openssl: Upgrade 1.1.0f -> 1.1.0g

Deals with two CVEs: * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) (From OE-Core rev: edf9686be28fc321886d48043bcb4ef5b2c00c1d) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Acked-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Stefan Agner <stefan.agner@toradex.com> 2017-11-18 09:53:56 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-12-02 11:25:32 +0000
commit: e09cff8c03080d8173caeeeada7ad26661bd845d (patch)
tree: 71f38b9c77cfcc03cde36b3c198678bc0d82ab2c /meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
parent: 5a6a830b9f767965a629532f3ca7de4902769584 (diff)
download: poky-e09cff8c03080d8173caeeeada7ad26661bd845d.tar.gz
1 files changed, 0 insertions, 161 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
deleted file mode 100644
index 4517f8734a..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
+++ /dev/null
@@ -1,161 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32"
-BBCLASSEXTEND = "native nativesdk"
-SRC_URI[md5sum] = "7b521dea79ab159e8ec879d2333369fa"
-SRC_URI[sha256sum] = "12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765"
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-           file://run-ptest \
-           file://openssl-c_rehash.sh \
-           file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
-           file://0001-Remove-test-that-requires-running-as-non-root.patch \
-          "
-S = "${WORKDIR}/openssl-${PV}"
-inherit lib_package multilib_header ptest
-do_configure () {
-        os=${HOST_OS}
-        case $os in
-        linux-uclibc |\
-        linux-uclibceabi |\
-        linux-gnueabi |\
-        linux-uclibcspe |\
-        linux-gnuspe |\
-        linux-musl*)
-                os=linux
-                ;;
-                *)
-                ;;
-        esac
-        target="$os-${HOST_ARCH}"
-        case $target in
-        linux-arm)
-                target=linux-armv4
-                ;;
-        linux-armeb)
-                target=linux-armv4
-                ;;
-        linux-aarch64*)
-                target=linux-aarch64
-                ;;
-        linux-sh3)
-                target=linux-generic32
-                ;;
-        linux-sh4)
-                target=linux-generic32
-                ;;
-        linux-i486)
-                target=linux-elf
-                ;;
-        linux-i586 | linux-viac3)
-                target=linux-elf
-                ;;
-        linux-i686)
-                target=linux-elf
-                ;;
-        linux-gnux32-x86_64)
-                target=linux-x32
-                ;;
-        linux-gnu64-x86_64)
-                target=linux-x86_64
-                ;;
-        linux-mips)
-                # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
-                target="linux-mips32 ${TARGET_CC_ARCH}"
-                ;;
-        linux-mipsel)
-                target="linux-mips32 ${TARGET_CC_ARCH}"
-                ;;
-        linux-gnun32-mips*)
-               target=linux-mips64
-                ;;
-        linux-*-mips64 | linux-mips64)
-               target=linux64-mips64
-                ;;
-        linux-*-mips64el | linux-mips64el)
-               target=linux64-mips64
-                ;;
-        linux-microblaze*|linux-nios2*)
-                target=linux-generic32
-                ;;
-        linux-powerpc)
-                target=linux-ppc
-                ;;
-        linux-powerpc64)
-                target=linux-ppc64
-                ;;
-        linux-riscv64)
-                target=linux-generic64
-                ;;
-        linux-riscv32)
-                target=linux-generic32
-                ;;
-        linux-supersparc)
-                target=linux-sparcv9
-                ;;
-        linux-sparc)
-                target=linux-sparcv9
-                ;;
-        darwin-i386)
-                target=darwin-i386-cc
-                ;;
-        esac
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi
-        perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target
-}
-#| engines/afalg/e_afalg.c: In function 'eventfd':
-#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
-#|      return syscall(__NR_eventfd, n);
-#|                     ^~~~~~~~~~~~
-EXTRA_OECONF_aarch64 += "no-afalgeng"
-#| ./libcrypto.so: undefined reference to `getcontext'
-#| ./libcrypto.so: undefined reference to `setcontext'
-#| ./libcrypto.so: undefined reference to `makecontext'
-EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
-do_install () {
-        oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
-        oe_multilib_header openssl/opensslconf.h
-}
-do_install_append_class-native () {
-        # Install a custom version of c_rehash that can handle sysroots properly.
-        # This version is used for example when installing ca-certificates during
-        # image creation.
-        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-}
-do_install_ptest() {
-        cp -r * ${D}${PTEST_PATH}
-        # Putting .so files in ptest package will mess up the dependencies of the main openssl package
-        # so we rename them to .so.ptest and patch the test accordingly
-        mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
-        mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
-        sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
-}
-RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
-FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
author	Stefan Agner <stefan.agner@toradex.com>	2017-11-18 09:53:56 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-12-02 11:25:32 +0000
commit	e09cff8c03080d8173caeeeada7ad26661bd845d (patch)
tree	71f38b9c77cfcc03cde36b3c198678bc0d82ab2c /meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
parent	5a6a830b9f767965a629532f3ca7de4902769584 (diff)
download	poky-e09cff8c03080d8173caeeeada7ad26661bd845d.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb deleted file mode 100644 index 4517f8734a..0000000000 --- a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb +++ /dev/null
@@ -1,161 +0,0 @@
1	SUMMARY = "Secure Socket Layer"
2	DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3	HOMEPAGE = "http://www.openssl.org/"
4	BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5	SECTION = "libs/network"
6
7	# "openssl \| SSLeay" dual license
8	LICENSE = "openssl"
9	LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32"
10
11	BBCLASSEXTEND = "native nativesdk"
12
13	SRC_URI[md5sum] = "7b521dea79ab159e8ec879d2333369fa"
14	SRC_URI[sha256sum] = "12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765"
15
16	SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
17	file://run-ptest \
18	file://openssl-c_rehash.sh \
19	file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
20	file://0001-Remove-test-that-requires-running-as-non-root.patch \
21	"
22
23	S = "${WORKDIR}/openssl-${PV}"
24
25	inherit lib_package multilib_header ptest
26
27	do_configure () {
28	os=${HOST_OS}
29	case $os in
30	linux-uclibc \|\
31	linux-uclibceabi \|\
32	linux-gnueabi \|\
33	linux-uclibcspe \|\
34	linux-gnuspe \|\
35	linux-musl*)
36	os=linux
37	;;
38	*)
39	;;
40	esac
41	target="$os-${HOST_ARCH}"
42	case $target in
43	linux-arm)
44	target=linux-armv4
45	;;
46	linux-armeb)
47	target=linux-armv4
48	;;
49	linux-aarch64*)
50	target=linux-aarch64
51	;;
52	linux-sh3)
53	target=linux-generic32
54	;;
55	linux-sh4)
56	target=linux-generic32
57	;;
58	linux-i486)
59	target=linux-elf
60	;;
61	linux-i586 \| linux-viac3)
62	target=linux-elf
63	;;
64	linux-i686)
65	target=linux-elf
66	;;
67	linux-gnux32-x86_64)
68	target=linux-x32
69	;;
70	linux-gnu64-x86_64)
71	target=linux-x86_64
72	;;
73	linux-mips)
74	# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
75	target="linux-mips32 ${TARGET_CC_ARCH}"
76	;;
77	linux-mipsel)
78	target="linux-mips32 ${TARGET_CC_ARCH}"
79	;;
80	linux-gnun32-mips*)
81	target=linux-mips64
82	;;
83	linux-*-mips64 \| linux-mips64)
84	target=linux64-mips64
85	;;
86	linux-*-mips64el \| linux-mips64el)
87	target=linux64-mips64
88	;;
89	linux-microblaze\|linux-nios2)
90	target=linux-generic32
91	;;
92	linux-powerpc)
93	target=linux-ppc
94	;;
95	linux-powerpc64)
96	target=linux-ppc64
97	;;
98	linux-riscv64)
99	target=linux-generic64
100	;;
101	linux-riscv32)
102	target=linux-generic32
103	;;
104	linux-supersparc)
105	target=linux-sparcv9
106	;;
107	linux-sparc)
108	target=linux-sparcv9
109	;;
110	darwin-i386)
111	target=darwin-i386-cc
112	;;
113	esac
114	useprefix=${prefix}
115	if [ "x$useprefix" = "x" ]; then
116	useprefix=/
117	fi
118	perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target
119	}
120
121	#\| engines/afalg/e_afalg.c: In function 'eventfd':
122	#\| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
123	#\| return syscall(__NR_eventfd, n);
124	#\| ^~~~~~~~~~~~
125	EXTRA_OECONF_aarch64 += "no-afalgeng"
126
127	#\| ./libcrypto.so: undefined reference to `getcontext'
128	#\| ./libcrypto.so: undefined reference to `setcontext'
129	#\| ./libcrypto.so: undefined reference to `makecontext'
130	EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
131
132	do_install () {
133	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
134	oe_multilib_header openssl/opensslconf.h
135	}
136
137	do_install_append_class-native () {
138	# Install a custom version of c_rehash that can handle sysroots properly.
139	# This version is used for example when installing ca-certificates during
140	# image creation.
141	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
142	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
143	}
144
145	do_install_ptest() {
146	cp -r * ${D}${PTEST_PATH}
147
148	# Putting .so files in ptest package will mess up the dependencies of the main openssl package
149	# so we rename them to .so.ptest and patch the test accordingly
150	mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
151	mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
152	sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
153	}
154
155	RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
156
157	FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
158
159	PACKAGES =+ "${PN}-engines"
160	FILES_${PN}-engines = "${libdir}/engines-1.1"
161