* Re: Add LibreSSL support
2015-11-03 23:34 Add LibreSSL support Ruslan Babayev
@ 2015-11-03 22:38 ` Burton, Ross
2015-11-04 0:14 ` Ruslan Babayev
2015-11-03 23:28 ` akuster808
2015-11-03 23:39 ` Ruslan Babayev
2 siblings, 1 reply; 7+ messages in thread
From: Burton, Ross @ 2015-11-03 22:38 UTC (permalink / raw)
To: Ruslan Babayev; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 333 bytes --]
On 3 November 2015 at 23:34, Ruslan Babayev <ruslan@babayev.com> wrote:
> Please find attached the patch to add support for LibreSSL.
>
I think I'd prefer oe-core to have just the one provider of the openssl
APIs, so if oe-core sticks with openssl then libressl should go into
another layer, meta-networking maybe?
Ross
[-- Attachment #2: Type: text/html, Size: 740 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Add LibreSSL support
2015-11-03 23:34 Add LibreSSL support Ruslan Babayev
2015-11-03 22:38 ` Burton, Ross
@ 2015-11-03 23:28 ` akuster808
2015-11-04 0:53 ` Ruslan Babayev
2015-11-03 23:39 ` Ruslan Babayev
2 siblings, 1 reply; 7+ messages in thread
From: akuster808 @ 2015-11-03 23:28 UTC (permalink / raw)
To: Ruslan Babayev, openembedded-core
Ruslan,
any reason version 2.3.1 was not picked?
I believe 2.2.4 is missing (CVE-2015-5333 and CVE-2015-5334)
- armin
On 11/03/2015 03:34 PM, Ruslan Babayev wrote:
> Please find attached the patch to add support for LibreSSL.
>
> OpenSSL is still preferred, so you'd have add these to your local.conf
>
> PREFERRED_PROVIDER_openssl ?= "openssl"
> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Add LibreSSL support
@ 2015-11-03 23:34 Ruslan Babayev
2015-11-03 22:38 ` Burton, Ross
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Ruslan Babayev @ 2015-11-03 23:34 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 296 bytes --]
Please find attached the patch to add support for LibreSSL.
OpenSSL is still preferred, so you'd have add these to your local.conf
PREFERRED_PROVIDER_openssl ?= "openssl"
PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Add-LibreSSL.patch --]
[-- Type: text/x-patch, Size: 3657 bytes --]
From db63d8224c0779d6de466014adf10e0a092a210c Mon Sep 17 00:00:00 2001
From: Ruslan Babayev <ruslan@babayev.com>
Date: Mon, 2 Nov 2015 17:56:27 -0800
Subject: [PATCH] Add LibreSSL
---
meta/conf/distro/include/default-providers.inc | 3 +++
.../libressl/files/gnuc_prereq.patch | 13 +++++++++++++
meta/recipes-connectivity/libressl/libressl.inc | 20 ++++++++++++++++++++
meta/recipes-connectivity/libressl/libressl_2.2.4.bb | 6 ++++++
4 files changed, 42 insertions(+)
create mode 100644 meta/recipes-connectivity/libressl/files/gnuc_prereq.patch
create mode 100644 meta/recipes-connectivity/libressl/libressl.inc
create mode 100644 meta/recipes-connectivity/libressl/libressl_2.2.4.bb
diff --git a/meta/conf/distro/include/default-providers.inc b/meta/conf/distro/include/default-providers.inc
index 9f84d5c..205f1cd 100644
--- a/meta/conf/distro/include/default-providers.inc
+++ b/meta/conf/distro/include/default-providers.inc
@@ -49,3 +49,6 @@ PREFERRED_PROVIDER_bluez-hcidump ?= "${@bb.utils.contains('DISTRO_FEATURES','blu
# Alternative is ltp-ddt in meta-oe: meta-oe/recipes-devtools/ltp-ddt/ltp-ddt_0.0.4.bb
PREFERRED_PROVIDER_ltp ?= "ltp"
PREFERRED_PROVIDER_getopt ?= "util-linux-getopt"
+PREFERRED_PROVIDER_openssl ?= "openssl"
+PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
+PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
diff --git a/meta/recipes-connectivity/libressl/files/gnuc_prereq.patch b/meta/recipes-connectivity/libressl/files/gnuc_prereq.patch
new file mode 100644
index 0000000..61fa51a
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/files/gnuc_prereq.patch
@@ -0,0 +1,13 @@
+Index: libressl-2.2.4/crypto/bn/bn_lcl.h
+===================================================================
+--- libressl-2.2.4.orig/crypto/bn/bn_lcl.h
++++ libressl-2.2.4/crypto/bn/bn_lcl.h
+@@ -259,7 +259,7 @@ extern "C" {
+ # endif
+ # elif defined(__mips) && defined(_LP64)
+ # if defined(__GNUC__) && __GNUC__>=2
+-# if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
++# if __GNUC_PREREQ(4,4) /* "h" constraint is no more since 4.4 */
+ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
+ # define BN_UMULT_LOHI(low,high,a,b) ({ \
+ __uint128_t ret=(__uint128_t)(a)*(b); \
diff --git a/meta/recipes-connectivity/libressl/libressl.inc b/meta/recipes-connectivity/libressl/libressl.inc
new file mode 100644
index 0000000..d0acdc4
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/libressl.inc
@@ -0,0 +1,20 @@
+SUMMARY = "LibreSSL fork of OpenSSL"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.libressl.org/"
+SECTION = "libs/network"
+
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://COPYING;md5=01f9bb4d275f5eeea905377bef3de622"
+
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${PV}.tar.gz"
+
+S = "${WORKDIR}/libressl-${PV}"
+
+inherit pkgconfig autotools
+
+PROVIDES += "openssl"
+
+RPROVIDES_${PN} += "openssl"
+RCONFLICTS_${PN} += "openssl"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/libressl/libressl_2.2.4.bb b/meta/recipes-connectivity/libressl/libressl_2.2.4.bb
new file mode 100644
index 0000000..f2f6fc2
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/libressl_2.2.4.bb
@@ -0,0 +1,6 @@
+require libressl.inc
+
+SRC_URI += " file://gnuc_prereq.patch"
+
+SRC_URI[md5sum] = "bae037598bd63987666302f9644de237"
+SRC_URI[sha256sum] = "6b409859be8654afc3862549494e097017e64c8d167f12584383586306ef9a7e"
--
2.6.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: Add LibreSSL support
2015-11-03 23:34 Add LibreSSL support Ruslan Babayev
2015-11-03 22:38 ` Burton, Ross
2015-11-03 23:28 ` akuster808
@ 2015-11-03 23:39 ` Ruslan Babayev
2 siblings, 0 replies; 7+ messages in thread
From: Ruslan Babayev @ 2015-11-03 23:39 UTC (permalink / raw)
To: openembedded-core
Sorry I meant this:
PREFERRED_PROVIDER_openssl ?= "libressl"
PREFERRED_PROVIDER_openssl-native ?= "libressl-native"
PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-libressl"
Ruslan Babayev writes:
> Please find attached the patch to add support for LibreSSL.
>
> OpenSSL is still preferred, so you'd have add these to your local.conf
>
> PREFERRED_PROVIDER_openssl ?= "openssl"
> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Add LibreSSL support
2015-11-03 22:38 ` Burton, Ross
@ 2015-11-04 0:14 ` Ruslan Babayev
0 siblings, 0 replies; 7+ messages in thread
From: Ruslan Babayev @ 2015-11-04 0:14 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 280 bytes --]
Burton, Ross writes:
>
> I think I'd prefer oe-core to have just the one provider of the openssl
> APIs, so if oe-core sticks with openssl then libressl should go into
> another layer, meta-networking maybe?
>
Thanks for feedback Ross. Moved it to meta-networking.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-meta-networking-recipes-connectivity-add-libressl-re.patch --]
[-- Type: text/x-patch, Size: 3140 bytes --]
From 5b41fed5cea2123bffd13c0d724c4ff75e8a5d8a Mon Sep 17 00:00:00 2001
From: Ruslan Babayev <ruslan@babayev.com>
Date: Tue, 3 Nov 2015 15:08:34 -0800
Subject: [PATCH] meta-networking: recipes-connectivity: add libressl recipe
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
---
.../libressl/files/gnuc_prereq.patch | 13 +++++++++++++
.../recipes-connectivity/libressl/libressl.inc | 20 ++++++++++++++++++++
.../recipes-connectivity/libressl/libressl_2.2.4.bb | 6 ++++++
3 files changed, 39 insertions(+)
create mode 100644 meta-networking/recipes-connectivity/libressl/files/gnuc_prereq.patch
create mode 100644 meta-networking/recipes-connectivity/libressl/libressl.inc
create mode 100644 meta-networking/recipes-connectivity/libressl/libressl_2.2.4.bb
diff --git a/meta-networking/recipes-connectivity/libressl/files/gnuc_prereq.patch b/meta-networking/recipes-connectivity/libressl/files/gnuc_prereq.patch
new file mode 100644
index 0000000..61fa51a
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libressl/files/gnuc_prereq.patch
@@ -0,0 +1,13 @@
+Index: libressl-2.2.4/crypto/bn/bn_lcl.h
+===================================================================
+--- libressl-2.2.4.orig/crypto/bn/bn_lcl.h
++++ libressl-2.2.4/crypto/bn/bn_lcl.h
+@@ -259,7 +259,7 @@ extern "C" {
+ # endif
+ # elif defined(__mips) && defined(_LP64)
+ # if defined(__GNUC__) && __GNUC__>=2
+-# if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
++# if __GNUC_PREREQ(4,4) /* "h" constraint is no more since 4.4 */
+ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
+ # define BN_UMULT_LOHI(low,high,a,b) ({ \
+ __uint128_t ret=(__uint128_t)(a)*(b); \
diff --git a/meta-networking/recipes-connectivity/libressl/libressl.inc b/meta-networking/recipes-connectivity/libressl/libressl.inc
new file mode 100644
index 0000000..d0acdc4
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libressl/libressl.inc
@@ -0,0 +1,20 @@
+SUMMARY = "LibreSSL fork of OpenSSL"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.libressl.org/"
+SECTION = "libs/network"
+
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://COPYING;md5=01f9bb4d275f5eeea905377bef3de622"
+
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${PV}.tar.gz"
+
+S = "${WORKDIR}/libressl-${PV}"
+
+inherit pkgconfig autotools
+
+PROVIDES += "openssl"
+
+RPROVIDES_${PN} += "openssl"
+RCONFLICTS_${PN} += "openssl"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-networking/recipes-connectivity/libressl/libressl_2.2.4.bb b/meta-networking/recipes-connectivity/libressl/libressl_2.2.4.bb
new file mode 100644
index 0000000..f2f6fc2
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libressl/libressl_2.2.4.bb
@@ -0,0 +1,6 @@
+require libressl.inc
+
+SRC_URI += " file://gnuc_prereq.patch"
+
+SRC_URI[md5sum] = "bae037598bd63987666302f9644de237"
+SRC_URI[sha256sum] = "6b409859be8654afc3862549494e097017e64c8d167f12584383586306ef9a7e"
--
2.6.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: Add LibreSSL support
2015-11-04 0:53 ` Ruslan Babayev
@ 2015-11-04 0:46 ` akuster808
0 siblings, 0 replies; 7+ messages in thread
From: akuster808 @ 2015-11-04 0:46 UTC (permalink / raw)
To: Ruslan Babayev; +Cc: openembedded-core
Ruslan,
On 11/03/2015 04:53 PM, Ruslan Babayev wrote:
> Hi Armin,
>
> It is the latest stable. And it looks like this patch has made it into
> 2.2.4
Thanks for double checking.
- armin
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
>
> akuster808 writes:
>
>> Ruslan,
>>
>> any reason version 2.3.1 was not picked?
>>
>> I believe 2.2.4 is missing (CVE-2015-5333 and CVE-2015-5334)
>>
>> - armin
>>
>> On 11/03/2015 03:34 PM, Ruslan Babayev wrote:
>>> Please find attached the patch to add support for LibreSSL.
>>>
>>> OpenSSL is still preferred, so you'd have add these to your local.conf
>>>
>>> PREFERRED_PROVIDER_openssl ?= "openssl"
>>> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
>>> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
>>>
>>>
>>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Add LibreSSL support
2015-11-03 23:28 ` akuster808
@ 2015-11-04 0:53 ` Ruslan Babayev
2015-11-04 0:46 ` akuster808
0 siblings, 1 reply; 7+ messages in thread
From: Ruslan Babayev @ 2015-11-04 0:53 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
Hi Armin,
It is the latest stable. And it looks like this patch has made it into
2.2.4
http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
akuster808 writes:
> Ruslan,
>
> any reason version 2.3.1 was not picked?
>
> I believe 2.2.4 is missing (CVE-2015-5333 and CVE-2015-5334)
>
> - armin
>
> On 11/03/2015 03:34 PM, Ruslan Babayev wrote:
>> Please find attached the patch to add support for LibreSSL.
>>
>> OpenSSL is still preferred, so you'd have add these to your local.conf
>>
>> PREFERRED_PROVIDER_openssl ?= "openssl"
>> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
>> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
>>
>>
>>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-11-04 0:46 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-03 23:34 Add LibreSSL support Ruslan Babayev
2015-11-03 22:38 ` Burton, Ross
2015-11-04 0:14 ` Ruslan Babayev
2015-11-03 23:28 ` akuster808
2015-11-04 0:53 ` Ruslan Babayev
2015-11-04 0:46 ` akuster808
2015-11-03 23:39 ` Ruslan Babayev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox