kumquat-buildroot/package/libopenssl/libopenssl.mk

171 lines
4.6 KiB
Makefile
Raw Normal View History

################################################################################
#
# libopenssl
#
################################################################################
package/libopenssl: security bump to version 1.1.1c Fixes the following security issues: Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-05-30 23:43:36 +02:00
LIBOPENSSL_VERSION = 1.1.1c
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
LIBOPENSSL_LICENSE_FILES = LICENSE
LIBOPENSSL_INSTALL_STAGING = YES
LIBOPENSSL_DEPENDENCIES = zlib
HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
LIBOPENSSL_TARGET_ARCH = linux-generic32
LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS)
LIBOPENSSL_PROVIDES = openssl
ifeq ($(BR2_m68k_cf),y)
# relocation truncated to fit: R_68K_GOT16O
LIBOPENSSL_CFLAGS += -mxgot
# resolves an assembler "out of range error" with blake2 and sha512 algorithms
LIBOPENSSL_CFLAGS += -DOPENSSL_SMALL_FOOTPRINT
endif
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
LIBOPENSSL_CFLAGS += -DOPENSSL_THREADS
endif
ifeq ($(BR2_USE_MMU),)
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
LIBOPENSSL_CFLAGS += -DHAVE_FORK=0 -DOPENSSL_NO_MADVISE
endif
ifeq ($(BR2_PACKAGE_HAS_CRYPTODEV),y)
LIBOPENSSL_DEPENDENCIES += cryptodev
endif
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
# fixes the following build failures:
#
# - musl
# ./libcrypto.so: undefined reference to `getcontext'
# ./libcrypto.so: undefined reference to `setcontext'
# ./libcrypto.so: undefined reference to `makecontext'
#
# - uclibc:
# crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name 'ucontext_t'
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
#
ifeq ($(BR2_TOOLCHAIN_USES_MUSL),y)
LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
endif
ifeq ($(BR2_TOOLCHAIN_HAS_UCONTEXT),)
LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
endif
ifeq ($(BR2_STATIC_LIBS),y)
# Use "gcc" minimalistic target to disable DSO
LIBOPENSSL_TARGET_ARCH = gcc
else
# Some architectures are optimized in OpenSSL
# Doesn't work for thumb-only (Cortex-M?)
ifeq ($(BR2_ARM_CPU_HAS_ARM),y)
LIBOPENSSL_TARGET_ARCH = linux-armv4
endif
ifeq ($(ARCH),aarch64)
LIBOPENSSL_TARGET_ARCH = linux-aarch64
endif
ifeq ($(ARCH),powerpc)
# 4xx cores seem to have trouble with openssl's ASM optimizations
ifeq ($(BR2_powerpc_401)$(BR2_powerpc_403)$(BR2_powerpc_405)$(BR2_powerpc_405fp)$(BR2_powerpc_440)$(BR2_powerpc_440fp),)
LIBOPENSSL_TARGET_ARCH = linux-ppc
endif
endif
ifeq ($(ARCH),powerpc64)
LIBOPENSSL_TARGET_ARCH = linux-ppc64
endif
ifeq ($(ARCH),powerpc64le)
LIBOPENSSL_TARGET_ARCH = linux-ppc64le
endif
ifeq ($(ARCH),x86_64)
LIBOPENSSL_TARGET_ARCH = linux-x86_64
endif
endif
define HOST_LIBOPENSSL_CONFIGURE_CMDS
(cd $(@D); \
$(HOST_CONFIGURE_OPTS) \
./config \
--prefix=$(HOST_DIR) \
--openssldir=$(HOST_DIR)/etc/ssl \
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
no-tests \
no-fuzz-libfuzzer \
no-fuzz-afl \
shared \
zlib-dynamic \
)
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
$(SED) "s#-O[0-9s]#$(HOST_CFLAGS)#" $(@D)/Makefile
endef
define LIBOPENSSL_CONFIGURE_CMDS
(cd $(@D); \
$(TARGET_CONFIGURE_ARGS) \
$(TARGET_CONFIGURE_OPTS) \
./Configure \
$(LIBOPENSSL_TARGET_ARCH) \
--prefix=/usr \
--openssldir=/etc/ssl \
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
$(if $(BR2_TOOLCHAIN_HAS_LIBATOMIC),-latomic) \
$(if $(BR2_TOOLCHAIN_HAS_THREADS),-lpthread threads, no-threads) \
$(if $(BR2_STATIC_LIBS),no-shared,shared) \
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
$(if $(BR2_PACKAGE_HAS_CRYPTODEV),enable-devcryptoeng) \
no-rc5 \
enable-camellia \
enable-mdc2 \
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
no-tests \
no-fuzz-libfuzzer \
no-fuzz-afl \
$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
)
$(SED) "s#-march=[-a-z0-9] ##" -e "s#-mcpu=[-a-z0-9] ##g" $(@D)/Makefile
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
$(SED) "s#-O[0-9s]#$(LIBOPENSSL_CFLAGS)#" $(@D)/Makefile
$(SED) "s# build_tests##" $(@D)/Makefile
endef
define HOST_LIBOPENSSL_BUILD_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D)
endef
define LIBOPENSSL_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)
endef
define LIBOPENSSL_INSTALL_STAGING_CMDS
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
endef
define HOST_LIBOPENSSL_INSTALL_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) install
endef
define LIBOPENSSL_INSTALL_TARGET_CMDS
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
rm -rf $(TARGET_DIR)/usr/lib/ssl
rm -f $(TARGET_DIR)/usr/bin/c_rehash
endef
ifeq ($(BR2_PACKAGE_PERL),)
define LIBOPENSSL_REMOVE_PERL_SCRIPTS
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.pl,tsget}
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_PERL_SCRIPTS
endif
ifeq ($(BR2_PACKAGE_LIBOPENSSL_BIN),)
define LIBOPENSSL_REMOVE_BIN
$(RM) -f $(TARGET_DIR)/usr/bin/openssl
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.*,c_*}
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_BIN
endif
ifneq ($(BR2_PACKAGE_LIBOPENSSL_ENGINES),y)
define LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
libopenssl: bump version to 1.1.1a - use BR2_TOOLCHAIN_HAS_UCONTEXT This is used to set -DOPENSSL_NO_ASYNC if needed. - apply the CFLAGS correctly when compiling with -Os (bugfix). - use -latomic when needed This fixes the build for br-sparc-uclibc-2018.05 - don't use madvise() if no MMU Trying to do so results in undefined reference to madvise() as it is not available on uclibc without MMU. The original openssl code checks if a macro used in the madvise call is defined. The problem comes from the fact that the code in crypto/mem_sec.c also includes a kernel header defining the same macro unconditionally. Thus the check is always true in that case. Upstream: https://github.com/openssl/openssl/pull/8089 - don't compile test/fuzzers These binaries introduced with 1.1.x sometimes do not compile. This is the case with the br-arm-cortex-m4-full toolchain - don't build ocsp daemon if no MMU. Patch from Richard Levitte. - correctly enable cryptodev engine Thanks to Arnout Vandecappelle for spotting this. - remove all parallel build patches (openssl build-system changed) - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch to apply to Configurations/unix-Makefile.tmpl (Makefile template) - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch (upstream applied) - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply to crypto/build.info (Makefile template) - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC' - remove legacy enable-tlsext configure option - remove target/host libdir configure options, fixes openssl.pc installation path, fixes wget compile - change legacy INSTALL_PREFIX to DESTDIR - remove 'libraries gets installed read only, so strip fails' workaround (not needed anymore) - change engine directory from /usr/lib/engines to /usr/lib/engines-1.1 - change license file hash, no license change, only the following hint was removed: Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. Signed-off-by: Peter Seiderer <ps.report@gmx.net> Tested-by: Ryan Coe <bluemrp9@gmail.com> Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 10:39:19 +01:00
rm -rf $(TARGET_DIR)/usr/lib/engines-1.1
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
endif
$(eval $(generic-package))
$(eval $(host-generic-package))