d99d49a007
- Update to 1.1.0h OpenSSL Security Advisory [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) (bsc#1087102) * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) (bsc#1071906) - refresh patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * openssl-1.1.0-fips.patch * openssl-pkgconfig.patch * openssl-rsakeygen-minimum-distance.patch * openssl-static-deps.patch OBS-URL: https://build.opensuse.org/request/show/591684 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=7
196 lines
8.9 KiB
Diff
196 lines
8.9 KiB
Diff
From 186a31e510d1326063cfeca17e58fadec236ad2a Mon Sep 17 00:00:00 2001
|
|
From: Richard Levitte <levitte@openssl.org>
|
|
Date: Wed, 9 Nov 2016 20:01:51 +0100
|
|
Subject: [PATCH] Building: make it possible to force linking with static
|
|
OpenSSL libs
|
|
|
|
Very simply, support having the .a extension to denote depending on
|
|
static libraries. Note that this is not supported on native Windows
|
|
when building shared libraries, as there is not static library then,
|
|
just an import library with the same name.
|
|
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/1889)
|
|
---
|
|
Configurations/common.tmpl | 14 +++++++++++---
|
|
Configurations/descrip.mms.tmpl | 23 ++++++++++++++---------
|
|
Configurations/unix-Makefile.tmpl | 19 ++++++++++++-------
|
|
Configurations/windows-makefile.tmpl | 4 +++-
|
|
Configure | 7 +++++++
|
|
5 files changed, 47 insertions(+), 20 deletions(-)
|
|
|
|
Index: openssl-1.1.0h/Configurations/common.tmpl
|
|
===================================================================
|
|
--- openssl-1.1.0h.orig/Configurations/common.tmpl 2018-03-27 15:50:37.000000000 +0200
|
|
+++ openssl-1.1.0h/Configurations/common.tmpl 2018-03-27 16:31:37.126131133 +0200
|
|
@@ -9,15 +9,22 @@
|
|
# there are no duplicate dependencies and that they are in the
|
|
# right order. This is especially used to sort the list of
|
|
# libraries that a build depends on.
|
|
+ sub extensionlesslib {
|
|
+ my @result = map { $_ =~ /(\.a)?$/; $` } @_;
|
|
+ return @result if wantarray;
|
|
+ return $result[0];
|
|
+ }
|
|
sub resolvedepends {
|
|
my $thing = shift;
|
|
+ my $extensionlessthing = extensionlesslib($thing);
|
|
my @listsofar = @_; # to check if we're looping
|
|
- my @list = @{$unified_info{depends}->{$thing}};
|
|
+ my @list = @{$unified_info{depends}->{$extensionlessthing}};
|
|
my @newlist = ();
|
|
if (scalar @list) {
|
|
foreach my $item (@list) {
|
|
+ my $extensionlessitem = extensionlesslib($item);
|
|
# It's time to break off when the dependency list starts looping
|
|
- next if grep { $_ eq $item } @listsofar;
|
|
+ next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
|
|
push @newlist, $item, resolvedepends($item, @listsofar, $item);
|
|
}
|
|
}
|
|
@@ -28,8 +35,9 @@
|
|
my @newlist = ();
|
|
while (@list) {
|
|
my $item = shift @list;
|
|
+ my $extensionlessitem = extensionlesslib($item);
|
|
push @newlist, $item
|
|
- unless grep { $item eq $_ } @list;
|
|
+ unless grep { $extensionlessitem eq extensionlesslib($_) } @list;
|
|
}
|
|
@newlist;
|
|
}
|
|
Index: openssl-1.1.0h/Configurations/descrip.mms.tmpl
|
|
===================================================================
|
|
--- openssl-1.1.0h.orig/Configurations/descrip.mms.tmpl 2018-03-27 15:50:37.000000000 +0200
|
|
+++ openssl-1.1.0h/Configurations/descrip.mms.tmpl 2018-03-27 16:31:37.126131133 +0200
|
|
@@ -537,6 +537,17 @@ configdata.pm : $(SRCDIR)Configure $(SRC
|
|
use File::Basename;
|
|
use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
|
|
|
|
+ # Helper function to figure out dependencies on libraries
|
|
+ # It takes a list of library names and outputs a list of dependencies
|
|
+ sub compute_lib_depends {
|
|
+ if ($disabled{shared}) {
|
|
+ return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
|
|
+ }
|
|
+ return map { $_ =~ /\.a$/
|
|
+ ? $`.".OLB"
|
|
+ : $unified_info{sharednames}->{$_}.".EXE" } @_;
|
|
+ }
|
|
+
|
|
sub generatesrc {
|
|
my %args = @_;
|
|
my $generator = join(" ", @{$args{generator}});
|
|
@@ -632,9 +643,7 @@ EOF
|
|
my $libd = dirname($lib);
|
|
my $libn = basename($lib);
|
|
(my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
|
|
- my @deps = map {
|
|
- $disabled{shared} ? $_.".OLB"
|
|
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
|
|
+ my @deps = compute_lib_depends(@{$args{deps}});
|
|
my $deps = join(", -\n\t\t", @deps);
|
|
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
|
|
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
|
|
@@ -680,9 +689,7 @@ EOF
|
|
my $libn = basename($lib);
|
|
(my $libn_nolib = $libn) =~ s/^lib//;
|
|
my @objs = map { "$_.OBJ" } @{$args{objs}};
|
|
- my @deps = map {
|
|
- $disabled{shared} ? $_.".OLB"
|
|
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
|
|
+ my @deps = compute_lib_depends(@{$args{deps}});
|
|
my $deps = join(", -\n\t\t", @objs, @deps);
|
|
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
|
|
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
|
|
@@ -732,9 +739,7 @@ EOF
|
|
my $bind = dirname($bin);
|
|
my $binn = basename($bin);
|
|
my @objs = map { "$_.OBJ" } @{$args{objs}};
|
|
- my @deps = map {
|
|
- $disabled{shared} ? $_.".OLB"
|
|
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
|
|
+ my @deps = compute_lib_depends(@{$args{deps}});
|
|
my $deps = join(", -\n\t\t", @objs, @deps);
|
|
# The "[]" hack is because in .OPT files, each line inherits the
|
|
# previous line's file spec as default, so if no directory spec
|
|
Index: openssl-1.1.0h/Configurations/unix-Makefile.tmpl
|
|
===================================================================
|
|
--- openssl-1.1.0h.orig/Configurations/unix-Makefile.tmpl 2018-03-27 16:31:37.110130877 +0200
|
|
+++ openssl-1.1.0h/Configurations/unix-Makefile.tmpl 2018-03-27 16:31:37.126131133 +0200
|
|
@@ -755,13 +755,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRC
|
|
# It takes a list of library names and outputs a list of dependencies
|
|
sub compute_lib_depends {
|
|
if ($disabled{shared}) {
|
|
- return map { $_.$libext } @_;
|
|
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
|
|
}
|
|
|
|
# Depending on shared libraries:
|
|
# On Windows POSIX layers, we depend on {libname}.dll.a
|
|
# On Unix platforms, we depend on {shlibname}.so
|
|
- return map { shlib_simple($_) } @_;
|
|
+ return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_;
|
|
}
|
|
|
|
sub generatesrc {
|
|
@@ -976,11 +976,16 @@ EOF
|
|
my $binn = basename($bin);
|
|
my $objs = join(" ", map { $_.$objext } @{$args{objs}});
|
|
my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
|
|
- my $linklibs = join("", map { my $d = dirname($_);
|
|
- my $f = basename($_);
|
|
- $d = "." if $d eq $f;
|
|
- (my $l = $f) =~ s/^lib//;
|
|
- " -L$d -l$l" } @{$args{deps}});
|
|
+ my $linklibs = join("", map { if ($_ =~ /\.a$/) {
|
|
+ " $_";
|
|
+ } else {
|
|
+ my $d = dirname($_);
|
|
+ my $f = basename($_);
|
|
+ $d = "." if $d eq $f;
|
|
+ (my $l = $f) =~ s/^lib//;
|
|
+ " -L$d -l$l"
|
|
+ }
|
|
+ } @{$args{deps}});
|
|
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
|
|
return <<"EOF";
|
|
$bin$exeext: $objs $deps
|
|
Index: openssl-1.1.0h/Configurations/windows-makefile.tmpl
|
|
===================================================================
|
|
--- openssl-1.1.0h.orig/Configurations/windows-makefile.tmpl 2018-03-27 15:50:37.000000000 +0200
|
|
+++ openssl-1.1.0h/Configurations/windows-makefile.tmpl 2018-03-27 16:31:37.126131133 +0200
|
|
@@ -361,8 +361,10 @@ configdata.pm: "$(SRCDIR)\Configure" {-
|
|
# It takes a list of library names and outputs a list of dependencies
|
|
sub compute_lib_depends {
|
|
if ($disabled{shared}) {
|
|
- return map { $_.$libext } @_;
|
|
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
|
|
}
|
|
+ die "Linking with static OpenSSL libraries is not supported in this configuration\n"
|
|
+ if grep /\.a$/, @_;
|
|
return map { shlib_import($_) } @_;
|
|
}
|
|
|
|
Index: openssl-1.1.0h/Configure
|
|
===================================================================
|
|
--- openssl-1.1.0h.orig/Configure 2018-03-27 15:50:37.000000000 +0200
|
|
+++ openssl-1.1.0h/Configure 2018-03-27 16:31:37.126131133 +0200
|
|
@@ -1844,9 +1844,16 @@ EOF
|
|
$d = cleanfile($buildd, $_, $blddir);
|
|
}
|
|
# Take note if the file to depend on is being renamed
|
|
+ # Take extra care with files ending with .a, they should
|
|
+ # be treated without that extension, and the extension
|
|
+ # should be added back after treatment.
|
|
+ $d =~ /(\.a)?$/;
|
|
+ my $e = $1 // "";
|
|
+ $d = $`;
|
|
if ($unified_info{rename}->{$d}) {
|
|
$d = $unified_info{rename}->{$d};
|
|
}
|
|
+ $d .= $e;
|
|
$unified_info{depends}->{$ddest}->{$d} = 1;
|
|
}
|
|
}
|