From 0d19caefeeca14f44c80ccb716c30b17f14255a5 Mon Sep 17 00:00:00 2001 From: Andrej Valek Date: Thu, 16 Aug 2018 14:27:57 +0200 Subject: openssl: update 1.1.0h -> 1.1.0i Please see this security advisory: https://www.openssl.org/news/secadv/20180612.txt Remove obsolete patch. Signed-off-by: Andrej Valek Signed-off-by: Richard Purdie --- ...-dofile.pl-only-quote-stuff-that-actually.patch | 29 ---- .../recipes-connectivity/openssl/openssl_1.1.0h.bb | 193 --------------------- .../recipes-connectivity/openssl/openssl_1.1.0i.bb | 192 ++++++++++++++++++++ 3 files changed, 192 insertions(+), 222 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb create mode 100644 meta/recipes-connectivity/openssl/openssl_1.1.0i.bb (limited to 'meta/recipes-connectivity/openssl') diff --git a/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch b/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch deleted file mode 100644 index 81a9b2d060..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch +++ /dev/null @@ -1,29 +0,0 @@ -openssl-1.1.0h: Fix c_rehash perl errors - -[No upstream tracking] -- https://github.com/openssl/openssl/issues/5772 - -dofile.pl: Revert only quote stuff that actually needs quoting - -This wasn't a good solution, too many things depend on the quotes being -there consistently. - -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/00701e5ea84861b74d9d624f21a6b3fcb12e8acd] -bug: 5772 -Signed-off-by: Andrej Valek - -diff --git a/util/dofile.pl b/util/dofile.pl -index 955224df7d..b0e20681dd 100644 ---- a/util/dofile.pl -+++ b/util/dofile.pl -@@ -99,9 +99,9 @@ package main; - # This adds quotes (") around the given string, and escapes any $, @, \, - # " and ' by prepending a \ to them. - sub quotify1 { -- my $s = my $orig = shift @_; -+ my $s = shift @_; - $s =~ s/([\$\@\\"'])/\\$1/g; -- $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s; -+ '"'.$s.'"'; - } - - # quotify_l LIST diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb deleted file mode 100644 index 8b3d92203f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb +++ /dev/null @@ -1,193 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl | SSLeay" dual license -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ - file://0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24" -SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517" - -inherit lib_package multilib_header ptest relative_symlinks - -#| engines/afalg/e_afalg.c: In function 'eventfd': -#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function) -#| return syscall(__NR_eventfd, n); -#| ^~~~~~~~~~~~ -EXTRA_OECONF_append_aarch64 = " no-afalgeng" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm) - target=linux-armv4 - ;; - linux-armeb) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-sh3) - target=linux-generic32 - ;; - linux-sh4) - target=linux-generic32 - ;; - linux-i486) - target=linux-elf - ;; - linux-i586 | linux-viac3) - target=linux-elf - ;; - linux-i686) - target=linux-elf - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-mipsel) - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64) - target=linux64-mips64 - ;; - linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze*|linux-nios2*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-supersparc) - target=linux-sparcv9 - ;; - linux-sparc) - target=linux-sparcv9 - ;; - darwin-i386) - target=darwin-i386-cc - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - libdirleaf="$(echo ${libdir} | sed s:$useprefix::)" - perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=$libdirleaf $target -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for PATH hard-coded packages like ca-certificates - # Debian is also using this technique - install -d ${D}${sysconfdir}/ssl/ - mv ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - \ - ${D}${sysconfdir}/ssl/ - ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs - ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private - ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - # Install a custom version of c_rehash that can handle sysroots properly. - # This version is used for example when installing ca-certificates during - # image creation. - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -do_install_ptest() { - cp -r * ${D}${PTEST_PATH} - - # Putting .so files in ptest package will mess up the dependencies of the main openssl package - # so we rename them to .so.ptest and patch the test accordingly - mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest - mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest - sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t -} - -PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" -FILES_${PN}-engines = "${libdir}/engines-1.1" - -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" - -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf ${libdir}/ssl-1.1/openssl.cnf" -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -RRECOMMENDS_libcrypto += "openssl-conf" - -RDEPENDS_${PN}-bin = "perl" -RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb new file mode 100644 index 0000000000..7929d81b45 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb @@ -0,0 +1,192 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[md5sum] = "9495126aafd2659d357ea66a969c3fe1" +SRC_URI[sha256sum] = "ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99" + +inherit lib_package multilib_header ptest relative_symlinks + +#| engines/afalg/e_afalg.c: In function 'eventfd': +#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function) +#| return syscall(__NR_eventfd, n); +#| ^~~~~~~~~~~~ +EXTRA_OECONF_append_aarch64 = " no-afalgeng" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-sh3) + target=linux-generic32 + ;; + linux-sh4) + target=linux-generic32 + ;; + linux-i486) + target=linux-elf + ;; + linux-i586 | linux-viac3) + target=linux-elf + ;; + linux-i686) + target=linux-elf + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-mipsel) + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64) + target=linux64-mips64 + ;; + linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze*|linux-nios2*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-supersparc) + target=linux-sparcv9 + ;; + linux-sparc) + target=linux-sparcv9 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + libdirleaf="$(echo ${libdir} | sed s:$useprefix::)" + perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=$libdirleaf $target +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for PATH hard-coded packages like ca-certificates + # Debian is also using this technique + install -d ${D}${sysconfdir}/ssl/ + mv ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + \ + ${D}${sysconfdir}/ssl/ + ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs + ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + # Install a custom version of c_rehash that can handle sysroots properly. + # This version is used for example when installing ca-certificates during + # image creation. + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +do_install_ptest() { + cp -r * ${D}${PTEST_PATH} + + # Putting .so files in ptest package will mess up the dependencies of the main openssl package + # so we rename them to .so.ptest and patch the test accordingly + mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest + mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest + sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t +} + +PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" +FILES_${PN}-engines = "${libdir}/engines-1.1" + +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" + +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf ${libdir}/ssl-1.1/openssl.cnf" +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +RRECOMMENDS_libcrypto += "openssl-conf" + +RDEPENDS_${PN}-bin = "perl" +RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python" + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg