Toradex Linux BSP 2.8 Updating openssl

I am using Linux BSP 2.8 on Colibri VF50. I am trying to update the openssl package for security reasons.

As I understand it, I have to patch the openssl package with patches from here:
http://cgit.openembedded.org/openembedded-core/log/meta/recipes-connectivity/openssl?h=master

Starting after patch “openssl: update 1.0.2n → 1.0.2o” and adding each patch, ending at “openssl: Upgrade 1.1.1c → 1.1.1d”

I have created an openssl folder in my layer and added an “openssl_1.0.2o.bbappend” file:

FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += " \
           file://001-fix-upstream-version-check-for-1.0-version.patch \
           "

I have then added the first patch “openssl: fix upstream version check for 1.0 version” by copying the text from here:

http://cgit.openembedded.org/openembedded-core/patch/meta/recipes-connectivity/openssl?id=50dc3283e39e85912cdbeb9e885dcd22011d4a51

and pasting it to file “/mylayer/openssl/files/001-fix-upstream-version-check-for-1.0-version.patch”.

On compiling, I get the following error output:

ERROR: openssl-1.0.2o-r0 do_patch: Command Error: 'quilt --quiltrc /opt/TORADEX_COLIBRI_VF_V2.8/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/openssl/1.0.2o-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0  Output:
Applying patch 001-fix-upstream-version-check-for-1.0-version.patch
can't find file to patch at input line 18
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From 50dc3283e39e85912cdbeb9e885dcd22011d4a51 Mon Sep 17 00:00:00 2001
|From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|Date: Thu, 17 May 2018 14:38:35 +0300
|Subject: openssl: fix upstream version check for 1.0 version
|
|Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|Signed-off-by: Ross Burton <ross.burton@intel.com>
|---
| meta/recipes-connectivity/openssl/openssl10.inc | 1 +
| 1 file changed, 1 insertion(+)
|
|(limited to 'meta/recipes-connectivity/openssl')
|
|diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
|index 645d64ec85..f7a8de823a 100644
|--- a/meta/recipes-connectivity/openssl/openssl10.inc
|+++ b/meta/recipes-connectivity/openssl/openssl10.inc
--------------------------
No file to patch.  Skipping patch.
1 out of 1 hunk ignored
Patch 001-fix-upstream-version-check-for-1.0-version.patch does not apply (enforce with -f)
ERROR: openssl-1.0.2o-r0 do_patch: Function failed: patch_do_patch
ERROR: Logfile of failure stored in: /opt/TORADEX_COLIBRI_VF_V2.8/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/openssl/1.0.2o-r0/temp/log.do_patch.5173
ERROR: Task (/opt/TORADEX_COLIBRI_VF_V2.8/build/../layers/openembedded-core/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb:do_patch) failed with exit code '1'
ERROR: openssl-native-1.0.2o-r0 do_patch: Command Error: 'quilt --quiltrc /opt/TORADEX_COLIBRI_VF_V2.8/build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2o-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0  Output:
Applying patch 001-fix-upstream-version-check-for-1.0-version.patch
can't find file to patch at input line 18
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From 50dc3283e39e85912cdbeb9e885dcd22011d4a51 Mon Sep 17 00:00:00 2001
|From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|Date: Thu, 17 May 2018 14:38:35 +0300
|Subject: openssl: fix upstream version check for 1.0 version
|
|Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|Signed-off-by: Ross Burton <ross.burton@intel.com>
|---
| meta/recipes-connectivity/openssl/openssl10.inc | 1 +
| 1 file changed, 1 insertion(+)
|
|(limited to 'meta/recipes-connectivity/openssl')
|
|diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
|index 645d64ec85..f7a8de823a 100644
|--- a/meta/recipes-connectivity/openssl/openssl10.inc
|+++ b/meta/recipes-connectivity/openssl/openssl10.inc
--------------------------
No file to patch.  Skipping patch.
1 out of 1 hunk ignored
Patch 001-fix-upstream-version-check-for-1.0-version.patch does not apply (enforce with -f)
ERROR: openssl-native-1.0.2o-r0 do_patch: Function failed: patch_do_patch
ERROR: Logfile of failure stored in: /opt/TORADEX_COLIBRI_VF_V2.8/build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2o-r0/temp/log.do_patch.4060
ERROR: Task (virtual:native:/opt/TORADEX_COLIBRI_VF_V2.8/build/../layers/openembedded-core/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb:do_patch) failed with exit code '1'

I am a Yocto/Openembedded newby and not sure what I am doing wrong. Any guidance will be appreciated.

hi @ashinton

I am trying to update the openssl package for security reasons.

What security issues are you having?

The Bsp 2.8 is based on rocko branch so the included openssl should have the version 1.1.0h. Which version do you want to install?

Best regards,
Jaski

Hi Jaski,
Openssl 1.1.0 series went out of support on 11th September 2019. All users of 1.0.2 and 1.1.0 are recommended to upgrade to 1.1.1.
So, ideally, I suspect most users of openssl would want to get to the latest 1.1.1d version.

Hi

Thanks for your Input. I will check this internally and come back to you soon.

Best regards,
Jaski