deepcrayon
/
buildroot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

package/libopenssl: bump version to 3.0.9 

Rebase patches onto new version

Remove 0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch,
0006-Add-support-for-io_pgetevents_time64-syscall.patch, and
0007-Fixup-support-for-io_pgetevents_time64-syscall.patch as these are
already applied upstream

Updated license after switch to Apache license:
https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/

[Bernd: fixed license file/hash]

Signed-off-by: Danny Wood <danny@rotronics.co.uk>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
master
Danny Wood 2023-07-14 18:41:02 +02:00 committed by Peter Korsgaard
parent d3db2e61ce
commit 3c66f65a6a
9 changed files with 14 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.checkpackageignore
View File

@ -790,9 +790,6 @@ package/libodb-mysql/0002-mariadb-FTBFS-fix.patch Upstream
package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch Upstream
package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch Upstream
package/libopenssl/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch Upstream
package/libopenssl/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch Upstream
package/libopenssl/0006-Add-support-for-io_pgetevents_time64-syscall.patch Upstream
package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch Upstream
package/liboping/0001-fix-utf8-support.patch Upstream
package/liboping/0002-Open-raw-sockets-when-adding-hosts-not-when-doing-th.patch Upstream
package/liboping/0003-Fix-compile-break-with-GCC-7-buffer-overflow-with-snprintf.patch Upstream

8
package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
View File

@ -19,14 +19,14 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
index 40cf2c3..777d9ca 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -491,7 +491,7 @@ list-tests:
@@ -546,7 +546,7 @@ list-tests:
@echo "Tests are not supported with your chosen Configure options"
@ : {- output_on() if !$disabled{tests}; "" -}
-install: install_sw install_ssldirs install_docs
+install: install_sw install_ssldirs
-install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -}
+install: install_sw install_ssldirs {- $disabled{fips} ? "" : "install_fips" -}
uninstall: uninstall_docs uninstall_sw
uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -}
--
2.16.3

8
package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
View File

@ -15,15 +15,15 @@ diff --git a/crypto/build.info b/crypto/build.info
index 2c619c6..49ca6ab 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
@@ -111,7 +111,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
DEPEND[info.o]=buildinf.h
DEPEND[cversion.o]=buildinf.h
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
DEPEND[buildinf.h]=../configdata.pm
GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
--
2.20.1

2
package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
View File

@ -13,7 +13,7 @@ diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 9e0f670..32c7282 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -491,7 +491,7 @@ static int sh_init(size_t size, int minsize)
@@ -557,7 +557,7 @@ static int sh_init(size_t size, int minsize)
if (mlock(sh.arena, sh.arena_size) < 0)
ret = 2;
#endif

64
package/libopenssl/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
View File

@ -1,64 +0,0 @@
From 07a0bbdd179a52907485fd793f0df31c097447af Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sun, 5 May 2019 18:25:50 +0200
Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is a big endian ELFv2 configuration. ELFv2 was already being
used for little endian, and big endian was traditionally ELFv1
but there are practical configurations that use ELFv2 with big
endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
---
crypto/perlasm/ppc-xlate.pl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
index d220c6245b..eec82b8d48 100755
--- a/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/perlasm/ppc-xlate.pl
@@ -49,7 +49,7 @@ my $globl = sub {
/osx/ && do { $name = "_$name";
last;
};
- /linux.*(32|64le)/
+ /linux.*(32|64(le|v2))/
&& do { $ret .= ".globl $name";
if (!$$type) {
$ret .= "\n.type $name,\@function";
@@ -80,7 +80,7 @@ my $globl = sub {
};
my $text = sub {
my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/);
+ $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/);
$ret;
};
my $machine = sub {
@@ -186,7 +186,7 @@ my $vmr = sub {
# Some ABIs specify vrsave, special-purpose register #256, as reserved
# for system use.
-my $no_vrsave = ($flavour =~ /aix|linux64le/);
+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/);
my $mtspr = sub {
my ($f,$idx,$ra) = @_;
if ($idx == 256 && $no_vrsave) {
@@ -318,7 +318,7 @@ while($line=<>) {
if ($label) {
my $xlated = ($GLOBALS{$label} or $label);
print "$xlated:";
- if ($flavour =~ /linux.*64le/) {
+ if ($flavour =~ /linux.*64(le|v2)/) {
if ($TYPES{$label} =~ /function/) {
printf "\n.localentry %s,0\n",$xlated;
}
--
2.25.0

61
package/libopenssl/0006-Add-support-for-io_pgetevents_time64-syscall.patch
View File

@ -1,61 +0,0 @@
From 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@wdc.com>
Date: Thu, 29 Aug 2019 13:56:21 -0700
Subject: [PATCH] Add support for io_pgetevents_time64 syscall
32-bit architectures that are y2038 safe don't include syscalls that use
32-bit time_t. Instead these architectures have suffixed syscalls that
always use a 64-bit time_t. In the case of the io_getevents syscall the
syscall has been replaced with the io_pgetevents_time64 syscall instead.
This patch changes the io_getevents() function to use the correct
syscall based on the avaliable syscalls and the time_t size. We will
only use the new 64-bit time_t syscall if the architecture is using a
64-bit time_t. This is to avoid having to deal with 32/64-bit
conversions and relying on a 64-bit timespec struct on 32-bit time_t
platforms. As of Linux 5.3 there are no 32-bit time_t architectures
without __NR_io_getevents. In the future if a 32-bit time_t architecture
wants to use the 64-bit syscalls we can handle the conversion.
This fixes build failures on 32-bit RISC-V.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9819)
---
engines/e_afalg.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index dacbe358cb..99516cb1bb 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
struct io_event *events,
struct timespec *timeout)
{
+#if defined(__NR_io_getevents)
return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+#elif defined(__NR_io_pgetevents_time64)
+ /* Let's only support the 64 suffix syscalls for 64-bit time_t.
+ * This simplifies the code for us as we don't need to use a 64-bit
+ * version of timespec with a 32-bit time_t and handle converting
+ * between 64-bit and 32-bit times and check for overflows.
+ */
+ if (sizeof(timeout->tv_sec) == 8)
+ return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
+ else {
+ errno = ENOSYS;
+ return -1;
+ }
+#else
+# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
+#endif
}
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
--
2.25.1

98
package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch
View File

@ -1,98 +0,0 @@
From e5499a3cac1e823c3e0697e8667e952317b70cc8 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@wdc.com>
Date: Thu, 4 Mar 2021 12:10:11 -0500
Subject: [PATCH] Fixup support for io_pgetevents_time64 syscall
This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
"Add support for io_pgetevents_time64 syscall" that didn't correctly
work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V.
For a full discussion of the issue see:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14432)
---
engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 42 insertions(+), 13 deletions(-)
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index 9480d7c24b..4e9d67db2d 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -121,27 +121,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
return syscall(__NR_io_submit, ctx, n, iocb);
}
+/* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */
+struct __timespec32
+{
+ __kernel_long_t tv_sec;
+ __kernel_long_t tv_nsec;
+};
+
static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
struct io_event *events,
struct timespec *timeout)
{
+#if defined(__NR_io_pgetevents_time64)
+ /* Check if we are a 32-bit architecture with a 64-bit time_t */
+ if (sizeof(*timeout) != sizeof(struct __timespec32)) {
+ int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events,
+ timeout, NULL);
+ if (ret == 0 || errno != ENOSYS)
+ return ret;
+ }
+#endif
+
#if defined(__NR_io_getevents)
- return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
-#elif defined(__NR_io_pgetevents_time64)
- /* Let's only support the 64 suffix syscalls for 64-bit time_t.
- * This simplifies the code for us as we don't need to use a 64-bit
- * version of timespec with a 32-bit time_t and handle converting
- * between 64-bit and 32-bit times and check for overflows.
- */
- if (sizeof(timeout->tv_sec) == 8)
- return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
+ if (sizeof(*timeout) == sizeof(struct __timespec32))
+ /*
+ * time_t matches our architecture length, we can just use
+ * __NR_io_getevents
+ */
+ return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
else {
- errno = ENOSYS;
- return -1;
+ /*
+ * We don't have __NR_io_pgetevents_time64, but we are using a
+ * 64-bit time_t on a 32-bit architecture. If we can fit the
+ * timeout value in a 32-bit time_t, then let's do that
+ * and then use the __NR_io_getevents syscall.
+ */
+ if (timeout && timeout->tv_sec == (long)timeout->tv_sec) {
+ struct __timespec32 ts32;
+
+ ts32.tv_sec = (__kernel_long_t) timeout->tv_sec;
+ ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec;
+
+ return syscall(__NR_io_getevents, ctx, min, max, events, ts32);
+ } else {
+ return syscall(__NR_io_getevents, ctx, min, max, events, NULL);
+ }
}
-#else
-# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
#endif
+
+ errno = ENOSYS;
+ return -1;
}
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
--
2.25.1

4
package/libopenssl/libopenssl.hash
View File

@ -1,5 +1,5 @@
# From https://www.openssl.org/source/openssl-1.1.1u.tar.gz.sha256
sha256 e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6 openssl-1.1.1u.tar.gz
sha256 eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90 openssl-3.0.9.tar.gz
# License files
sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE
sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt

6
package/libopenssl/libopenssl.mk
View File

@ -4,11 +4,11 @@
#
################################################################################
LIBOPENSSL_VERSION = 1.1.1u
LIBOPENSSL_VERSION = 3.0.9
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
LIBOPENSSL_LICENSE_FILES = LICENSE
LIBOPENSSL_LICENSE = Apache-2.0
LIBOPENSSL_LICENSE_FILES = LICENSE.txt
LIBOPENSSL_INSTALL_STAGING = YES
LIBOPENSSL_DEPENDENCIES = zlib
HOST_LIBOPENSSL_DEPENDENCIES = host-zlib