From 82666074e0c921e53c21b9e2c444e9a2d407d092 Mon Sep 17 00:00:00 2001 From: Boud Roukema Date: Wed, 29 Apr 2020 18:45:33 +0200 Subject: Fixed OpenSSL deprecation bug on some OSs, causing problems in libgit2 Until this commit, the configure step would fail with an error when compiling libgit2 on a test system. The origin of this bug, on the OS that was tested, appears to be that in OpenSSL Version 1.1.1a, openssl/ec.h fails to include openssl/openconf.h. The bug is described in more detail at https://savannah.nongnu.org/bugs/index.php?58263 With this commit, this is fixed by manually inserting a necessary components. In particular, `sed` is used to insert a preprocessor instruction into `openssl/openconf.h`, defining `DEPRECATED_1_2_0(f)`, for an arbitrary section of code `f`, to include that code rather than exclude it or warn about it. This commit is valid provided that openssl remains at a version earlier than 1.2.0. Starting at version 1.2.0, deprecation warnings should be run normally. We have thus moved the version of OpenSSL in `versions.conf' to the section for programs that need to be manually checked for version updates with a note to remind the user when reaching that version. Other packages that use OpenSSL may benefit from this commit, not just libgit2. --- reproduce/software/make/basic.mk | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'reproduce/software/make') diff --git a/reproduce/software/make/basic.mk b/reproduce/software/make/basic.mk index 779320f..0bec163 100644 --- a/reproduce/software/make/basic.mk +++ b/reproduce/software/make/basic.mk @@ -805,6 +805,14 @@ $(ibidir)/openssl: $(tdir)/cert.pem \ # environment variable. # # https://wiki.openssl.org/index.php/Compilation_and_Installation + # + # Bug 58263 (https://savannah.nongnu.org/bugs/?58263): In OpenSSL + # Version 1.1.1a (also checked in 1.1.1g), `openssl/ec.h' fails to + # include `openssl/openconf.h' on some OSs. The SED hack below + # inserts a hardwired element of `openssl/openconf.h' that is + # needed to include sections of code `f` that are deprecated in + # 1.2.0, but not yet in 1.1.1. This problem may be solved in + # version 1.2.x, so please check again in that bug. if [ x$(on_mac_os) = xyes ]; then \ export KERNEL_BITS=64; \ copt="shared no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128"; \ @@ -817,6 +825,9 @@ $(ibidir)/openssl: $(tdir)/cert.pem \ --with-zlib-lib=$(ildir) \ --with-zlib-include=$(idir)/include, \ -j$(numthreads), , ./config ) \ + && mv -v $(idir)/include/openssl/ec.h $(idir)/include/openssl/ec.h.orig \ + && sed -e 's,\(# include .openssl/opensslconf\.h.\),\1\n#ifndef DEPRECATEDIN_1_2_0\n#define DEPRECATEDIN_1_2_0(f) f;\n#endif\n,' \ + $(idir)/include/openssl/ec.h.orig > $(idir)/include/openssl/ec.h \ && cp $(tdir)/cert.pem $(idir)/etc/ssl/cert.pem \ && if [ $$? = 0 ]; then \ if [ x$(on_mac_os) = xyes ]; then \ -- cgit v1.2.1