poky: subtree update:745e38ff0f..81f9e815d3
Adrian Bunk (6):
openssl: Upgrade 1.1.1c -> 1.1.1d
glib-2.0: Upgrade 2.60.6 -> 2.60.7
lttng-modules: Upgrade 2.10.10 -> 2.10.11
lttng-ust: Upgrade 2.10.4 -> 2.10.5
squashfs-tools: Remove UPSTREAM_CHECK_COMMITS
libmpc: Remove dead UPSTREAM_CHECK_URI
Alexander Kanavin (2):
runqemu: decouple gtk and gl options
strace: add a timeout for running ptests
Alistair Francis (1):
gdb: Mark gdbserver as ALLOW_EMPTY for riscv32
Andre McCurdy (9):
busybox: drop unused mount.busybox and umount.busybox wrappers
busybox: drop inittab from SRC_URI ( now moved to busybox-inittab )
busybox-inittab: minor formatting tweaks
base-files: drop legacy empty file /etc/default/usbd
busybox: rcS and rcK should not be writeable by everyone
ffmpeg: add PACKAGECONFIG controls for alsa and zlib (enable by default)
libwebp: apply ARM specific config options to big endian ARM
initscripts: enable alignment.sh init script for big endian ARM
libunwind: apply configure over-ride to both big and little endian ARM
Andrew F. Davis (4):
libepoxy: Disable x11 when not building for x11
cogl: Set depends to the virtual needed not explicitly on Mesa
gtk+3: Set depends to the virtual needed not explicitly on Mesa
weston: Set depends to the virtual needed not explicitly on Mesa
Armin Kuster (1):
gcc: Security fix for CVE-2019-15847
Changhyeok Bae (1):
iw: upgrade to 5.3
Changqing Li (2):
classextend.py: don't extend file for file dependency
report-error.bbclass: add local.conf/auto.conf into error report
Chen Qi (1):
python-numpy: fix build for libn32
Daniel Gomez (1):
lttng-modules: Add missing SRCREV_FORMAT
Diego Rondini (1):
initramfs-framework: support PARTLABEL option
Dmitry Eremin-Solenikov (7):
image-uefi.conf: add config file holding configuration for UEFI images
grub-bootconf: switch to image-uefi.conf
grub-efi: switch to image-uefi.conf
grub-efi.bbclass: switch to image-uefi.conf
systemd-boot: switch to image-uefi.conf
systemd-boot.bbclass: switch to image-uefi.conf
live-vm-common.bbclass: provide efi population functions for live images
Hector Palacios (1):
udev-extraconf: skip mounting partitions already mounted by systemd
Henning Schild (6):
oe-git-proxy: allow setting SOCAT from outside
oeqa: add case for oe-git-proxy
Revert "oe-git-proxy: Avoid resolving NO_PROXY against local files"
oe-git-proxy: disable shell pathname expansion for the whole script
oe-git-proxy: NO_PROXY suffix matching without wildcard for match_host
oe-git-proxy: fix dash "Bad substitution"
Hongxu Jia (1):
elfutils: 0.176 -> 0.177
Jack Mitchell (1):
iptables: add systemd helper unit to load/restore rules
Jaewon Lee (1):
populate_sdk_ext: Introduce mechanism to keep nativesdk* sstate in esdk
Jason Wessel (1):
gnupg: Extend -native wrapper to fix gpgme-native's gpgconf problems
Jiang Lu (2):
glib-networking:enable glib-networking build as native package
libsoup:enable libsoup build as native package
Joshua Watt (4):
sstatesig: Update server URI
Remove SSTATE_HASHEQUIV_SERVER
bitbake: bitbake: Rework hash equivalence
classes/archiver: Fix WORKDIR for shared source
Kai Kang (1):
systemd: provides ${base_sbindir}/udevadm
Khem Raj (10):
ptrace: Drop ptrace aid for musl/ppc
elfutils: Fix build on ppc/musl
cogl: Do not depend PN-dev on empty PN
musl: Update to latest master
glibc: Move DISTRO_FEATURE specific do_install code for target recipe only
populate_sdk_base.bbclass: nativesdk-glibc-locale is required on musl too
nativesdk.bbclass: Clear out LIBCEXTENSION and ABIEXTENSION
openssl: Enable os option for with-rand-seed as well
weston-init: Add possibility to run weston as non-root user
layer.conf: Remove weston-conf from SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS
Li Zhou (1):
qemu: Security Advisory - qemu - CVE-2019-15890
Limeng (1):
tune-cortexa57-cortexa53: add tunes for ARM Cortex-A53-Cortex-A57
Martin Jansa (2):
perf: fix build on kernels which don't have ${S}/tools/include/linux/bits.h
bitbake: Revert "bitbake: cooker: Ensure bbappends are found in stable order"
Maxime Roussin-BĂ©langer (1):
meta: add missing descriptions and homepage in bsp
Mikko Rapeli (2):
busybox.inc: handle empty DEBUG_PREFIX_MAP
bitbake: svn fetcher: allow "svn propget svn:externals" to fail
Nathan Rossi (7):
resulttool: Handle multiple series containing ptestresults
gcc-cross.inc: Process binaries in build dir to be relocatable
oeqa/core/case.py: Add OEPTestResultTestCase for ptestresult helpers
oeqa/selftest: Rework toolchain tests to use OEPTestResultTestCase
glibc-testsuite: SkipRecipe if libc is not glibc
cmake: 3.15.2 -> 3.15.3
meson.bbclass: Handle microblaze* mapping to cpu family
Oleksandr Kravchuk (5):
python3-pygobject: update to 3.34.0
font-util: update to 1.3.2
expat: update to 2.2.8
curl: update to 7.66.0
python3-dbus: update to 1.2.12
Otavio Salvador (1):
mesa: Upgrade 19.1.1 -> 19.1.6
Peter Kjellerstedt (3):
glibc: Make it build without ldconfig in DISTRO_FEATURES
package_rpm.bbclass: Remove a misleading bb.note()
tzdata: Correct the packaging of /etc/localtime and /etc/timezone
Quentin Schulz (1):
externalsrc: stop rebuilds of 2+ externalsrc recipes sharing the same git repo
Randy MacLeod (4):
valgrind: enable ~500 more ptests
valgrind: make a few more ptests pass
valgrind: ptest improvements to run-ptest and more
valgrind: disable 256 ptests for aarch64
Richard Purdie (8):
bitbake: runqueue/siggen: Optimise hash equiv queries
runqemu: Mention snapshot in the help output
initramfs-framework: support PARTLABEL option
systemd: Handle slow to boot mips hwdb update timeouts
meta-extsdk: Either an sstate task is a proper task or it isn't
oeqa/concurrenttest: Use ionice to delete build directories
bitbake: utils: Add ionice option to prunedir
build-appliance-image: Update to master head revision
Robert Yang (2):
conf/multilib.conf: Add ovmf to NON_MULTILIB_RECIPES
bitbake: runqueue: validate_hashes(): currentcount should be a number
Ross Burton (16):
libtasn1: fix build with api-documentation enabled
gstreamer1.0-libav: enable gtk-doc again
python3: handle STAGING_LIBDIR/INCDIR being unset
mesa: no need to depend on target python3
adwaita-icon-theme: fix rare install race
oeqa/selftest/wic: improve assert messages in test_fixed_size
oeqa/selftest/imagefeatures: dump the JSON if it can't be parsed
libical: upgrade to 3.0.6
acpica: upgrade 20190509 -> 20190816
gdk-pixbuf: upgrade 2.38.1 -> 2.38.2
piglit: upgrade to latest revision
libinput: upgrade 1.14.0 -> 1.14.1
rootfs-postcommands: check /etc/gconf exists before working on it
systemd-systemctl-native: don't care about line endings
opkg-utils: respect SOURCE_DATE_EPOCH when building ipkgs
bitbake: fetch2/git: add git-lfs toggle option
Scott Murray (1):
systemd: upgrade to 243
Stefan Ghinea (1):
ghostscript: CVE-2019-14811, CVE-2019-14817
Tim Blechmann (1):
icecc: blacklist pixman
Yeoh Ee Peng (3):
bitbake: bitbake-layers: show-recipes: Show recipes only
bitbake: bitbake-layers: show-recipes: Select recipes from selected layer
bitbake: bitbake-layers: show-recipes: Enable bare output
Yi Zhao (3):
screen: add /etc/screenrc as global config file
nfs-utils: fix nfs mount error on 32bit nfs server
grub: remove diffutils and freetype runtime dependencies
Zang Ruochen (2):
btrfs-tools:upgrade 5.2.1 -> 5.2.2
timezone:upgrade 2019b -> 2019c
Change-Id: I1ec24480a8964e474cd99d60a0cb0975e49b46b8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
new file mode 100644
index 0000000..072f727
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -0,0 +1,204 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl" here actually means both OpenSSL and SSLeay licenses apply
+# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+
+DEPENDS = "hostperl-runtime-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://0001-skip-test_symbol_presence.patch \
+ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://afalg.patch \
+ "
+
+SRC_URI_append_class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
+SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
+
+inherit lib_package multilib_header multilib_script ptest
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_append_libc-musl = " no-async"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+do_configure () {
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arm*)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-i?86 | linux-viac3)
+ target=linux-x86
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips | linux-mipsel)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-sparc | linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+ oe_multilib_header openssl/opensslconf.h
+
+ # Create SSL structure for packages such as ca-certificates which
+ # contain hard-coded paths to /etc/ssl. Debian does the same.
+ install -d ${D}${sysconfdir}/ssl
+ mv ${D}${libdir}/ssl-1.1/certs \
+ ${D}${libdir}/ssl-1.1/private \
+ ${D}${libdir}/ssl-1.1/openssl.cnf \
+ ${D}${sysconfdir}/ssl/
+
+ # Although absolute symlinks would be OK for the target, they become
+ # invalid if native or nativesdk are relocated from sstate.
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+}
+
+do_install_append_class-native () {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
+ SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
+ OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+}
+
+do_install_append_class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+ # Prune the build tree
+ rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+ cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+ cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+ # For test_shlibload
+ ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+ install -d ${D}${PTEST_PATH}/apps
+ ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+ install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+ install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"