[OE-core] [RFC PATCH 00/10] Add openssl 1.1
akuster808
akuster808 at gmail.com
Wed May 10 15:39:57 UTC 2017
On 05/10/2017 07:13 AM, Alexander Kanavin wrote:
> This patch series introduces the recipe for openssl 1.1 (openssl 1.0 is preserved
> but renamed to openssl10), and does a few necessary adjustmenets and updates to other
> recipes. The reason it's marked RFC is that there is one known remaining issue to
> resolve: specifically, u-boot needs to be ported to 1.1 before this series can be
> merged, otherwise there's a dependency conflict when building native u-boot. This
> should be resolved quite soon, but it isn't yet (as of u-boot v2017.05).
>
> Openssl 1.1 is an opt-out; it has the same recipe name as openssl 1.0 had, and so
> all dependencies are compiled with it by default. If there's an API issue, please
> fix it, or adjust the recipe to depend on 'openssl10' (which is a lesser solution,
> and subject to openssl 1.0 eventually being removed from oe-core).
>
> Please review the following changes for suitability for inclusion. If you have
> any objections or suggestions for improvement, please respond to the patches. If
> you agree with the changes, please provide your Acked-by
Acked-by: Armin Kuster <akuster at mvista.com>
> .
>
> The following changes since commit 381897c64069ea43d595380a3ae913bcc79cf7e1:
>
> build-appliance-image: Update to master head revision (2017-05-01 08:56:47 +0100)
>
> are available in the git repository at:
>
> git://git.yoctoproject.org/poky-contrib akanavin/openssl-1.1
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akanavin/openssl-1.1
>
> Alexander Kanavin (10):
> python: update to 3.5.3
> openssl: add a 1.1 version
> u-boot-mkimage: depend on openssl 1.0
> bind: fix upstream version check
> bind: update to 9.10.5
> openssh: depend on openssl 1.0
> apr-util: add support for openssl 1.1 via backported patch
> cryptodev-tests: depend on openssl 1.0
> mailx: depend on openssl 1.0
> gstreamer-plugins-bad: replace openssl dependency with nettle for hls
> plugin
>
> meta/conf/distro/include/no-static-libs.inc | 3 +
> meta/conf/distro/include/security_flags.inc | 2 +-
> meta/recipes-bsp/u-boot/u-boot-mkimage_2017.01.bb | 2 +-
> ...0001-build-use-pkg-config-to-find-libxml2.patch | 14 +-
> ...=> 0001-confgen-don-t-build-unix.o-twice.patch} | 17 +-
> .../bind/bind/CVE-2016-1285.patch | 154 ----------
> .../bind/bind/CVE-2016-1286_1.patch | 79 -----
> .../bind/bind/CVE-2016-1286_2.patch | 317 ---------------------
> .../bind/bind/CVE-2016-2088.patch | 247 ----------------
> .../bind/bind/CVE-2016-2775.patch | 90 ------
> .../bind/bind/CVE-2016-2776.patch | 123 --------
> .../bind/bind/mips1-not-support-opcode.diff | 104 -------
> .../bind/{bind_9.10.3-P3.bb => bind_9.10.5.bb} | 27 +-
> meta/recipes-connectivity/openssh/openssh_7.4p1.bb | 3 +-
> ...ve-test-that-requires-running-as-non-root.patch | 49 ++++
> ...1-Take-linking-flags-from-LDFLAGS-env-var.patch | 43 +++
> .../recipes-connectivity/openssl/openssl/run-ptest | 4 +-
> .../openssl/{openssl.inc => openssl10.inc} | 14 +-
> ...build-with-clang-using-external-assembler.patch | 0
> .../{openssl => openssl10}/Makefiles-ptest.patch | 0
> .../Use-SHA256-not-MD5-as-default-digest.patch | 0
> .../configure-musl-target.patch | 0
> .../{openssl => openssl10}/configure-targets.patch | 0
> .../debian/c_rehash-compat.patch | 0
> .../openssl/{openssl => openssl10}/debian/ca.patch | 0
> .../debian/debian-targets.patch | 0
> .../{openssl => openssl10}/debian/man-dir.patch | 0
> .../debian/man-section.patch | 0
> .../{openssl => openssl10}/debian/no-rpath.patch | 0
> .../debian/no-symbolic.patch | 0
> .../{openssl => openssl10}/debian/pic.patch | 0
> .../debian/version-script.patch | 0
> .../debian1.0.2/block_digicert_malaysia.patch | 0
> .../debian1.0.2/block_diginotar.patch | 0
> .../debian1.0.2/version-script.patch | 0
> .../engines-install-in-libdir-ssl.patch | 0
> .../openssl/{openssl => openssl10}/find.pl | 0
> .../fix-cipher-des-ede3-cfb1.patch | 0
> .../{openssl => openssl10}/oe-ldflags.patch | 0
> .../openssl-1.0.2a-x32-asm.patch | 0
> ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 0
> .../{openssl => openssl10}/openssl-c_rehash.sh | 0
> .../openssl-fix-des.pod-error.patch | 0
> .../openssl-util-perlpath.pl-cwd.patch | 0
> .../openssl_fix_for_x32.patch | 0
> .../openssl/{openssl => openssl10}/parallel.patch | 0
> .../{openssl => openssl10}/ptest-deps.patch | 0
> .../ptest_makefile_deps.patch | 0
> .../openssl/openssl10/run-ptest | 2 +
> .../{openssl => openssl10}/shared-libs.patch | 0
> .../{openssl_1.0.2k.bb => openssl10_1.0.2k.bb} | 4 +-
> .../recipes-connectivity/openssl/openssl_1.1.0e.bb | 146 ++++++++++
> ...on3-native_3.5.2.bb => python3-native_3.5.3.bb} | 8 +-
> ...the-shell-version-of-python-config-that-w.patch | 10 +-
> ...pile.patch => 0001-cross-compile-support.patch} | 56 ++--
> .../python3/python3-fix-CVE-2016-1000110.patch | 148 ----------
> .../python/python3/upstream-random-fixes.patch | 288 +++++++++----------
> .../python/{python3_3.5.2.bb => python3_3.5.3.bb} | 9 +-
> meta/recipes-extended/mailx/mailx_12.5-5.bb | 2 +-
> .../cryptodev/cryptodev-tests_1.8.bb | 2 +-
> .../gstreamer/gstreamer1.0-plugins-bad.inc | 4 +-
> .../recipes-support/apr/apr-util/openssl-1.1.patch | 253 ++++++++++++++++
> meta/recipes-support/apr/apr-util_1.5.4.bb | 1 +
> 63 files changed, 732 insertions(+), 1493 deletions(-)
> rename meta/recipes-connectivity/bind/bind/{bind-confgen-build-unix.o-once.patch => 0001-confgen-don-t-build-unix.o-twice.patch} (80%)
> delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
> delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
> delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
> delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
> delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
> delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
> delete mode 100644 meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
> rename meta/recipes-connectivity/bind/{bind_9.10.3-P3.bb => bind_9.10.5.bb} (82%)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
> mode change 100755 => 100644 meta/recipes-connectivity/openssl/openssl/run-ptest
> rename meta/recipes-connectivity/openssl/{openssl.inc => openssl10.inc} (95%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/0001-Fix-build-with-clang-using-external-assembler.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/Makefiles-ptest.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/Use-SHA256-not-MD5-as-default-digest.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/configure-musl-target.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/configure-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/c_rehash-compat.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/ca.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/debian-targets.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/man-dir.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/man-section.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/no-rpath.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/no-symbolic.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/pic.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian/version-script.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian1.0.2/block_digicert_malaysia.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian1.0.2/block_diginotar.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/debian1.0.2/version-script.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/engines-install-in-libdir-ssl.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/find.pl (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/fix-cipher-des-ede3-cfb1.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/oe-ldflags.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-1.0.2a-x32-asm.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-c_rehash.sh (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-fix-des.pod-error.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl-util-perlpath.pl-cwd.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/openssl_fix_for_x32.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/parallel.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/ptest-deps.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/ptest_makefile_deps.patch (100%)
> create mode 100755 meta/recipes-connectivity/openssl/openssl10/run-ptest
> rename meta/recipes-connectivity/openssl/{openssl => openssl10}/shared-libs.patch (100%)
> rename meta/recipes-connectivity/openssl/{openssl_1.0.2k.bb => openssl10_1.0.2k.bb} (97%)
> create mode 100644 meta/recipes-connectivity/openssl/openssl_1.1.0e.bb
> rename meta/recipes-devtools/python/{python3-native_3.5.2.bb => python3-native_3.5.3.bb} (90%)
> rename meta/recipes-devtools/python/python3/{000-cross-compile.patch => 0001-cross-compile-support.patch} (65%)
> delete mode 100644 meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch
> rename meta/recipes-devtools/python/{python3_3.5.2.bb => python3_3.5.3.bb} (96%)
> create mode 100644 meta/recipes-support/apr/apr-util/openssl-1.1.patch
>
More information about the Openembedded-core
mailing list