4 files changed, 102 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch
new file mode 100644
index 0000000000..44764359ce
--- /dev/null
+++ b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch
@@ -0,0 +1,28 @@
+diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+index 68e475d..19132ff 100644
+--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+@@ -39,6 +39,7 @@
+ #include <thrift/transport/PlatformSocket.h>
+ 
+ #define OPENSSL_VERSION_NO_THREAD_ID 0x10000000L
+#define OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2 0x10100000L
+ 
+ using namespace std;
+ using namespace apache::thrift::concurrency;
+@@ -148,10 +149,15 @@ SSLContext::SSLContext(const SSLProtocol& protocol) {
+     ctx_ = SSL_CTX_new(SSLv3_method());
+   } else if (protocol == TLSv1_0) {
+     ctx_ = SSL_CTX_new(TLSv1_method());
+#if (OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2)
+   } else if (protocol == TLSv1_1) {
+     ctx_ = SSL_CTX_new(TLSv1_1_method());
+   } else if (protocol == TLSv1_2) {
+     ctx_ = SSL_CTX_new(TLSv1_2_method());
+#else
+  //Support for this versions will end on 2016-12-31
+  //https://www.openssl.org/about/releasestrat.html
+#endif
+   } else {
+     /// UNKNOWN PROTOCOL!
+     throw TSSLException("SSL_CTX_new: Unknown protocol");
diff --git a/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch
new file mode 100644
index 0000000000..8d71056675
--- /dev/null
+++ b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch
@@ -0,0 +1,26 @@
+From cc4f32db13ddc62fbd1e316127c5a60f4080a2d3 Mon Sep 17 00:00:00 2001
+From: "James E. King, III" <jim.king@simplivity.com>
+Date: Thu, 29 Sep 2016 15:04:09 -0400
+Subject: [PATCH] THRIFT-3878: fix interop with newer OpenSSL libraries
+---
+ lib/cpp/src/thrift/transport/TSSLSocket.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+index 517151f714..1efb9f7a47 100644
+--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+@@ -108,7 +108,12 @@ void initializeOpenSSL() {
+   SSL_library_init();
+   SSL_load_error_strings();
+   // static locking
+  // newer versions of OpenSSL changed CRYPTO_num_locks - see THRIFT-3878
+#ifdef CRYPTO_num_locks
+  mutexes = boost::shared_array<Mutex>(new Mutex[CRYPTO_num_locks()]);
+#else
+   mutexes = boost::shared_array<Mutex>(new Mutex[ ::CRYPTO_num_locks()]);
+#endif
+   if (mutexes == NULL) {
+     throw TTransportException(TTransportException::INTERNAL_ERROR,
+                               "initializeOpenSSL() failed, "
diff --git a/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch
new file mode 100644
index 0000000000..9c18171f1e
--- /dev/null
+++ b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch
@@ -0,0 +1,45 @@
+From 53dc6e255bec2e4cd8bae85d14bec1cf28310d3f Mon Sep 17 00:00:00 2001
+From: Nobuaki Sukegawa <nsuke@apache.org>
+Date: Sun, 13 Mar 2016 08:55:38 +0900
+Subject: [PATCH] THRIFT-3736 C++ library build fails if OpenSSL does not
+ surrpot SSLv3
+---
+ lib/cpp/src/thrift/transport/TSSLSocket.cpp | 2 ++
+ lib/cpp/test/SecurityTest.cpp               | 8 ++++++++
+ 2 files changed, 10 insertions(+)
+diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+index bd13160260..517151f714 100644
+--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+@@ -151,8 +151,10 @@ static char uppercase(char c);
+ SSLContext::SSLContext(const SSLProtocol& protocol) {
+   if (protocol == SSLTLS) {
+     ctx_ = SSL_CTX_new(SSLv23_method());
+#ifndef OPENSSL_NO_SSL3
+   } else if (protocol == SSLv3) {
+     ctx_ = SSL_CTX_new(SSLv3_method());
+#endif
+   } else if (protocol == TLSv1_0) {
+     ctx_ = SSL_CTX_new(TLSv1_method());
+   } else if (protocol == TLSv1_1) {
+diff --git a/lib/cpp/test/SecurityTest.cpp b/lib/cpp/test/SecurityTest.cpp
+index 9968e2c478..23650d6280 100644
+--- a/lib/cpp/test/SecurityTest.cpp
+++ b/lib/cpp/test/SecurityTest.cpp
+@@ -240,6 +240,14 @@ BOOST_AUTO_TEST_CASE(ssl_security_matrix)
+                     continue;
+                 }
+ 
+#ifdef OPENSSL_NO_SSL3
+                if (si == 2 || ci == 2)
+                {
+                    // Skip all SSLv3 cases - protocol not supported
+                    continue;
+                }
+#endif
+
+                 boost::mutex::scoped_lock lock(mMutex);
+ 
+                 BOOST_TEST_MESSAGE(boost::format("TEST: Server = %1%, Client = %2%")
diff --git a/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb b/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb
index aa93283712..7ab74026bb 100644
--- a/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb
+++ b/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb
@@ -12,6 +12,9 @@ SRC_URI = "http://mirror.switch.ch/mirror/apache/dist/thrift/${PV}/${BPN}-${PV}.
           file://0001-Forcibly-disable-check-for-Qt5.patch \
           file://0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch \
           file://0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch \
+           file://0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch \
+           file://0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch \
+           file://0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch \
 "
 SRC_URI[md5sum] = "88d667a8ae870d5adeca8cb7d6795442"

diff --git a/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch new file mode 100644 index 0000000000..44764359ce --- /dev/null +++ b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch
@@ -0,0 +1,28 @@
		1	diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		2	index 68e475d..19132ff 100644
		3	--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		4	+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		5	@@ -39,6 +39,7 @@
		6	#include <thrift/transport/PlatformSocket.h>
		7
		8	#define OPENSSL_VERSION_NO_THREAD_ID 0x10000000L
		9	+#define OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2 0x10100000L
		10
		11	using namespace std;
		12	using namespace apache::thrift::concurrency;
		13	@@ -148,10 +149,15 @@ SSLContext::SSLContext(const SSLProtocol& protocol) {
		14	ctx_ = SSL_CTX_new(SSLv3_method());
		15	} else if (protocol == TLSv1_0) {
		16	ctx_ = SSL_CTX_new(TLSv1_method());
		17	+#if (OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_WITH_TLSv1_1_AND_TLSv1_2)
		18	} else if (protocol == TLSv1_1) {
		19	ctx_ = SSL_CTX_new(TLSv1_1_method());
		20	} else if (protocol == TLSv1_2) {
		21	ctx_ = SSL_CTX_new(TLSv1_2_method());
		22	+#else
		23	+ //Support for this versions will end on 2016-12-31
		24	+ //https://www.openssl.org/about/releasestrat.html
		25	+#endif
		26	} else {
		27	/// UNKNOWN PROTOCOL!
		28	throw TSSLException("SSL_CTX_new: Unknown protocol");


diff --git a/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch new file mode 100644 index 0000000000..8d71056675 --- /dev/null +++ b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch
@@ -0,0 +1,26 @@
		1	From cc4f32db13ddc62fbd1e316127c5a60f4080a2d3 Mon Sep 17 00:00:00 2001
		2	From: "James E. King, III" <jim.king@simplivity.com>
		3	Date: Thu, 29 Sep 2016 15:04:09 -0400
		4	Subject: [PATCH] THRIFT-3878: fix interop with newer OpenSSL libraries
		5
		6	---
		7	lib/cpp/src/thrift/transport/TSSLSocket.cpp \| 5 +++++
		8	1 file changed, 5 insertions(+)
		9
		10	diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		11	index 517151f714..1efb9f7a47 100644
		12	--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		13	+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		14	@@ -108,7 +108,12 @@ void initializeOpenSSL() {
		15	SSL_library_init();
		16	SSL_load_error_strings();
		17	// static locking
		18	+ // newer versions of OpenSSL changed CRYPTO_num_locks - see THRIFT-3878
		19	+#ifdef CRYPTO_num_locks
		20	+ mutexes = boost::shared_array<Mutex>(new Mutex[CRYPTO_num_locks()]);
		21	+#else
		22	mutexes = boost::shared_array<Mutex>(new Mutex[ ::CRYPTO_num_locks()]);
		23	+#endif
		24	if (mutexes == NULL) {
		25	throw TTransportException(TTransportException::INTERNAL_ERROR,
		26	"initializeOpenSSL() failed, "


diff --git a/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch new file mode 100644 index 0000000000..9c18171f1e --- /dev/null +++ b/meta-oe/recipes-connectivity/thrift/thrift-0.9.3/0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch
@@ -0,0 +1,45 @@
		1	From 53dc6e255bec2e4cd8bae85d14bec1cf28310d3f Mon Sep 17 00:00:00 2001
		2	From: Nobuaki Sukegawa <nsuke@apache.org>
		3	Date: Sun, 13 Mar 2016 08:55:38 +0900
		4	Subject: [PATCH] THRIFT-3736 C++ library build fails if OpenSSL does not
		5	surrpot SSLv3
		6
		7	---
		8	lib/cpp/src/thrift/transport/TSSLSocket.cpp \| 2 ++
		9	lib/cpp/test/SecurityTest.cpp \| 8 ++++++++
		10	2 files changed, 10 insertions(+)
		11
		12	diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		13	index bd13160260..517151f714 100644
		14	--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		15	+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
		16	@@ -151,8 +151,10 @@ static char uppercase(char c);
		17	SSLContext::SSLContext(const SSLProtocol& protocol) {
		18	if (protocol == SSLTLS) {
		19	ctx_ = SSL_CTX_new(SSLv23_method());
		20	+#ifndef OPENSSL_NO_SSL3
		21	} else if (protocol == SSLv3) {
		22	ctx_ = SSL_CTX_new(SSLv3_method());
		23	+#endif
		24	} else if (protocol == TLSv1_0) {
		25	ctx_ = SSL_CTX_new(TLSv1_method());
		26	} else if (protocol == TLSv1_1) {
		27	diff --git a/lib/cpp/test/SecurityTest.cpp b/lib/cpp/test/SecurityTest.cpp
		28	index 9968e2c478..23650d6280 100644
		29	--- a/lib/cpp/test/SecurityTest.cpp
		30	+++ b/lib/cpp/test/SecurityTest.cpp
		31	@@ -240,6 +240,14 @@ BOOST_AUTO_TEST_CASE(ssl_security_matrix)
		32	continue;
		33	}
		34
		35	+#ifdef OPENSSL_NO_SSL3
		36	+ if (si == 2 \|\| ci == 2)
		37	+ {
		38	+ // Skip all SSLv3 cases - protocol not supported
		39	+ continue;
		40	+ }
		41	+#endif
		42	+
		43	boost::mutex::scoped_lock lock(mMutex);
		44
		45	BOOST_TEST_MESSAGE(boost::format("TEST: Server = %1%, Client = %2%")


diff --git a/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb b/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb index aa93283712..7ab74026bb 100644 --- a/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb +++ b/meta-oe/recipes-connectivity/thrift/thrift_0.9.3.bb
@@ -12,6 +12,9 @@ SRC_URI = "http://mirror.switch.ch/mirror/apache/dist/thrift/${PV}/${BPN}-${PV}.
12	file://0001-Forcibly-disable-check-for-Qt5.patch \	12	file://0001-Forcibly-disable-check-for-Qt5.patch \
13	file://0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch \	13	file://0001-THRIFT-3828-In-cmake-avoid-use-of-both-quoted-paths-.patch \
14	file://0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch \	14	file://0002-THRIFT-3831-in-test-cpp-explicitly-use-signed-char.patch \
		15	file://0004-THRIFT-3207-enable-build-with-OpenSSL-1.1.0-series.patch \
		16	file://0005-THRIFT-3878-Compile-error-in-TSSLSocket.cpp-with-new.patch \
		17	file://0006-THRIFT-3736-C++-library-build-fails-if-OpenSSL-does-.patch \
15	"	18	"
16		19
17	SRC_URI[md5sum] = "88d667a8ae870d5adeca8cb7d6795442"	20	SRC_URI[md5sum] = "88d667a8ae870d5adeca8cb7d6795442"