Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=master 2018-11-27T22:13:11+00:00 2018-11-27T22:13:11+00:00 Alexander Kanavin alex.kanavin@gmail.com 2018-11-24T17:13:53+00:00 urn:sha1:e2f53e48231c1cdf18f32c2386d81c0cc5b04052 (From OE-Core rev: eec95f90093a6aa1d8be145e351fc9df4abef172) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-23T23:35:18+00:00 Ross Burton ross.burton@intel.com 2018-11-22T14:05:16+00:00 urn:sha1:cd52b7670f20c996bfcaaa7f920029b1108fad6f Whether the AFALG engine (use of hardware crypto via AF_ALG) is enable or disable depends on whether the host kernel is 4.1 or above, which has no bearing on whether the target system supports it. Remove the complicated logic and simply enable/disable as requested. (From OE-Core rev: 4b6c566c0540fe8e560d0feeb9c765c0eb6e5182) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-23T23:35:18+00:00 Ross Burton ross.burton@intel.com 2018-11-22T14:05:15+00:00 urn:sha1:64aca31a787f35dcd422307dbf95ebce9497291f To aid debugging configure, dump the configdata in do_configure. (From OE-Core rev: a385e6c47663854a375d061033efc856361f3dba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-14T11:14:39+00:00 Martin Hundebøll martin@geanix.com 2018-11-08T08:25:24+00:00 urn:sha1:c77d38acd63bc3b91ce0616c9595fc9a914906ba The openssl build system generates buildinf.h containing the full compiler command line used to compile objects. This breaks reproducibility, as the compile command is baked into libcrypto, where it is used when running `openssl version -f`. Add stripped build variables for the compiler and cflags lines, and use those when generating buildinfo.h. This is based on a similar patch for older openssl versions: https://patchwork.openembedded.org/patch/147229/ (From OE-Core rev: cbc9b743a711f07c04cf9f5b2fc3f83da6d28913) Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-07T23:08:54+00:00 Kai Kang kai.kang@windriver.com 2018-11-02T08:02:14+00:00 urn:sha1:faacc5048746c5bd0366881cdf46470bfeef4300 Backport patch to fix CVE-2018-0735 for openssl 1.1.1. (From OE-Core rev: 78e751e33d3ec4394d96391e737cc39cad960ebe) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-07T23:08:54+00:00 Kai Kang kai.kang@windriver.com 2018-11-02T08:02:13+00:00 urn:sha1:d5fe5c654b7d36dcbea03231320cb6edbb6788c0 Backport patches to fix CVE-2018-0734 for both openssl 1.0.2p and 1.1.1 versions. (From OE-Core rev: 9d5c6a87eb72a8b8b8d417126a831565982ca9a6) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-20T21:40:16+00:00 Ross Burton ross.burton@intel.com 2018-10-19T19:43:18+00:00 urn:sha1:ef2824e872ea2900e6a59f8035323e4e890650f3 OpenSSL supports out-of-tree builds so we should use them. This makes builds more reliable, and makes it easier to reduce the size of the ptest package. (From OE-Core rev: e028b4457781f60d8491a99a23011996fa913013) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-20T21:40:16+00:00 Ross Burton ross.burton@intel.com 2018-10-19T19:43:17+00:00 urn:sha1:b75a0a8d825b68b08587e040b60e80ce6b7c1f2d Previously the ptest installation was simply a copy of the entire build tree, which is terribly ugly. Instead copy just the pieces we need, symlink to /usr as appropriate, and add missing dependencies. Remove PRIVATE_LIBS as we don't ship copies of the libraries now. Also remember to do 'set -x' in run-ptest, so if the tests fail the runner knows! [ YOCTO #12965 ] [ YOCTO #12967 ] (From OE-Core rev: 7831d2d3a1069b9d3a8d32e41f0a292e1add56ba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-16T19:35:43+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2018-10-16T03:22:03+00:00 urn:sha1:88d141e9de1f130a3ad9e78fe8066a2ba7114360 The comment here stated that openssl is dual-licensed, but that would mean that either of the two licenses could be used which is *not* the case [1]. However LICENSE = "openssl" *is* correct because in OE that maps to a generic license file which includes both licenses, which makes sense because there isn't really any such thing as OpenSSL that would be covered by the "OpenSSL license" and not the "SSLeay license". Correct the comment to avoid any confusion. [1] https://www.openssl.org/source/license.html (From OE-Core rev: 6c821ce6ecae789320b31ec55c83907d6dd78359) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-14T08:20:56+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-10-12T16:28:48+00:00 urn:sha1:273af8144e05bcba20adad6cad3886bd97f7bbaf 1. The building openssl requires to install perl Text::Template module(>=1.46), but Text::Template is a non core Perl module, openssl chooses to bundle Text::Template 1.46 into the source, for convenience. https://github.com/openssl/openssl/commit/8ff2af548303d311ce3591406111f77862875a60 2. While Text::Template < 1.46, the produced build files are gravely faulty. https://github.com/openssl/openssl/pull/6682 3. If host has installed Text::Template < 1.46 (such as CentOS-7.5 has Text:: Template 1.45). The mismatched old module was used although the right one in openssl source. So set PERL5LIB to use deterministic perl Text::Template module bundled by openssl source and ignore the one of host (From OE-Core rev: 5e7a75c226d4df0c066f04eaea014b8888c6bed2) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>