[Buildroot] OpenSSL v3.0

[Buildroot] OpenSSL v3.0

[Afshin Pir]

[-- Attachment #1.1: Type: text/plain, Size: 716 bytes --]

Hi

I wonder whether buildroot currently working on OpenSSL v3.0 package def or not. If not, what are the challenges for building this package? Because I need to migrate to OpenSSL v3.0 in my buildroot and I like to know how I can do it.

Best Regards,
Afshin
________________________________
This email is confidential and may contain information subject to legal privilege. If you are not the intended recipient please advise us of our error by return e-mail then delete this email and any attached files. You may not copy, disclose or use the contents in any way. The views expressed in this email may not be those of Gallagher Group Ltd or subsidiary companies thereof.
________________________________

[-- Attachment #1.2: Type: text/html, Size: 2364 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Peter Korsgaard]

>>>>> "Afshin" == Afshin Pir <Afshin.Pir@gallagher.com> writes:

 > Hi
 > I wonder whether buildroot currently working on OpenSSL v3.0 package
 > def or not. If not, what are the challenges for building this package?
 > Because I need to migrate to OpenSSL v3.0 in my buildroot and I like
 > to know how I can do it.

There has been various discussions but currently no concrete patches for
openssl 3.0 support. Most likely not all packages will work with openssl
3.0, so we might need to keep the current openssl 1.1 package for a bit
and offer openssl 3.0 as a separate package.

Openssl 1.1.x indeed goes EOL in September, so it would be great if
someone could work on it soon!

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[May, Torsten]

[-- Attachment #1.1.1: Type: text/plain, Size: 102 bytes --]

Hi Peter,

as September is approaching quickly, is there any progress on that topic?

BR Torsten

[-- Attachment #1.1.2: Type: text/html, Size: 477 bytes --]

[-- Attachment #1.2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 8122 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Peter Korsgaard]

>>>>> "May," == May, Torsten <torsten.may@ebee.de> writes:

 > Hi Peter,
 > as September is approaching quickly, is there any progress on that topic?

Unfortunately not. So far no patches for openssl 3.x have been
submitted.

If you are using openssl then now would be a VERY good time to
contribute an update to the 3.x series.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Danny Wood]

[-- Attachment #1: Type: text/plain, Size: 854 bytes --]

On 19/06/2023 14:26, Peter Korsgaard wrote:
>>>>>> "May," == May, Torsten <torsten.may@ebee.de> writes:
>   > Hi Peter,
>   > as September is approaching quickly, is there any progress on that topic?
>
> Unfortunately not. So far no patches for openssl 3.x have been
> submitted.
>
> If you are using openssl then now would be a VERY good time to
> contribute an update to the 3.x series.
>

Hi,

Attached is a patch I have made to build v3.0.9 of OpenSSL (LTS until 2026).

Everything in my build tree compiled fine with the new version apart 
from MariaDB which also needed updating, attached is an additional patch 
which updates MariaDB to v10.11.4 (LTS until 2026)

These both apply on top of the 2023.02.2 buildroot tar balls.

I have been running these updated packages for a couple of days and 
haven't had any issues so far.

Kind regards,
Danny

[-- Attachment #2: 0002-package-libopenssl-bump-version-to-3.0.9.patch --]
[-- Type: text/x-patch, Size: 15309 bytes --]

From 9b4779efb614c897ee0f8312ee455a3db5906864 Mon Sep 17 00:00:00 2001
From: Danny Wood <danny@rotronics.co.uk>
Date: Tue, 20 Jun 2023 13:38:22 +0100
Subject: [PATCH 2/2] package/libopenssl: bump version to 3.0.9

Rebase patches onto new version

Remove 0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch,
0006-Add-support-for-io_pgetevents_time64-syscall.patch, and
0007-Fixup-support-for-io_pgetevents_time64-syscall.patch as these are
already applied upstream
---
 ...building-manpages-if-we-re-not-going.patch |  8 +-
 ...ible-build-do-not-leak-compiler-path.patch |  8 +-
 ...ENSSL_NO_MADVISE-to-disable-call-to-.patch |  2 +-
 ...m-ppc-xlate.pl-add-linux64v2-flavour.patch | 64 ------------
 ...ort-for-io_pgetevents_time64-syscall.patch | 61 ------------
 ...ort-for-io_pgetevents_time64-syscall.patch | 98 -------------------
 package/libopenssl/libopenssl.hash            |  2 +-
 package/libopenssl/libopenssl.mk              |  2 +-
 8 files changed, 11 insertions(+), 234 deletions(-)
 delete mode 100644 package/libopenssl/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
 delete mode 100644 package/libopenssl/0006-Add-support-for-io_pgetevents_time64-syscall.patch
 delete mode 100644 package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch

diff --git a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
index 6527bc23..ed4590dd 100644
--- a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
+++ b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
@@ -19,14 +19,14 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
 index 40cf2c3..777d9ca 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
-@@ -491,7 +491,7 @@ list-tests:
+@@ -546,7 +546,7 @@ list-tests:
  	@echo "Tests are not supported with your chosen Configure options"
  	@ : {- output_on() if !$disabled{tests}; "" -}
  
--install: install_sw install_ssldirs install_docs
-+install: install_sw install_ssldirs
+-install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -}
++install: install_sw install_ssldirs {- $disabled{fips} ? "" : "install_fips" -}
  
- uninstall: uninstall_docs uninstall_sw
+ uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -}
  
 -- 
 2.16.3
diff --git a/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch b/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
index 820c2add..ea26a310 100644
--- a/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
+++ b/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
@@ -15,15 +15,15 @@ diff --git a/crypto/build.info b/crypto/build.info
 index 2c619c6..49ca6ab 100644
 --- a/crypto/build.info
 +++ b/crypto/build.info
-@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
-         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+@@ -111,7 +111,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
  
+ DEPEND[info.o]=buildinf.h
  DEPEND[cversion.o]=buildinf.h
 -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
 +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
- DEPEND[buildinf.h]=../configdata.pm
  
- GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
+ GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
+ GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
 -- 
 2.20.1
 
diff --git a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
index ef40b035..425adea5 100644
--- a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
+++ b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
@@ -13,7 +13,7 @@ diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
 index 9e0f670..32c7282 100644
 --- a/crypto/mem_sec.c
 +++ b/crypto/mem_sec.c
-@@ -491,7 +491,7 @@ static int sh_init(size_t size, int minsize)
+@@ -557,7 +557,7 @@ static int sh_init(size_t size, int minsize)
      if (mlock(sh.arena, sh.arena_size) < 0)
          ret = 2;
  #endif
diff --git a/package/libopenssl/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch b/package/libopenssl/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
deleted file mode 100644
index 30bddc23..00000000
--- a/package/libopenssl/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 07a0bbdd179a52907485fd793f0df31c097447af Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Sun, 5 May 2019 18:25:50 +0200
-Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is a big endian ELFv2 configuration. ELFv2 was already being
-used for little endian, and big endian was traditionally ELFv1
-but there are practical configurations that use ELFv2 with big
-endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.)
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8883)
-Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
----
- crypto/perlasm/ppc-xlate.pl | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
-index d220c6245b..eec82b8d48 100755
---- a/crypto/perlasm/ppc-xlate.pl
-+++ b/crypto/perlasm/ppc-xlate.pl
-@@ -49,7 +49,7 @@ my $globl = sub {
- 	/osx/		&& do { $name = "_$name";
- 				last;
- 			      };
--	/linux.*(32|64le)/
-+	/linux.*(32|64(le|v2))/
- 			&& do {	$ret .= ".globl	$name";
- 				if (!$$type) {
- 				    $ret .= "\n.type	$name,\@function";
-@@ -80,7 +80,7 @@ my $globl = sub {
- };
- my $text = sub {
-     my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
--    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64le/);
-+    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64(le|v2)/);
-     $ret;
- };
- my $machine = sub {
-@@ -186,7 +186,7 @@ my $vmr = sub {
- 
- # Some ABIs specify vrsave, special-purpose register #256, as reserved
- # for system use.
--my $no_vrsave = ($flavour =~ /aix|linux64le/);
-+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/);
- my $mtspr = sub {
-     my ($f,$idx,$ra) = @_;
-     if ($idx == 256 && $no_vrsave) {
-@@ -318,7 +318,7 @@ while($line=<>) {
- 	if ($label) {
- 	    my $xlated = ($GLOBALS{$label} or $label);
- 	    print "$xlated:";
--	    if ($flavour =~ /linux.*64le/) {
-+	    if ($flavour =~ /linux.*64(le|v2)/) {
- 		if ($TYPES{$label} =~ /function/) {
- 		    printf "\n.localentry	%s,0\n",$xlated;
- 		}
--- 
-2.25.0
-
diff --git a/package/libopenssl/0006-Add-support-for-io_pgetevents_time64-syscall.patch b/package/libopenssl/0006-Add-support-for-io_pgetevents_time64-syscall.patch
deleted file mode 100644
index 0f59fa64..00000000
--- a/package/libopenssl/0006-Add-support-for-io_pgetevents_time64-syscall.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Mon Sep 17 00:00:00 2001
-From: Alistair Francis <alistair.francis@wdc.com>
-Date: Thu, 29 Aug 2019 13:56:21 -0700
-Subject: [PATCH] Add support for io_pgetevents_time64 syscall
-
-32-bit architectures that are y2038 safe don't include syscalls that use
-32-bit time_t. Instead these architectures have suffixed syscalls that
-always use a 64-bit time_t. In the case of the io_getevents syscall the
-syscall has been replaced with the io_pgetevents_time64 syscall instead.
-
-This patch changes the io_getevents() function to use the correct
-syscall based on the avaliable syscalls and the time_t size. We will
-only use the new 64-bit time_t syscall if the architecture is using a
-64-bit time_t. This is to avoid having to deal with 32/64-bit
-conversions and relying on a 64-bit timespec struct on 32-bit time_t
-platforms. As of Linux 5.3 there are no 32-bit time_t architectures
-without __NR_io_getevents. In the future if a 32-bit time_t architecture
-wants to use the 64-bit syscalls we can handle the conversion.
-
-This fixes build failures on 32-bit RISC-V.
-
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-(Merged from https://github.com/openssl/openssl/pull/9819)
----
- engines/e_afalg.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/engines/e_afalg.c b/engines/e_afalg.c
-index dacbe358cb..99516cb1bb 100644
---- a/engines/e_afalg.c
-+++ b/engines/e_afalg.c
-@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
-                                struct io_event *events,
-                                struct timespec *timeout)
- {
-+#if defined(__NR_io_getevents)
-     return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
-+#elif defined(__NR_io_pgetevents_time64)
-+    /* Let's only support the 64 suffix syscalls for 64-bit time_t.
-+     * This simplifies the code for us as we don't need to use a 64-bit
-+     * version of timespec with a 32-bit time_t and handle converting
-+     * between 64-bit and 32-bit times and check for overflows.
-+     */
-+    if (sizeof(timeout->tv_sec) == 8)
-+        return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
-+    else {
-+        errno = ENOSYS;
-+        return -1;
-+    }
-+#else
-+# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
-+#endif
- }
- 
- static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
--- 
-2.25.1
-
diff --git a/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch b/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch
deleted file mode 100644
index 7b003e48..00000000
--- a/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From e5499a3cac1e823c3e0697e8667e952317b70cc8 Mon Sep 17 00:00:00 2001
-From: Alistair Francis <alistair.francis@wdc.com>
-Date: Thu, 4 Mar 2021 12:10:11 -0500
-Subject: [PATCH] Fixup support for io_pgetevents_time64 syscall
-
-This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
-"Add support for io_pgetevents_time64 syscall" that didn't correctly
-work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V.
-
-For a full discussion of the issue see:
-https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
-
-Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/14432)
----
- engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 42 insertions(+), 13 deletions(-)
-
-diff --git a/engines/e_afalg.c b/engines/e_afalg.c
-index 9480d7c24b..4e9d67db2d 100644
---- a/engines/e_afalg.c
-+++ b/engines/e_afalg.c
-@@ -121,27 +121,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
-     return syscall(__NR_io_submit, ctx, n, iocb);
- }
- 
-+/* A version of 'struct timespec' with 32-bit time_t and nanoseconds.  */
-+struct __timespec32
-+{
-+  __kernel_long_t tv_sec;
-+  __kernel_long_t tv_nsec;
-+};
-+
- static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
-                                struct io_event *events,
-                                struct timespec *timeout)
- {
-+#if defined(__NR_io_pgetevents_time64)
-+    /* Check if we are a 32-bit architecture with a 64-bit time_t */
-+    if (sizeof(*timeout) != sizeof(struct __timespec32)) {
-+        int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events,
-+                          timeout, NULL);
-+        if (ret == 0 || errno != ENOSYS)
-+            return ret;
-+    }
-+#endif
-+
- #if defined(__NR_io_getevents)
--    return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
--#elif defined(__NR_io_pgetevents_time64)
--    /* Let's only support the 64 suffix syscalls for 64-bit time_t.
--     * This simplifies the code for us as we don't need to use a 64-bit
--     * version of timespec with a 32-bit time_t and handle converting
--     * between 64-bit and 32-bit times and check for overflows.
--     */
--    if (sizeof(timeout->tv_sec) == 8)
--        return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
-+    if (sizeof(*timeout) == sizeof(struct __timespec32))
-+        /*
-+         * time_t matches our architecture length, we can just use
-+         * __NR_io_getevents
-+         */
-+        return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
-     else {
--        errno = ENOSYS;
--        return -1;
-+        /*
-+         * We don't have __NR_io_pgetevents_time64, but we are using a
-+         * 64-bit time_t on a 32-bit architecture. If we can fit the
-+         * timeout value in a 32-bit time_t, then let's do that
-+         * and then use the __NR_io_getevents syscall.
-+         */
-+        if (timeout && timeout->tv_sec == (long)timeout->tv_sec) {
-+            struct __timespec32 ts32;
-+
-+            ts32.tv_sec = (__kernel_long_t) timeout->tv_sec;
-+            ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec;
-+
-+            return syscall(__NR_io_getevents, ctx, min, max, events, ts32);
-+        } else {
-+            return syscall(__NR_io_getevents, ctx, min, max, events, NULL);
-+        }
-     }
--#else
--# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
- #endif
-+
-+    errno = ENOSYS;
-+    return -1;
- }
- 
- static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
--- 
-2.25.1
-
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 708926de..681e5429 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
 # From https://www.openssl.org/source/openssl-1.1.1u.tar.gz.sha256
-sha256  e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6  openssl-1.1.1u.tar.gz
+sha256  eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90  openssl-3.0.9.tar.gz
 
 # License files
 sha256  c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c  LICENSE
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 178979f4..746c6916 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.1.1u
+LIBOPENSSL_VERSION = 3.0.9
 LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay
-- 
2.41.0


[-- Attachment #3: 0001-package-mariadb-update-to-version-10.11.4.patch --]
[-- Type: text/x-patch, Size: 4138 bytes --]

From 436e7303581e534727f7a99616e8c245d523c33b Mon Sep 17 00:00:00 2001
From: Danny Wood <danny@rotronics.co.uk>
Date: Tue, 20 Jun 2023 12:18:55 +0100
Subject: [PATCH 1/2] package/mariadb: update to version 10.11.4

Remove 0002-include-ssl_compat.h-fix-build-with-libressl-3.5.0.patch as it is now upstream

Release notes: https://mariadb.com/kb/en/mariadb-10-11-4-release-notes/
Changelog: https://mariadb.com/kb/en/mariadb-10-11-4-changelog/
---
 ...mpat.h-fix-build-with-libressl-3.5.0.patch | 39 -------------------
 package/mariadb/mariadb.hash                  |  4 +-
 package/mariadb/mariadb.mk                    |  2 +-
 3 files changed, 3 insertions(+), 42 deletions(-)
 delete mode 100644 package/mariadb/0002-include-ssl_compat.h-fix-build-with-libressl-3.5.0.patch

diff --git a/package/mariadb/0002-include-ssl_compat.h-fix-build-with-libressl-3.5.0.patch b/package/mariadb/0002-include-ssl_compat.h-fix-build-with-libressl-3.5.0.patch
deleted file mode 100644
index fd3e6e66..00000000
--- a/package/mariadb/0002-include-ssl_compat.h-fix-build-with-libressl-3.5.0.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 79ed770a37c8669390a58a4485dd8f5565fe2497 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 15 Jan 2023 19:12:05 +0100
-Subject: [PATCH] include/ssl_compat.h: fix build with libressl >= 3.5.0
-
-Fix the following build failure with libressl >= 3.5.0:
-
-In file included from /tmp/instance-10/output-1/build/mariadb-10.3.36/vio/viosslfactories.c:18:
-/tmp/instance-10/output-1/build/mariadb-10.3.36/vio/viosslfactories.c: In function 'get_dh2048':
-/tmp/instance-10/output-1/build/mariadb-10.3.36/include/ssl_compat.h:68:45: error: invalid use of incomplete typedef 'DH' {aka 'struct dh_st'}
-   68 | #define DH_set0_pqg(D,P,Q,G)            ((D)->p= (P), (D)->g= (G))
-      |                                             ^~
-
-Fixes:
- - http://autobuild.buildroot.org/results/524198344aafca58d214537af64c5961c407b0f8
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/MariaDB/server/pull/2435]
----
- include/ssl_compat.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/include/ssl_compat.h b/include/ssl_compat.h
-index 664f3aac87c..3678e5fa084 100644
---- a/include/ssl_compat.h
-+++ b/include/ssl_compat.h
-@@ -19,7 +19,8 @@
- /* OpenSSL version specific definitions */
- #if defined(OPENSSL_VERSION_NUMBER)
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-+	!(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000L)
- #define HAVE_OPENSSL11 1
- #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
- #define ERR_remove_state(X) ERR_clear_error()
--- 
-2.39.0
-
diff --git a/package/mariadb/mariadb.hash b/package/mariadb/mariadb.hash
index c4064cff..bacb0b28 100644
--- a/package/mariadb/mariadb.hash
+++ b/package/mariadb/mariadb.hash
@@ -1,5 +1,5 @@
-# From https://downloads.mariadb.org/mariadb/10.3.36
-sha512  321b4c48fcea4413eb239c4904c806306de660f2844edfa1d2a2a15213db287070d0f923db976588dfe329559d565bd98bddef3aaf8f14502f8c3db2ee27757a  mariadb-10.3.36.tar.gz
+# From https://downloads.mariadb.org/mariadb/10.11.4
+sha512  62fc05395857dd036ebeed53b1ff0ecd9abd95ce8e5316194286521caae0f9452cf96a93613adec809e39e1d8ef20c330b24fee82b3bb90ee27a84f2bbd0d8d2  mariadb-10.11.4.tar.gz
 
 # Hash for license files
 sha256  084aa0007efac6dda6aafffb3f3ef8b66b105862dad7ee23f6a4b52813f84464  README.md
diff --git a/package/mariadb/mariadb.mk b/package/mariadb/mariadb.mk
index 5fb88762..a743d020 100644
--- a/package/mariadb/mariadb.mk
+++ b/package/mariadb/mariadb.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-MARIADB_VERSION = 10.3.36
+MARIADB_VERSION = 10.11.4
 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source
 MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library)
 # Tarball no longer contains LGPL license text
-- 
2.41.0


[-- Attachment #4: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Peter Korsgaard]

>>>>> "Danny" == Danny Wood <danny@rotronics.co.uk> writes:

 > On 19/06/2023 14:26, Peter Korsgaard wrote:
 >>>>>>> "May," == May, Torsten <torsten.may@ebee.de> writes:
 >> > Hi Peter,
 >> > as September is approaching quickly, is there any progress on that topic?
 >> 
 >> Unfortunately not. So far no patches for openssl 3.x have been
 >> submitted.
 >> 
 >> If you are using openssl then now would be a VERY good time to
 >> contribute an update to the 3.x series.
 >> 

 > Hi,

 > Attached is a patch I have made to build v3.0.9 of OpenSSL (LTS until 2026).

 > Everything in my build tree compiled fine with the new version apart
 > from MariaDB which also needed updating, attached is an additional
 > patch which updates MariaDB to v10.11.4 (LTS until 2026)

 > These both apply on top of the 2023.02.2 buildroot tar balls.

 > I have been running these updated packages for a couple of days and
 > haven't had any issues so far.

Committed the mariadb bump to master after fixing the README.md hash,
thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Konrad Gräfe]

[-- Attachment #1.1.1: Type: text/plain, Size: 4529 bytes --]

On 22/06/23 11:24, Danny Wood wrote:
 > On 19/06/2023 14:26, Peter Korsgaard wrote:
 >>>>>>> "May," == May, Torsten <torsten.may@ebee.de> writes:
 >>   > Hi Peter,
 >>   > as September is approaching quickly, is there any progress on 
that topic?
 >>
 >> Unfortunately not. So far no patches for openssl 3.x have been
 >> submitted.
 >>
 >> If you are using openssl then now would be a VERY good time to
 >> contribute an update to the 3.x series.
 >>
 >
 > Hi,
 >
 > Attached is a patch I have made to build v3.0.9 of OpenSSL (LTS until 
2026).
 >
 > Everything in my build tree compiled fine with the new version apart 
from MariaDB which also needed updating, attached is an additional patch 
which updates MariaDB to v10.11.4 (LTS until 2026)
 >
 > These both apply on top of the 2023.02.2 buildroot tar balls.
 >
 > I have been running these updated packages for a couple of days and 
haven't had any issues so far.
 >
 > Kind regards,
 > Danny

Hi Danny,

thanks for picking this up. I tried your patch on our own system and it 
seems to work here as well. I do have a few comments though:

 > diff --git 
a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch 
b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
 > index 6527bc23..ed4590dd 100644
 > --- 
a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
 > +++ 
b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch

nit: The patch should have a rebase comment and your sign-off in the 
trailer of the commit message, e.g.
      [rebased on 3.0.9]
      Signed-off-by: Danny Wood <danny@rotronics.co.uk>

 > @@ -19,14 +19,14 @@ diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tm
 >  index 40cf2c3..777d9ca 100644
 >  --- a/Configurations/unix-Makefile.tmpl
 >  +++ b/Configurations/unix-Makefile.tmpl

nit: missing trailer (see above)

 > diff --git 
a/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch 
b/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
 > index 820c2add..ea26a310 100644
 > --- 
a/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
 > +++ 
b/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
 > @@ -15,15 +15,15 @@ diff --git a/crypto/build.info b/crypto/build.info

nit: missing trailer (see above)

 > diff --git 
a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch 
b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
 > index ef40b035..425adea5 100644
 > --- 
a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
 > +++ 
b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch

nit: missing trailer (see above)

 > diff --git a/package/libopenssl/libopenssl.hash 
b/package/libopenssl/libopenssl.hash
 > index 708926de..681e5429 100644
 > --- a/package/libopenssl/libopenssl.hash
 > +++ b/package/libopenssl/libopenssl.hash
 > @@ -1,5 +1,5 @@
 >  # From https://www.openssl.org/source/openssl-1.1.1u.tar.gz.sha256
 > -sha256 
e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6 
openssl-1.1.1u.tar.gz
 > +sha256 
eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90 
openssl-3.0.9.tar.gz
 >
 >  # License files
 >  sha256 
c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c  LICENSE
 > diff --git a/package/libopenssl/libopenssl.mk 
b/package/libopenssl/libopenssl.mk

The license has been changed to Apache-2.0 and the LICENSE file got 
renamed to LICENSE.txt. You can check that everything is in place with 
"make legal-info".

 > index 178979f4..746c6916 100644
 > --- a/package/libopenssl/libopenssl.mk
 > +++ b/package/libopenssl/libopenssl.mk
 > @@ -4,7 +4,7 @@
 >  #
 > 
################################################################################
 >
 > -LIBOPENSSL_VERSION = 1.1.1u
 > +LIBOPENSSL_VERSION = 3.0.9
 >  LIBOPENSSL_SITE = https://www.openssl.org/source
 >  LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 >  LIBOPENSSL_LICENSE = OpenSSL or SSLeay
 >  LIBOPENSSL_LICENSE_FILES = LICENSE

Update LIBOPENSSL_LICENSE and LIBOPENSSL_LICENSE_FILES.

Regards,
Konrad Gräfe

PS: Sorry for reposting. I did not know I need to subscribe to the list 
in order to post.

[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Bernd Kuhls]

Am Thu, 22 Jun 2023 10:24:28 +0100 schrieb Danny Wood:

> Attached is a patch I have made to build v3.0.9 of OpenSSL (LTS until
> 2026).
> 
> Everything in my build tree compiled fine with the new version

Hi Danny,

uploaded your patch so it appears in patchworks:
https://patchwork.ozlabs.org/project/buildroot/patch/
20230714162339.1907504-1-bernd@kuhls.net/

It works fine for me as well.

Regards, Bernd

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] OpenSSL v3.0

[Bernd Kuhls]

Am Fri, 14 Jul 2023 12:29:55 +0200 schrieb Konrad Gräfe:

> thanks for picking this up. I tried your patch on our own system and it
> seems to work here as well. I do have a few comments though:

Hi Konrad,

sorry, just saw your post after I sent v1 of Dannys patch to the 
mailinglist. I updated the license according to your comments but did not 
update the missing s-o-b lines in the patch files.

https://patchwork.ozlabs.org/project/buildroot/patch/
20230714164102.2175760-1-bernd@kuhls.net/

Regards, Bernd

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot