Mercurial > hg > orthanc
changeset 4907:d17a81fa7350
merge
author | Alain Mazy <am@osimis.io> |
---|---|
date | Mon, 21 Feb 2022 10:12:08 +0100 |
parents | f656fb878b50 (current diff) b5b693465295 (diff) |
children | 1cd1b8f58e56 |
files | |
diffstat | 3 files changed, 314 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Mon Feb 21 10:11:38 2022 +0100 +++ b/NEWS Mon Feb 21 10:12:08 2022 +0100 @@ -66,7 +66,7 @@ - "DicomThreadsCount" to set the number of threads in the embedded DICOM server * Fix instances accumulating in DB while their attachments were not stored because of MaximumStorageSize limit reached with a single patient in DB. -* Dropped support for static compilation of OpenSSL 1.0.2 and 1.1.1 +* Dropped support for static compilation of OpenSSL 1.0.2 * Upgraded dependencies for static builds (notably on Windows and LSB): - openssl 3.0.1
--- a/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake Mon Feb 21 10:11:38 2022 +0100 +++ b/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake Mon Feb 21 10:12:08 2022 +0100 @@ -20,7 +20,10 @@ if (STATIC_BUILD OR NOT USE_SYSTEM_OPENSSL) - if (OPENSSL_STATIC_VERSION STREQUAL "3.0") + if (OPENSSL_STATIC_VERSION STREQUAL "1.1.1") + # Still used by orthanc-gcp (Google Cloud Platform) as of its release 1.0 + include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.1.1.cmake) + elseif (OPENSSL_STATIC_VERSION STREQUAL "3.0") include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-3.0.cmake) else() message(FATAL_ERROR "Unsupported version of OpenSSL: ${OPENSSL_STATIC_VERSION}")
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake Mon Feb 21 10:12:08 2022 +0100 @@ -0,0 +1,309 @@ +# Orthanc - A Lightweight, RESTful DICOM Store +# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics +# Department, University Hospital of Liege, Belgium +# Copyright (C) 2017-2022 Osimis S.A., Belgium +# Copyright (C) 2021-2022 Sebastien Jodogne, ICTEAM UCLouvain, Belgium +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation, either version 3 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program. If not, see +# <http://www.gnu.org/licenses/>. + + +SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.1.1k) +SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-1.1.1k.tar.gz") +SET(OPENSSL_MD5 "c4e7d95f782b08116afa27b30393dd27") + +if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}") + set(FirstRun OFF) +else() + set(FirstRun ON) +endif() + +DownloadPackage(${OPENSSL_MD5} ${OPENSSL_URL} "${OPENSSL_SOURCES_DIR}") + +if (FirstRun) + file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/buildinf.h " +#define DATE \"\" +#define PLATFORM \"\" +#define compiler_flags \"\" +") + file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/bn_conf.h "") + file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/dso_conf.h "") + + configure_file( + ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-1.1.1-conf.h.in + ${OPENSSL_SOURCES_DIR}/include/openssl/opensslconf.h + ) + + # Apply the patches + execute_process( + COMMAND ${PATCH_EXECUTABLE} -p0 -N -i + ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-1.1.1k.patch + WORKING_DIRECTORY ${CMAKE_BINARY_DIR} + RESULT_VARIABLE Failure + ) + + if (Failure) + message(FATAL_ERROR "Error while patching a file") + endif() + + file(RENAME + ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2.h + ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2_source.h) + + # The following patch of "e_os2.h" prevents from building OpenSSL + # as a DLL under Windows. Otherwise, symbols have inconsistent + # linkage if ${OPENSSL_SOURCES} is used to create a DLL (notably + # if building an Orthanc plugin such as PostgreSQL or MySQL). + file(WRITE ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2.h " +#include \"e_os2_source.h\" +#if defined(_WIN32) +# undef OPENSSL_EXPORT +# undef OPENSSL_IMPORT +# undef OPENSSL_EXTERN +# undef OPENSSL_GLOBAL +# define OPENSSL_EXPORT +# define OPENSSL_IMPORT +# define OPENSSL_EXTERN extern +# define OPENSSL_GLOBAL +#endif +") + +else() + message("The patches for OpenSSL have already been applied") +endif() + +add_definitions( + -DOPENSSL_THREADS + -DOPENSSL_IA32_SSE2 + -DOPENSSL_NO_ASM + -DOPENSSL_NO_DYNAMIC_ENGINE + -DOPENSSL_NO_DEVCRYPTOENG + + -DOPENSSL_NO_BF + -DOPENSSL_NO_CAMELLIA + -DOPENSSL_NO_CAST + -DOPENSSL_NO_EC_NISTP_64_GCC_128 + -DOPENSSL_NO_GMP + -DOPENSSL_NO_GOST + -DOPENSSL_NO_HW + -DOPENSSL_NO_JPAKE + -DOPENSSL_NO_IDEA + -DOPENSSL_NO_KRB5 + -DOPENSSL_NO_MD2 + -DOPENSSL_NO_MDC2 + #-DOPENSSL_NO_MD4 # MD4 is necessary for MariaDB/MySQL client + -DOPENSSL_NO_RC2 + -DOPENSSL_NO_RC4 + -DOPENSSL_NO_RC5 + -DOPENSSL_NO_RFC3779 + -DOPENSSL_NO_SCTP + -DOPENSSL_NO_STORE + -DOPENSSL_NO_SEED + -DOPENSSL_NO_WHIRLPOOL + -DOPENSSL_NO_RIPEMD + -DOPENSSL_NO_AFALGENG + + -DOPENSSLDIR="/usr/local/ssl" + ) + + +include_directories( + ${OPENSSL_SOURCES_DIR} + ${OPENSSL_SOURCES_DIR}/crypto + ${OPENSSL_SOURCES_DIR}/crypto/asn1 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 + ${OPENSSL_SOURCES_DIR}/crypto/evp + ${OPENSSL_SOURCES_DIR}/crypto/include + ${OPENSSL_SOURCES_DIR}/crypto/modes + ${OPENSSL_SOURCES_DIR}/include + ) + + +set(OPENSSL_SOURCES_SUBDIRS + ${OPENSSL_SOURCES_DIR}/crypto + ${OPENSSL_SOURCES_DIR}/crypto/aes + ${OPENSSL_SOURCES_DIR}/crypto/aria + ${OPENSSL_SOURCES_DIR}/crypto/asn1 + ${OPENSSL_SOURCES_DIR}/crypto/async + ${OPENSSL_SOURCES_DIR}/crypto/async/arch + ${OPENSSL_SOURCES_DIR}/crypto/bio + ${OPENSSL_SOURCES_DIR}/crypto/blake2 + ${OPENSSL_SOURCES_DIR}/crypto/bn + ${OPENSSL_SOURCES_DIR}/crypto/buffer + ${OPENSSL_SOURCES_DIR}/crypto/chacha + ${OPENSSL_SOURCES_DIR}/crypto/cmac + ${OPENSSL_SOURCES_DIR}/crypto/cms + ${OPENSSL_SOURCES_DIR}/crypto/comp + ${OPENSSL_SOURCES_DIR}/crypto/conf + ${OPENSSL_SOURCES_DIR}/crypto/ct + ${OPENSSL_SOURCES_DIR}/crypto/des + ${OPENSSL_SOURCES_DIR}/crypto/dh + ${OPENSSL_SOURCES_DIR}/crypto/dsa + ${OPENSSL_SOURCES_DIR}/crypto/dso + ${OPENSSL_SOURCES_DIR}/crypto/ec + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 + ${OPENSSL_SOURCES_DIR}/crypto/err + ${OPENSSL_SOURCES_DIR}/crypto/evp + ${OPENSSL_SOURCES_DIR}/crypto/hmac + ${OPENSSL_SOURCES_DIR}/crypto/kdf + ${OPENSSL_SOURCES_DIR}/crypto/lhash + ${OPENSSL_SOURCES_DIR}/crypto/md4 + ${OPENSSL_SOURCES_DIR}/crypto/md5 + ${OPENSSL_SOURCES_DIR}/crypto/modes + ${OPENSSL_SOURCES_DIR}/crypto/objects + ${OPENSSL_SOURCES_DIR}/crypto/ocsp + ${OPENSSL_SOURCES_DIR}/crypto/pem + ${OPENSSL_SOURCES_DIR}/crypto/pkcs12 + ${OPENSSL_SOURCES_DIR}/crypto/pkcs7 + ${OPENSSL_SOURCES_DIR}/crypto/poly1305 + ${OPENSSL_SOURCES_DIR}/crypto/pqueue + ${OPENSSL_SOURCES_DIR}/crypto/rand + ${OPENSSL_SOURCES_DIR}/crypto/ripemd + ${OPENSSL_SOURCES_DIR}/crypto/rsa + ${OPENSSL_SOURCES_DIR}/crypto/sha + ${OPENSSL_SOURCES_DIR}/crypto/siphash + ${OPENSSL_SOURCES_DIR}/crypto/sm2 + ${OPENSSL_SOURCES_DIR}/crypto/sm3 + ${OPENSSL_SOURCES_DIR}/crypto/sm4 + ${OPENSSL_SOURCES_DIR}/crypto/srp + ${OPENSSL_SOURCES_DIR}/crypto/stack + ${OPENSSL_SOURCES_DIR}/crypto/store + ${OPENSSL_SOURCES_DIR}/crypto/ts + ${OPENSSL_SOURCES_DIR}/crypto/txt_db + ${OPENSSL_SOURCES_DIR}/crypto/ui + ${OPENSSL_SOURCES_DIR}/crypto/x509 + ${OPENSSL_SOURCES_DIR}/crypto/x509v3 + ${OPENSSL_SOURCES_DIR}/ssl + ${OPENSSL_SOURCES_DIR}/ssl/record + ${OPENSSL_SOURCES_DIR}/ssl/statem + ) + +if (ENABLE_OPENSSL_ENGINES) + add_definitions( + #-DENGINESDIR="/usr/local/lib/engines-1.1" # On GNU/Linux + -DENGINESDIR="." + ) + + list(APPEND OPENSSL_SOURCES_SUBDIRS + ${OPENSSL_SOURCES_DIR}/engines + ${OPENSSL_SOURCES_DIR}/crypto/engine + ) +else() + add_definitions(-DOPENSSL_NO_ENGINE) +endif() + +list(APPEND OPENSSL_SOURCES_SUBDIRS + # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting + # HTTPS servers that use TLS certificate encrypted with ECDSA + # (check the output of a recent version of the "sslscan" + # command). Until Orthanc <= 1.4.1, these features were only + # enabled if ENABLE_PKCS11 support was set to "ON". + # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ + ${OPENSSL_SOURCES_DIR}/crypto/ec + ${OPENSSL_SOURCES_DIR}/crypto/ecdh + ${OPENSSL_SOURCES_DIR}/crypto/ecdsa + ) + +foreach(d ${OPENSSL_SOURCES_SUBDIRS}) + AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES) +endforeach() + +list(REMOVE_ITEM OPENSSL_SOURCES + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_nyi.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_unix.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_vms.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win32.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_wince.c + ${OPENSSL_SOURCES_DIR}/crypto/aes/aes_x86core.c + ${OPENSSL_SOURCES_DIR}/crypto/armcap.c + ${OPENSSL_SOURCES_DIR}/crypto/bio/bss_dgram.c + ${OPENSSL_SOURCES_DIR}/crypto/des/ncbc_enc.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c + ${OPENSSL_SOURCES_DIR}/crypto/engine/eng_devcrypto.c + ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c # Cannot be compiled with MinGW + ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_ieee754.c # Cannot be compiled with MinGW + ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c + ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c + ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c + ${OPENSSL_SOURCES_DIR}/engines/e_afalg.c # Cannot be compiled with MinGW + ) + +# Check out "${OPENSSL_SOURCES_DIR}/Configurations/README": "This is +# default if no option is specified, it works on any supported +# system." It is mandatory to define it as a macro, as it is used by +# all the source files that include OpenSSL (e.g. "Core/Toolbox.cpp" +# or curl) +add_definitions(-DTHIRTY_TWO_BIT) + + +if (NOT CMAKE_COMPILER_IS_GNUCXX OR + "${CMAKE_SYSTEM_NAME}" STREQUAL "Windows" OR + "${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") + # Disable the use of a gcc extension, that is neither available on + # MinGW, nor on LSB + add_definitions( + -DOPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE + ) +endif() + + +if ("${CMAKE_SYSTEM_NAME}" STREQUAL "Windows") + set(OPENSSL_DEFINITIONS + "${OPENSSL_DEFINITIONS};OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN;NO_WINDOWS_BRAINDEATH") + + if (ENABLE_OPENSSL_ENGINES) + link_libraries(crypt32) + endif() + + add_definitions( + -DOPENSSL_RAND_SEED_OS # ${OPENSSL_SOURCES_DIR}/crypto/rand/rand_win.c + ) + +elseif ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") + add_definitions( + # In order for "crypto/mem_sec.c" to compile on LSB + -DOPENSSL_NO_SECURE_MEMORY + + # The "OPENSSL_RAND_SEED_OS" value implies a syscall() to + # "__NR_getrandom" (i.e. system call "getentropy(2)") in + # "rand_unix.c", which is not available in LSB. + -DOPENSSL_RAND_SEED_DEVRANDOM + + # If "OPENSSL_NO_ERR" is not defined, the PostgreSQL plugin + # crashes with segmentation fault in function + # "build_SYS_str_reasons()", that is called from + # "OPENSSL_init_ssl()" + # https://bugs.orthanc-server.com/show_bug.cgi?id=193 + -DOPENSSL_NO_ERR + ) + +else() + # Fixes error "OpenSSL error: error:2406C06E:random number + # generator:RAND_DRBG_instantiate:error retrieving entropy" that was + # present in Orthanc 1.6.0, if statically linking on Ubuntu 18.04 + add_definitions( + -DOPENSSL_RAND_SEED_OS + ) +endif() + + +set_source_files_properties( + ${OPENSSL_SOURCES} + PROPERTIES COMPILE_DEFINITIONS + "${OPENSSL_DEFINITIONS};DSO_NONE" + )