diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2023-05-02 23:26:54 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2023-05-04 00:04:39 +0300 |
commit | 821a859c1d68e8cfeea8c50e86f15daa87e71d59 (patch) | |
tree | 58306112a24fe4a57c66e3d7a324460bbd52c28f /poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb | |
parent | ce7bef12b17859cef0615675e4ad5f6f4f611384 (diff) | |
download | openbmc-821a859c1d68e8cfeea8c50e86f15daa87e71d59.tar.xz |
subtree updates
meta-openembedded: 744a4b6eda..df452d9d98:
Alexander Stein (1):
dool: Add patch to fix rebuild
Alexander Thoma (1):
Fix tigervnc crash due to missing xkbcomp rdepends
Andrej Valek (2):
grpc: upgrade 1.45.2 -> 1.46.6
grpc: upgrade 1.46.6 -> 1.46.7
Archana Polampalli (2):
Nodejs - Upgrade to 16.18.1
Nodejs: Fixed python3 DeprecationWarning
BINDU (1):
flatbuffers: adapt for cross-compilation environments
Carsten Bäcker (1):
spdlog: Fix CMake flag
Changqing Li (12):
zabbix: fix CVE-2022-43515,CVE-2022-46768
redis: 6.2.7 -> 6.2.8
redis: upgrade 7.0.4 to 7.0.5
redis: 7.0.5 -> 7.0.7
liblockfile: fix do_install failure when ldconfig is not installed
postgresql: fix CVE-2022-41862
redis: upgrade 7.0.7 -> 7.0.9
redis: upgrade 6.2.8 -> 6.2.11
zabbix: fix CVE-2023-29451
redis: upgrade 6.2.11 -> 6.2.12
redis: upgrade 7.0.9 -> 7.0.10
redis: upgrade 7.0.10 -> 7.0.11
Chase Qi (1):
kernel-selftest: install kselftest runner
Chee Yang Lee (2):
zsh: Fix CVE-2021-45444
cifs-utils: fix CVE-2022-27239 CVE-2022-29869
Dmitry Baryshkov (1):
nss: fix cross-compilation error
Dragos-Marian Panait (1):
phpmyadmin: fix CVE-2023-25727
Gary Huband (1):
chrony: add pkgconfig class as pkg-config is explicitly searched for
Geoff Parker (1):
python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES
He Zhe (2):
protobuf: upgrade 3.19.4 -> 3.19.6
python3-protobuf: upgrade 3.20.0 -> 3.20.3
Hermes Zhang (1):
kernel_add_regdb: Change the task order
Hitendra Prajapati (5):
dhcp: Fix CVE-2022-2928 & CVE-2022-2929
strongswan: CVE-2022-40617 A possible DoS in Using Untrusted URIs for Revocation Checking
nginx: CVE-2022-41741, CVE-2022-41742 Memory corruption in the ngx_http_mp4_module
net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception
krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsing
Howard Cochran (1):
ufw: Fix "could not find required binary 'iptables'"
Joe Slater (1):
phoronix-test-suite: Fix CVE-2022-40704
Khem Raj (6):
mpd: Update to 0.23.8
mpd: Upgrade to 0.23.9
ncmpc: Upgrade to 0.47
mpd: Upgrade to 0.23.12 release
monkey: Fix build with musl
postfix: Fix build on systems with linux 6.x
Manoj Saun (1):
postgresql: fix ptest failure of sysviews test
Marta Rybczynska (1):
jansson: whitelist CVE-2020-36325
Martin Jansa (12):
re2: fix branch name from master to main
exiv2: fix SRC_URI
mdns: use git fetcher
monkey: use git fetcher
jack: fix compatibility with python-3.11
restinio: fix S variable in multilib builds
mongodb: fix chown user for multilib builds
pahole: respect libdir
lvgl,lv-lib-png,lv-drivers: fix installed-vs-shipped QA issue with multilib
lirc: fix do_install with multilib
dleyna-{server,renderer}: fix dev-so QA issue with multilib
zsh: fix installed-vs-shipped with multilib
Mingli Yu (6):
php: Upgrade to 8.1.12
mariadb: not use qemu to run cross-compiled binaries
mariadb: Upgrade to 10.7.7
php: Upgrade to 8.1.16
mariadb: Upgrade to 10.7.8
mariadb: Fix CVE-2022-47015
Narpat Mali (2):
python3-oauthlib: upgrade 3.2.0 -> 3.2.2
Fix collections.abc deprecation warning in downloadutils Warning appears as:
Neetika Singh (1):
libcroco: Add fix for CVE-2020-12825
Nikhil R (1):
duktape: Add ptest
Niko Mauno (2):
nftables: Fix missing leading whitespace with ':append'
Fix missing leading whitespace with ':append'
Peter Kjellerstedt (2):
chrony: Remove the readline PACKAGECONFIG
chrony: Remove the libcap and nss PACKAGECONFIGs
Peter Marko (3):
ntp: whitelist CVE-2019-11331
c-ares: fix CVE-2022-4904
dnsmasq: fix CVE-2023-28450
Philippe Coval (1):
pim435: Relocate sources to eclipse
Polampalli, Archana (2):
xfce4-settings: 4.16.2 -> 4.16.5
nodejs: Upgrade 16.19.0 -> 16.19.1
Preeti Sachan (1):
fluidsynth: update SRC_URI to remove non-existing 2.2.x branch
Randy MacLeod (2):
python3-pillow: add ptest support
python3-pillow: Add distutils, unixadmin for ptest
S. Lockwood-Childs (1):
multipath-tools: fix QA "dev-so" regression
Siddharth Doshi (1):
xterm : Fix CVE-2022-45063 code execution via OSC 50 input sequences] CVE-2022-45063
Tim Orling (1):
nodejs: upgrade 16.18.1 -> 16.19.0
Tom Hochstein (1):
nlohmann-json: Allow empty main package for SDK
Urade, Yogita (3):
multipath-tools: fix CVE-2022-41974
poppler: fix CVE-2021-30860
dlt-daemon: fix CVE-2023-26257
Wang Mingyu (5):
python3-pillow: upgrade 9.2.0 -> 9.3.0
python3-pillow: upgrade 9.3.0 -> 9.4.0
apache2: upgrade 2.4.54 -> 2.4.55
apache2: upgrade 2.4.55 -> 2.4.56
openwsman: Change download branch from master to main.
Xu Huan (1):
python3-pillow: upgrade 9.0.1 -> 9.1.1
Yi Zhao (5):
postfix: upgrade 3.6.5 -> 3.6.7
freeradius: Security fixes for CVE-2022-41860 CVE-2022-41861
frr: Security fix for CVE-2022-42917
apache2: use /run instead of /var/run for systemd volatile config
mbedtls: upgrade 2.28.0 -> 2.28.2
Yogita Urade (2):
multipath-tools:fix CVE-2022-41973
syslog-ng: fix CVE-2022-38725
Zheng Qiu (1):
redis: build with USE_SYSTEMD=yes when systemd is enabled
wangmy (1):
libcrypt-openssl-rsa-perl: upgrade 0.32 -> 0.33
zhengruoqin (1):
python3-pillow: upgrade 9.1.1 -> 9.2.0
meta-raspberrypi: dacad9302a..2a06e4e84b:
Zachary T Welch (1):
machines: simplify MACHINEOVERRIDES definitions
meta-security: c79262a30b..cc20e2af2a:
Armin Kuster (2):
oeqa/tpm2: fix and cleanup tests
oeqa: meta-tpm shut swtpm down before and after testing
poky: eaf8ce9d39..4cc0e9438b:
Adrian Freihofer (1):
own-mirrors: add crate
Alejandro Hernandez Samaniego (2):
baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
testimage: Fix error message to reflect new syntax
Alex Kiernan (3):
u-boot: Remove duplicate inherit of cml1
cargo_common.bbclass: Fix typos
classes: image: Set empty weak default IMAGE_LINGUAS
Alex Stewart (1):
lsof: add update-alternatives logic
Alexander Kanavin (49):
local.conf.sample: correct the location of public hashserv
lttng-modules: upgrade 2.13.4 -> 2.13.5
quilt: backport a patch to address grep 3.8 failures
lttng-tools: submit determinism.patch upstream
groff: submit patches upstream
tcl: correct patch status
kea: submit patch upstream
ovmf: correct patches status
libffi: submit patch upstream
linux-firmware: upgrade 20220913 -> 20221012
xwayland: upgrade 22.1.3 -> 22.1.4
libffi: upgrade 3.4.2 -> 3.4.4
libical: upgrade 3.0.15 -> 3.0.16
mtd-utils: upgrade 2.1.4 -> 2.1.5
gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
gstreamer1.0: upgrade 1.20.3 -> 1.20.4
libepoxy: convert to git
libepoxy: update 1.5.9 -> 1.5.10
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
gnomebase.bbclass: return the whole version for tarball directory if it is a number
libnewt: update 0.52.21 -> 0.52.23
ruby: merge .inc into .bb
ruby: update 3.1.2 -> 3.1.3
tzdata: update 2022d -> 2022g
devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree
libarchive: upgrade 3.6.1 -> 3.6.2
devtool: process local files only for the main branch
libksba: update 1.6.2 -> 1.6.3
linux-firmware: upgrade 20221109 -> 20221214
xwayland: upgrade 22.1.5 -> 22.1.7
xserver-xorg: upgrade 21.1.4 -> 21.1.6
selftest/virgl: use pkg-config from the host
vulkan-samples: branch rename master -> main
gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with a signal
diffutils: update 3.8 -> 3.9
lttng-tools: update 2.13.8 -> 2.13.9
apr: update 1.7.0 -> 1.7.2
apr-util: update 1.6.1 -> 1.6.3
bind: upgrade 9.18.10 -> 9.18.11
libjpeg-turbo: upgrade 2.1.4 -> 2.1.5
linux-firmware: upgrade 20221214 -> 20230117
sudo: upgrade 1.9.12p1 -> 1.9.12p2
vim: update 9.0.1211 -> 9.0.1293 to resolve open CVEs
dbus: upgrade 1.14.4 -> 1.14.6
linux-firmware: upgrade 20230117 -> 20230210
wireless-regdb: upgrade 2022.08.12 -> 2023.02.13
devtool/upgrade: do not delete the workspace/recipes directory
patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
Alexandre Belloni (1):
oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail
Alexey Smirnov (1):
classes: make TOOLCHAIN more permissive for kernel
Alexis Lothoré (1):
oeqa/selftest/resulttooltests: fix minor typo
Antonin Godard (2):
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
Armin Kuster (1):
lttng-modules: Fix for 5.10.163 kernel version
Arnout Vandecappelle (1):
python3-pytest: depend on python3-tomli instead of python3-toml
Bartosz Golaszewski (1):
bluez5: add dbus to RDEPENDS
Benoît Mauduit (1):
lib/oe/reproducible: Use git log without gpg signature
Bernhard Rosenkränzer (1):
cmake-native: Fix host tool contamination (Bug: 14951)
Bhabu Bindu (5):
qemu: Fix CVE-2021-3611
curl: Fix CVE-2022-32221
curl: Fix CVE-2022-42916
curl: Fix CVE-2022-42915
qemu: Fix CVE-2022-4144
Bruce Ashfield (34):
linux-yocto/5.10: update to v5.10.147
linux-yocto/5.10: update to v5.10.149
linux-yocto/5.15: update to v5.15.72
kern-tools: fix relative path processing
linux-yocto/5.15: update to v5.15.74
linux-yocto/5.15: update to v5.15.76
linux-yocto/5.15: update to v5.15.78
linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
kern-tools: integrate ZFS speedup patch
linux-yocto/5.10: update to v5.10.152
linux-yocto/5.10: update to v5.10.154
linux-yocto/5.10: update to v5.10.160
linux-yocto/5.15: ltp and squashfs fixes
linux-yocto/5.15: fix perf build with clang
linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off
linux-yocto/5.15: update to v5.15.84
linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy
linux-yocto/5.15: update to v5.15.87
linux-yocto/5.15: update to v5.15.89
linux-yocto/5.15: update to v5.15.91
lttng-modules: fix for kernel 6.2+
linux-yocto/5.15: update to v5.15.94
linux-yocto/5.15: update to v5.15.96
linux-yocto-rt/5.15: update to -rt59
linux-yocto/5.10: update to v5.10.162
linux-yocto/5.10: update to v5.10.164
linux-yocto/5.10: update to v5.10.166
linux-yocto/5.10: update to v5.10.168
linux-yocto/5.10: update to v5.10.170
linux-yocto/5.10: update to v5.10.172
linux-yocto/5.10: update to v5.10.175
lttng-modules: update to v2.13.9
linux-yocto/5.15: update to v5.15.98
linux-yocto/5.15: update to v5.15.103
Carlos Alberto Lopez Perez (1):
xwayland: libxshmfence is needed when dri3 is enabled
Changqing Li (3):
base.bbclass: Fix way to check ccache path
apt: fix do_package_qa failure
libsdl2: fix CVE-2022-4743
Chee Yang Lee (4):
dropbear: fix CVE-2021-36369
git: upgrade to 2.35.6
tiff: fix multiple CVEs
git: ignore CVE-2023-22743
Chen Qi (10):
image_types_wic.bbclass: fix cross binutils dependency
openssl: export necessary env vars in SDK
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
resolvconf: make it work
dhcpcd: fix to work with systemd
psplash: consider the situation of psplash not exist for systemd
bc: extend to nativesdk
rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work
dhcpcd: backport two patches to fix runtime error
libseccomp: fix typo in DESCRIPTION
Christian Eggers (1):
linux-firmware: split rtl8761 firmware
Claus Stovgaard (1):
gstreamer1.0-libav: fix errors with ffmpeg 5.x
Daniel Gomez (1):
gtk-icon-cache: Fix GTKIC_CMD if-else condition
Diego Sueiro (1):
kernel.bbclass: Include randstruct seed assets in STAGING_KERNEL_BUILDDIR
Dmitry Baryshkov (4):
linux-firmware: upgrade 20221012 -> 20221109
linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
linux-firmware: properly set license for all Qualcomm firmware
linux-firmware: add yamato fw files to qcom-adreno-a2xx package
Ed Tanous (1):
openssl: Upgrade 3.0.5 -> 3.0.7
Enrico Jörns (1):
sstatesig: emit more helpful error message when not finding sstate manifest
Etienne Cordonnier (2):
mirrors.bbclass: use shallow tarball for binutils-native
bitbake: siggen: Fix inefficient string concatenation
Federico Pellegrin (1):
curl: fix dependencies when building with ldap/ldaps
Florin Diaconescu (1):
python3: upgrade 3.10.8 -> 3.10.9
Frank de Brabander (2):
cve-update-db-native: add timeout to urlopen() calls
bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system
Geoffrey GIRY (1):
cve-check: Fix false negative version issue
Harald Seiler (2):
opkg: Set correct info_dir and status_file in opkg.conf
bootchart2: Fix usrmerge support
He Zhe (3):
lttng-tools: Upgrade 2.13.4 -> 2.13.8
lttng-modules: Fix crash on powerpc64
lttng-modules: update 2.13.7 -> 2.13.8
Hitendra Prajapati (14):
openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
systemd: CVE-2022-3821 Fix buffer overrun
libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c
golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
libxml2: Fix CVE-2022-40303 && CVE-2022-40304
libX11: CVE-2022-3554 & CVE-2022-3555 Fix memory leak
systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace
go: fix CVE-2022-41717 Excessive memory use in got server
less: backport the fix for CVE-2022-46663
curl: CVE-2023-27533 TELNET option IAC injection
curl: CVE-2023-27534 SFTP path resolving discrepancy
ruby: CVE-2023-28756 ReDoS vulnerability in Time
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Hongxu Jia (1):
pkgconf: fix CVE-2023-24056
Jagadeesh Krishnanjanappa (1):
qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image
Jan Kircher (1):
toolchain-scripts: compatibility with unbound variable protection
Jan-Simon Moeller (1):
buildtools-tarball: export certificates to python and curl
Jeremy Puhlman (1):
qemu-native: Add PACKAGECONFIG option for jack
Jermain Horsman (1):
cve-check: write the cve manifest to IMGDEPLOYDIR
Joe Slater (4):
python3: advance to version 3.10.8
nghttp2: never build python bindings
python3: fix CVE-2023-24329
go: fix CVE-2022-41724, 41725
John Edward Broadbent (1):
externalsrc: git submodule--helper list unsupported
Jose Quaresma (7):
kernel-yocto: improve fatal error messages of symbol_why.py
archiver: avoid using machine variable as it breaks multiconfig
sstatesig: skip the rm_work task signature
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
sstate: Allow optimisation of do_deploy_archives task dependencies
Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"
gstreamer1.0: Fix race conditions in gstbin tests
Joshua Watt (6):
runqemu: Do not perturb script environment
runqemu: Fix gl-es argument from causing other arguments to be ignored
qemu-helper-native: Re-write bridge helper as C program
qemu-helper-native: Correctly pass program name as argv[0]
scripts: convert-overrides: Allow command-line customizations
classes/create-spdx: Add SPDX_PRETTY option
KARN JYE LAU (1):
freetype:update mirror site.
Kai Kang (5):
libuv: fixup SRC_URI
webkitgtk: 2.36.7 -> 2.36.8
qemu: fix compile error
xserver-xorg: 21.1.6 -> 21.1.7
python3-git: fix indent error
Keiya Nobuta (2):
gnutls: Unified package names to lower-case
create-spdx: Remove ";name=..." for downloadLocation
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Khem Raj (10):
perf: Depend on native setuptools3
tiff: Add packageconfig knob for webp
libtirpc: Check if file exists before operating on it
libusb1: Link with latomic only if compiler has no atomic builtins
libusb1: Strip trailing whitespaces
scons: Pass MAXLINELENGTH to scons invocation
scons.bbclass: Make MAXLINELENGTH overridable
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
rsync: Add missing prototypes to function declarations
rsync: Turn on -pedantic-errors at the end of 'configure'
Konrad Weihmann (1):
create-spdx: default share_src for shared sources
Lee Chee Yang (2):
migration-guides: add release-notes for 4.0.7
migration-guides: add release-notes for 4.0.9
Leon Anavi (1):
get_module_deps3.py: Check attribute '__file__'
Liam Beguin (1):
meson: make wrapper options sub-command specific
Louis Rannou (1):
oeqa/selftest/locales: Add selftest for locale generation/presence
Luis (1):
rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively
Marek Vasut (3):
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
bitbake: fetch2/git: Prevent git fetcher from fetching gitlab repository metadata
bitbake: fetch2/git: Clarify the meaning of namespace
Marius Kriegerowski (1):
bitbake: bitbake-diffsigs: Make PEP8 compliant
Mark Hatle (3):
insane.bbclass: Allow hashlib version that only accepts on parameter
bitbake: utils/ply: Update md5 to better report errors with hashlib
openssl: Move microblaze to linux-latomic config
Marta Rybczynska (2):
efibootmgr: update compilation with musl
cve-update-db-native: avoid incomplete updates
Martin Jansa (15):
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
externalsrc.bbclass: fix git repo detection
libsndfile1: Backport fix for CVE-2021-4156
tiff: refresh with devtool
tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
libxml2: fix test data checksums
systemd: backport another change from v252 to fix build with CVE-2022-45873.patch
ffmpeg: refresh patches to apply cleanly
meta: remove True option to getVar and getVarFlag calls (again)
bitbake: fetch2/git: show SRCREV and git repo in error message about fixed SRCREV
timezone: use 'tz' subdir instead of ${WORKDIR} directly
tzdata: use separate B instead of WORKDIR for zic output
tzcode-native: fix build with gcc-13 on host
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
bmap-tools: switch to main branch
Mateusz Marciniec (1):
sstatesig: Improve output hash calculation
Mathieu Dubois-Briand (1):
dbus: Add missing CVE product name
Mauro Queiros (1):
image.bbclass: print all QA functions exceptions
Michael Halstead (4):
uninative: Upgrade to 3.7 to work with glibc 2.36
selftest/runtime_test/virgl: Disable for all Rocky Linux
uninative: Upgrade to 3.8.1 to include libgcc
uninative: Upgrade to 3.9 to include glibc 2.37
Michael Opdenacker (11):
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
SPDX and CVE documentation updates
manuals: add 4.0.5 and 4.0.6 release notes
manuals: document SPDX_PRETTY variable
dev-manual: fix old override syntax
ref-manual: document SSTATE_EXCLUDEDEPS_SYSROOT
profile-manual: update WireShark hyperlinks
bsp-guide: fix broken git URLs and missing word
manuals: update patchwork instance URL
dev-manual: common-tasks.rst: add link to FOSDEM 2023 video
migration-guides: add 4.0.8 release notes
Mikko Rapeli (11):
common-tasks.rst: fix oeqa runtime test path
oeqa context.py: fix --target-ip comment to include ssh port number
oeqa ssh.py: move output prints to new line
oeqa ssh.py: add connection keep alive options to ssh client
oeqa dump.py: add error counter and stop after 5 failures
oeqa qemurunner: read more data at a time from serial
oeqa qemurunner.py: add timeout to QMP calls
oeqa qemurunner.py: try to avoid reading one character at a time
oeqa ssh.py: fix hangs in run()
runqemu: kill qemu if it hangs
oeqa rtc.py: skip if read-only-rootfs
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Mingli Yu (4):
glslang: branch rename master -> main
mdadm: Fix testcase 06wrmostly
mdadm: fix tests/02lineargrow
mdadm: Fix raid0 tests
Narpat Mali (12):
wayland: fix CVE-2021-3782
python3-mako: backport fix for CVE-2022-40023
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
ffmpeg: fix for CVE-2022-3109
python3-setuptools: fix for CVE-2022-40897
python3-wheel: fix for CVE-2022-40898
python3-git: fix for CVE-2022-24439
ffmpeg: fix for CVE-2022-3341
python3-certifi: fix for CVE-2022-23491
libseccomp: fix for the ptest result format
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
Nathan Rossi (4):
oeqa/selftest/lic_checksum: Cleanup changes to emptytest include
oeqa/selftest/minidebuginfo: Create selftest for minidebuginfo
glibc-locale: Do not INHIBIT_DEFAULT_DEPS
package: Fix handling of minidebuginfo with newer binutils
Niko Mauno (2):
systemd: Consider PACKAGECONFIG in RRECOMMENDS
Fix missing leading whitespace with ':append'
Ovidiu Panait (1):
kernel.bbclass: remove empty module directories to prevent QA issues
Pavel Zhukov (4):
bitbake: gitsm: Fix regression in gitsm submodule path parsing
oeqa/rpm.py: Increase timeout and add debug output
gcc: Refactor linker patches and fix linker on arm with usrmerge
wic: Fix usage of fstype=none in wic
Pawan Badganchi (2):
curl: Add fix for CVE-2023-23914, CVE-2023-23915
tiff: Add fix for CVE-2022-4645
Pawel Zalewski (1):
classes/fs-uuid: Fix command output decoding issue
Peter Kjellerstedt (2):
externalsrc.bbclass: Remove a trailing slash from ${B}
devshell: Do not add scripts/git-intercept to PATH
Peter Marko (9):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
externalsrc: fix lookup for .gitmodules
oeqa/selftest/externalsrc: add test for srctree_hash_files
systemd: add group sgx to udev package
systemd: fix CVE-2022-4415
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
package.bbclass: correct check for /build in copydebugsources()
go: ignore CVE-2022-41716
Petr Kubizňák (1):
harfbuzz: remove bindir only if it exists
Piotr Łobacz (1):
systemd: fix wrong nobody-group assignment
Polampalli, Archana (1):
libpam: fix CVE-2022-28321
Poonam (1):
python3-setuptools-rust-native: Add direct dependency of native python3 modules
Qiu, Zheng (3):
tiff: Security fix for CVE-2022-3970
vim: upgrade 9.0.0820 -> 9.0.0947
valgrind: remove most hidden tests for arm64
Quentin Schulz (4):
cairo: update patch for CVE-2019-6461 with upstream solution
docs: migration-4.0: specify variable name change for kernel inclusion in image recipe
docs: kernel-dev: faq: update tip on how to not include kernel in image
cairo: fix CVE patches assigned wrong CVE number
Randy MacLeod (3):
valgrind: skip the boost_thread test on arm
vim: upgrade 9.0.0947 -> 9.0.1211
vim: upgrade 9.0.1403 -> 9.0.1429
Ranjitsinh Rathod (3):
curl: Correct LICENSE from MIT-open-group to curl
curl: Add patch to fix CVE-2022-43551
curl: Add patch to fix CVE-2022-43552
Ravula Adhitya Siddartha (2):
linux-yocto/5.10: update genericx86* machines to v5.10.149
linux-yocto/5.15: update genericx86* machines to v5.15.72
Richard Purdie (35):
bitbake: tests/fetch: Allow handling of a file:// url within a submodule
build-appliance-image: Update to kirkstone head revision
openssl: Fix SSL_CERT_FILE to match ca-certs location
numactl: upgrade 2.0.14 -> 2.0.15
bitbake: runqueue: Fix race issues around hash equivalence and sstate reuse
lttng-modules: upgrade 2.13.5 -> 2.13.7
bitbake.conf: Drop export of SOURCE_DATE_EPOCH_FALLBACK
gcc-shared-source: Fix source date epoch handling
gcc-source: Fix gengtypes race
gcc-source: Drop gengtype manipulation
gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't change
sanity: Drop data finalize call
oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file()
build-appliance-image: Update to kirkstone head revision
yocto-check-layer: Allow OE-Core to be tested
oeqa/concurrencytest: Add number of failures to summary output
build-appliance-image: Update to kirkstone head revision
native: Drop special variable handling
kernel/linux-kernel-base: Fix kernel build artefact determinism issues
make-mod-scripts: Ensure kernel build output is deterministic
libc-locale: Fix on target locale generation
build-appliance-image: Update to kirkstone head revision
libssh2: Clean up ptest patch/coverage
bitbake: utils: Allow to_boolean to support int values
bitbake: cookerdata: Remove incorrect SystemExit usage
bitbake: cookerdata: Improve early exception handling
bitbake: cookerdata: Drop dubious exception handling code
binutils: Fix nativesdk ld.so search
oeqa/selftest/prservice: Improve debug output for failure
staging: Separate out different multiconfig manifests
staging/multilib: Fix manifest corruption
glibc: Add missing binutils dependency
selftest/recipetool: Stop test corrupting tinfoil class
base-files: Drop localhost.localdomain from hosts file
pybootchartui: Fix python syntax issue
Robert Andersson (1):
go-crosssdk: avoid host contamination by GOCACHE
Robert Yang (1):
bitbake: fetch/git: Fix local clone url to make it work with repo
Rodolfo Quesada Zumbado (1):
tar: CVE-2022-48303
Romuald Jeanne (1):
image_types: fix multiubi var init
Ross Burton (37):
qemu: fix CVE-2022-2962
lighttpd: fix CVE-2022-41556
expat: backport the fix for CVE-2022-43680
scripts/oe-check-sstate: cleanup
scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
opkg-utils: use a git clone, not a dynamic snapshot
oe/packagemanager/rpm: don't leak file objects
glib-2.0: fix rare GFileInfo test case failure
pixman: backport fix for CVE-2022-44638
sanity: check for GNU tar specifically
qemu: add io_uring PACKAGECONFIG
expat: upgrade to 2.5.0
linux-firmware: don't put the firmware into the sysroot
tiff: fix a number of CVEs
xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
lib/buildstats: fix parsing of trees with reduced_proc_pressure directories
combo-layer: remove unused import
combo-layer: dont use bb.utils.rename
combo-layer: add sync-revs command
libepoxy: remove upstreamed patch
cve-update-db-native: show IP on failure
bitbake: bb/utils: include SSL certificate paths in export_proxies
ppp: backport fix for CVE-2022-4603
quilt: fix intermittent failure in faildiff.test
spirv-headers: set correct branch name
quilt: use upstreamed faildiff.test fix
git: ignore CVE-2022-41953
buildtools-tarball: set pkg-config search path
sdkext/cases/devtool: pass a logger to HTTPService
httpserver: add error handler that write to the logger
lib/buildstats: handle tasks that never finished
shadow: ignore CVE-2016-15024
vim: add missing pkgconfig inherit
vim: upgrade to 9.0.1403
vim: set modified-by to the recipe MAINTAINER
lib/resulttool: fix typo breaking resulttool log --ptest
scripts/lib/buildstats: handle top-level build_stats not being complete
Sakib Sajal (3):
go: fix CVE-2022-2880
git: upgrade 2.35.6 -> 2.35.7
go: fix CVE-2022-2879 and CVE-2022-41720
Sandeep Gundlupet Raju (2):
kernel-fitimage: Adjust order of dtb/dtbo files
kernel-fitimage: Allow user to select dtb when multiple dtb exists
Saul Wold (3):
at: Change when files are copied
package.bbclase: Add check for /build in copydebugsources()
busybox: Fix depmod patch
Schmidt, Adriaan (1):
bitbake: bitbake-diffsigs: break on first dependent task difference
Sean Anderson (2):
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
uboot-sign: Fix using wrong KEY_REQ_ARGS
Sergei Zhmylev (2):
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
wic: make ext2/3/4 images reproducible
Shubham Kulkarni (3):
glibc: Security fix for CVE-2023-0687
go-runtime: Security fix for CVE-2022-41723
go-runtime: Security fix for CVE-2022-41722
Siddharth Doshi (5):
openssl: Upgrade 3.0.7 -> 3.0.8
epiphany: Security fix for CVE-2023-26081
harfbuzz: Security fix for CVE-2023-25193
openssl: Security fix for CVE-2023-0464, CVE-2023-0465, CVE-2023-0466
curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
Simone Weiss (1):
json-c: Add ptest for json-c
Steve Sakoman (12):
Revert "lttng-tools: Upgrade 2.13.4 -> 2.13.8"
poky.conf: bump version for 4.0.5
Revert "expat: backport the fix for CVE-2022-43680"
poky.conf: bump version for 4.0.6
Revert "libksba: fix CVE-2022-47629"
poky.conf: bump version for 4.0.7
poky.conf: Update SANITY_TESTED_DISTROS to match autobuilder
system-requirements.rst: add Fedora 36 and AlmaLinux 8.7 to list of supported distros
libgit2: uprade 1.4.3 -> 1.4.4
libgit2: upgrade 1.4.4 -> 1.4.5
poky.conf: bump version for 4.0.8
poky.conf: bump version for 4.0.9
Sundeep KOKKONDA (1):
cargo : non vulnerable cve-2022-46176 added to excluded list
Teoh Jay Shen (2):
tiff: Security fixes CVE-2022-2867,CVE-2022-2868 and CVE-2022-2869
vim: Upgrade 9.0.0598 -> 9.0.0614
Thomas Perrot (2):
psplash: add psplash-default in rdepends
xserver-xorg: move some recommended dependencies in required
Thomas Roos (1):
devtool: fix devtool finish when gitmodules file is empty
Tim Orling (5):
python3: upgrade 3.10.4 -> 3.10.7
git: upgrade 2.35.4 -> 2.35.5
vim: upgrade 9.0.0614 -> 9.0.0820
mirrors.bbclass: update CPAN_MIRROR
cracklib: update github branch to 'main'
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Trevor Woerner (3):
cups: use BUILDROOT instead of DESTDIR
cups: check PACKAGECONFIG for pam feature
cups: add/fix web interface packaging
Ulrich Ölmann (4):
recipe_sanity: fix old override syntax
lsof: fix old override syntax
update-alternatives: fix typos
kernel-yocto: fix kernel-meta data detection
Vincent Davis Jr (1):
linux-firmware: package amdgpu firmware
Virendra Thakur (1):
qemu: Fix CVE-2021-3750 for qemu
Vivek Kumbhar (5):
python3: fix CVE-2022-42919 local privilege escalation via the multiprocessing forkserver start method
sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs.
openssl: fix CVE-2022-3996 double locking leads to denial of service
gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key exchange code
go: fix CVE-2023-24537 Infinite loop in parsing
Vyacheslav Yurkov (3):
files: overlayfs-etc: refactor preinit template
classes: files: Extend overlayfs-etc class
overlayfs: Allow not used mount points
Wang Mingyu (19):
bind: upgrade 9.18.7 -> 9.18.8
socat: upgrade 1.7.4.3 -> 1.7.4.4
libxcrypt: upgrade 4.4.28 -> 4.4.30
xwayland: upgrade 22.1.4 -> 22.1.5
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
babeltrace: upgrade 1.5.8 -> 1.5.11
iso-codes: upgrade 4.11.0 -> 4.12.0
bind: upgrade 9.18.8 -> 9.18.9
mpfr: upgrade 4.1.0 -> 4.1.1
libxcrypt-compat: upgrade 4.4.30 -> 4.4.33
libpng: upgrade 1.6.38 -> 1.6.39
gstreamer1.0: upgrade 1.20.4 -> 1.20.5
bind: upgrade 9.18.9 -> 9.18.10
libjpeg-turbo: upgrade 2.1.5 -> 2.1.5.1
xwayland: upgrade 22.1.7 -> 22.1.8
iso-codes: upgrade 4.12.0 -> 4.13.0
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
dhcpcd: Fix install conflict when enable multilib.
Xiangyu Chen (18):
qemu: Backport patches from upstream to support float128 on qemu-ppc64
linux-yocto-dev: add qemuarm64
ltp: backport clock_gettime04 fix from upstream
dbus: fix CVE-2022-42010 Check brackets in signature nest correctly
dbus: fix CVE-2022-42011 dbus-daemon can be crashed by messages with array length inconsistent with element type
dbus: fix CVE-2022-42012 dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
lttng-tools: Upgrade 2.13.4 -> 2.13.8
sudo: upgrade 1.9.10 -> sudo 1.9.12p1
bash: backport patch to fix CVE-2022-3715
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
dbus: upgrade 1.14.0 -> 1.14.4
sysstat: fix CVE-2022-39377
grub: backport patches to fix CVE-2022-28736
openssh: remove RRECOMMENDS to rng-tools for sshd package
numactl: skip test case when target platform doesn't have 2 CPU node
dhcpcd: fix dhcpcd start failure on qemuppc64
sudo: update 1.9.12p2 -> 1.9.13p3
shadow: backport patch to fix CVE-2023-29383
Yash Shinde (5):
binutils: stable 2.38 branch updates
glibc: stable 2.35 branch updates.
glibc: stable 2.35 branch updates.
binutils : Fix CVE-2023-22608
binutils : Fix CVE-2023-1579
Yash.Shinde@windriver.com (1):
binutils : Fix CVE-2022-4285
Yogita Urade (1):
libksba: fix CVE-2022-47629
Zheng Qiu (1):
tiff: fix CVE-2022-2953
ciarancourtney (1):
wic: swap partitions are not added to fstab
pawan (2):
Revert "qemu: fix CVE-2021-3507"
curl: Add fix for CVE-2023-23916
pgowda (1):
binutils : Fix CVE-2022-38128
wangmy (9):
ifupdown: upgrade 0.8.37 -> 0.8.39
libcap: upgrade 2.65 -> 2.66
libical: upgrade 3.0.14 -> 3.0.15
numactl: upgrade 2.0.15 -> 2.0.16
wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
libksba: upgrade 1.6.0 -> 1.6.2
lttng-ust: upgrade 2.13.3 -> 2.13.4
lttng-ust: upgrade 2.13.4 -> 2.13.5
lighttpd: upgrade 1.4.66 -> 1.4.67
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I80cf3cd933dea72160ce87efb2a42fe4d0e5d7d5
Diffstat (limited to 'poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb')
-rw-r--r-- | poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb | 261 |
1 files changed, 261 insertions, 0 deletions
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb new file mode 100644 index 0000000000..82f3e18dd7 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb @@ -0,0 +1,261 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://afalg.patch \ + file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://CVE-2023-0464.patch \ + file://CVE-2023-0465.patch \ + file://CVE-2023-0466.patch \ + " + +SRC_URI:append:class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" + +inherit lib_package multilib_header multilib_script ptest perlnative +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG:class-native = "" +PACKAGECONFIG:class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" +PACKAGECONFIG[no-tls1] = "no-tls1" +PACKAGECONFIG[no-tls1_1] = "no-tls1_1" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF:append:libc-musl = " no-async" +EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +# This allows disabling deprecated or undesirable crypto algorithms. +# The default is to trust upstream choices. +DEPRECATED_CRYPTO_FLAGS ?= "" + +do_configure () { + # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make + # the issue really clear that perl isn't functional due to symbol mismatch issues. + cat <<- EOF > ${WORKDIR}/perltest + #!/usr/bin/env perl + use POSIX; + EOF + chmod a+x ${WORKDIR}/perltest + ${WORKDIR}/perltest + + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arc | linux-microblaze*) + target=linux-latomic + ;; + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + mingw32-x86_64) + target=mingw64 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + oe_multilib_header openssl/configuration.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-3/certs \ + ${D}${libdir}/ssl-3/private \ + ${D}${libdir}/ssl-3/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private + ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf +} + +do_install:append:class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-3/certs \ + SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-3 \ + OPENSSL_MODULES=${libdir}/ossl-modules +} + +do_install:append:class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + install -d ${D}${PTEST_PATH}/test + install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test + install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test + + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines + + install -d ${D}${PTEST_PATH}/providers + install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers + + install -d ${D}${PTEST_PATH}/Configurations + cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ + + # seems to be needed with perl 5.32.1 + install -d ${D}${PTEST_PATH}/util/perl/recipes + cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ + + sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy" + +FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES:libssl = "${libdir}/libssl${SOLIBS}" +FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ + ${libdir}/ssl-3/openssl.cnf* \ + " +FILES:${PN}-engines = "${libdir}/engines-3" +# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) +FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" +FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" +FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" +FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" +RDEPENDS:${PN}-misc = "perl" +RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed" + +RDEPENDS:${PN}-bin += "openssl-conf" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +CVE_VERSION_SUFFIX = "alphabetical" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_IGNORE += "CVE-2019-0190" |