[Buildroot] OpenSSL v3.0

Konrad Gräfe k.graefe at gateware.de
Fri Jul 14 10:29:55 UTC 2023 

On 22/06/23 11:24, Danny Wood wrote:
 > On 19/06/2023 14:26, Peter Korsgaard wrote:
 >>>>>>> "May," == May, Torsten <torsten.may at ebee.de> writes:
 >>   > Hi Peter,
 >>   > as September is approaching quickly, is there any progress on 
that topic?
 >>
 >> Unfortunately not. So far no patches for openssl 3.x have been
 >> submitted.
 >>
 >> If you are using openssl then now would be a VERY good time to
 >> contribute an update to the 3.x series.
 >>
 >
 > Hi,
 >
 > Attached is a patch I have made to build v3.0.9 of OpenSSL (LTS until 
2026).
 >
 > Everything in my build tree compiled fine with the new version apart 
from MariaDB which also needed updating, attached is an additional patch 
which updates MariaDB to v10.11.4 (LTS until 2026)
 >
 > These both apply on top of the 2023.02.2 buildroot tar balls.
 >
 > I have been running these updated packages for a couple of days and 
haven't had any issues so far.
 >
 > Kind regards,
 > Danny

Hi Danny,

thanks for picking this up. I tried your patch on our own system and it 
seems to work here as well. I do have a few comments though:

 > diff --git 
a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch 
b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
 > index 6527bc23..ed4590dd 100644
 > --- 
a/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
 > +++ 
b/package/libopenssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch

nit: The patch should have a rebase comment and your sign-off in the 
trailer of the commit message, e.g.
      [rebased on 3.0.9]
      Signed-off-by: Danny Wood <danny at rotronics.co.uk>

 > @@ -19,14 +19,14 @@ diff --git a/Configurations/unix-Makefile.tmpl 
b/Configurations/unix-Makefile.tm
 >  index 40cf2c3..777d9ca 100644
 >  --- a/Configurations/unix-Makefile.tmpl
 >  +++ b/Configurations/unix-Makefile.tmpl

nit: missing trailer (see above)

 > diff --git 
a/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch 
b/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
 > index 820c2add..ea26a310 100644
 > --- 
a/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
 > +++ 
b/package/libopenssl/0002-Reproducible-build-do-not-leak-compiler-path.patch
 > @@ -15,15 +15,15 @@ diff --git a/crypto/build.info b/crypto/build.info

nit: missing trailer (see above)

 > diff --git 
a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch 
b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
 > index ef40b035..425adea5 100644
 > --- 
a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
 > +++ 
b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch

nit: missing trailer (see above)

 > diff --git a/package/libopenssl/libopenssl.hash 
b/package/libopenssl/libopenssl.hash
 > index 708926de..681e5429 100644
 > --- a/package/libopenssl/libopenssl.hash
 > +++ b/package/libopenssl/libopenssl.hash
 > @@ -1,5 +1,5 @@
 >  # From https://www.openssl.org/source/openssl-1.1.1u.tar.gz.sha256
 > -sha256 
e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6 
openssl-1.1.1u.tar.gz
 > +sha256 
eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90 
openssl-3.0.9.tar.gz
 >
 >  # License files
 >  sha256 
c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c  LICENSE
 > diff --git a/package/libopenssl/libopenssl.mk 
b/package/libopenssl/libopenssl.mk

The license has been changed to Apache-2.0 and the LICENSE file got 
renamed to LICENSE.txt. You can check that everything is in place with 
"make legal-info".

 > index 178979f4..746c6916 100644
 > --- a/package/libopenssl/libopenssl.mk
 > +++ b/package/libopenssl/libopenssl.mk
 > @@ -4,7 +4,7 @@
 >  #
 > 
################################################################################
 >
 > -LIBOPENSSL_VERSION = 1.1.1u
 > +LIBOPENSSL_VERSION = 3.0.9
 >  LIBOPENSSL_SITE = https://www.openssl.org/source
 >  LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 >  LIBOPENSSL_LICENSE = OpenSSL or SSLeay
 >  LIBOPENSSL_LICENSE_FILES = LICENSE

Update LIBOPENSSL_LICENSE and LIBOPENSSL_LICENSE_FILES.

Regards,
Konrad Gräfe

PS: Sorry for reposting. I did not know I need to subscribe to the list 
in order to post.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20230714/42d73a75/attachment-0001.asc>

More information about the buildroot mailing list