diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-connectivity/openssl')
42 files changed, 845 insertions, 208 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch index a24918000..557434fcb 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2m/debian/version-script.patch @@ -1,3 +1,6 @@ + +Upstream-Status: Inappropriate + Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure =================================================================== --- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-build-with-clang-using-external-assembler.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch index 2270962a6..2270962a6 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Fix-build-with-clang-using-external-assembler.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-Fix-build-with-clang-using-external-assembler.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch new file mode 100644 index 000000000..dd1a9b1dd --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/0001-openssl-force-soft-link-to-avoid-rare-race.patch @@ -0,0 +1,46 @@ +From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001 +From: Randy MacLeod <Randy.MacLeod@windriver.com> +Date: Tue, 20 Jun 2017 15:32:08 -0400 +Subject: [PATCH] openssl: Force soft link to avoid rare race + +This patch works around a rare parallel build race condition. +The error seen is: + +ln: failed to create symbolic link 'libssl.so': File exists +make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 +make[4]: Leaving directory +'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' + +The openssl team is rewriting their build files so it's not +appropriate for openssl upstream and fixing the root cause of +the Makefile race condition was also not pursued. + +Upstream-Status: Inappropriate [build rules rewrite in progress] +Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> +--- + Makefile.shared | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.shared b/Makefile.shared +index e8d222a..1bff92f 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -118,14 +118,14 @@ + if [ -n "$$SHLIB_COMPAT" ]; then \ + for x in $$SHLIB_COMPAT; do \ + ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ +- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ ++ ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ + prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ + [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ +- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ ++ ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ + fi + +-- +2.9.3 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch index 249446a5b..2122fa1fb 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Makefiles-ptest.patch @@ -1,15 +1,28 @@ +From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001 +From: Anders Roxell <anders.roxell@enea.com> +Date: Thu, 24 Apr 2014 19:28:25 +0200 +Subject: [PATCH 19/28] openssl: enable ptest support + Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests cross-compiled. Signed-off-by: Anders Roxell <anders.roxell@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Upstream-Status: Pending + --- -Index: openssl-1.0.2/Makefile.org -=================================================================== ---- openssl-1.0.2.orig/Makefile.org -+++ openssl-1.0.2/Makefile.org -@@ -451,8 +451,16 @@ rehash.time: certs apps + Makefile.org | 10 +- + Makefile.org.orig | 7 +- + test/Makefile | 13 +- + test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 1009 insertions(+), 8 deletions(-) + create mode 100644 test/Makefile.orig + +diff --git a/Makefile.org b/Makefile.org +index 111fbba..8e7936c 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -468,8 +468,16 @@ rehash.time: certs apps test: tests tests: rehash @@ -27,11 +40,11 @@ Index: openssl-1.0.2/Makefile.org OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a report: -Index: openssl-1.0.2/test/Makefile -=================================================================== ---- openssl-1.0.2.orig/test/Makefile -+++ openssl-1.0.2/test/Makefile -@@ -137,7 +137,7 @@ tests: exe apps $(TESTS) +diff --git a/test/Makefile b/test/Makefile +index a1f7eeb..b2984c4 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -150,7 +150,7 @@ tests: exe apps $(TESTS) apps: @(cd ..; $(MAKE) DIRS=apps all) @@ -40,9 +53,9 @@ Index: openssl-1.0.2/test/Makefile test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_md2 test_mdc2 test_wp \ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ -@@ -148,6 +148,11 @@ alltests: \ - test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time +@@ -162,6 +162,11 @@ alltests: \ + test_constant_time test_verify_extra test_clienthello test_sslv2conftest \ + test_dtls test_bad_dtls test_fatalerr +alltests: + @(for i in $(all-tests); do \ @@ -52,7 +65,7 @@ Index: openssl-1.0.2/test/Makefile test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt -@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 +@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe echo test second x509v3 certificate sh ./tx509 v3-cert2.pem 2>/dev/null @@ -61,7 +74,7 @@ Index: openssl-1.0.2/test/Makefile @sh ./trsa 2>/dev/null ../util/shlib_wrap.sh ./$(RSATEST) -@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test +@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh sh ./testtsa; \ fi @@ -75,3 +88,6 @@ Index: openssl-1.0.2/test/Makefile @echo "Test JPAKE" ../util/shlib_wrap.sh ./$(JPAKETEST) +-- +2.15.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch index 58c9ee784..58c9ee784 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/Use-SHA256-not-MD5-as-default-digest.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch index 613dc7b71..f357b3f59 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-musl-target.patch @@ -16,10 +16,8 @@ Index: openssl-1.0.2a/Configure "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, # if no -march was specified at command line. mips32 and mips64 below -@@ -504,6 +504,8 @@ my %table=( +@@ -504,4 +504,6 @@ my %table=( "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch index 691e74afb..1e0158972 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/configure-targets.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/configure-targets.patch @@ -11,7 +11,7 @@ Index: openssl-1.0.2a/Configure =================================================================== --- openssl-1.0.2a.orig/Configure +++ openssl-1.0.2a/Configure -@@ -443,6 +443,23 @@ my %table=( +@@ -443,6 +443,21 @@ my %table=( "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", @@ -21,8 +21,6 @@ Index: openssl-1.0.2a/Configure +"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch index 68e54d561..68e54d561 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/c_rehash-compat.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch index fb745e439..fb745e439 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/ca.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch index 39d432818..39d432818 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/debian-targets.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch index 4085e3b1d..4085e3b1d 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-dir.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch index 21c1d1a4e..21c1d1a4e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/man-section.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch index 1ccb3b86e..1ccb3b86e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-rpath.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch index cc4408ab7..cc4408ab7 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/no-symbolic.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch index bfda3888b..bfda3888b 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/pic.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian/pic.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch index c43bcd1c7..c43bcd1c7 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_digicert_malaysia.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch index d81e22cd8..d81e22cd8 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/block_diginotar.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch index f9cdfec87..09dd9eaf8 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/soname.patch @@ -1,3 +1,5 @@ +Upstream-Status: Inappropriate + Index: openssl-1.0.2d/crypto/opensslv.h =================================================================== --- openssl-1.0.2d.orig/crypto/opensslv.h diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch index 29f11a288..e404ee331 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/debian1.0.2/version-script.patch @@ -1,3 +1,5 @@ +Upstream-Status: Inappropriate + Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure =================================================================== --- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch index a5746483e..a5746483e 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/engines-install-in-libdir-ssl.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl index 8e1b42c88..8e1b42c88 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/find.pl +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/find.pl diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch index 292e13dc5..292e13dc5 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/oe-ldflags.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch index 1e5bfa17d..1e5bfa17d 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-1.0.2a-x32-asm.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh new file mode 100644 index 000000000..6620fdcb5 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-c_rehash.sh @@ -0,0 +1,222 @@ +#!/bin/sh +# +# Ben Secrest <blsecres@gmail.com> +# +# sh c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. +# +# based on the c_rehash perl script distributed with openssl +# +# LICENSE: See OpenSSL license +# ^^acceptable?^^ +# + +# default certificate location +DIR=/etc/openssl + +# for filetype bitfield +IS_CERT=$(( 1 << 0 )) +IS_CRL=$(( 1 << 1 )) + + +# check to see if a file is a certificate file or a CRL file +# arguments: +# 1. the filename to be scanned +# returns: +# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} +# +check_file() +{ + local IS_TYPE=0 + + # make IFS a newline so we can process grep output line by line + local OLDIFS=${IFS} + IFS=$( printf "\n" ) + + # XXX: could be more efficient to have two 'grep -m' but is -m portable? + for LINE in $( grep '^-----BEGIN .*-----' ${1} ) + do + if echo ${LINE} \ + | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' + then + IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) + + if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] + then + break + fi + elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' + then + IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) + + if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] + then + break + fi + fi + done + + # restore IFS + IFS=${OLDIFS} + + return ${IS_TYPE} +} + + +# +# use openssl to fingerprint a file +# arguments: +# 1. the filename to fingerprint +# 2. the method to use (x509, crl) +# returns: +# none +# assumptions: +# user will capture output from last stage of pipeline +# +fingerprint() +{ + ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' +} + + +# +# link_hash - create links to certificate files +# arguments: +# 1. the filename to create a link for +# 2. the type of certificate being linked (x509, crl) +# returns: +# 0 on success, 1 otherwise +# +link_hash() +{ + local FINGERPRINT=$( fingerprint ${1} ${2} ) + local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) + local SUFFIX=0 + local LINKFILE='' + local TAG='' + + if [ ${2} = "crl" ] + then + TAG='r' + fi + + LINKFILE=${HASH}.${TAG}${SUFFIX} + + while [ -f ${LINKFILE} ] + do + if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] + then + echo "NOTE: Skipping duplicate file ${1}" >&2 + return 1 + fi + + SUFFIX=$(( ${SUFFIX} + 1 )) + LINKFILE=${HASH}.${TAG}${SUFFIX} + done + + echo "${3} => ${LINKFILE}" + + # assume any system with a POSIX shell will either support symlinks or + # do something to handle this gracefully + ln -s ${3} ${LINKFILE} + + return 0 +} + + +# hash_dir create hash links in a given directory +hash_dir() +{ + echo "Doing ${1}" + + cd ${1} + + ls -1 * 2>/dev/null | while read FILE + do + if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ + && [ -h "${FILE}" ] + then + rm ${FILE} + fi + done + + ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE + do + REAL_FILE=${FILE} + # if we run on build host then get to the real files in rootfs + if [ -n "${SYSROOT}" -a -h ${FILE} ] + then + FILE=$( readlink ${FILE} ) + # check the symlink is absolute (or dangling in other word) + if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] + then + REAL_FILE=${SYSROOT}/${FILE} + fi + fi + + check_file ${REAL_FILE} + local FILE_TYPE=${?} + local TYPE_STR='' + + if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] + then + TYPE_STR='x509' + elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] + then + TYPE_STR='crl' + else + echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 + continue + fi + + link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} + done +} + + +# choose the name of an ssl application +if [ -n "${OPENSSL}" ] +then + SSL_CMD=$(which ${OPENSSL} 2>/dev/null) +else + SSL_CMD=/usr/bin/openssl + OPENSSL=${SSL_CMD} + export OPENSSL +fi + +# fix paths +PATH=${PATH}:${DIR}/bin +export PATH + +# confirm existance/executability of ssl command +if ! [ -x ${SSL_CMD} ] +then + echo "${0}: rehashing skipped ('openssl' program not available)" >&2 + exit 0 +fi + +# determine which directories to process +old_IFS=$IFS +if [ ${#} -gt 0 ] +then + IFS=':' + DIRLIST=${*} +elif [ -n "${SSL_CERT_DIR}" ] +then + DIRLIST=$SSL_CERT_DIR +else + DIRLIST=${DIR}/certs +fi + +IFS=':' + +# process directories +for CERT_DIR in ${DIRLIST} +do + if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] + then + IFS=$old_IFS + hash_dir ${CERT_DIR} + IFS=':' + fi +done diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch index de49729e5..de49729e5 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-fix-des.pod-error.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch index 065b9b122..065b9b122 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl-util-perlpath.pl-cwd.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch index 0f08a642f..0f08a642f 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/openssl_fix_for_x32.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch index f3f4c9988..e5413bf38 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/parallel.patch @@ -1,4 +1,7 @@ -Fix the parallel races in the Makefiles. +From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Sat, 5 Mar 2016 00:12:02 +0000 +Subject: [PATCH 24/28] Fix the parallel races in the Makefiles. This patch was taken from the Gentoo packaging: https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch @@ -9,9 +12,82 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> Refreshed for 1.0.2i Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- openssl-1.0.2g/crypto/Makefile -+++ openssl-1.0.2g/crypto/Makefile -@@ -85,11 +85,11 @@ +--- + Makefile.org | 14 +- + Makefile.org.orig | 10 +- + Makefile.shared | 2 + + Makefile.shared.orig | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++ + crypto/Makefile | 10 +- + engines/Makefile | 6 +- + engines/Makefile.orig | 338 ++++++++++++++++++++++++++ + test/Makefile | 92 +++---- + test/Makefile.orig | 88 ++++--- + 9 files changed, 1108 insertions(+), 107 deletions(-) + create mode 100644 Makefile.shared.orig + create mode 100644 engines/Makefile.orig + +diff --git a/Makefile.org b/Makefile.org +index 8e7936c..ed98d2a 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc + build_libssl: build_ssl libssl.pc + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -565,7 +565,7 @@ install_sw: + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +diff --git a/Makefile.shared b/Makefile.shared +index f6f92e7..8164186 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -105,6 +105,7 @@ LINK_SO= \ + SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ SYMLINK_SO= \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +diff --git a/crypto/Makefile b/crypto/Makefile +index 17a87f8..29c2dcf 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,11 +85,11 @@ testapps: @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi subdirs: @@ -25,7 +101,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> links: @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ +@@ -100,7 +100,7 @@ links: # lib: $(LIB): are splitted to avoid end-less loop lib: $(LIB) @touch lib @@ -34,7 +110,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> $(AR) $(LIB) $(LIBOBJ) test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ +@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs fi libs: @@ -43,7 +119,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ +@@ -120,7 +120,7 @@ install: (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; @@ -52,9 +128,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> lint: @target=lint; $(RECURSIVE_MAKE) ---- openssl-1.0.2g/engines/Makefile -+++ openssl-1.0.2g/engines/Makefile -@@ -72,7 +72,7 @@ +diff --git a/engines/Makefile b/engines/Makefile +index fe8e9ca..a43d21b 100644 +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ top: all: lib subdirs @@ -63,7 +141,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ +@@ -89,7 +89,7 @@ lib: $(LIBOBJ) subdirs: echo $(EDIRS) @@ -72,8 +150,8 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ +@@ -128,7 +128,7 @@ install: + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \ done; \ fi - @target=install; $(RECURSIVE_MAKE) @@ -81,62 +159,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> tags: ctags $(SRC) ---- openssl-1.0.2g/Makefile.org -+++ openssl-1.0.2g/Makefile.org -@@ -279,17 +279,17 @@ - build_libssl: build_ssl libssl.pc - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -544,7 +544,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ ---- openssl-1.0.2g/Makefile.shared -+++ openssl-1.0.2g/Makefile.shared -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- openssl-1.0.2g/test/Makefile -+++ openssl-1.0.2g/test/Makefile -@@ -144,7 +144,7 @@ +diff --git a/test/Makefile b/test/Makefile +index 40abd60..78d3788 100644 +--- a/test/Makefile ++++ b/test/Makefile +@@ -145,7 +145,7 @@ install: tags: ctags $(SRC) @@ -145,7 +172,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -438,136 +438,136 @@ +@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \ link_app.$${shlib_target} $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @@ -316,6 +343,9 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - @target=$(BADDTLSTEST) $(BUILD_CMD) + +@target=$(BADDTLSTEST) $(BUILD_CMD) + $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) + @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o - @target=$(SSLV2CONFTEST) $(BUILD_CMD) + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) @@ -326,7 +356,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -580,6 +580,6 @@ +@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) @@ -334,4 +364,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> + +@target=dummytest; $(BUILD_CMD) # DO NOT DELETE THIS LINE -- make depend depends on it. -
\ No newline at end of file + +-- +2.15.1 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch index ef6d17934..ef6d17934 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest-deps.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch index 4202e61d1..4202e61d1 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/ptest_makefile_deps.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest new file mode 100755 index 000000000..3b20fce1e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/run-ptest @@ -0,0 +1,2 @@ +#!/bin/sh +make -k runtest diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch index a7ca0a307..a7ca0a307 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/shared-libs.patch +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl-1.0.2n/shared-libs.patch diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch new file mode 100644 index 000000000..736bb39ac --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch @@ -0,0 +1,49 @@ +From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Fri, 7 Apr 2017 18:01:52 +0300 +Subject: [PATCH] Remove test that requires running as non-root + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + test/recipes/40-test_rehash.t | 17 +---------------- + 1 file changed, 1 insertion(+), 16 deletions(-) + +diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t +index f902c23..c7567c1 100644 +--- a/test/recipes/40-test_rehash.t ++++ b/test/recipes/40-test_rehash.t +@@ -23,7 +23,7 @@ setup("test_rehash"); + plan skip_all => "test_rehash is not available on this platform" + unless run(app(["openssl", "rehash", "-help"])); + +-plan tests => 5; ++plan tests => 3; + + indir "rehash.$$" => sub { + prepare(); +@@ -42,21 +42,6 @@ indir "rehash.$$" => sub { + 'Testing rehash operations on empty directory'); + }, create => 1, cleanup => 1; + +-indir "rehash.$$" => sub { +- prepare(); +- chmod 0500, curdir(); +- SKIP: { +- if (!ok(!open(FOO, ">unwritable.txt"), +- "Testing that we aren't running as a privileged user, such as root")) { +- close FOO; +- skip "It's pointless to run the next test as root", 1; +- } +- isnt(run(app(["openssl", "rehash", curdir()])), 1, +- 'Testing rehash operations on readonly directory'); +- } +- chmod 0700, curdir(); # make it writable again, so cleanup works +-}, create => 1, cleanup => 1; +- + sub prepare { + my @pemsourcefiles = sort glob(srctop_file('test', "*.pem")); + my @destfiles = (); +-- +2.11.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch new file mode 100644 index 000000000..6ce4e47d7 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch @@ -0,0 +1,43 @@ +From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Tue, 28 Mar 2017 16:40:12 +0300 +Subject: [PATCH] Take linking flags from LDFLAGS env var + +This fixes "No GNU_HASH in the elf binary" issues. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + Configurations/unix-Makefile.tmpl | 2 +- + Configure | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index c029817..43b769b 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -} + CC= $(CROSS_COMPILE){- $target{cc} -} + CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} + CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} +-LDFLAGS= {- $target{lflags} -} ++LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -} + PLIB_LDFLAGS= {- $target{plib_lflags} -} + EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} + LIB_CFLAGS={- $target{shared_cflag} || "" -} +diff --git a/Configure b/Configure +index aee7cc3..274d236 100755 +--- a/Configure ++++ b/Configure +@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file}; + $config{defines} = []; + $config{cflags} = ""; + $config{ex_libs} = ""; +-$config{shared_ldflag} = ""; ++$config{shared_ldflag} = $ENV{'LDFLAGS'}; + + # Make sure build_scheme is consistent. + $target{build_scheme} = [ $target{build_scheme} ] +-- +2.11.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch new file mode 100644 index 000000000..bb0a1689e --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch @@ -0,0 +1,88 @@ +From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Fri, 3 Nov 2017 23:30:01 +0100 +Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with + binutils-2.29. + +It's not clear if it's a feature or bug, but binutils-2.29[.1] +interprets 'adr' instruction with Thumb2 code reference differently, +in a way that affects calculation of addresses of constants' tables. + +Upstream-Status: Backport + +Reviewed-by: Tim Hudson <tjh@openssl.org> +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +Signed-off-by: Stefan Agner <stefan.agner@toradex.com> +(Merged from https://github.com/openssl/openssl/pull/4669) + +(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda) +--- + crypto/aes/asm/aes-armv4.pl | 6 +++--- + crypto/aes/asm/bsaes-armv7.pl | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl +index 16d79aae53..c6474b8aad 100644 +--- a/crypto/aes/asm/aes-armv4.pl ++++ b/crypto/aes/asm/aes-armv4.pl +@@ -200,7 +200,7 @@ AES_encrypt: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_encrypt + #else +- adr r3,AES_encrypt ++ adr r3,. + #endif + stmdb sp!,{r1,r4-r12,lr} + #ifdef __APPLE__ +@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_set_encrypt_key + #else +- adr r3,AES_set_encrypt_key ++ adr r3,. + #endif + teq r0,#0 + #ifdef __thumb2__ +@@ -976,7 +976,7 @@ AES_decrypt: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_decrypt + #else +- adr r3,AES_decrypt ++ adr r3,. + #endif + stmdb sp!,{r1,r4-r12,lr} + #ifdef __APPLE__ +diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl +index 9f288660ef..a27bb4a179 100644 +--- a/crypto/aes/asm/bsaes-armv7.pl ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -744,7 +744,7 @@ $code.=<<___; + .type _bsaes_decrypt8,%function + .align 4 + _bsaes_decrypt8: +- adr $const,_bsaes_decrypt8 ++ adr $const,. + vldmia $key!, {@XMM[9]} @ round 0 key + #ifdef __APPLE__ + adr $const,.LM0ISR +@@ -843,7 +843,7 @@ _bsaes_const: + .type _bsaes_encrypt8,%function + .align 4 + _bsaes_encrypt8: +- adr $const,_bsaes_encrypt8 ++ adr $const,. + vldmia $key!, {@XMM[9]} @ round 0 key + #ifdef __APPLE__ + adr $const,.LM0SR +@@ -951,7 +951,7 @@ $code.=<<___; + .type _bsaes_key_convert,%function + .align 4 + _bsaes_key_convert: +- adr $const,_bsaes_key_convert ++ adr $const,. + vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key + #ifdef __APPLE__ + adr $const,.LM0 +-- +2.15.0 + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch deleted file mode 100644 index 2a318a458..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch +++ /dev/null @@ -1,21 +0,0 @@ -Upstream-Status: Submitted - -This patch adds the fix for one of the ciphers used in openssl, namely -the cipher des-ede3-cfb1. Complete bug log and patch is present here: -http://rt.openssl.org/Ticket/Display.html?id=2867 - -Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> - -Index: openssl-1.0.2/crypto/evp/e_des3.c -=================================================================== ---- openssl-1.0.2.orig/crypto/evp/e_des3.c -+++ openssl-1.0.2/crypto/evp/e_des3.c -@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH - size_t n; - unsigned char c[1], d[1]; - -- for (n = 0; n < inl; ++n) { -+ for (n = 0; n * 8 < inl; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c, d, 1, 1, - &data(ctx)->ks1, &data(ctx)->ks2, diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch deleted file mode 100644 index f736e5c09..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ /dev/null @@ -1,23 +0,0 @@ -openssl: avoid NULL pointer dereference in EVP_DigestInit_ex() - -We should avoid accessing the type pointer if it's NULL, -this could happen if ctx->digest is not NULL. - -Upstream-Status: Submitted -http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html - -Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> ---- -Index: openssl-1.0.2h/crypto/evp/digest.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/digest.c -+++ openssl-1.0.2h/crypto/evp/digest.c -@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - type = ctx->digest; - } - #endif -- if (ctx->digest != type) { -+ if (type && (ctx->digest != type)) { - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_free(ctx->md_data); - ctx->md_data = NULL; diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest index 3b20fce1e..65c6cc7b8 100755..100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/run-ptest @@ -1,2 +1,4 @@ #!/bin/sh -make -k runtest +cd test +OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl +cd .. diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc index 8f2a797b8..23f97d76b 100644 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl10.inc @@ -11,11 +11,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" DEPENDS = "makedepend-native hostperl-runtime-native" DEPENDS_append_class-target = " openssl-native" +PROVIDES += "openssl10" + SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ " S = "${WORKDIR}/openssl-${PV}" +PACKAGECONFIG ?= "cryptodev-linux" PACKAGECONFIG[perl] = ",,," +PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux" TERMIO_libc-musl = "-DTERMIOS" TERMIO ?= "-DTERMIO" @@ -37,8 +41,6 @@ FILES_${PN} =+ " ${libdir}/ssl/*" FILES_${PN}-misc = "${libdir}/ssl/misc" RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" -PROVIDES += "openssl10" - # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto # package RRECOMMENDS on this package. This will enable the configuration # file to be installed for both the base openssl package and the libcrypto @@ -64,12 +66,11 @@ do_configure () { os=${HOST_OS} case $os in - linux-uclibc |\ - linux-uclibceabi |\ linux-gnueabi |\ - linux-uclibcspe |\ linux-gnuspe |\ - linux-musl*) + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) os=linux ;; *) @@ -101,7 +102,7 @@ do_configure () { linux-i686) target=debian-i386-i686/cmov ;; - linux-gnux32-x86_64) + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) target=linux-x32 ;; linux-gnu64-x86_64) @@ -125,7 +126,7 @@ do_configure () { linux-mips*) target=debian-mips ;; - linux-microblaze*|linux-nios2*) + linux-microblaze*|linux-nios2*|linux-gnu*ilp32**) target=linux-generic32 ;; linux-powerpc) @@ -202,6 +203,16 @@ do_install () { ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf + + # Rename man pages to prefix openssl10-* + for f in `find ${D}${mandir} -type f`; do + mv $f $(dirname $f)/openssl10-$(basename $f) + done + for f in `find ${D}${mandir} -type l`; do + ln_f=`readlink $f` + rm -f $f + ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f) + done } do_install_ptest () { @@ -239,6 +250,17 @@ do_install_ptest () { # modified again later when stripping them, but that's okay. touch ${D}${PTEST_PATH} find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} + + # exclude binary files or the package won't install + for d in ssltest_old v3ext x509aux; do + rm -rf ${D}${libdir}/${BPN}/ptest/test/$d + done + + # Remove build host references + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure } do_install_append_class-native() { @@ -250,3 +272,4 @@ do_install_append_class-native() { } BBCLASSEXTEND = "native nativesdk" + diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb deleted file mode 100644 index 83d1a500c..000000000 --- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb +++ /dev/null @@ -1,62 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" -CFLAG_append_class-native = " -fPIC" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://find.pl;subdir=${BP}/util/ \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian1.0.2/version-script.patch \ - file://debian1.0.2/soname.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - file://parallel.patch \ - file://openssl-util-perlpath.pl-cwd.patch \ - file://Use-SHA256-not-MD5-as-default-digest.patch \ - file://0001-Fix-build-with-clang-using-external-assembler.patch \ - " -SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65" -SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" - -# The crypto_use_bigint patch means that perl's bignum module needs to be -# installed, but some distributions (for example Fedora 23) don't ship it by -# default. As the resulting error is very misleading check for bignum before -# building. -do_configure_prepend() { - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi -} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb new file mode 100644 index 000000000..32444c609 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb @@ -0,0 +1,60 @@ +require openssl10.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" +CFLAG_append_class-native = " -fPIC" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian1.0.2/version-script.patch \ + file://debian1.0.2/soname.patch \ + file://openssl_fix_for_x32.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + file://parallel.patch \ + file://openssl-util-perlpath.pl-cwd.patch \ + file://Use-SHA256-not-MD5-as-default-digest.patch \ + file://0001-Fix-build-with-clang-using-external-assembler.patch \ + file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ + " +SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" +SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb new file mode 100644 index 000000000..1649bffaa --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb @@ -0,0 +1,156 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32" + +BBCLASSEXTEND = "native nativesdk" + +SRC_URI[md5sum] = "ba5f1b8b835b88cadbce9b35ed9531a6" +SRC_URI[sha256sum] = "de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ + file://0001-Remove-test-that-requires-running-as-non-root.patch \ + file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \ + " + +S = "${WORKDIR}/openssl-${PV}" + +inherit lib_package multilib_header ptest + +do_configure () { + os=${HOST_OS} + case $os in + linux-uclibc |\ + linux-uclibceabi |\ + linux-gnueabi |\ + linux-uclibcspe |\ + linux-gnuspe |\ + linux-musl*) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-sh3) + target=linux-generic32 + ;; + linux-sh4) + target=linux-generic32 + ;; + linux-i486) + target=linux-elf + ;; + linux-i586 | linux-viac3) + target=linux-elf + ;; + linux-i686) + target=linux-elf + ;; + linux-gnux32-x86_64) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-mipsel) + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64) + target=linux64-mips64 + ;; + linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze*|linux-nios2*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-supersparc) + target=linux-sparcv9 + ;; + linux-sparc) + target=linux-sparcv9 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target +} + +#| engines/afalg/e_afalg.c: In function 'eventfd': +#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function) +#| return syscall(__NR_eventfd, n); +#| ^~~~~~~~~~~~ +EXTRA_OECONF_aarch64 += "no-afalgeng" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC" + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + oe_multilib_header openssl/opensslconf.h +} + +do_install_append_class-native () { + # Install a custom version of c_rehash that can handle sysroots properly. + # This version is used for example when installing ca-certificates during + # image creation. + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash +} + +do_install_ptest() { + cp -r * ${D}${PTEST_PATH} + + # Putting .so files in ptest package will mess up the dependencies of the main openssl package + # so we rename them to .so.ptest and patch the test accordingly + mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest + mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest + sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t +} + +RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python" + +FILES_${PN} =+ " ${libdir}/ssl-1.1/*" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/engines-1.1" + |