7ba5ed97bc
Fixes: CVE-2016-7052 - Missing CRL sanity check [Peter: drop CVE 6309 from description as pointed out by Baruch] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
170 lines
5.0 KiB
Makefile
170 lines
5.0 KiB
Makefile
################################################################################
|
|
#
|
|
# openssl
|
|
#
|
|
################################################################################
|
|
|
|
OPENSSL_VERSION = 1.0.2j
|
|
OPENSSL_SITE = http://www.openssl.org/source
|
|
OPENSSL_LICENSE = OpenSSL or SSLeay
|
|
OPENSSL_LICENSE_FILES = LICENSE
|
|
OPENSSL_INSTALL_STAGING = YES
|
|
OPENSSL_DEPENDENCIES = zlib
|
|
HOST_OPENSSL_DEPENDENCIES = host-zlib
|
|
OPENSSL_TARGET_ARCH = generic32
|
|
OPENSSL_CFLAGS = $(TARGET_CFLAGS)
|
|
OPENSSL_PATCH = \
|
|
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
|
|
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
|
|
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
|
|
https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
|
|
|
|
# relocation truncated to fit: R_68K_GOT16O
|
|
ifeq ($(BR2_m68k_cf),y)
|
|
OPENSSL_CFLAGS += -mxgot
|
|
endif
|
|
|
|
ifeq ($(BR2_USE_MMU),)
|
|
OPENSSL_CFLAGS += -DHAVE_FORK=0
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_HAS_CRYPTODEV),y)
|
|
OPENSSL_CFLAGS += -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
|
|
OPENSSL_DEPENDENCIES += cryptodev
|
|
endif
|
|
|
|
# Some architectures are optimized in OpenSSL
|
|
# Doesn't work for thumb-only (Cortex-M?)
|
|
ifeq ($(BR2_ARM_CPU_HAS_ARM),y)
|
|
OPENSSL_TARGET_ARCH = armv4
|
|
endif
|
|
ifeq ($(ARCH),aarch64)
|
|
OPENSSL_TARGET_ARCH = aarch64
|
|
endif
|
|
ifeq ($(ARCH),powerpc)
|
|
# 4xx cores seem to have trouble with openssl's ASM optimizations
|
|
ifeq ($(BR2_powerpc_401)$(BR2_powerpc_403)$(BR2_powerpc_405)$(BR2_powerpc_405fp)$(BR2_powerpc_440)$(BR2_powerpc_440fp),)
|
|
OPENSSL_TARGET_ARCH = ppc
|
|
endif
|
|
endif
|
|
ifeq ($(ARCH),powerpc64)
|
|
OPENSSL_TARGET_ARCH = ppc64
|
|
endif
|
|
ifeq ($(ARCH),powerpc64le)
|
|
OPENSSL_TARGET_ARCH = ppc64le
|
|
endif
|
|
ifeq ($(ARCH),x86_64)
|
|
OPENSSL_TARGET_ARCH = x86_64
|
|
endif
|
|
|
|
define HOST_OPENSSL_CONFIGURE_CMDS
|
|
(cd $(@D); \
|
|
$(HOST_CONFIGURE_OPTS) \
|
|
./config \
|
|
--prefix=$(HOST_DIR)/usr \
|
|
--openssldir=$(HOST_DIR)/etc/ssl \
|
|
--libdir=/lib \
|
|
shared \
|
|
zlib-dynamic \
|
|
)
|
|
$(SED) "s#-O[0-9]#$(HOST_CFLAGS)#" $(@D)/Makefile
|
|
endef
|
|
|
|
define OPENSSL_CONFIGURE_CMDS
|
|
(cd $(@D); \
|
|
$(TARGET_CONFIGURE_ARGS) \
|
|
$(TARGET_CONFIGURE_OPTS) \
|
|
./Configure \
|
|
linux-$(OPENSSL_TARGET_ARCH) \
|
|
--prefix=/usr \
|
|
--openssldir=/etc/ssl \
|
|
--libdir=/lib \
|
|
$(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
|
|
$(if $(BR2_STATIC_LIBS),no-shared,shared) \
|
|
no-rc5 \
|
|
enable-camellia \
|
|
enable-mdc2 \
|
|
enable-tlsext \
|
|
$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
|
|
$(if $(BR2_STATIC_LIBS),no-dso) \
|
|
)
|
|
$(SED) "s#-march=[-a-z0-9] ##" -e "s#-mcpu=[-a-z0-9] ##g" $(@D)/Makefile
|
|
$(SED) "s#-O[0-9]#$(OPENSSL_CFLAGS)#" $(@D)/Makefile
|
|
$(SED) "s# build_tests##" $(@D)/Makefile
|
|
endef
|
|
|
|
# libdl is not available in a static build, and this is not implied by no-dso
|
|
ifeq ($(BR2_STATIC_LIBS),y)
|
|
define OPENSSL_FIXUP_STATIC_MAKEFILE
|
|
$(SED) 's#-ldl##g' $(@D)/Makefile
|
|
endef
|
|
OPENSSL_POST_CONFIGURE_HOOKS += OPENSSL_FIXUP_STATIC_MAKEFILE
|
|
endif
|
|
|
|
define HOST_OPENSSL_BUILD_CMDS
|
|
$(MAKE) -C $(@D)
|
|
endef
|
|
|
|
define OPENSSL_BUILD_CMDS
|
|
$(MAKE) -C $(@D)
|
|
endef
|
|
|
|
define OPENSSL_INSTALL_STAGING_CMDS
|
|
$(MAKE) -C $(@D) INSTALL_PREFIX=$(STAGING_DIR) install
|
|
endef
|
|
|
|
define HOST_OPENSSL_INSTALL_CMDS
|
|
$(MAKE) -C $(@D) install
|
|
endef
|
|
|
|
define OPENSSL_INSTALL_TARGET_CMDS
|
|
$(MAKE) -C $(@D) INSTALL_PREFIX=$(TARGET_DIR) install
|
|
rm -rf $(TARGET_DIR)/usr/lib/ssl
|
|
rm -f $(TARGET_DIR)/usr/bin/c_rehash
|
|
endef
|
|
|
|
# libdl has no business in a static build
|
|
ifeq ($(BR2_STATIC_LIBS),y)
|
|
define OPENSSL_FIXUP_STATIC_PKGCONFIG
|
|
$(SED) 's#-ldl##' $(STAGING_DIR)/usr/lib/pkgconfig/libcrypto.pc
|
|
$(SED) 's#-ldl##' $(STAGING_DIR)/usr/lib/pkgconfig/libssl.pc
|
|
$(SED) 's#-ldl##' $(STAGING_DIR)/usr/lib/pkgconfig/openssl.pc
|
|
endef
|
|
OPENSSL_POST_INSTALL_STAGING_HOOKS += OPENSSL_FIXUP_STATIC_PKGCONFIG
|
|
endif
|
|
|
|
ifneq ($(BR2_STATIC_LIBS),y)
|
|
# libraries gets installed read only, so strip fails
|
|
define OPENSSL_INSTALL_FIXUPS_SHARED
|
|
chmod +w $(TARGET_DIR)/usr/lib/engines/lib*.so
|
|
for i in $(addprefix $(TARGET_DIR)/usr/lib/,libcrypto.so.* libssl.so.*); \
|
|
do chmod +w $$i; done
|
|
endef
|
|
OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_INSTALL_FIXUPS_SHARED
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_PERL),)
|
|
define OPENSSL_REMOVE_PERL_SCRIPTS
|
|
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.pl,tsget}
|
|
endef
|
|
OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_PERL_SCRIPTS
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_OPENSSL_BIN),)
|
|
define OPENSSL_REMOVE_BIN
|
|
$(RM) -f $(TARGET_DIR)/usr/bin/openssl
|
|
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.*,c_*}
|
|
endef
|
|
OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_BIN
|
|
endif
|
|
|
|
ifneq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
|
|
define OPENSSL_REMOVE_OPENSSL_ENGINES
|
|
rm -rf $(TARGET_DIR)/usr/lib/engines
|
|
endef
|
|
OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_OPENSSL_ENGINES
|
|
endif
|
|
|
|
$(eval $(generic-package))
|
|
$(eval $(host-generic-package))
|