From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [RFC PATCH 00/10] Add openssl 1.1
Date: Wed, 10 May 2017 17:13:18 +0300 [thread overview]
Message-ID: <cover.1494425038.git.alexander.kanavin@linux.intel.com> (raw)
This patch series introduces the recipe for openssl 1.1 (openssl 1.0 is preserved
but renamed to openssl10), and does a few necessary adjustmenets and updates to other
recipes. The reason it's marked RFC is that there is one known remaining issue to
resolve: specifically, u-boot needs to be ported to 1.1 before this series can be
merged, otherwise there's a dependency conflict when building native u-boot. This
should be resolved quite soon, but it isn't yet (as of u-boot v2017.05).
Openssl 1.1 is an opt-out; it has the same recipe name as openssl 1.0 had, and so
all dependencies are compiled with it by default. If there's an API issue, please
fix it, or adjust the recipe to depend on 'openssl10' (which is a lesser solution,
and subject to openssl 1.0 eventually being removed from oe-core).
Please review the following changes for suitability for inclusion. If you have
any objections or suggestions for improvement, please respond to the patches. If
you agree with the changes, please provide your Acked-by.
The following changes since commit 381897c64069ea43d595380a3ae913bcc79cf7e1:
build-appliance-image: Update to master head revision (2017-05-01 08:56:47 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akanavin/openssl-1.1
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akanavin/openssl-1.1
Alexander Kanavin (10):
python: update to 3.5.3
openssl: add a 1.1 version
u-boot-mkimage: depend on openssl 1.0
bind: fix upstream version check
bind: update to 9.10.5
openssh: depend on openssl 1.0
apr-util: add support for openssl 1.1 via backported patch
cryptodev-tests: depend on openssl 1.0
mailx: depend on openssl 1.0
gstreamer-plugins-bad: replace openssl dependency with nettle for hls
plugin
meta/conf/distro/include/no-static-libs.inc | 3 +
meta/conf/distro/include/security_flags.inc | 2 +-
meta/recipes-bsp/u-boot/u-boot-mkimage_2017.01.bb | 2 +-
...0001-build-use-pkg-config-to-find-libxml2.patch | 14 +-
...=> 0001-confgen-don-t-build-unix.o-twice.patch} | 17 +-
.../bind/bind/CVE-2016-1285.patch | 154 ----------
.../bind/bind/CVE-2016-1286_1.patch | 79 -----
.../bind/bind/CVE-2016-1286_2.patch | 317 ---------------------
.../bind/bind/CVE-2016-2088.patch | 247 ----------------
.../bind/bind/CVE-2016-2775.patch | 90 ------
.../bind/bind/CVE-2016-2776.patch | 123 --------
.../bind/bind/mips1-not-support-opcode.diff | 104 -------
.../bind/{bind_9.10.3-P3.bb => bind_9.10.5.bb} | 27 +-
meta/recipes-connectivity/openssh/openssh_7.4p1.bb | 3 +-
...ve-test-that-requires-running-as-non-root.patch | 49 ++++
...1-Take-linking-flags-from-LDFLAGS-env-var.patch | 43 +++
.../recipes-connectivity/openssl/openssl/run-ptest | 4 +-
.../openssl/{openssl.inc => openssl10.inc} | 14 +-
...build-with-clang-using-external-assembler.patch | 0
.../{openssl => openssl10}/Makefiles-ptest.patch | 0
.../Use-SHA256-not-MD5-as-default-digest.patch | 0
.../configure-musl-target.patch | 0
.../{openssl => openssl10}/configure-targets.patch | 0
.../debian/c_rehash-compat.patch | 0
.../openssl/{openssl => openssl10}/debian/ca.patch | 0
.../debian/debian-targets.patch | 0
.../{openssl => openssl10}/debian/man-dir.patch | 0
.../debian/man-section.patch | 0
.../{openssl => openssl10}/debian/no-rpath.patch | 0
.../debian/no-symbolic.patch | 0
.../{openssl => openssl10}/debian/pic.patch | 0
.../debian/version-script.patch | 0
.../debian1.0.2/block_digicert_malaysia.patch | 0
.../debian1.0.2/block_diginotar.patch | 0
.../debian1.0.2/version-script.patch | 0
.../engines-install-in-libdir-ssl.patch | 0
.../openssl/{openssl => openssl10}/find.pl | 0
.../fix-cipher-des-ede3-cfb1.patch | 0
.../{openssl => openssl10}/oe-ldflags.patch | 0
.../openssl-1.0.2a-x32-asm.patch | 0
...-pointer-dereference-in-EVP_DigestInit_ex.patch | 0
.../{openssl => openssl10}/openssl-c_rehash.sh | 0
.../openssl-fix-des.pod-error.patch | 0
.../openssl-util-perlpath.pl-cwd.patch | 0
.../openssl_fix_for_x32.patch | 0
.../openssl/{openssl => openssl10}/parallel.patch | 0
.../{openssl => openssl10}/ptest-deps.patch | 0
.../ptest_makefile_deps.patch | 0
.../openssl/openssl10/run-ptest | 2 +
.../{openssl => openssl10}/shared-libs.patch | 0
.../{openssl_1.0.2k.bb => openssl10_1.0.2k.bb} | 4 +-
.../recipes-connectivity/openssl/openssl_1.1.0e.bb | 146 ++++++++++
...on3-native_3.5.2.bb => python3-native_3.5.3.bb} | 8 +-
...the-shell-version-of-python-config-that-w.patch | 10 +-
...pile.patch => 0001-cross-compile-support.patch} | 56 ++--
.../python3/python3-fix-CVE-2016-1000110.patch | 148 ----------
.../python/python3/upstream-random-fixes.patch | 288 +++++++++----------
.../python/{python3_3.5.2.bb => python3_3.5.3.bb} | 9 +-
meta/recipes-extended/mailx/mailx_12.5-5.bb | 2 +-
.../cryptodev/cryptodev-tests_1.8.bb | 2 +-
.../gstreamer/gstreamer1.0-plugins-bad.inc | 4 +-
.../recipes-support/apr/apr-util/openssl-1.1.patch | 253 ++++++++++++++++
meta/recipes-support/apr/apr-util_1.5.4.bb | 1 +
63 files changed, 732 insertions(+), 1493 deletions(-)
rename meta/recipes-connectivity/bind/bind/{bind-confgen-build-unix.o-once.patch => 0001-confgen-don-t-build-unix.o-twice.patch} (80%)
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
rename meta/recipes-connectivity/bind/{bind_9.10.3-P3.bb => bind_9.10.5.bb} (82%)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
mode change 100755 => 100644 meta/recipes-connectivity/openssl/openssl/run-ptest
rename meta/recipes-connectivity/openssl/{openssl.inc => openssl10.inc} (95%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/0001-Fix-build-with-clang-using-external-assembler.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/Makefiles-ptest.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/Use-SHA256-not-MD5-as-default-digest.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/configure-musl-target.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/configure-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/c_rehash-compat.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/ca.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/debian-targets.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/man-dir.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/man-section.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/no-rpath.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/no-symbolic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/pic.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/version-script.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian1.0.2/block_digicert_malaysia.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian1.0.2/block_diginotar.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian1.0.2/version-script.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/engines-install-in-libdir-ssl.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/find.pl (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/fix-cipher-des-ede3-cfb1.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/oe-ldflags.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-1.0.2a-x32-asm.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-c_rehash.sh (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-fix-des.pod-error.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-util-perlpath.pl-cwd.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl_fix_for_x32.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/parallel.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/ptest-deps.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/ptest_makefile_deps.patch (100%)
create mode 100755 meta/recipes-connectivity/openssl/openssl10/run-ptest
rename meta/recipes-connectivity/openssl/{openssl => openssl10}/shared-libs.patch (100%)
rename meta/recipes-connectivity/openssl/{openssl_1.0.2k.bb => openssl10_1.0.2k.bb} (97%)
create mode 100644 meta/recipes-connectivity/openssl/openssl_1.1.0e.bb
rename meta/recipes-devtools/python/{python3-native_3.5.2.bb => python3-native_3.5.3.bb} (90%)
rename meta/recipes-devtools/python/python3/{000-cross-compile.patch => 0001-cross-compile-support.patch} (65%)
delete mode 100644 meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch
rename meta/recipes-devtools/python/{python3_3.5.2.bb => python3_3.5.3.bb} (96%)
create mode 100644 meta/recipes-support/apr/apr-util/openssl-1.1.patch
--
2.11.0
next reply other threads:[~2017-05-10 14:13 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-10 14:13 Alexander Kanavin [this message]
2017-05-10 14:13 ` [RFC PATCH 01/10] python: update to 3.5.3 Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 02/10] openssl: add a 1.1 version Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 03/10] u-boot-mkimage: depend on openssl 1.0 Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 04/10] bind: fix upstream version check Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 05/10] bind: update to 9.10.5 Alexander Kanavin
2017-05-12 15:43 ` Burton, Ross
2017-05-15 10:58 ` Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 06/10] openssh: depend on openssl 1.0 Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 07/10] apr-util: add support for openssl 1.1 via backported patch Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 08/10] cryptodev-tests: depend on openssl 1.0 Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 09/10] mailx: " Alexander Kanavin
2017-05-10 14:13 ` [RFC PATCH 10/10] gstreamer-plugins-bad: replace openssl dependency with nettle for hls plugin Alexander Kanavin
2017-05-10 15:02 ` [RFC PATCH 00/10] Add openssl 1.1 Davis, Michael
2017-05-10 15:15 ` Alexander Kanavin
2017-05-10 15:34 ` Davis, Michael
2017-05-10 15:38 ` Alexander Kanavin
2017-05-10 18:56 ` Gary Thomas
2017-05-10 19:34 ` Alexander Kanavin
2017-05-10 19:53 ` Davis, Michael
2017-05-10 20:02 ` Alexander Kanavin
2017-05-10 20:35 ` Khem Raj
2017-05-10 20:48 ` Davis, Michael
2017-05-10 21:08 ` Khem Raj
2017-05-11 7:44 ` Alexander Kanavin
2017-05-13 0:17 ` akuster808
2017-05-12 18:15 ` Denys Dmytriyenko
2017-05-12 18:33 ` Khem Raj
2017-05-10 15:39 ` akuster808
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1494425038.git.alexander.kanavin@linux.intel.com \
--to=alexander.kanavin@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox