kumquat-buildroot/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
Bernd Kuhls 8581151d51 package/tor: security bump version to 0.4.6.7
Fixes CVE-2021-38385: https://blog.torproject.org/node/2062

Rebased patch 0001.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-08-17 22:01:37 +02:00

95 lines
3.7 KiB
Diff

From ba6b8ee5b6dee19493a150c3715b0e202440d206 Mon Sep 17 00:00:00 2001
From: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Thu, 24 Jan 2019 18:19:51 +0100
Subject: [PATCH] Fix static linking with OpenSSL
Adjust link order of libz to solve bug with static linking
and remove host paths when looking for openssl.
[Vincent:
- Adapt the patch to make it apply on the new version.]
[Bernd: rebased for tor-0.2.7.6, 0.2.8.10, 0.2.9.9, 0.3.1.7, 0.3.2.10,
0.3.4.8, 0.3.5.7, 0.4.4.5, 0.4.5.6 & 0.4.6.7]
[Fabrice: fix detection of openssl functions in 0.3.5.8]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
configure.ac | 4 ++--
src/test/include.am | 8 ++++----
src/tools/include.am | 4 ++--
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/configure.ac b/configure.ac
index 05e1392cf..580befa6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1074,7 +1074,7 @@ AC_ARG_WITH(ssl-dir,
])
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
-TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32 $TOR_LIB_CRYPT32],
+TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto -lz $TOR_LIB_GDI $TOR_LIB_WS32 $TOR_LIB_CRYPT32],
[#include <openssl/ssl.h>
char *getenv(const char *);],
[struct ssl_cipher_st;
@@ -1104,7 +1104,7 @@ dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
-LIBS="$TOR_OPENSSL_LIBS $LIBS"
+LIBS="$TOR_OPENSSL_LIBS -lz $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
diff --git a/src/test/include.am b/src/test/include.am
index ecb768957..39a622e88 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -399,8 +399,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
src_test_test_ntor_cl_LDADD = \
libtor.a \
$(rust_ldadd) \
- @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
- $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
+ @TOR_LIB_MATH@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_ZLIB_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
@CURVE25519_LIBS@ @TOR_LZMA_LIBS@ @TOR_TRACE_LIBS@
src_test_test_ntor_cl_AM_CPPFLAGS = \
$(AM_CPPFLAGS)
@@ -409,8 +409,8 @@
src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
src_test_test_hs_ntor_cl_LDADD = \
libtor.a \
- @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
- $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ \
+ @TOR_LIB_MATH@ \
+ $(TOR_LIBS_CRYPTLIB) @TOR_ZLIB_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ \
@CURVE25519_LIBS@ @TOR_TRACE_LIBS@
src_test_test_hs_ntor_cl_AM_CPPFLAGS = \
$(AM_CPPFLAGS)
diff --git a/src/tools/include.am b/src/tools/include.am
index f7aa7e0d1..4c4e8aa7a 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
@@ -35,7 +35,7 @@ src_tools_tor_gencert_LDADD = \
$(TOR_CRYPTO_LIBS) \
$(TOR_UTIL_LIBS) \
$(rust_ldadd) \
- @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ $(TOR_LIBS_CRYPTLIB) \
+ @TOR_LIB_MATH@ $(TOR_LIBS_CRYPTLIB) @TOR_ZLIB_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@
endif
@@ -45,7 +45,7 @@ src_tools_tor_print_ed_signing_cert_LDADD = \
src/trunnel/libor-trunnel.a \
$(TOR_CRYPTO_LIBS) \
$(TOR_UTIL_LIBS) \
- @TOR_LIB_MATH@ $(TOR_LIBS_CRYPTLIB) \
+ @TOR_LIB_MATH@ $(TOR_LIBS_CRYPTLIB) @TOR_ZLIB_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_USERENV@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@
if USE_NSS
--
2.20.1