[Feature][ZXW-285]merge P56U05 version
Only Configure: No
Affected branch: master
Affected module: unknow
Is it affected on both ZXIC and MTK: only ZXIC
Self-test: Yes
Doc Update: No
Change-Id: Ied657102425a179a89ef41847170152e8a5d437c
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb
index 48e68f8..6575494 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/adctest/adctest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "adctest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb
old mode 100644
new mode 100755
index e11b648..8ff57ae
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/bsp-test/bsp-test.bb
@@ -1,5 +1,5 @@
DESCRIPTION = "bsp_test"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb
index 394ba90..2a0278c 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/crc-api/crc-api.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "crc-api"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb
old mode 100644
new mode 100755
index 64930c6..1f0fe73
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/ethtest/ethtest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "ethtest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb
index 9161b90..0720d04 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2cslavetest/i2cslavetest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "i2cslavetest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb
old mode 100644
new mode 100755
index 3a2c18b..3cf6b95
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/i2ctest/i2ctest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "i2ctest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb
index 51336a8..e12662d 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/libbsp/libbsp.bb
@@ -12,6 +12,12 @@
file://libbsp \
"
+
+DEPENDS = "libnvram"
+DEPENDS += " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'volte', 'libvoice', '', d)} \
+ "
+
S = "${WORKDIR}"
#引用公用头文件和编译选项。
include ${BSPDIR}/sources/meta-zxic/conf/app_com.inc
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb
index e593884..614759c 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/libmsmsvr/libmsmsvr.bb
@@ -1,11 +1,13 @@
DESCRIPTION = "libmsmsvr"
-DEPENDS = "libtinyalsa ffmpeg"
+DEPENDS = "libtinyalsa"
SECTION = "lib"
LICENSE = "zte"
PV = "1.0.0"
PR = "r0"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
+DEPENDS += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', 'ffmpeg', '', d)}"
+
#配置code路径信息。
FILESEXTRAPATHS_prepend :="${APP-OPEN-PATH}/platform:"
SRC_URI = " \
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb
index fc04350..3d6ef12 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/msm-svr/msm-svr.bb
@@ -5,7 +5,7 @@
PV = "1.0.0"
PR = "r0"
-DEPENDS += "fdk-aac-master opencore-amr vo-amrwbenc ffmpeg"
+DEPENDS += "${@bb.utils.contains('CONFIG_MSMSVR_CODEC_TYPE', 'FFMPEG', 'fdk-aac-master opencore-amr vo-amrwbenc ffmpeg', '', d)}"
CLASS_COM = " \
${@bb.utils.contains('DISTRO_FEATURES', 'procd', 'openwrt openwrt-services', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
@@ -29,7 +29,7 @@
#编译
do_compile() {
- make -C msm_svr
+ make -C msm_svr CONFIG_MSMSVR_CODEC_TYPE=${CONFIG_MSMSVR_CODEC_TYPE}
}
#库文件的安装
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb
index 9dfff33..4ae8c08 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/player-demo/player-demo.bb
@@ -1,5 +1,5 @@
DESCRIPTION = "player_demo"
-DEPENDS = "libmedia libscipc"
+DEPENDS = "libmedia libscipc libsofttimer libsoftap libnvram"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
@@ -63,4 +63,4 @@
SYSTEMD_SERVICE_${PN} = "player_demo.service"
SYSTEMD_AUTO_ENABLE_${PN} = "disable"
-RDEPENDS_${PN} = " libmedia libscipc"
+RDEPENDS_${PN} = " libmedia libscipc libsofttimer libsoftap libnvram"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo.bb
new file mode 100755
index 0000000..b519bca
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo.bb
@@ -0,0 +1,64 @@
+DESCRIPTION = "softap_demo"
+DEPENDS = "libsoftap libatutils libsofttimer libnvram"
+SECTION = "app"
+LICENSE = "zte"
+PV = "1.0.0"
+PR = "r0"
+
+CLASS_COM = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'procd', 'openwrt openwrt-services', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+"
+inherit ${CLASS_COM}
+
+#配置code路径信息。
+FILESEXTRAPATHS_prepend :="${APP-OPEN-PATH}:"
+SRC_URI = " \
+ file://test/softap_demo \
+ ${@bb.utils.contains("DISTRO_FEATURES", "procd", "file://softap_demo.init","", d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "systemd", "file://softap_demo.service","", d)} \
+ "
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
+S = "${WORKDIR}"
+S_SRC_PATH = "${S}/test/softap_demo"
+#引用公用头文件和编译选项。
+include ${BSPDIR}/sources/meta-zxic/conf/app_com.inc
+
+#inherit autotools pkgconfig systemd
+
+do_compile() {
+ make -C ${S_SRC_PATH}
+}
+
+do_install () {
+ install -d ${D}${bindir}/
+ install -m 0755 ${S_SRC_PATH}/softap_demo ${D}${bindir}/
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','procd','true','false',d)}; then
+ install -Dm 0755 ${WORKDIR}/softap_demo.init ${D}${sysconfdir}/init.d/softap_demo
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/softap_demo.service ${D}${systemd_unitdir}/system
+ fi
+
+ #install elfs
+ install -d ${ELFS-PATH}/
+ install -m 0755 ${S_SRC_PATH}/softap_demo ${ELFS-PATH}/
+}
+
+do_cleanlibs () {
+ rm -fr ${ELFS-PATH}/softap_demo
+}
+
+addtask cleanlibs after do_clean before do_cleansstate
+
+FILES_${PN} = "\
+ ${bindir}/ \
+ ${@bb.utils.contains("DISTRO_FEATURES", "procd", "${sysconfdir}/init.d/softap_demo","", d)} \
+ "
+SYSTEMD_SERVICE_${PN} = "softap_demo.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "disable"
+
+RDEPENDS_${PN} = " libsoftap libatutils libsofttimer libnvram"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.init b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.init
new file mode 100755
index 0000000..b7d0655
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.init
@@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=18
+STOP=85
+USE_PROCD=1
+
+logger -t softap_demo
+
+start_service() {
+ procd_open_instance
+ procd_set_param command /usr/bin/softap_demo
+ procd_set_param stdout 1 # forward stdout of the command to logd
+ procd_set_param stderr 1 # same for stderr
+ procd_set_param respawn
+ procd_close_instance
+}
+
+stop_service()
+{
+ echo "add clean code"
+}
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.service b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.service
new file mode 100755
index 0000000..8356947
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/softap-demo/softap-demo/softap_demo.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=The softap_demo service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/softap_demo
+Restart=always
+
+[Install]
+WantedBy=basic.target
+
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb
index 8e0fd39..a92b230 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/spitest/spitest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "spitest"
#nv依赖libnvram库
-DEPENDS += "libbsp"
+DEPENDS += "libnvram libbsp"
SECTION = "spitest"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb
index 3153ce4..dfe0dcf 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/uarttest/uarttest.bb
@@ -1,6 +1,6 @@
DESCRIPTION = "uarttest"
-DEPENDS = "libbsp"
+DEPENDS = "libnvram libbsp"
SECTION = "app"
LICENSE = "zte"
PV = "1.0.0"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-app/y2038-tests/y2038-tests.bb b/cap/zx297520v3/sources/meta-zxic/recipes-app/y2038-tests/y2038-tests.bb
new file mode 100755
index 0000000..ebc0c90
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-app/y2038-tests/y2038-tests.bb
@@ -0,0 +1,52 @@
+DESCRIPTION = "y2038-tests"
+
+DEPENDS = ""
+SECTION = "app"
+LICENSE = "zte"
+PV = "1.0.0"
+PR = "r0"
+
+CLASS_COM = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'procd', 'openwrt openwrt-services', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+"
+inherit ${CLASS_COM}
+
+FILESEXTRAPATHS_prepend :="${APP-OPEN-PATH}/test:"
+SRC_URI = " \
+ file://y2038-tests \
+ "
+
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/zte;md5=c075689d1d1e06d4ab5bbe53623a6808"
+S = "${WORKDIR}"
+
+include ${BSPDIR}/sources/meta-zxic/conf/app_com.inc
+include ${BSPDIR}/sources/meta-zxic/conf/pub.inc
+CFLAGS_append = "${ZXIC_EXTRA_CFLAGS}"
+
+do_compile() {
+ make -C y2038-tests
+}
+
+
+do_install() {
+ install -d ${D}${bindir}/
+ install -m 0777 ${S}/y2038-tests/test_n2038 ${D}${bindir}/
+ install -m 0777 ${S}/y2038-tests/test_y2038 ${D}${bindir}/
+
+ #install elfs
+ install -d ${ELFS-PATH}/
+ install -m 0755 ${S}/y2038-tests/test_n2038 ${ELFS-PATH}/
+ install -m 0755 ${S}/y2038-tests/test_y2038 ${ELFS-PATH}/
+}
+
+do_cleanlibs () {
+ rm -fr ${ELFS-PATH}/test_n2038
+ rm -fr ${ELFS-PATH}/test_y2038
+}
+
+addtask cleanlibs after do_clean before do_cleansstate
+
+FILES_${PN} = "\
+ ${bindir}/ \
+ "
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig b/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig
index c8727c1..928650f 100755
--- a/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-kernel/linux/files/zx297520v3/linux-5_10-vehicle_dc-normal-defconfig
@@ -1390,7 +1390,6 @@
# CONFIG_VITESSE_PHY is not set
# CONFIG_XILINX_GMII2RGMII is not set
# CONFIG_MICREL_KS8995MA is not set
-CONFIG_JLSEMI_PHY=y
CONFIG_MDIO_DEVICE=y
CONFIG_MDIO_BUS=y
CONFIG_OF_MDIO=y
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq/CVE-2023-28450.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq/CVE-2023-28450.patch
new file mode 100755
index 0000000..704f59f
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq/CVE-2023-28450.patch
@@ -0,0 +1,41 @@
+From 4be6cd5e821aa622c7bd4af87618b7518871b3f2 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?=E5=91=A8=E5=9B=BD=E5=9D=A1=200318000136?=
+ <zhou.guopo@sanechips.com.cn>
+Date: Mon, 29 Apr 2024 09:08:26 +0800
+Subject: [PATCH] CVE-2023-28450
+
+---
+ man/dnsmasq.8 | 3 ++-
+ src/config.h | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
+index 2495ed1..5c7e4d3 100644
+--- a/man/dnsmasq.8
++++ b/man/dnsmasq.8
+@@ -183,7 +183,8 @@ to zero completely disables DNS function, leaving only DHCP and/or TFTP.
+ .TP
+ .B \-P, --edns-packet-max=<size>
+ Specify the largest EDNS.0 UDP packet which is supported by the DNS
+-forwarder. Defaults to 4096, which is the RFC5625-recommended size.
++forwarder. Defaults to 1232, which is the recommended size following the
++DNS flag day in 2020. Only increase if you know what you are doing.
+ .TP
+ .B \-Q, --query-port=<query_port>
+ Send outbound DNS queries from, and listen for their replies on, the
+diff --git a/src/config.h b/src/config.h
+index 1e7b30f..37b374e 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -19,7 +19,7 @@
+ #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
+ #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
+ #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
+-#define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
++#define EDNS_PKTSZ 1232 /* default max EDNS.0 UDP packet from from /dnsflagday.net/2020 */
+ #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
+ #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
+ #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
+--
+2.17.1
+
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb
old mode 100644
new mode 100755
index f17001d..ffcccd3
--- a/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/dnsmasq/dnsmasq_2.88.bb
@@ -4,5 +4,6 @@
SRC_URI[dnsmasq-2.88.sha256sum] = "da9d26aa3f3fc15f3b58b94edbb9ddf744cbce487194ea480bd8e7381b3ca028"
SRC_URI += " \
file://lua.patch \
+ file://CVE-2023-28450.patch \
"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/files/environment.d-openssl.sh b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/files/environment.d-openssl.sh
new file mode 100755
index 0000000..6f23490
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/files/environment.d-openssl.sh
@@ -0,0 +1,5 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
+export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
+export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
+export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
+export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
new file mode 100755
index 0000000..af43547
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -0,0 +1,36 @@
+From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 14 Sep 2021 12:18:25 +0200
+Subject: [PATCH] Configure: do not tweak mips cflags
+
+This conflicts with mips machine definitons from yocto,
+e.g.
+| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Configure | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+Index: openssl-3.0.4/Configure
+===================================================================
+--- openssl-3.0.4.orig/Configure
++++ openssl-3.0.4/Configure
+@@ -1423,16 +1423,6 @@ if ($target =~ /^mingw/ && `$config{CC}
+ push @{$config{shared_ldflag}}, "-mno-cygwin";
+ }
+
+-if ($target =~ /linux.*-mips/ && !$disabled{asm}
+- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+- # minimally required architecture flags for assembly modules
+- my $value;
+- $value = '-mips2' if ($target =~ /mips32/);
+- $value = '-mips3' if ($target =~ /mips64/);
+- unshift @{$config{cflags}}, $value;
+- unshift @{$config{cxxflags}}, $value if $config{CXX};
+-}
+-
+ # If threads aren't disabled, check how possible they are
+ unless ($disabled{threads}) {
+ if ($auto_threads) {
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
new file mode 100755
index 0000000..bafdbaa
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -0,0 +1,78 @@
+From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
+Date: Tue, 6 Nov 2018 14:50:47 +0100
+Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
+ info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The openssl build system generates buildinf.h containing the full
+compiler command line used to compile objects. This breaks
+reproducibility, as the compile command is baked into libcrypto, where
+it is used when running `openssl version -f`.
+
+Add stripped build variables for the compiler and cflags lines, and use
+those when generating buildinfo.h.
+
+This is based on a similar patch for older openssl versions:
+https://patchwork.openembedded.org/patch/147229/
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Update to fix buildpaths qa issue for '-ffile-prefix-map'.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ Configurations/unix-Makefile.tmpl | 12 +++++++++++-
+ crypto/build.info | 2 +-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
+===================================================================
+--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
++++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
+@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
+ '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+ BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+
+-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
++# *_Q variables are used for one thing only: to build up buildinf.h
+ CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
+ $cppflags2 =~ s|([\\"])|\\$1|g;
+ $lib_cppflags =~ s|([\\"])|\\$1|g;
+ join(' ', $lib_cppflags || (), $cppflags2 || (),
+ $cppflags1 || ()) -}
+
++CFLAGS_Q={- for (@{$config{CFLAGS}}) {
++ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
++ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
++ }
++ join(' ', @{$config{CFLAGS}}) -}
++
++CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
++ join(' ', $config{CC}) -}
++
+ PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+
+ # For x86 assembler: Set PROCESSOR to 386 if you want to support
+Index: openssl-3.0.4/crypto/build.info
+===================================================================
+--- openssl-3.0.4.orig/crypto/build.info
++++ openssl-3.0.4/crypto/build.info
+@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
+
+ DEPEND[info.o]=buildinf.h
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
+
+ GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
+ GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/CVE-2024-2511.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/CVE-2024-2511.patch
new file mode 100755
index 0000000..8aea686
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/CVE-2024-2511.patch
@@ -0,0 +1,122 @@
+From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2024 15:43:53 +0000
+Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
+
+In TLSv1.3 we create a new session object for each ticket that we send.
+We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
+use then the new session will be added to the session cache. However, if
+early data is not in use (and therefore anti-replay protection is being
+used), then multiple threads could be resuming from the same session
+simultaneously. If this happens and a problem occurs on one of the threads,
+then the original session object could be marked as not_resumable. When we
+duplicate the session object this not_resumable status gets copied into the
+new session object. The new session object is then added to the session
+cache even though it is not_resumable.
+
+Subsequently, another bug means that the session_id_length is set to 0 for
+sessions that are marked as not_resumable - even though that session is
+still in the cache. Once this happens the session can never be removed from
+the cache. When that object gets to be the session cache tail object the
+cache never shrinks again and grows indefinitely.
+
+CVE-2024-2511
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24044)
+
+(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce)
+
+CVE: CVE-2024-2511
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ssl/ssl_lib.c | 5 +++--
+ ssl/ssl_sess.c | 28 ++++++++++++++++++++++------
+ ssl/statem/statem_srvr.c | 5 ++---
+ 3 files changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 2c8479eb5fc69..eed649c6fdee9 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode)
+
+ /*
+ * If the session_id_length is 0, we are not supposed to cache it, and it
+- * would be rather hard to do anyway :-)
++ * would be rather hard to do anyway :-). Also if the session has already
++ * been marked as not_resumable we should not cache it for later reuse.
+ */
+- if (s->session->session_id_length == 0)
++ if (s->session->session_id_length == 0 || s->session->not_resumable)
+ return;
+
+ /*
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index d836b33ed0e81..75adbd9e52b40 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void)
+ return ss;
+ }
+
+-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+-{
+- return ssl_session_dup(src, 1);
+-}
+-
+ /*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
+ {
+ SSL_SESSION *dest;
+
+@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+ return NULL;
+ }
+
++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
++{
++ return ssl_session_dup_intern(src, 1);
++}
++
++/*
++ * Used internally when duplicating a session which might be already shared.
++ * We will have resumed the original session. Subsequently we might have marked
++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
++ * resume from.
++ */
++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++{
++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
++
++ if (sess != NULL)
++ sess->not_resumable = 0;
++
++ return sess;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+ if (len)
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index a9e67f9d32a77..6c942e6bcec29 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+ * so the following won't overwrite an ID that we're supposed
+ * to send back.
+ */
+- if (s->session->not_resumable ||
+- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+- && !s->hit))
++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
++ && !s->hit)
+ s->session->session_id_length = 0;
+
+ if (usetls13) {
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/afalg.patch b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/afalg.patch
new file mode 100755
index 0000000..cf77e87
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Index: openssl-3.0.4/Configure
+===================================================================
+--- openssl-3.0.4.orig/Configure
++++ openssl-3.0.4/Configure
+@@ -1681,20 +1681,7 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
+ unless ($disabled{afalgeng}) {
+ $config{afalgeng}="";
+ if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+- my $minver = 4*10000 + 1*100 + 0;
+- if ($config{CROSS_COMPILE} eq "") {
+- my $verstr = `uname -r`;
+- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+- ($mi2) = $mi2 =~ /(\d+)/;
+- my $ver = $ma*10000 + $mi1*100 + $mi2;
+- if ($ver < $minver) {
+- disable('too-old-kernel', 'afalgeng');
+- } else {
+- push @{$config{engdirs}}, "afalg";
+- }
+- } else {
+- disable('cross-compiling', 'afalgeng');
+- }
++ push @{$config{engdirs}}, "afalg";
+ } else {
+ disable('not-linux', 'afalgeng');
+ }
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/run-ptest b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/run-ptest
new file mode 100755
index 0000000..8dff791
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl/run-ptest
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+# Optional arguments are 'list' to lists all tests, or the test name (base name
+# ie test_evp, not 03_test_evp.t).
+
+export TOP=.
+# OPENSSL_ENGINES is relative from the test binaries
+export OPENSSL_ENGINES=../engines
+
+perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl%.bbappend b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_1.1.1%.bbappend
old mode 100644
new mode 100755
similarity index 97%
rename from cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl%.bbappend
rename to cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_1.1.1%.bbappend
index fc1a393..ec95ab5
--- a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl%.bbappend
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_1.1.1%.bbappend
@@ -1,2 +1,3 @@
EXTRA_OECONF_append = " no-zlib no-zlib-dynamic "
+
diff --git a/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_3.0.13.bb b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_3.0.13.bb
new file mode 100755
index 0000000..98ecc63
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-zxic/recipes-support/openssl/openssl_3.0.13.bb
@@ -0,0 +1,264 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+ file://afalg.patch \
+ file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://CVE-2024-2511.patch \
+ "
+
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-openssl.sh \
+ "
+
+SRC_URI[sha256sum] = "88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313"
+
+inherit lib_package multilib_header multilib_script ptest perlnative
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG:class-native = ""
+PACKAGECONFIG:class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+PACKAGECONFIG[no-tls1] = "no-tls1"
+PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF:append:libc-musl = " no-async"
+EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
+
+EXTRA_OECONF:append = " no-zlib no-zlib-dynamic "
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+# This allows disabling deprecated or undesirable crypto algorithms.
+# The default is to trust upstream choices.
+DEPRECATED_CRYPTO_FLAGS ?= ""
+
+do_configure () {
+ # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
+ # the issue really clear that perl isn't functional due to symbol mismatch issues.
+ cat <<- EOF > ${WORKDIR}/perltest
+ #!/usr/bin/env perl
+ use POSIX;
+ EOF
+ chmod a+x ${WORKDIR}/perltest
+ ${WORKDIR}/perltest
+
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arc | linux-microblaze*)
+ target=linux-latomic
+ ;;
+ linux-arm*)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-i?86 | linux-viac3)
+ target=linux-x86
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips | linux-mipsel)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-powerpc64le)
+ target=linux-ppc64le
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-sparc | linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ mingw32-x86_64)
+ target=mingw64
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
+ test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+ oe_multilib_header openssl/opensslconf.h
+ oe_multilib_header openssl/configuration.h
+
+ # Create SSL structure for packages such as ca-certificates which
+ # contain hard-coded paths to /etc/ssl. Debian does the same.
+ install -d ${D}${sysconfdir}/ssl
+ mv ${D}${libdir}/ssl-3/certs \
+ ${D}${libdir}/ssl-3/private \
+ ${D}${libdir}/ssl-3/openssl.cnf \
+ ${D}${sysconfdir}/ssl/
+
+ # Although absolute symlinks would be OK for the target, they become
+ # invalid if native or nativesdk are relocated from sstate.
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
+ ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
+}
+
+do_install:append:class-native () {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl-3/certs \
+ SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
+ OPENSSL_ENGINES=${libdir}/engines-3 \
+ OPENSSL_MODULES=${libdir}/ossl-modules
+}
+
+do_install:append:class-nativesdk () {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+ sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+ install -d ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
+ install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
+
+ # Prune the build tree
+ rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+ cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
+ cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+ # For test_shlibload
+ ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+ ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+ install -d ${D}${PTEST_PATH}/apps
+ ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+ install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+ install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+
+ install -d ${D}${PTEST_PATH}/providers
+ install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
+
+ install -d ${D}${PTEST_PATH}/Configurations
+ cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
+
+ # seems to be needed with perl 5.32.1
+ install -d ${D}${PTEST_PATH}/util/perl/recipes
+ cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
+
+ sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy"
+
+FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES:libssl = "${libdir}/libssl${SOLIBS}"
+FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+ ${libdir}/ssl-3/openssl.cnf* \
+ "
+FILES:${PN}-engines = "${libdir}/engines-3"
+# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
+FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
+FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
+FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
+FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
+RDEPENDS:${PN}-misc = "perl"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
+
+RDEPENDS:${PN}-bin += "openssl-conf"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+CVE_VERSION_SUFFIX = "alphabetical"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_IGNORE += "CVE-2019-0190"