[oe-commits] [openembedded-core] 03/05: openssl: Bump SONAME to match the ABI
git at git.openembedded.org
git at git.openembedded.org
Fri Apr 21 07:22:46 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master
in repository openembedded-core.
commit 1b430eef7131876bc735c22d66358379b0516821
Author: Jussi Kukkonen <jussi.kukkonen at intel.com>
AuthorDate: Thu Apr 20 16:32:19 2017 +0300
openssl: Bump SONAME to match the ABI
Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included
a version-script change from Debian that was an ABI change. It did
not include the soname change that Debian did so we have been calling
our ABI 1.0.0 but it really matches what others call 1.0.2.
Bump SONAME to match the ABI. In practice this changes both libcrypto
and libssl sonames from 1.0.0 to 1.0.2.
For background: Upstream does not do sonames so these are set by
distros. In this case the ABI changes based on a build time
configuration! Debian took the ABI changing configuration and bumped
soname but e.g. Ubuntu kept the deprecated API and just made it not
work, keeping soname. So both have same version of openssl but support
different ABI (and expose different SONAME).
Fixes [YOCTO #11396].
Thanks to Alexander Larsson et al for detective work.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
.../openssl/openssl/debian1.0.2/soname.patch | 13 +++++++++++++
meta/recipes-connectivity/openssl/openssl_1.0.2k.bb | 1 +
2 files changed, 14 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
new file mode 100644
index 0000000..f9cdfec
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
@@ -0,0 +1,13 @@
+Index: openssl-1.0.2d/crypto/opensslv.h
+===================================================================
+--- openssl-1.0.2d.orig/crypto/opensslv.h
++++ openssl-1.0.2d/crypto/opensslv.h
+@@ -88,7 +88,7 @@ extern "C" {
+ * should only keep the versions that are binary compatible with the current.
+ */
+ # define SHLIB_VERSION_HISTORY ""
+-# define SHLIB_VERSION_NUMBER "1.0.0"
++# define SHLIB_VERSION_NUMBER "1.0.2"
+
+
+ #ifdef __cplusplus
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
index 1c10414..83d1a50 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
@@ -30,6 +30,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
file://debian/no-symbolic.patch \
file://debian/pic.patch \
file://debian1.0.2/version-script.patch \
+ file://debian1.0.2/soname.patch \
file://openssl_fix_for_x32.patch \
file://fix-cipher-des-ede3-cfb1.patch \
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list