poky: refresh thud: b904775c2b..7c76c5d78b
Update poky to thud HEAD.
Adam Trhon (1):
icecc-env: don't raise error when icecc not installed
Alexander Kanavin (1):
openssl10: update to 1.0.2q
Armin Kuster (1):
perl: add testdepends for ssh
Bruce Ashfield (2):
linux-yocto/4.18: update to v4.18.26
linux-yocto/4.18: update to v4.18.27
Changqing Li (1):
checklayer: generate locked-sigs.inc under builddir
Dan Dedrick (2):
devtool: remove duplicate overrides
devtool: improve git repo checks before check_commits logic
Daniel Ammann (1):
ref-manual: Typo found and fixed.
Douglas Royds (2):
openssl ptest: Strip build host paths from configdata.pm
openssl: Strip perl version from installed ptest configdata.pm file
Dustin Bain (1):
busybox: update to 1.29.3
Jan Kiszka (1):
oe-git-proxy: Avoid resolving NO_PROXY against local files
Jens Rehsack (1):
avahi: avoid depending on skipped package
Jonas Bonn (1):
keymaps: tighten package write dependency
Kai Kang (1):
selftest/wic: update test case test_qemu
Khem Raj (3):
openssl10: Fix mutliple include assumptions for bn.h in opensslconf.h
send-error-report: Use https instead of http protocol
multilib_header_wrapper.h: Use #pragma once
Leonardo Augusto (1):
scripts/lib/wic/engine: Fix cp's target path for ext* filesystems
Liu Haitao (1):
iw: fix parsing of WEP keys
Mingli Yu (1):
logrotate.py: restore /etc/logrotate.d/wtmp
Otavio Salvador (1):
linux-firmware: Bump to 710963f revision
Ovidiu Panait (1):
ghostscript: Fix CVE-2019-6116
Peter Kjellerstedt (1):
libaio: Extend to native
Richard Purdie (23):
package: Add pkg_postinst_ontarget to PACKAGEVARS
oeqa/runtime/ptest: Avoid traceback for tests with no section
oeqa/utils/logparser: Simplify ptest log parsing code
oeqa/logparser: Further simplification/clarification
oeqa/logparser: Reform the ptest results parser
oeqa/utils/logparser: Add in support for duration, exitcode and logs by section
oeqa/logparser: Improve results handling
oeqa/logparser: Various misc cleanups
oeqa/runtime/ptest: Ensure OOM errors are logged
scripts/contrib/build-perf-test-wrapper.sh: Improve interaction with autobuilder automation
scripts/contrib/build-perf-test.sh: Remove it
oe-build-perf-report: Allow branch without hostname
oe-build-perf-report: Allow commits from different branches
oe-build-perf-report: Improve branch comparision handling
oe-build-perf-report: Fix missing buildstats comparisions
wic/engine: Fix missing parted autobuilder failures
lib/buildstats: Improve error message
scripts/oe-git-archive: Separate out functionality to library function
oe-build-perf-report/gitarchive: Move common useful functions to library
bitbake: runqueue: Fix dependency loop analysis 'hangs'
bitbake: runqueue: Filter out multiconfig dependencies from BB_TASKDEPDATA
bitbake: siggen: Fix multiconfig corner case
bitbake: cooker: Tweak multiconfig dependency resolution
Robert Yang (5):
bluez5: Fix a race issue for tools
yocto-check-layer-wrapper: Fix path for oe-init-build-env
checklayer: Avoid adding the layer if it is already present
runqemu: Let qemuparams override default settings
runqemu: Make QB_MEM easier to set
Ross Burton (3):
e2fsprogs: fix file system generation with large files
linux-firmware: recommend split up packages
linux-firmware: split out liquidio firmware
Scott Rifenbark (2):
poky.ent: Updated "meta-intel" version to "10.1"
overview-manual, mega-manual: Updated Package Feeds diagram
Serhey Popovych (1):
openssl: Skip assembler optimized code for powerpc64 with musl
William Bourque (1):
wic/engine.py: Load paths from PATH environment variable
Xulin Sun (1):
openssl: fix multilib file install conflicts
Zheng Ruoqin (1):
mdadm: add init and service scripts
Change-Id: Ib14c2fb69d25d84aa3d4bf0a6715bba57d1eb900
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
new file mode 100644
index 0000000..355dbdc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
@@ -0,0 +1,362 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
+
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://configure-targets.patch \
+ file://shared-libs.patch \
+ file://oe-ldflags.patch \
+ file://engines-install-in-libdir-ssl.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
+ file://debian/man-dir.patch \
+ file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
+ file://debian/no-symbolic.patch \
+ file://debian/pic.patch \
+ file://debian1.0.2/version-script.patch \
+ file://debian1.0.2/soname.patch \
+ file://openssl_fix_for_x32.patch \
+ file://openssl-fix-des.pod-error.patch \
+ file://Makefiles-ptest.patch \
+ file://ptest-deps.patch \
+ file://ptest_makefile_deps.patch \
+ file://configure-musl-target.patch \
+ file://parallel.patch \
+ file://Use-SHA256-not-MD5-as-default-digest.patch \
+ file://0001-Fix-build-with-clang-using-external-assembler.patch \
+ file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+ file://0001-allow-manpages-to-be-disabled.patch \
+ file://0001-Fix-BN_LLONG-breakage.patch \
+ "
+
+SRC_URI_append_class-target = " \
+ file://reproducible-cflags.patch \
+ file://reproducible-mkbuildinf.patch \
+ "
+
+SRC_URI_append_class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
+SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
+
+S = "${WORKDIR}/openssl-${PV}"
+
+UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
+
+inherit pkgconfig siteinfo multilib_header ptest manpages
+
+PACKAGECONFIG ?= "cryptodev-linux"
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
+PACKAGECONFIG[manpages] = ",,,"
+PACKAGECONFIG[perl] = ",,,"
+
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = "no-ssl3"
+
+EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
+
+export OE_LDFLAGS = "${LDFLAGS}"
+
+# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
+CCACHE = ""
+
+TERMIO ?= "-DTERMIO"
+TERMIO_libc-musl = "-DTERMIOS"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
+
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+ ${TERMIO} ${CFLAGS} -Wall"
+
+# Avoid binaries being marked as requiring an executable stack since they don't
+# (and it causes issues with SELinux)
+CFLAG += "-Wa,--noexecstack"
+
+CFLAG_append_class-native = " -fPIC"
+
+do_configure () {
+ # The crypto_use_bigint patch means that perl's bignum module needs to be
+ # installed, but some distributions (for example Fedora 23) don't ship it by
+ # default. As the resulting error is very misleading check for bignum before
+ # building.
+ if ! perl -Mbigint -e true; then
+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
+ fi
+
+ ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arm)
+ target=linux-armv4
+ ;;
+ linux-armeb)
+ target=linux-elf-armeb
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-sh3)
+ target=debian-sh3
+ ;;
+ linux-sh4)
+ target=debian-sh4
+ ;;
+ linux-i486)
+ target=debian-i386-i486
+ ;;
+ linux-i586 | linux-viac3)
+ target=debian-i386-i586
+ ;;
+ linux-i686)
+ target=debian-i386-i686/cmov
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-gnun32-mips*el)
+ target=debian-mipsn32el
+ ;;
+ linux-gnun32-mips*)
+ target=debian-mipsn32
+ ;;
+ linux-mips*64*el)
+ target=debian-mips64el
+ ;;
+ linux-mips*64*)
+ target=debian-mips64
+ ;;
+ linux-mips*el)
+ target=debian-mipsel
+ ;;
+ linux-mips*)
+ target=debian-mips
+ ;;
+ linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-sparc | linux-supersparc)
+ target=linux-sparcv8
+ ;;
+ esac
+
+ # inject machine-specific flags
+ sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
+ perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
+}
+
+do_compile () {
+ oe_runmake depend
+ oe_runmake
+}
+
+do_compile_class-target () {
+ sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+ oe_runmake depend
+ cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
+ oe_runmake CC_INFO="$cc_sanitized"
+}
+
+do_compile_ptest () {
+ oe_runmake buildtest
+}
+
+do_install () {
+ # Create ${D}/${prefix} to fix parallel issues
+ mkdir -p ${D}/${prefix}/
+
+ oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+
+ oe_libinstall -so libcrypto ${D}${libdir}
+ oe_libinstall -so libssl ${D}${libdir}
+
+ install -d ${D}${includedir}
+ cp --dereference -R include/openssl ${D}${includedir}
+
+ oe_multilib_header openssl/opensslconf.h
+
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
+ if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
+ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+ else
+ rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+ fi
+
+ # Create SSL structure for packages such as ca-certificates which
+ # contain hard-coded paths to /etc/ssl. Debian does the same.
+ install -d ${D}${sysconfdir}/ssl
+ mv ${D}${libdir}/ssl/certs \
+ ${D}${libdir}/ssl/private \
+ ${D}${libdir}/ssl/openssl.cnf \
+ ${D}${sysconfdir}/ssl/
+
+ # Although absolute symlinks would be OK for the target, they become
+ # invalid if native or nativesdk are relocated from sstate.
+ ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
+
+ # Rename man pages to prefix openssl10-*
+ for f in `find ${D}${mandir} -type f`; do
+ mv $f $(dirname $f)/openssl10-$(basename $f)
+ done
+ for f in `find ${D}${mandir} -type l`; do
+ ln_f=`readlink $f`
+ rm -f $f
+ ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
+ done
+}
+
+do_install_append_class-native () {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl/certs \
+ SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+ OPENSSL_ENGINES=${libdir}/ssl/engines
+}
+
+do_install_append_class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+do_install_ptest () {
+ cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+
+ # Replace the path to native perl with the path to target perl
+ sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+
+ cp Configure config e_os.h ${D}${PTEST_PATH}
+ cp -r -L include ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/crypto
+ cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+ cp -r certs ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/apps
+ ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+ ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ cp apps/server.pem ${D}${PTEST_PATH}/apps
+ cp apps/server2.pem ${D}${PTEST_PATH}/apps
+ mkdir -p ${D}${PTEST_PATH}/util
+ install util/opensslwrap.sh ${D}${PTEST_PATH}/util
+ install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
+ # Time stamps are relevant for "make alltests", otherwise
+ # make may try to recompile binaries. Not only must the
+ # binary files be newer than the sources, they also must
+ # be more recent than the header files in /usr/include.
+ #
+ # Using "cp -a" is not sufficient, because do_install
+ # does not preserve the original time stamps.
+ #
+ # So instead of using the original file stamps, we set
+ # the current time for all files. Binaries will get
+ # modified again later when stripping them, but that's okay.
+ touch ${D}${PTEST_PATH}
+ find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+
+ # exclude binary files or the package won't install
+ for d in ssltest_old v3ext x509aux; do
+ rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
+ done
+
+ # Remove build host references
+ sed -i \
+ -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+ -e 's|${DEBUG_PREFIX_MAP}||g' \
+ ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
+
+FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
+FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+FILES_${PN} =+ "${libdir}/ssl/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS_libcrypto10 += "openssl10-conf"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+BBCLASSEXTEND = "native nativesdk"
+PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
+
+# openssl 1.0 development files and executable binaries clash with openssl 1.1
+# files when installed into target rootfs. So we don't put them into
+# packages, but they continue to be provided via target sysroot for
+# cross-compilation on the host, if some software still depends on openssl 1.0.
+openssl_package_preprocess () {
+ for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
+ rm $file
+ done
+ rm ${PKGD}${bindir}/openssl
+ rm ${PKGD}${bindir}/c_rehash
+ rmdir ${PKGD}${bindir}
+
+}