diff mbox

[27/28] openssl: Add version 1.0.1g (Post heartbleed vulnerability)

Message ID e29701bed37f6ac495a226b3a5881530bc0fc38c.1397117164.git.christian.braunersorensen@prevas.dk
State Accepted
Delegated to: Esben Haabendal
Headers show

Commit Message

christian.braunersorensen@prevas.dk April 10, 2014, 8:09 a.m. UTC 
From: Christian Sørensen <christian.braunersorensen@prevas.dk>

Signed-off-by: Christian Sørensen <christian.braunersorensen@prevas.dk>
---
 .../engines-install-in-libdir-ssl.patch            | 53 ++++++++++++++++++++++
 recipes/openssl/openssl-1.0.1g/mingw.patch         | 12 +++++
 .../openssl/openssl-1.0.1g/no-librpath-rpath.patch | 12 +++++
 recipes/openssl/openssl-1.0.1g/oe-ldflags.patch    | 24 ++++++++++
 recipes/openssl/openssl-1.0.1g/shared-libs.patch   | 41 +++++++++++++++++
 recipes/openssl/openssl-1.0.1g/wincrypt.patch      | 12 +++++
 recipes/openssl/openssl_1.0.1g.oe                  | 16 +++++++
 recipes/openssl/openssl_1.0.1g.oe.sig              |  1 +
 8 files changed, 171 insertions(+)
 create mode 100644 recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/mingw.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/oe-ldflags.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/shared-libs.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/wincrypt.patch
 create mode 100644 recipes/openssl/openssl_1.0.1g.oe
 create mode 100644 recipes/openssl/openssl_1.0.1g.oe.sig
diff mbox

Patch

diff --git a/recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch b/recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch
new file mode 100644
index 0000000..949d6ad
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,53 @@ 
+Index: openssl-1.0.0/engines/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/Makefile
++++ openssl-1.0.0/engines/Makefile
+@@ -107,7 +107,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+-		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
+ 		for l in $(LIBNAMES); do \
+ 			( echo installing $$l; \
+ 			  pfx=lib; \
+@@ -119,13 +119,13 @@
+ 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
+ 				*)		sfx=".bad";;	\
+ 				esac; \
+-				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ 			  else \
+ 				sfx=".so"; \
+-				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ 			  fi; \
+-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+-			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
++			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+ 	@target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.0/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/ccgost/Makefile
++++ openssl-1.0.0/engines/ccgost/Makefile
+@@ -53,13 +53,13 @@
+ 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ 			*) sfx=".bad";; \
+ 			esac; \
+-			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ 		else \
+ 			sfx=".so"; \
+-			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ 		fi; \
+-		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+-		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
+ 	fi
+ 
+ links:
diff --git a/recipes/openssl/openssl-1.0.1g/mingw.patch b/recipes/openssl/openssl-1.0.1g/mingw.patch
new file mode 100644
index 0000000..2b106c3
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/mingw.patch
@@ -0,0 +1,12 @@ 
+diff -urN openssl-1.0.0e/Makefile.shared openssl-1.0.0enew//Makefile.shared
+--- openssl-1.0.0e/Makefile.shared	2010-08-21 13:36:49.000000000 +0200
++++ openssl-1.0.0enew//Makefile.shared	2012-04-10 15:43:18.384797024 +0200
+@@ -293,7 +293,7 @@
+ 	fi; \
+ 	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+ 	$(PERL) util/mkrc.pl $$dll_name | \
+-		$(CROSS_COMPILE)windres -o rc.o; \
++		$(WINDRES) -o rc.o; \
+ 	extras="$$extras rc.o"; \
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
diff --git a/recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch b/recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch
new file mode 100644
index 0000000..8f22a8f
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch
@@ -0,0 +1,12 @@ 
+diff -urN openssl-1.0.1e~orig/Makefile.shared openssl-1.0.1e/Makefile.shared
+--- openssl-1.0.1e~orig/Makefile.shared	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/Makefile.shared	2013-05-23 13:19:23.825040054 +0200
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/recipes/openssl/openssl-1.0.1g/oe-ldflags.patch b/recipes/openssl/openssl-1.0.1g/oe-ldflags.patch
new file mode 100644
index 0000000..292e13d
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/oe-ldflags.patch
@@ -0,0 +1,24 @@ 
+Upstream-Status: Inappropriate [open-embedded]
+
+Index: openssl-1.0.0/Makefile.shared
+===================================================================
+--- openssl-1.0.0.orig/Makefile.shared
++++ openssl-1.0.0/Makefile.shared
+@@ -92,7 +92,7 @@
+ LINK_APP=	\
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+-    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
++    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -102,7 +102,7 @@
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+-    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
++    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/recipes/openssl/openssl-1.0.1g/shared-libs.patch b/recipes/openssl/openssl-1.0.1g/shared-libs.patch
new file mode 100644
index 0000000..a7ca0a3
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/shared-libs.patch
@@ -0,0 +1,41 @@ 
+Upstream-Status: Inappropriate [configuration]
+
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
++++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB):	$(LIBOBJ)
+ 
+ shared: buildinf.h lib subdirs
+ 	if [ -n "$(SHARED_LIBS)" ]; then \
+-		(cd ..; $(MAKE) $(SHARED_LIB)); \
++		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ 	fi
+ 
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
++++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+ 
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
++		$(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+ 	else \
+ 		echo "There's no support for shared libraries on this platform" >&2; \
+ 		exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
++++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib:	$(LIBOBJ)
+ 
+ shared: lib
+ 	if [ -n "$(SHARED_LIBS)" ]; then \
+-		(cd ..; $(MAKE) $(SHARED_LIB)); \
++		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ 	fi
+ 
+ files:
diff --git a/recipes/openssl/openssl-1.0.1g/wincrypt.patch b/recipes/openssl/openssl-1.0.1g/wincrypt.patch
new file mode 100644
index 0000000..691f846
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/wincrypt.patch
@@ -0,0 +1,12 @@ 
+diff openssl-1.0.1e/crypto/ossl_typ.h~orig openssl-1.0.1e/crypto/ossl_typ.h
+index ea9227f..8e1b3cf 100644
+--- openssl-1.0.1e/crypto/ossl_typ.h~orig
++++ openssl-1.0.1e/crypto/ossl_typ.h
+@@ -100,6 +100,7 @@ typedef struct ASN1_ITEM_st ASN1_ITEM;
+ typedef struct asn1_pctx_st ASN1_PCTX;
+ 
+ #ifdef OPENSSL_SYS_WIN32
++#include <windows.h>
+ #undef X509_NAME
+ #undef X509_EXTENSIONS
+ #undef X509_CERT_PAIR
diff --git a/recipes/openssl/openssl_1.0.1g.oe b/recipes/openssl/openssl_1.0.1g.oe
new file mode 100644
index 0000000..0f2c2b9
--- /dev/null
+++ b/recipes/openssl/openssl_1.0.1g.oe
@@ -0,0 +1,16 @@ 
+require openssl.inc
+
+SRC_URI += "file://engines-install-in-libdir-ssl.patch"
+SRC_URI += "file://mingw.patch"
+
+# Parallel make is simply broken for now.
+PARALLEL_MAKE = ""
+
+# Fixup to get openssl to respect ${LDFLAGS}.  From OpenEmbedded, thanks :-)
+SRC_URI += "file://oe-ldflags.patch file://shared-libs.patch"
+export OE_LDFLAGS="${LDFLAGS}"
+SRC_URI += "file://no-librpath-rpath.patch"
+
+SRC_URI += "file://wincrypt.patch"
+
+LIBRARY_VERSION = "1"
diff --git a/recipes/openssl/openssl_1.0.1g.oe.sig b/recipes/openssl/openssl_1.0.1g.oe.sig
new file mode 100644
index 0000000..f6e8990
--- /dev/null
+++ b/recipes/openssl/openssl_1.0.1g.oe.sig
@@ -0,0 +1 @@ 
+b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c  openssl-1.0.1g.tar.gz