summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
Commit message (Collapse)AuthorAgeFilesLines
* openssl: upgrade 3.5.0 -> 3.5.1Peter Marko2025-07-141-288/+0
| | | | | | | | | | | | | | | Release information: https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-350-and-openssl-351-1-jul-2025 Handles CVE-2025-4575. Refresh patches. (From OE-Core rev: c030c9c31d27917fb45aaaa5ed174c16ca68ec9e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add workaround for broken paths in native libcrypto.pcEnrico Jörns2025-07-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since d1b29222 ("openssl-native(sdk): poision built in paths") the workaround for host path contamination in native(sdk) openssl is fixed. But an unfortunate side-effect of forcing the directory variables (OPENSSLDIR, ENGINESDIR, MODULESDIR) to be invalid is that it renders the generated native pkg-config file (libcrypto.pc) unusable: [..] includedir=${prefix}/include enginesdir=${libdir}/../../../../../../../../../../../../../../../../not/builtin modulesdir=${libdir}/../../../../../../../../../../../../../../../../not/builtin Name: OpenSSL-libcrypto [..] This will prevent other native tools (like libp11-native) from installing their (.so) files into valid OpenSSL directories. The strange paths are a result of OpenSSL's build system attempting to resolve the dummy path "/not/builtin" relative to ${libdir} for libcrypto.pc.in: | enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR[0] -} There doesn't appear to be a straightforward way to avoid embedding a built-in host path while still generating a valid libcrypto.pc file. This workaround now post-fixes the .pc files for openssl-native by using two sed calls to replace the invalid paths with the valid ones. (To prevent bitbake from early expanding the libdir variables, use a group as a simple hack.) (From OE-Core rev: 4d4af8d1cb272369eb4ddcc489e90831c9c2c8c7) Signed-off-by: Enrico Jörns <ejo@pengutronix.de> Signed-off-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Link with libatomic on x86/clangKhem Raj2025-05-271-0/+3
| | | | | | | | | | | | Fixes threads_pthread.c:(.text+0x372): undefined reference to `__atomic_is_lock_free' (From OE-Core rev: 636e30f2d363bd77ac9cce69eecb14d2db703bb2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add fips supportYi Zhao2025-05-151-2/+17
| | | | | | | | | | | | | | | | | | | * Add PACKAGECONFIG[fips] to enable fips build. * Split a new package openssl-ossl-module-fips for fips.so. * Add pkg_postinst_ontarget for openssl-ossl-module-fips to ensure the config file fipsmodule.cnf is created on target. This is because we should not use the same fipsmodule.cnf on different machines. The 'openssl fipsinstall' commandline in pkg_postinst_ontarget will do the following things: 1. Run the FIPS module self tests on target. 2. Generate config file fipsmodule.conf containing information about the FIPS module such as the calculated MAC of the module. (From OE-Core rev: 29979937e2d40885e7e91bb9a7e7dca6763e3d52) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 3.4.1 -> 3.5.0Peter Marko2025-04-101-0/+265
This is new openssl LTS release. Release information: * https://openssl-library.org/post/2025-02-20-openssl-3.5-lts/ * https://openssl-library.org/post/2025-04-08-openssl-35-final-release/ * https://github.com/openssl/openssl/releases/tag/openssl-3.5.0 * https://github.com/openssl/openssl/blob/openssl-3.5.0/NEWS.md#openssl-35 packages-split directory does not show any changes relevant for packaging change. There are new config options but they don't seem to be significant enough to need explicit packageconfig options. (From OE-Core rev: 6ff6e86a06ba081eb9afd83e62c128f987cce0ef) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-06 11:35:59 +0000