From 82666074e0c921e53c21b9e2c444e9a2d407d092 Mon Sep 17 00:00:00 2001
From: Boud Roukema <boud@cosmo.torun.pl>
Date: Wed, 29 Apr 2020 18:45:33 +0200
Subject: Fixed OpenSSL deprecation bug on some OSs, causing problems in
 libgit2

Until this commit, the configure step would fail with an error when
compiling libgit2 on a test system. The origin of this bug, on the OS that
was tested, appears to be that in OpenSSL Version 1.1.1a, openssl/ec.h
fails to include openssl/openconf.h. The bug is described in more detail at
https://savannah.nongnu.org/bugs/index.php?58263

With this commit, this is fixed by manually inserting a necessary
components. In particular, `sed` is used to insert a preprocessor
instruction into `openssl/openconf.h`, defining `DEPRECATED_1_2_0(f)`, for
an arbitrary section of code `f`, to include that code rather than exclude
it or warn about it.

This commit is valid provided that openssl remains at a version earlier
than 1.2.0. Starting at version 1.2.0, deprecation warnings should be run
normally. We have thus moved the version of OpenSSL in `versions.conf' to
the section for programs that need to be manually checked for version
updates with a note to remind the user when reaching that version.

Other packages that use OpenSSL may benefit from this commit, not just
libgit2.
---
 reproduce/software/make/basic.mk | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'reproduce/software/make')

diff --git a/reproduce/software/make/basic.mk b/reproduce/software/make/basic.mk
index 779320f..0bec163 100644
--- a/reproduce/software/make/basic.mk
+++ b/reproduce/software/make/basic.mk
@@ -805,6 +805,14 @@ $(ibidir)/openssl: $(tdir)/cert.pem \
         # environment variable.
         #
         # https://wiki.openssl.org/index.php/Compilation_and_Installation
+        #
+        # Bug 58263 (https://savannah.nongnu.org/bugs/?58263): In OpenSSL
+        # Version 1.1.1a (also checked in 1.1.1g), `openssl/ec.h' fails to
+        # include `openssl/openconf.h' on some OSs. The SED hack below
+        # inserts a hardwired element of `openssl/openconf.h' that is
+        # needed to include sections of code `f` that are deprecated in
+        # 1.2.0, but not yet in 1.1.1. This problem may be solved in
+        # version 1.2.x, so please check again in that bug.
 	if [ x$(on_mac_os) = xyes ]; then \
 	  export KERNEL_BITS=64; \
 	  copt="shared no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128";  \
@@ -817,6 +825,9 @@ $(ibidir)/openssl: $(tdir)/cert.pem \
 	               --with-zlib-lib=$(ildir) \
 	               --with-zlib-include=$(idir)/include, \
 	               -j$(numthreads), , ./config ) \
+	&& mv -v $(idir)/include/openssl/ec.h $(idir)/include/openssl/ec.h.orig \
+	&& sed -e 's,\(# include .openssl/opensslconf\.h.\),\1\n#ifndef DEPRECATEDIN_1_2_0\n#define DEPRECATEDIN_1_2_0(f)   f;\n#endif\n,' \
+	   $(idir)/include/openssl/ec.h.orig > $(idir)/include/openssl/ec.h \
 	&& cp $(tdir)/cert.pem $(idir)/etc/ssl/cert.pem \
 	&& if [ $$? = 0 ]; then \
 	     if [ x$(on_mac_os) = xyes ]; then \
-- 
cgit v1.2.1