subtree updates
meta-arm: 1dff3300fb..0b61cc659a:
Ross Burton (1):
meta-arm/selftest: add test that PAC/BTI instructions are used
meta-openembedded: 991e6852a5..5ad7203f68:
Alexander Kanavin (1):
fio: revert "fio: upgrade 3.32 -> 2022"
BELOUARGA Mohamed (1):
monocypher: add crypto library recipe
Dylan Turner (1):
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Hongxu Jia (1):
freeradius: make sub packages to runtime depends on freeradius
Kai Kang (1):
libnma: remove conflict xml file
Khem Raj (12):
nlohmann-json: Fix SRCREV_FORMAT and do not package git metadata into ptests
ptest-packagelists-meta-oe.inc: Move poco to slow tests
sdbus-c++-libsystemd: Upgrade to 254
sdbus-c++-tools: Upgrade to 1.4.0
gstd: Fix systemd user unit packaging
basu: Update to latest master
sdbus-c++: Install ptests into PTEST_PATH
liblognorm:Add asprintf to autoconf function check macro
gnome-console,gnome-terminal: Depend on vte from core layer
Revert "gnome-terminal: Remove recommendation on vte-prompt"
vte9: Drop recipe
basu: Update the SRCREV to get lld fix
Luca Fancellu (1):
linuxptp: Update downstream patches
Markus Volk (9):
libcacard: fix version string in libcacard.pc
cups-filters: fix Makefile race condition
system-config-printer: Add packageconfig for polkit
pipewire: upgrade 0.3.85 > 1.0.0
libcacard: set meson version based on PV
spice: Set meson version based on PV
spice-gtk: Set meson version based on PV
libdecor: update 0.2.0 -> 0.2.1
xdg-desktop-portal-gnome: upgrade 45.0 -> 45.1
Naveen Saini (2):
tbb: upgrade 2021.9.0 -> 2021.11.0
tbb: enable NUMA/Hybrid CPU support
Patrick Wicki (6):
squid: update from v5.7 to v6.5
squid: add nm dispatcher reload hook
squid: add auth packageconfig
squid: move configs to sub package
squid: add url-rewrite-helpers packageconfig
squid: add systemd service
Patrick Williams (1):
glog: Disable 64bit atomics on armv{5,6}
Peter Kjellerstedt (1):
redis: Inherit pkgconfig
Ross Burton (1):
python3-validators: add new recipe
Wang Mingyu (26):
ctags: upgrade 6.0.20231119.0 -> 6.0.20231126.0
dnfdragora: upgrade 2.1.4 -> 2.1.5
gensio: upgrade 2.7.7 -> 2.8.0
frr: upgrade 9.0.1 -> 9.1
capnproto: upgrade 1.0.1 -> 1.0.1.1
libbpf: upgrade 1.2.2 -> 1.3.0
paho-mqtt-cpp: upgrade 1.2.0 -> 1.3.1
tomoyo-tools: upgrade 2.5.0 -> 2.6.1
python3-aiohttp: upgrade 3.9.0 -> 3.9.1
python3-bitstring: upgrade 4.1.2 -> 4.1.3
python3-dbus-fast: upgrade 2.14.0 -> 2.15.0
python3-humanize: upgrade 4.8.0 -> 4.9.0
python3-ipython: upgrade 8.17.2 -> 8.18.0
python3-mypy: upgrade 1.7.0 -> 1.7.1
python3-pdm: upgrade 2.10.3 -> 2.10.4
python3-pexpect: upgrade 4.8.0 -> 4.9.0
python3-pychromecast: upgrade 13.0.7 -> 13.0.8
python3-pydantic: upgrade 2.5.1 -> 2.5.2
python3-pymisp: upgrade 2.4.178 -> 2.4.179
python3-pytest-xdist: upgrade 3.4.0 -> 3.5.0
python3-sentry-sdk: upgrade 1.35.0 -> 1.37.1
python3-types-setuptools: upgrade 68.2.0.1 -> 68.2.0.2
python3-virtualenv: upgrade 20.24.6 -> 20.24.7
redis: upgrade 7.2.2 -> 7.2.3
ser2net: upgrade 4.5.1 -> 4.6.0
thingsboard-gateway: upgrade 3.4.2 -> 3.4.3.1
alperak (12):
squashfs-tools-ng: upgrade 1.1.4 -> 1.2.0
tmate: Fix finding msgpack 6+
msgpack-c: upgrade 4.0.0 -> 6.0.0
msgpack-cpp: upgrade 4.1.1 -> 6.1.0
brotli: upgrade 1.0.9 -> 1.1.0
icewm: upgrade 2.9.9 -> 3.4.4
iotop: upgrade 1.21 -> 1.25
liblognorm: upgrade 1.0.1 -> 2.0.6
libmodbus: upgrade 3.1.7 -> 3.1.10
libpwquality: upgrade 1.4.4 -> 1.4.5
libspiro: upgrade 20200505 -> 20221101
gtkwave: upgrade 3.3.111 -> 3.3.117
poky: 2696bf8cf3..028b6f6226:
Adrian Freihofer (1):
cmake-qemu.bbclass: support qemu for cmake
Alassane Yattara (9):
bitbake: toaster/tests: Update methods wait_until_~ to skip using time.sleep
bitbake: toaster/tests: Override table edit columns TestCase from image recipe page
bitbake: toaster/tests: Test software recipe page
bitbake: toaster/tests: Added Machine page TestCase
bitbake: toaster/tests: Added Layers page TestCase
bitbake: toaster/tests: Added distro page TestCase
bitbake: toaster/tests: Bug-fix on tests/functional/test_project_page
bitbake: toaster/tests: Test single layer page
bitbake: toaster/tests: Test single recipe page
Alex Kiernan (4):
rust: Delete python2 configparser code path
rust: Drop TARGET_VENDOR export
eudev: Upgrade 3.2.12 -> 3.2.14
rust: Drop targets and hosts override magic
Alexander Kanavin (15):
python3-pyproject-hooks: fix upstream version check
cmake: upgrade 3.27.5 -> 3.27.7
desktop-file-utils: upgrade 0.26 -> 0.27
erofs-utils: upgrade 1.6 -> 1.7.1
webkitgtk: update 2.40.5 -> 2.42.2
epiphany: upgrade 44.6 -> 45.1
virglrenderer: upgrade 0.10.4 -> 1.0.0
libxkbcommon: upgrade 1.5.0 -> 1.6.0
mpg123: upgrade 1.31.3 -> 1.32.3
icu: upgrade 73-2 -> 74-1
p11-kit: upgrade 0.25.0 -> 0.25.2
glib-2.0: install gio-querymodules into bindir as well as libexecdir for native
meson: update 1.2.2 -> 1.3.0
repo: update 2.37 -> 2.39
rt-tests: update 2.5 -> 2.6
Bruce Ashfield (1):
lttng-modules: fix build for v6.7+
Changhyeok Bae (1):
iptables: upgrade 1.8.9 -> 1.8.10
Charlie Johnston (2):
bitbake.conf: Add gsutil as hosttool for gcp fetcher.
bitbake: fetch2: Ensure GCP fetcher checks if file exists before download.
Jan Vermaete (1):
systemd: fixed typo
Joao Marcos Costa (1):
documentation.conf: fix do_menuconfig description
Joshua Watt (2):
bitbake: bitbake-hashclient: Add commands to get hashes
bitbake: hashserv: sqlite: Ensure sync propagates to database connections
Julien Stephan (6):
devtool: fix update-recipe dry-run mode
lib/oe/recipeutils.py: remove trailing white-spaces
devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM
devtool: tag all submodules
devtool: add support for git submodules
oeqa/selftest/devtool: add test for git submodules
Justin Bronder (1):
contributor-guide: add License-Update tag
Kareem Zarka (2):
wic: bootimg-efi: Make kernel image installation configurable
oeqa/selftest/wic: Add tests for kernel image installation
Khem Raj (8):
shared-mime-info: Fix build with clang-17+
libsoup-2.4: Fix build with clang-17 and libxml2-2.12
busybox: Enable utmp support on musl systems
virglrenderer: Fix build with clang
llvm: Upgrade to 17.0.6
rust-common.bbclass: Define rust arch for x32 platforms
vte: Upgrade to 0.74.1
vte: Separate out gtk4 pieces of vte into individual packages
Lee Chee Yang (3):
wic: add test for partition hidden attributes
migration-guides: add release notes for 4.3.1
openssl: upgrade to 3.2.0
Malte Schmidt (1):
wic: rawcopy: add support for zstd decompression
Marco Felsch (1):
json-c: fix icecc compilation
Markus Volk (3):
bluez5: fix connection for ps5/dualshock controllers
cups: Add root,sys,wheel to system groups
vte: upgrade 0.72.2 -> 0.74.0
Martin Hundeb?ll (1):
libpam: split /etc/environment into pam-plugin-env package
Matsunaga-Shinji (1):
cve-check: Modify judgment processing using "=" in version comparison
Michael Opdenacker (4):
systemd-compat-units.bb: fix postinstall script
dev-manual: layers: update link to YP Compatible form
contributor-guide: fix command option
migration-guides: release 3.5 is actually 4.0
Niko Mauno (1):
rust-llvm: Allow overriding LLVM target archs
Patrick Williams (1):
shared-mime-info-native: handle old GCC for AlmaLinux8
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Richard Haar (1):
bitbake: bitbake: tests: Fix duplicate test_underscore_override test
Richard Purdie (2):
bitbake: ui/ncurses: Add missing function call to avoid traceback
bitbake: cooker: Avoid eventlog variable listing lockups
Robert Yang (2):
gnu-config: Update to latest revision
gettext: Upgrade 0.22 -> 0.22.3
Ross Burton (3):
core-image-minimal-initramfs: don't install a kernel into the initramfs
autoconf: upgrade to 2.72d
Revert "cve-check: Modify judgment processing using "=" in version comparison"
Sundeep KOKKONDA (3):
rust: Split rustdoc into a separate package
glibc: stable 2.38 branch updates
binutils: stable 2.41 branch updates
Tim Orling (8):
python3-sphinxcontrib-applehelp: 1.0.4 -> 1.0.7
python3-sphinxcontrib-devhelp: 1.0.2 -> 1.0.5
python3-sphinxcontrib-htmlhelp: 2.0.1 -> 2.0.4
python3-sphinxcontrib-qthelp: 1.0.3 -> 1.0.6
python3-sphinxcontrib-serializinghtml: 1.1.5 -> 1.1.9
vim: upgrade 9.0.2068 -> 9.0.2130
python3-cryptography-vectors: add RECIPE_NO_UPDATE_REASON
python3-cryptography{-vectors}: 41.0.5 -> 41.0.7
Trevor Gamblin (2):
python3-ptest: skip test_storlines
patchtest: shorten patch signed-off-by test output
Viswanath Kraleti (1):
systemd-boot: Fix build issues on armv7a-linux
Wang Mingyu (27):
bind: upgrade 9.18.19 -> 9.18.20
diffoscope: upgrade 251 -> 252
ell: upgrade 0.59 -> 0.60
git: upgrade 2.42.1 -> 2.43.0
gnutls: upgrade 3.8.1 -> 3.8.2
libdrm: upgrade 2.4.117 -> 2.4.118
libgcrypt: upgrade 1.10.2 -> 1.10.3
libksba: upgrade 1.6.4 -> 1.6.5
libxslt: upgrade 1.1.38 -> 1.1.39
log4cplus: upgrade 2.1.0 -> 2.1.1
python3-certifi: upgrade 2023.7.22 -> 2023.11.17
python3-setuptools: upgrade 68.2.2 -> 69.0.2
python3-wcwidth: upgrade 0.2.9 -> 0.2.11
python3-hypothesis: upgrade 6.89.0 -> 6.90.0
python3-pyasn1: upgrade 0.5.0 -> 0.5.1
python3-scons: upgrade 4.5.2 -> 4.6.0
python3-urllib3: upgrade 2.0.7 -> 2.1.0
ethtool: upgrade 6.5 -> 6.6
gi-docgen: upgrade 2023.1 -> 2023.3
init-system-helpers: upgrade 1.65.2 -> 1.66
libsolv: upgrade 0.7.26 -> 0.7.27
python3-idna: upgrade 3.4 -> 3.6
ofono: upgrade 2.1 -> 2.2
python3-sphinx-rtd-theme: upgrade 1.3.0 -> 2.0.0
python3-trove-classifiers: upgrade 2023.11.14 -> 2023.11.22
python3-wheel: upgrade 0.41.3 -> 0.42.0
resolvconf: upgrade 1.91 -> 1.92
Xiangyu Chen (2):
shadow: Fix for CVE-2023-4641
bash: changes to SIGINT handler while waiting for a child
Zahir Hussain (1):
cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
meta-raspberrypi: 8231f97534..fde68b24f0:
Lorenzo Arena (1):
docs: fix syntax for overriding fs type for initramfs image
Change-Id: Idc6f6b1e913442bae03dfec9f207924c56f31056
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
new file mode 100644
index 0000000..ab0562b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -0,0 +1,260 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+ "
+
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[sha256sum] = "14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e"
+
+inherit lib_package multilib_header multilib_script ptest perlnative manpages
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG:class-native = ""
+PACKAGECONFIG:class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+PACKAGECONFIG[no-tls1] = "no-tls1"
+PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+PACKAGECONFIG[manpages] = ""
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF:append:libc-musl = " no-async"
+EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+# This allows disabling deprecated or undesirable crypto algorithms.
+# The default is to trust upstream choices.
+DEPRECATED_CRYPTO_FLAGS ?= ""
+
+do_configure () {
+ # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
+ # the issue really clear that perl isn't functional due to symbol mismatch issues.
+ cat <<- EOF > ${WORKDIR}/perltest
+ #!/usr/bin/env perl
+ use POSIX;
+ EOF
+ chmod a+x ${WORKDIR}/perltest
+ ${WORKDIR}/perltest
+
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arc | linux-microblaze*)
+ target=linux-latomic
+ ;;
+ linux-arm*)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-i?86 | linux-viac3)
+ target=linux-x86
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips | linux-mipsel)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-powerpc64le)
+ target=linux-ppc64le
+ ;;
+ linux-riscv32)
+ target=linux32-riscv32
+ ;;
+ linux-riscv64)
+ target=linux64-riscv64
+ ;;
+ linux-sparc | linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ mingw32-x86_64)
+ target=mingw64
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
+ test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)}
+
+ oe_multilib_header openssl/opensslconf.h
+ oe_multilib_header openssl/configuration.h
+
+ # Create SSL structure for packages such as ca-certificates which
+ # contain hard-coded paths to /etc/ssl. Debian does the same.
+ install -d ${D}${sysconfdir}/ssl
+ mv ${D}${libdir}/ssl-3/certs \
+ ${D}${libdir}/ssl-3/private \
+ ${D}${libdir}/ssl-3/openssl.cnf \
+ ${D}${sysconfdir}/ssl/
+
+ # Although absolute symlinks would be OK for the target, they become
+ # invalid if native or nativesdk are relocated from sstate.
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
+}
+
+do_install:append:class-native () {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-3/certs \
+ SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-3 \
+ OPENSSL_MODULES=${libdir}/ossl-modules
+}
+
+do_install:append:class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+ install -d ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
+
+ # Prune the build tree
+ rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+ cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
+ cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+ # For test_shlibload
+ ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+ install -d ${D}${PTEST_PATH}/apps
+ ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+ install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+ install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+
+ install -d ${D}${PTEST_PATH}/providers
+ install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
+
+ install -d ${D}${PTEST_PATH}/Configurations
+ cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
+
+ # seems to be needed with perl 5.32.1
+ install -d ${D}${PTEST_PATH}/util/perl/recipes
+ cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
+
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy"
+
+FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES:libssl = "${libdir}/libssl${SOLIBS}"
+FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+ ${libdir}/ssl-3/openssl.cnf* \
+ "
+FILES:${PN}-engines = "${libdir}/engines-3"
+# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
+FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
+FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
+FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
+FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
+RDEPENDS:${PN}-misc = "perl"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
+
+RDEPENDS:${PN}-bin += "openssl-conf"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+CVE_VERSION_SUFFIX = "alphabetical"
+
+# Apache in meta-webserver is already recent enough
+CVE_STATUS[CVE-2019-0190] = "not-applicable-config: Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37"