| Message ID | 20200611192504.4058-1-post@lespocky.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/fastd: bump to v19 | expand |
On Thu, 11 Jun 2020 21:25:04 +0200 Alexander Dahl <post@lespocky.de> wrote: > Maintenance release, most important is OpenSSL 1.1+ support. See full > release notes for details: > > https://fastd.readthedocs.io/en/stable/releases/v19.html > > Two patches went upstream. The last remaining patch was not touched, > LTO might not work as expected, but upstream dropped CMake in favour of > the meson build system after v19, so it seemed not worth the effort. > > Signed-off-by: Alexander Dahl <post@lespocky.de> > --- > ...akeList-do-not-overwrite-module-path.patch | 56 ------- > ...emove-aes128-ctr-NaCl-implementation.patch | 137 ------------------ > package/fastd/fastd.hash | 4 +- > package/fastd/fastd.mk | 4 +- > 4 files changed, 3 insertions(+), 198 deletions(-) > delete mode 100644 package/fastd/0002-CMakeList-do-not-overwrite-module-path.patch > delete mode 100644 package/fastd/0003-cipher-remove-aes128-ctr-NaCl-implementation.patch You had forgotten to update the hash of the license file (and explain why it needs to be updated). I fixed that and applied. Thanks! Thomas
Hello Thomas, On Thu, Jun 18, 2020 at 10:40:02PM +0200, Thomas Petazzoni wrote: > On Thu, 11 Jun 2020 21:25:04 +0200 > Alexander Dahl <post@lespocky.de> wrote: > > > Maintenance release, most important is OpenSSL 1.1+ support. See full > > release notes for details: > > > > https://fastd.readthedocs.io/en/stable/releases/v19.html > > > > Two patches went upstream. The last remaining patch was not touched, > > LTO might not work as expected, but upstream dropped CMake in favour of > > the meson build system after v19, so it seemed not worth the effort. > > > > Signed-off-by: Alexander Dahl <post@lespocky.de> > > --- > > ...akeList-do-not-overwrite-module-path.patch | 56 ------- > > ...emove-aes128-ctr-NaCl-implementation.patch | 137 ------------------ > > package/fastd/fastd.hash | 4 +- > > package/fastd/fastd.mk | 4 +- > > 4 files changed, 3 insertions(+), 198 deletions(-) > > delete mode 100644 package/fastd/0002-CMakeList-do-not-overwrite-module-path.patch > > delete mode 100644 package/fastd/0003-cipher-remove-aes128-ctr-NaCl-implementation.patch > > You had forgotten to update the hash of the license file (and explain > why it needs to be updated). I fixed that and applied. Thanks! I did not really forget it, but there was no error or warning on mismatch on my side. Maybe I did not let the whole BSP build finish, but just called some intermediate state before that was checked. Will check next time. Thanks for fixing it. Greets Alex
Hello Alexander, On Fri, 19 Jun 2020 00:15:59 +0200 Alexander Dahl <post@lespocky.de> wrote: > > You had forgotten to update the hash of the license file (and explain > > why it needs to be updated). I fixed that and applied. Thanks! > > I did not really forget it, but there was no error or warning on > mismatch on my side. Maybe I did not let the whole BSP build finish, > but just called some intermediate state before that was checked. Will > check next time. Thanks for fixing it. The hash of license files is checked when you run: $ make legal-info or if you want to do it just for one package: $ make <pkg>-legal-info Best regards, Thomas
>>>>> "Alexander" == Alexander Dahl <post@lespocky.de> writes: > Maintenance release, most important is OpenSSL 1.1+ support. See full > release notes for details: > https://fastd.readthedocs.io/en/stable/releases/v19.html Does this mean that fastd 18 is broken with openssl 1.1?, E.G. does this need to be backported to 2020.02.x?
Hei hei, just returning from two weeks holiday … On Wed, Jul 15, 2020 at 11:19:14PM +0200, Peter Korsgaard wrote: > >>>>> "Alexander" == Alexander Dahl <post@lespocky.de> writes: > > > Maintenance release, most important is OpenSSL 1.1+ support. See full > > release notes for details: > > > https://fastd.readthedocs.io/en/stable/releases/v19.html > > Does this mean that fastd 18 is broken with openssl 1.1?, E.G. does this > need to be backported to 2020.02.x? From the top of my head, I would say no. It probably means fastd is supposed to work with OpenSSL 1.1 or later now? It would have caused build errors against OpenSSL 1.1 in the past, if that would not have been the case, right? I put upstream in Cc, maybe he can answer this? Greets Alex
>>>>> "Matthias" == Matthias Schiffer <mschiffer@universe-factory.net> writes: > On 7/27/20 8:42 AM, Alexander Dahl wrote: >> Hei hei, >> >> just returning from two weeks holiday … >> >> On Wed, Jul 15, 2020 at 11:19:14PM +0200, Peter Korsgaard wrote: >>>>>>>> "Alexander" == Alexander Dahl <post@lespocky.de> writes: >>> >>> > Maintenance release, most important is OpenSSL 1.1+ support. See full >>> > release notes for details: >>> >>> > https://fastd.readthedocs.io/en/stable/releases/v19.html >>> >>> Does this mean that fastd 18 is broken with openssl 1.1?, E.G. does this >>> need to be backported to 2020.02.x? >> >> From the top of my head, I would say no. It probably means fastd is >> supposed to work with OpenSSL 1.1 or later now? It would have caused >> build errors against OpenSSL 1.1 in the past, if that would not have >> been the case, right? >> >> I put upstream in Cc, maybe he can answer this? >> >> Greets >> Alex >> > fastd 18 does not build against OpenSSL 1.1 without additional patches > (which had been backported to many desktop distributions). > At a glance, it looks like the buildroot fastd v18 package should not > compile when BR2_PACKAGE_OPENSSL is set. Hmm, it does on 2020.02.x: >>> libopenssl 1.1.1g Installing to target .. >>> fastd 18 Configuring (mkdir -p /home/peko/source/buildroot/output-fastd/build/fastd-18/ && cd /home/peko/source/buildroot/output-fastd/build/fastd-18/ && rm -f CMakeCache.txt && PATH="/home/peko/source/buildroot/output-fastd/host/bin:/home/peko/source/buildroot/output-fastd/host/sbin:/home/peko/bin:/home/peko/.local/bin:/home/peko/bin:/home/peko/.local/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" /usr/bin/cmake /home/peko/source/buildroot/output-fastd/build/fastd-18/ -DCMAKE_TOOLCHAIN_FILE="/home/peko/source/buildroot/output-fastd/host/share/buildroot/toolchainfile.cmake" -DCMAKE_INSTALL_PREFIX="/usr" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=ON -DENABLE_LIBSODIUM=ON -DENABLE_OPENSSL=ON -DWITH_STATUS_SOCKET=ON -DENABLE_SYSTEMD=OFF -DENABLE_LTO=OFF ) .. >>> fastd 18 Building .. /home/peko/source/buildroot/output-fastd/build/fastd-18/src/fastd.c: In function ‘init_config’: /home/peko/source/buildroot/output-fastd/build/fastd-18/src/fastd.c:506:2: warning: ‘OPENSSL_config’ is deprecated [-Wdeprecated-declarations] OPENSSL_config(NULL); ^ In file included from /home/peko/source/buildroot/output-fastd/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/openssl/e_os2.h:13:0, from /home/peko/source/buildroot/output-fastd/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/openssl/bio.h:13, from /home/peko/source/buildroot/output-fastd/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/openssl/conf.h:13, from /home/peko/source/buildroot/output-fastd/build/fastd-18/src/fastd.c:58: /home/peko/source/buildroot/output-fastd/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/openssl/conf.h:91:1: note: declared here DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) ^ .. [100%] Linking C executable fastd [100%] Built target fastd I take it you are referring to this change for openssl 1.1 support? https://github.com/NeoRaider/fastd/commit/8505374ee208d51a39e7b22846f9b781b9ccb452 But EVP_EncryptInit() is still available in 1.1.x: nm target/usr/lib/libcrypto.a | grep 'EVP_EncryptInit$' 00000ef0 T EVP_EncryptInit As described in the documentation: The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for compatibility with existing code https://www.openssl.org/docs/man1.1.0/man3/EVP_EncryptInit.html
diff --git a/package/fastd/0002-CMakeList-do-not-overwrite-module-path.patch b/package/fastd/0002-CMakeList-do-not-overwrite-module-path.patch deleted file mode 100644 index 88c1953d82..0000000000 --- a/package/fastd/0002-CMakeList-do-not-overwrite-module-path.patch +++ /dev/null @@ -1,56 +0,0 @@ -From a925a4cab1b722a2a24b0c1d2a1925f3b766de61 Mon Sep 17 00:00:00 2001 -From: "Yann E. MORIN" <yann.morin.1998@free.fr> -Date: Thu, 2 Mar 2017 21:43:39 +0100 -Subject: [PATCH] CMakeList: do not overwrite module path - -Currently, the CMakeList.txt completely overwrites the CMAKE_MODULE_PATH -variable. - -This is problematic when an upper-layer buildsystem wants to set its own -module path to use custom modules. - -For example, Buldroot [0] provides a custom platform description [1] to fix -cross-compilation issue. Overwriting the module path means that this -custom platform description is not found [2]. - -Providing such a custom platform description is what the upstream cmake -devs suggest [3], quoting: - - If a toolchain file specifies CMAKE_SYSTEM_NAME such that a custom - `Platform/MySystem.cmake` file is loaded then the latter can set - them [*] as needed for the target platform. - -[*] offending settings causing RPATH issues during cross-compilation. - -So we need to append our source tree to the module path, not replace it -blindly. - -[0] https://buildroot.org/ -[1] https://git.buildroot.org/buildroot/tree/support/misc/Buildroot.cmake -[2] http://autobuild.buildroot.net/results/69f/69fb2e3b549a069e2898506db918423e6742c589/build-end.log -[3] http://public.kitware.com/pipermail/cmake/2017-February/065063.html - -Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> ---- -Patch applied upstream: -https://git.universe-factory.net/fastd/commit/?id=a925a4cab1b722a2a24b0c1d2a1925f3b766de61 - ---- - CMakeLists.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 61689b1..2c9c61a 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -1,6 +1,6 @@ - cmake_minimum_required(VERSION 2.8.8) - --set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) -+list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) - cmake_policy(SET CMP0017 OLD) # Prefer modules in our module directory - - project(FASTD C ASM) --- -2.7.4 - diff --git a/package/fastd/0003-cipher-remove-aes128-ctr-NaCl-implementation.patch b/package/fastd/0003-cipher-remove-aes128-ctr-NaCl-implementation.patch deleted file mode 100644 index 854b3e74cb..0000000000 --- a/package/fastd/0003-cipher-remove-aes128-ctr-NaCl-implementation.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 4b8c4f54bbd70849fc91679bea44b4e1dfb0526d Mon Sep 17 00:00:00 2001 -From: Matthias Schiffer <mschiffer@universe-factory.net> -Date: Wed, 18 Oct 2017 20:11:30 +0200 -Subject: [PATCH] cipher: remove aes128-ctr NaCl implementation - -New versions of libsodium have dropped support for aes128-ctr. AES support -is only available with OpenSSL now. - -Signed-off-by: Baruch Siach <baruch@tkos.co.il> ---- -Patch status: upstream commit 4b8c4f54bb - - doc/source/manual/config.rst | 1 - - src/crypto/cipher/aes128_ctr/CMakeLists.txt | 1 - - src/crypto/cipher/aes128_ctr/nacl/CMakeLists.txt | 6 -- - .../aes128_ctr/nacl/cipher_aes128_ctr_nacl.c | 76 ---------------------- - 4 files changed, 84 deletions(-) - delete mode 100644 src/crypto/cipher/aes128_ctr/nacl/CMakeLists.txt - delete mode 100644 src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c - -diff --git a/doc/source/manual/config.rst b/doc/source/manual/config.rst -index 0abebeb4c245..94d7a9495ef0 100644 ---- a/doc/source/manual/config.rst -+++ b/doc/source/manual/config.rst -@@ -70,7 +70,6 @@ Example config: - * ``aes128-ctr``: AES128 in counter mode - - - ``openssl``: Use implementation from OpenSSL's libcrypto -- - ``nacl``: Use implementation from NaCl or libsodium - - * ``null``: No encryption (for authenticated-only methods using composed_gmac) - -diff --git a/src/crypto/cipher/aes128_ctr/CMakeLists.txt b/src/crypto/cipher/aes128_ctr/CMakeLists.txt -index 0588fed798e2..58e8c6b3371c 100644 ---- a/src/crypto/cipher/aes128_ctr/CMakeLists.txt -+++ b/src/crypto/cipher/aes128_ctr/CMakeLists.txt -@@ -1,3 +1,2 @@ - fastd_cipher(aes128-ctr aes128_ctr.c) - add_subdirectory(openssl) --add_subdirectory(nacl) -diff --git a/src/crypto/cipher/aes128_ctr/nacl/CMakeLists.txt b/src/crypto/cipher/aes128_ctr/nacl/CMakeLists.txt -deleted file mode 100644 -index 676aa5d48ec4..000000000000 ---- a/src/crypto/cipher/aes128_ctr/nacl/CMakeLists.txt -+++ /dev/null -@@ -1,6 +0,0 @@ --fastd_cipher_impl(aes128-ctr nacl -- cipher_aes128_ctr_nacl.c --) --fastd_cipher_impl_include_directories(aes128-ctr nacl ${NACL_INCLUDE_DIRS}) --fastd_cipher_impl_link_libraries(aes128-ctr nacl ${NACL_LIBRARIES}) --fastd_cipher_impl_require(aes128-ctr nacl NACL) -diff --git a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c -deleted file mode 100644 -index ead632640414..000000000000 ---- a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c -+++ /dev/null -@@ -1,76 +0,0 @@ --/* -- Copyright (c) 2012-2016, Matthias Schiffer <mschiffer@universe-factory.net> -- All rights reserved. -- -- Redistribution and use in source and binary forms, with or without -- modification, are permitted provided that the following conditions are met: -- -- 1. Redistributions of source code must retain the above copyright notice, -- this list of conditions and the following disclaimer. -- 2. Redistributions in binary form must reproduce the above copyright notice, -- this list of conditions and the following disclaimer in the documentation -- and/or other materials provided with the distribution. -- -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --*/ -- --/** -- \file -- -- The aes128-ctr implementation from NaCl --*/ -- -- --#include "../../../../crypto.h" --#include "../../../../alloc.h" -- --#include <crypto_stream_aes128ctr.h> -- -- --/** The cipher state */ --struct __attribute__((aligned(16))) fastd_cipher_state { -- uint8_t d[crypto_stream_aes128ctr_BEFORENMBYTES] __attribute__((aligned(16))); /**< The unpacked AES key */ --}; -- -- --/** Initializes the cipher state */ --static fastd_cipher_state_t * aes128_ctr_init(const uint8_t *key) { -- fastd_block128_t k; -- memcpy(k.b, key, sizeof(fastd_block128_t)); -- -- fastd_cipher_state_t *state = fastd_new_aligned(fastd_cipher_state_t, 16); -- crypto_stream_aes128ctr_beforenm(state->d, k.b); -- -- return state; --} -- --/** XORs data with the aes128-ctr cipher stream */ --static bool aes128_ctr_crypt(const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const uint8_t *iv) { -- crypto_stream_aes128ctr_xor_afternm(out->b, in->b, len, iv, state->d); -- return true; --} -- --/** Frees the cipher state */ --static void aes128_ctr_free(fastd_cipher_state_t *state) { -- if (state) { -- secure_memzero(state, sizeof(*state)); -- free(state); -- } --} -- -- --/** The nacl aes128-ctr implementation */ --const fastd_cipher_t fastd_cipher_aes128_ctr_nacl = { -- .init = aes128_ctr_init, -- .crypt = aes128_ctr_crypt, -- .free = aes128_ctr_free, --}; --- -2.15.0 - diff --git a/package/fastd/fastd.hash b/package/fastd/fastd.hash index accdf087eb..7232d2a181 100644 --- a/package/fastd/fastd.hash +++ b/package/fastd/fastd.hash @@ -1,5 +1,3 @@ -# from https://projects.universe-factory.net/projects/fastd/files -md5 e53236d3049f64f7955ad9556da099eb fastd-18.tar.xz # computed locally -sha256 714ff09d7bd75f79783f744f6f8c5af2fe456c8cf876feaa704c205a73e043c9 fastd-18.tar.xz +sha256 6054608e2103b634c9d19ecd1ae058d4ec694747047130719db180578729783a fastd-19.tar.xz sha256 c3095dd0adffc03eaeba9c7cd81f06962ef4797a836e49468b3dccc2802ff904 COPYRIGHT diff --git a/package/fastd/fastd.mk b/package/fastd/fastd.mk index e67acdbf18..b1261f0fa5 100644 --- a/package/fastd/fastd.mk +++ b/package/fastd/fastd.mk @@ -4,8 +4,8 @@ # ################################################################################ -FASTD_VERSION = 18 -FASTD_SITE = https://projects.universe-factory.net/attachments/download/86 +FASTD_VERSION = 19 +FASTD_SITE = https://github.com/NeoRaider/fastd/releases/download/v$(FASTD_VERSION) FASTD_SOURCE = fastd-$(FASTD_VERSION).tar.xz FASTD_LICENSE = BSD-2-Clause FASTD_LICENSE_FILES = COPYRIGHT
Maintenance release, most important is OpenSSL 1.1+ support. See full release notes for details: https://fastd.readthedocs.io/en/stable/releases/v19.html Two patches went upstream. The last remaining patch was not touched, LTO might not work as expected, but upstream dropped CMake in favour of the meson build system after v19, so it seemed not worth the effort. Signed-off-by: Alexander Dahl <post@lespocky.de> --- ...akeList-do-not-overwrite-module-path.patch | 56 ------- ...emove-aes128-ctr-NaCl-implementation.patch | 137 ------------------ package/fastd/fastd.hash | 4 +- package/fastd/fastd.mk | 4 +- 4 files changed, 3 insertions(+), 198 deletions(-) delete mode 100644 package/fastd/0002-CMakeList-do-not-overwrite-module-path.patch delete mode 100644 package/fastd/0003-cipher-remove-aes128-ctr-NaCl-implementation.patch