diff options
Diffstat (limited to 'poky/meta/recipes-connectivity/openssl')
| -rw-r--r-- | poky/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb (renamed from poky/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb) | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb index 1827167201..86950f7544 100644 --- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1h.bb +++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb @@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9" +SRC_URI[sha256sum] = "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -33,6 +33,8 @@ PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" +PACKAGECONFIG[no-tls1] = "no-tls1" +PACKAGECONFIG[no-tls1_1] = "no-tls1_1" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" @@ -52,6 +54,20 @@ EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +# Disable deprecated crypto algorithms +# Retained for compatibilty +# des (curl) +# dh (python-ssl) +# dsa (rpm) +# md4 (cyrus-sasl freeradius hostapd) +# bf (wvstreams postgresql x11vnc crda znc cfengine) +# rc4 (freerdp librtorrent ettercap xrdp transmission pam-ssh-agent-auth php) +# rc2 (mailx) +# psk (qt5) +# srp (libest) +# whirlpool (qca) +DEPRECATED_CRYPTO_FLAGS = "no-ssl no-idea no-rc5 no-md2 no-camellia no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4" + do_configure () { os=${HOST_OS} case $os in @@ -113,6 +129,9 @@ do_configure () { linux-sparc | linux-supersparc) target=linux-sparcv9 ;; + mingw32-x86_64) + target=mingw64 + ;; esac useprefix=${prefix} @@ -122,7 +141,7 @@ do_configure () { # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } @@ -195,6 +214,8 @@ FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \ ${libdir}/ssl-1.1/openssl.cnf* \ " FILES_${PN}-engines = "${libdir}/engines-1.1" +# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) +FILES_${PN}-engines_append_mingw32_class-nativesdk = " ${prefix}${libdir}/engines-1_1" FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash" FILES_${PN} =+ "${libdir}/ssl-1.1/*" FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" @@ -211,6 +232,8 @@ BBCLASSEXTEND = "native nativesdk" CVE_PRODUCT = "openssl:openssl" +CVE_VERSION_SUFFIX = "alphabetical" + # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough CVE_CHECK_WHITELIST += "CVE-2019-0190" |