From e69081f70f1c4d3d2ec5e54ac1aab2b84532450c Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Fri, 26 Aug 2016 08:41:59 +0200 Subject: [PATCH] openssl: update --- src/openssl-1-fixes.patch | 593 -------------------------------------- src/openssl.mk | 13 +- src/postgresql.mk | 1 + 3 files changed, 6 insertions(+), 601 deletions(-) delete mode 100644 src/openssl-1-fixes.patch diff --git a/src/openssl-1-fixes.patch b/src/openssl-1-fixes.patch deleted file mode 100644 index 132f1b43..00000000 --- a/src/openssl-1-fixes.patch +++ /dev/null @@ -1,593 +0,0 @@ -This file is part of MXE. See LICENSE.md for licensing information. - -Contains ad hoc patches for cross building. - -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Mark Brand -Date: Wed, 8 Jan 2014 02:19:10 +0100 -Subject: [PATCH 1/2] winsock2 - --This patch has been taken from: --http://rt.openssl.org/Ticket/Display.html?id=2285&user=guest&pass=guest - -diff --git a/ssl/dtls1.h b/ssl/dtls1.h -index 1111111..2222222 100644 ---- a/ssl/dtls1.h -+++ b/ssl/dtls1.h -@@ -68,7 +68,7 @@ - # endif - # ifdef OPENSSL_SYS_WIN32 - /* Needed for struct timeval */ --# include -+# include - # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) - # include - # else -diff --git a/ssl/ssltest.c b/ssl/ssltest.c -index 1111111..2222222 100644 ---- a/ssl/ssltest.c -+++ b/ssl/ssltest.c -@@ -198,7 +198,7 @@ - #define _XOPEN_SOURCE_EXTENDED 1 - - #ifdef OPENSSL_SYS_WINDOWS --# include -+# include - #else - # include OPENSSL_UNISTD - #endif - -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Tom Molesworth -Date: Wed, 8 Jan 2014 02:20:21 +0100 -Subject: [PATCH 2/2] Patch OpenSSL POD docs for perl-5.16+ - -Stricter validation in recent Perl versions means the install -stage fails without these applied. - -Should be harmless for earlier versions of perl. - -diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod -index 1111111..2222222 100644 ---- a/doc/apps/cms.pod -+++ b/doc/apps/cms.pod -@@ -483,28 +483,28 @@ with caution. For a fuller description see L). - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - the operation was completely successfully. - --=item Z<>1 -+=item * Z<>1 - - an error occurred parsing the command options. - --=item Z<>2 -+=item * Z<>2 - - one of the input files could not be read. - --=item Z<>3 -+=item * Z<>3 - - an error occurred creating the CMS file or when reading the MIME - message. - --=item Z<>4 -+=item * Z<>4 - - an error occurred decrypting or verifying the message. - --=item Z<>5 -+=item * Z<>5 - - the message was verified correctly but an error occurred writing out - the signers certificates. -diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod -index 1111111..2222222 100644 ---- a/doc/apps/smime.pod -+++ b/doc/apps/smime.pod -@@ -313,28 +313,28 @@ remains DER. - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - the operation was completely successfully. - --=item Z<>1 -+=item * Z<>1 - - an error occurred parsing the command options. - --=item Z<>2 -+=item * Z<>2 - - one of the input files could not be read. - --=item Z<>3 -+=item * Z<>3 - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item Z<>4 -+=item * Z<>4 - - an error occurred decrypting or verifying the message. - --=item Z<>5 -+=item * Z<>5 - - the message was verified correctly but an error occurred writing out - the signers certificates. -diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod -index 1111111..2222222 100644 ---- a/doc/crypto/rand.pod -+++ b/doc/crypto/rand.pod -@@ -74,16 +74,16 @@ First up I will state the things I believe I need for a good RNG. - - =over 4 - --=item 1 -+=item * 1 - - A good hashing algorithm to mix things up and to convert the RNG 'state' - to random numbers. - --=item 2 -+=item * 2 - - An initial source of random 'state'. - --=item 3 -+=item * 3 - - The state should be very large. If the RNG is being used to generate - 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). -@@ -93,13 +93,13 @@ carried away on this last point but it does indicate that it may not be - a bad idea to keep quite a lot of RNG state. It should be easier to - break a cipher than guess the RNG seed data. - --=item 4 -+=item * 4 - - Any RNG seed data should influence all subsequent random numbers - generated. This implies that any random seed data entered will have - an influence on all subsequent random numbers generated. - --=item 5 -+=item * 5 - - When using data to seed the RNG state, the data used should not be - extractable from the RNG state. I believe this should be a -@@ -108,12 +108,12 @@ data would be a private key or a password. This data must - not be disclosed by either subsequent random numbers or a - 'core' dump left by a program crash. - --=item 6 -+=item * 6 - - Given the same initial 'state', 2 systems should deviate in their RNG state - (and hence the random numbers generated) over time if at all possible. - --=item 7 -+=item * 7 - - Given the random number output stream, it should not be possible to determine - the RNG state or the next random number. -diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_COMP_add_compression_method.pod -+++ b/doc/ssl/SSL_COMP_add_compression_method.pod -@@ -59,11 +59,11 @@ SSL_COMP_add_compression_method() may return the following values: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The operation succeeded. - --=item Z<>1 -+=item * Z<>1 - - The operation failed. Check the error queue to find out the reason. - -diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_CTX_add_session.pod -+++ b/doc/ssl/SSL_CTX_add_session.pod -@@ -52,13 +52,13 @@ The following values are returned by all functions: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod -@@ -100,13 +100,13 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The operation failed because B and B are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,13 +66,13 @@ values: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B. Check the error stack - to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod -@@ -64,13 +64,13 @@ return the following values: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The length B of the session id context B exceeded - the maximum allowed length of B. The error - is logged to the error stack. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod -@@ -42,11 +42,11 @@ and SSL_set_ssl_method(): - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The new choice failed, check the error stack to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -83,7 +83,7 @@ Return values from the server callback are interpreted as follows: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. -diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_accept.pod -+++ b/doc/ssl/SSL_accept.pod -@@ -41,18 +41,18 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item E0 -+=item * E0 - - The TLS/SSL handshake was not successful because a fatal error occurred either - at the protocol level or a connection failure occurred. The shutdown was -diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_clear.pod -+++ b/doc/ssl/SSL_clear.pod -@@ -56,12 +56,12 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The SSL_clear() operation was successful. - -diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_connect.pod -+++ b/doc/ssl/SSL_connect.pod -@@ -41,18 +41,18 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item E0 -+=item * E0 - - The TLS/SSL handshake was not successful, because a fatal error occurred either - at the protocol level or a connection failure occurred. The shutdown was -diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_do_handshake.pod -+++ b/doc/ssl/SSL_do_handshake.pod -@@ -42,18 +42,18 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item E0 -+=item * E0 - - The TLS/SSL handshake was not successful because a fatal error occurred either - at the protocol level or a connection failure occurred. The shutdown was -diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod -+++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod -@@ -36,11 +36,11 @@ before the SSL index is created. - - =over 4 - --=item E=0 -+=item * E=0 - - The index value to access the pointer. - --=item E0 -+=item * E0 - - An error occurred, check the error stack for a detailed error message. - -diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_get_fd.pod -+++ b/doc/ssl/SSL_get_fd.pod -@@ -26,12 +26,12 @@ The following return values can occur: - - =over 4 - --=item -1 -+=item * -1 - - The operation failed, because the underlying BIO is not of the correct type - (suitable for file descriptors). - --=item E=0 -+=item * E=0 - - The file descriptor linked to B. - -diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_read.pod -+++ b/doc/ssl/SSL_read.pod -@@ -81,16 +81,16 @@ The following return values can occur: - - =over 4 - --=item E 0 -+=item * E 0 - - The read operation was successful. - The return value is the number of bytes actually read from the TLS/SSL - connection. - --=item Z<><= 0 -+=item * Z<><= 0 - - --=item E0 -+=item * E0 - - The read operation was not successful, because either the connection was closed, - an error occurred or action must be taken by the calling process. -diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_session_reused.pod -+++ b/doc/ssl/SSL_session_reused.pod -@@ -27,11 +27,11 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - A new session was negotiated. - --=item Z<>1 -+=item * Z<>1 - - A session was reused. - -diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_set_fd.pod -+++ b/doc/ssl/SSL_set_fd.pod -@@ -35,11 +35,11 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The operation failed. Check the error stack to find out why. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_set_session.pod -+++ b/doc/ssl/SSL_set_session.pod -@@ -37,11 +37,11 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The operation failed; check the error stack to find out the reason. - --=item Z<>1 -+=item * Z<>1 - - The operation succeeded. - -diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_set_shutdown.pod -+++ b/doc/ssl/SSL_set_shutdown.pod -@@ -24,16 +24,16 @@ The shutdown state of an ssl connection is a bitmask of: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - No shutdown setting, yet. - --=item SSL_SENT_SHUTDOWN -+=item * SSL_SENT_SHUTDOWN - - A "close notify" shutdown alert was sent to the peer, the connection is being - considered closed and the session is closed and correct. - --=item SSL_RECEIVED_SHUTDOWN -+=item * SSL_RECEIVED_SHUTDOWN - - A shutdown alert was received form the peer, either a normal "close notify" - or a fatal error. -diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_shutdown.pod -+++ b/doc/ssl/SSL_shutdown.pod -@@ -92,19 +92,19 @@ The following return values can occur: - - =over 4 - --=item Z<>0 -+=item * Z<>0 - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. - The output of L may be misleading, as an - erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - --=item Z<>1 -+=item * Z<>1 - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - --=item E0 -+=item * E0 - - The shutdown was not successful because a fatal error occurred either - at the protocol level or a connection failure occurred. It can also occur if -diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod -index 1111111..2222222 100644 ---- a/doc/ssl/SSL_write.pod -+++ b/doc/ssl/SSL_write.pod -@@ -74,12 +74,12 @@ The following return values can occur: - - =over 4 - --=item E 0 -+=item * E 0 - - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item Z<><= 0 -+=item * Z<><= 0 - - The write operation was not successful, because either the connection was - closed, an error occurred or action must be taken by the calling process. diff --git a/src/openssl.mk b/src/openssl.mk index 90f3b721..1a62e9f7 100644 --- a/src/openssl.mk +++ b/src/openssl.mk @@ -3,8 +3,8 @@ PKG := openssl $(PKG)_WEBSITE := https://www.openssl.org/ $(PKG)_IGNORE := -$(PKG)_VERSION := 1.0.2n -$(PKG)_CHECKSUM := 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe +$(PKG)_VERSION := 1.1.0g +$(PKG)_CHECKSUM := de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af $(PKG)_SUBDIR := openssl-$($(PKG)_VERSION) $(PKG)_FILE := openssl-$($(PKG)_VERSION).tar.gz $(PKG)_URL := https://www.openssl.org/source/$($(PKG)_FILE) @@ -29,12 +29,9 @@ define $(PKG)_BUILD CC='$(TARGET)-gcc' \ RANLIB='$(TARGET)-ranlib' \ AR='$(TARGET)-ar rcu' \ - CROSS_COMPILE='$(TARGET)-' - - # no way to configure engines subdir install - $(if $(BUILD_SHARED), - rm -rf '$(PREFIX)/$(TARGET)/bin/engines' && \ - mv -vf '$(PREFIX)/$(TARGET)/lib/engines' '$(PREFIX)/$(TARGET)/bin/') + RC='$(TARGET)-windres' \ + CROSS_COMPILE='$(TARGET)-' \ + $(if $(BUILD_SHARED), ENGINESDIR='$(PREFIX)/$(TARGET)/bin/engines') endef $(PKG)_BUILD_i686-w64-mingw32 = $(subst @openssl-target@,mingw,$($(PKG)_BUILD)) diff --git a/src/postgresql.mk b/src/postgresql.mk index 48c63c18..b12c7188 100644 --- a/src/postgresql.mk +++ b/src/postgresql.mk @@ -43,6 +43,7 @@ define $(PKG)_BUILD --without-libxslt \ --with-zlib \ --with-system-tzdata=/dev/null \ + CFLAGS="-DSSL_library_init=OPENSSL_init_ssl" \ LIBS="-lsecur32 `'$(TARGET)-pkg-config' openssl pthreads --libs`" \ ac_cv_func_getaddrinfo=no