From patchwork Thu Apr 10 08:09:47 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: christian.braunersorensen@prevas.dk
X-Patchwork-Id: 338011
X-Patchwork-Delegate: esben@haabendal.dk
Return-Path: <dev-bounces@oe-lite.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hugin.dotsrc.org (hugin.dotsrc.org [130.225.254.102])
	by ozlabs.org (Postfix) with ESMTP id 07AA61400D7
	for <incoming@patchwork.ozlabs.org>;
	Thu, 10 Apr 2014 18:18:51 +1000 (EST)
Received: from hugin.dotsrc.org (localhost [127.0.0.1])
	by hugin.dotsrc.org (Postfix) with ESMTP id 5C8013FEF5
	for <incoming@patchwork.ozlabs.org>;
	Thu, 10 Apr 2014 10:10:09 +0200 (CEST)
X-Original-To: dev@oe-lite.org
Delivered-To: dev@oe-lite.org
Received: from mail01.prevas.se (mail01.prevas.se [62.95.78.3])
	by hugin.dotsrc.org (Postfix) with ESMTPS id F181B3FFC1
	for <dev@oe-lite.org>; Thu, 10 Apr 2014 10:09:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=prevas.dk; i=@prevas.dk; l=11011; q=dns/txt;
	s=ironport1; t=1397117395; x=1428653395;
	h=from:to:subject:date:message-id:in-reply-to:references:
	mime-version:content-transfer-encoding;
	bh=NtDdGcvZ68dLmNpksKMYDb3qpcpOxRRR/E2PFhemeM4=;
	b=sSjyLHPgj7ao5HyOoKQjNJWIKWLcK4pnHKI5qsrLZ2FX404PizbabRNN
	p07RIIGDAjQMR1Z1D33tkl+wFsHuBwGWVu7c4ZUb137JhVk53u3qx2tXI
	5u0udj6L6mgGSZDVDwmsqBwKI6ZtrehljOzEtVydbZUvVAFp5CJpbzi7/ Y=;
X-IronPort-AV: E=Sophos;i="4.97,833,1389740400"; d="scan'208";a="4590602"
Received: from vmprevas3.prevas.se (HELO smtp.prevas.se) ([172.16.8.103])
	by ironport1.prevas.se with ESMTP/TLS/AES128-SHA;
	10 Apr 2014 10:09:52 +0200
Received: from localhost (172.16.10.102) by smtp.prevas.se (172.16.8.105)
	with
	Microsoft SMTP Server id 14.2.347.0; Thu, 10 Apr 2014 10:09:51 +0200
Received: by localhost (Postfix, from userid 30007)	id 083C6681580; Thu, 10
	Apr 2014 08:09:52 +0000 (UTC)
From: <christian.braunersorensen@prevas.dk>
To: <dev@oe-lite.org>
Subject: [PATCH 27/28] openssl: Add version 1.0.1g (Post heartbleed
	vulnerability)
Date: Thu, 10 Apr 2014 08:09:47 +0000
Message-ID: 
 <e29701bed37f6ac495a226b3a5881530bc0fc38c.1397117164.git.christian.braunersorensen@prevas.dk>
X-Mailer: git-send-email 1.8.4
In-Reply-To: <cover.1397117164.git.christian.braunersorensen@prevas.dk>
References: <cover.1397117164.git.christian.braunersorensen@prevas.dk>
MIME-Version: 1.0
X-BeenThere: dev@oe-lite.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: OE-lite development <dev.oe-lite.org>
List-Unsubscribe: <http://lists.oe-lite.org/mailman/options/dev>,
	<mailto:dev-request@oe-lite.org?subject=unsubscribe>
List-Archive: <http://lists.oe-lite.org/pipermail/dev>
List-Post: <mailto:dev@oe-lite.org>
List-Help: <mailto:dev-request@oe-lite.org?subject=help>
List-Subscribe: <http://lists.oe-lite.org/mailman/listinfo/dev>,
	<mailto:dev-request@oe-lite.org?subject=subscribe>
Sender: dev-bounces@oe-lite.org
Errors-To: dev-bounces@oe-lite.org

From: Christian Sørensen <christian.braunersorensen@prevas.dk>

Signed-off-by: Christian Sørensen <christian.braunersorensen@prevas.dk>
---
 .../engines-install-in-libdir-ssl.patch            | 53 ++++++++++++++++++++++
 recipes/openssl/openssl-1.0.1g/mingw.patch         | 12 +++++
 .../openssl/openssl-1.0.1g/no-librpath-rpath.patch | 12 +++++
 recipes/openssl/openssl-1.0.1g/oe-ldflags.patch    | 24 ++++++++++
 recipes/openssl/openssl-1.0.1g/shared-libs.patch   | 41 +++++++++++++++++
 recipes/openssl/openssl-1.0.1g/wincrypt.patch      | 12 +++++
 recipes/openssl/openssl_1.0.1g.oe                  | 16 +++++++
 recipes/openssl/openssl_1.0.1g.oe.sig              |  1 +
 8 files changed, 171 insertions(+)
 create mode 100644 recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/mingw.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/oe-ldflags.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/shared-libs.patch
 create mode 100644 recipes/openssl/openssl-1.0.1g/wincrypt.patch
 create mode 100644 recipes/openssl/openssl_1.0.1g.oe
 create mode 100644 recipes/openssl/openssl_1.0.1g.oe.sig

diff --git a/recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch b/recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch
new file mode 100644
index 0000000..949d6ad
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,53 @@
+Index: openssl-1.0.0/engines/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/Makefile
++++ openssl-1.0.0/engines/Makefile
+@@ -107,7 +107,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+-		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
+ 		for l in $(LIBNAMES); do \
+ 			( echo installing $$l; \
+ 			  pfx=lib; \
+@@ -119,13 +119,13 @@
+ 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
+ 				*)		sfx=".bad";;	\
+ 				esac; \
+-				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ 			  else \
+ 				sfx=".so"; \
+-				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ 			  fi; \
+-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+-			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
++			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+ 	@target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.0/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/ccgost/Makefile
++++ openssl-1.0.0/engines/ccgost/Makefile
+@@ -53,13 +53,13 @@
+ 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ 			*) sfx=".bad";; \
+ 			esac; \
+-			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ 		else \
+ 			sfx=".so"; \
+-			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ 		fi; \
+-		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+-		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
+ 	fi
+ 
+ links:
diff --git a/recipes/openssl/openssl-1.0.1g/mingw.patch b/recipes/openssl/openssl-1.0.1g/mingw.patch
new file mode 100644
index 0000000..2b106c3
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/mingw.patch
@@ -0,0 +1,12 @@
+diff -urN openssl-1.0.0e/Makefile.shared openssl-1.0.0enew//Makefile.shared
+--- openssl-1.0.0e/Makefile.shared	2010-08-21 13:36:49.000000000 +0200
++++ openssl-1.0.0enew//Makefile.shared	2012-04-10 15:43:18.384797024 +0200
+@@ -293,7 +293,7 @@
+ 	fi; \
+ 	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+ 	$(PERL) util/mkrc.pl $$dll_name | \
+-		$(CROSS_COMPILE)windres -o rc.o; \
++		$(WINDRES) -o rc.o; \
+ 	extras="$$extras rc.o"; \
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
diff --git a/recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch b/recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch
new file mode 100644
index 0000000..8f22a8f
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/no-librpath-rpath.patch
@@ -0,0 +1,12 @@
+diff -urN openssl-1.0.1e~orig/Makefile.shared openssl-1.0.1e/Makefile.shared
+--- openssl-1.0.1e~orig/Makefile.shared	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/Makefile.shared	2013-05-23 13:19:23.825040054 +0200
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/recipes/openssl/openssl-1.0.1g/oe-ldflags.patch b/recipes/openssl/openssl-1.0.1g/oe-ldflags.patch
new file mode 100644
index 0000000..292e13d
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/oe-ldflags.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Inappropriate [open-embedded]
+
+Index: openssl-1.0.0/Makefile.shared
+===================================================================
+--- openssl-1.0.0.orig/Makefile.shared
++++ openssl-1.0.0/Makefile.shared
+@@ -92,7 +92,7 @@
+ LINK_APP=	\
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+-    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
++    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -102,7 +102,7 @@
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+-    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
++    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/recipes/openssl/openssl-1.0.1g/shared-libs.patch b/recipes/openssl/openssl-1.0.1g/shared-libs.patch
new file mode 100644
index 0000000..a7ca0a3
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/shared-libs.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
++++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB):	$(LIBOBJ)
+ 
+ shared: buildinf.h lib subdirs
+ 	if [ -n "$(SHARED_LIBS)" ]; then \
+-		(cd ..; $(MAKE) $(SHARED_LIB)); \
++		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ 	fi
+ 
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
++++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+ 
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
++		$(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+ 	else \
+ 		echo "There's no support for shared libraries on this platform" >&2; \
+ 		exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
++++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib:	$(LIBOBJ)
+ 
+ shared: lib
+ 	if [ -n "$(SHARED_LIBS)" ]; then \
+-		(cd ..; $(MAKE) $(SHARED_LIB)); \
++		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ 	fi
+ 
+ files:
diff --git a/recipes/openssl/openssl-1.0.1g/wincrypt.patch b/recipes/openssl/openssl-1.0.1g/wincrypt.patch
new file mode 100644
index 0000000..691f846
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.1g/wincrypt.patch
@@ -0,0 +1,12 @@
+diff openssl-1.0.1e/crypto/ossl_typ.h~orig openssl-1.0.1e/crypto/ossl_typ.h
+index ea9227f..8e1b3cf 100644
+--- openssl-1.0.1e/crypto/ossl_typ.h~orig
++++ openssl-1.0.1e/crypto/ossl_typ.h
+@@ -100,6 +100,7 @@ typedef struct ASN1_ITEM_st ASN1_ITEM;
+ typedef struct asn1_pctx_st ASN1_PCTX;
+ 
+ #ifdef OPENSSL_SYS_WIN32
++#include <windows.h>
+ #undef X509_NAME
+ #undef X509_EXTENSIONS
+ #undef X509_CERT_PAIR
diff --git a/recipes/openssl/openssl_1.0.1g.oe b/recipes/openssl/openssl_1.0.1g.oe
new file mode 100644
index 0000000..0f2c2b9
--- /dev/null
+++ b/recipes/openssl/openssl_1.0.1g.oe
@@ -0,0 +1,16 @@
+require openssl.inc
+
+SRC_URI += "file://engines-install-in-libdir-ssl.patch"
+SRC_URI += "file://mingw.patch"
+
+# Parallel make is simply broken for now.
+PARALLEL_MAKE = ""
+
+# Fixup to get openssl to respect ${LDFLAGS}.  From OpenEmbedded, thanks :-)
+SRC_URI += "file://oe-ldflags.patch file://shared-libs.patch"
+export OE_LDFLAGS="${LDFLAGS}"
+SRC_URI += "file://no-librpath-rpath.patch"
+
+SRC_URI += "file://wincrypt.patch"
+
+LIBRARY_VERSION = "1"
diff --git a/recipes/openssl/openssl_1.0.1g.oe.sig b/recipes/openssl/openssl_1.0.1g.oe.sig
new file mode 100644
index 0000000..f6e8990
--- /dev/null
+++ b/recipes/openssl/openssl_1.0.1g.oe.sig
@@ -0,0 +1 @@
+b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c  openssl-1.0.1g.tar.gz