reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch
new file mode 100644
index 0000000..d5610bb
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch
@@ -0,0 +1,71 @@
+From 4c684542816a08b95444b8e2515f24d084e6e3c3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 4 Sep 2018 22:05:17 -0700
+Subject: [PATCH] Support OpenSSL 1.1
+
+When building with OpenSSL 1.1 and newer, use the new built-in
+ hostname verification instead of code that doesn't compile due to
+ structs having been made opaque.
+Bug-Debian: https://bugs.debian.org/828589
+
+Upstream-Status: Unknown
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/osdep/unix/ssl_unix.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
+index 3bfdff3..dec9467 100644
+--- a/src/osdep/unix/ssl_unix.c
++++ b/src/osdep/unix/ssl_unix.c
+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+ /* disable certificate validation? */
+ if (flags & NET_NOVALIDATECERT)
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
+- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
++ else {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++ X509_VERIFY_PARAM_set1_host(param, host, 0);
++#endif
++
++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ /* set default paths to CAs... */
++ }
+ SSL_CTX_set_default_verify_paths (stream->context);
+ /* ...unless a non-standard path desired */
+ if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+ if (SSL_write (stream->con,"",0) < 0)
+ return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ /* need to validate host names? */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if (!(flags & NET_NOVALIDATECERT) &&
+ (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+ host))) {
+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
+ return ssl_last_error = cpystr (tmp);
+ }
++#endif
+ return NIL;
+ }
+ �
+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
+ * Returns: NIL if validated, else string of error message
+ */
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static char *ssl_validate_cert (X509 *cert,char *host)
+ {
+ int i,n;
+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *cert,char *host)
+ else ret = "Unable to locate common name in certificate";
+ return ret;
+ }
++#endif
+ �
+ /* Case-independent wildcard pattern match
+ * Accepts: base string
diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index 91003f6..0000f05 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -4,12 +4,13 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a6a4ddbb7cd2999f6827ee143f6fcd97"
-DEPENDS = "openssl"
+DEPENDS = "openssl virtual/crypt"
SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
file://quote_cctype.patch \
file://imap-2007e-shared.patch \
file://imap-2007f-format-security.patch \
+ file://0001-Support-OpenSSL-1.1.patch \
"
SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"