* [fido][PATCH 0/1] Undo ABI breakage in OpenSSL
@ 2016-05-12 12:06 Joshua Lock
[not found] ` <cover.1463054731.git.joshua.g.lock@intel.com>
2016-05-12 14:16 ` [fido][PATCH 0/1] Undo ABI breakage in OpenSSL Martin Jansa
0 siblings, 2 replies; 6+ messages in thread
From: Joshua Lock @ 2016-05-12 12:06 UTC (permalink / raw)
To: openembedded-core
The backported upgrade to OpenSSL 1.0.2h introduced a newer version of
Debian's linker version-script which breaks the OpenSSL ABI.
This isn't desirable for a stable release, thus the attached patch reverts
the linker-version changes and simply adds the 2 new symbols required by
1.0.2h.
Thanks to Martin Jansa for spotting the issue and suggesting a fix.
The following changes since commit e7c46ce3e59cb4fd770e76ae006c0166d0dd5265:
build-appliance-image: Update to fido head revision (2016-05-11 18:00:15 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib joshuagl/fido-next
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=joshuagl/fido-next
Joshua Lock (1):
openssl: prevent ABI break from earlier fido releases
.../openssl/debian1.0.2/version-script.patch | 31 +++++++++++++++-------
1 file changed, 22 insertions(+), 9 deletions(-)
--
2.5.5
^ permalink raw reply [flat|nested] 6+ messages in thread[parent not found: <cover.1463054731.git.joshua.g.lock@intel.com>]
* [fido][PATCH 1/1] openssl: prevent ABI break from earlier fido releases [not found] ` <cover.1463054731.git.joshua.g.lock@intel.com> @ 2016-05-12 12:06 ` Joshua Lock 0 siblings, 0 replies; 6+ messages in thread From: Joshua Lock @ 2016-05-12 12:06 UTC (permalink / raw) To: openembedded-core The backported upgrade to 1.0.2h included an updated GNU LD version-script which results in an ABI change. In order to try and respect ABI for existing binaries built against fido this commit partially reverts the version-script to maintain the existing ABI and instead only add the new symbols required by 1.0.2h. Suggested-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> --- .../openssl/debian1.0.2/version-script.patch | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch index 29f11a2..f53efdb 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch @@ -15,8 +15,8 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 -@@ -0,0 +1,4608 @@ -+OPENSSL_1.0.2d { +@@ -0,0 +1,4621 @@ ++OPENSSL_1.0.0 { + global: + BIO_f_ssl; + BIO_new_buffer_ssl_connect; @@ -4314,6 +4314,14 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld + CRYPTO_cbc128_decrypt; + CRYPTO_cfb128_encrypt; + CRYPTO_cfb128_8_encrypt; ++ ++ local: ++ *; ++}; ++ ++ ++OPENSSL_1.0.1 { ++ global: + SSL_renegotiate_abbreviated; + TLSv1_1_method; + TLSv1_1_client_method; @@ -4475,7 +4483,15 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld + BIO_s_datagram_sctp; + BIO_dgram_is_sctp; + BIO_dgram_sctp_notification_cb; ++} OPENSSL_1.0.0; ++ ++OPENSSL_1.0.1d { ++ global: + CRYPTO_memcmp; ++} OPENSSL_1.0.1; ++ ++OPENSSL_1.0.2 { ++ global: + SSL_CTX_set_alpn_protos; + SSL_set_alpn_protos; + SSL_CTX_set_alpn_select_cb; @@ -4613,23 +4629,20 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld + BUF_strnlen; + sk_deep_copy; + SSL_test_functions; -+ -+ local: -+ *; -+}; ++} OPENSSL_1.0.1d; + +OPENSSL_1.0.2g { + global: + SRP_VBASE_get1_by_user; + SRP_user_pwd_free; -+} OPENSSL_1.0.2d; ++} OPENSSL_1.0.2; + Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 @@ -0,0 +1,10 @@ -+OPENSSL_1.0.2 { ++OPENSSL_1.0.0 { + global: + bind_engine; + v_check; @@ -4644,7 +4657,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 @@ -0,0 +1,10 @@ -+OPENSSL_1.0.2 { ++OPENSSL_1.0.0 { + global: + bind_engine; + v_check; -- 2.5.5 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [fido][PATCH 0/1] Undo ABI breakage in OpenSSL 2016-05-12 12:06 [fido][PATCH 0/1] Undo ABI breakage in OpenSSL Joshua Lock [not found] ` <cover.1463054731.git.joshua.g.lock@intel.com> @ 2016-05-12 14:16 ` Martin Jansa 2016-05-13 16:34 ` Richard Purdie 1 sibling, 1 reply; 6+ messages in thread From: Martin Jansa @ 2016-05-12 14:16 UTC (permalink / raw) To: Joshua Lock; +Cc: openembedded-core [-- Attachment #1: Type: text/plain, Size: 1972 bytes --] On Thu, May 12, 2016 at 01:06:33PM +0100, Joshua Lock wrote: > The backported upgrade to OpenSSL 1.0.2h introduced a newer version of > Debian's linker version-script which breaks the OpenSSL ABI. > This isn't desirable for a stable release, thus the attached patch reverts > the linker-version changes and simply adds the 2 new symbols required by > 1.0.2h. > > Thanks to Martin Jansa for spotting the issue and suggesting a fix. Thanks for following it and getting it merged so quickly. It was already merged in fido, can we get the same to jethro (which was also recently upgraded to 1.0.2h)? Small downside is that the same 1.0.2h version in fido and jethro will have different ABI than 1.0.2h in krogoth (unless someone updates the version there as suggested by Andre in: http://lists.openembedded.org/pipermail/openembedded-core/2016-March/118433.html ). Krogoth was released with this ABI, so it's something users have to deal with when upgrading to newer Yocto release (and this won't be the only component with different ABI). > The following changes since commit e7c46ce3e59cb4fd770e76ae006c0166d0dd5265: > > build-appliance-image: Update to fido head revision (2016-05-11 18:00:15 +0100) > > are available in the git repository at: > > git://git.openembedded.org/openembedded-core-contrib joshuagl/fido-next > http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=joshuagl/fido-next > > Joshua Lock (1): > openssl: prevent ABI break from earlier fido releases > > .../openssl/debian1.0.2/version-script.patch | 31 +++++++++++++++------- > 1 file changed, 22 insertions(+), 9 deletions(-) > > -- > 2.5.5 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [fido][PATCH 0/1] Undo ABI breakage in OpenSSL 2016-05-12 14:16 ` [fido][PATCH 0/1] Undo ABI breakage in OpenSSL Martin Jansa @ 2016-05-13 16:34 ` Richard Purdie 2016-05-13 20:59 ` akuster808 2016-05-13 23:50 ` akuster808 0 siblings, 2 replies; 6+ messages in thread From: Richard Purdie @ 2016-05-13 16:34 UTC (permalink / raw) To: Martin Jansa, Joshua Lock, Robert Yang, Armin Kuster; +Cc: openembedded-core On Thu, 2016-05-12 at 16:16 +0200, Martin Jansa wrote: > On Thu, May 12, 2016 at 01:06:33PM +0100, Joshua Lock wrote: > > The backported upgrade to OpenSSL 1.0.2h introduced a newer version > > of > > Debian's linker version-script which breaks the OpenSSL ABI. > > This isn't desirable for a stable release, thus the attached patch > > reverts > > the linker-version changes and simply adds the 2 new symbols > > required by > > 1.0.2h. > > > > Thanks to Martin Jansa for spotting the issue and suggesting a fix. > > Thanks for following it and getting it merged so quickly. > > It was already merged in fido, can we get the same to jethro (which > was > also recently upgraded to 1.0.2h)? I'm hoping someone will give me a patch series which does this correctly for jethro. Its why I haven't taken the previous pull request. Cheers, Richard ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [fido][PATCH 0/1] Undo ABI breakage in OpenSSL 2016-05-13 16:34 ` Richard Purdie @ 2016-05-13 20:59 ` akuster808 2016-05-13 23:50 ` akuster808 1 sibling, 0 replies; 6+ messages in thread From: akuster808 @ 2016-05-13 20:59 UTC (permalink / raw) To: Richard Purdie, Martin Jansa, Joshua Lock, Robert Yang; +Cc: openembedded-core On 05/13/2016 09:34 AM, Richard Purdie wrote: > On Thu, 2016-05-12 at 16:16 +0200, Martin Jansa wrote: >> On Thu, May 12, 2016 at 01:06:33PM +0100, Joshua Lock wrote: >>> The backported upgrade to OpenSSL 1.0.2h introduced a newer version >>> of >>> Debian's linker version-script which breaks the OpenSSL ABI. >>> This isn't desirable for a stable release, thus the attached patch >>> reverts >>> the linker-version changes and simply adds the 2 new symbols >>> required by >>> 1.0.2h. >>> >>> Thanks to Martin Jansa for spotting the issue and suggesting a fix. >> >> Thanks for following it and getting it merged so quickly. >> >> It was already merged in fido, can we get the same to jethro (which >> was >> also recently upgraded to 1.0.2h)? > > I'm hoping someone will give me a patch series which does this > correctly for jethro. Its why I haven't taken the previous pull > request. I will spin one - armin > > Cheers, > > Richard > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [fido][PATCH 0/1] Undo ABI breakage in OpenSSL 2016-05-13 16:34 ` Richard Purdie 2016-05-13 20:59 ` akuster808 @ 2016-05-13 23:50 ` akuster808 1 sibling, 0 replies; 6+ messages in thread From: akuster808 @ 2016-05-13 23:50 UTC (permalink / raw) To: Richard Purdie, Martin Jansa, Joshua Lock, Robert Yang; +Cc: openembedded-core On 05/13/2016 09:34 AM, Richard Purdie wrote: > On Thu, 2016-05-12 at 16:16 +0200, Martin Jansa wrote: >> On Thu, May 12, 2016 at 01:06:33PM +0100, Joshua Lock wrote: >>> The backported upgrade to OpenSSL 1.0.2h introduced a newer version >>> of >>> Debian's linker version-script which breaks the OpenSSL ABI. >>> This isn't desirable for a stable release, thus the attached patch >>> reverts >>> the linker-version changes and simply adds the 2 new symbols >>> required by >>> 1.0.2h. >>> >>> Thanks to Martin Jansa for spotting the issue and suggesting a fix. >> >> Thanks for following it and getting it merged so quickly. >> >> It was already merged in fido, can we get the same to jethro (which >> was >> also recently upgraded to 1.0.2h)? > > I'm hoping someone will give me a patch series which does this > correctly for jethro. Its why I haven't taken the previous pull > request. > sent - armin > Cheers, > > Richard > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-05-13 23:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-12 12:06 [fido][PATCH 0/1] Undo ABI breakage in OpenSSL Joshua Lock
[not found] ` <cover.1463054731.git.joshua.g.lock@intel.com>
2016-05-12 12:06 ` [fido][PATCH 1/1] openssl: prevent ABI break from earlier fido releases Joshua Lock
2016-05-12 14:16 ` [fido][PATCH 0/1] Undo ABI breakage in OpenSSL Martin Jansa
2016-05-13 16:34 ` Richard Purdie
2016-05-13 20:59 ` akuster808
2016-05-13 23:50 ` akuster808
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox