SHA256
1
0
forked from pool/openssl-1_1
openssl-1_1/openssl-static-deps.patch
Tomáš Chvátal d99d49a007 Accepting request 591684 from home:vitezslav_cizek:branches:security:tls
- Update to 1.1.0h
  OpenSSL Security Advisory [27 Mar 2018]
  * Constructed ASN.1 types with a recursive definition could exceed
    the stack (CVE-2018-0739) (bsc#1087102)
  * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
    (bsc#1071906)
- refresh patches:
  * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
  * openssl-1.1.0-fips.patch
  * openssl-pkgconfig.patch
  * openssl-rsakeygen-minimum-distance.patch
  * openssl-static-deps.patch

OBS-URL: https://build.opensuse.org/request/show/591684
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=7
2018-03-27 15:20:21 +00:00

196 lines
8.9 KiB
Diff

From 186a31e510d1326063cfeca17e58fadec236ad2a Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 9 Nov 2016 20:01:51 +0100
Subject: [PATCH] Building: make it possible to force linking with static
OpenSSL libs
Very simply, support having the .a extension to denote depending on
static libraries. Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
---
Configurations/common.tmpl | 14 +++++++++++---
Configurations/descrip.mms.tmpl | 23 ++++++++++++++---------
Configurations/unix-Makefile.tmpl | 19 ++++++++++++-------
Configurations/windows-makefile.tmpl | 4 +++-
Configure | 7 +++++++
5 files changed, 47 insertions(+), 20 deletions(-)
Index: openssl-1.1.0h/Configurations/common.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/common.tmpl 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configurations/common.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -9,15 +9,22 @@
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
+ sub extensionlesslib {
+ my @result = map { $_ =~ /(\.a)?$/; $` } @_;
+ return @result if wantarray;
+ return $result[0];
+ }
sub resolvedepends {
my $thing = shift;
+ my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
- my @list = @{$unified_info{depends}->{$thing}};
+ my @list = @{$unified_info{depends}->{$extensionlessthing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
+ my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
- next if grep { $_ eq $item } @listsofar;
+ next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@@ -28,8 +35,9 @@
my @newlist = ();
while (@list) {
my $item = shift @list;
+ my $extensionlessitem = extensionlesslib($item);
push @newlist, $item
- unless grep { $item eq $_ } @list;
+ unless grep { $extensionlessitem eq extensionlesslib($_) } @list;
}
@newlist;
}
Index: openssl-1.1.0h/Configurations/descrip.mms.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/descrip.mms.tmpl 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configurations/descrip.mms.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -537,6 +537,17 @@ configdata.pm : $(SRCDIR)Configure $(SRC
use File::Basename;
use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
+ # Helper function to figure out dependencies on libraries
+ # It takes a list of library names and outputs a list of dependencies
+ sub compute_lib_depends {
+ if ($disabled{shared}) {
+ return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
+ }
+ return map { $_ =~ /\.a$/
+ ? $`.".OLB"
+ : $unified_info{sharednames}->{$_}.".EXE" } @_;
+ }
+
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -632,9 +643,7 @@ EOF
my $libd = dirname($lib);
my $libn = basename($lib);
(my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+ my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
@@ -680,9 +689,7 @@ EOF
my $libn = basename($lib);
(my $libn_nolib = $libn) =~ s/^lib//;
my @objs = map { "$_.OBJ" } @{$args{objs}};
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+ my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @objs, @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
@@ -732,9 +739,7 @@ EOF
my $bind = dirname($bin);
my $binn = basename($bin);
my @objs = map { "$_.OBJ" } @{$args{objs}};
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+ my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @objs, @deps);
# The "[]" hack is because in .OPT files, each line inherits the
# previous line's file spec as default, so if no directory spec
Index: openssl-1.1.0h/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/unix-Makefile.tmpl 2018-03-27 16:31:37.110130877 +0200
+++ openssl-1.1.0h/Configurations/unix-Makefile.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -755,13 +755,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRC
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
- return map { $_.$libext } @_;
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
}
# Depending on shared libraries:
# On Windows POSIX layers, we depend on {libname}.dll.a
# On Unix platforms, we depend on {shlibname}.so
- return map { shlib_simple($_) } @_;
+ return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_;
}
sub generatesrc {
@@ -976,11 +976,16 @@ EOF
my $binn = basename($bin);
my $objs = join(" ", map { $_.$objext } @{$args{objs}});
my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
- my $linklibs = join("", map { my $d = dirname($_);
- my $f = basename($_);
- $d = "." if $d eq $f;
- (my $l = $f) =~ s/^lib//;
- " -L$d -l$l" } @{$args{deps}});
+ my $linklibs = join("", map { if ($_ =~ /\.a$/) {
+ " $_";
+ } else {
+ my $d = dirname($_);
+ my $f = basename($_);
+ $d = "." if $d eq $f;
+ (my $l = $f) =~ s/^lib//;
+ " -L$d -l$l"
+ }
+ } @{$args{deps}});
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
return <<"EOF";
$bin$exeext: $objs $deps
Index: openssl-1.1.0h/Configurations/windows-makefile.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/windows-makefile.tmpl 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configurations/windows-makefile.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -361,8 +361,10 @@ configdata.pm: "$(SRCDIR)\Configure" {-
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
- return map { $_.$libext } @_;
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
}
+ die "Linking with static OpenSSL libraries is not supported in this configuration\n"
+ if grep /\.a$/, @_;
return map { shlib_import($_) } @_;
}
Index: openssl-1.1.0h/Configure
===================================================================
--- openssl-1.1.0h.orig/Configure 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configure 2018-03-27 16:31:37.126131133 +0200
@@ -1844,9 +1844,16 @@ EOF
$d = cleanfile($buildd, $_, $blddir);
}
# Take note if the file to depend on is being renamed
+ # Take extra care with files ending with .a, they should
+ # be treated without that extension, and the extension
+ # should be added back after treatment.
+ $d =~ /(\.a)?$/;
+ my $e = $1 // "";
+ $d = $`;
if ($unified_info{rename}->{$d}) {
$d = $unified_info{rename}->{$d};
}
+ $d .= $e;
$unified_info{depends}->{$ddest}->{$d} = 1;
}
}