[Buildroot] [PATCH 01/15] libressl: bump version to 2.5.5

[Buildroot] [PATCH 01/15] libressl: bump version to 2.5.5

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/libressl/libressl.hash | 2 +-
 package/libressl/libressl.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
index 9ffe9648a..580701d6a 100644
--- a/package/libressl/libressl.hash
+++ b/package/libressl/libressl.hash
@@ -1,2 +1,2 @@
 # From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
-sha256	107a5b522fbb8318d4c3be668075e5e607296f0a9255d71674caa94571336efa	libressl-2.5.4.tar.gz
+sha256	e57f5e3d5842a81fe9351b6e817fcaf0a749ca4ef35a91465edba9e071dce7c4	libressl-2.5.5.tar.gz
diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
index 694144736..ccd236d29 100644
--- a/package/libressl/libressl.mk
+++ b/package/libressl/libressl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBRESSL_VERSION = 2.5.4
+LIBRESSL_VERSION = 2.5.5
 LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
 LIBRESSL_LICENSE = ISC (new additions), OpenSSL or SSLeay (original OpenSSL code)
 LIBRESSL_LICENSE_FILES = COPYING
-- 
2.13.0

[Buildroot] [PATCH 02/15] libwebsockets: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/libwebsockets/libwebsockets.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/libwebsockets/libwebsockets.mk b/package/libwebsockets/libwebsockets.mk
index b29a2f14c..b6a1db779 100644
--- a/package/libwebsockets/libwebsockets.mk
+++ b/package/libwebsockets/libwebsockets.mk
@@ -24,6 +24,9 @@ endif
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 LIBWEBSOCKETS_DEPENDENCIES += openssl host-openssl
 LIBWEBSOCKETS_CONF_OPTS += -DLWS_WITH_SSL=ON
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+LIBWEBSOCKETS_DEPENDENCIES += libressl host-openssl
+LIBWEBSOCKETS_CONF_OPTS += -DLWS_WITH_SSL=ON
 else
 LIBWEBSOCKETS_CONF_OPTS += -DLWS_WITH_SSL=OFF
 endif
-- 
2.13.0

[Buildroot] [PATCH 03/15] libevent: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/libevent/libevent.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/libevent/libevent.mk b/package/libevent/libevent.mk
index 36bca0b21..910f24d4b 100644
--- a/package/libevent/libevent.mk
+++ b/package/libevent/libevent.mk
@@ -26,6 +26,9 @@ endif
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 LIBEVENT_DEPENDENCIES += host-pkgconf openssl
 LIBEVENT_CONF_OPTS += --enable-openssl
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+LIBEVENT_DEPENDENCIES += host-pkgconf libressl
+LIBEVENT_CONF_OPTS += --enable-openssl
 else
 LIBEVENT_CONF_OPTS += --disable-openssl
 endif
-- 
2.13.0

[Buildroot] [PATCH 04/15] libcurl: support libressl.

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/libcurl/libcurl.mk | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 684844919..907121717 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -40,6 +40,16 @@ LIBCURL_CONF_ENV += ac_cv_lib_crypto_CRYPTO_lock=yes
 LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)/lib:/usr/lib
 LIBCURL_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr \
 	--with-ca-path=/etc/ssl/certs
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+LIBCURL_DEPENDENCIES += libressl
+LIBCURL_CONF_ENV += ac_cv_lib_crypto_CRYPTO_lock=yes
+# configure adds the cross openssl dir to LD_LIBRARY_PATH which screws up
+# native stuff during the rest of configure when target == host.
+# Fix it by setting LD_LIBRARY_PATH to something sensible so those libs
+# are found first.
+LIBCURL_CONF_ENV += LD_LIBRARY_PATH=$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)/lib:/usr/lib
+LIBCURL_CONF_OPTS += --with-ssl=$(STAGING_DIR)/usr \
+	--with-ca-path=/etc/ssl/certs
 else ifeq ($(BR2_PACKAGE_GNUTLS),y)
 LIBCURL_CONF_OPTS += --with-gnutls=$(STAGING_DIR)/usr
 LIBCURL_DEPENDENCIES += gnutls
-- 
2.13.0

[Buildroot] [PATCH 05/15] libsrtp: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/libsrtp/libsrtp.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/libsrtp/libsrtp.mk b/package/libsrtp/libsrtp.mk
index 9e72856c4..e1527da0c 100644
--- a/package/libsrtp/libsrtp.mk
+++ b/package/libsrtp/libsrtp.mk
@@ -28,6 +28,9 @@ LIBSRTP_DEPENDENCIES = host-pkgconf
 ifeq ($(BR2_PACKAGE_OPENSSL)x$(BR2_STATIC_LIBS),yx)
 LIBSRTP_DEPENDENCIES += openssl
 LIBSRTP_CONF_OPTS += --enable-openssl
+else ifeq ($(BR2_PACKAGE_LIBRESSL)x$(BR2_STATIC_LIBS),yx)
+LIBSRTP_DEPENDENCIES += libressl
+LIBSRTP_CONF_OPTS += --enable-openssl
 else
 LIBSRTP_CONF_OPTS += --disable-openssl
 endif
-- 
2.13.0

[Buildroot] [PATCH 06/15] apr-uti: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/apr-util/apr-util.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/apr-util/apr-util.mk b/package/apr-util/apr-util.mk
index bc0572e11..71886c00f 100644
--- a/package/apr-util/apr-util.mk
+++ b/package/apr-util/apr-util.mk
@@ -49,6 +49,9 @@ endif
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 APR_UTIL_CONF_OPTS += --with-crypto --with-openssl="$(STAGING_DIR)/usr"
 APR_UTIL_DEPENDENCIES += openssl
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+APR_UTIL_DEPENDENCIES += libressl
+APR_UTIL_CONF_OPTS += --with-crypto --with-openssl="$(STAGING_DIR)/usr"
 else
 APR_UTIL_CONF_OPTS += --without-crypto
 endif
-- 
2.13.0

[Buildroot] [PATCH 07/15] openssh: support libressl.

[Adam Duskett]

While at it, fix formatting issues in Config.in

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/openssh/Config.in  | 7 ++++---
 package/openssh/openssh.mk | 9 ++++++++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/package/openssh/Config.in b/package/openssh/Config.in
index 75911402a..28f30cc12 100644
--- a/package/openssh/Config.in
+++ b/package/openssh/Config.in
@@ -1,10 +1,11 @@
 config BR2_PACKAGE_OPENSSH
 	bool "openssh"
 	depends on BR2_USE_MMU # fork()
-	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
 	select BR2_PACKAGE_ZLIB
 	help
-	  A free version of the SSH protocol suite of network connectivity
-	  tools. The standard 'ssh', 'sshd', 'scp', and friends.
+	  A free version of the SSH protocol suite of network
+	  connectivity tools. The standard 'ssh', 'sshd', 'scp', and
+	  friends.
 
 	  http://www.openssh.com/
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 38a32bf54..2a08450c8 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -30,7 +30,14 @@ ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
 OPENSSH_CONF_OPTS += --without-pie
 endif
 
-OPENSSH_DEPENDENCIES = zlib openssl
+OPENSSH_DEPENDENCIES = zlib
+
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+OPENSSH_DEPENDENCIES += openssl
+endif
+ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+OPENSSH_DEPENDENCIES += libressl
+endif
 
 ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX),y)
 OPENSSH_DEPENDENCIES += cryptodev-linux
-- 
2.13.0

[Buildroot] [PATCH 08/15] snmppp: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/snmppp/Config.in | 2 +-
 package/snmppp/snmppp.mk | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/package/snmppp/Config.in b/package/snmppp/Config.in
index 8d284673b..fb3119177 100644
--- a/package/snmppp/Config.in
+++ b/package/snmppp/Config.in
@@ -21,7 +21,7 @@ config BR2_PACKAGE_SNMPPP_LOGGING
 config BR2_PACKAGE_SNMPPP_SNMPV3
 	bool "enable SNMPv3"
 	default y
-	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
 	help
 	  Enable optional support for SNMP++. This selects OpenSSL.
 
diff --git a/package/snmppp/snmppp.mk b/package/snmppp/snmppp.mk
index 67410d9e4..b333af6e7 100644
--- a/package/snmppp/snmppp.mk
+++ b/package/snmppp/snmppp.mk
@@ -15,7 +15,12 @@ SNMPPP_LICENSE_FILES = src/v3.cpp
 
 ifeq ($(BR2_PACKAGE_SNMPPP_SNMPV3),y)
 SNMPPP_CONF_OPTS += --enable-snmpv3
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
 SNMPPP_DEPENDENCIES += openssl
+endif
+ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+SNMPPP_DEPENDENCIES += libressl
+endif
 else
 SNMPPP_CONF_OPTS += --disable-snmpv3
 endif
-- 
2.13.0

[Buildroot] [PATCH 09/15] syslog-ng: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/syslog-ng/Config.in    | 2 +-
 package/syslog-ng/syslog-ng.mk | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/package/syslog-ng/Config.in b/package/syslog-ng/Config.in
index fbc236221..a6c1efc79 100644
--- a/package/syslog-ng/Config.in
+++ b/package/syslog-ng/Config.in
@@ -7,7 +7,7 @@ config BR2_PACKAGE_SYSLOG_NG
 	select BR2_PACKAGE_EVENTLOG
 	select BR2_PACKAGE_LIBGLIB2
 	select BR2_PACKAGE_PCRE
-	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
 	help
 	  syslog-ng is an enhanced log daemon, supporting a wide range
 	  of input and output methods: syslog, unstructured text,
diff --git a/package/syslog-ng/syslog-ng.mk b/package/syslog-ng/syslog-ng.mk
index 325fac584..4b182c9e3 100644
--- a/package/syslog-ng/syslog-ng.mk
+++ b/package/syslog-ng/syslog-ng.mk
@@ -9,12 +9,18 @@ SYSLOG_NG_SITE = https://github.com/balabit/syslog-ng/releases/download/syslog-n
 SYSLOG_NG_LICENSE = LGPL-2.1+ (syslog-ng core), GPL-2.0+ (modules)
 SYSLOG_NG_LICENSE_FILES = COPYING
 SYSLOG_NG_DEPENDENCIES = host-bison host-flex host-pkgconf \
-	eventlog libglib2 openssl pcre
+	eventlog libglib2 pcre
 # rabbit-mq needs -lrt
 SYSLOG_NG_CONF_ENV = LIBS=-lrt
 SYSLOG_NG_CONF_OPTS = --disable-manpages --localstatedir=/var/run \
 	--disable-java --disable-java-modules --disable-mongodb
 
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+SYSLOG_NG_DEPENDENCIES += openssl
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+SYSLOG_NG_DEPENDENCIES += libressl
+endif
+
 # We override busybox's S01logging init script
 ifeq ($(BR2_PACKAGE_BUSYBOX),y)
 SYSLOG_NG_DEPENDENCIES += busybox
-- 
2.13.0

[Buildroot] [PATCH 10/15] netsnmp: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/netsnmp/netsnmp.mk | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk
index abcf63d56..405c28781 100644
--- a/package/netsnmp/netsnmp.mk
+++ b/package/netsnmp/netsnmp.mk
@@ -60,6 +60,13 @@ NETSNMP_CONF_OPTS += \
 	--with-openssl=$(STAGING_DIR)/usr/include/openssl \
 	--with-security-modules="tsm,usm" \
 	--with-transports="DTLSUDP,TLSTCP"
+# LibreSSL
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+NETSNMP_DEPENDENCIES += libressl
+NETSNMP_CONF_OPTS += \
+	--with-openssl=$(STAGING_DIR)/usr/include/openssl \
+	--with-security-modules="tsm,usm" \
+	--with-transports="DTLSUDP,TLSTCP"
 ifeq ($(BR2_STATIC_LIBS),y)
 # openssl uses zlib, so we need to explicitly link with it when static
 NETSNMP_CONF_ENV += LIBS=-lz
-- 
2.13.0

[Buildroot] [PATCH 11/15] ntp: support libressl

[Adam Duskett]

In addition, add the patch 0004-libressl-support.patch
This fixes some preprocessor checks that determine whether
or not to use OpenSSL 1.1 or 1.0.x. Because LibreSSL returns 2.x
the macros think that OpenSSL 1.1 should be used. This patch
checks to see if there is an LIBRESSL_VERSION_NUMBER defined
as well.

Upstream-Status: Pending
http://bugs.ntp.org/show_bug.cgi?id=3401#c3

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/ntp/0004-libressl-support.patch | 105 ++++++++++++++++++++++++++++++++
 package/ntp/Config.in                   |   2 +-
 package/ntp/ntp.mk                      |   9 ++-
 3 files changed, 114 insertions(+), 2 deletions(-)
 create mode 100644 package/ntp/0004-libressl-support.patch

diff --git a/package/ntp/0004-libressl-support.patch b/package/ntp/0004-libressl-support.patch
new file mode 100644
index 000000000..2ac4ee89d
--- /dev/null
+++ b/package/ntp/0004-libressl-support.patch
@@ -0,0 +1,106 @@
+From a3bd714d3028241c7546ded6ae6b93887a17a7fa Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Wed, 12 Jul 2017 09:14:38 -0400
+Subject: [PATCH] add libressl support
+
+Fix some preprocessor macros to add libressl support.
+Upstream-Status: Pending
+http://bugs.ntp.org/show_bug.cgi?id=3401#c3
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+---
+ include/libssl_compat.h                | 4 +++-
+ libntp/libssl_compat.c                 | 2 +-
+ libntp/ssl_init.c                      | 2 +-
+ ports/winnt/include/msvc_ssl_autolib.h | 2 +-
+ sntp/libevent/test/regress_ssl.c       | 4 ++--
+ 5 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/include/libssl_compat.h b/include/libssl_compat.h
+index 2a3697c..eede47b 100644
+--- a/include/libssl_compat.h
++++ b/include/libssl_compat.h
+@@ -25,8 +25,10 @@
+ #include "openssl/rsa.h"
+ 
+ #ifndef OPENSSL_VERSION_NUMBER
++#ifndef LIBRESSL_VERSION_NUMBER
+ #define OPENSSL_VERSION_NUMBER SSLEAY_VERSION_NUMBER
+ #endif
++#endif
+ 
+ #ifndef OPENSSL_VERSION_TEXT
+ #define OPENSSL_VERSION_TEXT SSLEAY_VERSION_TEXT
+@@ -37,7 +39,7 @@
+ #endif
+ 
+ /* ----------------------------------------------------------------- */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* ----------------------------------------------------------------- */
+ 
+ # include <openssl/objects.h>
+diff --git a/libntp/libssl_compat.c b/libntp/libssl_compat.c
+index afe4d07..dae7017 100644
+--- a/libntp/libssl_compat.c
++++ b/libntp/libssl_compat.c
+@@ -26,7 +26,7 @@
+ /* ----------------------------------------------------------------- */
+ 
+ /* ----------------------------------------------------------------- */
+-#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* ----------------------------------------------------------------- */
+ 
+ #include "libssl_compat.h"
+diff --git a/libntp/ssl_init.c b/libntp/ssl_init.c
+index bebf6e1..0a27050 100644
+--- a/libntp/ssl_init.c
++++ b/libntp/ssl_init.c
+@@ -21,7 +21,7 @@
+ 
+ int ssl_init_done;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ static void
+ atexit_ssl_cleanup(void)
+diff --git a/ports/winnt/include/msvc_ssl_autolib.h b/ports/winnt/include/msvc_ssl_autolib.h
+index 688b5e2..393e1c9 100644
+--- a/ports/winnt/include/msvc_ssl_autolib.h
++++ b/ports/winnt/include/msvc_ssl_autolib.h
+@@ -85,7 +85,7 @@
+  * request in the object file, depending on the SSL version and the
+  * build variant.
+  */
+-# if OPENSSL_VERSION_NUMBER >= 0x10100000L
++# if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
+ #  pragma comment(lib, "libcrypto" LTAG_SIZE LTAG_RTLIB LTAG_DEBUG ".lib")
+ # else
+ #  pragma comment(lib, "libeay32" LTAG_RTLIB LTAG_DEBUG ".lib")
+diff --git a/sntp/libevent/test/regress_ssl.c b/sntp/libevent/test/regress_ssl.c
+index 226a2a3..dc761dc 100644
+--- a/sntp/libevent/test/regress_ssl.c
++++ b/sntp/libevent/test/regress_ssl.c
+@@ -61,7 +61,7 @@
+ 
+ #include <string.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) || defined(LIBRESSL_VERSION_NUMBER)
+ #define OpenSSL_version_num SSLeay
+ #endif /* OPENSSL_VERSION_NUMBER */
+ 
+@@ -130,7 +130,7 @@ getcert(void)
+ 	X509_set_subject_name(x509, name);
+ 	X509_set_issuer_name(x509, name);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	X509_time_adj(X509_get_notBefore(x509), 0, &now);
+ 	now += 3600;
+ 	X509_time_adj(X509_get_notAfter(x509), 0, &now);
+-- 
+2.13.0
+
diff --git a/package/ntp/Config.in b/package/ntp/Config.in
index 1af02dbc0..804efec54 100644
--- a/package/ntp/Config.in
+++ b/package/ntp/Config.in
@@ -1,7 +1,7 @@
 config BR2_PACKAGE_NTP
 	bool "ntp"
 	select BR2_PACKAGE_LIBEVENT
-	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
 	help
 	  Network Time Protocol suite/programs.
 	  Provides things like ntpd, ntpdate, ntpq, etc...
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index c70d6e635..929a5fd87 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -7,7 +7,7 @@
 NTP_VERSION_MAJOR = 4.2
 NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
 NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
-NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
+NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 NTP_LICENSE = NTP
 NTP_LICENSE_FILES = COPYRIGHT
 NTP_CONF_ENV = ac_cv_lib_md5_MD5Init=no
@@ -24,6 +24,13 @@ NTP_CONF_OPTS = \
 # 0003-ntpq-fpic.patch
 NTP_AUTORECONF = YES
 
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+NTP_DEPENDENCIES += openssl
+endif
+ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+NTP_DEPENDENCIES += libressl
+endif
+
 ifeq ($(BR2_TOOLCHAIN_HAS_SSP),y)
 NTP_CONF_OPTS += --with-locfile=linux
 else
-- 
2.13.0

[Buildroot] [PATCH 12/15] postgresql: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/postgresql/postgresql.mk | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk
index 62b41cbea..a8de14572 100644
--- a/package/postgresql/postgresql.mk
+++ b/package/postgresql/postgresql.mk
@@ -54,7 +54,11 @@ POSTGRESQL_CONF_ENV += ZIC="$(ZIC)"
 endif
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
-POSTGRESQL_DEPENDENCIES += openssl
+BR2_PACKAGE_OPENSSL += openssl
+POSTGRESQL_CONF_OPTS += --with-openssl
+endif
+ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+BR2_PACKAGE_OPENSSL += libressl
 POSTGRESQL_CONF_OPTS += --with-openssl
 endif
 
-- 
2.13.0

[Buildroot] [PATCH 13/15] swupdate: support libressl

[Adam Duskett]

A small patch that checks to see if CONFIG_SIGALG_CMS is enable in the config
file before including it in sslapi.h. LibreSSL does not include it and likely
never will.

Also clean up formatting issues in Config.in while at it.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/swupdate/0002-support-libressl.patch | 32 +++++++++++++++++++++++
 package/swupdate/Config.in                   | 38 +++++++++++++++-------------
 package/swupdate/swupdate.mk                 |  4 +++
 3 files changed, 56 insertions(+), 18 deletions(-)
 create mode 100644 package/swupdate/0002-support-libressl.patch

diff --git a/package/swupdate/0002-support-libressl.patch b/package/swupdate/0002-support-libressl.patch
new file mode 100644
index 000000000..503c6c627
--- /dev/null
+++ b/package/swupdate/0002-support-libressl.patch
@@ -0,0 +1,35 @@
+From 9431e1f03556a87e632cb0f53116efd94b006ae0 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Fri, 14 Jul 2017 13:49:17 -0400
+Subject: [PATCH] support libressl
+
+Add a check to see if CONFIG_SIGALG_CMS is enabled in sslapi.h before
+including openssl/cms.h. LibreSSL does not support cms and probably never
+will. As such, LibreSSL doesn't include it and will fail during a build
+that would otherwise pass.
+
+Upstream-Status: Pending 
+https://groups.google.com/forum/#!topic/swupdate/scsUs0p8bGo
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+---
+ include/sslapi.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/sslapi.h b/include/sslapi.h
+index 323c844..c8b3dce 100644
+--- a/include/sslapi.h
++++ b/include/sslapi.h
+@@ -35,7 +35,9 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
+ #include <openssl/aes.h>
++#ifdef CONFIG_SIGALG_CMS
+ #include <openssl/cms.h>
++#endif
+ 
+ struct swupdate_digest {
+ 	EVP_PKEY *pkey;		/* this is used for RSA key */
+-- 
+2.13.0
+
diff --git a/package/swupdate/Config.in b/package/swupdate/Config.in
index dbc69f1fe..2b0da82f8 100644
--- a/package/swupdate/Config.in
+++ b/package/swupdate/Config.in
@@ -9,15 +9,16 @@ config BR2_PACKAGE_SWUPDATE
 	  swupdate provides a reliable way to update the software on an
 	  embedded system.
 
-	  swupdate is highly configurable to fit the targets requirements and
-	  to minimize the footprint. The provided default configuration file
-	  BR2_PACKAGE_SWUPDATE_CONFIG will enable swupdate with an embedded
-	  webserver, a parser and a handler for raw NAND or NOR flash.
+	  swupdate is highly configurable to fit the targets
+	  requirements and to minimize the footprint. The provided
+	  default configuration file BR2_PACKAGE_SWUPDATE_CONFIG will
+	  enable swupdate with an embedded webserver, a parser and a
+	  handler for raw NAND or NOR flash.
 
-	  The default configuration file builds a reasonable firmware update
-	  system with minimal external dependencies in my mind. If you like to
-	  use your own modified configuration, you have to select the
-	  necessary packages manually:
+	  The default configuration file builds a reasonable firmware
+	  update system with minimal external dependencies in my mind.
+	  If you like to use your own modified configuration, you have
+	  to select the necessary packages manually:
 
 	  * Select BR2_PACKAGE_LUA or BR2_PACKAGE_LUAJIT if you want
 	    to have Lua support.
@@ -25,13 +26,14 @@ config BR2_PACKAGE_SWUPDATE
 	    Note that for LuaJIT support, you need to set
 	    CONFIG_LUAVERSION="jit-5.1".
 	  * Select BR2_LIBCURL if you want to use the download feature.
-	  * Select BR2_PACKAGE_OPENSSL is you want to add encryption support.
+	  * Select BR2_PACKAGE_OPENSSL is you want to add encryption
+	    support.
 	  * Select BR2_PACKAGE_MTD if you want to use swupdate with UBI
 	    partitions.
-	  * Select BR2_PACKAGE_ZLIB if you want to deal with gzip compressed
-	    archives.
-	  * Select BR2_PACKAGE_UBOOT_TOOLS and BR2_PACKAGE_ZLIB to add support
-	    for setting the U-Boot environment.
+	  * Select BR2_PACKAGE_ZLIB if you want to deal with gzip
+	    compressed archives.
+	  * Select BR2_PACKAGE_UBOOT_TOOLS and BR2_PACKAGE_ZLIB to add
+	    support for setting the U-Boot environment.
 	  * Select BR2_PACKAGE_ZEROMQ to add support for using a remote
 	    handler.
 
@@ -45,8 +47,8 @@ config BR2_PACKAGE_SWUPDATE_CONFIG
 	help
 	  Path to the swupdate configuration file.
 
-	  I you wish to use your own modified swupdate configuration file
-	  specify the config file location with this option.
+	  I you wish to use your own modified swupdate configuration
+	  file specify the config file location with this option.
 
 config BR2_PACKAGE_SWUPDATE_INSTALL_WEBSITE
 	bool "install default website"
@@ -54,9 +56,9 @@ config BR2_PACKAGE_SWUPDATE_INSTALL_WEBSITE
 	help
 	  Install the provided website to /var/www/swupdate.
 
-	  This is necessary if you want to run swupdate with the embedded
-	  webserver and do not provide an own website to be installed to
-	  /var/www/swupdate.
+	  This is necessary if you want to run swupdate with the
+	  embedded webserver and do not provide an own website to be
+	  installed to /var/www/swupdate.
 endif
 
 comment "swupdate needs a toolchain w/ threads"
diff --git a/package/swupdate/swupdate.mk b/package/swupdate/swupdate.mk
index 560a2d430..98355d68f 100644
--- a/package/swupdate/swupdate.mk
+++ b/package/swupdate/swupdate.mk
@@ -59,6 +59,10 @@ ifeq ($(BR2_PACKAGE_OPENSSL),y)
 SWUPDATE_DEPENDENCIES += openssl
 SWUPDATE_MAKE_ENV += HAVE_LIBSSL=y
 SWUPDATE_MAKE_ENV += HAVE_LIBCRYPTO=y
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+SWUPDATE_DEPENDENCIES += libressl
+SWUPDATE_MAKE_ENV += HAVE_LIBSSL=y
+SWUPDATE_MAKE_ENV += HAVE_LIBCRYPTO=y
 else
 SWUPDATE_MAKE_ENV += HAVE_LIBSSL=n
 SWUPDATE_MAKE_ENV += HAVE_LIBCRYPTO=n
-- 
2.13.0

[Buildroot] [PATCH 14/15] janus-gateway: support libressl

[Adam Duskett]

In addition, add the patch 0003-support-libressl.
This fixes some preprocessor checks that determine whether
or not to use OpenSSL 1.1 or 1.0.x. Because LibreSSL returns 2.x
for the version numbers, the macros think that OpenSSL 1.1 should be
used. This patch checks to see if there is an LIBRESSL_VERSION_NUMBER
defined as well. This patch has been submitted to upstream.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/janus-gateway/0003-support-libressl.patch | 133 ++++++++++++++++++++++
 package/janus-gateway/Config.in                   |   2 +-
 package/janus-gateway/janus-gateway.mk            |   9 +-
 3 files changed, 142 insertions(+), 2 deletions(-)
 create mode 100644 package/janus-gateway/0003-support-libressl.patch

diff --git a/package/janus-gateway/0003-support-libressl.patch b/package/janus-gateway/0003-support-libressl.patch
new file mode 100644
index 000000000..6a9233228
--- /dev/null
+++ b/package/janus-gateway/0003-support-libressl.patch
@@ -0,0 +1,110 @@
+From d1645fd4615fe8f0d98dea2f80e121d656c2a820 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Wed, 12 Jul 2017 07:19:06 -0400
+Subject: [PATCH] support libressl
+
+This fixes some preprocessor checks that determine whether
+or not to use OpenSSL 1.1 or 1.0.x. Because LibreSSL returns 2.x
+the compiler thinks that OpenSSL 1.1 should be used. This patch
+checks to see if there is an LIBRESSL_VERSION_NUMBER defined
+as well as if the OPENSSL_VERSION_NUMBER is < 1.1.
+
+Upstream-Status: Pending 
+https://github.com/meetecho/janus-gateway/pull/954
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+---
+ dtls-bio.c | 18 +++++++++---------
+ dtls.c     |  6 +++---
+ 2 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/dtls-bio.c b/dtls-bio.c
+index 24e4749..a97c7c5 100644
+--- a/dtls-bio.c
++++ b/dtls-bio.c
+@@ -36,7 +36,7 @@ int janus_dtls_bio_filter_new(BIO *h);
+ int janus_dtls_bio_filter_free(BIO *data);
+ 
+ /* Filter initialization */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static BIO_METHOD janus_dtls_bio_filter_methods = {
+ 	BIO_TYPE_FILTER,
+ 	"janus filter",
+@@ -53,7 +53,7 @@ static BIO_METHOD janus_dtls_bio_filter_methods = {
+ static BIO_METHOD *janus_dtls_bio_filter_methods = NULL;
+ #endif
+ int janus_dtls_bio_filter_init(void) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	/* No initialization needed for OpenSSL pre-1.1.0 */
+ #else
+ 	janus_dtls_bio_filter_methods = BIO_meth_new(BIO_TYPE_FILTER | BIO_get_new_index(), "janus filter");
+@@ -67,7 +67,7 @@ int janus_dtls_bio_filter_init(void) {
+ 	return 0;
+ }
+ BIO_METHOD *BIO_janus_dtls_filter(void) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	return(&janus_dtls_bio_filter_methods);
+ #else
+ 	return janus_dtls_bio_filter_methods;
+@@ -88,7 +88,7 @@ int janus_dtls_bio_filter_new(BIO *bio) {
+ 	janus_mutex_init(&filter->mutex);
+ 	
+ 	/* Set the BIO as initialized */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	bio->init = 1;
+ 	bio->ptr = filter;
+ 	bio->flags = 0;
+@@ -105,7 +105,7 @@ int janus_dtls_bio_filter_free(BIO *bio) {
+ 		return 0;
+ 		
+ 	/* Get rid of the filter state */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	janus_dtls_bio_filter *filter = (janus_dtls_bio_filter *)bio->ptr;
+ #else
+ 	janus_dtls_bio_filter *filter = (janus_dtls_bio_filter *)BIO_get_data(bio);
+@@ -115,7 +115,7 @@ int janus_dtls_bio_filter_free(BIO *bio) {
+ 		filter->packets = NULL;
+ 		g_free(filter);
+ 	}
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	bio->ptr = NULL;
+ 	bio->init = 0;
+ 	bio->flags = 0;
+@@ -129,7 +129,7 @@ int janus_dtls_bio_filter_free(BIO *bio) {
+ int janus_dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
+ 	JANUS_LOG(LOG_HUGE, "janus_dtls_bio_filter_write: %p, %d\n", in, inl);
+ 	/* Forward data to the write BIO */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	long ret = BIO_write(bio->next_bio, in, inl);
+ #else
+ 	long ret = BIO_write(BIO_next(bio), in, inl);
+@@ -137,7 +137,7 @@ int janus_dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
+ 	JANUS_LOG(LOG_HUGE, "  -- %ld\n", ret);
+ 	
+ 	/* Keep track of the packet, as we'll advertize them one by one after a pending check */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	janus_dtls_bio_filter *filter = (janus_dtls_bio_filter *)bio->ptr;
+ #else
+ 	janus_dtls_bio_filter *filter = (janus_dtls_bio_filter *)BIO_get_data(bio);
+@@ -164,7 +164,7 @@ long janus_dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
+ 			return 0L;
+ 		case BIO_CTRL_PENDING: {
+ 			/* We only advertize one packet at a time, as they may be fragmented */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 			janus_dtls_bio_filter *filter = (janus_dtls_bio_filter *)bio->ptr;
+ #else
+ 			janus_dtls_bio_filter *filter = (janus_dtls_bio_filter *)BIO_get_data(bio);
+diff --git a/dtls.c b/dtls.c
+index 58089cb..ea8d7c9 100644
+--- a/dtls.c
++++ b/dtls.c
+@@ -106,7 +106,7 @@ void *janus_dtls_sctp_setup_thread(void *data);
+ #endif
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+  * DTLS locking stuff to make OpenSSL thread safe (not needed for 1.1.0)
+  *
+@@ -309,7 +309,7 @@ error:
+ /* DTLS-SRTP initialization */
+ gint janus_dtls_srtp_init(const char* server_pem, const char* server_key) {
+ 	const char *crypto_lib = NULL;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	crypto_lib = "OpenSSL pre-1.1.0";
+ 	/* First of all make OpenSSL thread safe (see note above on issue #316) */
+ 	janus_dtls_locks = g_malloc0(sizeof(*janus_dtls_locks) * CRYPTO_num_locks());
+@@ -328,7 +328,7 @@ gint janus_dtls_srtp_init(const char* server_pem, const char* server_key) {
+ 	JANUS_LOG(LOG_INFO, "Crypto: %s\n", crypto_lib);
+ 
+ 	/* Go on and create the DTLS context */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	ssl_ctx = SSL_CTX_new(DTLSv1_method());
+ #else
+ 	ssl_ctx = SSL_CTX_new(DTLS_method());
+-- 
+2.13.0
+
diff --git a/package/janus-gateway/Config.in b/package/janus-gateway/Config.in
index 5bd4e9586..4062c6eca 100644
--- a/package/janus-gateway/Config.in
+++ b/package/janus-gateway/Config.in
@@ -8,7 +8,7 @@ menuconfig BR2_PACKAGE_JANUS_GATEWAY
 	select BR2_PACKAGE_LIBGLIB2
 	select BR2_PACKAGE_LIBNICE
 	select BR2_PACKAGE_LIBSRTP
-	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
 	help
 	  Janus is an open source, general purpose, WebRTC gateway
 	  designed and developed by Meetecho.
diff --git a/package/janus-gateway/janus-gateway.mk b/package/janus-gateway/janus-gateway.mk
index b32fc9ac5..858bd47a5 100644
--- a/package/janus-gateway/janus-gateway.mk
+++ b/package/janus-gateway/janus-gateway.mk
@@ -11,7 +11,14 @@ JANUS_GATEWAY_LICENSE_FILES = COPYING
 
 # ding-libs provides the ini_config library
 JANUS_GATEWAY_DEPENDENCIES = host-pkgconf jansson libnice \
-	libsrtp host-gengetopt libglib2 openssl
+	libsrtp host-gengetopt libglib2
+
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+JANUS_GATEWAY_DEPENDENCIES += openssl
+endif
+ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+JANUS_GATEWAY_DEPENDENCIES += libressl
+endif
 
 # Straight out of the repository, no ./configure, and we also patch
 # configure.ac.
-- 
2.13.0

[Buildroot] [PATCH 15/15] sngrep: support libressl

[Adam Duskett]

Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
 package/sngrep/sngrep.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/sngrep/sngrep.mk b/package/sngrep/sngrep.mk
index 9b6240875..1d502c734 100644
--- a/package/sngrep/sngrep.mk
+++ b/package/sngrep/sngrep.mk
@@ -24,6 +24,9 @@ endif
 ifeq ($(BR2_PACKAGE_OPENSSL),y)
 SNGREP_DEPENDENCIES += openssl
 SNGREP_CONF_OPTS += --with-openssl --without-gnutls
+else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
+SNGREP_DEPENDENCIES += libressl
+SNGREP_CONF_OPTS += --with-openssl --without-gnutls
 # gnutls support also requires libgcrypt
 else ifeq ($(BR2_PACKAGE_GNUTLS)$(BR2_PACKAGE_LIBGCRYPT),yy)
 SNGREP_DEPENDENCIES += gnutls
-- 
2.13.0

[Buildroot] [PATCH 02/15] libwebsockets: support libressl

[Thomas Petazzoni]

Hello,

On Fri, 14 Jul 2017 14:15:24 -0400, Adam Duskett wrote:

> +else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
> +LIBWEBSOCKETS_DEPENDENCIES += libressl host-openssl
> +LIBWEBSOCKETS_CONF_OPTS += -DLWS_WITH_SSL=ON

I'm wondering: do we want to mix using libressl on the target, and
openssl on the host?

I don't necessarily see a big problem with this, but I'm just
wondering, since it might be a bit confusing.

Arnout, what do you think?

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

[Buildroot] [PATCH 01/15] libressl: bump version to 2.5.5

[Thomas Petazzoni]

Hello,

On Fri, 14 Jul 2017 14:15:23 -0400, Adam Duskett wrote:
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
>  package/libressl/libressl.hash | 2 +-
>  package/libressl/libressl.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH 02/15] libwebsockets: support libressl

[Adam Duskett]

Hello;

On Fri, Jul 14, 2017 at 6:08 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Fri, 14 Jul 2017 14:15:24 -0400, Adam Duskett wrote:
>
>> +else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
>> +LIBWEBSOCKETS_DEPENDENCIES += libressl host-openssl
>> +LIBWEBSOCKETS_CONF_OPTS += -DLWS_WITH_SSL=ON
>
> I'm wondering: do we want to mix using libressl on the target, and
> openssl on the host?
>
> I don't necessarily see a big problem with this, but I'm just
> wondering, since it might be a bit confusing.
>
I know you asked Arnout, but I wanted to throw my two cents in here
as well.

If I make libressl a host package, Libwebsockets compiles and works
just fine with it.  I would personally like to make libressl a host package as
well.

> Arnout, what do you think?
>
> Best regards,
>
> Thomas
> --
> Thomas Petazzoni, CTO, Free Electrons
> Embedded Linux and Kernel engineering
> http://free-electrons.com

[Buildroot] [PATCH 02/15] libwebsockets: support libressl

[Arnout Vandecappelle]

On 15-07-17 19:32, Adam Duskett wrote:
> Hello;
> 
> On Fri, Jul 14, 2017 at 6:08 PM, Thomas Petazzoni
> <thomas.petazzoni@free-electrons.com> wrote:
>> Hello,
>>
>> On Fri, 14 Jul 2017 14:15:24 -0400, Adam Duskett wrote:
>>
>>> +else ifeq ($(BR2_PACKAGE_LIBRESSL),y)
>>> +LIBWEBSOCKETS_DEPENDENCIES += libressl host-openssl
>>> +LIBWEBSOCKETS_CONF_OPTS += -DLWS_WITH_SSL=ON
>>
>> I'm wondering: do we want to mix using libressl on the target, and
>> openssl on the host?
>>
>> I don't necessarily see a big problem with this, but I'm just
>> wondering, since it might be a bit confusing.
>>
> I know you asked Arnout, but I wanted to throw my two cents in here
> as well.
> 
> If I make libressl a host package, Libwebsockets compiles and works
> just fine with it.  I would personally like to make libressl a host package as
> well.

 Sounds good to me. If libressl ever becomes a virtual package, it will go that
route anyway.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF