[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Seiderer]

- remove all parallel build patches (openssl build-system changed)

- rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
  to apply to Configurations/unix-Makefile.tmpl (Makefile template)

- removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
  (upstream applied)

- rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
  apply to crypto/build.info (Makefile template)

- fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'

- remove legacy enable-tlsext configure option

- fix host library install path

- change legacy INSTALL_PREFIX to DESTDIR

- remove 'libraries gets installed read only, so strip fails'
  workaround (not needed anymore)

- change engine directory from /usr/lib/engines to
  /usr/lib/engines-1.1

- change license file hash, no license change, only the following
  hint was removed:

    Actually both licenses are BSD-style Open Source licenses.
    In case of any license issues related to OpenSSL please
    contact openssl-core at openssl.org.

- fix host-libopenssl compile setting rpath as decribed in
  libopenssl-1.1.0h/NOTES.UNIX

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
Changes v3 -> v4:
  - bump version to 1.1.1a
  - remove all parallel build patches hash file entries
  - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
    (upstream applied)
  - fix hist library install path
  - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
    (upstram applied)
  - remove follow up patch for openssh (not longer needed since
    version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
    Portability)

Changes v2 -> v3:
  - no changes

Changes v1 -> v2:
  - add OPENSSL_NO_ASYNC workaround for musl compile too
    (suggested by Bernd Kuhls)

  - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
    (suggested by Ryan Coe)

  - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
    and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
    to the Makefile templates (instead of re-generated Makefile)
    (reported by Ryan Coe)

  - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
    (suggested by Bernd Kuhls)

Notes:

 - There was a previous attempt to bump the openssl version by
   David Mosberger <davidm@egauge.net>. I could not find the
   corresponding patch in patchwork or on the mailing list,
   only a reply by Arnout Vandecappelle (see [2]) and the
   answer by David Mosberger (see [3]).

 - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
   O.k:
     - hostapd
     - libpjsip
     - mosquitto
     - wpa_supplicant

    Failure:
     - softether/host-softether

 - Compile checked packages (depending on openssl or host-openssl):
    O.k.:
      - alljoyn-base
      - apr
      - apr-util
      - freeswitch
      - openssh

    Failure:
      - android-tools
      - apache (CMake configure errro, unrelated?)

[2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
[3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
---
 ...building-manpages-if-we-re-not-going.patch |  34 +-
 ...-Fix-issue-with-signature-generation.patch | 450 ------------------
 ...ible-build-do-not-leak-compiler-path.patch |  31 +-
 package/libopenssl/libopenssl.hash            |  15 +-
 package/libopenssl/libopenssl.mk              |  41 +-
 5 files changed, 61 insertions(+), 510 deletions(-)
 delete mode 100644 package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch

diff --git a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
index 10d2b7526c..f20b6f0834 100644
--- a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
+++ b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
@@ -1,27 +1,31 @@
-From 389efb564fa1453a9da835393eec9006bfae2a52 Mon Sep 17 00:00:00 2001
+From d8f104bffb0c4acb8c5fcdf49628f7d02ed48f7f Mon Sep 17 00:00:00 2001
 From: Mike Frysinger <vapier@gentoo.org>
 Date: Sat, 16 May 2015 18:53:51 +0200
-Subject: Dont waste time building manpages if we're not going to use em.
+Subject: [PATCH] Dont waste time building manpages if we're not going to use
+ em.
 
 Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
 [Gustavo: update for parallel-build]
+
+[rebased on openssl-1.1.0h]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
 ---
- Makefile.org | 2 +-
+ Configurations/unix-Makefile.tmpl | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/Makefile.org b/Makefile.org
-index 60f07cc..976ceaf 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -527,7 +527,7 @@ dist:
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 40cf2c3..777d9ca 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -268,7 +268,7 @@ list-tests:
+ 	@echo "Tests are not supported with your chosen Configure options"
+ 	@ : {- output_on() if !$disabled{tests}; "" -}
+ 
+-install: install_sw install_ssldirs install_docs
++install: install_sw install_ssldirs
  
--install: install_docs install_sw
-+install: install_sw
+ uninstall: uninstall_docs uninstall_sw
  
- install_sw:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 -- 
-1.9.1
+2.16.3
 
diff --git a/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch b/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
deleted file mode 100644
index 47295500c0..0000000000
--- a/package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
+++ /dev/null
@@ -1,450 +0,0 @@
-From 90fd7e8f1a316cda86ee442b43fcd7d5e5baeede Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Sat, 16 May 2015 18:55:08 +0200
-Subject: cryptodev: Fix issue with signature generation
-
-Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
-from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
-It was originally targetted at 1.0.2-beta3.
-
-Without this patch digest acceleration via cryptodev is broken.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
----
- crypto/engine/eng_cryptodev.c | 195 +++++++++++++++++++++++++++++++-----------
- 1 file changed, 146 insertions(+), 49 deletions(-)
-
-diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
-index 926d95c..7021d9a 100644
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -2,6 +2,7 @@
-  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
-  * Copyright (c) 2002 Theo de Raadt
-  * Copyright (c) 2002 Markus Friedl
-+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
-  * All rights reserved.
-  *
-  * Redistribution and use in source and binary forms, with or without
-@@ -72,7 +73,6 @@ struct dev_crypto_state {
-     struct session_op d_sess;
-     int d_fd;
- # ifdef USE_CRYPTODEV_DIGESTS
--    char dummy_mac_key[HASH_MAX_LEN];
-     unsigned char digest_res[HASH_MAX_LEN];
-     char *mac_data;
-     int mac_len;
-@@ -189,8 +189,10 @@ static struct {
- static struct {
-     int id;
-     int nid;
--    int keylen;
-+    int digestlen;
- } digests[] = {
-+#if 0
-+    /* HMAC is not supported */
-     {
-         CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
-     },
-@@ -198,15 +200,15 @@ static struct {
-         CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
-     },
-     {
--        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
--        /* ? */
-+        CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32
-     },
-     {
--        CRYPTO_MD5_KPDK, NID_undef, 0
-+        CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48
-     },
-     {
--        CRYPTO_SHA1_KPDK, NID_undef, 0
-+        CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64
-     },
-+#endif
-     {
-         CRYPTO_MD5, NID_md5, 16
-     },
-@@ -214,6 +216,15 @@ static struct {
-         CRYPTO_SHA1, NID_sha1, 20
-     },
-     {
-+        CRYPTO_SHA2_256, NID_sha256, 32
-+    },
-+    {
-+        CRYPTO_SHA2_384, NID_sha384, 48
-+    },
-+    {
-+        CRYPTO_SHA2_512, NID_sha512, 64
-+    },
-+    {
-         0, NID_undef, 0
-     },
- };
-@@ -288,13 +299,14 @@ static int get_cryptodev_ciphers(const int **cnids)
-     static int nids[CRYPTO_ALGORITHM_MAX];
-     struct session_op sess;
-     int fd, i, count = 0;
-+    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- 
-     if ((fd = get_dev_crypto()) < 0) {
-         *cnids = NULL;
-         return (0);
-     }
-     memset(&sess, 0, sizeof(sess));
--    sess.key = (caddr_t) "123456789abcdefghijklmno";
-+    sess.key = (void*)fake_key;
- 
-     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-         if (ciphers[i].nid == NID_undef)
-@@ -327,18 +339,19 @@ static int get_cryptodev_digests(const int **cnids)
-     static int nids[CRYPTO_ALGORITHM_MAX];
-     struct session_op sess;
-     int fd, i, count = 0;
-+    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- 
-     if ((fd = get_dev_crypto()) < 0) {
-         *cnids = NULL;
-         return (0);
-     }
-     memset(&sess, 0, sizeof(sess));
--    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
-+    sess.mackey = fake_key;
-     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-         if (digests[i].nid == NID_undef)
-             continue;
-         sess.mac = digests[i].id;
--        sess.mackeylen = digests[i].keylen;
-+        sess.mackeylen = 8;
-         sess.cipher = 0;
-         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -424,14 +437,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-     cryp.ses = sess->ses;
-     cryp.flags = 0;
-     cryp.len = inl;
--    cryp.src = (caddr_t) in;
--    cryp.dst = (caddr_t) out;
-+    cryp.src = (void*) in;
-+    cryp.dst = (void*) out;
-     cryp.mac = 0;
- 
-     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
- 
-     if (ctx->cipher->iv_len) {
--        cryp.iv = (caddr_t) ctx->iv;
-+	cryp.iv = (void*) ctx->iv;
-         if (!ctx->encrypt) {
-             iiv = in + inl - ctx->cipher->iv_len;
-             memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -483,7 +496,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-     if ((state->d_fd = get_dev_crypto()) < 0)
-         return (0);
- 
--    sess->key = (caddr_t) key;
-+    sess->key = (void*)key;
-     sess->keylen = ctx->key_len;
-     sess->cipher = cipher;
- 
-@@ -749,16 +762,6 @@ static int digest_nid_to_cryptodev(int nid)
-     return (0);
- }
- 
--static int digest_key_length(int nid)
--{
--    int i;
--
--    for (i = 0; digests[i].id; i++)
--        if (digests[i].nid == nid)
--            return digests[i].keylen;
--    return (0);
--}
--
- static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- {
-     struct dev_crypto_state *state = ctx->md_data;
-@@ -769,7 +772,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-         printf("cryptodev_digest_init: Can't get digest \n");
-         return (0);
-     }
--
-     memset(state, 0, sizeof(struct dev_crypto_state));
- 
-     if ((state->d_fd = get_dev_crypto()) < 0) {
-@@ -777,8 +779,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-         return (0);
-     }
- 
--    sess->mackey = state->dummy_mac_key;
--    sess->mackeylen = digest_key_length(ctx->digest->type);
-+    sess->mackey = NULL;
-+    sess->mackeylen = 0;
-     sess->mac = digest;
- 
-     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-@@ -794,8 +796,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
- static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-                                    size_t count)
- {
--    struct crypt_op cryp;
-     struct dev_crypto_state *state = ctx->md_data;
-+    struct crypt_op cryp;
-     struct session_op *sess = &state->d_sess;
- 
-     if (!data || state->d_fd < 0) {
-@@ -804,7 +806,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-     }
- 
-     if (!count) {
--        return (0);
-+        return (1);
-     }
- 
-     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-@@ -828,9 +830,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-     cryp.ses = sess->ses;
-     cryp.flags = 0;
-     cryp.len = count;
--    cryp.src = (caddr_t) data;
-+    cryp.src = (void*) data;
-     cryp.dst = NULL;
--    cryp.mac = (caddr_t) state->digest_res;
-+    cryp.mac = (void*) state->digest_res;
-     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-         printf("cryptodev_digest_update: digest failed\n");
-         return (0);
-@@ -844,8 +846,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-     struct dev_crypto_state *state = ctx->md_data;
-     struct session_op *sess = &state->d_sess;
- 
--    int ret = 1;
--
-     if (!md || state->d_fd < 0) {
-         printf("cryptodev_digest_final: illegal input\n");
-         return (0);
-@@ -859,7 +859,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-         cryp.len = state->mac_len;
-         cryp.src = state->mac_data;
-         cryp.dst = NULL;
--        cryp.mac = (caddr_t) md;
-+	cryp.mac = (void*)md;
-         if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-             printf("cryptodev_digest_final: digest failed\n");
-             return (0);
-@@ -870,7 +870,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
- 
-     memcpy(md, state->digest_res, ctx->digest->md_size);
- 
--    return (ret);
-+    return 1;
- }
- 
- static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -921,8 +921,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- 
-     digest = digest_nid_to_cryptodev(to->digest->type);
- 
--    sess->mackey = dstate->dummy_mac_key;
--    sess->mackeylen = digest_key_length(to->digest->type);
-+    sess->mackey = NULL;
-+    sess->mackeylen = 0;
-     sess->mac = digest;
- 
-     dstate->d_fd = get_dev_crypto();
-@@ -947,32 +947,116 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
- 
- const EVP_MD cryptodev_sha1 = {
-     NID_sha1,
--    NID_undef,
-+    NID_sha1WithRSAEncryption,
-     SHA_DIGEST_LENGTH,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+    EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-     EVP_MD_FLAG_ONESHOT,
-     cryptodev_digest_init,
-     cryptodev_digest_update,
-     cryptodev_digest_final,
-     cryptodev_digest_copy,
-     cryptodev_digest_cleanup,
--    EVP_PKEY_NULL_method,
-+    EVP_PKEY_RSA_method,
-     SHA_CBLOCK,
--    sizeof(struct dev_crypto_state),
-+    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
- 
--const EVP_MD cryptodev_md5 = {
-+static const EVP_MD cryptodev_sha256 = {
-+    NID_sha256,
-+    NID_sha256WithRSAEncryption,
-+    SHA256_DIGEST_LENGTH, 
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+    EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+    EVP_MD_FLAG_ONESHOT,
-+    cryptodev_digest_init,
-+    cryptodev_digest_update,
-+    cryptodev_digest_final,
-+    cryptodev_digest_copy,
-+    cryptodev_digest_cleanup,
-+    EVP_PKEY_RSA_method,
-+    SHA256_CBLOCK,
-+    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha224 = {
-+    NID_sha224,
-+    NID_sha224WithRSAEncryption, 
-+    SHA224_DIGEST_LENGTH, 
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+    EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+    EVP_MD_FLAG_ONESHOT,
-+    cryptodev_digest_init,
-+    cryptodev_digest_update,
-+    cryptodev_digest_final,
-+    cryptodev_digest_copy,
-+    cryptodev_digest_cleanup,
-+    EVP_PKEY_RSA_method,
-+    SHA256_CBLOCK,
-+    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha384 = {
-+    NID_sha384,
-+    NID_sha384WithRSAEncryption, 
-+    SHA384_DIGEST_LENGTH, 
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+    EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+    EVP_MD_FLAG_ONESHOT,
-+    cryptodev_digest_init,
-+    cryptodev_digest_update,
-+    cryptodev_digest_final,
-+    cryptodev_digest_copy,
-+    cryptodev_digest_cleanup,
-+    EVP_PKEY_RSA_method,
-+    SHA512_CBLOCK,
-+    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_sha512 = {
-+    NID_sha512,
-+    NID_sha512WithRSAEncryption, 
-+    SHA512_DIGEST_LENGTH, 
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+    EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-+    EVP_MD_FLAG_ONESHOT,
-+    cryptodev_digest_init,
-+    cryptodev_digest_update,
-+    cryptodev_digest_final,
-+    cryptodev_digest_copy,
-+    cryptodev_digest_cleanup,
-+    EVP_PKEY_RSA_method,
-+    SHA512_CBLOCK,
-+    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-+};
-+
-+static const EVP_MD cryptodev_md5 = {
-     NID_md5,
--    NID_undef,
-+    NID_md5WithRSAEncryption,
-     16 /* MD5_DIGEST_LENGTH */ ,
-+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
-+    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
-+    EVP_MD_FLAG_DIGALGID_ABSENT|
-+#endif
-     EVP_MD_FLAG_ONESHOT,
-     cryptodev_digest_init,
-     cryptodev_digest_update,
-     cryptodev_digest_final,
-     cryptodev_digest_copy,
-     cryptodev_digest_cleanup,
--    EVP_PKEY_NULL_method,
-+    EVP_PKEY_RSA_method,
-     64 /* MD5_CBLOCK */ ,
--    sizeof(struct dev_crypto_state),
-+    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
- };
- 
- # endif                         /* USE_CRYPTODEV_DIGESTS */
-@@ -992,6 +1076,18 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-     case NID_sha1:
-         *digest = &cryptodev_sha1;
-         break;
-+    case NID_sha224:
-+        *digest = &cryptodev_sha224;
-+	break;
-+    case NID_sha256:
-+        *digest = &cryptodev_sha256;
-+	break;
-+    case NID_sha384:
-+        *digest = &cryptodev_sha384;
-+	break;
-+    case NID_sha512:
-+    	*digest = &cryptodev_sha512;
-+	break;
-     default:
- # endif                         /* USE_CRYPTODEV_DIGESTS */
-         *digest = NULL;
-@@ -1022,7 +1118,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
-         return (1);
-     memset(b, 0, bytes);
- 
--    crp->crp_p = (caddr_t) b;
-+    crp->crp_p = (void*) b;
-     crp->crp_nbits = bits;
- 
-     for (i = 0, j = 0; i < a->top; i++) {
-@@ -1277,7 +1373,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
-     kop.crk_op = CRK_DSA_SIGN;
- 
-     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
--    kop.crk_param[0].crp_p = (caddr_t) dgst;
-+    kop.crk_param[0].crp_p = (void*)dgst;
-     kop.crk_param[0].crp_nbits = dlen * 8;
-     if (bn2crparam(dsa->p, &kop.crk_param[1]))
-         goto err;
-@@ -1317,7 +1413,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-     kop.crk_op = CRK_DSA_VERIFY;
- 
-     /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
--    kop.crk_param[0].crp_p = (caddr_t) dgst;
-+    kop.crk_param[0].crp_p = (void*)dgst;
-     kop.crk_param[0].crp_nbits = dlen * 8;
-     if (bn2crparam(dsa->p, &kop.crk_param[1]))
-         goto err;
-@@ -1398,9 +1494,10 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-         goto err;
-     kop.crk_iparams = 3;
- 
--    kop.crk_param[3].crp_p = (caddr_t) key;
--    kop.crk_param[3].crp_nbits = keylen * 8;
-+    kop.crk_param[3].crp_p = (void*) key;
-+    kop.crk_param[3].crp_nbits = keylen;
-     kop.crk_oparams = 1;
-+    dhret = keylen / 8;
- 
-     if (ioctl(fd, CIOCKEY, &kop) == -1) {
-         const DH_METHOD *meth = DH_OpenSSL();
-@@ -1470,7 +1567,7 @@ void ENGINE_load_cryptodev(void)
-     put_dev_crypto(fd);
- 
-     if (!ENGINE_set_id(engine, "cryptodev") ||
--        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-+        !ENGINE_set_name(engine, "cryptodev engine") ||
-         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-         !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-         !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
--- 
-1.9.1
-
diff --git a/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch b/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
index eff72c548a..820c2addf1 100644
--- a/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
+++ b/package/libopenssl/0003-Reproducible-build-do-not-leak-compiler-path.patch
@@ -1,26 +1,29 @@
-From 875fcad2ad84877763cba86c1265b57679b878b0 Mon Sep 17 00:00:00 2001
+From b70be8c65365a8fc564226360d45adbbb29fc0af Mon Sep 17 00:00:00 2001
 From: Peter Seiderer <ps.report@gmx.net>
 Date: Tue, 24 Oct 2017 16:58:32 +0200
 Subject: [PATCH] Reproducible build: do not leak compiler path
 
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+
+[Rebased on openssl-1.1.1.a]
 Signed-off-by: Peter Seiderer <ps.report@gmx.net>
 ---
- crypto/Makefile | 2 +-
+ crypto/build.info | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/crypto/Makefile b/crypto/Makefile
-index 7869996..7e63291 100644
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -55,7 +55,7 @@ top:
- all: shared
+diff --git a/crypto/build.info b/crypto/build.info
+index 2c619c6..49ca6ab 100644
+--- a/crypto/build.info
++++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
  
- buildinf.h: ../Makefile
--	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
-+	$(PERL) $(TOP)/util/mkbuildinf.pl "$$(basename $(CC)) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
  
- x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
- 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
 -- 
-2.11.0
+2.20.1
 
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 83fb8bd513..568d7e8b52 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,10 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha256
-sha256	5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684	openssl-1.0.2q.tar.gz
-# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha1
-sha1	692f5f2f1b114f8adaadaa3e7be8cce1907f38c5				openssl-1.0.2q.tar.gz
-# Locally computed
-sha256	eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9	openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256	147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f	openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256	30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956	openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256	deaf6f3af41874ecc6d63841ea14b8e6c71cea81d4a511a754bc90c9a993147f	openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
-sha256	c8f60f4842bbad0353f5d81620e72b168b5638ca3a0a999f5da113b22491612e	LICENSE
+# From https://www.openssl.org/source/openssl-1.1.1a.tar.gz.sha256
+sha256	fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41	openssl-1.1.1a.tar.gz
+
+# License files
+sha256	350c7817af2ef980d3f3922bc5e0bb6a9d9f6cc21e784a699bcd2a31c74a84b1	LICENSE
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index dc15abf66a..e461e08126 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.0.2q
+LIBOPENSSL_VERSION = 1.1.1a
 LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay
@@ -15,11 +15,6 @@ HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
 LIBOPENSSL_TARGET_ARCH = generic32
 LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS)
 LIBOPENSSL_PROVIDES = openssl
-LIBOPENSSL_PATCH = \
-	https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
-	https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
-	https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d \
-	https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 
 # relocation truncated to fit: R_68K_GOT16O
 ifeq ($(BR2_m68k_cf),y)
@@ -35,6 +30,20 @@ LIBOPENSSL_CFLAGS += -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
 LIBOPENSSL_DEPENDENCIES += cryptodev
 endif
 
+# fixes the following build failures:
+#
+# - musl
+#   ./libcrypto.so: undefined reference to `getcontext'
+#   ./libcrypto.so: undefined reference to `setcontext'
+#   ./libcrypto.so: undefined reference to `makecontext'
+#
+# - uclibc:
+#   crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name ?ucontext_t?
+#
+ifneq ($(BR2_TOOLCHAIN_USES_MUSL)$(BR2_TOOLCHAIN_USES_UCLIBC),)
+LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
+endif
+
 # Some architectures are optimized in OpenSSL
 # Doesn't work for thumb-only (Cortex-M?)
 ifeq ($(BR2_ARM_CPU_HAS_ARM),y)
@@ -65,7 +74,8 @@ define HOST_LIBOPENSSL_CONFIGURE_CMDS
 		./config \
 		--prefix=$(HOST_DIR) \
 		--openssldir=$(HOST_DIR)/etc/ssl \
-		--libdir=/lib \
+		--libdir=$(HOST_DIR)/lib \
+		-Wl,-rpath,'$(HOST_DIR)/lib' \
 		shared \
 		zlib-dynamic \
 	)
@@ -86,7 +96,6 @@ define LIBOPENSSL_CONFIGURE_CMDS
 			no-rc5 \
 			enable-camellia \
 			enable-mdc2 \
-			enable-tlsext \
 			$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
 			$(if $(BR2_STATIC_LIBS),no-dso) \
 	)
@@ -112,7 +121,7 @@ define LIBOPENSSL_BUILD_CMDS
 endef
 
 define LIBOPENSSL_INSTALL_STAGING_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) INSTALL_PREFIX=$(STAGING_DIR) install
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
 endef
 
 define HOST_LIBOPENSSL_INSTALL_CMDS
@@ -120,7 +129,7 @@ define HOST_LIBOPENSSL_INSTALL_CMDS
 endef
 
 define LIBOPENSSL_INSTALL_TARGET_CMDS
-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) INSTALL_PREFIX=$(TARGET_DIR) install
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
 	rm -rf $(TARGET_DIR)/usr/lib/ssl
 	rm -f $(TARGET_DIR)/usr/bin/c_rehash
 endef
@@ -135,16 +144,6 @@ endef
 LIBOPENSSL_POST_INSTALL_STAGING_HOOKS += LIBOPENSSL_FIXUP_STATIC_PKGCONFIG
 endif
 
-ifneq ($(BR2_STATIC_LIBS),y)
-# libraries gets installed read only, so strip fails
-define LIBOPENSSL_INSTALL_FIXUPS_SHARED
-	chmod +w $(TARGET_DIR)/usr/lib/engines/lib*.so
-	for i in $(addprefix $(TARGET_DIR)/usr/lib/,libcrypto.so.* libssl.so.*); \
-	do chmod +w $$i; done
-endef
-LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_INSTALL_FIXUPS_SHARED
-endif
-
 ifeq ($(BR2_PACKAGE_PERL),)
 define LIBOPENSSL_REMOVE_PERL_SCRIPTS
 	$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.pl,tsget}
@@ -162,7 +161,7 @@ endif
 
 ifneq ($(BR2_PACKAGE_LIBOPENSSL_ENGINES),y)
 define LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
-	rm -rf $(TARGET_DIR)/usr/lib/engines
+	rm -rf $(TARGET_DIR)/usr/lib/engines-1.1
 endef
 LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
 endif
-- 
2.20.1

[Buildroot] [PATCH v4 2/2] freeswitch: bump to git master 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e

[Peter Seiderer]

Enables openssl-1.1.0h compatible compile.

- add bootstrap.sh post-patch call (normal AUTORECONF is broken)
- add tiff dependency (bundled tiff source is gone)
- rebase (and git format) 001-libvpx-cross.patch patch
- update libs/srtp/LICENSE file hash (updated copyright year)

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
Changes v2 -> v3:
  - add PATH=$(BR_PATH) for bootstrap.sh call (suggested by Bernd Kuhls)

  - fix need for disabled BR2_COMPILER_PARANOID_UNSAFE_PATH, run
    bootstrap.sh as post-patch insted pre-configure (as the freetype
    packege does)

Changes v1 -> v2:
  - new patch (suggested by Bernd Kuhls)
---
 .../0001-Fix-cross-compiling-libvpx.patch     | 30 ++++++++++++-------
 package/freeswitch/freeswitch.hash            | 11 +++----
 package/freeswitch/freeswitch.mk              | 16 ++++++++--
 3 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch b/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch
index 1d4b97a7a0..9542d037ed 100644
--- a/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch
+++ b/package/freeswitch/0001-Fix-cross-compiling-libvpx.patch
@@ -1,4 +1,7 @@
-Fix cross-compiling libvpx
+From 4ba073af7877242a79579b040e3be00bed4275cc Mon Sep 17 00:00:00 2001
+From: Bernd Kuhls <bernd.kuhls@t-online.de>
+Date: Thu, 3 May 2018 22:24:23 +0200
+Subject: [PATCH] Fix cross-compiling libvpx
 
 Freeswitch since version 1.6.7 only uses an in-tree-version of libvpx:
 https://freeswitch.org/fisheye/changelog/freeswitch?cs=febe0f8dacea2d2a31902b3dc469be757f8c3c4d
@@ -10,20 +13,27 @@ package/freeswitch/freeswitch.mk and add target=generic-gnu as
 configure parameter:
 https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/libs/libvpx/README#110
 
-And yes, autoreconf is also broken, so we patch Makefile.in instead
-of Makefile.am.
-
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 
-diff -uNr freeswitch-1.6.7.org/Makefile.in freeswitch-1.6.7/Makefile.in
---- freeswitch-1.6.7.org/Makefile.in	2016-04-01 18:09:54.000000000 +0200
-+++ freeswitch-1.6.7/Makefile.in	2016-04-22 20:11:37.938961730 +0200
-@@ -4025,7 +4025,7 @@
+[rebased on freeswitch git master branch]
+Signed-off-by: Peter Seiderer <ps.report@gmx.net>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 53bd7c66aa..2e4059740a 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -567,7 +567,7 @@ libs/libzrtp/libzrtp.a:
  	cd libs/libzrtp && $(MAKE)
  
  libs/libvpx/Makefile:
--	cd libs/libvpx && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --size-limit=16384x16384 --extra-cflags="$(VISIBILITY_FLAG)"
-+	cd libs/libvpx && CROSS=$(CROSS) CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --size-limit=16384x16384 --extra-cflags="$(VISIBILITY_FLAG)"
+-	cd libs/libvpx && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)"
++	cd libs/libvpx && CROSS=$(CROSS) CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)"
  
  libs/libvpx/libvpx.a: libs/libvpx/Makefile
  	@cd libs/libvpx && $(MAKE)
+-- 
+2.19.2
+
diff --git a/package/freeswitch/freeswitch.hash b/package/freeswitch/freeswitch.hash
index dab2fb237b..23dab45dc5 100644
--- a/package/freeswitch/freeswitch.hash
+++ b/package/freeswitch/freeswitch.hash
@@ -1,10 +1,7 @@
-# From http://files.freeswitch.org/freeswitch-releases/freeswitch-1.8.2.tar.xz.md5
-md5 61de81cd70afb056dde7b1dcb91ad967 freeswitch-1.8.2.tar.xz
-# From http://files.freeswitch.org/freeswitch-releases/freeswitch-1.8.2.tar.xz.sha1
-sha1 f2c077db40b05c5fdf66cbe77bd879f41132f79a freeswitch-1.8.2.tar.xz
-# From http://files.freeswitch.org/freeswitch-releases/freeswitch-1.8.2.tar.xz.sha256
-sha256 ebcf3db970ea9bb534c0983a1c9eef88395deb6e0902d8d6407bf217b2f27b9a freeswitch-1.8.2.tar.xz
-# Locally computed
+# Locally computed:
+sha256 56d932c001f3cc53b6ee5d835536b01fceacf1e360a6b48c5c1265eda5d6be86  freeswitch-8f10ae54a18a19fc6ed938e4f662bd218ba54b5e.tar.gz
+
+# License files:
 sha256 10299420c1e8602c0daf5a59d022621cd72a9148d1f0f33501edb3db3445c7fe  COPYING
 sha256 e8e26b16da14aa3e6ed5c22c705fdc1f45d6225fca461ea9f7314bcdfdc414c4  libs/apr/LICENSE
 sha256 1eefb2ea1db0af7729a9d8a27d7c65d8a37ab185393f935b029aac6828ce315a  libs/apr-util/LICENSE
diff --git a/package/freeswitch/freeswitch.mk b/package/freeswitch/freeswitch.mk
index 577d6c9450..a7d52995ce 100644
--- a/package/freeswitch/freeswitch.mk
+++ b/package/freeswitch/freeswitch.mk
@@ -4,9 +4,10 @@
 #
 ################################################################################
 
-FREESWITCH_VERSION = 1.8.2
-FREESWITCH_SOURCE = freeswitch-$(FREESWITCH_VERSION).tar.xz
-FREESWITCH_SITE = http://files.freeswitch.org/freeswitch-releases
+FREESWITCH_VERSION = 8f10ae54a18a19fc6ed938e4f662bd218ba54b5e
+#FREESWITCH_SOURCE = freeswitch-$(FREESWITCH_VERSION).tar.xz
+FREESWITCH_SITE = https://freeswitch.org/stash/scm/fs/freeswitch.git
+FREESWITCH_SITE_METHOD = git
 # External modules need headers/libs from staging
 FREESWITCH_INSTALL_STAGING = YES
 FREESWITCH_LICENSE = MPL-1.1, \
@@ -38,6 +39,15 @@ FREESWITCH_DEPENDENCIES = \
 	util-linux \
 	zlib
 
+# run bootstrap.sh (normal AUTORECONF is broken)
+define FREESWITCH_RUN_BOOTSTRAP
+	cd $(@D); PATH=$(BR_PATH) ./bootstrap.sh
+endef
+
+# running while POST_PATCH stage enables libtool patching
+FREESWITCH_POST_PATCH_HOOKS += FREESWITCH_RUN_BOOTSTRAP
+FREESWITCH_DEPENDENCIES += host-automake host-autoconf host-libtool
+
 # disable display of ClueCon banner in fs_cli
 FREESWITCH_CONF_ENV += \
 	disable_cc=yes
-- 
2.20.1

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Ryan Coe]

Peter, All,

On 1/15/19 2:42 PM, Peter Seiderer wrote:
> - remove all parallel build patches (openssl build-system changed)
>
> - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>    to apply to Configurations/unix-Makefile.tmpl (Makefile template)
>
> - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
>    (upstream applied)
>
> - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
>    apply to crypto/build.info (Makefile template)
>
> - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
>
> - remove legacy enable-tlsext configure option
>
> - fix host library install path
>
> - change legacy INSTALL_PREFIX to DESTDIR
>
> - remove 'libraries gets installed read only, so strip fails'
>    workaround (not needed anymore)
>
> - change engine directory from /usr/lib/engines to
>    /usr/lib/engines-1.1
>
> - change license file hash, no license change, only the following
>    hint was removed:
>
>      Actually both licenses are BSD-style Open Source licenses.
>      In case of any license issues related to OpenSSL please
>      contact openssl-core at openssl.org.
>
> - fix host-libopenssl compile setting rpath as decribed in
>    libopenssl-1.1.0h/NOTES.UNIX
>
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> Changes v3 -> v4:
>    - bump version to 1.1.1a
>    - remove all parallel build patches hash file entries
>    - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
>      (upstream applied)
>    - fix hist library install path
>    - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
>      (upstram applied)
>    - remove follow up patch for openssh (not longer needed since
>      version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
>      Portability)
>
> Changes v2 -> v3:
>    - no changes
>
> Changes v1 -> v2:
>    - add OPENSSL_NO_ASYNC workaround for musl compile too
>      (suggested by Bernd Kuhls)
>
>    - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
>      (suggested by Ryan Coe)
>
>    - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>      and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
>      to the Makefile templates (instead of re-generated Makefile)
>      (reported by Ryan Coe)
>
>    - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
>      (suggested by Bernd Kuhls)
>
> Notes:
>
>   - There was a previous attempt to bump the openssl version by
>     David Mosberger <davidm@egauge.net>. I could not find the
>     corresponding patch in patchwork or on the mailing list,
>     only a reply by Arnout Vandecappelle (see [2]) and the
>     answer by David Mosberger (see [3]).
>
>   - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
>     O.k:
>       - hostapd
>       - libpjsip
>       - mosquitto
>       - wpa_supplicant
>
>      Failure:
>       - softether/host-softether
>
>   - Compile checked packages (depending on openssl or host-openssl):
>      O.k.:
>        - alljoyn-base
>        - apr
>        - apr-util
>        - freeswitch
>        - openssh
>
>      Failure:
>        - android-tools
>        - apache (CMake configure errro, unrelated?)
>
> [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
> ---
>   ...building-manpages-if-we-re-not-going.patch |  34 +-
>   ...-Fix-issue-with-signature-generation.patch | 450 ------------------
>   ...ible-build-do-not-leak-compiler-path.patch |  31 +-
>   package/libopenssl/libopenssl.hash            |  15 +-
>   package/libopenssl/libopenssl.mk              |  41 +-
>   5 files changed, 61 insertions(+), 510 deletions(-)
>   delete mode 100644 package/libopenssl/0002-cryptodev-Fix-issue-with-signature-generation.patch

[snip]


Thanks for your continued work on bumping libopenssl.


I'm getting a build failure in wget with the patch.? The failure is:

checking for library containing psl_builtin... no
configure: WARNING: *** libpsl was not found. Fallback to builtin cookie 
checking.
checking for ZLIB... yes
checking for OPENSSL... no
configure: error: Package requirements (openssl) were not met:

Package 'openssl', required by 'virtual:world', not found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables OPENSSL_CFLAGS
and OPENSSL_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
make: *** [package/pkg-generic.mk:223: 
/home/ryan/devel/buildroot/output/build/wget-1.20.1/.stamp_configured] 
Error 1


The following tweak makes things build again for me:

diff --git a/package/libopenssl/libopenssl.mk 
b/package/libopenssl/libopenssl.mk
index e461e08126..8046995720 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -74,7 +74,7 @@ define HOST_LIBOPENSSL_CONFIGURE_CMDS
 ???? ??? ./config \
 ???? ??? --prefix=$(HOST_DIR) \
 ???? ??? --openssldir=$(HOST_DIR)/etc/ssl \
-??? ??? --libdir=$(HOST_DIR)/lib \
+??? ??? --libdir=lib \
 ???? ??? -Wl,-rpath,'$(HOST_DIR)/lib' \
 ???? ??? shared \
 ???? ??? zlib-dynamic \
@@ -90,7 +90,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
 ???? ??? ??? linux-$(LIBOPENSSL_TARGET_ARCH) \
 ???? ??? ??? --prefix=/usr \
 ???? ??? ??? --openssldir=/etc/ssl \
-??? ??? ??? --libdir=/lib \
+??? ??? ??? --libdir=lib \
 ???? ??? ??? $(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
 ???? ??? ??? $(if $(BR2_STATIC_LIBS),no-shared,shared) \
 ???? ??? ??? no-rc5 \

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Baruch Siach]

Hi Peter,

On Tue, Jan 15, 2019 at 11:42:38PM +0100, Peter Seiderer wrote:
> +# fixes the following build failures:
> +#
> +# - musl
> +#   ./libcrypto.so: undefined reference to `getcontext'
> +#   ./libcrypto.so: undefined reference to `setcontext'
> +#   ./libcrypto.so: undefined reference to `makecontext'
> +#
> +# - uclibc:
> +#   crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name ?ucontext_t?
> +#
> +ifneq ($(BR2_TOOLCHAIN_USES_MUSL)$(BR2_TOOLCHAIN_USES_UCLIBC),)

I find the equivalent positive logic condition easier to read:

  ifeq ($(BR2_TOOLCHAIN_USES_MUSL)$(BR2_TOOLCHAIN_USES_UCLIBC),y)

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Arnout Vandecappelle]

On 16/01/2019 02:40, Ryan Coe wrote:
> I'm getting a build failure in wget with the patch.? The failure is:
> 
> checking for library containing psl_builtin... no
> configure: WARNING: *** libpsl was not found. Fallback to builtin cookie checking.
> checking for ZLIB... yes
> checking for OPENSSL... no
> configure: error: Package requirements (openssl) were not met:
> 
> Package 'openssl', required by 'virtual:world', not found
> 
> Consider adjusting the PKG_CONFIG_PATH environment variable if you
> installed software in a non-standard prefix.
> 
> Alternatively, you may set the environment variables OPENSSL_CFLAGS
> and OPENSSL_LIBS to avoid the need to call pkg-config.
> See the pkg-config man page for more details.
> make: *** [package/pkg-generic.mk:223:
> /home/ryan/devel/buildroot/output/build/wget-1.20.1/.stamp_configured] Error 1
> 
> 
> The following tweak makes things build again for me:
> 
> diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
> index e461e08126..8046995720 100644
> --- a/package/libopenssl/libopenssl.mk
> +++ b/package/libopenssl/libopenssl.mk
> @@ -74,7 +74,7 @@ define HOST_LIBOPENSSL_CONFIGURE_CMDS
> ???? ??? ./config \
> ???? ??? --prefix=$(HOST_DIR) \
> ???? ??? --openssldir=$(HOST_DIR)/etc/ssl \
> -??? ??? --libdir=$(HOST_DIR)/lib \
> +??? ??? --libdir=lib \
> ???? ??? -Wl,-rpath,'$(HOST_DIR)/lib' \
> ???? ??? shared \
> ???? ??? zlib-dynamic \
> @@ -90,7 +90,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
> ???? ??? ??? linux-$(LIBOPENSSL_TARGET_ARCH) \
> ???? ??? ??? --prefix=/usr \
> ???? ??? ??? --openssldir=/etc/ssl \
> -??? ??? ??? --libdir=/lib \
> +??? ??? ??? --libdir=lib \
> ???? ??? ??? $(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
> ???? ??? ??? $(if $(BR2_STATIC_LIBS),no-shared,shared) \
> ???? ??? ??? no-rc5 \

 That is definitely not good, because it breaks things in other places.

 I think it's worth a try to remove the --libdir entirely instead, upstream is
supposed to have fixed the libdir handling to correspond to autotools
conventions. And if it doesn't work, we should fix it with an upstreamable patch.

 Regards,
 Arnout

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Vadim Kochan]

Hi Peter,

On Tue, Jan 15, 2019 at 11:42:38PM +0100, Peter Seiderer wrote:
> - remove all parallel build patches (openssl build-system changed)
> 
> - rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>   to apply to Configurations/unix-Makefile.tmpl (Makefile template)
> 
> - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
>   (upstream applied)
> 
> - rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
>   apply to crypto/build.info (Makefile template)
> 
> - fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
> 
> - remove legacy enable-tlsext configure option
> 
> - fix host library install path
> 
> - change legacy INSTALL_PREFIX to DESTDIR
> 
> - remove 'libraries gets installed read only, so strip fails'
>   workaround (not needed anymore)
> 
> - change engine directory from /usr/lib/engines to
>   /usr/lib/engines-1.1
> 
> - change license file hash, no license change, only the following
>   hint was removed:
> 
>     Actually both licenses are BSD-style Open Source licenses.
>     In case of any license issues related to OpenSSL please
>     contact openssl-core at openssl.org.
> 
> - fix host-libopenssl compile setting rpath as decribed in
>   libopenssl-1.1.0h/NOTES.UNIX
> 
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
> Changes v3 -> v4:
>   - bump version to 1.1.1a
>   - remove all parallel build patches hash file entries
>   - re-remove 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
>     (upstream applied)
>   - fix hist library install path
>   - removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
>     (upstram applied)
>   - remove follow up patch for openssh (not longer needed since
>     version bump to 7.9p1, see https://www.openssh.com/releasenotes.html
>     Portability)
> 
> Changes v2 -> v3:
>   - no changes
> 
> Changes v1 -> v2:
>   - add OPENSSL_NO_ASYNC workaround for musl compile too
>     (suggested by Bernd Kuhls)
> 
>   - fix host-libopenssl compile (reported by Ryan Coe) by setting rpath
>     (suggested by Ryan Coe)
> 
>   - fix 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>     and 0003-Reproducible-build-do-not-leak-compiler-path.patch to apply
>     to the Makefile templates (instead of re-generated Makefile)
>     (reported by Ryan Coe)
> 
>   - add 0004-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
>     (suggested by Bernd Kuhls)
> 
> Notes:
> 
>  - There was a previous attempt to bump the openssl version by
>    David Mosberger <davidm@egauge.net>. I could not find the
>    corresponding patch in patchwork or on the mailing list,
>    only a reply by Arnout Vandecappelle (see [2]) and the
>    answer by David Mosberger (see [3]).
> 
>  - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
>    O.k:
>      - hostapd
>      - libpjsip
>      - mosquitto
>      - wpa_supplicant
> 
>     Failure:
>      - softether/host-softether
> 
>  - Compile checked packages (depending on openssl or host-openssl):
>     O.k.:
>       - alljoyn-base
>       - apr
>       - apr-util
>       - freeswitch
>       - openssh
> 
>     Failure:
>       - android-tools
>       - apache (CMake configure errro, unrelated?)
> 
> [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
> ---

Just some worries, I was trying to port openssl 1.1.x for one of the
project and there were some issues with API compatibility for example
for openssh (and mey be some other like curl, wget), it was an year ago
and may be mostly the packages switched to openssl 1.1.x API but
it is not better to make openssl 1.1.x as one of the openssl provider
to do not break other packages ?

Best regards,
Vadim Kochan

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Seiderer]

Hello Ryan, Arnout,

On Wed, 16 Jan 2019 12:46:54 +0100, Arnout Vandecappelle <arnout@mind.be> wrote:

> On 16/01/2019 02:40, Ryan Coe wrote:
> > I'm getting a build failure in wget with the patch.? The failure is:
> > 
> > checking for library containing psl_builtin... no
> > configure: WARNING: *** libpsl was not found. Fallback to builtin cookie checking.
> > checking for ZLIB... yes
> > checking for OPENSSL... no
> > configure: error: Package requirements (openssl) were not met:
> > 
> > Package 'openssl', required by 'virtual:world', not found
> > 
> > Consider adjusting the PKG_CONFIG_PATH environment variable if you
> > installed software in a non-standard prefix.
> > 
> > Alternatively, you may set the environment variables OPENSSL_CFLAGS
> > and OPENSSL_LIBS to avoid the need to call pkg-config.
> > See the pkg-config man page for more details.
> > make: *** [package/pkg-generic.mk:223:
> > /home/ryan/devel/buildroot/output/build/wget-1.20.1/.stamp_configured] Error 1
> > 
> > 
> > The following tweak makes things build again for me:
> > 
> > diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
> > index e461e08126..8046995720 100644
> > --- a/package/libopenssl/libopenssl.mk
> > +++ b/package/libopenssl/libopenssl.mk
> > @@ -74,7 +74,7 @@ define HOST_LIBOPENSSL_CONFIGURE_CMDS
> > ???? ??? ./config \
> > ???? ??? --prefix=$(HOST_DIR) \
> > ???? ??? --openssldir=$(HOST_DIR)/etc/ssl \
> > -??? ??? --libdir=$(HOST_DIR)/lib \
> > +??? ??? --libdir=lib \
> > ???? ??? -Wl,-rpath,'$(HOST_DIR)/lib' \
> > ???? ??? shared \
> > ???? ??? zlib-dynamic \
> > @@ -90,7 +90,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
> > ???? ??? ??? linux-$(LIBOPENSSL_TARGET_ARCH) \
> > ???? ??? ??? --prefix=/usr \
> > ???? ??? ??? --openssldir=/etc/ssl \
> > -??? ??? ??? --libdir=/lib \
> > +??? ??? ??? --libdir=lib \
> > ???? ??? ??? $(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
> > ???? ??? ??? $(if $(BR2_STATIC_LIBS),no-shared,shared) \
> > ???? ??? ??? no-rc5 \  
> 
>  That is definitely not good, because it breaks things in other places.
> 
>  I think it's worth a try to remove the --libdir entirely instead, upstream is
> supposed to have fixed the libdir handling to correspond to autotools
> conventions. And if it doesn't work, we should fix it with an upstreamable patch.

Removing both libdir lines works (and fixes the installation path of the openssl.pc file which
fixes the wget compile problem), will add it to the next patch iteration...

Regards,
Peter

> 
>  Regards,
>  Arnout

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Seiderer]

Hello Vadim,

On Wed, 16 Jan 2019 15:58:21 +0200, Vadim Kochan <vadim4j@gmail.com> wrote:

[...]
> > 
> >  - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
> >    O.k:
> >      - hostapd
> >      - libpjsip
> >      - mosquitto
> >      - wpa_supplicant
> > 
> >     Failure:
> >      - softether/host-softether
> > 
> >  - Compile checked packages (depending on openssl or host-openssl):
> >     O.k.:
> >       - alljoyn-base
> >       - apr
> >       - apr-util
> >       - freeswitch
> >       - openssh
> > 
> >     Failure:
> >       - android-tools
> >       - apache (CMake configure errro, unrelated?)
> > 
> > [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
> > [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
> > ---  
> 
> Just some worries, I was trying to port openssl 1.1.x for one of the
> project and there were some issues with API compatibility for example
> for openssh (and mey be some other like curl, wget), it was an year ago

Openssh and wget are fixed (by update) already, did not yet test curl...but
I think the situation improves as some major linux distributions did already
the openssl update (or work on the update)...

> and may be mostly the packages switched to openssl 1.1.x API but
> it is not better to make openssl 1.1.x as one of the openssl provider
> to do not break other packages ?

Maybe the way to go in case to much packages will fail with openssl 1.1.x...

Identified ~200 buidlroot packages to (optional) depend on openssl...

Regards,
Peter

> 
> Best regards,
> Vadim Kochan
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Arnout Vandecappelle]

On 17/01/2019 19:43, Peter Seiderer wrote:
> Hello Vadim,
> 
> On Wed, 16 Jan 2019 15:58:21 +0200, Vadim Kochan <vadim4j@gmail.com> wrote:
> 
> [...]
>>>
>>>  - Compile checked packages (depending explicit on libopenssl or host-libopenssl):
>>>    O.k:
>>>      - hostapd
>>>      - libpjsip
>>>      - mosquitto
>>>      - wpa_supplicant
>>>
>>>     Failure:
>>>      - softether/host-softether
>>>
>>>  - Compile checked packages (depending on openssl or host-openssl):
>>>     O.k.:
>>>       - alljoyn-base
>>>       - apr
>>>       - apr-util
>>>       - freeswitch
>>>       - openssh
>>>
>>>     Failure:
>>>       - android-tools
>>>       - apache (CMake configure errro, unrelated?)
>>>
>>> [2] http://lists.busybox.net/pipermail/buildroot/2017-August/200859.html
>>> [3] http://lists.busybox.net/pipermail/buildroot/2017-August/200898.html
>>> ---  
>>
>> Just some worries, I was trying to port openssl 1.1.x for one of the
>> project and there were some issues with API compatibility for example
>> for openssh (and mey be some other like curl, wget), it was an year ago
> 
> Openssh and wget are fixed (by update) already, did not yet test curl...but
> I think the situation improves as some major linux distributions did already
> the openssl update (or work on the update)...
> 
>> and may be mostly the packages switched to openssl 1.1.x API but
>> it is not better to make openssl 1.1.x as one of the openssl provider
>> to do not break other packages ?
> 
> Maybe the way to go in case to much packages will fail with openssl 1.1.x...
> 
> Identified ~200 buidlroot packages to (optional) depend on openssl...

 At some point, we'll just have to let an autobuilder detect the issues. Some
issues anyway only become apparent at link time, so when building a dependency
of a dependency...

 We have an autobuilder running on an openssl-bump branch and Patrick is fixing
the issues that come out. But at some point we'll need to just bite the bullet
and accept the whole thing.

 I do hope that it could still go into 2019.02.

 Regards,
 Arnout

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Korsgaard]

>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:

Hi,

 >  At some point, we'll just have to let an autobuilder detect the issues. Some
 > issues anyway only become apparent at link time, so when building a dependency
 > of a dependency...

 >  We have an autobuilder running on an openssl-bump branch and Patrick is fixing
 > the issues that come out. But at some point we'll need to just bite the bullet
 > and accept the whole thing.

 >  I do hope that it could still go into 2019.02.

If that is our goal, then we might as well merge it ASAP to get more
test coverage?

What is the killer feature why we need openssl-1.1.x in 2019.02.x? TLS
1.3 or just that 1.0.2 goes EOL at the end of the year?

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Arnout Vandecappelle]

On 22/01/2019 22:08, Peter Korsgaard wrote:
>>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:
> 
> Hi,
> 
>  >  At some point, we'll just have to let an autobuilder detect the issues. Some
>  > issues anyway only become apparent at link time, so when building a dependency
>  > of a dependency...
> 
>  >  We have an autobuilder running on an openssl-bump branch and Patrick is fixing
>  > the issues that come out. But at some point we'll need to just bite the bullet
>  > and accept the whole thing.
> 
>  >  I do hope that it could still go into 2019.02.
> 
> If that is our goal, then we might as well merge it ASAP to get more
> test coverage?
> 
> What is the killer feature why we need openssl-1.1.x in 2019.02.x? TLS
> 1.3 or just that 1.0.2 goes EOL at the end of the year?

 Both, I guess. Also that the whole known world (including Debian stable,
released June 2017) has already switched to 1.1.x.

 Regards,
 Arnout

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Korsgaard]

>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:

Hi,

 >> >  I do hope that it could still go into 2019.02.
 >> 
 >> If that is our goal, then we might as well merge it ASAP to get more
 >> test coverage?
 >> 
 >> What is the killer feature why we need openssl-1.1.x in 2019.02.x? TLS
 >> 1.3 or just that 1.0.2 goes EOL at the end of the year?

 >  Both, I guess. Also that the whole known world (including Debian stable,
 > released June 2017) has already switched to 1.1.x.

With 1.1.x I take it you mean 1.1.0, right? The 1.1.1 series (strange
numbering convention) was only released back in September.

1.1.0 is not a LTS so not suitable for 2019.02.x. 1.0.2 is supported
until the end of 2019, so that is IMHO still OK for 2019.02.

I agree that having 1.1.1x in 2019.02.x would be nice, but a pity that
quite some packages break with it (even if the whole known world has
switched to it).

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Arnout Vandecappelle]

On 23/01/2019 17:15, Peter Korsgaard wrote:
>>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:
> 
> Hi,
> 
>  >> >  I do hope that it could still go into 2019.02.
>  >> 
>  >> If that is our goal, then we might as well merge it ASAP to get more
>  >> test coverage?
>  >> 
>  >> What is the killer feature why we need openssl-1.1.x in 2019.02.x? TLS
>  >> 1.3 or just that 1.0.2 goes EOL at the end of the year?
> 
>  >  Both, I guess. Also that the whole known world (including Debian stable,
>  > released June 2017) has already switched to 1.1.x.
> 
> With 1.1.x I take it you mean 1.1.0, right? The 1.1.1 series (strange
> numbering convention) was only released back in September.

 With 1.1.x I mean 1.1.0 or 1.1.1. The breakage comes from the 1.1.0 bump; .0 to
.1 is fairly smooth.


 Regards,
 Arnout

> 1.1.0 is not a LTS so not suitable for 2019.02.x. 1.0.2 is supported
> until the end of 2019, so that is IMHO still OK for 2019.02.
> 
> I agree that having 1.1.1x in 2019.02.x would be nice, but a pity that
> quite some packages break with it (even if the whole known world has
> switched to it).
> 

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Korsgaard]

>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:

Hi,

 >> >  Both, I guess. Also that the whole known world (including Debian stable,
 >> > released June 2017) has already switched to 1.1.x.
 >> 
 >> With 1.1.x I take it you mean 1.1.0, right? The 1.1.1 series (strange
 >> numbering convention) was only released back in September.

 >  With 1.1.x I mean 1.1.0 or 1.1.1. The breakage comes from the 1.1.0 bump; .0 to
 > .1 is fairly smooth.

Ok. 1.1.0 was released 2.5 years ago (August 2016). How come we still
need fixes for quite some packages? All abandoned software? Should we
get rid of some of those packages?

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Arnout Vandecappelle]

On 24/01/2019 00:03, Peter Korsgaard wrote:
>>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:
> 
> Hi,
> 
>  >> >  Both, I guess. Also that the whole known world (including Debian stable,
>  >> > released June 2017) has already switched to 1.1.x.
>  >> 
>  >> With 1.1.x I take it you mean 1.1.0, right? The 1.1.1 series (strange
>  >> numbering convention) was only released back in September.
> 
>  >  With 1.1.x I mean 1.1.0 or 1.1.1. The breakage comes from the 1.1.0 bump; .0 to
>  > .1 is fairly smooth.
> 
> Ok. 1.1.0 was released 2.5 years ago (August 2016). How come we still
> need fixes for quite some packages? All abandoned software? Should we
> get rid of some of those packages?

 Looking at the fixes that are included in Patrick's last posting:

* rtmpdump: dead upstream;
* pound: incompetent upstream;
* nut: last bump from Jan 2017;
* libshout, vboot-utils, thrift: last bump from before June 2016.

 Also note that all of these except the first two had upstream fixes.

 Regards,
 Arnout

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Peter Seiderer]

Hello Patrick,

On Wed, 16 Jan 2019 12:43:30 +0100, Patrick Havelange <patrick.havelange@essensium.com> wrote:

> Hello all,
> First sorry for not replying properly, I was not subscribed to the ML yet.

No problem (and every feedback/test is valuable ;-) )....
  
> About the breakage of wget, it is indeed because openssl got installed
> in /lib instead of /usr/lib/
> 
> So I think only the second part of the patch of Ryan Coe is needed, ie :

I tested the suggestion by Arnout and removing both libdir lines works fines
(and fixes the installation path of the openssl.pc file which fixes the wget
compile problem)...

Regards,
Peter

> 
> diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
> index e461e08..c3cb98a 100644
> --- a/package/libopenssl/libopenssl.mk
> +++ b/package/libopenssl/libopenssl.mk
> @@ -90,7 +90,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
>                         linux-$(LIBOPENSSL_TARGET_ARCH) \
>                         --prefix=/usr \
>                         --openssldir=/etc/ssl \
> -                       --libdir=/lib \
> +                       --libdir=lib \
>                         $(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
>                         $(if $(BR2_STATIC_LIBS),no-shared,shared) \
>                         no-rc5 \
> 
> I got the same issue with the axel package and it was enough to fix it.
> 
> BR,
> 
> Patrick Havelange
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] [PATCH v4 1/2] libopenssl: bump version to 1.1.1a

[Patrick Havelange]

Hello all,
First sorry for not replying properly, I was not subscribed to the ML yet.
About the breakage of wget, it is indeed because openssl got installed
in /lib instead of /usr/lib/

So I think only the second part of the patch of Ryan Coe is needed, ie :

diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index e461e08..c3cb98a 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -90,7 +90,7 @@ define LIBOPENSSL_CONFIGURE_CMDS
                        linux-$(LIBOPENSSL_TARGET_ARCH) \
                        --prefix=/usr \
                        --openssldir=/etc/ssl \
-                       --libdir=/lib \
+                       --libdir=lib \
                        $(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
                        $(if $(BR2_STATIC_LIBS),no-shared,shared) \
                        no-rc5 \

I got the same issue with the axel package and it was enough to fix it.

BR,

Patrick Havelange