From 319b69ea7d89545932a8ed6961f25a5b677767e5 Mon Sep 17 00:00:00 2001 From: vanhofen Date: Sun, 29 May 2022 22:26:54 +0200 Subject: [PATCH] - openssl: add patches from buildroot --- ...building-manpages-if-we-re-not-going.patch | 33 +++++++ ...ible-build-do-not-leak-compiler-path.patch | 29 ++++++ ...ENSSL_NO_MADVISE-to-disable-call-to-.patch | 27 +++++ ...Fv2-ABI-on-some-ppc64-big-endian-sys.patch | 37 +++++++ ...m-ppc-xlate.pl-add-linux64v2-flavour.patch | 64 ++++++++++++ ...ort-for-io_pgetevents_time64-syscall.patch | 61 ++++++++++++ ...ort-for-io_pgetevents_time64-syscall.patch | 98 +++++++++++++++++++ 7 files changed, 349 insertions(+) create mode 100644 package/openssl/patches/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch create mode 100644 package/openssl/patches/0002-Reproducible-build-do-not-leak-compiler-path.patch create mode 100644 package/openssl/patches/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch create mode 100644 package/openssl/patches/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch create mode 100644 package/openssl/patches/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch create mode 100644 package/openssl/patches/0006-Add-support-for-io_pgetevents_time64-syscall.patch create mode 100644 package/openssl/patches/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch diff --git a/package/openssl/patches/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/patches/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch new file mode 100644 index 00000000..6527bc23 --- /dev/null +++ b/package/openssl/patches/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch @@ -0,0 +1,33 @@ +From d8f104bffb0c4acb8c5fcdf49628f7d02ed48f7f Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sat, 16 May 2015 18:53:51 +0200 +Subject: [PATCH] Dont waste time building manpages if we're not going to use + em. + +Signed-off-by: Ryan Barnett +[Gustavo: update for parallel-build] + +[rebased on openssl-1.1.0h] +Signed-off-by: Peter Seiderer +[rebased on openssl-1.1.1i] +Signed-off-by: Bernd Kuhls +--- + Configurations/unix-Makefile.tmpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 40cf2c3..777d9ca 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -491,7 +491,7 @@ list-tests: + @echo "Tests are not supported with your chosen Configure options" + @ : {- output_on() if !$disabled{tests}; "" -} + +-install: install_sw install_ssldirs install_docs ++install: install_sw install_ssldirs + + uninstall: uninstall_docs uninstall_sw + +-- +2.16.3 + diff --git a/package/openssl/patches/0002-Reproducible-build-do-not-leak-compiler-path.patch b/package/openssl/patches/0002-Reproducible-build-do-not-leak-compiler-path.patch new file mode 100644 index 00000000..820c2add --- /dev/null +++ b/package/openssl/patches/0002-Reproducible-build-do-not-leak-compiler-path.patch @@ -0,0 +1,29 @@ +From b70be8c65365a8fc564226360d45adbbb29fc0af Mon Sep 17 00:00:00 2001 +From: Peter Seiderer +Date: Tue, 24 Oct 2017 16:58:32 +0200 +Subject: [PATCH] Reproducible build: do not leak compiler path + +Signed-off-by: Peter Seiderer + +[Rebased on openssl-1.1.1.a] +Signed-off-by: Peter Seiderer +--- + crypto/build.info | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/build.info b/crypto/build.info +index 2c619c6..49ca6ab 100644 +--- a/crypto/build.info ++++ b/crypto/build.info +@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ + ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl + + DEPEND[cversion.o]=buildinf.h +-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" ++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" + DEPEND[buildinf.h]=../configdata.pm + + GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) +-- +2.20.1 + diff --git a/package/openssl/patches/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch b/package/openssl/patches/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch new file mode 100644 index 00000000..c51a3cd6 --- /dev/null +++ b/package/openssl/patches/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch @@ -0,0 +1,27 @@ +From 1281ffc7959bd2070563e17a52ee4424196d885c Mon Sep 17 00:00:00 2001 +From: Patrick Havelange +Date: Wed, 23 Jan 2019 12:21:21 +0100 +Subject: [PATCH] Introduce the OPENSSL_NO_MADVISE to disable call to madvise() + +Upstream: https://github.com/openssl/openssl/pull/8089 +Signed-off-by: Patrick Havelange +--- + crypto/mem_sec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c +index 9e0f670..32c7282 100644 +--- a/crypto/mem_sec.c ++++ b/crypto/mem_sec.c +@@ -485,7 +485,7 @@ static int sh_init(size_t size, int minsize) + if (mlock(sh.arena, sh.arena_size) < 0) + ret = 2; + #endif +-#ifdef MADV_DONTDUMP ++#if defined(MADV_DONTDUMP) && !defined(OPENSSL_NO_MADVISE) + if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) + ret = 2; + #endif +-- +2.17.1 + diff --git a/package/openssl/patches/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch b/package/openssl/patches/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch new file mode 100644 index 00000000..b5070ad7 --- /dev/null +++ b/package/openssl/patches/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch @@ -0,0 +1,37 @@ +From b57cc2e4ee21babacbffc243626de72c248068ea Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Sun, 5 May 2019 18:30:55 +0200 +Subject: [PATCH] Configure: use ELFv2 ABI on some ppc64 big endian systems + +If _CALL_ELF is defined to be 2, it's an ELFv2 system. +Conditionally switch to the v2 perlasm scheme. + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8883) +[vfazio: fixup for 1.1.1d] +Signed-off-by: Vincent Fazio +[rebased on openssl-1.1.1i] +Signed-off-by: Bernd Kuhls +--- + Configure | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/Configure b/Configure +index 5a699836f3..f9152b1702 100755 +--- a/Configure ++++ b/Configure +@@ -1417,6 +1417,10 @@ my %predefined_CXX = $config{CXX} + ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX}) + : (); + ++if ($target eq "linux-ppc64" && !$disabled{asm}) { ++ $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2); ++} ++ + # Check for makedepend capabilities. + if (!$disabled{makedepend}) { + if ($config{target} =~ /^(VC|vms)-/) { +-- +2.25.0 + diff --git a/package/openssl/patches/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch b/package/openssl/patches/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch new file mode 100644 index 00000000..30bddc23 --- /dev/null +++ b/package/openssl/patches/0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch @@ -0,0 +1,64 @@ +From 07a0bbdd179a52907485fd793f0df31c097447af Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Sun, 5 May 2019 18:25:50 +0200 +Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is a big endian ELFv2 configuration. ELFv2 was already being +used for little endian, and big endian was traditionally ELFv1 +but there are practical configurations that use ELFv2 with big +endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.) + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8883) +Signed-off-by: Vincent Fazio +--- + crypto/perlasm/ppc-xlate.pl | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl +index d220c6245b..eec82b8d48 100755 +--- a/crypto/perlasm/ppc-xlate.pl ++++ b/crypto/perlasm/ppc-xlate.pl +@@ -49,7 +49,7 @@ my $globl = sub { + /osx/ && do { $name = "_$name"; + last; + }; +- /linux.*(32|64le)/ ++ /linux.*(32|64(le|v2))/ + && do { $ret .= ".globl $name"; + if (!$$type) { + $ret .= "\n.type $name,\@function"; +@@ -80,7 +80,7 @@ my $globl = sub { + }; + my $text = sub { + my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text"; +- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/); ++ $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/); + $ret; + }; + my $machine = sub { +@@ -186,7 +186,7 @@ my $vmr = sub { + + # Some ABIs specify vrsave, special-purpose register #256, as reserved + # for system use. +-my $no_vrsave = ($flavour =~ /aix|linux64le/); ++my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/); + my $mtspr = sub { + my ($f,$idx,$ra) = @_; + if ($idx == 256 && $no_vrsave) { +@@ -318,7 +318,7 @@ while($line=<>) { + if ($label) { + my $xlated = ($GLOBALS{$label} or $label); + print "$xlated:"; +- if ($flavour =~ /linux.*64le/) { ++ if ($flavour =~ /linux.*64(le|v2)/) { + if ($TYPES{$label} =~ /function/) { + printf "\n.localentry %s,0\n",$xlated; + } +-- +2.25.0 + diff --git a/package/openssl/patches/0006-Add-support-for-io_pgetevents_time64-syscall.patch b/package/openssl/patches/0006-Add-support-for-io_pgetevents_time64-syscall.patch new file mode 100644 index 00000000..0f59fa64 --- /dev/null +++ b/package/openssl/patches/0006-Add-support-for-io_pgetevents_time64-syscall.patch @@ -0,0 +1,61 @@ +From 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Mon Sep 17 00:00:00 2001 +From: Alistair Francis +Date: Thu, 29 Aug 2019 13:56:21 -0700 +Subject: [PATCH] Add support for io_pgetevents_time64 syscall + +32-bit architectures that are y2038 safe don't include syscalls that use +32-bit time_t. Instead these architectures have suffixed syscalls that +always use a 64-bit time_t. In the case of the io_getevents syscall the +syscall has been replaced with the io_pgetevents_time64 syscall instead. + +This patch changes the io_getevents() function to use the correct +syscall based on the avaliable syscalls and the time_t size. We will +only use the new 64-bit time_t syscall if the architecture is using a +64-bit time_t. This is to avoid having to deal with 32/64-bit +conversions and relying on a 64-bit timespec struct on 32-bit time_t +platforms. As of Linux 5.3 there are no 32-bit time_t architectures +without __NR_io_getevents. In the future if a 32-bit time_t architecture +wants to use the 64-bit syscalls we can handle the conversion. + +This fixes build failures on 32-bit RISC-V. + +Signed-off-by: Alistair Francis + +Reviewed-by: Richard Levitte +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/9819) +--- + engines/e_afalg.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/engines/e_afalg.c b/engines/e_afalg.c +index dacbe358cb..99516cb1bb 100644 +--- a/engines/e_afalg.c ++++ b/engines/e_afalg.c +@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, + struct io_event *events, + struct timespec *timeout) + { ++#if defined(__NR_io_getevents) + return syscall(__NR_io_getevents, ctx, min, max, events, timeout); ++#elif defined(__NR_io_pgetevents_time64) ++ /* Let's only support the 64 suffix syscalls for 64-bit time_t. ++ * This simplifies the code for us as we don't need to use a 64-bit ++ * version of timespec with a 32-bit time_t and handle converting ++ * between 64-bit and 32-bit times and check for overflows. ++ */ ++ if (sizeof(timeout->tv_sec) == 8) ++ return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL); ++ else { ++ errno = ENOSYS; ++ return -1; ++ } ++#else ++# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64." ++#endif + } + + static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, +-- +2.25.1 + diff --git a/package/openssl/patches/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch b/package/openssl/patches/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch new file mode 100644 index 00000000..4313eecd --- /dev/null +++ b/package/openssl/patches/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch @@ -0,0 +1,98 @@ +From e5499a3cac1e823c3e0697e8667e952317b70cc8 Mon Sep 17 00:00:00 2001 +From: Alistair Francis +Date: Thu, 4 Mar 2021 12:10:11 -0500 +Subject: [PATCH] Fixup support for io_pgetevents_time64 syscall + +This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc +"Add support for io_pgetevents_time64 syscall" that didn't correctly +work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V. + +For a full discussion of the issue see: +https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc + +Signed-off-by: Alistair Francis + +Reviewed-by: Tomas Mraz +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/14432) +--- + engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 42 insertions(+), 13 deletions(-) + +diff --git a/engines/e_afalg.c b/engines/e_afalg.c +index 9480d7c24b..4e9d67db2d 100644 +--- a/engines/e_afalg.c ++++ b/engines/e_afalg.c +@@ -124,27 +124,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb) + return syscall(__NR_io_submit, ctx, n, iocb); + } + ++/* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */ ++struct __timespec32 ++{ ++ __kernel_long_t tv_sec; ++ __kernel_long_t tv_nsec; ++}; ++ + static ossl_inline int io_getevents(aio_context_t ctx, long min, long max, + struct io_event *events, + struct timespec *timeout) + { ++#if defined(__NR_io_pgetevents_time64) ++ /* Check if we are a 32-bit architecture with a 64-bit time_t */ ++ if (sizeof(*timeout) != sizeof(struct __timespec32)) { ++ int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events, ++ timeout, NULL); ++ if (ret == 0 || errno != ENOSYS) ++ return ret; ++ } ++#endif ++ + #if defined(__NR_io_getevents) +- return syscall(__NR_io_getevents, ctx, min, max, events, timeout); +-#elif defined(__NR_io_pgetevents_time64) +- /* Let's only support the 64 suffix syscalls for 64-bit time_t. +- * This simplifies the code for us as we don't need to use a 64-bit +- * version of timespec with a 32-bit time_t and handle converting +- * between 64-bit and 32-bit times and check for overflows. +- */ +- if (sizeof(timeout->tv_sec) == 8) +- return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL); ++ if (sizeof(*timeout) == sizeof(struct __timespec32)) ++ /* ++ * time_t matches our architecture length, we can just use ++ * __NR_io_getevents ++ */ ++ return syscall(__NR_io_getevents, ctx, min, max, events, timeout); + else { +- errno = ENOSYS; +- return -1; ++ /* ++ * We don't have __NR_io_pgetevents_time64, but we are using a ++ * 64-bit time_t on a 32-bit architecture. If we can fit the ++ * timeout value in a 32-bit time_t, then let's do that ++ * and then use the __NR_io_getevents syscall. ++ */ ++ if (timeout && timeout->tv_sec == (long)timeout->tv_sec) { ++ struct __timespec32 ts32; ++ ++ ts32.tv_sec = (__kernel_long_t) timeout->tv_sec; ++ ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec; ++ ++ return syscall(__NR_io_getevents, ctx, min, max, events, ts32); ++ } else { ++ return syscall(__NR_io_getevents, ctx, min, max, events, NULL); ++ } + } +-#else +-# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64." + #endif ++ ++ errno = ENOSYS; ++ return -1; + } + + static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, +-- +2.25.1 +