summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorJussi Kukkonen <jussi.kukkonen@intel.com>2017-04-20 16:32:19 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-04-21 08:22:09 +0100
commita59bfd05d15085a3dc5669b47fd19867246c846b (patch)
treec2be9dc74e3e3342b7502630ad41c29f2f2e19b0 /meta/recipes-connectivity
parent4f462ee588fc6a681e314a1890c00476e61cc1f3 (diff)
downloadpoky-a59bfd05d15085a3dc5669b47fd19867246c846b.tar.gz
openssl: Bump SONAME to match the ABI
Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included a version-script change from Debian that was an ABI change. It did not include the soname change that Debian did so we have been calling our ABI 1.0.0 but it really matches what others call 1.0.2. Bump SONAME to match the ABI. In practice this changes both libcrypto and libssl sonames from 1.0.0 to 1.0.2. For background: Upstream does not do sonames so these are set by distros. In this case the ABI changes based on a build time configuration! Debian took the ABI changing configuration and bumped soname but e.g. Ubuntu kept the deprecated API and just made it not work, keeping soname. So both have same version of openssl but support different ABI (and expose different SONAME). Fixes [YOCTO #11396]. Thanks to Alexander Larsson et al for detective work. (From OE-Core rev: 1b430eef7131876bc735c22d66358379b0516821) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch13
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.2k.bb1
2 files changed, 14 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
new file mode 100644
index 0000000000..f9cdfec87a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
@@ -0,0 +1,13 @@
1Index: openssl-1.0.2d/crypto/opensslv.h
2===================================================================
3--- openssl-1.0.2d.orig/crypto/opensslv.h
4+++ openssl-1.0.2d/crypto/opensslv.h
5@@ -88,7 +88,7 @@ extern "C" {
6 * should only keep the versions that are binary compatible with the current.
7 */
8 # define SHLIB_VERSION_HISTORY ""
9-# define SHLIB_VERSION_NUMBER "1.0.0"
10+# define SHLIB_VERSION_NUMBER "1.0.2"
11
12
13 #ifdef __cplusplus
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
index 1c1041428c..83d1a500c2 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
@@ -30,6 +30,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
30 file://debian/no-symbolic.patch \ 30 file://debian/no-symbolic.patch \
31 file://debian/pic.patch \ 31 file://debian/pic.patch \
32 file://debian1.0.2/version-script.patch \ 32 file://debian1.0.2/version-script.patch \
33 file://debian1.0.2/soname.patch \
33 file://openssl_fix_for_x32.patch \ 34 file://openssl_fix_for_x32.patch \
34 file://fix-cipher-des-ede3-cfb1.patch \ 35 file://fix-cipher-des-ede3-cfb1.patch \
35 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ 36 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \