[gnome-continuous-yocto/gnomeostree-3.28-rocko: 5727/8267] openssl: Bump SONAME to match the ABI

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 5727/8267] openssl: Bump SONAME to match the ABI
Date: Sun, 17 Dec 2017 03:50:44 +0000 (UTC)

commit a59bfd05d15085a3dc5669b47fd19867246c846b
Author: Jussi Kukkonen <jussi kukkonen intel com>
Date:   Thu Apr 20 16:32:19 2017 +0300

    openssl: Bump SONAME to match the ABI
    
    Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included
    a version-script change from Debian that was an ABI change. It did
    not include the soname change that Debian did so we have been calling
    our ABI 1.0.0 but it really matches what others call 1.0.2.
    
    Bump SONAME to match the ABI. In practice this changes both libcrypto
    and libssl sonames from 1.0.0 to 1.0.2.
    
    For background: Upstream does not do sonames so these are set by
    distros. In this case the ABI changes based on a build time
    configuration! Debian took the ABI changing configuration and bumped
    soname but e.g. Ubuntu kept the deprecated API and just made it not
    work, keeping soname. So both have same version of openssl but support
    different ABI (and expose different SONAME).
    
    Fixes [YOCTO #11396].
    
    Thanks to Alexander Larsson et al for detective work.
    
    (From OE-Core rev: 1b430eef7131876bc735c22d66358379b0516821)
    
    Signed-off-by: Jussi Kukkonen <jussi kukkonen intel com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../openssl/openssl/debian1.0.2/soname.patch       |   13 +++++++++++++
 .../recipes-connectivity/openssl/openssl_1.0.2k.bb |    1 +
 2 files changed, 14 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch 
b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
new file mode 100644
index 0000000..f9cdfec
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/soname.patch
@@ -0,0 +1,13 @@
+Index: openssl-1.0.2d/crypto/opensslv.h
+===================================================================
+--- openssl-1.0.2d.orig/crypto/opensslv.h
++++ openssl-1.0.2d/crypto/opensslv.h
+@@ -88,7 +88,7 @@ extern "C" {
+  * should only keep the versions that are binary compatible with the current.
+  */
+ # define SHLIB_VERSION_HISTORY ""
+-# define SHLIB_VERSION_NUMBER "1.0.0"
++# define SHLIB_VERSION_NUMBER "1.0.2"
+ 
+ 
+ #ifdef  __cplusplus
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb 
b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
index 1c10414..83d1a50 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
@@ -30,6 +30,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
             file://debian/no-symbolic.patch \
             file://debian/pic.patch \
             file://debian1.0.2/version-script.patch \
+            file://debian1.0.2/soname.patch \
             file://openssl_fix_for_x32.patch \
             file://fix-cipher-des-ede3-cfb1.patch \
             file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]