avs
/
avs_mtk_voice
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

1. upgrade openssl to 1.11.g 

2. add libarchive
3. portaudio change to yocto bb
This commit is contained in:
Huang Xin 2022-05-14 02:31:47 -07:00
parent 05f4e3e324
commit a17dbfd0c9
50 changed files with 160 additions and 13499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
meta/meta-mediatek-aud/recipes-apps/portaudio/portaudio_19.0.7.bb
View File

@ -1,42 +0,0 @@
SUMMARY = "PortAudio is a free, cross-platform, open-source, audio I/O library."
DESCRIPTION = "It lets you write simple audio programs in 'C' or C++ that will compile and run on many platforms including Windows, Macintosh OS X, and Unix (OSS/ALSA). "
HOMEPAGE = "http://www.portaudio.com/"
DEPENDS = ""
LICENSE = "GPLv2"
inherit workonsrc
WORKONSRC = "${TOPDIR}/../src/apps/portaudio"
COMPATIBLE_HOST = "aarch64-poky-linux"
do_install() {
install -d ${D}${libdir}
install -d ${D}${libdir}/pkgconfig
install -d ${D}${includedir}
#jemalloc
install -m 755 ${S}/lib64/libportaudio.so ${D}${libdir}
install -m 755 ${S}/lib64/pkgconfig/portaudio-2.0.pc ${D}${libdir}/pkgconfig
install -m 755 ${S}/include/pa_linux_alsa.h ${D}${includedir}/
install -m 755 ${S}/include/portaudio.h ${D}${includedir}/
}
# The base package, this includes everything needed to actually run the application on the target system.
PACKAGES += "FILES-${PN}-lib"
FILES_${PN}-lib = " \
${libdir}/lib*.so \
${includedir}/*"
# Make sure our source directory (for the build) matches the directory structure in the tarball
PACKAGES = "${PN} FILES-${PN}-lib ${PN}-dev ${PN}-dbg ${PN}-staticdev"
RDEPENDS_${PN}-staticdev = ""
RDEPENDS_${PN}-dev = ""
RDEPENDS_${PN}-dbg = ""
INSANE_SKIP_${PN} = "ldflags"
INHIBIT_PACKAGE_STRIP = "1"
INHIBIT_SYSROOT_STRIP = "1"
SOLIBS = ".so"
FILES_SOLIBSDEV = ""

66
meta/meta-mediatek-aud/recipes-support/libarchive/libarchive_3.6.1.bb Normal file
View File

@ -0,0 +1,66 @@
SUMMARY = "Support for reading various archive formats"
DESCRIPTION = "C library and command-line tools for reading and writing tar, cpio, zip, ISO, and other archive formats"
HOMEPAGE = "http://www.libarchive.org/"
SECTION = "devel"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665"
DEPENDS = "e2fsprogs-native"
PACKAGECONFIG ?= "zlib bz2"
PACKAGECONFIG_append_class-target = "\
libxml2 \
${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'xattr', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'largefile', 'largefile', '', d)} \
"
PACKAGECONFIG_append_class-nativesdk = " largefile"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl,"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
PACKAGECONFIG[largefile] = "--enable-largefile,--disable-largefile,,"
PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib,"
PACKAGECONFIG[bz2] = "--with-bz2lib,--without-bz2lib,bzip2,"
PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl,"
PACKAGECONFIG[libxml2] = "--with-xml2,--without-xml2,libxml2,"
PACKAGECONFIG[expat] = "--with-expat,--without-expat,expat,"
PACKAGECONFIG[lzo] = "--with-lzo2,--without-lzo2,lzo,"
PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle,"
PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4,"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
"
SRC_URI[md5sum] = "802a56ef9eaa0b8776296ba78a6d0c2c"
SRC_URI[sha256sum] = "c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2"
inherit autotools update-alternatives pkgconfig
CPPFLAGS += "-I${WORKDIR}/extra-includes"
do_configure[cleandirs] += "${WORKDIR}/extra-includes"
do_configure_prepend() {
# We just need the headers for some type constants, so no need to
# build all of e2fsprogs for the target
cp -R ${STAGING_INCDIR_NATIVE}/ext2fs ${WORKDIR}/extra-includes/
}
ALTERNATIVE_PRIORITY = "80"
PACKAGES =+ "bsdtar"
FILES_bsdtar = "${bindir}/bsdtar"
ALTERNATIVE_bsdtar = "tar"
ALTERNATIVE_LINK_NAME[tar] = "${base_bindir}/tar"
ALTERNATIVE_TARGET[tar] = "${bindir}/bsdtar"
PACKAGES =+ "bsdcpio"
FILES_bsdcpio = "${bindir}/bsdcpio"
ALTERNATIVE_bsdcpio = "cpio"
ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
ALTERNATIVE_TARGET[cpio] = "${bindir}/bsdcpio"
BBCLASSEXTEND = "native nativesdk"

20
meta/meta-mediatek-aud/recipes-support/portaudio/portaudio_19.7.0.bb Normal file
View File

@ -0,0 +1,20 @@
SUMMARY = "A portable audio library"
SECTION = "libs/multimedia"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=26107732c2ab637c5710446fcfaf02df"
SRC_URI = "http://files.portaudio.com/archives/pa_stable_v190700_20210406.tgz"
SRC_URI[md5sum] = "ad319249932c6794b551d954b8844402"
SRC_URI[sha256sum] = "47efbf42c77c19a05d22e627d42873e991ec0c1357219c0d74ce6a2948cb2def"
S = "${WORKDIR}/portaudio"
inherit autotools pkgconfig
PACKAGECONFIG ??= "alsa"
PACKAGECONFIG[alsa] = "--with-alsa, --without-alsa, alsa-lib,"
EXTRA_OECONF = "--without-jack"
PACKAGES += "portaudio-examples"
FILES_portaudio-examples = "${bindir}"

242
meta/meta-mediatek/recipes-connectivity/openssl/openssl.inc
View File

@ -1,242 +0,0 @@
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"
# "openssl | SSLeay" dual license
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
DEPENDS = "makedepend-native hostperl-runtime-native"
DEPENDS_append_class-target = " openssl-native"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
"
S = "${WORKDIR}/openssl-${PV}"
PACKAGECONFIG[perl] = ",,,"
AR_append = " r"
TERMIO_libc-musl = "-DTERMIOS"
TERMIO ?= "-DTERMIO"
# Avoid binaries being marked as requiring an executable stack since it
# doesn't(which causes and this causes issues with SELinux
CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
export DIRS = "crypto ssl apps"
export EX_LIBS = "-lgcc -ldl"
export AS = "${CC} -c"
EXTRA_OEMAKE = "-e MAKEFLAGS="
inherit pkgconfig siteinfo multilib_header ptest
PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_${PN} =+ " ${libdir}/ssl/*"
FILES_${PN}-misc = "${libdir}/ssl/misc"
RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the base openssl package and the libcrypto
# package since the base openssl package depends on the libcrypto package.
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
# vulnerability
EXTRA_OECONF = " -no-ssl3"
do_configure_prepend_darwin () {
sed -i -e '/version-script=openssl\.ld/d' Configure
}
do_configure () {
cd util
perl perlpath.pl ${STAGING_BINDIR_NATIVE}
cd ..
ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
os=${HOST_OS}
case $os in
linux-uclibc |\
linux-uclibceabi |\
linux-gnueabi |\
linux-uclibcspe |\
linux-gnuspe |\
linux-musl*)
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm)
target=linux-armv4
;;
linux-armeb)
target=linux-elf-armeb
;;
linux-aarch64*)
target=linux-generic64
;;
linux-sh3)
target=debian-sh3
;;
linux-sh4)
target=debian-sh4
;;
linux-i486)
target=debian-i386-i486
;;
linux-i586 | linux-viac3)
target=debian-i386-i586
;;
linux-i686)
target=debian-i386-i686/cmov
;;
linux-gnux32-x86_64)
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips)
target=debian-mips
;;
linux-mipsel)
target=debian-mipsel
;;
linux-*-mips64 | linux-mips64)
target=debian-mips64
;;
linux-*-mips64el | linux-mips64el)
target=debian-mips64el
;;
linux-microblaze*|linux-nios2*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-supersparc)
target=linux-sparcv8
;;
linux-sparc)
target=linux-sparcv8
;;
darwin-i386)
target=darwin-i386-cc
;;
esac
# inject machine-specific flags
sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
}
do_compile_prepend_class-target () {
sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
}
do_compile () {
oe_runmake depend
oe_runmake
}
do_compile_ptest () {
# build dependencies for test directory too
export DIRS="$DIRS test"
oe_runmake depend
oe_runmake buildtest
}
do_install () {
# Create ${D}/${prefix} to fix parallel issues
mkdir -p ${D}/${prefix}/
oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
oe_libinstall -so libcrypto ${D}${libdir}
oe_libinstall -so libssl ${D}${libdir}
install -d ${D}${includedir}
cp --dereference -R include/openssl ${D}${includedir}
install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
oe_multilib_header openssl/opensslconf.h
if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
else
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
fi
# Create SSL structure
install -d ${D}${sysconfdir}/ssl/
mv ${D}${libdir}/ssl/openssl.cnf \
${D}${libdir}/ssl/certs \
${D}${libdir}/ssl/private \
\
${D}${sysconfdir}/ssl/
ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
}
do_install_ptest () {
cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
cp Configure config e_os.h ${D}${PTEST_PATH}
cp -r -L include ${D}${PTEST_PATH}
ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/crypto
cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
cp -r certs ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/apps
ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
cp apps/server.pem ${D}${PTEST_PATH}/apps
cp apps/server2.pem ${D}${PTEST_PATH}/apps
mkdir -p ${D}${PTEST_PATH}/util
install util/opensslwrap.sh ${D}${PTEST_PATH}/util
install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
# Time stamps are relevant for "make alltests", otherwise
# make may try to recompile binaries. Not only must the
# binary files be newer than the sources, they also must
# be more recent than the header files in /usr/include.
#
# Using "cp -a" is not sufficient, because do_install
# does not preserve the original time stamps.
#
# So instead of using the original file stamps, we set
# the current time for all files. Binaries will get
# modified again later when stripping them, but that's okay.
touch ${D}${PTEST_PATH}
find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
}
do_install_append_class-native() {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl/certs \
SSL_CERT_FILE=${libdir}/ssl/cert.pem \
OPENSSL_ENGINES=${libdir}/ssl/engines
}
BBCLASSEXTEND = "native nativesdk"

46
meta/meta-mediatek/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
View File

@ -1,46 +0,0 @@
From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001
From: Alexandru Moise <alexandru.moise@windriver.com>
Date: Tue, 7 Feb 2017 11:13:19 +0200
Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory (or bogus
MAC value is produced if x86 MD5 assembly module is involved). Since
hash operation is read-only it is not considered to be exploitable
beyond a DoS condition.
Thanks to Robert Święcki for report.
CVE-2017-3731
Backported from upstream commit:
8e20499629b6bcf868d0072c7011e590b5c2294d
Upstream-Status: Backport
Reviewed-by: Rich Salz <rsalz@openssl.org>
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
---
crypto/evp/e_rc4_hmac_md5.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 5e92855..3293419 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1];
if (!ctx->encrypt) {
+ if (len < MD5_DIGEST_LENGTH)
+ return -1;
len -= MD5_DIGEST_LENGTH;
p[arg - 2] = len >> 8;
p[arg - 1] = len;
--
2.10.2

43
meta/meta-mediatek/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
View File

@ -1,43 +0,0 @@
From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Tue, 28 Mar 2017 16:40:12 +0300
Subject: [PATCH] Take linking flags from LDFLAGS env var
This fixes "No GNU_HASH in the elf binary" issues.
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
Configurations/unix-Makefile.tmpl | 2 +-
Configure | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index c029817..43b769b 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -}
CC= $(CROSS_COMPILE){- $target{cc} -}
CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
-LDFLAGS= {- $target{lflags} -}
+LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -}
PLIB_LDFLAGS= {- $target{plib_lflags} -}
EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
LIB_CFLAGS={- $target{shared_cflag} || "" -}
diff --git a/Configure b/Configure
index aee7cc3..274d236 100755
--- a/Configure
+++ b/Configure
@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file};
$config{defines} = [];
$config{cflags} = "";
$config{ex_libs} = "";
-$config{shared_ldflag} = "";
+$config{shared_ldflag} = $ENV{'LDFLAGS'};
# Make sure build_scheme is consistent.
$target{build_scheme} = [ $target{build_scheme} ]
--
2.11.0

8
meta/meta-mediatek/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
View File

@ -20,6 +20,11 @@ https://patchwork.openembedded.org/patch/147229/
Upstream-Status: Inappropriate [OE specific] Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Martin Hundebøll <martin@geanix.com>
Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
--- ---
Configurations/unix-Makefile.tmpl | 10 +++++++++- Configurations/unix-Makefile.tmpl | 10 +++++++++-
crypto/build.info | 2 +- crypto/build.info | 2 +-
@ -29,7 +34,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
index 16af4d2087..54c162784c 100644 index 16af4d2087..54c162784c 100644
--- a/Configurations/unix-Makefile.tmpl --- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl
@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), @@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -} '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
@ -43,6 +48,7 @@ index 16af4d2087..54c162784c 100644
+CFLAGS_Q={- for (@{$config{CFLAGS}}) { +CFLAGS_Q={- for (@{$config{CFLAGS}}) {
+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
+ } + }
+ join(' ', @{$config{CFLAGS}}) -} + join(' ', @{$config{CFLAGS}}) -}
+ +

53
meta/meta-mediatek/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
View File

@ -1,53 +0,0 @@
From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
From: Alexandru Moise <alexandru.moise@windriver.com>
Date: Tue, 7 Feb 2017 11:16:13 +0200
Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.
Thanks to Robert Święcki for report.
CVE-2017-3731
Backported from upstream commit:
2198b3a55de681e1f3c23edb0586afe13f438051
Upstream-Status: Backport
Reviewed-by: Rich Salz <rsalz@openssl.org>
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
---
crypto/evp/e_aes.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1734a82..16dcd10 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
/* Correct length for explicit IV */
+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
- if (!c->encrypt)
+ if (!c->encrypt) {
+ if (len < EVP_GCM_TLS_TAG_LEN)
+ return 0;
len -= EVP_GCM_TLS_TAG_LEN;
+ }
c->buf[arg - 2] = len >> 8;
c->buf[arg - 1] = len & 0xff;
}
--
2.10.2

43
meta/meta-mediatek/recipes-connectivity/openssl/openssl/CVE-2016-7055.patch
View File

@ -1,43 +0,0 @@
From 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sun, 6 Nov 2016 18:33:17 +0100
Subject: [PATCH] bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a)
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/57c4b9f6a2f800b41ce2836986fe33640f6c3f8a]
CVE: CVE-2016-7055
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
crypto/bn/asm/x86_64-mont.pl | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
index 044fd7e..80492d8 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1148,18 +1148,17 @@ $code.=<<___;
mulx 2*8($aptr),%r15,%r13 # ...
adox -3*8($tptr),%r11
adcx %r15,%r12
- adox $zero,%r12
+ adox -2*8($tptr),%r12
adcx $zero,%r13
+ adox $zero,%r13
mov $bptr,8(%rsp) # off-load &b[i]
- .byte 0x67
mov $mi,%r15
imulq 24(%rsp),$mi # "t[0]"*n0
xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0
mulx 3*8($aptr),%rax,%r14
mov $mi,%rdx
- adox -2*8($tptr),%r12
adcx %rax,%r13
adox -1*8($tptr),%r13
adcx $zero,%r14
--
2.7.4

77
meta/meta-mediatek/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
View File

@ -1,77 +0,0 @@
Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
cross-compiled.
Signed-off-by: Anders Roxell <anders.roxell@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Upstream-Status: Pending
---
Index: openssl-1.0.2/Makefile.org
===================================================================
--- openssl-1.0.2.orig/Makefile.org
+++ openssl-1.0.2/Makefile.org
@@ -451,8 +451,16 @@ rehash.time: certs apps
test: tests
tests: rehash
+ $(MAKE) buildtest
+ $(MAKE) runtest
+
+buildtest:
+ @(cd test && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
+
+runtest:
@(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
Index: openssl-1.0.2/test/Makefile
===================================================================
--- openssl-1.0.2.orig/test/Makefile
+++ openssl-1.0.2/test/Makefile
@@ -137,7 +137,7 @@ tests: exe apps $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
-alltests: \
+all-tests= \
test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 test_wp \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
@@ -148,6 +148,11 @@ alltests: \
test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
test_constant_time
+alltests:
+ @(for i in $(all-tests); do \
+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ done)
+
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
echo test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
@sh ./trsa 2>/dev/null
../util/shlib_wrap.sh ./$(RSATEST)
@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
sh ./testtsa; \
fi
-test_ige: $(IGETEST)$(EXE_EXT)
+test_ige:
@echo "Test IGE mode"
../util/shlib_wrap.sh ./$(IGETEST)
-test_jpake: $(JPAKETEST)$(EXE_EXT)
+test_jpake:
@echo "Test JPAKE"
../util/shlib_wrap.sh ./$(JPAKETEST)

69
meta/meta-mediatek/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
View File

@ -1,69 +0,0 @@
From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Sat, 13 Jun 2015 17:03:39 -0400
Subject: [PATCH] Use SHA256 not MD5 as default digest.
Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
Upstream-Status: Backport
Backport from OpenSSL 2.0 to OpenSSL 1.0.2
Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
CVE: CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant,
which makes it easier for context-dependent attackers to
conduct spoofing attacks, as demonstrated by attacks on the
use of MD5 in the signature algorithm of an X.509 certificate.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
---
apps/ca.c | 2 +-
apps/dgst.c | 2 +-
apps/enc.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 3b7336c..8f3a84b 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
} else
BIO_printf(bio_err, "Signature ok\n");
- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
goto err;
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
diff --git a/apps/dgst.c b/apps/dgst.c
index 95e5fa3..0d1529f 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
goto end;
}
if (md == NULL)
- md = EVP_md5();
+ md = EVP_sha256();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err);
diff --git a/apps/enc.c b/apps/enc.c
index 7b7c70b..a7d944c 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
}
if (dgst == NULL) {
- dgst = EVP_md5();
+ dgst = EVP_sha256();
}
if (bufsize != NULL) {
--
1.9.1

6
meta/meta-mediatek/recipes-connectivity/openssl/openssl/afalg.patch
View File

@ -18,14 +18,14 @@ index 3baa8ce..9ef52ed 100755
- ($mi2) = $mi2 =~ /(\d+)/; - ($mi2) = $mi2 =~ /(\d+)/;
- my $ver = $ma*10000 + $mi1*100 + $mi2; - my $ver = $ma*10000 + $mi1*100 + $mi2;
- if ($ver < $minver) { - if ($ver < $minver) {
- $disabled{afalgeng} = "too-old-kernel"; - disable('too-old-kernel', 'afalgeng');
- } else { - } else {
- push @{$config{engdirs}}, "afalg"; - push @{$config{engdirs}}, "afalg";
- } - }
- } else { - } else {
- $disabled{afalgeng} = "cross-compiling"; - disable('cross-compiling', 'afalgeng');
- } - }
+ push @{$config{engdirs}}, "afalg"; + push @{$config{engdirs}}, "afalg";
} else { } else {
$disabled{afalgeng} = "not-linux"; disable('not-linux', 'afalgeng');
} }

27
meta/meta-mediatek/recipes-connectivity/openssl/openssl/configure-musl-target.patch
View File

@ -1,27 +0,0 @@
Add musl triplet support
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Index: openssl-1.0.2a/Configure
===================================================================
--- openssl-1.0.2a.orig/Configure
+++ openssl-1.0.2a/Configure
@@ -431,7 +431,7 @@ my %table=(
#
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
#
-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Configure script adds minimally required -march for assembly support,
# if no -march was specified at command line. mips32 and mips64 below
@@ -504,6 +504,8 @@ my %table=(
"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",

37
meta/meta-mediatek/recipes-connectivity/openssl/openssl/configure-targets.patch
View File

@ -1,37 +0,0 @@
Upstream-Status: Inappropriate [embedded specific]
The number of colons are important :)
---
Configure | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
Index: openssl-1.0.2a/Configure
===================================================================
--- openssl-1.0.2a.orig/Configure
+++ openssl-1.0.2a/Configure
@@ -443,6 +443,23 @@ my %table=(
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+
+# Linux on ARM
+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+
+#### Linux on MIPS/MIPS64
+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
# Android: linux-* but without pointers to headers and libs.
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

71
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
View File

@ -1,71 +0,0 @@
From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Wed, 21 Apr 2010 15:52:10 +0200
Subject: [PATCH] also create old hash for compatibility
Upstream-Status: Backport [debian]
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index b086ff9..b777d79 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -8,8 +8,6 @@ my $prefix;
my $openssl = $ENV{OPENSSL} || "openssl";
my $pwd;
-my $x509hash = "-subject_hash";
-my $crlhash = "-hash";
my $verbose = 0;
my $symlink_exists=eval {symlink("",""); 1};
my $removelinks = 1;
@@ -18,10 +16,7 @@ my $removelinks = 1;
while ( $ARGV[0] =~ /^-/ ) {
my $flag = shift @ARGV;
last if ( $flag eq '--');
- if ( $flag eq '-old') {
- $x509hash = "-subject_hash_old";
- $crlhash = "-hash_old";
- } elsif ( $flag eq '-h') {
+ if ( $flag eq '-h') {
help();
} elsif ( $flag eq '-n' ) {
$removelinks = 0;
@@ -113,7 +108,9 @@ sub hash_dir {
next;
}
link_hash_cert($fname) if($cert);
+ link_hash_cert_old($fname) if($cert);
link_hash_crl($fname) if($crl);
+ link_hash_crl_old($fname) if($crl);
}
}
@@ -146,6 +143,7 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
+ my $x509hash = $_[1] || '-subject_hash';
$fname =~ s/'/'\\''/g;
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
chomp $hash;
@@ -176,11 +174,21 @@ sub link_hash_cert {
$hashlist{$hash} = $fprint;
}
+sub link_hash_cert_old {
+ link_hash_cert($_[0], '-subject_hash_old');
+}
+
+sub link_hash_crl_old {
+ link_hash_crl($_[0], '-hash_old');
+}
+
+
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
my $fname = $_[0];
+ my $crlhash = $_[1] || "-hash";
$fname =~ s/'/'\\''/g;
my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
chomp $hash;

22
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/ca.patch
View File

@ -1,22 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-0.9.8m/apps/CA.pl.in
===================================================================
--- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
@@ -65,6 +65,7 @@
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@ -165,6 +166,7 @@
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
exit 1;
}
}

73
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
View File

@ -1,73 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-1.0.2/Configure
===================================================================
--- openssl-1.0.2.orig/Configure
+++ openssl-1.0.2/Configure
@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
+$debian_cflags =~ s/\n/ /g;
+
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -343,6 +347,55 @@ my %table=(
"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+# Debian GNU/* (various architectures)
+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+
####
#### Variety of LINUX:-)
####

15
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/man-dir.patch
View File

@ -1,15 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-1.0.0c/Makefile.org
===================================================================
--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100
+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
@@ -131,7 +131,7 @@
MAKEFILE= Makefile
-MANDIR=$(OPENSSLDIR)/man
+MANDIR=/usr/share/man
MAN1=1
MAN3=3
MANSUFFIX=

34
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/man-section.patch
View File

@ -1,34 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-1.0.0c/Makefile.org
===================================================================
--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100
+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
@@ -160,7 +160,8 @@
MANDIR=/usr/share/man
MAN1=1
MAN3=3
-MANSUFFIX=
+MANSUFFIX=ssl
+MANSECTION=SSL
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
@@ -651,7 +652,7 @@
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
+ --section=$${sec}$(MANSECTION) --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
@@ -668,7 +669,7 @@
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
+ --section=$${sec}$(MANSECTION) --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \

15
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
View File

@ -1,15 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-1.0.0c/Makefile.shared
===================================================================
--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
@@ -153,7 +153,7 @@
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

15
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
View File

@ -1,15 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-1.0.0c/Makefile.shared
===================================================================
--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100
@@ -151,7 +151,7 @@
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS)"

177
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/pic.patch
View File

@ -1,177 +0,0 @@
Upstream-Status: Backport [debian]
Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
===================================================================
--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200
+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200
@@ -16,6 +16,11 @@
&push("edi");
+ &call (&label("pic_point0"));
+ &set_label("pic_point0");
+ &blindpop("ebp");
+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
+
&comment("");
&comment("Load the data words");
&mov($L,&DWP(0,"ebx","",0));
@@ -47,15 +52,21 @@
&mov(&swtmp(2), (DWC(($enc)?"1":"0")));
&mov(&swtmp(1), "eax");
&mov(&swtmp(0), "ebx");
- &call("DES_encrypt2");
+ &exch("ebx", "ebp");
+ &call("DES_encrypt2\@PLT");
+ &exch("ebx", "ebp");
&mov(&swtmp(2), (DWC(($enc)?"0":"1")));
&mov(&swtmp(1), "edi");
&mov(&swtmp(0), "ebx");
- &call("DES_encrypt2");
+ &exch("ebx", "ebp");
+ &call("DES_encrypt2\@PLT");
+ &exch("ebx", "ebp");
&mov(&swtmp(2), (DWC(($enc)?"1":"0")));
&mov(&swtmp(1), "esi");
&mov(&swtmp(0), "ebx");
- &call("DES_encrypt2");
+ &exch("ebx", "ebp");
+ &call("DES_encrypt2\@PLT");
+ &exch("ebx", "ebp");
&stack_pop(3);
&mov($L,&DWP(0,"ebx","",0));
Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
===================================================================
--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200
+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200
@@ -122,7 +122,11 @@
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
- &call($enc_func);
+ &call (&label("pic_point0"));
+ &set_label("pic_point0");
+ &blindpop("ebx");
+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
+ &call("$enc_func\@PLT");
&mov("eax", &DWP($data_off,"esp","",0));
&mov("ebx", &DWP($data_off+4,"esp","",0));
@@ -185,7 +189,11 @@
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
- &call($enc_func);
+ &call (&label("pic_point1"));
+ &set_label("pic_point1");
+ &blindpop("ebx");
+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
+ &call("$enc_func\@PLT");
&mov("eax", &DWP($data_off,"esp","",0));
&mov("ebx", &DWP($data_off+4,"esp","",0));
@@ -218,7 +226,11 @@
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
- &call($dec_func);
+ &call (&label("pic_point2"));
+ &set_label("pic_point2");
+ &blindpop("ebx");
+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
+ &call("$dec_func\@PLT");
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
@@ -261,7 +273,11 @@
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
- &call($dec_func);
+ &call (&label("pic_point3"));
+ &set_label("pic_point3");
+ &blindpop("ebx");
+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
+ &call("$dec_func\@PLT");
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
===================================================================
--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100
+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200
@@ -161,6 +161,7 @@
if ($::macosx) { push (@out,"$tmp,2\n"); }
elsif ($::elf) { push (@out,"$tmp,4\n"); }
else { push (@out,"$tmp\n"); }
+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
}
push(@out,$initseg) if ($initseg);
}
@@ -218,8 +219,23 @@
elsif ($::elf)
{ $initseg.=<<___;
.section .init
+___
+ if ($::pic)
+ { $initseg.=<<___;
+ pushl %ebx
+ call .pic_point0
+.pic_point0:
+ popl %ebx
+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
+ call $f\@PLT
+ popl %ebx
+___
+ }
+ else
+ { $initseg.=<<___;
call $f
___
+ }
}
elsif ($::coff)
{ $initseg.=<<___; # applies to both Cygwin and Mingw
Index: openssl-1.0.1c/crypto/x86cpuid.pl
===================================================================
--- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100
+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200
@@ -8,6 +8,8 @@
for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+push(@out, ".hidden OPENSSL_ia32cap_P\n");
+
&function_begin("OPENSSL_ia32_cpuid");
&xor ("edx","edx");
&pushf ();
@@ -139,9 +141,7 @@
&set_label("nocpuid");
&function_end("OPENSSL_ia32_cpuid");
-&external_label("OPENSSL_ia32cap_P");
-
-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+&function_begin_B("OPENSSL_rdtsc");
&xor ("eax","eax");
&xor ("edx","edx");
&picmeup("ecx","OPENSSL_ia32cap_P");
@@ -155,7 +155,7 @@
# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
# but it's safe to call it on any [supported] 32-bit platform...
# Just check for [non-]zero return value...
-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+&function_begin_B("OPENSSL_instrument_halt");
&picmeup("ecx","OPENSSL_ia32cap_P");
&bt (&DWP(0,"ecx"),4);
&jnc (&label("nohalt")); # no TSC
@@ -222,7 +222,7 @@
&ret ();
&function_end_B("OPENSSL_far_spin");
-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+&function_begin_B("OPENSSL_wipe_cpu");
&xor ("eax","eax");
&xor ("edx","edx");
&picmeup("ecx","OPENSSL_ia32cap_P");

4663
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian/version-script.patch
View File

File diff suppressed because it is too large Load Diff

29
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
View File

@ -1,29 +0,0 @@
From: Raphael Geissert <geissert@debian.org>
Description: make X509_verify_cert indicate that any certificate whose
name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
Forwarded: not-needed
Origin: vendor
Last-Update: 2011-11-05
Upstream-Status: Backport [debian]
Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
===================================================================
--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
@@ -964,10 +964,11 @@
for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
{
x = sk_X509_value(ctx->chain, i);
- /* Mark DigiNotar certificates as revoked, no matter
- * where in the chain they are.
+ /* Mark certificates containing the following names as
+ * revoked, no matter where in the chain they are.
*/
- if (x->name && strstr(x->name, "DigiNotar"))
+ if (x->name && (strstr(x->name, "DigiNotar") ||
+ strstr(x->name, "Digicert Sdn. Bhd.")))
{
ctx->error = X509_V_ERR_CERT_REVOKED;
ctx->error_depth = i;

68
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
View File

@ -1,68 +0,0 @@
From: Raphael Geissert <geissert@debian.org>
Description: make X509_verify_cert indicate that any certificate whose
name contains "DigiNotar" is revoked.
Forwarded: not-needed
Origin: vendor
Last-Update: 2011-09-08
Bug: http://bugs.debian.org/639744
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
This is not meant as final patch.
Upstream-Status: Backport [debian]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
===================================================================
--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
static int check_revocation(X509_STORE_CTX *ctx);
static int check_cert(X509_STORE_CTX *ctx);
static int check_policy(X509_STORE_CTX *ctx);
+static int check_ca_blacklist(X509_STORE_CTX *ctx);
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
unsigned int *preasons, X509_CRL *crl, X509 *x);
@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
if (!ok)
goto err;
+ ok = check_ca_blacklist(ctx);
+ if(!ok) goto err;
+
#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
return 1;
}
+static int check_ca_blacklist(X509_STORE_CTX *ctx)
+ {
+ X509 *x;
+ int i;
+ /* Check all certificates against the blacklist */
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+ /* Mark DigiNotar certificates as revoked, no matter
+ * where in the chain they are.
+ */
+ if (x->name && strstr(x->name, "DigiNotar"))
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0,ctx))
+ return 0;
+ }
+ }
+ return 1;
+ }
+
static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
X509 **pissuer, int *pscore, unsigned int *preasons,
STACK_OF(X509_CRL) *crls)

4656
meta/meta-mediatek/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
View File

File diff suppressed because it is too large Load Diff

64
meta/meta-mediatek/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
View File

@ -1,64 +0,0 @@
Upstream-Status: Inappropriate [configuration]
Index: openssl-1.0.2/engines/Makefile
===================================================================
--- openssl-1.0.2.orig/engines/Makefile
+++ openssl-1.0.2/engines/Makefile
@@ -107,13 +107,13 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
sfx=".so"; \
- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
@@ -122,10 +122,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
done; \
fi
@target=install; $(RECURSIVE_MAKE)
Index: openssl-1.0.2/engines/ccgost/Makefile
===================================================================
--- openssl-1.0.2.orig/engines/ccgost/Makefile
+++ openssl-1.0.2/engines/ccgost/Makefile
@@ -47,7 +47,7 @@ install:
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
sfx=".so"; \
- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
@@ -56,10 +56,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
fi
links:

54
meta/meta-mediatek/recipes-connectivity/openssl/openssl/find.pl
View File

@ -1,54 +0,0 @@
warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
# This library is deprecated and unmaintained. It is included for
# compatibility with Perl 4 scripts which may use it, but it will be
# removed in a future version of Perl. Please use the File::Find module
# instead.
# Usage:
# require "find.pl";
#
# &find('/foo','/bar');
#
# sub wanted { ... }
# where wanted does whatever you want. $dir contains the
# current directory name, and $_ the current filename within
# that directory. $name contains "$dir/$_". You are cd'ed
# to $dir when the function is called. The function may
# set $prune to prune the tree.
#
# For example,
#
# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
#
# corresponds to this
#
# sub wanted {
# /^\.nfs.*$/ &&
# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
# int(-M _) > 7 &&
# unlink($_)
# ||
# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
# $dev < 0 &&
# ($prune = 1);
# }
#
# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
use File::Find ();
*name = *File::Find::name;
*prune = *File::Find::prune;
*dir = *File::Find::dir;
*topdir = *File::Find::topdir;
*topdev = *File::Find::topdev;
*topino = *File::Find::topino;
*topmode = *File::Find::topmode;
*topnlink = *File::Find::topnlink;
sub find {
&File::Find::find(\&wanted, @_);
}
1;

21
meta/meta-mediatek/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
View File

@ -1,21 +0,0 @@
Upstream-Status: Submitted
This patch adds the fix for one of the ciphers used in openssl, namely
the cipher des-ede3-cfb1. Complete bug log and patch is present here:
http://rt.openssl.org/Ticket/Display.html?id=2867
Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Index: openssl-1.0.2/crypto/evp/e_des3.c
===================================================================
--- openssl-1.0.2.orig/crypto/evp/e_des3.c
+++ openssl-1.0.2/crypto/evp/e_des3.c
@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
size_t n;
unsigned char c[1], d[1];
- for (n = 0; n < inl; ++n) {
+ for (n = 0; n * 8 < inl; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c, d, 1, 1,
&data(ctx)->ks1, &data(ctx)->ks2,

24
meta/meta-mediatek/recipes-connectivity/openssl/openssl/oe-ldflags.patch
View File

@ -1,24 +0,0 @@
Upstream-Status: Inappropriate [open-embedded]
Index: openssl-1.0.0/Makefile.shared
===================================================================
--- openssl-1.0.0.orig/Makefile.shared
+++ openssl-1.0.0/Makefile.shared
@@ -92,7 +92,7 @@
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
@@ -102,7 +102,7 @@
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \

46
meta/meta-mediatek/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch
View File

@ -1,46 +0,0 @@
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 21 Mar 2015 06:01:25 -0400
Subject: [PATCH] crypto: use bigint in x86-64 perl
Upstream-Status: Pending
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
When building on x32 systems where the default type is 32bit, make sure
we can transparently represent 64bit integers. Otherwise we end up with
build errors like:
/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
...
ghash-x86_64.s: Assembler messages:
ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
We don't enable this globally as there are some cases where we'd get
32bit values interpreted as unsigned when we need them as signed.
Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
URL: https://bugs.gentoo.org/542618
---
crypto/perlasm/x86_64-xlate.pl | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index aae8288..0bf9774 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -195,6 +195,10 @@ my %globals;
sub out {
my $self = shift;
+ # When building on x32 ABIs, the expanded hex value might be too
+ # big to fit into 32bits. Enable transparent 64bit support here
+ # so we can safely print it out.
+ use bigint;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
--
2.3.3

23
meta/meta-mediatek/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
View File

@ -1,23 +0,0 @@
openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
We should avoid accessing the type pointer if it's NULL,
this could happen if ctx->digest is not NULL.
Upstream-Status: Submitted
http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
Index: openssl-1.0.2h/crypto/evp/digest.c
===================================================================
--- openssl-1.0.2h.orig/crypto/evp/digest.c
+++ openssl-1.0.2h/crypto/evp/digest.c
@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
type = ctx->digest;
}
#endif
- if (ctx->digest != type) {
+ if (type && (ctx->digest != type)) {
if (ctx->digest && ctx->digest->ctx_size) {
OPENSSL_free(ctx->md_data);
ctx->md_data = NULL;

222
meta/meta-mediatek/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
View File

@ -1,222 +0,0 @@
#!/bin/sh
#
# Ben Secrest <blsecres@gmail.com>
#
# sh c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.
#
# based on the c_rehash perl script distributed with openssl
#
# LICENSE: See OpenSSL license
# ^^acceptable?^^
#
# default certificate location
DIR=/etc/openssl
# for filetype bitfield
IS_CERT=$(( 1 << 0 ))
IS_CRL=$(( 1 << 1 ))
# check to see if a file is a certificate file or a CRL file
# arguments:
# 1. the filename to be scanned
# returns:
# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
#
check_file()
{
local IS_TYPE=0
# make IFS a newline so we can process grep output line by line
local OLDIFS=${IFS}
IFS=$( printf "\n" )
# XXX: could be more efficient to have two 'grep -m' but is -m portable?
for LINE in $( grep '^-----BEGIN .*-----' ${1} )
do
if echo ${LINE} \
| grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
then
IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
then
break
fi
elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
then
IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
then
break
fi
fi
done
# restore IFS
IFS=${OLDIFS}
return ${IS_TYPE}
}
#
# use openssl to fingerprint a file
# arguments:
# 1. the filename to fingerprint
# 2. the method to use (x509, crl)
# returns:
# none
# assumptions:
# user will capture output from last stage of pipeline
#
fingerprint()
{
${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
}
#
# link_hash - create links to certificate files
# arguments:
# 1. the filename to create a link for
# 2. the type of certificate being linked (x509, crl)
# returns:
# 0 on success, 1 otherwise
#
link_hash()
{
local FINGERPRINT=$( fingerprint ${1} ${2} )
local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
local SUFFIX=0
local LINKFILE=''
local TAG=''
if [ ${2} = "crl" ]
then
TAG='r'
fi
LINKFILE=${HASH}.${TAG}${SUFFIX}
while [ -f ${LINKFILE} ]
do
if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
then
echo "NOTE: Skipping duplicate file ${1}" >&2
return 1
fi
SUFFIX=$(( ${SUFFIX} + 1 ))
LINKFILE=${HASH}.${TAG}${SUFFIX}
done
echo "${3} => ${LINKFILE}"
# assume any system with a POSIX shell will either support symlinks or
# do something to handle this gracefully
ln -s ${3} ${LINKFILE}
return 0
}
# hash_dir create hash links in a given directory
hash_dir()
{
echo "Doing ${1}"
cd ${1}
ls -1 * 2>/dev/null | while read FILE
do
if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
&& [ -h "${FILE}" ]
then
rm ${FILE}
fi
done
ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
do
REAL_FILE=${FILE}
# if we run on build host then get to the real files in rootfs
if [ -n "${SYSROOT}" -a -h ${FILE} ]
then
FILE=$( readlink ${FILE} )
# check the symlink is absolute (or dangling in other word)
if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
then
REAL_FILE=${SYSROOT}/${FILE}
fi
fi
check_file ${REAL_FILE}
local FILE_TYPE=${?}
local TYPE_STR=''
if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
then
TYPE_STR='x509'
elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
then
TYPE_STR='crl'
else
echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
continue
fi
link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
done
}
# choose the name of an ssl application
if [ -n "${OPENSSL}" ]
then
SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
else
SSL_CMD=/usr/bin/openssl
OPENSSL=${SSL_CMD}
export OPENSSL
fi
# fix paths
PATH=${PATH}:${DIR}/bin
export PATH
# confirm existance/executability of ssl command
if ! [ -x ${SSL_CMD} ]
then
echo "${0}: rehashing skipped ('openssl' program not available)" >&2
exit 0
fi
# determine which directories to process
old_IFS=$IFS
if [ ${#} -gt 0 ]
then
IFS=':'
DIRLIST=${*}
elif [ -n "${SSL_CERT_DIR}" ]
then
DIRLIST=$SSL_CERT_DIR
else
DIRLIST=${DIR}/certs
fi
IFS=':'
# process directories
for CERT_DIR in ${DIRLIST}
do
if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
then
IFS=$old_IFS
hash_dir ${CERT_DIR}
IFS=':'
fi
done

19
meta/meta-mediatek/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
View File

@ -1,19 +0,0 @@
openssl: Fix pod2man des.pod error on Ubuntu 12.04
This is a formatting fix, '=back' is required before
'=head1' on Ubuntu 12.04.
Upstream-Status: Pending
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
diff -urpN a_origin/des.pod b_modify/des.pod
--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
+++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
output. If there is no name specified after the B<-u>, the name text.des
will be embedded in the header.
+=back
+
=head1 SEE ALSO
ps(1),

34
meta/meta-mediatek/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
View File

@ -1,34 +0,0 @@
From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
From: Robert Yang <liezhi.yang@windriver.com>
Date: Mon, 19 Sep 2016 22:06:28 -0700
Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
Fixed when building on Debian-testing:
| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
The find.pl is added by oe-core, so once openssl/find.pl is removed,
then this patch can be dropped.
Upstream-Status: Inappropriate [OE-Specific]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
util/perlpath.pl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/util/perlpath.pl b/util/perlpath.pl
index a1f236b..5599892 100755
--- a/util/perlpath.pl
+++ b/util/perlpath.pl
@@ -4,6 +4,8 @@
# line in all scripts that rely on perl.
#
+BEGIN { unshift @INC, "."; }
+
require "find.pl";
$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
--
2.9.0

39
meta/meta-mediatek/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
View File

@ -1,39 +0,0 @@
Upstream-Status: Pending
Received from H J Liu @ Intel
Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
ported the patch to the 1.0.0e version
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
Index: openssl-1.0.2/crypto/bn/bn.h
===================================================================
--- openssl-1.0.2.orig/crypto/bn/bn.h
+++ openssl-1.0.2/crypto/bn/bn.h
@@ -173,6 +173,13 @@ extern "C" {
# endif
# endif
+/* Address type. */
+#ifdef _WIN64
+#define BN_ADDR unsigned long long
+#else
+#define BN_ADDR unsigned long
+#endif
+
/*
* assuming long is 64bit - this is the DEC Alpha unsigned long long is only
* 64 bits :-(, don't define BN_LLONG for the DEC Alpha
Index: openssl-1.0.2/crypto/bn/bn_exp.c
===================================================================
--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
+++ openssl-1.0.2/crypto/bn/bn_exp.c
@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
* multiple.
*/
#define MOD_EXP_CTIME_ALIGN(x_) \
- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
/*
* This variant of BN_mod_exp_mont() uses fixed windows and the special

337
meta/meta-mediatek/recipes-connectivity/openssl/openssl/parallel.patch
View File

@ -1,337 +0,0 @@
Fix the parallel races in the Makefiles.
This patch was taken from the Gentoo packaging:
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
Refreshed for 1.0.2i
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
--- openssl-1.0.2g/crypto/Makefile
+++ openssl-1.0.2g/crypto/Makefile
@@ -85,11 +85,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- openssl-1.0.2g/engines/Makefile
+++ openssl-1.0.2g/engines/Makefile
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- openssl-1.0.2g/Makefile.org
+++ openssl-1.0.2g/Makefile.org
@@ -279,17 +279,17 @@
build_libssl: build_ssl libssl.pc
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@@ -544,7 +544,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
--- openssl-1.0.2g/Makefile.shared
+++ openssl-1.0.2g/Makefile.shared
@@ -105,6 +105,7 @@
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +123,7 @@
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- openssl-1.0.2g/test/Makefile
+++ openssl-1.0.2g/test/Makefile
@@ -144,7 +144,7 @@
tags:
ctags $(SRC)
-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -438,136 +438,136 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
+ +@target=$(RSATEST); $(BUILD_CMD)
$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
+ +@target=$(BNTEST); $(BUILD_CMD)
$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
+ +@target=$(ECTEST); $(BUILD_CMD)
$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
+ +@target=$(EXPTEST); $(BUILD_CMD)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
+ +@target=$(IDEATEST); $(BUILD_CMD)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
+ +@target=$(MD2TEST); $(BUILD_CMD)
$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
+ +@target=$(SHATEST); $(BUILD_CMD)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
+ +@target=$(SHA1TEST); $(BUILD_CMD)
$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
+ +@target=$(SHA256TEST); $(BUILD_CMD)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
+ +@target=$(SHA512TEST); $(BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
+ +@target=$(RMDTEST); $(BUILD_CMD)
$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
+ +@target=$(MDC2TEST); $(BUILD_CMD)
$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
+ +@target=$(MD4TEST); $(BUILD_CMD)
$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
+ +@target=$(MD5TEST); $(BUILD_CMD)
$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
+ +@target=$(HMACTEST); $(BUILD_CMD)
$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
- @target=$(WPTEST); $(BUILD_CMD)
+ +@target=$(WPTEST); $(BUILD_CMD)
$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
+ +@target=$(RC2TEST); $(BUILD_CMD)
$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
+ +@target=$(BFTEST); $(BUILD_CMD)
$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
+ +@target=$(CASTTEST); $(BUILD_CMD)
$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
+ +@target=$(RC4TEST); $(BUILD_CMD)
$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
+ +@target=$(RC5TEST); $(BUILD_CMD)
$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
+ +@target=$(DESTEST); $(BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
+ +@target=$(RANDTEST); $(BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
+ +@target=$(DHTEST); $(BUILD_CMD)
$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
+ +@target=$(DSATEST); $(BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
+ +@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
+ +@target=$(ENGINETEST); $(BUILD_CMD)
$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
+ +@target=$(EVPTEST); $(BUILD_CMD)
$(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
- @target=$(EVPEXTRATEST); $(BUILD_CMD)
+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
+ +@target=$(ECDSATEST); $(BUILD_CMD)
$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
+ +@target=$(ECDHTEST); $(BUILD_CMD)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
+ +@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
- @target=$(JPAKETEST); $(BUILD_CMD)
+ +@target=$(JPAKETEST); $(BUILD_CMD)
$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
- @target=$(ASN1TEST); $(BUILD_CMD)
+ +@target=$(ASN1TEST); $(BUILD_CMD)
$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
+ +@target=$(SRPTEST); $(BUILD_CMD)
$(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
- @target=$(V3NAMETEST); $(BUILD_CMD)
+ +@target=$(V3NAMETEST); $(BUILD_CMD)
$(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
- @target=$(CONSTTIMETEST) $(BUILD_CMD)
+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
$(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
$(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
- @target=$(BADDTLSTEST) $(BUILD_CMD)
+ +@target=$(BADDTLSTEST) $(BUILD_CMD)
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
$(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -580,6 +580,6 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest; $(BUILD_CMD)
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.

34
meta/meta-mediatek/recipes-connectivity/openssl/openssl/ptest-deps.patch
View File

@ -1,34 +0,0 @@
Remove Makefile dependencies for test targets
These are probably here because the executables aren't always built for
other platforms (e.g. Windows); however we can safely assume they'll
always be there. None of the other test targets have such dependencies
and if we don't remove them, make tries to rebuild the executables and
fails during run-ptest.
Upstream-Status: Inappropriate [config]
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Index: openssl-1.0.2/test/Makefile
===================================================================
--- openssl-1.0.2.orig/test/Makefile
+++ openssl-1.0.2/test/Makefile
@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
@echo "CMS consistency test"
$(PERL) cms-test.pl
-test_srp: $(SRPTEST)$(EXE_EXT)
+test_srp:
@echo "Test SRP"
../util/shlib_wrap.sh ./srptest
@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
@echo "Test X509v3_check_*"
../util/shlib_wrap.sh ./$(V3NAMETEST)
-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
+test_heartbeat:
../util/shlib_wrap.sh ./$(HEARTBEATTEST)
test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)

248
meta/meta-mediatek/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch
View File

@ -1,248 +0,0 @@
Additional Makefile dependencies removal for test targets
Removing the dependency check for test targets as these tests are
causing a number of failures and "noise" during ptest execution.
Upstream-Status: Inappropriate [config]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
--- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300
+++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300
@@ -155,67 +155,67 @@
( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
done)
-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
+test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
+test_evp_extra:
../util/shlib_wrap.sh ./$(EVPEXTRATEST)
-test_des: $(DESTEST)$(EXE_EXT)
+test_des:
../util/shlib_wrap.sh ./$(DESTEST)
-test_idea: $(IDEATEST)$(EXE_EXT)
+test_idea:
../util/shlib_wrap.sh ./$(IDEATEST)
-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
+test_sha:
../util/shlib_wrap.sh ./$(SHATEST)
../util/shlib_wrap.sh ./$(SHA1TEST)
../util/shlib_wrap.sh ./$(SHA256TEST)
../util/shlib_wrap.sh ./$(SHA512TEST)
-test_mdc2: $(MDC2TEST)$(EXE_EXT)
+test_mdc2:
../util/shlib_wrap.sh ./$(MDC2TEST)
-test_md5: $(MD5TEST)$(EXE_EXT)
+test_md5:
../util/shlib_wrap.sh ./$(MD5TEST)
-test_md4: $(MD4TEST)$(EXE_EXT)
+test_md4:
../util/shlib_wrap.sh ./$(MD4TEST)
-test_hmac: $(HMACTEST)$(EXE_EXT)
+test_hmac:
../util/shlib_wrap.sh ./$(HMACTEST)
-test_wp: $(WPTEST)$(EXE_EXT)
+test_wp:
../util/shlib_wrap.sh ./$(WPTEST)
-test_md2: $(MD2TEST)$(EXE_EXT)
+test_md2:
../util/shlib_wrap.sh ./$(MD2TEST)
-test_rmd: $(RMDTEST)$(EXE_EXT)
+test_rmd:
../util/shlib_wrap.sh ./$(RMDTEST)
-test_bf: $(BFTEST)$(EXE_EXT)
+test_bf:
../util/shlib_wrap.sh ./$(BFTEST)
-test_cast: $(CASTTEST)$(EXE_EXT)
+test_cast:
../util/shlib_wrap.sh ./$(CASTTEST)
-test_rc2: $(RC2TEST)$(EXE_EXT)
+test_rc2:
../util/shlib_wrap.sh ./$(RC2TEST)
-test_rc4: $(RC4TEST)$(EXE_EXT)
+test_rc4:
../util/shlib_wrap.sh ./$(RC4TEST)
-test_rc5: $(RC5TEST)$(EXE_EXT)
+test_rc5:
../util/shlib_wrap.sh ./$(RC5TEST)
-test_rand: $(RANDTEST)$(EXE_EXT)
+test_rand:
../util/shlib_wrap.sh ./$(RANDTEST)
-test_enc: ../apps/openssl$(EXE_EXT) testenc
+test_enc:
@sh ./testenc
-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
+test_x509:
echo test normal x509v1 certificate
sh ./tx509 2>/dev/null
echo test first x509v3 certificate
@@ -223,25 +223,25 @@
echo test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+test_rsa:
@sh ./trsa 2>/dev/null
../util/shlib_wrap.sh ./$(RSATEST)
-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
+test_crl:
@sh ./tcrl 2>/dev/null
-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
+test_sid:
@sh ./tsid 2>/dev/null
-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
+test_req:
@sh ./treq 2>/dev/null
@sh ./treq testreq2.pem 2>/dev/null
-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
+test_pkcs7:
@sh ./tpkcs7 2>/dev/null
@sh ./tpkcs7d 2>/dev/null
-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
+test_bn:
@echo starting big number library test, could take a while...
@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
@echo quit >>tmp.bntest
@@ -250,33 +250,33 @@
@echo 'test a^b%c implementations'
../util/shlib_wrap.sh ./$(EXPTEST)
-test_ec: $(ECTEST)$(EXE_EXT)
+test_ec:
@echo 'test elliptic curves'
../util/shlib_wrap.sh ./$(ECTEST)
-test_ecdsa: $(ECDSATEST)$(EXE_EXT)
+test_ecdsa:
@echo 'test ecdsa'
../util/shlib_wrap.sh ./$(ECDSATEST)
-test_ecdh: $(ECDHTEST)$(EXE_EXT)
+test_ecdh:
@echo 'test ecdh'
../util/shlib_wrap.sh ./$(ECDHTEST)
-test_verify: ../apps/openssl$(EXE_EXT)
+test_verify:
@echo "The following command should have some OK's and some failures"
@echo "There are definitly a few expired certificates"
../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
-test_dh: $(DHTEST)$(EXE_EXT)
+test_dh:
@echo "Generate a set of DH parameters"
../util/shlib_wrap.sh ./$(DHTEST)
-test_dsa: $(DSATEST)$(EXE_EXT)
+test_dsa:
@echo "Generate a set of DSA parameters"
../util/shlib_wrap.sh ./$(DSATEST)
../util/shlib_wrap.sh ./$(DSATEST) -app2_1
-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
+test_gen testreq.pem:
@echo "Generate and verify a certificate request"
@sh ./testgen
@@ -288,13 +288,11 @@
@cat certCA.ss certU.ss > intP1.ss
@cat certCA.ss certU.ss certP1.ss > intP2.ss
-test_engine: $(ENGINETEST)$(EXE_EXT)
+test_engine:
@echo "Manipulate the ENGINE structures"
../util/shlib_wrap.sh ./$(ENGINETEST)
-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
- ../apps/server2.pem serverinfo.pem
+test_ssl:
@echo "test SSL protocol"
@if [ -n "$(FIPSCANLIB)" ]; then \
sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
@@ -304,7 +302,7 @@
@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
+test_ca:
@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
echo "skipping CA.sh test -- requires RSA"; \
else \
@@ -312,11 +310,11 @@
sh ./testca; \
fi
-test_aes: #$(AESTEST)
+test_aes:
# @echo "test Rijndael"
# ../util/shlib_wrap.sh ./$(AESTEST)
-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
+test_tsa:
@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
echo "skipping testtsa test -- requires RSA"; \
else \
@@ -331,7 +329,7 @@
@echo "Test JPAKE"
../util/shlib_wrap.sh ./$(JPAKETEST)
-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
+test_cms:
@echo "CMS consistency test"
$(PERL) cms-test.pl
@@ -339,22 +337,22 @@
@echo "Test SRP"
../util/shlib_wrap.sh ./srptest
-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
+test_ocsp:
@echo "Test OCSP"
@sh ./tocsp
-test_v3name: $(V3NAMETEST)$(EXE_EXT)
+test_v3name:
@echo "Test X509v3_check_*"
../util/shlib_wrap.sh ./$(V3NAMETEST)
test_heartbeat:
../util/shlib_wrap.sh ./$(HEARTBEATTEST)
-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
+test_constant_time:
@echo "Test constant time utilites"
../util/shlib_wrap.sh ./$(CONSTTIMETEST)
-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
+test_verify_extra:
@echo $(START) $@
../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)

32
meta/meta-mediatek/recipes-connectivity/openssl/openssl/reproducible.patch Normal file
View File

@ -0,0 +1,32 @@
The value for perl_archname can vary depending on the host, e.g.
x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
makes the ptest package non-reproducible. Its unused other than
these references so drop it.
RP 2020/2/6
Upstream-Status: Pending
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Index: openssl-1.1.1d/Configure
===================================================================
--- openssl-1.1.1d.orig/Configure
+++ openssl-1.1.1d/Configure
@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
# Save away perl command information
$config{perl_cmd} = $^X;
$config{perl_version} = $Config{version};
-$config{perl_archname} = $Config{archname};
+#$config{perl_archname} = $Config{archname};
$config{prefix}="";
$config{openssldir}="";
@@ -2517,7 +2517,7 @@ _____
@{$config{perlargv}}), "\n";
print "\nPerl information:\n\n";
print ' ',$config{perl_cmd},"\n";
- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
+ print ' ',$config{perl_version},"\n";
}
if ($dump || $options) {
my $longest = 0;

12
meta/meta-mediatek/recipes-connectivity/openssl/openssl/run-ptest Executable file → Normal file
View File

@ -1,2 +1,12 @@
#!/bin/sh #!/bin/sh
make -k runtest
set -e
# Optional arguments are 'list' to lists all tests, or the test name (base name
# ie test_evp, not 03_test_evp.t).
export TOP=.
# OPENSSL_ENGINES is relative from the test binaries
export OPENSSL_ENGINES=../engines
perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'

41
meta/meta-mediatek/recipes-connectivity/openssl/openssl/shared-libs.patch
View File

@ -1,41 +0,0 @@
Upstream-Status: Inappropriate [configuration]
Index: openssl-1.0.1e/crypto/Makefile
===================================================================
--- openssl-1.0.1e.orig/crypto/Makefile
+++ openssl-1.0.1e/crypto/Makefile
@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ)
shared: buildinf.h lib subdirs
if [ -n "$(SHARED_LIBS)" ]; then \
- (cd ..; $(MAKE) $(SHARED_LIB)); \
+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
fi
libs:
Index: openssl-1.0.1e/Makefile.org
===================================================================
--- openssl-1.0.1e.orig/Makefile.org
+++ openssl-1.0.1e/Makefile.org
@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Index: openssl-1.0.1e/ssl/Makefile
===================================================================
--- openssl-1.0.1e.orig/ssl/Makefile
+++ openssl-1.0.1e/ssl/Makefile
@@ -62,7 +62,7 @@ lib: $(LIBOBJ)
shared: lib
if [ -n "$(SHARED_LIBS)" ]; then \
- (cd ..; $(MAKE) $(SHARED_LIB)); \
+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
fi
files:

61
meta/meta-mediatek/recipes-connectivity/openssl/openssl_1.0.2j.bb
View File

@ -1,61 +0,0 @@
require openssl.inc
# For target side versions of openssl enable support for OCF Linux driver
# if they are available.
DEPENDS += "cryptodev-linux"
CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
export DIRS = "crypto ssl apps engines"
export OE_LDFLAGS="${LDFLAGS}"
SRC_URI += "file://find.pl;subdir=${BP}/util/ \
file://run-ptest \
file://openssl-c_rehash.sh \
file://configure-targets.patch \
file://shared-libs.patch \
file://oe-ldflags.patch \
file://engines-install-in-libdir-ssl.patch \
file://debian1.0.2/block_diginotar.patch \
file://debian1.0.2/block_digicert_malaysia.patch \
file://debian/ca.patch \
file://debian/c_rehash-compat.patch \
file://debian/debian-targets.patch \
file://debian/man-dir.patch \
file://debian/man-section.patch \
file://debian/no-rpath.patch \
file://debian/no-symbolic.patch \
file://debian/pic.patch \
file://debian1.0.2/version-script.patch \
file://openssl_fix_for_x32.patch \
file://fix-cipher-des-ede3-cfb1.patch \
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
file://openssl-fix-des.pod-error.patch \
file://Makefiles-ptest.patch \
file://ptest-deps.patch \
file://openssl-1.0.2a-x32-asm.patch \
file://ptest_makefile_deps.patch \
file://configure-musl-target.patch \
file://parallel.patch \
file://openssl-util-perlpath.pl-cwd.patch \
file://CVE-2016-7055.patch \
file://0001-CVE-2017-3731.patch \
file://0002-CVE-2017-3731.patch \
"
SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
# The crypto_use_bigint patch means that perl's bignum module needs to be
# installed, but some distributions (for example Fedora 23) don't ship it by
# default. As the resulting error is very misleading check for bignum before
# building.
do_configure_prepend() {
if ! perl -Mbigint -e true; then
bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
fi
}

172
meta/meta-mediatek/recipes-connectivity/openssl/openssl_1.1.0h.bb
View File

@ -1,172 +0,0 @@
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"
# "openssl | SSLeay" dual license
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
DEPENDS = "makedepend-native hostperl-runtime-native"
DEPENDS += "cryptodev-linux"
export DIRS = "crypto ssl apps"
export OE_LDFLAGS="${LDFLAGS}"
BBCLASSEXTEND = "native nativesdk"
SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
file://openssl-c_rehash.sh \
file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
"
S = "${WORKDIR}/openssl-${PV}"
#inherit lib_package multilib_header ptest
inherit pkgconfig siteinfo multilib_header ptest
do_configure () {
os=${HOST_OS}
case $os in
linux-uclibc |\
linux-uclibceabi |\
linux-gnueabi |\
linux-uclibcspe |\
linux-gnuspe |\
linux-musl*)
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm)
target=linux-armv4
;;
linux-armeb)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-sh3)
target=linux-generic32
;;
linux-sh4)
target=linux-generic32
;;
linux-i486)
target=linux-elf
;;
linux-i586 | linux-viac3)
target=linux-elf
;;
linux-i686)
target=linux-elf
;;
linux-gnux32-x86_64)
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-mipsel)
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64)
target=linux64-mips64
;;
linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze*|linux-nios2*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-riscv64)
target=linux-generic64
;;
linux-riscv32)
target=linux-generic32
;;
linux-supersparc)
target=linux-sparcv9
;;
linux-sparc)
target=linux-sparcv9
;;
darwin-i386)
target=darwin-i386-cc
;;
esac
useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
}
#| engines/afalg/e_afalg.c: In function 'eventfd':
#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
#| return syscall(__NR_eventfd, n);
#| ^~~~~~~~~~~~
EXTRA_OECONF_aarch64 += "no-afalgeng"
#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
oe_multilib_header openssl/opensslconf.h
}
do_install_append_class-native () {
# Install a custom version of c_rehash that can handle sysroots properly.
# This version is used for example when installing ca-certificates during
# image creation.
install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
}
do_install_ptest() {
cp -r * ${D}${PTEST_PATH}
# Putting .so files in ptest package will mess up the dependencies of the main openssl package
# so we rename them to .so.ptest and patch the test accordingly
mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
}
RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/engines-1.1"
####new add
PACKAGES =+ "libcrypto libssl "
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"

172
meta/meta-mediatek/recipes-connectivity/openssl/openssl_1.1.0i.bb
View File

@ -1,172 +0,0 @@
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"
# "openssl | SSLeay" dual license
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
DEPENDS = "makedepend-native hostperl-runtime-native"
DEPENDS += "cryptodev-linux"
export DIRS = "crypto ssl apps"
export OE_LDFLAGS="${LDFLAGS}"
BBCLASSEXTEND = "native nativesdk"
SRC_URI[md5sum] = "9495126aafd2659d357ea66a969c3fe1"
SRC_URI[sha256sum] = "ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
file://openssl-c_rehash.sh \
file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
"
S = "${WORKDIR}/openssl-${PV}"
#inherit lib_package multilib_header ptest
inherit pkgconfig siteinfo multilib_header ptest
do_configure () {
os=${HOST_OS}
case $os in
linux-uclibc |\
linux-uclibceabi |\
linux-gnueabi |\
linux-uclibcspe |\
linux-gnuspe |\
linux-musl*)
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm)
target=linux-armv4
;;
linux-armeb)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-sh3)
target=linux-generic32
;;
linux-sh4)
target=linux-generic32
;;
linux-i486)
target=linux-elf
;;
linux-i586 | linux-viac3)
target=linux-elf
;;
linux-i686)
target=linux-elf
;;
linux-gnux32-x86_64)
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-mipsel)
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64)
target=linux64-mips64
;;
linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze*|linux-nios2*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-riscv64)
target=linux-generic64
;;
linux-riscv32)
target=linux-generic32
;;
linux-supersparc)
target=linux-sparcv9
;;
linux-sparc)
target=linux-sparcv9
;;
darwin-i386)
target=darwin-i386-cc
;;
esac
useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
}
#| engines/afalg/e_afalg.c: In function 'eventfd':
#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
#| return syscall(__NR_eventfd, n);
#| ^~~~~~~~~~~~
EXTRA_OECONF_aarch64 += "no-afalgeng"
#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
oe_multilib_header openssl/opensslconf.h
}
do_install_append_class-native () {
# Install a custom version of c_rehash that can handle sysroots properly.
# This version is used for example when installing ca-certificates during
# image creation.
install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
}
do_install_ptest() {
cp -r * ${D}${PTEST_PATH}
# Putting .so files in ptest package will mess up the dependencies of the main openssl package
# so we rename them to .so.ptest and patch the test accordingly
mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
}
RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
PACKAGES =+ "${PN}-engines"
FILES_${PN}-engines = "${libdir}/engines-1.1"
####new add
PACKAGES =+ "libcrypto libssl "
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"

40
meta/meta-mediatek/recipes-connectivity/openssl/openssl_1.1.1a.bb → meta/meta-mediatek/recipes-connectivity/openssl/openssl_1.1.1g.bb
View File

@ -7,27 +7,30 @@ SECTION = "libs/network"
# "openssl" here actually means both OpenSSL and SSLeay licenses apply # "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) # (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
LICENSE = "openssl" LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
DEPENDS = "hostperl-runtime-native" DEPENDS = "hostperl-runtime-native"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \ file://run-ptest \
file://openssl-c_rehash.sh \
file://0001-skip-test_symbol_presence.patch \ file://0001-skip-test_symbol_presence.patch \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \ file://afalg.patch \
file://reproducible.patch \
" "
SRC_URI_append_class-nativesdk = " \ SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \ file://environment.d-openssl.sh \
" "
SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73" SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
inherit lib_package multilib_header ptest inherit lib_package multilib_header ptest
PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""
B = "${WORKDIR}/build" B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}" do_configure[cleandirs] = "${B}"
@ -35,11 +38,12 @@ do_configure[cleandirs] = "${B}"
#| ./libcrypto.so: undefined reference to `setcontext' #| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext' #| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async" EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
# This prevents openssl from using getrandom() which is not available on older glibc versions # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) # (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=devrandom" EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom" EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
@ -141,13 +145,7 @@ do_install_append_class-native () {
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
OPENSSL_ENGINES=${libdir}/ssl-1.1/engines OPENSSL_ENGINES=${libdir}/engines-1.1
# Install a custom version of c_rehash that can handle sysroots properly.
# This version is used for example when installing ca-certificates during
# image creation.
install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
} }
do_install_append_class-nativesdk () { do_install_append_class-nativesdk () {
@ -166,8 +164,8 @@ do_install_ptest () {
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
# For test_shlibload # For test_shlibload
ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/libcrypto.so ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/libssl.so ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
install -d ${D}${PTEST_PATH}/apps install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
@ -196,12 +194,16 @@ FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/open
CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf" RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-bin = "perl" RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
RDEPENDS_${PN}-misc = "perl"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python"
RPROVIDES_openssl-conf = "openssl10-conf" RPROVIDES_openssl-conf = "openssl10-conf"
RREPLACES_openssl-conf = "openssl10-conf" RREPLACES_openssl-conf = "openssl10-conf"
RCONFLICTS_openssl-conf = "openssl10-conf" RCONFLICTS_openssl-conf = "openssl10-conf"
BBCLASSEXTEND = "native nativesdk" BBCLASSEXTEND = "native nativesdk"
CVE_PRODUCT = "openssl:openssl"
# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
# Apache in meta-webserver is already recent enough
CVE_CHECK_WHITELIST += "CVE-2019-0190"

107
src/apps/portaudio/include/pa_linux_alsa.h
View File

@ -1,107 +0,0 @@
#ifndef PA_LINUX_ALSA_H
#define PA_LINUX_ALSA_H
/*
* $Id$
* PortAudio Portable Real-Time Audio Library
* ALSA-specific extensions
*
* Copyright (c) 1999-2000 Ross Bencina and Phil Burk
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/*
* The text above constitutes the entire PortAudio license; however,
* the PortAudio community also makes the following non-binding requests:
*
* Any person wishing to distribute modifications to the Software is
* requested to send the modifications to the original developer so that
* they can be incorporated into the canonical version. It is also
* requested that these non-binding requests be included along with the
* license above.
*/
/** @file
* @ingroup public_header
* @brief ALSA-specific PortAudio API extension header file.
*/
#include "portaudio.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct PaAlsaStreamInfo
{
unsigned long size;
PaHostApiTypeId hostApiType;
unsigned long version;
const char *deviceString;
}
PaAlsaStreamInfo;
/** Initialize host API specific structure, call this before setting relevant attributes. */
void PaAlsa_InitializeStreamInfo( PaAlsaStreamInfo *info );
/** Instruct whether to enable real-time priority when starting the audio thread.
*
* If this is turned on by the stream is started, the audio callback thread will be created
* with the FIFO scheduling policy, which is suitable for realtime operation.
**/
void PaAlsa_EnableRealtimeScheduling( PaStream *s, int enable );
#if 0
void PaAlsa_EnableWatchdog( PaStream *s, int enable );
#endif
/** Get the ALSA-lib card index of this stream's input device. */
PaError PaAlsa_GetStreamInputCard( PaStream *s, int *card );
/** Get the ALSA-lib card index of this stream's output device. */
PaError PaAlsa_GetStreamOutputCard( PaStream *s, int *card );
/** Set the number of periods (buffer fragments) to configure devices with.
*
* By default the number of periods is 4, this is the lowest number of periods that works well on
* the author's soundcard.
* @param numPeriods The number of periods.
*/
PaError PaAlsa_SetNumPeriods( int numPeriods );
/** Set the maximum number of times to retry opening busy device (sleeping for a
* short interval inbetween).
*/
PaError PaAlsa_SetRetriesBusy( int retries );
/** Set the path and name of ALSA library file if PortAudio is configured to load it dynamically (see
* PA_ALSA_DYNAMIC). This setting will overwrite the default name set by PA_ALSA_PATHNAME define.
* @param pathName Full path with filename. Only filename can be used, but dlopen() will lookup default
* searchable directories (/usr/lib;/usr/local/lib) then.
*/
void PaAlsa_SetLibraryPathName( const char *pathName );
#ifdef __cplusplus
}
#endif
#endif

1228
src/apps/portaudio/include/portaudio.h
View File

File diff suppressed because it is too large Load Diff

BIN
src/apps/portaudio/lib64/libportaudio.so
View File

Binary file not shown.

12
src/apps/portaudio/lib64/pkgconfig/portaudio-2.0.pc
View File

@ -1,12 +0,0 @@
prefix=/usr
exec_prefix=${prefix}
libdir=/usr/lib64
includedir=${prefix}/include
Name: PortAudio
Description: Portable audio I/O
Requires:
Version: 19
Libs: -L${libdir} -lportaudio -lasound -lm -lpthread
Cflags: -I${includedir} -pthread