From 82666074e0c921e53c21b9e2c444e9a2d407d092 Mon Sep 17 00:00:00 2001 From: Boud Roukema Date: Wed, 29 Apr 2020 18:45:33 +0200 Subject: Fixed OpenSSL deprecation bug on some OSs, causing problems in libgit2 Until this commit, the configure step would fail with an error when compiling libgit2 on a test system. The origin of this bug, on the OS that was tested, appears to be that in OpenSSL Version 1.1.1a, openssl/ec.h fails to include openssl/openconf.h. The bug is described in more detail at https://savannah.nongnu.org/bugs/index.php?58263 With this commit, this is fixed by manually inserting a necessary components. In particular, `sed` is used to insert a preprocessor instruction into `openssl/openconf.h`, defining `DEPRECATED_1_2_0(f)`, for an arbitrary section of code `f`, to include that code rather than exclude it or warn about it. This commit is valid provided that openssl remains at a version earlier than 1.2.0. Starting at version 1.2.0, deprecation warnings should be run normally. We have thus moved the version of OpenSSL in `versions.conf' to the section for programs that need to be manually checked for version updates with a note to remind the user when reaching that version. Other packages that use OpenSSL may benefit from this commit, not just libgit2. --- reproduce/software/config/versions.conf | 6 +++++- reproduce/software/make/basic.mk | 11 +++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/reproduce/software/config/versions.conf b/reproduce/software/config/versions.conf index 35ede19..d19f095 100644 --- a/reproduce/software/config/versions.conf +++ b/reproduce/software/config/versions.conf @@ -43,7 +43,6 @@ metastore-version = 1.1.2-23-fa9170b mpc-version = 1.1.0 mpfr-version = 4.0.2 ncurses-version = 6.1 -openssl-version = 1.1.1a patchelf-version = 0.10 perl-version = 5.30.0 pkgconfig-version = 0.29.2 @@ -216,3 +215,8 @@ wcslib-version = 6.4 # Minizip is installed with the same `zlib' tarball, and they have the same # version. minizip-version = $(zlib-version) + +# From version 1.2 OpenSSL may not need a manual addition, as described in +# its comments and `https://savannah.nongnu.org/bugs/?58263'. If it doesn't +# cause problems, put it back in the list of "Basic/low-level" tools. +openssl-version = 1.1.1a \ No newline at end of file diff --git a/reproduce/software/make/basic.mk b/reproduce/software/make/basic.mk index 779320f..0bec163 100644 --- a/reproduce/software/make/basic.mk +++ b/reproduce/software/make/basic.mk @@ -805,6 +805,14 @@ $(ibidir)/openssl: $(tdir)/cert.pem \ # environment variable. # # https://wiki.openssl.org/index.php/Compilation_and_Installation + # + # Bug 58263 (https://savannah.nongnu.org/bugs/?58263): In OpenSSL + # Version 1.1.1a (also checked in 1.1.1g), `openssl/ec.h' fails to + # include `openssl/openconf.h' on some OSs. The SED hack below + # inserts a hardwired element of `openssl/openconf.h' that is + # needed to include sections of code `f` that are deprecated in + # 1.2.0, but not yet in 1.1.1. This problem may be solved in + # version 1.2.x, so please check again in that bug. if [ x$(on_mac_os) = xyes ]; then \ export KERNEL_BITS=64; \ copt="shared no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128"; \ @@ -817,6 +825,9 @@ $(ibidir)/openssl: $(tdir)/cert.pem \ --with-zlib-lib=$(ildir) \ --with-zlib-include=$(idir)/include, \ -j$(numthreads), , ./config ) \ + && mv -v $(idir)/include/openssl/ec.h $(idir)/include/openssl/ec.h.orig \ + && sed -e 's,\(# include .openssl/opensslconf\.h.\),\1\n#ifndef DEPRECATEDIN_1_2_0\n#define DEPRECATEDIN_1_2_0(f) f;\n#endif\n,' \ + $(idir)/include/openssl/ec.h.orig > $(idir)/include/openssl/ec.h \ && cp $(tdir)/cert.pem $(idir)/etc/ssl/cert.pem \ && if [ $$? = 0 ]; then \ if [ x$(on_mac_os) = xyes ]; then \ -- cgit v1.2.1