From d10c1108d0e22f171ee2d0deb07a4191b3566dd1 Mon Sep 17 00:00:00 2001
From: Jeff Hatch <jhatch@multitech.com>
Date: Fri, 18 Mar 2022 13:08:03 -0500
Subject: Add OpenSSL 1.1.1n to override 1.1.1k for CVE-2022-0778

---
 recipes-connectivity/openssl/openssl/afalg.patch | 31 ++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 recipes-connectivity/openssl/openssl/afalg.patch

(limited to 'recipes-connectivity/openssl/openssl/afalg.patch')

diff --git a/recipes-connectivity/openssl/openssl/afalg.patch b/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 0000000..b7c0e96
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                disable('too-old-kernel', 'afalgeng');
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            disable('cross-compiling', 'afalgeng');
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         disable('not-linux', 'afalgeng');
+     }
-- 
cgit v1.2.3