reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
new file mode 100644
index 0000000..394aa16
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool/0001-Migrate-to-openssl-1.1.patch
@@ -0,0 +1,152 @@
+From c9dcb6afef9c343d070aaff208d11a997a45a105 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 5 Sep 2018 22:19:38 -0700
+Subject: [PATCH] Migrate to openssl 1.1
+
+Upstream-Status: Backport [https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/plugins/lanplus/lanplus_crypt_impl.c | 50 ++++++++++++++----------
+ 1 file changed, 29 insertions(+), 21 deletions(-)
+
+diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
+index d5fac37..9652a5e 100644
+--- a/src/plugins/lanplus/lanplus_crypt_impl.c
++++ b/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++ EVP_CIPHER_CTX *ctx = NULL;
+
+ *bytes_written = 0;
+
+@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ printbuf(input, input_length, "encrypting this data");
+ }
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ /*
+ * The default implementation adds a whole block of padding if the input
+@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+ uint32_t tmplen;
+
+- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+ }
+
+
+@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++ EVP_CIPHER_CTX *ctx = NULL;
+
+ if (verbose >= 5)
+ {
+@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ printbuf(input, input_length, "decrypting this data");
+ }
+
+-
+ *bytes_written = 0;
+
+ if (input_length == 0)
+ return;
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ /*
+ * The default implementation adds a whole block of padding if the input
+ * data is perfectly aligned. We would like to keep that from happening.
+@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+ uint32_t tmplen;
+
+- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ char buffer[1000];
+ ERR_error_string(ERR_get_error(), buffer);
+ lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+
+ if (verbose >= 5)
+ {
diff --git a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
index 9f73d27..b7f1aa9 100644
--- a/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
+++ b/meta-openembedded/meta-oe/recipes-kernel/ipmitool/ipmitool_1.8.18.bb
@@ -22,7 +22,9 @@
DEPENDS = "openssl readline ncurses"
-SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2"
+SRC_URI = "${SOURCEFORGE_MIRROR}/ipmitool/ipmitool-${PV}.tar.bz2 \
+ file://0001-Migrate-to-openssl-1.1.patch \
+ "
SRC_URI[md5sum] = "bab7ea104c7b85529c3ef65c54427aa3"
SRC_URI[sha256sum] = "0c1ba3b1555edefb7c32ae8cd6a3e04322056bc087918f07189eeedfc8b81e01"