This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For some reason the new perl no longer has . in list of
directories searched in 'require', and so the file
needs to be copied where perl can find it.
(From OE-Core rev: 2ae879ddb72bd316e49a8200e99887dadb02b3dc)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
TLS 1.3 implementation in qt5 uses psk so retain it for now
(From OE-Core rev: ab2cc33331ee931e65a63a02cf034c1b8ee695ac)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They are still needed by several packages in meta-openembedded
(From OE-Core rev: 52af41387f1c843e7677c0bb632b2b96f9793ebd)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. Drop support for many deprecated algorithms by default
2. Allow dropping support for TLS 1.0/1.1 via PACKAGECONFIG
(From OE-Core rev: 304417a97db89d9ea4a41aa7c92b5a052896d63b)
Signed-off-by: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The following changes since commit f075071761:
conf: update for release 3.2 (2020-11-09 13:16:13 +0000)
are available in the Git repository at:
git://push.yoctoproject.org/poky-contrib fedepell/bug14083
Federico Pellegrin (1):
openssl: Add c_rehash to misc package and add perl runtime dependency
c_rehash implemented in perl is back (in history was moved to shell for
some time), so handle it inside the -misc package so just that one will
carry the heavy runtime dependency on perl and not the whole openssl
package. Note: in misc there were already before a few perl files
(tsget.pl and CA.pl) so the added perl dependency will fix those too.
[YOCTO #14083]
(From OE-Core rev: 70da1f956bfbb627691c47eba7451182aca758e3)
Signed-off-by: Federico Pellegrin <fede@evolware.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed:
$ dnf install openssl-bin
$ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes -batch
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory
(From OE-Core rev: e93cd3b83a255294c9ab728adc7e237eb1321dab)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some openssl command line operations like creating an X.509 CSR require
the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't
root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes -keyout my.key
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or directory
140289168594176:error:02001002:system library:fopen:No such file or directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r')
140289168594176:error:2006D080:BIO routines:BIO_new_file:no such file:../openssl-1.1.1g/crypto/bio/bss_file.c:76:
which is the case e.g. in core-image-minimal with just the
package openssl-bin added to the image by declaring
IMAGE_INSTALL_append = " openssl-bin"
e.g. in local.conf.
The file did not exist in the aforementioned image / configuration
because it was packaged to the main openssl package
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
(there is no other FILES specification that would match the file either)
and
path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm
[...]
/usr/lib/ssl-1.1/openssl.cnf
[...]
Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it
seems closely related) to the ${PN}-conf package to have it installed
with ${PN}-bin, which already (indirectly) depends on ${PN}-conf.
Note that the openssl recipe has the comment
Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
package RRECOMMENDS on this package. This will enable the configuration
file to be installed for both the openssl-bin package and the libcrypto
package since the openssl-bin package depends on the libcrypto package.
but openssl-conf only contained /etc/ssl/openssl.cnf
path/to/poky/build$ rpm --query --package --list tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm
/etc
/etc/ssl
/etc/ssl/openssl.cnf
/usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to
../../../etc/ssl/openssl.cnf.
Other files and directories in /usr/lib/ssl-1.1/ were considered as well
because they seem to be configuration files and / or related to
(symlinks pointing to) /etc. They were not moved though, because based
on our use case and testing moving the openssl.cnf symlink is sufficient
for fixing the immediate problem and we lack knowledge about the other
files in order to make a decision to change their packaging.
(From OE-Core rev: c1632d7041fe0c18ec61abfa79a9c025af43c033)
Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This also un-breaks python3 ptest which got broken
with 1.1.1e update.
(From OE-Core rev: b4ddf5b9d8cd769b7026663f93c8bc69b55d8cbf)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* passing PERL=perl breaks c_rehash calls from dash (works fine with bash)
dash doesn't like
#!perl
shebang
PERL="/usr/bin/env perl"
unfortunately just passing PERL like this doesn't pass do_configure:
Creating Makefile
sh: 1: /usr/bin/env perl: not found
WARNING: exit code 1 from a shell command.
But passing it as:
HASHBANGPERL="/usr/bin/env perl" PERL=perl
seems to work.
(From OE-Core rev: 79350826396a882d115caafd88b0a49c91a4fa6c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In our build environment we use wrapper script
for perl in non-standard configuration with
extra variables set (provided by custom
buildtools-tarball).
In this case openssl fails to build because
by default it's Configure script detects and uses
perl executable directly (with absolute path)
obviously missing extra settings from wrapper
script.
Pass PERL=perl environment variable to Configure,
so it won't try to use perl executable directly
but will use what is provided from environment.
(From OE-Core rev: 2b087fef6820da8a6d86ca763bd7730dcac30849)
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a build architecture leaking into the target ptest which
could vary depending upon host. Remove it as its cosmetic.
[YOCTO #13770]
(From OE-Core rev: 37db519eedb7eb5cd4f14d05f30f5d580aa7458d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is only a problem with older Apache versions.
(From OE-Core rev: 492d43296b15514ec72dfb15f37c6d2ab1fbbae3)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
with openSSL 1.1.1d we start seeing errors like
Error Generating Key
139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
when using openssl from openssl-native on build hosts, this is due to
limiting the random seed to devrandom, to support older hosts, since the
option allows to have a comma separated list of methods to try, we can
try the default first and if that fails then fallback to devrandom, this
will ensure that it keeps working with build systems which dont support
getrandom()
(From OE-Core rev: 8b4edb8552b238680d8dcef565e830a8e28a223c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Adrian Bunk <bunk@stusta.de>
Cc: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Running valgrind against code using Openssl v1.1.1c reports a large number of
uninitialized memory errors. This fix from upstream solves this problem.
(From OE-Core rev: 8081d645353ed934a0158329f2f36ea49d663e19)
Signed-off-by: Laurent Bonnans <laurent.bonnans@here.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Differentiate it from openssl gem for Ruby.
(From OE-Core rev: 2ec481b19d6c9c20ce6573de77ae89e576d6b8cb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix bug as following on aarch64BE:
Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b'
(From OE-Core rev: f29572f70a89fd88ab3898d334c126422b66755c)
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It fails to run ptest case test_shlibload which requires libcrypto.so
and libssl.so with version numbers now.
(From OE-Core rev: 728cd93f45096a1ba0997b3812504d27194b1b49)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenSSL 1.0 has been replaced by 1.1, and it would be harder
to security-support after the upstream EOL at the end of 2019.
(From OE-Core rev: 0f7ffcaa18db7bc27f30c994aafbb9f4f8b2ae7e)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We had a c_rehash shell re-implementation being used for the native
package however the ca-certificates now uses the openssl rehash
internal application so there is no use for the c_rehash anymore.
(From OE-Core rev: 672b076158247f823a518b7c33b50c82272d6388)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is only needed by 95-test_external_pyca_data which is
actually skipped on the target.
[YOCTO #13204]
(From OE-Core rev: 3ccbce74942853fb1dd5b73378f089ad8cd428a3)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl-ptest was recording now results, despite most tests passing. Fix
so that the successes/skips/failures are reported correctly.
(From OE-Core rev: a4565d62297af62ff86a83685f8d55194cd4db48)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Perl and its dependencies have a decent footprint impact. On my
xz compressed filesystem:
634880: /usr/lib/libperl.so.5.24.4
Put c_rehash in the openssl-misc package so the dependency can be
avoided where it isn't needed.
Change-Id: Iae9bccabfb1c8cfa1401ca6785abc39713d3fdf0
(From OE-Core rev: d2b1a889ef8fb9e6a2fa3d9bfc3eaf6113db9b1f)
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gcc option '-fmacro-prefix-map' is added to DEBUG_PREFIX_MAP. It has a
patch to deal option '-fdebug-prefix-map' already. Update the patch
0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch to fix
buildpaths qa issue for '-fmacro-prefix-map' too.
(From OE-Core rev: 0851e03daebeeb7e0579baa3aa195c228652d97b)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
