[Feature][ZXW-285]merge P56U05 version
Only Configure: No
Affected branch: master
Affected module: unknow
Is it affected on both ZXIC and MTK: only ZXIC
Self-test: Yes
Doc Update: No
Change-Id: Ied657102425a179a89ef41847170152e8a5d437c
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_4Gb.conf b/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_4Gb.conf
index b99813f..bd1da84 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_4Gb.conf
+++ b/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_4Gb.conf
@@ -14,6 +14,7 @@
PREFERRED_PROVIDER_virtual/kernel = "linux-zxic"
PREFERRED_VERSION_linux-zxic = "5.10.156"
PREFERRED_VERSION_busybox = "1.33.1"
+#PREFERRED_VERSION_openssl = "1.1.1l"
TCLIBC = "glibc"
VIRTUAL-RUNTIME_dev_manager = "busybox-mdev"
@@ -138,6 +139,9 @@
CONFIG_TEL_API_SUPPORT = "BL"
CUSTOM_MACRO += "${@bb.utils.contains('CONFIG_TEL_API_SUPPORT', 'BL', '-D_USE_BL', '', d)}"
+#多媒体编解码库支持类型"FFMPEG","NONE"
+CONFIG_MSMSVR_CODEC_TYPE = "NONE"
+CUSTOM_MACRO += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', '-D_USE_FFMPEG', '', d)}"
# app and libs 配置
#normal的版本应用及库
@@ -252,6 +256,7 @@
vo-amrwbenc \
ffmpeg \
"
+meta_app_open += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', 'fdk-aac-master opencore-amr vo-amrwbenc ffmpeg', '', d)}"
#normal的版本应用及库
zxic_app += "\
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_ref.conf b/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_ref.conf
index 79b141c..5c79bd2 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_ref.conf
+++ b/cap/zx297520v3/sources/meta-zxic-custom/conf/distro/vehicle_dc_ref.conf
@@ -14,6 +14,7 @@
PREFERRED_PROVIDER_virtual/kernel = "linux-zxic"
PREFERRED_VERSION_linux-zxic = "5.10.156"
PREFERRED_VERSION_busybox = "1.33.1"
+#PREFERRED_VERSION_openssl = "1.1.1l"
TCLIBC = "glibc"
VIRTUAL-RUNTIME_dev_manager = "busybox-mdev"
@@ -157,6 +158,10 @@
DISTRO_FEATURES += " vehicle_dc_ref "
CUSTOM_MACRO += "${@bb.utils.contains('DISTRO_FEATURES', 'vehicle_dc_ref', '-D_USE_VEHICLE_DC_REF', '', d)}"
+#多媒体编解码库支持类型"FFMPEG","NONE"
+CONFIG_MSMSVR_CODEC_TYPE = "NONE"
+CUSTOM_MACRO += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', '-D_USE_FFMPEG', '', d)}"
+
# app and libs 配置
#normal的版本应用及库
zxic_lib += "\
@@ -180,6 +185,7 @@
libbinder \
libflags \
libmsmsvr \
+ libscrtc \
liblynq-uci \
liblynq-shm \
liblynq-log \
@@ -278,6 +284,7 @@
service-test \
i2cslavetest \
fota-auto-sync \
+ softap-demo \
lynq-ril-service \
lynq-sdk-ready \
lynq-led-demo \
@@ -341,6 +348,7 @@
python3 \
lrzsz \
"
+meta_app_open += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', 'fdk-aac-master opencore-amr vo-amrwbenc ffmpeg', '', d)}"
#normal的版本应用及库
zxic_app += "\
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/mdl/fs/normal/rootfs/etc_ro/default/default_parameter_sys b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/mdl/fs/normal/rootfs/etc_ro/default/default_parameter_sys
index 1c83464..aa28c29 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/mdl/fs/normal/rootfs/etc_ro/default/default_parameter_sys
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/mdl/fs/normal/rootfs/etc_ro/default/default_parameter_sys
@@ -408,11 +408,12 @@
G_IMS_CMGF=0
ECALL_MTTEST=0
POWER_CONTROL=0
-NOT_KEEP_TCP_CONN=0
+NOT_KEEP_TCP_CONN=1
T3396_SUPPORT=0
T3396_CAUSE_REASON=8,27,32,33
T3396_DURATION=720
T3396_COUNTS=3
ECALL_T2_TIMER=3600
NGECALL_FORTEST=0
+CUSTOMER_FLAG=0
#for volte end
\ No newline at end of file
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_sys b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_sys
index f592b7f..636cedd 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_sys
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_sys
@@ -430,13 +430,14 @@
G_IMS_CMGF=0
ECALL_MTTEST=0
POWER_CONTROL=0
-NOT_KEEP_TCP_CONN=0
+NOT_KEEP_TCP_CONN=1
T3396_SUPPORT=0
T3396_CAUSE_REASON=8,27,32,33
T3396_DURATION=720
T3396_COUNTS=3
ECALL_T2_TIMER=3600
NGECALL_FORTEST=0
+CUSTOMER_FLAG=0
#for volte end
DEBUG_INFO_DISABLE=0
DEBUG_INFO_FILE_PATH=/mnt/userdata
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_user b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_user
index 8248a6e..7839262 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_user
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc/fs/normal/rootfs/etc_ro/default/default_parameter_user
@@ -107,6 +107,7 @@
ethwan_priority=3
fast_usb=usblan0
fastnat_level=2
+fastbr_level=1
IPPortFilterEnable=0
IPPortFilterRules_0=
IPPortFilterRules_1=
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc/init.d/first.sh b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc/init.d/first.sh
index ef09932..da06b17 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc/init.d/first.sh
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc/init.d/first.sh
@@ -59,4 +59,5 @@
ifconfig lo 127.0.0.1 up
echo 2 > /proc/sys/kernel/randomize_va_space
+echo 2 > /proc/sys/kernel/kptr_restrict
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_sys b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_sys
index 7cecd03..57c1ad7 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_sys
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_sys
@@ -430,13 +430,14 @@
G_IMS_CMGF=0
ECALL_MTTEST=0
POWER_CONTROL=0
-NOT_KEEP_TCP_CONN=0
+NOT_KEEP_TCP_CONN=1
T3396_SUPPORT=0
T3396_CAUSE_REASON=8,27,32,33
T3396_DURATION=720
T3396_COUNTS=3
ECALL_T2_TIMER=3600
NGECALL_FORTEST=0
+CUSTOMER_FLAG=0
#for volte end
DEBUG_INFO_DISABLE=0
DEBUG_INFO_FILE_PATH=/mnt/userdata
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_user b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_user
index 954b3a0..dc03706 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_user
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/etc_ro/default/default_parameter_user
@@ -107,6 +107,7 @@
ethwan_priority=3
fast_usb=usblan0
fastnat_level=2
+fastbr_level=1
IPPortFilterEnable=0
IPPortFilterRules_0=
IPPortFilterRules_1=
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/oem_zxic_verify_3 b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/oem_zxic_verify_3
new file mode 100755
index 0000000..3c43ccf
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/oem_zxic_verify_3
Binary files differ
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/ubi_mount.sh b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/ubi_mount.sh
index b2b967f..9e79e6a 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/ubi_mount.sh
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_4Gb/fs/normal/rootfs/sbin/ubi_mount.sh
@@ -17,14 +17,17 @@
fs_type=$4
fi
+secboot=$(cat /proc/cmdline | grep "pubkeyhash=")
+sestatus=$(sestatus | grep "SELinux status" | awk '{print $NF}')
+
if [ x"$UBI_MNT_OPT" = x"" ]; then
UBI_MNT_OPT=rw,noatime
fi
if [ x"$fs_type" = x"squashfs" ]; then
- if [ -d "/etc/selinux" ];then
- UBI_MNT_OPT=ro,defcontext=system_u:object_r:default_t:s0
+ if [ x"$sestatus" = x"enabled" ]; then
+ UBI_MNT_OPT=ro,defcontext=system_u:object_r:default_t:s0
else
- UBI_MNT_OPT=ro
+ UBI_MNT_OPT=ro
fi
fi
echo "mount_point:$mount_point"
@@ -100,10 +103,14 @@
fi
if [ $fs_type = "squashfs" ]; then
- if [ -f /etc_ro/dm-verity ]; then
+ if [[ "$secboot" != "" ]]; then
zxic_parse_squashfs_verity /dev/$g_ubiblock_dev /tmp/sign /tmp/raw_table /tmp/hash_tree_offset
#openssl dgst -sha256 -verify /etc_ro/dm-verity-pub.pem -signature /tmp/sign /tmp/raw_table
- oem_zxic_verify -s /tmp/sign -f /tmp/raw_table
+ if [ -f /usr/lib/libcrypto.so.3 ]; then
+ oem_zxic_verify_3 -s /tmp/sign -f /tmp/raw_table
+ else
+ oem_zxic_verify -s /tmp/sign -f /tmp/raw_table
+ fi
if [ $? -ne 0 ]; then
echo "dm-verity sign verify fail"
exit 1
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc/init.d/first.sh b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc/init.d/first.sh
index 977f4c5..b3dc7dd 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc/init.d/first.sh
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc/init.d/first.sh
@@ -63,4 +63,5 @@
ifconfig lo 127.0.0.1 up
echo 2 > /proc/sys/kernel/randomize_va_space
+echo 2 > /proc/sys/kernel/kptr_restrict
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_sys b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_sys
index 6bf0dba..a304f5f 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_sys
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_sys
@@ -440,13 +440,14 @@
G_IMS_CMGF=0
ECALL_MTTEST=0
POWER_CONTROL=0
-NOT_KEEP_TCP_CONN=0
+NOT_KEEP_TCP_CONN=1
T3396_SUPPORT=0
T3396_CAUSE_REASON=8,27,32,33
T3396_DURATION=720
T3396_COUNTS=3
ECALL_T2_TIMER=3600
NGECALL_FORTEST=0
+CUSTOMER_FLAG=0
#for volte end
DEBUG_INFO_DISABLE=0
DEBUG_INFO_FILE_PATH=/mnt/userdata
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_user b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_user
index af42ce7..90a1d43 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_user
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/etc_ro/default/default_parameter_user
@@ -109,6 +109,7 @@
ethwan_priority=3
fast_usb=usblan0
fastnat_level=2
+fastbr_level=1
IPPortFilterEnable=0
IPPortFilterRules_0=
IPPortFilterRules_1=
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/oem_zxic_verify_3 b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/oem_zxic_verify_3
new file mode 100755
index 0000000..3c43ccf
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/oem_zxic_verify_3
Binary files differ
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/ubi_mount.sh b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/ubi_mount.sh
index a1c329d..9e79e6a 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/ubi_mount.sh
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_ref/fs/normal/rootfs/sbin/ubi_mount.sh
@@ -106,7 +106,11 @@
if [[ "$secboot" != "" ]]; then
zxic_parse_squashfs_verity /dev/$g_ubiblock_dev /tmp/sign /tmp/raw_table /tmp/hash_tree_offset
#openssl dgst -sha256 -verify /etc_ro/dm-verity-pub.pem -signature /tmp/sign /tmp/raw_table
- oem_zxic_verify -s /tmp/sign -f /tmp/raw_table
+ if [ -f /usr/lib/libcrypto.so.3 ]; then
+ oem_zxic_verify_3 -s /tmp/sign -f /tmp/raw_table
+ else
+ oem_zxic_verify -s /tmp/sign -f /tmp/raw_table
+ fi
if [ $? -ne 0 ]; then
echo "dm-verity sign verify fail"
exit 1
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_sys b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_sys
index 7cecd03..57c1ad7 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_sys
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_sys
@@ -430,13 +430,14 @@
G_IMS_CMGF=0
ECALL_MTTEST=0
POWER_CONTROL=0
-NOT_KEEP_TCP_CONN=0
+NOT_KEEP_TCP_CONN=1
T3396_SUPPORT=0
T3396_CAUSE_REASON=8,27,32,33
T3396_DURATION=720
T3396_COUNTS=3
ECALL_T2_TIMER=3600
NGECALL_FORTEST=0
+CUSTOMER_FLAG=0
#for volte end
DEBUG_INFO_DISABLE=0
DEBUG_INFO_FILE_PATH=/mnt/userdata
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_user b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_user
index d1d4125..3fbb096 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_user
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/etc_ro/default/default_parameter_user
@@ -107,6 +107,7 @@
ethwan_priority=3
fast_usb=usblan0
fastnat_level=2
+fastbr_level=1
IPPortFilterEnable=0
IPPortFilterRules_0=
IPPortFilterRules_1=
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/oem_zxic_verify_3 b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/oem_zxic_verify_3
new file mode 100755
index 0000000..3c43ccf
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/oem_zxic_verify_3
Binary files differ
diff --git a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/ubi_mount.sh b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/ubi_mount.sh
index b2b967f..9e79e6a 100755
--- a/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/ubi_mount.sh
+++ b/cap/zx297520v3/sources/meta-zxic-custom/recipes-core/images/files/zx297520v3/vehicle_dc_systemd/fs/normal/rootfs/sbin/ubi_mount.sh
@@ -17,14 +17,17 @@
fs_type=$4
fi
+secboot=$(cat /proc/cmdline | grep "pubkeyhash=")
+sestatus=$(sestatus | grep "SELinux status" | awk '{print $NF}')
+
if [ x"$UBI_MNT_OPT" = x"" ]; then
UBI_MNT_OPT=rw,noatime
fi
if [ x"$fs_type" = x"squashfs" ]; then
- if [ -d "/etc/selinux" ];then
- UBI_MNT_OPT=ro,defcontext=system_u:object_r:default_t:s0
+ if [ x"$sestatus" = x"enabled" ]; then
+ UBI_MNT_OPT=ro,defcontext=system_u:object_r:default_t:s0
else
- UBI_MNT_OPT=ro
+ UBI_MNT_OPT=ro
fi
fi
echo "mount_point:$mount_point"
@@ -100,10 +103,14 @@
fi
if [ $fs_type = "squashfs" ]; then
- if [ -f /etc_ro/dm-verity ]; then
+ if [[ "$secboot" != "" ]]; then
zxic_parse_squashfs_verity /dev/$g_ubiblock_dev /tmp/sign /tmp/raw_table /tmp/hash_tree_offset
#openssl dgst -sha256 -verify /etc_ro/dm-verity-pub.pem -signature /tmp/sign /tmp/raw_table
- oem_zxic_verify -s /tmp/sign -f /tmp/raw_table
+ if [ -f /usr/lib/libcrypto.so.3 ]; then
+ oem_zxic_verify_3 -s /tmp/sign -f /tmp/raw_table
+ else
+ oem_zxic_verify -s /tmp/sign -f /tmp/raw_table
+ fi
if [ $? -ne 0 ]; then
echo "dm-verity sign verify fail"
exit 1
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb
index 48e68f8..6575494 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "adctest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb
old mode 100644
new mode 100755
index e11b648..8ff57ae
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb
@@ -1,5 +1,5 @@
DESCRIPTION = "bsp_test"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb
index 394ba90..2a0278c 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "crc-api"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb
old mode 100644
new mode 100755
index 64930c6..1f0fe73
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "ethtest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb
index 9161b90..0720d04 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "i2cslavetest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb
old mode 100644
new mode 100755
index 3a2c18b..3cf6b95
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "i2ctest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb
index 51336a8..e12662d 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb
@@ -12,6 +12,12 @@
file://libbsp \
"
+
+DEPENDS = "libnvram"
+DEPENDS += " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'volte', 'libvoice', '', d)} \
+ "
+
S = "${WORKDIR}"
#引用公用头文件和编译选项。
include ${BSPDIR}/sources/meta-zxic/conf/app_com.inc
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb
index e593884..614759c 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb
@@ -1,11 +1,13 @@
DESCRIPTION = "libmsmsvr"
-DEPENDS = "libtinyalsa ffmpeg"
+DEPENDS = "libtinyalsa"
SECTION = "lib"
LICENSE = "zte"
PV = "1.0.0"
PR = "r0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
+DEPENDS += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', 'ffmpeg', '', d)}"
+
#配置code路径信息。
FILESEXTRAPATHS_prepend :="${APP-OPEN-PATH}/platform:"
SRC_URI = " \
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb
index fc04350..3d6ef12 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb
@@ -5,7 +5,7 @@
PV = "1.0.0"
PR = "r0"
-DEPENDS += "fdk-aac-master opencore-amr vo-amrwbenc ffmpeg"
+DEPENDS += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', 'fdk-aac-master opencore-amr vo-amrwbenc ffmpeg', '', d)}"
CLASS_COM = " \
${@bb.utils.contains('DISTRO_FEATURES', 'procd', 'openwrt openwrt-services', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
@@ -29,7 +29,7 @@
#编译
do_compile() {
- make -C msm_svr
+ make -C msm_svr CONFIG_MSMSVR_CODEC_TYPE=${CONFIG_MSMSVR_CODEC_TYPE}
}
#库文件的安装
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb
index 9dfff33..4ae8c08 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb
@@ -1,5 +1,5 @@
DESCRIPTION = "player_demo"
-DEPENDS = "libmedia libscipc"
+DEPENDS = "libmedia libscipc libsofttimer libsoftap libnvram"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
@@ -63,4 +63,4 @@
SYSTEMD_SERVICE_${PN} = "player_demo.service"
SYSTEMD_AUTO_ENABLE_${PN} = "disable"
-RDEPENDS_${PN} = " libmedia libscipc"
+RDEPENDS_${PN} = " libmedia libscipc libsofttimer libsoftap libnvram"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo.bb
new file mode 100755
index 0000000..b519bca
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo.bb
@@ -0,0 +1,64 @@
+DESCRIPTION = "softap_demo"
+DEPENDS = "libsoftap libatutils libsofttimer libnvram"
+SECTION = "app"
+LICENSE = "zte"
+PV = "1.0.0"
+PR = "r0"
+
+CLASS_COM = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'procd', 'openwrt openwrt-services', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+"
+inherit ${CLASS_COM}
+
+#配置code路径信息。
+FILESEXTRAPATHS_prepend :="${APP-OPEN-PATH}:"
+SRC_URI = " \
+ file://test/softap_demo \
+ ${@bb.utils.contains("DISTRO_FEATURES", "procd", "file://softap_demo.init","", d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "file://softap_demo.service","", d)} \
+ "
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
+S = "${WORKDIR}"
+S_SRC_PATH = "${S}/test/softap_demo"
+#引用公用头文件和编译选项。
+include ${BSPDIR}/sources/meta-zxic/conf/app_com.inc
+
+#inherit autotools pkgconfig systemd
+
+do_compile() {
+ make -C ${S_SRC_PATH}
+}
+
+do_install () {
+ install -d ${D}${bindir}/
+ install -m 0755 ${S_SRC_PATH}/softap_demo ${D}${bindir}/
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','procd','true','false',d)}; then
+ install -Dm 0755 ${WORKDIR}/softap_demo.init ${D}${sysconfdir}/init.d/softap_demo
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/softap_demo.service ${D}${systemd_unitdir}/system
+ fi
+
+ #install elfs
+ install -d ${ELFS-PATH}/
+ install -m 0755 ${S_SRC_PATH}/softap_demo ${ELFS-PATH}/
+}
+
+do_cleanlibs () {
+ rm -fr ${ELFS-PATH}/softap_demo
+}
+
+addtask cleanlibs after do_clean before do_cleansstate
+
+FILES_${PN} = "\
+ ${bindir}/ \
+ ${@bb.utils.contains("DISTRO_FEATURES", "procd", "${sysconfdir}/init.d/softap_demo","", d)} \
+ "
+SYSTEMD_SERVICE_${PN} = "softap_demo.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "disable"
+
+RDEPENDS_${PN} = " libsoftap libatutils libsofttimer libnvram"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.init b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.init
new file mode 100755
index 0000000..b7d0655
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.init
@@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=18
+STOP=85
+USE_PROCD=1
+
+logger -t softap_demo
+
+start_service() {
+ procd_open_instance
+ procd_set_param command /usr/bin/softap_demo
+ procd_set_param stdout 1 # forward stdout of the command to logd
+ procd_set_param stderr 1 # same for stderr
+ procd_set_param respawn
+ procd_close_instance
+}
+
+stop_service()
+{
+ echo "add clean code"
+}
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.service b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.service
new file mode 100755
index 0000000..8356947
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=The softap_demo service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/softap_demo
+Restart=always
+
+[Install]
+WantedBy=basic.target
+
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb
index 8e0fd39..a92b230 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "spitest"
#nv依赖libnvram库
-DEPENDS += "libbsp"
+DEPENDS += "libnvram libbsp"
SECTION = "spitest"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb
index 3153ce4..dfe0dcf 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "uarttest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/y2038-tests/y2038-tests.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/y2038-tests/y2038-tests.bb
new file mode 100755
index 0000000..ebc0c90
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/y2038-tests/y2038-tests.bb
@@ -0,0 +1,52 @@
+DESCRIPTION = "y2038-tests"
+
+DEPENDS = ""
+SECTION = "app"
+LICENSE = "zte"
+PV = "1.0.0"
+PR = "r0"
+
+CLASS_COM = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'procd', 'openwrt openwrt-services', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+"
+inherit ${CLASS_COM}
+
+FILESEXTRAPATHS_prepend :="${APP-OPEN-PATH}/test:"
+SRC_URI = " \
+ file://y2038-tests \
+ "
+
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
+S = "${WORKDIR}"
+
+include ${BSPDIR}/sources/meta-zxic/conf/app_com.inc
+include ${BSPDIR}/sources/meta-zxic/conf/pub.inc
+CFLAGS_append = "${ZXIC_EXTRA_CFLAGS}"
+
+do_compile() {
+ make -C y2038-tests
+}
+
+
+do_install() {
+ install -d ${D}${bindir}/
+ install -m 0777 ${S}/y2038-tests/test_n2038 ${D}${bindir}/
+ install -m 0777 ${S}/y2038-tests/test_y2038 ${D}${bindir}/
+
+ #install elfs
+ install -d ${ELFS-PATH}/
+ install -m 0755 ${S}/y2038-tests/test_n2038 ${ELFS-PATH}/
+ install -m 0755 ${S}/y2038-tests/test_y2038 ${ELFS-PATH}/
+}
+
+do_cleanlibs () {
+ rm -fr ${ELFS-PATH}/test_n2038
+ rm -fr ${ELFS-PATH}/test_y2038
+}
+
+addtask cleanlibs after do_clean before do_cleansstate
+
+FILES_${PN} = "\
+ ${bindir}/ \
+ "
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig b/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig
index c8727c1..928650f 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig
@@ -1390,7 +1390,6 @@
# CONFIG_VITESSE_PHY is not set
# CONFIG_XILINX_GMII2RGMII is not set
# CONFIG_MICREL_KS8995MA is not set
-CONFIG_JLSEMI_PHY=y
CONFIG_MDIO_DEVICE=y
CONFIG_MDIO_BUS=y
CONFIG_OF_MDIO=y
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq/CVE-2023-28450.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq/CVE-2023-28450.patch
new file mode 100755
index 0000000..704f59f
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq/CVE-2023-28450.patch
@@ -0,0 +1,41 @@
+From 4be6cd5e821aa622c7bd4af87618b7518871b3f2 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?=E5=91=A8=E5=9B=BD=E5=9D=A1=200318000136?=
+ <zhou.guopo@sanechips.com.cn>
+Date: Mon, 29 Apr 2024 09:08:26 +0800
+Subject: [PATCH] CVE-2023-28450
+
+---
+ man/dnsmasq.8 | 3 ++-
+ src/config.h | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 2495ed1..5c7e4d3 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP.
+ .TP
+ .B \-P, --edns-packet-max=<size>
+ Specify the largest EDNS.0 UDP packet which is supported by the DNS
+-forwarder. Defaults to 4096, which is the RFC5625-recommended size.
++forwarder. Defaults to 1232, which is the recommended size following the
++DNS flag day in 2020. Only increase if you know what you are doing.
+ .TP
+ .B \-Q, --query-port=<query_port>
+ Send outbound DNS queries from, and listen for their replies on, the
+diff --git a/src/config.h b/src/config.h
+index 1e7b30f..37b374e 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -19,7 +19,7 @@
+ #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
+ #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
+ #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
+-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
++#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
+ #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
+ #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
+ #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
+--
+2.17.1
+
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb
old mode 100644
new mode 100755
index f17001d..ffcccd3
--- a/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb
@@ -4,5 +4,6 @@
SRC_URI[dnsmasq-2.88.sha256sum] = "da9d26aa3f3fc15f3b58b94edbb9ddf744cbce487194ea480bd8e7381b3ca028"
SRC_URI += " \
file://lua.patch \
+ file://CVE-2023-28450.patch \
"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/files/environment.d-openssl.sh b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/files/environment.d-openssl.sh
new file mode 100755
index 0000000..6f23490
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/files/environment.d-openssl.sh
@@ -0,0 +1,5 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
+export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
+export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
+export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
+export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
new file mode 100755
index 0000000..af43547
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -0,0 +1,36 @@
+From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 14 Sep 2021 12:18:25 +0200
+Subject: [PATCH] Configure: do not tweak mips cflags
+
+This conflicts with mips machine definitons from yocto,
+e.g.
+| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Configure | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+Index: openssl-3.0.4/Configure
+===================================================================
+--- openssl-3.0.4.orig/Configure
++++ openssl-3.0.4/Configure
+@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC}
+ push @{$config{shared_ldflag}}, "-mno-cygwin";
+ }
+
+-if ($target =~ /linux.*-mips/ && !$disabled{asm}
+- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+- # minimally required architecture flags for assembly modules
+- my $value;
+- $value = '-mips2' if ($target =~ /mips32/);
+- $value = '-mips3' if ($target =~ /mips64/);
+- unshift @{$config{cflags}}, $value;
+- unshift @{$config{cxxflags}}, $value if $config{CXX};
+-}
+-
+ # If threads aren't disabled, check how possible they are
+ unless ($disabled{threads}) {
+ if ($auto_threads) {
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
new file mode 100755
index 0000000..bafdbaa
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -0,0 +1,78 @@
+From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
+Date: Tue, 6 Nov 2018 14:50:47 +0100
+Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
+ info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The openssl build system generates buildinf.h containing the full
+compiler command line used to compile objects. This breaks
+reproducibility, as the compile command is baked into libcrypto, where
+it is used when running `openssl version -f`.
+
+Add stripped build variables for the compiler and cflags lines, and use
+those when generating buildinfo.h.
+
+This is based on a similar patch for older openssl versions:
+https://patchwork.openembedded.org/patch/147229/
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Update to fix buildpaths qa issue for '-ffile-prefix-map'.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Configurations/unix-Makefile.tmpl | 12 +++++++++++-
+ crypto/build.info | 2 +-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
+===================================================================
+--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
++++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
+@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
+ '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+ BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+
+-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
++# *_Q variables are used for one thing only: to build up buildinf.h
+ CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
+ $cppflags2 =~ s|([\\"])|\\$1|g;
+ $lib_cppflags =~ s|([\\"])|\\$1|g;
+ join(' ', $lib_cppflags || (), $cppflags2 || (),
+ $cppflags1 || ()) -}
+
++CFLAGS_Q={- for (@{$config{CFLAGS}}) {
++ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
++ }
++ join(' ', @{$config{CFLAGS}}) -}
++
++CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
++ join(' ', $config{CC}) -}
++
+ PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+ # For x86 assembler: Set PROCESSOR to 386 if you want to support
+Index: openssl-3.0.4/crypto/build.info
+===================================================================
+--- openssl-3.0.4.orig/crypto/build.info
++++ openssl-3.0.4/crypto/build.info
+@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
+
+ DEPEND[info.o]=buildinf.h
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
+
+ GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
+ GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/CVE-2024-2511.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/CVE-2024-2511.patch
new file mode 100755
index 0000000..8aea686
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/CVE-2024-2511.patch
@@ -0,0 +1,122 @@
+From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2024 15:43:53 +0000
+Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
+
+In TLSv1.3 we create a new session object for each ticket that we send.
+We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
+use then the new session will be added to the session cache. However, if
+early data is not in use (and therefore anti-replay protection is being
+used), then multiple threads could be resuming from the same session
+simultaneously. If this happens and a problem occurs on one of the threads,
+then the original session object could be marked as not_resumable. When we
+duplicate the session object this not_resumable status gets copied into the
+new session object. The new session object is then added to the session
+cache even though it is not_resumable.
+
+Subsequently, another bug means that the session_id_length is set to 0 for
+sessions that are marked as not_resumable - even though that session is
+still in the cache. Once this happens the session can never be removed from
+the cache. When that object gets to be the session cache tail object the
+cache never shrinks again and grows indefinitely.
+
+CVE-2024-2511
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24044)
+
+(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce)
+
+CVE: CVE-2024-2511
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ssl/ssl_lib.c | 5 +++--
+ ssl/ssl_sess.c | 28 ++++++++++++++++++++++------
+ ssl/statem/statem_srvr.c | 5 ++---
+ 3 files changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 2c8479eb5fc69..eed649c6fdee9 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode)
+
+ /*
+ * If the session_id_length is 0, we are not supposed to cache it, and it
+- * would be rather hard to do anyway :-)
++ * would be rather hard to do anyway :-). Also if the session has already
++ * been marked as not_resumable we should not cache it for later reuse.
+ */
+- if (s->session->session_id_length == 0)
++ if (s->session->session_id_length == 0 || s->session->not_resumable)
+ return;
+
+ /*
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index d836b33ed0e81..75adbd9e52b40 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void)
+ return ss;
+ }
+
+-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+-{
+- return ssl_session_dup(src, 1);
+-}
+-
+ /*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
+ {
+ SSL_SESSION *dest;
+
+@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+ return NULL;
+ }
+
++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
++{
++ return ssl_session_dup_intern(src, 1);
++}
++
++/*
++ * Used internally when duplicating a session which might be already shared.
++ * We will have resumed the original session. Subsequently we might have marked
++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
++ * resume from.
++ */
++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++{
++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
++
++ if (sess != NULL)
++ sess->not_resumable = 0;
++
++ return sess;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+ if (len)
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index a9e67f9d32a77..6c942e6bcec29 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+ * so the following won't overwrite an ID that we're supposed
+ * to send back.
+ */
+- if (s->session->not_resumable ||
+- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+- && !s->hit))
++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
++ && !s->hit)
+ s->session->session_id_length = 0;
+
+ if (usetls13) {
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/afalg.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/afalg.patch
new file mode 100755
index 0000000..cf77e87
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Index: openssl-3.0.4/Configure
+===================================================================
+--- openssl-3.0.4.orig/Configure
++++ openssl-3.0.4/Configure
+@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
+ unless ($disabled{afalgeng}) {
+ $config{afalgeng}="";
+ if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+- my $minver = 4*10000 + 1*100 + 0;
+- if ($config{CROSS_COMPILE} eq "") {
+- my $verstr = `uname -r`;
+- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+- ($mi2) = $mi2 =~ /(\d+)/;
+- my $ver = $ma*10000 + $mi1*100 + $mi2;
+- if ($ver < $minver) {
+- disable('too-old-kernel', 'afalgeng');
+- } else {
+- push @{$config{engdirs}}, "afalg";
+- }
+- } else {
+- disable('cross-compiling', 'afalgeng');
+- }
++ push @{$config{engdirs}}, "afalg";
+ } else {
+ disable('not-linux', 'afalgeng');
+ }
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/run-ptest b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/run-ptest
new file mode 100755
index 0000000..8dff791
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/run-ptest
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+# Optional arguments are 'list' to lists all tests, or the test name (base name
+# ie test_evp, not 03_test_evp.t).
+
+export TOP=.
+# OPENSSL_ENGINES is relative from the test binaries
+export OPENSSL_ENGINES=../engines
+
+perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl%.bbappend b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_1.1.1%.bbappend
old mode 100644
new mode 100755
similarity index 97%
rename from cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl%.bbappend
rename to cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_1.1.1%.bbappend
index fc1a393..ec95ab5
--- a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl%.bbappend
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_1.1.1%.bbappend
@@ -1,2 +1,3 @@
EXTRA_OECONF_append = " no-zlib no-zlib-dynamic "
+
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_3.0.13.bb b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_3.0.13.bb
new file mode 100755
index 0000000..98ecc63
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_3.0.13.bb
@@ -0,0 +1,264 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://afalg.patch \
+ file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2024-2511.patch \
+ "
+
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[sha256sum] = "88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313"
+
+inherit lib_package multilib_header multilib_script ptest perlnative
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG:class-native = ""
+PACKAGECONFIG:class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+PACKAGECONFIG[no-tls1] = "no-tls1"
+PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF:append:libc-musl = " no-async"
+EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
+
+EXTRA_OECONF:append = " no-zlib no-zlib-dynamic "
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+# This allows disabling deprecated or undesirable crypto algorithms.
+# The default is to trust upstream choices.
+DEPRECATED_CRYPTO_FLAGS ?= ""
+
+do_configure () {
+ # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
+ # the issue really clear that perl isn't functional due to symbol mismatch issues.
+ cat <<- EOF > ${WORKDIR}/perltest
+ #!/usr/bin/env perl
+ use POSIX;
+ EOF
+ chmod a+x ${WORKDIR}/perltest
+ ${WORKDIR}/perltest
+
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arc | linux-microblaze*)
+ target=linux-latomic
+ ;;
+ linux-arm*)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-i?86 | linux-viac3)
+ target=linux-x86
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips | linux-mipsel)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-powerpc64le)
+ target=linux-ppc64le
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-sparc | linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ mingw32-x86_64)
+ target=mingw64
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
+ test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+ oe_multilib_header openssl/opensslconf.h
+ oe_multilib_header openssl/configuration.h
+
+ # Create SSL structure for packages such as ca-certificates which
+ # contain hard-coded paths to /etc/ssl. Debian does the same.
+ install -d ${D}${sysconfdir}/ssl
+ mv ${D}${libdir}/ssl-3/certs \
+ ${D}${libdir}/ssl-3/private \
+ ${D}${libdir}/ssl-3/openssl.cnf \
+ ${D}${sysconfdir}/ssl/
+
+ # Although absolute symlinks would be OK for the target, they become
+ # invalid if native or nativesdk are relocated from sstate.
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
+}
+
+do_install:append:class-native () {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-3/certs \
+ SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-3 \
+ OPENSSL_MODULES=${libdir}/ossl-modules
+}
+
+do_install:append:class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+ install -d ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
+
+ # Prune the build tree
+ rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+ cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
+ cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+ # For test_shlibload
+ ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+ install -d ${D}${PTEST_PATH}/apps
+ ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+ install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+ install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+
+ install -d ${D}${PTEST_PATH}/providers
+ install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
+
+ install -d ${D}${PTEST_PATH}/Configurations
+ cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
+
+ # seems to be needed with perl 5.32.1
+ install -d ${D}${PTEST_PATH}/util/perl/recipes
+ cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
+
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy"
+
+FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES:libssl = "${libdir}/libssl${SOLIBS}"
+FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+ ${libdir}/ssl-3/openssl.cnf* \
+ "
+FILES:${PN}-engines = "${libdir}/engines-3"
+# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
+FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
+FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
+FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
+FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
+RDEPENDS:${PN}-misc = "perl"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
+
+RDEPENDS:${PN}-bin += "openssl-conf"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+CVE_VERSION_SUFFIX = "alphabetical"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_IGNORE += "CVE-2019-0190"