* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
@ 2019-01-17 18:16 Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 2/4] freeswitch: bump to git master 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e Peter Seiderer
` (4 more replies)
0 siblings, 5 replies; 17+ messages in thread
From: Peter Seiderer @ 2019-01-17 18:16 UTC (permalink / raw)
To: buildroot
- remove all parallel build patches (openssl build-system changed)
- rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
to apply to Configurations/unix-Makefile.tmpl (Makefile template)
- removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
(upstream applied)
- rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
apply to crypto/build.info (Makefile template)
- fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
- remove legacy enable-tlsext configure option
- remove target/host libdir configure options, fixes openssl.pc installation
path, fixes wget compile
- change legacy INSTALL_PREFIX to DESTDIR
- remove 'libraries gets installed read only, so strip fails'
workaround (not needed anymore)
- change engine directory from /usr/lib/engines to
/usr/lib/engines-1.1
- change license file hash, no license change, only the following
hint was removed:
Actually both licenses are BSD-style Open Source licenses.
In case of any license issues related to OpenSSL please
contact openssl-core at openssl.org.
- fix host-libopenssl compile setting rpath as decribed in
libopenssl-1.1.0h/NOTES.UNIX
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
Changes v4 -> v5:
- remove libdir config options (suggested by Arnout Vandecappelle)
Changes v3 -> v4:
- bump version to 1.1.1a
- remove all parallel build patches hash file entries
- re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
(upstream applied)
- fix hist library install path
- removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
(upstram applied)
- remove follow up patch for openssh (not longer needed since
version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
Portability)
Changes v2 -> v3:
- no changes
Changes v1 -> v2:
- add OPENSSL_NO_ASYNC workaround for musl compile too
(suggested by Bernd Kuhls)
- fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
(suggested by Ryan Coe)
- fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
to the Makefile templates (instead of re-generated Makefile)
(reported by Ryan Coe)
- add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
(suggested by Bernd Kuhls)
Notes:
- There was a previous attempt to bump the openssl version by
David Mosberger <davidm@egauge.net>. I could not find the
corresponding patch in patchwork or on the mailing list,
only a reply by Arnout Vandecappelle (see [2]) and the
answer by David Mosberger (see [3]).
- Compile checked packages (depending explicit on libopenssl or host-libopenssl):
O.k:
- hostapd
- libpjsip
- host-mariadb (with patch)
- mosquitto
- wpa_supplicant
Failure:
- softether/host-softether
- mariadb (cmake configure error, maybe unrelated?)
- Compile checked packages (depending on openssl or host-openssl):
O.k.:
- alljoyn-base
- apache
- apr
- apr-util
- freeswitch
- openssh
- pound (with patch https://patchwork.ozlabs.org/patch/962157 )
Failure:
- android-tools
[2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
[3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
---
...building-manpages-if-we-re-not-going.patch | 34 +-
...-Fix-issue-with-signature-generation.patch | 450 ------------------
...ible-build-do-not-leak-compiler-path.patch | 31 +-
package/libopenssl/libopenssl.hash | 15 +-
package/libopenssl/libopenssl.mk | 41 +-
5 files changed, 60 insertions(+), 511 deletions(-)
delete mode 100644 package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
diff --git a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
index 10d2b7526c..f20b6f0834 100644
--- a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
+++ b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
@@ -1,27 +1,31 @@
-From 389efb564fa1453a9da835393eec9006bfae2a52 Mon Sep 17 00:00:00 2001
+From d8f104bffb0c4acb8c5fcdf49628f7d02ed48f7f Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 16 May 2015 18:53:51 +0200
-Subject: Dont waste time building manpages if we're not going to use em.
+Subject: [PATCH] Dont waste time building manpages if we're not going to use
+ em.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
[Gustavo: update for parallel-build]
+
+[rebased on openssl-1.1.0h]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
- Makefile.org | 2 +-
+ Configurations/unix-Makefile.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/Makefile.org b/Makefile.org
-index 60f07cc..976ceaf 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -527,7 +527,7 @@ dist:
- dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 40cf2c3..777d9ca 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -268,7 +268,7 @@ list-tests:
+ @echo "Tests are not supported with your chosen Configure options"
+ @ : {- output_on() if !$disabled{tests}; "" -}
+
+-install: install_sw install_ssldirs install_docs
++install: install_sw install_ssldirs
--install: install_docs install_sw
-+install: install_sw
+ uninstall: uninstall_docs uninstall_sw
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--
-1.9.1
+2.16.3
diff --git a/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch b/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
deleted file mode 100644
index 47295500c0..0000000000
--- a/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
+++ /dev/null
@@ -1,450 +0,0 @@
-From 90fd7e8f1a316cda86ee442b43fcd7d5e5baeede Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Sat, 16 May 2015 18:55:08 +0200
-Subject: cryptodev: Fix issue with signature generation
-
-Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
-from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
-It was originally targetted at 1.0.2-beta3.
-
-Without this patch digest acceleration via cryptodev is broken.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
----
- crypto/engine/eng_cryptodev.c | 195 +++++++++++++++++++++++++++++++-----------
- 1 file changed, 146 insertions(+), 49 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 926d95c..7021d9a 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2,6 +2,7 @@
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
-@@ -72,7 +73,6 @@ struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
- # ifdef USE_CRYPTODEV_DIGESTS
-- char dummy_mac_key[HASH_MAX_LEN];
- unsigned char digest_res[HASH_MAX_LEN];
- char *mac_data;
- int mac_len;
-@@ -189,8 +189,10 @@ static struct {
- static struct {
- int id;
- int nid;
-- int keylen;
-+ int digestlen;
- } digests[] = {
-+#if 0
-+ /* HMAC is not supported */
- {
- CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
- },
-@@ -198,15 +200,15 @@ static struct {
- CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
- },
- {
-- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
-- /* ? */
-+ CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32
- },
- {
-- CRYPTO_MD5_KPDK, NID_undef, 0
-+ CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48
- },
- {
-- CRYPTO_SHA1_KPDK, NID_undef, 0
-+ CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64
- },
-+#endif
- {
- CRYPTO_MD5, NID_md5, 16
- },
-@@ -214,6 +216,15 @@ static struct {
- CRYPTO_SHA1, NID_sha1, 20
- },
- {
-+ CRYPTO_SHA2_256, NID_sha256, 32
-+ },
-+ {
-+ CRYPTO_SHA2_384, NID_sha384, 48
-+ },
-+ {
-+ CRYPTO_SHA2_512, NID_sha512, 64
-+ },
-+ {
- 0, NID_undef, 0
- },
- };
-@@ -288,13 +299,14 @@ static int get_cryptodev_ciphers(const int **cnids)
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.key = (caddr_t) "123456789abcdefghijklmno";
-+ sess.key = (void*)fake_key;
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
-@@ -327,18 +339,19 @@ static int get_cryptodev_digests(const int **cnids)
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
-- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-+ sess.mackey = fake_key;
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
- sess.mac = digests[i].id;
-- sess.mackeylen = digests[i].keylen;
-+ sess.mackeylen = 8;
- sess.cipher = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -424,14 +437,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
-- cryp.src = (caddr_t) in;
-- cryp.dst = (caddr_t) out;
-+ cryp.src = (void*) in;
-+ cryp.dst = (void*) out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
-- cryp.iv = (caddr_t) ctx->iv;
-+ cryp.iv = (void*) ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -483,7 +496,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
-- sess->key = (caddr_t) key;
-+ sess->key = (void*)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
-@@ -749,16 +762,6 @@ static int digest_nid_to_cryptodev(int nid)
- return (0);
- }
-
--static int digest_key_length(int nid)
--{
-- int i;
--
-- for (i = 0; digests[i].id; i++)
-- if (digests[i].nid == nid)
-- return digests[i].keylen;
-- return (0);
--}
--
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
- struct dev_crypto_state *state = ctx->md_data;
-@@ -769,7 +772,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- printf("cryptodev_digest_init: Can't get digest \n");
- return (0);
- }
--
- memset(state, 0, sizeof(struct dev_crypto_state));
-
- if ((state->d_fd = get_dev_crypto()) < 0) {
-@@ -777,8 +779,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- return (0);
- }
-
-- sess->mackey = state->dummy_mac_key;
-- sess->mackeylen = digest_key_length(ctx->digest->type);
-+ sess->mackey = NULL;
-+ sess->mackeylen = 0;
- sess->mac = digest;
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-@@ -794,8 +796,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- size_t count)
- {
-- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->md_data;
-+ struct crypt_op cryp;
- struct session_op *sess = &state->d_sess;
-
- if (!data || state->d_fd < 0) {
-@@ -804,7 +806,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- }
-
- if (!count) {
-- return (0);
-+ return (1);
- }
-
- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-@@ -828,9 +830,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = count;
-- cryp.src = (caddr_t) data;
-+ cryp.src = (void*) data;
- cryp.dst = NULL;
-- cryp.mac = (caddr_t) state->digest_res;
-+ cryp.mac = (void*) state->digest_res;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_update: digest failed\n");
- return (0);
-@@ -844,8 +846,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- struct dev_crypto_state *state = ctx->md_data;
- struct session_op *sess = &state->d_sess;
-
-- int ret = 1;
--
- if (!md || state->d_fd < 0) {
- printf("cryptodev_digest_final: illegal input\n");
- return (0);
-@@ -859,7 +859,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- cryp.len = state->mac_len;
- cryp.src = state->mac_data;
- cryp.dst = NULL;
-- cryp.mac = (caddr_t) md;
-+ cryp.mac = (void*)md;
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
- printf("cryptodev_digest_final: digest failed\n");
- return (0);
-@@ -870,7 +870,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-
- memcpy(md, state->digest_res, ctx->digest->md_size);
-
-- return (ret);
-+ return 1;
- }
-
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -921,8 +921,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-
- digest = digest_nid_to_cryptodev(to->digest->type);
-
-- sess->mackey = dstate->dummy_mac_key;
-- sess->mackeylen = digest_key_length(to->digest->type);
-+ sess->mackey = NULL;
-+ sess->mackeylen = 0;
- sess->mac = digest;
-
- dstate->d_fd = get_dev_crypto();
-@@ -947,32 +947,116 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-
- const EVP_MD cryptodev_sha1 = {
- NID_sha1,
-- NID_undef,
-+ NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
- EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
-- EVP_PKEY_NULL_method,
-+ EVP_PKEY_RSA_method,
- SHA_CBLOCK,
-- sizeof(struct dev_crypto_state),
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
-
--const EVP_MD cryptodev_md5 = {
-+static const EVP_MD cryptodev_sha256 = {
-+ NID_sha256,
-+ NID_sha256WithRSAEncryption,
-+ SHA256_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha224 = {
-+ NID_sha224,
-+ NID_sha224WithRSAEncryption,
-+ SHA224_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA256_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha384 = {
-+ NID_sha384,
-+ NID_sha384WithRSAEncryption,
-+ SHA384_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha512 = {
-+ NID_sha512,
-+ NID_sha512WithRSAEncryption,
-+ SHA512_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+ EVP_MD_FLAG_ONESHOT,
-+ cryptodev_digest_init,
-+ cryptodev_digest_update,
-+ cryptodev_digest_final,
-+ cryptodev_digest_copy,
-+ cryptodev_digest_cleanup,
-+ EVP_PKEY_RSA_method,
-+ SHA512_CBLOCK,
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_md5 = {
- NID_md5,
-- NID_undef,
-+ NID_md5WithRSAEncryption,
- 16 /* MD5_DIGEST_LENGTH */ ,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+ EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
- EVP_MD_FLAG_ONESHOT,
- cryptodev_digest_init,
- cryptodev_digest_update,
- cryptodev_digest_final,
- cryptodev_digest_copy,
- cryptodev_digest_cleanup,
-- EVP_PKEY_NULL_method,
-+ EVP_PKEY_RSA_method,
- 64 /* MD5_CBLOCK */ ,
-- sizeof(struct dev_crypto_state),
-+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
-
- # endif /* USE_CRYPTODEV_DIGESTS */
-@@ -992,6 +1076,18 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- case NID_sha1:
- *digest = &cryptodev_sha1;
- break;
-+ case NID_sha224:
-+ *digest = &cryptodev_sha224;
-+ break;
-+ case NID_sha256:
-+ *digest = &cryptodev_sha256;
-+ break;
-+ case NID_sha384:
-+ *digest = &cryptodev_sha384;
-+ break;
-+ case NID_sha512:
-+ *digest = &cryptodev_sha512;
-+ break;
- default:
- # endif /* USE_CRYPTODEV_DIGESTS */
- *digest = NULL;
-@@ -1022,7 +1118,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
- return (1);
- memset(b, 0, bytes);
-
-- crp->crp_p = (caddr_t) b;
-+ crp->crp_p = (void*) b;
- crp->crp_nbits = bits;
-
- for (i = 0, j = 0; i < a->top; i++) {
-@@ -1277,7 +1373,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1317,7 +1413,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- kop.crk_op = CRK_DSA_VERIFY;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-- kop.crk_param[0].crp_p = (caddr_t) dgst;
-+ kop.crk_param[0].crp_p = (void*)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
-@@ -1398,9 +1494,10 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- goto err;
- kop.crk_iparams = 3;
-
-- kop.crk_param[3].crp_p = (caddr_t) key;
-- kop.crk_param[3].crp_nbits = keylen * 8;
-+ kop.crk_param[3].crp_p = (void*) key;
-+ kop.crk_param[3].crp_nbits = keylen;
- kop.crk_oparams = 1;
-+ dhret = keylen / 8;
-
- if (ioctl(fd, CIOCKEY, &kop) == -1) {
- const DH_METHOD *meth = DH_OpenSSL();
-@@ -1470,7 +1567,7 @@ void ENGINE_load_cryptodev(void)
- put_dev_crypto(fd);
-
- if (!ENGINE_set_id(engine, "cryptodev") ||
-- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-+ !ENGINE_set_name(engine, "cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
---
-1.9.1
-
diff --git a/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch b/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
index eff72c548a..820c2addf1 100644
--- a/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
+++ b/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
@@ -1,26 +1,29 @@
-From 875fcad2ad84877763cba86c1265b57679b878b0 Mon Sep 17 00:00:00 2001
+From b70be8c65365a8fc564226360d45adbbb29fc0af Mon Sep 17 00:00:00 2001
From: Peter Seiderer <ps.report@gmx.net>
Date: Tue, 24 Oct 2017 16:58:32 +0200
Subject: [PATCH] Reproducible build: do not leak compiler path
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+
+[Rebased on openssl-1.1.1.a]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
- crypto/Makefile | 2 +-
+ crypto/build.info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/crypto/Makefile b/crypto/Makefile
-index 7869996..7e63291 100644
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -55,7 +55,7 @@ top:
- all: shared
+diff --git a/crypto/build.info b/crypto/build.info
+index 2c619c6..49ca6ab 100644
+--- a/crypto/build.info
++++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+ ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
- buildinf.h: ../Makefile
-- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
-+ $(PERL) $(TOP)/util/mkbuildinf.pl "$$(basename $(CC)) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
- x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
- $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
--
-2.11.0
+2.20.1
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 83fb8bd513..568d7e8b52 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,10 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha256
-sha256 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 openssl-1.0.2q.tar.gz
-# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha1
-sha1 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 openssl-1.0.2q.tar.gz
-# Locally computed
-sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256 30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956 openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256 deaf6f3af41874ecc6d63841ea14b8e6c71cea81d4a511a754bc90c9a993147f openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256 c8f60f4842bbad0353f5d81620e72b168b5638ca3a0a999f5da113b22491612e LICENSE
+# From https://www.openssl.org/source/openssl-1.1.1a.tar.gz.sha256
+sha256 fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41 openssl-1.1.1a.tar.gz
+
+# License files
+sha256 350c7817af2ef980d3f3922bc5e0bb6a9d9f6cc21e784a699bcd2a31c74a84b1 LICENSE
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index dc15abf66a..c0f792603f 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBOPENSSL_VERSION = 1.0.2q
+LIBOPENSSL_VERSION = 1.1.1a
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
@@ -15,11 +15,6 @@ HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
LIBOPENSSL_TARGET_ARCH = generic32
LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS)
LIBOPENSSL_PROVIDES = openssl
-LIBOPENSSL_PATCH = \
- https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
- https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
- https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
- https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
# relocation truncated to fit: R_68K_GOT16O
ifeq ($(BR2_m68k_cf),y)
@@ -35,6 +30,20 @@ LIBOPENSSL_CFLAGS += -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
LIBOPENSSL_DEPENDENCIES += cryptodev
endif
+# fixes the following build failures:
+#
+# - musl
+# ./libcrypto.so: undefined reference to `getcontext'
+# ./libcrypto.so: undefined reference to `setcontext'
+# ./libcrypto.so: undefined reference to `makecontext'
+#
+# - uclibc:
+# crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name ?ucontext_t?
+#
+ifneq ($(BR2_TOOLCHAIN_USES_MUSL)$(BR2_TOOLCHAIN_USES_UCLIBC),)
+LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
+endif
+
# Some architectures are optimized in OpenSSL
# Doesn't work for thumb-only (Cortex-M?)
ifeq ($(BR2_ARM_CPU_HAS_ARM),y)
@@ -65,7 +74,7 @@ define HOST_LIBOPENSSL_CONFIGURE_CMDS
./config \
--prefix=$(HOST_DIR) \
--openssldir=$(HOST_DIR)/etc/ssl \
- --libdir=/lib \
+ -Wl,-rpath,'$(HOST_DIR)/lib' \
shared \
zlib-dynamic \
)
@@ -80,13 +89,11 @@ define LIBOPENSSL_CONFIGURE_CMDS
linux-$(LIBOPENSSL_TARGET_ARCH) \
--prefix=/usr \
--openssldir=/etc/ssl \
- --libdir=/lib \
$(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
$(if $(BR2_STATIC_LIBS),no-shared,shared) \
no-rc5 \
enable-camellia \
enable-mdc2 \
- enable-tlsext \
$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
$(if $(BR2_STATIC_LIBS),no-dso) \
)
@@ -112,7 +119,7 @@ define LIBOPENSSL_BUILD_CMDS
endef
define LIBOPENSSL_INSTALL_STAGING_CMDS
- $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) INSTALL_PREFIX=$(STAGING_DIR) install
+ $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
endef
define HOST_LIBOPENSSL_INSTALL_CMDS
@@ -120,7 +127,7 @@ define HOST_LIBOPENSSL_INSTALL_CMDS
endef
define LIBOPENSSL_INSTALL_TARGET_CMDS
- $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) INSTALL_PREFIX=$(TARGET_DIR) install
+ $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
rm -rf $(TARGET_DIR)/usr/lib/ssl
rm -f $(TARGET_DIR)/usr/bin/c_rehash
endef
@@ -135,16 +142,6 @@ endef
LIBOPENSSL_POST_INSTALL_STAGING_HOOKS += LIBOPENSSL_FIXUP_STATIC_PKGCONFIG
endif
-ifneq ($(BR2_STATIC_LIBS),y)
-# libraries gets installed read only, so strip fails
-define LIBOPENSSL_INSTALL_FIXUPS_SHARED
- chmod +w $(TARGET_DIR)/usr/lib/engines/lib*.so
- for i in $(addprefix $(TARGET_DIR)/usr/lib/,libcrypto.so.* libssl.so.*); \
- do chmod +w $$i; done
-endef
-LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_INSTALL_FIXUPS_SHARED
-endif
-
ifeq ($(BR2_PACKAGE_PERL),)
define LIBOPENSSL_REMOVE_PERL_SCRIPTS
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.pl,tsget}
@@ -162,7 +159,7 @@ endif
ifneq ($(BR2_PACKAGE_LIBOPENSSL_ENGINES),y)
define LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
- rm -rf $(TARGET_DIR)/usr/lib/engines
+ rm -rf $(TARGET_DIR)/usr/lib/engines-1.1
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
endif
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 2/4] freeswitch: bump to git master 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e
2019-01-17 18:16 [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Peter Seiderer
@ 2019-01-17 18:16 ` Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 3/4] mariadb: use host-openssl from buildroot-system Peter Seiderer
` (3 subsequent siblings)
4 siblings, 0 replies; 17+ messages in thread
From: Peter Seiderer @ 2019-01-17 18:16 UTC (permalink / raw)
To: buildroot
Enables openssl-1.1.0h compatible compile.
- add bootstrap.sh post-patch call (normal AUTORECONF is broken)
- add tiff dependency (bundled tiff source is gone)
- rebase (and git format) 001-libvpx-cross.patch patch
- update libs/srtp/LICENSE file hash (updated copyright year)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
Changes v2 -> v3:
- add PATH=$(BR_PATH) for bootstrap.sh call (suggested by Bernd Kuhls)
- fix need for disabled BR2_COMPILER_PARANOID_UNSAFE_PATH, run
bootstrap.sh as post-patch insted pre-configure (as the freetype
packege does)
Changes v1 -> v2:
- new patch (suggested by Bernd Kuhls)
---
.../0001-Fix-cross-compiling-libvpx.patch | 30 ++++++++++++-------
package/freeswitch/freeswitch.hash | 11 +++----
package/freeswitch/freeswitch.mk | 16 ++++++++--
3 files changed, 37 insertions(+), 20 deletions(-)
diff --git a/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch b/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch
index 1d4b97a7a0..9542d037ed 100644
--- a/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch
+++ b/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch
@@ -1,4 +1,7 @@
-Fix cross-compiling libvpx
+From 4ba073af7877242a79579b040e3be00bed4275cc Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Thu, 3 May 2018 22:24:23 +0200
+Subject: [PATCH] Fix cross-compiling libvpx
Freeswitch since version 1.6.7 only uses an in-tree-version of libvpx:
https://freeswitch.org/fisheye/changelog/freeswitch?cs=febe0f8dacea2d2a31902b3dc469be757f8c3c4d
@@ -10,20 +13,27 @@ package/freeswitch/freeswitch.mk and add target=generic-gnu as
configure parameter:
https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/libs/libvpx/README#110
-And yes, autoreconf is also broken, so we patch Makefile.in instead
-of Makefile.am.
-
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-diff -uNr freeswitch-1.6.7.org/Makefile.in freeswitch-1.6.7/Makefile.in
---- freeswitch-1.6.7.org/Makefile.in 2016-04-01 18:09:54.000000000 +0200
-+++ freeswitch-1.6.7/Makefile.in 2016-04-22 20:11:37.938961730 +0200
-@@ -4025,7 +4025,7 @@
+[rebased on freeswitch git master branch]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 53bd7c66aa..2e4059740a 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -567,7 +567,7 @@ libs/libzrtp/libzrtp.a:
cd libs/libzrtp && $(MAKE)
libs/libvpx/Makefile:
-- cd libs/libvpx && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --size-limit=16384x16384 --extra-cflags="$(VISIBILITY_FLAG)"
-+ cd libs/libvpx && CROSS=$(CROSS) CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --size-limit=16384x16384 --extra-cflags="$(VISIBILITY_FLAG)"
+- cd libs/libvpx && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)"
++ cd libs/libvpx && CROSS=$(CROSS) CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)"
libs/libvpx/libvpx.a: libs/libvpx/Makefile
@cd libs/libvpx && $(MAKE)
+--
+2.19.2
+
diff --git a/package/freeswitch/freeswitch.hash b/package/freeswitch/freeswitch.hash
index dab2fb237b..23dab45dc5 100644
--- a/package/freeswitch/freeswitch.hash
+++ b/package/freeswitch/freeswitch.hash
@@ -1,10 +1,7 @@
-# From http://files.freeswitch.org/freeswitch-releases/freeswitch-1.8.2.tar.xz.md5
-md5 61de81cd70afb056dde7b1dcb91ad967 freeswitch-1.8.2.tar.xz
-# From http://files.freeswitch.org/freeswitch-releases/freeswitch-1.8.2.tar.xz.sha1
-sha1 f2c077db40b05c5fdf66cbe77bd879f41132f79a freeswitch-1.8.2.tar.xz
-# From http://files.freeswitch.org/freeswitch-releases/freeswitch-1.8.2.tar.xz.sha256
-sha256 ebcf3db970ea9bb534c0983a1c9eef88395deb6e0902d8d6407bf217b2f27b9a freeswitch-1.8.2.tar.xz
-# Locally computed
+# Locally computed:
+sha256 56d932c001f3cc53b6ee5d835536b01fceacf1e360a6b48c5c1265eda5d6be86 freeswitch-8f10ae54a18a19fc6ed938e4f662bd218ba54b5e.tar.gz
+
+# License files:
sha256 10299420c1e8602c0daf5a59d022621cd72a9148d1f0f33501edb3db3445c7fe COPYING
sha256 e8e26b16da14aa3e6ed5c22c705fdc1f45d6225fca461ea9f7314bcdfdc414c4 libs/apr/LICENSE
sha256 1eefb2ea1db0af7729a9d8a27d7c65d8a37ab185393f935b029aac6828ce315a libs/apr-util/LICENSE
diff --git a/package/freeswitch/freeswitch.mk b/package/freeswitch/freeswitch.mk
index 577d6c9450..a7d52995ce 100644
--- a/package/freeswitch/freeswitch.mk
+++ b/package/freeswitch/freeswitch.mk
@@ -4,9 +4,10 @@
#
################################################################################
-FREESWITCH_VERSION = 1.8.2
-FREESWITCH_SOURCE = freeswitch-$(FREESWITCH_VERSION).tar.xz
-FREESWITCH_SITE = http://files.freeswitch.org/freeswitch-releases
+FREESWITCH_VERSION = 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e
+#FREESWITCH_SOURCE = freeswitch-$(FREESWITCH_VERSION).tar.xz
+FREESWITCH_SITE = https://freeswitch.org/stash/scm/fs/freeswitch.git
+FREESWITCH_SITE_METHOD = git
# External modules need headers/libs from staging
FREESWITCH_INSTALL_STAGING = YES
FREESWITCH_LICENSE = MPL-1.1, \
@@ -38,6 +39,15 @@ FREESWITCH_DEPENDENCIES = \
util-linux \
zlib
+# run bootstrap.sh (normal AUTORECONF is broken)
+define FREESWITCH_RUN_BOOTSTRAP
+ cd $(@D); PATH=$(BR_PATH) ./bootstrap.sh
+endef
+
+# running while POST_PATCH stage enables libtool patching
+FREESWITCH_POST_PATCH_HOOKS += FREESWITCH_RUN_BOOTSTRAP
+FREESWITCH_DEPENDENCIES += host-automake host-autoconf host-libtool
+
# disable display of ClueCon banner in fs_cli
FREESWITCH_CONF_ENV += \
disable_cc=yes
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 3/4] mariadb: use host-openssl from buildroot-system
2019-01-17 18:16 [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 2/4] freeswitch: bump to git master 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e Peter Seiderer
@ 2019-01-17 18:16 ` Peter Seiderer
2019-01-17 19:39 ` Ryan Coe
2019-01-17 18:16 ` [Buildroot] [PATCH v5 4/4] package/pound: Fix build with OpenSSL 1.1.x Peter Seiderer
` (2 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: Peter Seiderer @ 2019-01-17 18:16 UTC (permalink / raw)
To: buildroot
- change WITH_SSL for host build from bundled to system (and add
host-openssl dependency) to avoid the following configure failure:
CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
(Required is at least version "3.3.24")
Call Stack (most recent call first):
/usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
libmariadb/CMakeLists.txt:298 (FIND_PACKAGE)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
Note:
- WITH_SSL related bug report, see [1]
Changes v4 -> v5:
- new patch (suggested by Ryan Coe)
[1] https://jira.mariadb.org/browse/MDEV-16014
---
package/mariadb/mariadb.mk | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/package/mariadb/mariadb.mk b/package/mariadb/mariadb.mk
index e17649209a..e354a9137c 100644
--- a/package/mariadb/mariadb.mk
+++ b/package/mariadb/mariadb.mk
@@ -86,7 +86,8 @@ MARIADB_CONF_OPTS += \
-DMYSQL_DATADIR=/var/lib/mysql \
-DMYSQL_UNIX_ADDR=$(MYSQL_SOCKET)
-HOST_MARIADB_CONF_OPTS += -DWITH_SSL=OFF
+HOST_MARIADB_DEPENDENCIES = host-openssl
+HOST_MARIADB_CONF_OPTS += -DWITH_SSL=system
# Some helpers must be compiled for host in order to crosscompile mariadb for
# the target. They are then included by import_executables.cmake which is
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 4/4] package/pound: Fix build with OpenSSL 1.1.x
2019-01-17 18:16 [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 2/4] freeswitch: bump to git master 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 3/4] mariadb: use host-openssl from buildroot-system Peter Seiderer
@ 2019-01-17 18:16 ` Peter Seiderer
2019-01-17 19:39 ` [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Ryan Coe
2019-01-18 11:27 ` Patrick Havelange
4 siblings, 0 replies; 17+ messages in thread
From: Peter Seiderer @ 2019-01-17 18:16 UTC (permalink / raw)
To: buildroot
From: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/pound/0002-fix-openssl-1.1.0.patch | 331 +++++++++++++++++++++
1 file changed, 331 insertions(+)
create mode 100644 package/pound/0002-fix-openssl-1.1.0.patch
diff --git a/package/pound/0002-fix-openssl-1.1.0.patch b/package/pound/0002-fix-openssl-1.1.0.patch
new file mode 100644
index 0000000000..a94a6386b7
--- /dev/null
+++ b/package/pound/0002-fix-openssl-1.1.0.patch
@@ -0,0 +1,331 @@
+From a2c9dde4d055ea8942afb150b7fc3a807d4e5d60 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Wed, 28 Feb 2018 13:44:01 +0000
+Subject: [PATCH] Support for Openssl 1.1
+
+Downloaded from github fork:
+https://github.com/graygnuorg/pound/commit/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60
+
+This patch was announced on the upstream mailinglist:
+http://www.apsis.ch/pound/pound_list/archive/2018/2018-03/1519920322000
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ .gitignore | 15 ++++++++
+ config.c | 17 +++++++--
+ http.c | 12 ++++++-
+ pound.h | 4 ++-
+ svc.c | 101 +++++++++++++++++++++++++++++++++++++++++++----------
+ 5 files changed, 125 insertions(+), 24 deletions(-)
+ create mode 100644 .gitignore
+
+diff --git a/config.c b/config.c
+index d41a3ee..e8fec0f 100644
+--- a/config.c
++++ b/config.c
+@@ -174,6 +174,16 @@ conf_fgets(char *buf, const int max)
+ }
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++# define general_name_string(n) \
++ strndup(ASN1_STRING_get0_data(n->d.dNSName), \
++ ASN1_STRING_length(n->d.dNSName) + 1)
++#else
++# define general_name_string(n) \
++ strndup(ASN1_STRING_data(n->d.dNSName), \
++ ASN1_STRING_length(n->d.dNSName) + 1)
++#endif
++
+ unsigned char **
+ get_subjectaltnames(X509 *x509, unsigned int *count)
+ {
+@@ -194,8 +204,7 @@ get_subjectaltnames(X509 *x509, unsigned int *count)
+ name = sk_GENERAL_NAME_pop(san_stack);
+ switch(name->type) {
+ case GEN_DNS:
+- temp[local_count] = strndup(ASN1_STRING_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName)
+- + 1);
++ temp[local_count] = general_name_string(name);
+ if(temp[local_count] == NULL)
+ conf_err("out of memory");
+ local_count++;
+@@ -565,7 +574,9 @@ parse_service(const char *svc_name)
+ pthread_mutex_init(&res->mut, NULL);
+ if(svc_name)
+ strncpy(res->name, svc_name, KEY_SIZE);
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ if((res->sessions = lh_TABNODE_new(t_hash, t_cmp)) == NULL)
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ if((res->sessions = LHM_lh_new(TABNODE, t)) == NULL)
+ #else
+ if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL)
+diff --git a/http.c b/http.c
+index dd211e4..c8e756a 100644
+--- a/http.c
++++ b/http.c
+@@ -527,12 +527,22 @@ log_bytes(char *res, const LONG cnt)
+
+ /* Cleanup code. This should really be in the pthread_cleanup_push, except for bugs in some implementations */
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++# define clear_error()
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
++# define clear_error() \
++ if(ssl != NULL) { ERR_clear_error(); ERR_remove_thread_state(NULL); }
++#else
++# define clear_error() \
++ if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); }
++#endif
++
+ #define clean_all() { \
+ if(ssl != NULL) { BIO_ssl_shutdown(cl); } \
+ if(be != NULL) { BIO_flush(be); BIO_reset(be); BIO_free_all(be); be = NULL; } \
+ if(cl != NULL) { BIO_flush(cl); BIO_reset(cl); BIO_free_all(cl); cl = NULL; } \
+ if(x509 != NULL) { X509_free(x509); x509 = NULL; } \
+- if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } \
++ clear_error(); \
+ }
+
+ /*
+diff --git a/pound.h b/pound.h
+index fa22c36..9603b91 100644
+--- a/pound.h
++++ b/pound.h
+@@ -344,7 +344,9 @@ typedef struct _tn {
+ /* maximal session key size */
+ #define KEY_SIZE 127
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ DEFINE_LHASH_OF(TABNODE);
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ DECLARE_LHASH_OF(TABNODE);
+ #endif
+
+diff --git a/svc.c b/svc.c
+index 60ba488..063b92c 100644
+--- a/svc.c
++++ b/svc.c
+@@ -27,10 +27,17 @@
+
+ #include "pound.h"
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++# define TABNODE_GET_DOWN_LOAD(t) lh_TABNODE_get_down_load(t)
++# define TABNODE_SET_DOWN_LOAD(t,n) lh_TABNODE_set_down_load(t,n)
++#else
+ #ifndef LHASH_OF
+ #define LHASH_OF(x) LHASH
+ #define CHECKED_LHASH_OF(type, h) h
+ #endif
++# define TABNODE_GET_DOWN_LOAD(t) (CHECKED_LHASH_OF(TABNODE, t)->down_load)
++# define TABNODE_SET_DOWN_LOAD(t,n) (CHECKED_LHASH_OF(TABNODE, t)->down_load = n)
++#endif
+
+ /*
+ * Add a new key/content pair to a hash table
+@@ -58,7 +65,9 @@ t_add(LHASH_OF(TABNODE) *const tab, const char *key, const void *content, const
+ }
+ memcpy(t->content, content, cont_len);
+ t->last_acc = time(NULL);
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ if((old = lh_TABNODE_insert(tab, t)) != NULL) {
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ if((old = LHM_lh_insert(TABNODE, tab, t)) != NULL) {
+ #else
+ if((old = (TABNODE *)lh_insert(tab, t)) != NULL) {
+@@ -82,7 +91,9 @@ t_find(LHASH_OF(TABNODE) *const tab, char *const key)
+ TABNODE t, *res;
+
+ t.key = key;
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ if((res = lh_TABNODE_retrieve(tab, &t)) != NULL) {
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ if((res = (TABNODE *)LHM_lh_retrieve(TABNODE, tab, &t)) != NULL) {
+ #else
+ if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) {
+@@ -102,7 +113,9 @@ t_remove(LHASH_OF(TABNODE) *const tab, char *const key)
+ TABNODE t, *res;
+
+ t.key = key;
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ if((res = lh_TABNODE_delete(tab, &t)) != NULL) {
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ if((res = LHM_lh_delete(TABNODE, tab, &t)) != NULL) {
+ #else
+ if((res = (TABNODE *)lh_delete(tab, &t)) != NULL) {
+@@ -127,7 +140,9 @@ t_old_doall_arg(TABNODE *t, ALL_ARG *a)
+ TABNODE *res;
+
+ if(t->last_acc < a->lim)
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ if((res = lh_TABNODE_delete(a->tab, t)) != NULL) {
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ if((res = LHM_lh_delete(TABNODE, a->tab, t)) != NULL) {
+ #else
+ if((res = lh_delete(a->tab, t)) != NULL) {
+@@ -145,6 +160,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE, ALL_ARG)
+ IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE *, ALL_ARG *)
+ #endif
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++IMPLEMENT_LHASH_DOALL_ARG(TABNODE,ALL_ARG);
++#endif
++
+ /*
+ * Expire all old nodes
+ */
+@@ -156,14 +175,16 @@ t_expire(LHASH_OF(TABNODE) *const tab, const time_t lim)
+
+ a.tab = tab;
+ a.lim = lim;
+- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load;
+- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0;
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++ down_load = TABNODE_GET_DOWN_LOAD(tab);
++ TABNODE_SET_DOWN_LOAD(tab, 0);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ lh_TABNODE_doall_ALL_ARG(tab, t_old_doall_arg, &a);
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_old), ALL_ARG, &a);
+ #else
+ lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_old), &a);
+ #endif
+- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load;
++ TABNODE_SET_DOWN_LOAD(tab, down_load);
+ return;
+ }
+
+@@ -173,7 +194,9 @@ t_cont_doall_arg(TABNODE *t, ALL_ARG *arg)
+ TABNODE *res;
+
+ if(memcmp(t->content, arg->content, arg->cont_len) == 0)
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ if((res = lh_TABNODE_delete(arg->tab, t)) != NULL) {
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ if((res = LHM_lh_delete(TABNODE, arg->tab, t)) != NULL) {
+ #else
+ if((res = lh_delete(arg->tab, t)) != NULL) {
+@@ -203,15 +226,16 @@ t_clean(LHASH_OF(TABNODE) *const tab, void *const content, const size_t cont_len
+ a.tab = tab;
+ a.content = content;
+ a.cont_len = cont_len;
+- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load;
+- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0;
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++ down_load = TABNODE_GET_DOWN_LOAD(tab);
++ TABNODE_SET_DOWN_LOAD(tab, 0);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ lh_TABNODE_doall_ALL_ARG(tab, t_cont_doall_arg, &a);
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_cont), ALL_ARG, &a);
+ #else
+ lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_cont), &a);
+ #endif
+- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load;
+- return;
++ TABNODE_SET_DOWN_LOAD(tab, down_load);
+ }
+
+ /*
+@@ -1262,6 +1286,31 @@ RSA_tmp_callback(/* not used */SSL *ssl, /* not used */int is_export, int keylen
+ return res;
+ }
+
++static int
++generate_key(RSA **ret_rsa, unsigned long bits)
++{
++#if OPENSSL_VERSION_NUMBER > 0x00908000L
++ int rc = 0;
++ RSA *rsa;
++
++ rsa = RSA_new();
++ if (rsa) {
++ BIGNUM *bne = BN_new();
++ if (BN_set_word(bne, RSA_F4))
++ rc = RSA_generate_key_ex(rsa, bits, bne, NULL);
++ BN_free(bne);
++ if (rc)
++ *ret_rsa = rsa;
++ else
++ RSA_free(rsa);
++ }
++ return rc;
++#else
++ *ret_rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
++ return *ret_rsa != NULL;
++#endif
++}
++
+ /*
+ * Periodically regenerate ephemeral RSA keys
+ * runs every T_RSA_KEYS seconds
+@@ -1274,8 +1323,9 @@ do_RSAgen(void)
+ RSA *t_RSA1024_keys[N_RSA_KEYS];
+
+ for(n = 0; n < N_RSA_KEYS; n++) {
+- t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL);
+- t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL);
++ /* FIXME: Error handling */
++ generate_key(&t_RSA512_keys[n], 512);
++ generate_key(&t_RSA1024_keys[n], 1024);
+ }
+ if(ret_val = pthread_mutex_lock(&RSA_mut))
+ logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val));
+@@ -1329,11 +1379,11 @@ init_timer(void)
+ * Pre-generate ephemeral RSA keys
+ */
+ for(n = 0; n < N_RSA_KEYS; n++) {
+- if((RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) {
++ if(!generate_key(&RSA512_keys[n], 512)) {
+ logmsg(LOG_WARNING,"RSA_generate(%d, 512) failed", n);
+ return;
+ }
+- if((RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) {
++ if(!generate_key(&RSA1024_keys[n], 1024)) {
+ logmsg(LOG_WARNING,"RSA_generate(%d, 1024) failed", n);
+ return;
+ }
+@@ -1420,6 +1470,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE, DUMP_ARG)
+ IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, DUMP_ARG *)
+ #endif
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++IMPLEMENT_LHASH_DOALL_ARG(TABNODE,DUMP_ARG);
++#endif
++
+ /*
+ * write sessions to the control socket
+ */
+@@ -1430,7 +1484,9 @@ dump_sess(const int control_sock, LHASH_OF(TABNODE) *const sess, BACKEND *const
+
+ a.control_sock = control_sock;
+ a.backends = backends;
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ lh_TABNODE_doall_DUMP_ARG(sess, t_dump_doall_arg, &a);
++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+ LHM_lh_doall_arg(TABNODE, sess, LHASH_DOALL_ARG_FN(t_dump), DUMP_ARG, &a);
+ #else
+ lh_doall_arg(sess, LHASH_DOALL_ARG_FN(t_dump), &a);
+@@ -1664,6 +1720,13 @@ thr_control(void *arg)
+ }
+ }
+
++#ifndef SSL3_ST_SR_CLNT_HELLO_A
++# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
++#endif
++#ifndef SSL23_ST_SR_CLNT_HELLO_A
++# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
++#endif
++
+ void
+ SSLINFO_callback(const SSL *ssl, int where, int rc)
+ {
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-17 18:16 [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Peter Seiderer
` (2 preceding siblings ...)
2019-01-17 18:16 ` [Buildroot] [PATCH v5 4/4] package/pound: Fix build with OpenSSL 1.1.x Peter Seiderer
@ 2019-01-17 19:39 ` Ryan Coe
2019-01-17 23:28 ` Vadim Kochan
2019-01-18 0:16 ` Vadim Kochan
2019-01-18 11:27 ` Patrick Havelange
4 siblings, 2 replies; 17+ messages in thread
From: Ryan Coe @ 2019-01-17 19:39 UTC (permalink / raw)
To: buildroot
Peter,
On 1/17/2019 10:16 AM, Peter Seiderer wrote:
> - remove all parallel build patches (openssl build-system changed)
>
> - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> to apply to Configurations/unix-Makefile.tmpl (Makefile template)
>
> - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> (upstream applied)
>
> - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
> apply to crypto/build.info (Makefile template)
>
> - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
>
> - remove legacy enable-tlsext configure option
>
> - remove target/host libdir configure options, fixes openssl.pc installation
> path, fixes wget compile
>
> - change legacy INSTALL_PREFIX to DESTDIR
>
> - remove 'libraries gets installed read only, so strip fails'
> workaround (not needed anymore)
>
> - change engine directory from /usr/lib/engines to
> /usr/lib/engines-1.1
>
> - change license file hash, no license change, only the following
> hint was removed:
>
> Actually both licenses are BSD-style Open Source licenses.
> In case of any license issues related to OpenSSL please
> contact openssl-core at openssl.org.
>
> - fix host-libopenssl compile setting rpath as decribed in
> libopenssl-1.1.0h/NOTES.UNIX
>
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> Changes v4 -> v5:
> - remove libdir config options (suggested by Arnout Vandecappelle)
>
> Changes v3 -> v4:
> - bump version to 1.1.1a
> - remove all parallel build patches hash file entries
> - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> (upstream applied)
> - fix hist library install path
> - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> (upstram applied)
> - remove follow up patch for openssh (not longer needed since
> version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
> Portability)
>
> Changes v2 -> v3:
> - no changes
>
> Changes v1 -> v2:
> - add OPENSSL_NO_ASYNC workaround for musl compile too
> (suggested by Bernd Kuhls)
>
> - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
> (suggested by Ryan Coe)
>
> - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
> to the Makefile templates (instead of re-generated Makefile)
> (reported by Ryan Coe)
>
> - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> (suggested by Bernd Kuhls)
>
> Notes:
>
> - There was a previous attempt to bump the openssl version by
> David Mosberger <davidm@egauge.net>. I could not find the
> corresponding patch in patchwork or on the mailing list,
> only a reply by Arnout Vandecappelle (see [2]) and the
> answer by David Mosberger (see [3]).
>
> - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
> O.k:
> - hostapd
> - libpjsip
> - host-mariadb (with patch)
> - mosquitto
> - wpa_supplicant
>
> Failure:
> - softether/host-softether
> - mariadb (cmake configure error, maybe unrelated?)
>
> - Compile checked packages (depending on openssl or host-openssl):
> O.k.:
> - alljoyn-base
> - apache
> - apr
> - apr-util
> - freeswitch
> - openssh
> - pound (with patch https://patchwork.ozlabs.org/patch/962157 )
>
> Failure:
> - android-tools
>
> [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
[snip]
Tested-by: Ryan Coe <bluemrp9@gmail.com>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 3/4] mariadb: use host-openssl from buildroot-system
2019-01-17 18:16 ` [Buildroot] [PATCH v5 3/4] mariadb: use host-openssl from buildroot-system Peter Seiderer
@ 2019-01-17 19:39 ` Ryan Coe
0 siblings, 0 replies; 17+ messages in thread
From: Ryan Coe @ 2019-01-17 19:39 UTC (permalink / raw)
To: buildroot
Peter,
On 1/17/2019 10:16 AM, Peter Seiderer wrote:
> - change WITH_SSL for host build from bundled to system (and add
> host-openssl dependency) to avoid the following configure failure:
>
> CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
> Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
> (Required is at least version "3.3.24")
> Call Stack (most recent call first):
> /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
> /usr/share/cmake/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
> libmariadb/CMakeLists.txt:298 (FIND_PACKAGE)
>
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> Note:
> - WITH_SSL related bug report, see [1]
>
> Changes v4 -> v5:
> - new patch (suggested by Ryan Coe)
>
> [1] https://jira.mariadb.org/browse/MDEV-16014
> ---
> package/mariadb/mariadb.mk | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/package/mariadb/mariadb.mk b/package/mariadb/mariadb.mk
> index e17649209a..e354a9137c 100644
> --- a/package/mariadb/mariadb.mk
> +++ b/package/mariadb/mariadb.mk
> @@ -86,7 +86,8 @@ MARIADB_CONF_OPTS += \
> -DMYSQL_DATADIR=/var/lib/mysql \
> -DMYSQL_UNIX_ADDR=$(MYSQL_SOCKET)
>
> -HOST_MARIADB_CONF_OPTS += -DWITH_SSL=OFF
> +HOST_MARIADB_DEPENDENCIES = host-openssl
> +HOST_MARIADB_CONF_OPTS += -DWITH_SSL=system
>
> # Some helpers must be compiled for host in order to crosscompile mariadb for
> # the target. They are then included by import_executables.cmake which is
Tested-by: Ryan Coe <bluemrp9@gmail.com>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-17 19:39 ` [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Ryan Coe
@ 2019-01-17 23:28 ` Vadim Kochan
2019-01-18 0:16 ` Vadim Kochan
1 sibling, 0 replies; 17+ messages in thread
From: Vadim Kochan @ 2019-01-17 23:28 UTC (permalink / raw)
To: buildroot
Hi All,
On Thu, Jan 17, 2019 at 11:39:07AM -0800, Ryan Coe wrote:
> Peter,
>
> On 1/17/2019 10:16 AM, Peter Seiderer wrote:
> > - remove all parallel build patches (openssl build-system changed)
> >
> > - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> > to apply to Configurations/unix-Makefile.tmpl (Makefile template)
> >
> > - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> > (upstream applied)
> >
> > - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
> > apply to crypto/build.info (Makefile template)
> >
> > - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
> >
> > - remove legacy enable-tlsext configure option
> >
> > - remove target/host libdir configure options, fixes openssl.pc installation
> > path, fixes wget compile
> >
> > - change legacy INSTALL_PREFIX to DESTDIR
> >
> > - remove 'libraries gets installed read only, so strip fails'
> > workaround (not needed anymore)
> >
> > - change engine directory from /usr/lib/engines to
> > /usr/lib/engines-1.1
> >
> > - change license file hash, no license change, only the following
> > hint was removed:
> >
> > Actually both licenses are BSD-style Open Source licenses.
> > In case of any license issues related to OpenSSL please
> > contact openssl-core at openssl.org.
> >
> > - fix host-libopenssl compile setting rpath as decribed in
> > libopenssl-1.1.0h/NOTES.UNIX
> >
> > Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> > ---
> > Changes v4 -> v5:
> > - remove libdir config options (suggested by Arnout Vandecappelle)
> >
> > Changes v3 -> v4:
> > - bump version to 1.1.1a
> > - remove all parallel build patches hash file entries
> > - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> > (upstream applied)
> > - fix hist library install path
> > - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> > (upstram applied)
> > - remove follow up patch for openssh (not longer needed since
> > version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
> > Portability)
> >
> > Changes v2 -> v3:
> > - no changes
> >
> > Changes v1 -> v2:
> > - add OPENSSL_NO_ASYNC workaround for musl compile too
> > (suggested by Bernd Kuhls)
> >
> > - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
> > (suggested by Ryan Coe)
> >
> > - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> > and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
> > to the Makefile templates (instead of re-generated Makefile)
> > (reported by Ryan Coe)
> >
> > - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> > (suggested by Bernd Kuhls)
> >
> > Notes:
> >
> > - There was a previous attempt to bump the openssl version by
> > David Mosberger <davidm@egauge.net>. I could not find the
> > corresponding patch in patchwork or on the mailing list,
> > only a reply by Arnout Vandecappelle (see [2]) and the
> > answer by David Mosberger (see [3]).
> >
> > - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
> > O.k:
> > - hostapd
> > - libpjsip
> > - host-mariadb (with patch)
> > - mosquitto
> > - wpa_supplicant
> >
> > Failure:
> > - softether/host-softether
> > - mariadb (cmake configure error, maybe unrelated?)
> >
> > - Compile checked packages (depending on openssl or host-openssl):
> > O.k.:
> > - alljoyn-base
> > - apache
> > - apr
> > - apr-util
> > - freeswitch
> > - openssh
> > - pound (with patch https://patchwork.ozlabs.org/patch/962157 )
> >
> > Failure:
> > - android-tools
> >
> > [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> > [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
>
> [snip]
>
> Tested-by: Ryan Coe <bluemrp9@gmail.com>
>
I checked that rtmpdump does not compile with openssl 1.1.x, but the
following patch fix it:
----------------------8<-------------------------------------
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-17 19:39 ` [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Ryan Coe
2019-01-17 23:28 ` Vadim Kochan
@ 2019-01-18 0:16 ` Vadim Kochan
1 sibling, 0 replies; 17+ messages in thread
From: Vadim Kochan @ 2019-01-18 0:16 UTC (permalink / raw)
To: buildroot
Hi All,
On Thu, Jan 17, 2019 at 11:39:07AM -0800, Ryan Coe wrote:
> Peter,
>
> On 1/17/2019 10:16 AM, Peter Seiderer wrote:
> > - remove all parallel build patches (openssl build-system changed)
> >
> > - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> > to apply to Configurations/unix-Makefile.tmpl (Makefile template)
> >
> > - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> > (upstream applied)
> >
> > - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
> > apply to crypto/build.info (Makefile template)
> >
> > - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
> >
> > - remove legacy enable-tlsext configure option
> >
> > - remove target/host libdir configure options, fixes openssl.pc installation
> > path, fixes wget compile
> >
> > - change legacy INSTALL_PREFIX to DESTDIR
> >
> > - remove 'libraries gets installed read only, so strip fails'
> > workaround (not needed anymore)
> >
> > - change engine directory from /usr/lib/engines to
> > /usr/lib/engines-1.1
> >
> > - change license file hash, no license change, only the following
> > hint was removed:
> >
> > Actually both licenses are BSD-style Open Source licenses.
> > In case of any license issues related to OpenSSL please
> > contact openssl-core at openssl.org.
> >
> > - fix host-libopenssl compile setting rpath as decribed in
> > libopenssl-1.1.0h/NOTES.UNIX
> >
> > Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> > ---
> > Changes v4 -> v5:
> > - remove libdir config options (suggested by Arnout Vandecappelle)
> >
> > Changes v3 -> v4:
> > - bump version to 1.1.1a
> > - remove all parallel build patches hash file entries
> > - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> > (upstream applied)
> > - fix hist library install path
> > - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> > (upstram applied)
> > - remove follow up patch for openssh (not longer needed since
> > version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
> > Portability)
> >
> > Changes v2 -> v3:
> > - no changes
> >
> > Changes v1 -> v2:
> > - add OPENSSL_NO_ASYNC workaround for musl compile too
> > (suggested by Bernd Kuhls)
> >
> > - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
> > (suggested by Ryan Coe)
> >
> > - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> > and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
> > to the Makefile templates (instead of re-generated Makefile)
> > (reported by Ryan Coe)
> >
> > - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> > (suggested by Bernd Kuhls)
> >
> > Notes:
> >
> > - There was a previous attempt to bump the openssl version by
> > David Mosberger <davidm@egauge.net>. I could not find the
> > corresponding patch in patchwork or on the mailing list,
> > only a reply by Arnout Vandecappelle (see [2]) and the
> > answer by David Mosberger (see [3]).
> >
> > - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
> > O.k:
> > - hostapd
> > - libpjsip
> > - host-mariadb (with patch)
> > - mosquitto
> > - wpa_supplicant
> >
> > Failure:
> > - softether/host-softether
> > - mariadb (cmake configure error, maybe unrelated?)
> >
> > - Compile checked packages (depending on openssl or host-openssl):
> > O.k.:
> > - alljoyn-base
> > - apache
> > - apr
> > - apr-util
> > - freeswitch
> > - openssh
> > - pound (with patch https://patchwork.ozlabs.org/patch/962157 )
> >
> > Failure:
> > - android-tools
> >
> > [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> > [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
>
> [snip]
>
> Tested-by: Ryan Coe <bluemrp9@gmail.com>
>
>
I sent fix for libshout in:
https://patchwork.ozlabs.org/patch/1027055/
I sent it separately because the fix supports both openssl versions,
I really dont know if it is better to include it to this series ?
Regards,
Vadim Kochan
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-17 18:16 [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Peter Seiderer
` (3 preceding siblings ...)
2019-01-17 19:39 ` [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Ryan Coe
@ 2019-01-18 11:27 ` Patrick Havelange
2019-01-18 11:49 ` Vadim Kochan
4 siblings, 1 reply; 17+ messages in thread
From: Patrick Havelange @ 2019-01-18 11:27 UTC (permalink / raw)
To: buildroot
Hello,
I'm working on fixing packages that do not work with the new openssl version,
For the moment I'm preparing an update for the package thrift (still a
WIP as i type this).
I've setup a gitlab repo with my current work in progress
(https://gitlab.com/essensium-mind/buildroot/branches/mind-opensslissues-*).
Regarding the packages that do fail, some are indeed already known :
- android tools,
- softether,
I've also stumbled across those (for the moment) :
- pound
- ibrdtnd
- thrift (I have a version bump patch ready for this one)
I also saw that in some cases the new openssl does not build (e.g.
br-xtensa-full) :
In file included from crypto/async/arch/../async_locl.h:30:0,
from crypto/async/arch/async_posix.c:11:
crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name
'ucontext_t'
ucontext_t fibre;
^~~~~~~~~~
This should be fixed before merging.
Regards,
Patrick Havelange.
On Thu, Jan 17, 2019 at 7:16 PM Peter Seiderer <ps.report@gmx.net> wrote:
>
> - remove all parallel build patches (openssl build-system changed)
>
> - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> to apply to Configurations/unix-Makefile.tmpl (Makefile template)
>
> - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> (upstream applied)
>
> - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
> apply to crypto/build.info (Makefile template)
>
> - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
>
> - remove legacy enable-tlsext configure option
>
> - remove target/host libdir configure options, fixes openssl.pc installation
> path, fixes wget compile
>
> - change legacy INSTALL_PREFIX to DESTDIR
>
> - remove 'libraries gets installed read only, so strip fails'
> workaround (not needed anymore)
>
> - change engine directory from /usr/lib/engines to
> /usr/lib/engines-1.1
>
> - change license file hash, no license change, only the following
> hint was removed:
>
> Actually both licenses are BSD-style Open Source licenses.
> In case of any license issues related to OpenSSL please
> contact openssl-core at openssl.org.
>
> - fix host-libopenssl compile setting rpath as decribed in
> libopenssl-1.1.0h/NOTES.UNIX
>
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> Changes v4 -> v5:
> - remove libdir config options (suggested by Arnout Vandecappelle)
>
> Changes v3 -> v4:
> - bump version to 1.1.1a
> - remove all parallel build patches hash file entries
> - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> (upstream applied)
> - fix hist library install path
> - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
> (upstram applied)
> - remove follow up patch for openssh (not longer needed since
> version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
> Portability)
>
> Changes v2 -> v3:
> - no changes
>
> Changes v1 -> v2:
> - add OPENSSL_NO_ASYNC workaround for musl compile too
> (suggested by Bernd Kuhls)
>
> - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
> (suggested by Ryan Coe)
>
> - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
> to the Makefile templates (instead of re-generated Makefile)
> (reported by Ryan Coe)
>
> - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> (suggested by Bernd Kuhls)
>
> Notes:
>
> - There was a previous attempt to bump the openssl version by
> David Mosberger <davidm@egauge.net>. I could not find the
> corresponding patch in patchwork or on the mailing list,
> only a reply by Arnout Vandecappelle (see [2]) and the
> answer by David Mosberger (see [3]).
>
> - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
> O.k:
> - hostapd
> - libpjsip
> - host-mariadb (with patch)
> - mosquitto
> - wpa_supplicant
>
> Failure:
> - softether/host-softether
> - mariadb (cmake configure error, maybe unrelated?)
>
> - Compile checked packages (depending on openssl or host-openssl):
> O.k.:
> - alljoyn-base
> - apache
> - apr
> - apr-util
> - freeswitch
> - openssh
> - pound (with patch https://patchwork.ozlabs.org/patch/962157 )
>
> Failure:
> - android-tools
>
> [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
> ---
> ...building-manpages-if-we-re-not-going.patch | 34 +-
> ...-Fix-issue-with-signature-generation.patch | 450 ------------------
> ...ible-build-do-not-leak-compiler-path.patch | 31 +-
> package/libopenssl/libopenssl.hash | 15 +-
> package/libopenssl/libopenssl.mk | 41 +-
> 5 files changed, 60 insertions(+), 511 deletions(-)
> delete mode 100644 package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
>
> diff --git a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> index 10d2b7526c..f20b6f0834 100644
> --- a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> +++ b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> @@ -1,27 +1,31 @@
> -From 389efb564fa1453a9da835393eec9006bfae2a52 Mon Sep 17 00:00:00 2001
> +From d8f104bffb0c4acb8c5fcdf49628f7d02ed48f7f Mon Sep 17 00:00:00 2001
> From: Mike Frysinger <vapier@gentoo.org>
> Date: Sat, 16 May 2015 18:53:51 +0200
> -Subject: Dont waste time building manpages if we're not going to use em.
> +Subject: [PATCH] Dont waste time building manpages if we're not going to use
> + em.
>
> Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
> [Gustavo: update for parallel-build]
> +
> +[rebased on openssl-1.1.0h]
> +Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> - Makefile.org | 2 +-
> + Configurations/unix-Makefile.tmpl | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/Makefile.org b/Makefile.org
> -index 60f07cc..976ceaf 100644
> ---- a/Makefile.org
> -+++ b/Makefile.org
> -@@ -527,7 +527,7 @@ dist:
> - dist_pem_h:
> - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
> +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
> +index 40cf2c3..777d9ca 100644
> +--- a/Configurations/unix-Makefile.tmpl
> ++++ b/Configurations/unix-Makefile.tmpl
> +@@ -268,7 +268,7 @@ list-tests:
> + @echo "Tests are not supported with your chosen Configure options"
> + @ : {- output_on() if !$disabled{tests}; "" -}
> +
> +-install: install_sw install_ssldirs install_docs
> ++install: install_sw install_ssldirs
>
> --install: install_docs install_sw
> -+install: install_sw
> + uninstall: uninstall_docs uninstall_sw
>
> - install_sw:
> - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
> --
> -1.9.1
> +2.16.3
>
> diff --git a/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch b/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
> deleted file mode 100644
> index 47295500c0..0000000000
> --- a/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
> +++ /dev/null
> @@ -1,450 +0,0 @@
> -From 90fd7e8f1a316cda86ee442b43fcd7d5e5baeede Mon Sep 17 00:00:00 2001
> -From: Gustavo Zacarias <gustavo@zacarias.com.ar>
> -Date: Sat, 16 May 2015 18:55:08 +0200
> -Subject: cryptodev: Fix issue with signature generation
> -
> -Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
> -from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
> -It was originally targetted at 1.0.2-beta3.
> -
> -Without this patch digest acceleration via cryptodev is broken.
> -
> -Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> -Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
> ----
> - crypto/engine/eng_cryptodev.c | 195 +++++++++++++++++++++++++++++++-----------
> - 1 file changed, 146 insertions(+), 49 deletions(-)
> -
> -diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
> -index 926d95c..7021d9a 100644
> ---- a/crypto/engine/eng_cryptodev.c
> -+++ b/crypto/engine/eng_cryptodev.c
> -@@ -2,6 +2,7 @@
> - * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
> - * Copyright (c) 2002 Theo de Raadt
> - * Copyright (c) 2002 Markus Friedl
> -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
> - * All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> -@@ -72,7 +73,6 @@ struct dev_crypto_state {
> - struct session_op d_sess;
> - int d_fd;
> - # ifdef USE_CRYPTODEV_DIGESTS
> -- char dummy_mac_key[HASH_MAX_LEN];
> - unsigned char digest_res[HASH_MAX_LEN];
> - char *mac_data;
> - int mac_len;
> -@@ -189,8 +189,10 @@ static struct {
> - static struct {
> - int id;
> - int nid;
> -- int keylen;
> -+ int digestlen;
> - } digests[] = {
> -+#if 0
> -+ /* HMAC is not supported */
> - {
> - CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
> - },
> -@@ -198,15 +200,15 @@ static struct {
> - CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
> - },
> - {
> -- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
> -- /* ? */
> -+ CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32
> - },
> - {
> -- CRYPTO_MD5_KPDK, NID_undef, 0
> -+ CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48
> - },
> - {
> -- CRYPTO_SHA1_KPDK, NID_undef, 0
> -+ CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64
> - },
> -+#endif
> - {
> - CRYPTO_MD5, NID_md5, 16
> - },
> -@@ -214,6 +216,15 @@ static struct {
> - CRYPTO_SHA1, NID_sha1, 20
> - },
> - {
> -+ CRYPTO_SHA2_256, NID_sha256, 32
> -+ },
> -+ {
> -+ CRYPTO_SHA2_384, NID_sha384, 48
> -+ },
> -+ {
> -+ CRYPTO_SHA2_512, NID_sha512, 64
> -+ },
> -+ {
> - 0, NID_undef, 0
> - },
> - };
> -@@ -288,13 +299,14 @@ static int get_cryptodev_ciphers(const int **cnids)
> - static int nids[CRYPTO_ALGORITHM_MAX];
> - struct session_op sess;
> - int fd, i, count = 0;
> -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
> -
> - if ((fd = get_dev_crypto()) < 0) {
> - *cnids = NULL;
> - return (0);
> - }
> - memset(&sess, 0, sizeof(sess));
> -- sess.key = (caddr_t) "123456789abcdefghijklmno";
> -+ sess.key = (void*)fake_key;
> -
> - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
> - if (ciphers[i].nid == NID_undef)
> -@@ -327,18 +339,19 @@ static int get_cryptodev_digests(const int **cnids)
> - static int nids[CRYPTO_ALGORITHM_MAX];
> - struct session_op sess;
> - int fd, i, count = 0;
> -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
> -
> - if ((fd = get_dev_crypto()) < 0) {
> - *cnids = NULL;
> - return (0);
> - }
> - memset(&sess, 0, sizeof(sess));
> -- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
> -+ sess.mackey = fake_key;
> - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
> - if (digests[i].nid == NID_undef)
> - continue;
> - sess.mac = digests[i].id;
> -- sess.mackeylen = digests[i].keylen;
> -+ sess.mackeylen = 8;
> - sess.cipher = 0;
> - if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
> - ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
> -@@ -424,14 +437,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
> - cryp.ses = sess->ses;
> - cryp.flags = 0;
> - cryp.len = inl;
> -- cryp.src = (caddr_t) in;
> -- cryp.dst = (caddr_t) out;
> -+ cryp.src = (void*) in;
> -+ cryp.dst = (void*) out;
> - cryp.mac = 0;
> -
> - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
> -
> - if (ctx->cipher->iv_len) {
> -- cryp.iv = (caddr_t) ctx->iv;
> -+ cryp.iv = (void*) ctx->iv;
> - if (!ctx->encrypt) {
> - iiv = in + inl - ctx->cipher->iv_len;
> - memcpy(save_iv, iiv, ctx->cipher->iv_len);
> -@@ -483,7 +496,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
> - if ((state->d_fd = get_dev_crypto()) < 0)
> - return (0);
> -
> -- sess->key = (caddr_t) key;
> -+ sess->key = (void*)key;
> - sess->keylen = ctx->key_len;
> - sess->cipher = cipher;
> -
> -@@ -749,16 +762,6 @@ static int digest_nid_to_cryptodev(int nid)
> - return (0);
> - }
> -
> --static int digest_key_length(int nid)
> --{
> -- int i;
> --
> -- for (i = 0; digests[i].id; i++)
> -- if (digests[i].nid == nid)
> -- return digests[i].keylen;
> -- return (0);
> --}
> --
> - static int cryptodev_digest_init(EVP_MD_CTX *ctx)
> - {
> - struct dev_crypto_state *state = ctx->md_data;
> -@@ -769,7 +772,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
> - printf("cryptodev_digest_init: Can't get digest \n");
> - return (0);
> - }
> --
> - memset(state, 0, sizeof(struct dev_crypto_state));
> -
> - if ((state->d_fd = get_dev_crypto()) < 0) {
> -@@ -777,8 +779,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
> - return (0);
> - }
> -
> -- sess->mackey = state->dummy_mac_key;
> -- sess->mackeylen = digest_key_length(ctx->digest->type);
> -+ sess->mackey = NULL;
> -+ sess->mackeylen = 0;
> - sess->mac = digest;
> -
> - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
> -@@ -794,8 +796,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
> - static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
> - size_t count)
> - {
> -- struct crypt_op cryp;
> - struct dev_crypto_state *state = ctx->md_data;
> -+ struct crypt_op cryp;
> - struct session_op *sess = &state->d_sess;
> -
> - if (!data || state->d_fd < 0) {
> -@@ -804,7 +806,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
> - }
> -
> - if (!count) {
> -- return (0);
> -+ return (1);
> - }
> -
> - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
> -@@ -828,9 +830,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
> - cryp.ses = sess->ses;
> - cryp.flags = 0;
> - cryp.len = count;
> -- cryp.src = (caddr_t) data;
> -+ cryp.src = (void*) data;
> - cryp.dst = NULL;
> -- cryp.mac = (caddr_t) state->digest_res;
> -+ cryp.mac = (void*) state->digest_res;
> - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
> - printf("cryptodev_digest_update: digest failed\n");
> - return (0);
> -@@ -844,8 +846,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
> - struct dev_crypto_state *state = ctx->md_data;
> - struct session_op *sess = &state->d_sess;
> -
> -- int ret = 1;
> --
> - if (!md || state->d_fd < 0) {
> - printf("cryptodev_digest_final: illegal input\n");
> - return (0);
> -@@ -859,7 +859,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
> - cryp.len = state->mac_len;
> - cryp.src = state->mac_data;
> - cryp.dst = NULL;
> -- cryp.mac = (caddr_t) md;
> -+ cryp.mac = (void*)md;
> - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
> - printf("cryptodev_digest_final: digest failed\n");
> - return (0);
> -@@ -870,7 +870,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
> -
> - memcpy(md, state->digest_res, ctx->digest->md_size);
> -
> -- return (ret);
> -+ return 1;
> - }
> -
> - static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
> -@@ -921,8 +921,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
> -
> - digest = digest_nid_to_cryptodev(to->digest->type);
> -
> -- sess->mackey = dstate->dummy_mac_key;
> -- sess->mackeylen = digest_key_length(to->digest->type);
> -+ sess->mackey = NULL;
> -+ sess->mackeylen = 0;
> - sess->mac = digest;
> -
> - dstate->d_fd = get_dev_crypto();
> -@@ -947,32 +947,116 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
> -
> - const EVP_MD cryptodev_sha1 = {
> - NID_sha1,
> -- NID_undef,
> -+ NID_sha1WithRSAEncryption,
> - SHA_DIGEST_LENGTH,
> -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> -+ EVP_MD_FLAG_DIGALGID_ABSENT|
> -+#endif
> - EVP_MD_FLAG_ONESHOT,
> - cryptodev_digest_init,
> - cryptodev_digest_update,
> - cryptodev_digest_final,
> - cryptodev_digest_copy,
> - cryptodev_digest_cleanup,
> -- EVP_PKEY_NULL_method,
> -+ EVP_PKEY_RSA_method,
> - SHA_CBLOCK,
> -- sizeof(struct dev_crypto_state),
> -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> - };
> -
> --const EVP_MD cryptodev_md5 = {
> -+static const EVP_MD cryptodev_sha256 = {
> -+ NID_sha256,
> -+ NID_sha256WithRSAEncryption,
> -+ SHA256_DIGEST_LENGTH,
> -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> -+ EVP_MD_FLAG_DIGALGID_ABSENT|
> -+#endif
> -+ EVP_MD_FLAG_ONESHOT,
> -+ cryptodev_digest_init,
> -+ cryptodev_digest_update,
> -+ cryptodev_digest_final,
> -+ cryptodev_digest_copy,
> -+ cryptodev_digest_cleanup,
> -+ EVP_PKEY_RSA_method,
> -+ SHA256_CBLOCK,
> -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> -+};
> -+
> -+static const EVP_MD cryptodev_sha224 = {
> -+ NID_sha224,
> -+ NID_sha224WithRSAEncryption,
> -+ SHA224_DIGEST_LENGTH,
> -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> -+ EVP_MD_FLAG_DIGALGID_ABSENT|
> -+#endif
> -+ EVP_MD_FLAG_ONESHOT,
> -+ cryptodev_digest_init,
> -+ cryptodev_digest_update,
> -+ cryptodev_digest_final,
> -+ cryptodev_digest_copy,
> -+ cryptodev_digest_cleanup,
> -+ EVP_PKEY_RSA_method,
> -+ SHA256_CBLOCK,
> -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> -+};
> -+
> -+static const EVP_MD cryptodev_sha384 = {
> -+ NID_sha384,
> -+ NID_sha384WithRSAEncryption,
> -+ SHA384_DIGEST_LENGTH,
> -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> -+ EVP_MD_FLAG_DIGALGID_ABSENT|
> -+#endif
> -+ EVP_MD_FLAG_ONESHOT,
> -+ cryptodev_digest_init,
> -+ cryptodev_digest_update,
> -+ cryptodev_digest_final,
> -+ cryptodev_digest_copy,
> -+ cryptodev_digest_cleanup,
> -+ EVP_PKEY_RSA_method,
> -+ SHA512_CBLOCK,
> -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> -+};
> -+
> -+static const EVP_MD cryptodev_sha512 = {
> -+ NID_sha512,
> -+ NID_sha512WithRSAEncryption,
> -+ SHA512_DIGEST_LENGTH,
> -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> -+ EVP_MD_FLAG_DIGALGID_ABSENT|
> -+#endif
> -+ EVP_MD_FLAG_ONESHOT,
> -+ cryptodev_digest_init,
> -+ cryptodev_digest_update,
> -+ cryptodev_digest_final,
> -+ cryptodev_digest_copy,
> -+ cryptodev_digest_cleanup,
> -+ EVP_PKEY_RSA_method,
> -+ SHA512_CBLOCK,
> -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> -+};
> -+
> -+static const EVP_MD cryptodev_md5 = {
> - NID_md5,
> -- NID_undef,
> -+ NID_md5WithRSAEncryption,
> - 16 /* MD5_DIGEST_LENGTH */ ,
> -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
> -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
> -+ EVP_MD_FLAG_DIGALGID_ABSENT|
> -+#endif
> - EVP_MD_FLAG_ONESHOT,
> - cryptodev_digest_init,
> - cryptodev_digest_update,
> - cryptodev_digest_final,
> - cryptodev_digest_copy,
> - cryptodev_digest_cleanup,
> -- EVP_PKEY_NULL_method,
> -+ EVP_PKEY_RSA_method,
> - 64 /* MD5_CBLOCK */ ,
> -- sizeof(struct dev_crypto_state),
> -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
> - };
> -
> - # endif /* USE_CRYPTODEV_DIGESTS */
> -@@ -992,6 +1076,18 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
> - case NID_sha1:
> - *digest = &cryptodev_sha1;
> - break;
> -+ case NID_sha224:
> -+ *digest = &cryptodev_sha224;
> -+ break;
> -+ case NID_sha256:
> -+ *digest = &cryptodev_sha256;
> -+ break;
> -+ case NID_sha384:
> -+ *digest = &cryptodev_sha384;
> -+ break;
> -+ case NID_sha512:
> -+ *digest = &cryptodev_sha512;
> -+ break;
> - default:
> - # endif /* USE_CRYPTODEV_DIGESTS */
> - *digest = NULL;
> -@@ -1022,7 +1118,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
> - return (1);
> - memset(b, 0, bytes);
> -
> -- crp->crp_p = (caddr_t) b;
> -+ crp->crp_p = (void*) b;
> - crp->crp_nbits = bits;
> -
> - for (i = 0, j = 0; i < a->top; i++) {
> -@@ -1277,7 +1373,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
> - kop.crk_op = CRK_DSA_SIGN;
> -
> - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
> -- kop.crk_param[0].crp_p = (caddr_t) dgst;
> -+ kop.crk_param[0].crp_p = (void*)dgst;
> - kop.crk_param[0].crp_nbits = dlen * 8;
> - if (bn2crparam(dsa->p, &kop.crk_param[1]))
> - goto err;
> -@@ -1317,7 +1413,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
> - kop.crk_op = CRK_DSA_VERIFY;
> -
> - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
> -- kop.crk_param[0].crp_p = (caddr_t) dgst;
> -+ kop.crk_param[0].crp_p = (void*)dgst;
> - kop.crk_param[0].crp_nbits = dlen * 8;
> - if (bn2crparam(dsa->p, &kop.crk_param[1]))
> - goto err;
> -@@ -1398,9 +1494,10 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
> - goto err;
> - kop.crk_iparams = 3;
> -
> -- kop.crk_param[3].crp_p = (caddr_t) key;
> -- kop.crk_param[3].crp_nbits = keylen * 8;
> -+ kop.crk_param[3].crp_p = (void*) key;
> -+ kop.crk_param[3].crp_nbits = keylen;
> - kop.crk_oparams = 1;
> -+ dhret = keylen / 8;
> -
> - if (ioctl(fd, CIOCKEY, &kop) == -1) {
> - const DH_METHOD *meth = DH_OpenSSL();
> -@@ -1470,7 +1567,7 @@ void ENGINE_load_cryptodev(void)
> - put_dev_crypto(fd);
> -
> - if (!ENGINE_set_id(engine, "cryptodev") ||
> -- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
> -+ !ENGINE_set_name(engine, "cryptodev engine") ||
> - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
> - !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
> - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
> ---
> -1.9.1
> -
> diff --git a/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch b/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
> index eff72c548a..820c2addf1 100644
> --- a/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
> +++ b/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
> @@ -1,26 +1,29 @@
> -From 875fcad2ad84877763cba86c1265b57679b878b0 Mon Sep 17 00:00:00 2001
> +From b70be8c65365a8fc564226360d45adbbb29fc0af Mon Sep 17 00:00:00 2001
> From: Peter Seiderer <ps.report@gmx.net>
> Date: Tue, 24 Oct 2017 16:58:32 +0200
> Subject: [PATCH] Reproducible build: do not leak compiler path
>
> +Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> +
> +[Rebased on openssl-1.1.1.a]
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> - crypto/Makefile | 2 +-
> + crypto/build.info | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/crypto/Makefile b/crypto/Makefile
> -index 7869996..7e63291 100644
> ---- a/crypto/Makefile
> -+++ b/crypto/Makefile
> -@@ -55,7 +55,7 @@ top:
> - all: shared
> +diff --git a/crypto/build.info b/crypto/build.info
> +index 2c619c6..49ca6ab 100644
> +--- a/crypto/build.info
> ++++ b/crypto/build.info
> +@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
> + ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
>
> - buildinf.h: ../Makefile
> -- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
> -+ $(PERL) $(TOP)/util/mkbuildinf.pl "$$(basename $(CC)) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
> + DEPEND[cversion.o]=buildinf.h
> +-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
> ++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
> + DEPEND[buildinf.h]=../configdata.pm
>
> - x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
> - $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
> + GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
> --
> -2.11.0
> +2.20.1
>
> diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
> index 83fb8bd513..568d7e8b52 100644
> --- a/package/libopenssl/libopenssl.hash
> +++ b/package/libopenssl/libopenssl.hash
> @@ -1,10 +1,5 @@
> -# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha256
> -sha256 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 openssl-1.0.2q.tar.gz
> -# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha1
> -sha1 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 openssl-1.0.2q.tar.gz
> -# Locally computed
> -sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
> -sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
> -sha256 30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956 openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
> -sha256 deaf6f3af41874ecc6d63841ea14b8e6c71cea81d4a511a754bc90c9a993147f openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
> -sha256 c8f60f4842bbad0353f5d81620e72b168b5638ca3a0a999f5da113b22491612e LICENSE
> +# From https://www.openssl.org/source/openssl-1.1.1a.tar.gz.sha256
> +sha256 fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41 openssl-1.1.1a.tar.gz
> +
> +# License files
> +sha256 350c7817af2ef980d3f3922bc5e0bb6a9d9f6cc21e784a699bcd2a31c74a84b1 LICENSE
> diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
> index dc15abf66a..c0f792603f 100644
> --- a/package/libopenssl/libopenssl.mk
> +++ b/package/libopenssl/libopenssl.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBOPENSSL_VERSION = 1.0.2q
> +LIBOPENSSL_VERSION = 1.1.1a
> LIBOPENSSL_SITE = https://www.openssl.org/source
> LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
> LIBOPENSSL_LICENSE = OpenSSL or SSLeay
> @@ -15,11 +15,6 @@ HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
> LIBOPENSSL_TARGET_ARCH = generic32
> LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS)
> LIBOPENSSL_PROVIDES = openssl
> -LIBOPENSSL_PATCH = \
> - https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
> - https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
> - https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
> - https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
>
> # relocation truncated to fit: R_68K_GOT16O
> ifeq ($(BR2_m68k_cf),y)
> @@ -35,6 +30,20 @@ LIBOPENSSL_CFLAGS += -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
> LIBOPENSSL_DEPENDENCIES += cryptodev
> endif
>
> +# fixes the following build failures:
> +#
> +# - musl
> +# ./libcrypto.so: undefined reference to `getcontext'
> +# ./libcrypto.so: undefined reference to `setcontext'
> +# ./libcrypto.so: undefined reference to `makecontext'
> +#
> +# - uclibc:
> +# crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name ?ucontext_t?
> +#
> +ifneq ($(BR2_TOOLCHAIN_USES_MUSL)$(BR2_TOOLCHAIN_USES_UCLIBC),)
> +LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
> +endif
> +
> # Some architectures are optimized in OpenSSL
> # Doesn't work for thumb-only (Cortex-M?)
> ifeq ($(BR2_ARM_CPU_HAS_ARM),y)
> @@ -65,7 +74,7 @@ define HOST_LIBOPENSSL_CONFIGURE_CMDS
> ./config \
> --prefix=$(HOST_DIR) \
> --openssldir=$(HOST_DIR)/etc/ssl \
> - --libdir=/lib \
> + -Wl,-rpath,'$(HOST_DIR)/lib' \
> shared \
> zlib-dynamic \
> )
> @@ -80,13 +89,11 @@ define LIBOPENSSL_CONFIGURE_CMDS
> linux-$(LIBOPENSSL_TARGET_ARCH) \
> --prefix=/usr \
> --openssldir=/etc/ssl \
> - --libdir=/lib \
> $(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
> $(if $(BR2_STATIC_LIBS),no-shared,shared) \
> no-rc5 \
> enable-camellia \
> enable-mdc2 \
> - enable-tlsext \
> $(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
> $(if $(BR2_STATIC_LIBS),no-dso) \
> )
> @@ -112,7 +119,7 @@ define LIBOPENSSL_BUILD_CMDS
> endef
>
> define LIBOPENSSL_INSTALL_STAGING_CMDS
> - $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) INSTALL_PREFIX=$(STAGING_DIR) install
> + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
> endef
>
> define HOST_LIBOPENSSL_INSTALL_CMDS
> @@ -120,7 +127,7 @@ define HOST_LIBOPENSSL_INSTALL_CMDS
> endef
>
> define LIBOPENSSL_INSTALL_TARGET_CMDS
> - $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) INSTALL_PREFIX=$(TARGET_DIR) install
> + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
> rm -rf $(TARGET_DIR)/usr/lib/ssl
> rm -f $(TARGET_DIR)/usr/bin/c_rehash
> endef
> @@ -135,16 +142,6 @@ endef
> LIBOPENSSL_POST_INSTALL_STAGING_HOOKS += LIBOPENSSL_FIXUP_STATIC_PKGCONFIG
> endif
>
> -ifneq ($(BR2_STATIC_LIBS),y)
> -# libraries gets installed read only, so strip fails
> -define LIBOPENSSL_INSTALL_FIXUPS_SHARED
> - chmod +w $(TARGET_DIR)/usr/lib/engines/lib*.so
> - for i in $(addprefix $(TARGET_DIR)/usr/lib/,libcrypto.so.* libssl.so.*); \
> - do chmod +w $$i; done
> -endef
> -LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_INSTALL_FIXUPS_SHARED
> -endif
> -
> ifeq ($(BR2_PACKAGE_PERL),)
> define LIBOPENSSL_REMOVE_PERL_SCRIPTS
> $(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.pl,tsget}
> @@ -162,7 +159,7 @@ endif
>
> ifneq ($(BR2_PACKAGE_LIBOPENSSL_ENGINES),y)
> define LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
> - rm -rf $(TARGET_DIR)/usr/lib/engines
> + rm -rf $(TARGET_DIR)/usr/lib/engines-1.1
> endef
> LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
> endif
> --
> 2.20.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-18 11:49 ` Vadim Kochan
@ 2019-01-18 11:48 ` Patrick Havelange
2019-01-18 15:30 ` Vadim Kochan
2019-01-18 16:01 ` Vadim Kochan
0 siblings, 2 replies; 17+ messages in thread
From: Patrick Havelange @ 2019-01-18 11:48 UTC (permalink / raw)
To: buildroot
Hi,
I've attached the defconfig, I hope it's enough.
Patrick H.
On Fri, Jan 18, 2019 at 12:41 PM Vadim Kochan <vadim4j@gmail.com> wrote:
>
> On Fri, Jan 18, 2019 at 12:27:22PM +0100, Patrick Havelange wrote:
> > Hello,
> >
> > I'm working on fixing packages that do not work with the new openssl version,
> > For the moment I'm preparing an update for the package thrift (still a
> > WIP as i type this).
> > I've setup a gitlab repo with my current work in progress
> > (https://gitlab.com/essensium-mind/buildroot/branches/mind-opensslissues-*).
> >
> > Regarding the packages that do fail, some are indeed already known :
> > - android tools,
> > - softether,
> > I've also stumbled across those (for the moment) :
> > - pound
> > - ibrdtnd
> > - thrift (I have a version bump patch ready for this one)
> >
> > I also saw that in some cases the new openssl does not build (e.g.
> > br-xtensa-full) :
> > In file included from crypto/async/arch/../async_locl.h:30:0,
> > from crypto/async/arch/async_posix.c:11:
> > crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name
> > 'ucontext_t'
> > ucontext_t fibre;
> > ^~~~~~~~~~
> >
> > This should be fixed before merging.
> >
> > Regards,
> >
> > Patrick Havelange.
> >
>
> Hi Patrick,
>
> Can you please provide info how to trigger this build for br-xtensa-full locally
> to check this compilation issue ?
>
> Thanks,
> Vadim Kochan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: defconfig
Type: application/octet-stream
Size: 4295 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20190118/cc51517c/attachment.obj>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-18 11:27 ` Patrick Havelange
@ 2019-01-18 11:49 ` Vadim Kochan
2019-01-18 11:48 ` Patrick Havelange
0 siblings, 1 reply; 17+ messages in thread
From: Vadim Kochan @ 2019-01-18 11:49 UTC (permalink / raw)
To: buildroot
On Fri, Jan 18, 2019 at 12:27:22PM +0100, Patrick Havelange wrote:
> Hello,
>
> I'm working on fixing packages that do not work with the new openssl version,
> For the moment I'm preparing an update for the package thrift (still a
> WIP as i type this).
> I've setup a gitlab repo with my current work in progress
> (https://gitlab.com/essensium-mind/buildroot/branches/mind-opensslissues-*).
>
> Regarding the packages that do fail, some are indeed already known :
> - android tools,
> - softether,
> I've also stumbled across those (for the moment) :
> - pound
> - ibrdtnd
> - thrift (I have a version bump patch ready for this one)
>
> I also saw that in some cases the new openssl does not build (e.g.
> br-xtensa-full) :
> In file included from crypto/async/arch/../async_locl.h:30:0,
> from crypto/async/arch/async_posix.c:11:
> crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name
> 'ucontext_t'
> ucontext_t fibre;
> ^~~~~~~~~~
>
> This should be fixed before merging.
>
> Regards,
>
> Patrick Havelange.
>
Hi Patrick,
Can you please provide info how to trigger this build for br-xtensa-full locally
to check this compilation issue ?
Thanks,
Vadim Kochan
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-18 11:48 ` Patrick Havelange
@ 2019-01-18 15:30 ` Vadim Kochan
2019-01-18 16:01 ` Vadim Kochan
1 sibling, 0 replies; 17+ messages in thread
From: Vadim Kochan @ 2019-01-18 15:30 UTC (permalink / raw)
To: buildroot
Hi Patrick,
On Fri, Jan 18, 2019 at 12:48:05PM +0100, Patrick Havelange wrote:
> Hi,
> I've attached the defconfig, I hope it's enough.
>
> Patrick H.
>
> On Fri, Jan 18, 2019 at 12:41 PM Vadim Kochan <vadim4j@gmail.com> wrote:
> >
> > On Fri, Jan 18, 2019 at 12:27:22PM +0100, Patrick Havelange wrote:
> > > Hello,
> > >
> > > I'm working on fixing packages that do not work with the new openssl version,
> > > For the moment I'm preparing an update for the package thrift (still a
> > > WIP as i type this).
> > > I've setup a gitlab repo with my current work in progress
> > > (https://gitlab.com/essensium-mind/buildroot/branches/mind-opensslissues-*).
> > >
> > > Regarding the packages that do fail, some are indeed already known :
> > > - android tools,
> > > - softether,
> > > I've also stumbled across those (for the moment) :
> > > - pound
> > > - ibrdtnd
> > > - thrift (I have a version bump patch ready for this one)
> > >
> > > I also saw that in some cases the new openssl does not build (e.g.
> > > br-xtensa-full) :
> > > In file included from crypto/async/arch/../async_locl.h:30:0,
> > > from crypto/async/arch/async_posix.c:11:
> > > crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name
> > > 'ucontext_t'
> > > ucontext_t fibre;
> > > ^~~~~~~~~~
> > >
> > > This should be fixed before merging.
> > >
> > > Regards,
> > >
> > > Patrick Havelange.
> > >
> >
> > Hi Patrick,
> >
> > Can you please provide info how to trigger this build for br-xtensa-full locally
> > to check this compilation issue ?
> >
> > Thanks,
> > Vadim Kochan
meanwhile for me it looks like the issue is caused because the toolchain
which is used in this defconfig does not define
__UCLIBC_HAS_CONTEXT_FUNCS__ , and ucontext.h checks this define before
include sys/ucontext.h .
Regards,
Vadim Kochan
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-18 11:48 ` Patrick Havelange
2019-01-18 15:30 ` Vadim Kochan
@ 2019-01-18 16:01 ` Vadim Kochan
2019-01-21 10:31 ` Patrick Havelange
1 sibling, 1 reply; 17+ messages in thread
From: Vadim Kochan @ 2019-01-18 16:01 UTC (permalink / raw)
To: buildroot
Hi Patrick,
On Fri, Jan 18, 2019 at 12:48:05PM +0100, Patrick Havelange wrote:
> Hi,
> I've attached the defconfig, I hope it's enough.
>
> Patrick H.
>
> On Fri, Jan 18, 2019 at 12:41 PM Vadim Kochan <vadim4j@gmail.com> wrote:
> >
> > On Fri, Jan 18, 2019 at 12:27:22PM +0100, Patrick Havelange wrote:
> > > Hello,
> > >
> > > I'm working on fixing packages that do not work with the new openssl version,
> > > For the moment I'm preparing an update for the package thrift (still a
> > > WIP as i type this).
> > > I've setup a gitlab repo with my current work in progress
> > > (https://gitlab.com/essensium-mind/buildroot/branches/mind-opensslissues-*).
> > >
> > > Regarding the packages that do fail, some are indeed already known :
> > > - android tools,
> > > - softether,
> > > I've also stumbled across those (for the moment) :
> > > - pound
> > > - ibrdtnd
> > > - thrift (I have a version bump patch ready for this one)
> > >
> > > I also saw that in some cases the new openssl does not build (e.g.
> > > br-xtensa-full) :
> > > In file included from crypto/async/arch/../async_locl.h:30:0,
> > > from crypto/async/arch/async_posix.c:11:
> > > crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name
> > > 'ucontext_t'
> > > ucontext_t fibre;
> > > ^~~~~~~~~~
> > >
> > > This should be fixed before merging.
> > >
> > > Regards,
> > >
> > > Patrick Havelange.
> > >
> >
> > Hi Patrick,
> >
> > Can you please provide info how to trigger this build for br-xtensa-full locally
> > to check this compilation issue ?
> >
> > Thanks,
> > Vadim Kochan
I looked into uclibc-1.0.31/extra/Configs/Config.in and I see that
UCLIBC_HAS_CONTEXT_FUNCS depends on ARCH_HAS_UCONTEXT which is not
selected by extra/Configs/Config.xtensa .
Regards,
Vadim Kochan
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-18 16:01 ` Vadim Kochan
@ 2019-01-21 10:31 ` Patrick Havelange
2019-01-21 11:32 ` Vadim Kochan
0 siblings, 1 reply; 17+ messages in thread
From: Patrick Havelange @ 2019-01-21 10:31 UTC (permalink / raw)
To: buildroot
Hi,
> I looked into uclibc-1.0.31/extra/Configs/Config.in and I see that
> UCLIBC_HAS_CONTEXT_FUNCS depends on ARCH_HAS_UCONTEXT which is not
> selected by extra/Configs/Config.xtensa .
>
Thanks for the explanation, I'm also now doing a patch to set the
proper openssl #define based on that property.
BR,
Patrick Havelange
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-21 10:31 ` Patrick Havelange
@ 2019-01-21 11:32 ` Vadim Kochan
2019-01-22 11:33 ` Patrick Havelange
0 siblings, 1 reply; 17+ messages in thread
From: Vadim Kochan @ 2019-01-21 11:32 UTC (permalink / raw)
To: buildroot
Hi,
On Mon, Jan 21, 2019 at 11:31:17AM +0100, Patrick Havelange wrote:
> Hi,
>
> > I looked into uclibc-1.0.31/extra/Configs/Config.in and I see that
> > UCLIBC_HAS_CONTEXT_FUNCS depends on ARCH_HAS_UCONTEXT which is not
> > selected by extra/Configs/Config.xtensa .
> >
>
> Thanks for the explanation, I'm also now doing a patch to set the
> proper openssl #define based on that property.
>
> BR,
>
> Patrick Havelange
I think that probably disabling the openssl's "async" feature for arch which does
not support ucontext by uclibc might be enough.
Regards,
Vadim Kochan
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-21 11:32 ` Vadim Kochan
@ 2019-01-22 11:33 ` Patrick Havelange
2019-01-23 9:38 ` Patrick Havelange
0 siblings, 1 reply; 17+ messages in thread
From: Patrick Havelange @ 2019-01-22 11:33 UTC (permalink / raw)
To: buildroot
Hi,
I've made 2 small patches to fix that specific build error, they are
available in https://gitlab.com/essensium-mind/buildroot/commits/mind-opensslissues-allpatches
, in particular f61e97a6 & 43b54991 (.
If it's okay they should be integrated in the openssl bump patch series.
There will probably be another patch for openssl as I'm debugging
another build failure (linking issues for atomic functions).
Regards,
Patrick Havelange.
On Mon, Jan 21, 2019 at 12:23 PM Vadim Kochan <vadim4j@gmail.com> wrote:
>
> Hi,
>
> On Mon, Jan 21, 2019 at 11:31:17AM +0100, Patrick Havelange wrote:
> > Hi,
> >
> > > I looked into uclibc-1.0.31/extra/Configs/Config.in and I see that
> > > UCLIBC_HAS_CONTEXT_FUNCS depends on ARCH_HAS_UCONTEXT which is not
> > > selected by extra/Configs/Config.xtensa .
> > >
> >
> > Thanks for the explanation, I'm also now doing a patch to set the
> > proper openssl #define based on that property.
> >
> > BR,
> >
> > Patrick Havelange
>
> I think that probably disabling the openssl's "async" feature for arch which does
> not support ucontext by uclibc might be enough.
>
> Regards,
> Vadim Kochan
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a
2019-01-22 11:33 ` Patrick Havelange
@ 2019-01-23 9:38 ` Patrick Havelange
0 siblings, 0 replies; 17+ messages in thread
From: Patrick Havelange @ 2019-01-23 9:38 UTC (permalink / raw)
To: buildroot
Hi all,
Another patch that fixes a build failure with the new openssl.
(also pushed to
https://gitlab.com/essensium-mind/buildroot/commits/mind-opensslissues-allpatches
, commit bac10499)
BR,
Patrick Havelange
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-package-libopenssl-use-latomic-when-needed.patch
Type: text/x-patch
Size: 945 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20190123/6678dd9c/attachment.bin>
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2019-01-23 9:38 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-17 18:16 [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 2/4] freeswitch: bump to git master 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e Peter Seiderer
2019-01-17 18:16 ` [Buildroot] [PATCH v5 3/4] mariadb: use host-openssl from buildroot-system Peter Seiderer
2019-01-17 19:39 ` Ryan Coe
2019-01-17 18:16 ` [Buildroot] [PATCH v5 4/4] package/pound: Fix build with OpenSSL 1.1.x Peter Seiderer
2019-01-17 19:39 ` [Buildroot] [PATCH v5 1/4] libopenssl: bump version to 1.1.1a Ryan Coe
2019-01-17 23:28 ` Vadim Kochan
2019-01-18 0:16 ` Vadim Kochan
2019-01-18 11:27 ` Patrick Havelange
2019-01-18 11:49 ` Vadim Kochan
2019-01-18 11:48 ` Patrick Havelange
2019-01-18 15:30 ` Vadim Kochan
2019-01-18 16:01 ` Vadim Kochan
2019-01-21 10:31 ` Patrick Havelange
2019-01-21 11:32 ` Vadim Kochan
2019-01-22 11:33 ` Patrick Havelange
2019-01-23 9:38 ` Patrick Havelange
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox