# HG changeset patch # User Sebastien Jodogne # Date 1585826748 -7200 # Node ID e9834343d327bbd997aaaf93dc5097db478ec30d # Parent 6462ecaa045b4624ad3c43dacab643e9caeaaac0 upgrade to openssl 1.1.1f diff -r 6462ecaa045b -r e9834343d327 NEWS --- a/NEWS Thu Apr 02 12:54:45 2020 +0200 +++ b/NEWS Thu Apr 02 13:25:48 2020 +0200 @@ -11,6 +11,7 @@ * Error reporting on failure while initializing SSL * Upgraded dependencies for static builds (notably on Windows): - civetweb 1.12 + - openssl 1.1.1f Version 1.6.0 (2020-03-18) diff -r 6462ecaa045b -r e9834343d327 Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake --- a/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake Thu Apr 02 12:54:45 2020 +0200 +++ b/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake Thu Apr 02 13:25:48 2020 +0200 @@ -1,6 +1,6 @@ -SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.1.1d) -SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-1.1.1d.tar.gz") -SET(OPENSSL_MD5 "3be209000dbc7e1b95bcdf47980a3baa") +SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.1.1f) +SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-1.1.1f.tar.gz") +SET(OPENSSL_MD5 "3f486f2f4435ef14b81814dbbc7b48bb") if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}") set(FirstRun OFF) @@ -16,18 +16,18 @@ #define PLATFORM \"\" #define compiler_flags \"\" ") - file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/include/internal/bn_conf.h "") - file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/include/internal/dso_conf.h "") + file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/bn_conf.h "") + file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/dso_conf.h "") configure_file( - ${ORTHANC_ROOT}/Resources/Patches/openssl-1.1.1d-conf.h.in + ${ORTHANC_ROOT}/Resources/Patches/openssl-1.1.1-conf.h.in ${OPENSSL_SOURCES_DIR}/include/openssl/opensslconf.h ) # Apply the patches execute_process( COMMAND ${PATCH_EXECUTABLE} -p0 -N -i - ${ORTHANC_ROOT}/Resources/Patches/openssl-1.1.1d.patch + ${ORTHANC_ROOT}/Resources/Patches/openssl-1.1.1f.patch WORKING_DIRECTORY ${CMAKE_BINARY_DIR} RESULT_VARIABLE Failure ) diff -r 6462ecaa045b -r e9834343d327 Resources/Patches/openssl-1.1.1-conf.h.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Resources/Patches/openssl-1.1.1-conf.h.in Thu Apr 02 13:25:48 2020 +0200 @@ -0,0 +1,122 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + + +#define OPENSSL_UNISTD + +#if 0 +/* Generate 80386 code? */ +{- ${processor} eq "386" ? "#define" : "#undef" -} I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD {- ${unistd} -} + +{- ${export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +{- ${bn_ll} ? "# define" : "# undef" -} BN_LLONG +/* Only one for the following should be defined */ +{- ${b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG +{- ${b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT +{- ${b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT +#endif + +#define RC4_INT {- ${rc4_int} -} +#endif + +#ifdef __cplusplus +} +#endif diff -r 6462ecaa045b -r e9834343d327 Resources/Patches/openssl-1.1.1d-conf.h.in --- a/Resources/Patches/openssl-1.1.1d-conf.h.in Thu Apr 02 12:54:45 2020 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,122 +0,0 @@ -/* - * {- join("\n * ", @autowarntext) -} - * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -#endif - - -/* - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers - * don't like that. This will hopefully silence them. - */ -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; - -/* - * Applications should use -DOPENSSL_API_COMPAT= to suppress the - * declarations of functions deprecated in or before . Otherwise, they - * still won't see them if the library has been built to disable deprecated - * functions. - */ -#ifndef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# endif -#endif - -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif - -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 -#endif - -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API -#endif - -/* - * Do not deprecate things to be deprecated in version 1.2.0 before the - * OpenSSL version number matches. - */ -#if OPENSSL_VERSION_NUMBER < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) f; -#elif OPENSSL_API_COMPAT < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_2_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10100000L -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_1_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10000000L -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_0_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x00908000L -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_0_9_8(f) -#endif - - -#define OPENSSL_UNISTD - -#if 0 -/* Generate 80386 code? */ -{- ${processor} eq "386" ? "#define" : "#undef" -} I386_ONLY - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD {- ${unistd} -} - -{- ${export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION - -/* - * The following are cipher-specific, but are part of the public API. - */ -#if !defined(OPENSSL_SYS_UEFI) -{- ${bn_ll} ? "# define" : "# undef" -} BN_LLONG -/* Only one for the following should be defined */ -{- ${b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG -{- ${b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT -{- ${b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT -#endif - -#define RC4_INT {- ${rc4_int} -} -#endif - -#ifdef __cplusplus -} -#endif diff -r 6462ecaa045b -r e9834343d327 Resources/Patches/openssl-1.1.1f.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Resources/Patches/openssl-1.1.1f.patch Thu Apr 02 13:25:48 2020 +0200 @@ -0,0 +1,12 @@ +diff -urEb openssl-1.1.1f.orig/crypto/rand/rand_unix.c openssl-1.1.1f/crypto/rand/rand_unix.c +--- openssl-1.1.1f.orig/crypto/rand/rand_unix.c 2020-04-02 13:14:23.195439492 +0200 ++++ openssl-1.1.1f/crypto/rand/rand_unix.c 2020-04-02 13:15:18.079473769 +0200 +@@ -387,7 +387,7 @@ + # endif + + /* Linux supports this since version 3.17 */ +-# if defined(__linux) && defined(__NR_getrandom) ++# if defined(__linux) && defined(__NR_getrandom) && !defined(__LSB_VERSION__) + return syscall(__NR_getrandom, buf, buflen, 0); + # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) + return sysctl_random(buf, buflen); diff -r 6462ecaa045b -r e9834343d327 UnitTestsSources/VersionsTests.cpp --- a/UnitTestsSources/VersionsTests.cpp Thu Apr 02 12:54:45 2020 +0200 +++ b/UnitTestsSources/VersionsTests.cpp Thu Apr 02 13:25:48 2020 +0200 @@ -185,7 +185,7 @@ TEST(Version, OpenSslStatic) { ASSERT_TRUE(OPENSSL_VERSION_NUMBER == 0x1000210fL /* openssl-1.0.2p */ || - OPENSSL_VERSION_NUMBER == 0x1010104fL /* openssl-1.1.1d */); + OPENSSL_VERSION_NUMBER == 0x1010106fL /* openssl-1.1.1f */); } #endif