch.h
-index 4b3573f..8858427 100644
---- a/include/crypto/riscv_arch.h
-+++ b/include/crypto/riscv_arch.h
-@@ -15,7 +15,14 @@
- 
- # if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE)
- #  if __has_include(<asm/hwprobe.h>)
--#   define OSSL_RISCV_HWPROBE
-+#   include <sys/syscall.h>
-+#   /*
-+     * Some environments using musl are reported to have the hwprobe.h include
-+     * file but not have the __NR_riscv_hwprobe define.
-+     */
-+#   ifdef __NR_riscv_hwprobe
-+#    define OSSL_RISCV_HWPROBE
-+#   endif
- #  endif
- # endif
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch
deleted file mode 100644
index f9773a6183d..00000000000
--- a/meta/recipes-connectivity/openssl/openssl/aarch64-regs.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 3ad2277e4522d363ae31a1888531915bb68964dc Mon Sep 17 00:00:00 2001
-From: Julian Andres Klode <julian.klode@canonical.com>
-Date: Sat, 18 Jan 2025 21:12:45 +0100
-Subject: [PATCH] Restore correct registers in aarch64 AES-CTR code
-
-Commit 1d1ca79fe35dbe5c05faed5a2ef8c4de9c5adc49 introduced
-save and restore for the registers, saving them as
-
-	stp		d8,d9,[sp, #16]
-	stp		d10,d11,[sp, #32]
-	stp		d12,d13,[sp, #48]
-	stp		d14,d15,[sp, #64]
-
-But the restore code was inadvertently typoed:
-
-	ldp		d8,d9,[sp, #16]
-	ldp		d10,d11,[sp, #32]
-	ldp		d12,d13,[sp, #48]
-	ldp		d15,d16,[sp, #64]
-
-Restoring [sp, #64] into d15,d16 instead of d14,d15.
-
-Fixes: #26466
-
-CLA: trivial
-
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Paul Dale <ppzgs1@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/26469)
-
-(cherry picked from commit 5261f3ca41cda7ad5767e399e9a2dc008bbad5d6)
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- crypto/aes/asm/aesv8-armx.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index 33a2dd53dae19..dc019b04ccd25 100755
---- a/crypto/aes/asm/aesv8-armx.pl
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -2493,7 +2493,7 @@ ()
- 	ldp		d8,d9,[sp, #16]
- 	ldp		d10,d11,[sp, #32]
- 	ldp		d12,d13,[sp, #48]
--	ldp		d15,d16,[sp, #64]
-+	ldp		d14,d15,[sp, #64]
- 	ldr		x29,[sp],#80
- 	ret
- .size	${prefix}_ctr32_encrypt_blocks_unroll12_eor3,.-${prefix}_ctr32_encrypt_blocks_unroll12_eor3
diff --git a/meta/recipes-connectivity/openssl/openssl_3.4.0.bb b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.4.0.bb
rename to meta/recipes-connectivity/openssl/openssl_3.4.1.bb
index cc413e39ba5..ec7688b7af9 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.4.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
@@ -12,15 +12,13 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
            file://0001-Added-handshake-history-reporting-when-test-fails.patch \
-           file://0001-Fix-builds-on-riscv64-using-musl.patch \
-           file://aarch64-regs.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf"
+SRC_URI[sha256sum] = "002a2d6b30b58bf4bea46c43bdd96365aaf8daa6c428782aa4feee06da197df3"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"