diff options
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | 70 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.1.1.bb | 1 |
2 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch new file mode 100644 index 0000000000..80b62ab18c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | |||
@@ -0,0 +1,70 @@ | |||
1 | From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> | ||
3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 | ||
4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler | ||
5 | info | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | The openssl build system generates buildinf.h containing the full | ||
11 | compiler command line used to compile objects. This breaks | ||
12 | reproducibility, as the compile command is baked into libcrypto, where | ||
13 | it is used when running `openssl version -f`. | ||
14 | |||
15 | Add stripped build variables for the compiler and cflags lines, and use | ||
16 | those when generating buildinfo.h. | ||
17 | |||
18 | This is based on a similar patch for older openssl versions: | ||
19 | https://patchwork.openembedded.org/patch/147229/ | ||
20 | |||
21 | Upstream-Status: Inappropriate [OE specific] | ||
22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> | ||
23 | --- | ||
24 | Configurations/unix-Makefile.tmpl | 10 +++++++++- | ||
25 | crypto/build.info | 2 +- | ||
26 | 2 files changed, 10 insertions(+), 2 deletions(-) | ||
27 | |||
28 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl | ||
29 | index 16af4d2087..54c162784c 100644 | ||
30 | --- a/Configurations/unix-Makefile.tmpl | ||
31 | +++ b/Configurations/unix-Makefile.tmpl | ||
32 | @@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), | ||
33 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} | ||
34 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) | ||
35 | |||
36 | -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h | ||
37 | +# *_Q variables are used for one thing only: to build up buildinf.h | ||
38 | CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; | ||
39 | $cppflags2 =~ s|([\\"])|\\$1|g; | ||
40 | $lib_cppflags =~ s|([\\"])|\\$1|g; | ||
41 | join(' ', $lib_cppflags || (), $cppflags2 || (), | ||
42 | $cppflags1 || ()) -} | ||
43 | |||
44 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { | ||
45 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; | ||
46 | + } | ||
47 | + join(' ', @{$config{CFLAGS}}) -} | ||
48 | + | ||
49 | +CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g; | ||
50 | + join(' ', $config{CC}) -} | ||
51 | + | ||
52 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} | ||
53 | |||
54 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | ||
55 | diff --git a/crypto/build.info b/crypto/build.info | ||
56 | index b515b7318e..8c9cee2a09 100644 | ||
57 | --- a/crypto/build.info | ||
58 | +++ b/crypto/build.info | ||
59 | @@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ | ||
60 | ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl | ||
61 | |||
62 | DEPEND[cversion.o]=buildinf.h | ||
63 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" | ||
64 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" | ||
65 | DEPEND[buildinf.h]=../configdata.pm | ||
66 | |||
67 | GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) | ||
68 | -- | ||
69 | 2.19.1 | ||
70 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1.bb index b44089e82e..1234b64b86 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1.bb | |||
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | |||
17 | file://0001-skip-test_symbol_presence.patch \ | 17 | file://0001-skip-test_symbol_presence.patch \ |
18 | file://0002-fix-CVE-2018-0734.patch \ | 18 | file://0002-fix-CVE-2018-0734.patch \ |
19 | file://0003-fix-CVE-2018-0735.patch \ | 19 | file://0003-fix-CVE-2018-0735.patch \ |
20 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | ||
20 | " | 21 | " |
21 | 22 | ||
22 | SRC_URI_append_class-nativesdk = " \ | 23 | SRC_URI_append_class-nativesdk = " \ |