mirror of
https://github.com/LibreELEC/LibreELEC.tv.git
synced 2025-07-23 10:46:41 +00:00
MilhouseVH
GitHub
commit
82b6c4c4a1
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://www.libimobiledevice.org"
|
||||
PKG_URL="http://www.libimobiledevice.org/downloads/$PKG_NAME-$PKG_VERSION.tar.bz2"
|
||||
PKG_DEPENDS_TARGET="toolchain libusbmuxd libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain libusbmuxd openssl"
|
||||
PKG_SECTION="libs"
|
||||
PKG_SHORTDESC="libimobiledevice is a cross-platform software library that talks the protocols to support iPhone®, iPod Touch®, iPad® and Apple TV® devices"
|
||||
PKG_LONGDESC="libimobiledevice is a cross-platform software library that talks the protocols to support iPhone®, iPod Touch®, iPad® and Apple TV® devices"
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://www.irssi.org/"
|
||||
PKG_URL="https://github.com/irssi-import/irssi/releases/download/$PKG_VERSION/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain glib netbsd-curses libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain glib netbsd-curses openssl"
|
||||
PKG_SECTION="tools"
|
||||
PKG_SHORTDESC="IRC client"
|
||||
PKG_LONGDESC="Irssi is a terminal based IRC client for UNIX systems"
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://lftp.yar.ru/"
|
||||
PKG_URL="http://lftp.yar.ru/ftp/${PKG_NAME}-${PKG_VERSION}.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain readline libressl zlib"
|
||||
PKG_DEPENDS_TARGET="toolchain readline openssl zlib"
|
||||
PKG_SECTION="tools"
|
||||
PKG_SHORTDESC="ftp client"
|
||||
PKG_LONGDESC="LFTP is a sophisticated ftp/http client, and a file transfer program supporting a number of network protocols"
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://projects.vdr-developer.org/projects/plg-streamdev"
|
||||
PKG_URL="https://projects.vdr-developer.org/git/vdr-plugin-streamdev.git/snapshot/$PKG_NAME-$PKG_VERSION.tar.bz2"
|
||||
PKG_DEPENDS_TARGET="toolchain vdr libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain vdr openssl"
|
||||
PKG_SECTION="multimedia"
|
||||
PKG_SHORTDESC="TV"
|
||||
PKG_LONGDESC="TV"
|
||||
|
||||
@ -24,7 +24,7 @@ PKG_ADDON_PROJECTS="RPi RPi2"
|
||||
PKG_LICENSE="OSS"
|
||||
PKG_SITE="https://github.com/patrikolausson/dispmanx_vnc"
|
||||
PKG_URL="https://github.com/patrikolausson/dispmanx_vnc/archive/$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain libvncserver bcm2835-bootloader bcm2835-driver libconfig libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain libvncserver bcm2835-bootloader bcm2835-driver libconfig openssl"
|
||||
PKG_SECTION="service/system"
|
||||
PKG_SHORTDESC="Raspberry Pi VNC: a Virtual Network Computing server for Raspberry Pi"
|
||||
PKG_LONGDESC="Raspberry Pi VNC ($PKG_VERSION) is a Virtual Network Computing (VNC) server for Raspberry Pi using dispmanx"
|
||||
|
||||
@ -23,7 +23,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPLv2"
|
||||
PKG_SITE="http://troglobit.com/inadyn.html"
|
||||
PKG_URL="https://github.com/troglobit/inadyn/archive/v$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain libconfuse libite libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain libconfuse libite openssl"
|
||||
PKG_SECTION="service/system"
|
||||
PKG_SHORTDESC="Inadyn: a small and simple Dynamic Domain Name System client"
|
||||
PKG_LONGDESC="Inadyn ($PKG_VERSION) is a small and simple Dynamic Domain Name System (DDNS) client with HTTPS support. It is commonly available in many GNU/Linux distributions, used in off-the-shelf routers and Internet gateways to automate the task of keeping your DNS record up to date with any IP address changes from your ISP. It can also be used in installations with redundant (backup) connections to the Internet."
|
||||
|
||||
@ -25,7 +25,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://www.proftpd.org/"
|
||||
PKG_URL="https://github.com/proftpd/proftpd/archive/v$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain libcap libressl netbsd-curses pcre whois"
|
||||
PKG_DEPENDS_TARGET="toolchain libcap openssl netbsd-curses pcre whois"
|
||||
PKG_SECTION="service"
|
||||
PKG_SHORTDESC="ProFTPD: a FTP server for linux"
|
||||
PKG_LONGDESC="ProFTPD ($PKG_VERSION): is a secure and configurable FTP server with SSL/TLS support"
|
||||
|
||||
@ -23,7 +23,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPLv2"
|
||||
PKG_SITE="http://www.tinc-vpn.org/"
|
||||
PKG_URL="${PKG_SITE}/packages/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain libressl lzo zlib"
|
||||
PKG_DEPENDS_TARGET="toolchain openssl lzo zlib"
|
||||
PKG_SECTION="service/system"
|
||||
PKG_SHORTDESC="tinc: a Virtual Private Network daemon"
|
||||
PKG_LONGDESC="tinc ($PKG_VERSION) is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others."
|
||||
|
||||
@ -25,7 +25,7 @@ PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://www.tvheadend.org"
|
||||
PKG_URL="https://github.com/tvheadend/tvheadend/archive/$PKG_VERSION.tar.gz"
|
||||
PKG_SOURCE_DIR="tvheadend-${PKG_VERSION}*"
|
||||
PKG_DEPENDS_TARGET="toolchain curl dvb-tools libdvbcsa libiconv libressl Python:host yasm"
|
||||
PKG_DEPENDS_TARGET="toolchain curl dvb-tools libdvbcsa libiconv openssl Python:host yasm"
|
||||
PKG_SECTION="service"
|
||||
PKG_SHORTDESC="Tvheadend: a TV streaming server for Linux"
|
||||
PKG_LONGDESC="Tvheadend ($PKG_VERSION_NUMBER): is a TV streaming server for Linux supporting DVB-S/S2, DVB-C, DVB-T/T2, IPTV, SAT>IP, ATSC and ISDB-T"
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://pulseaudio.org/"
|
||||
PKG_URL="http://www.freedesktop.org/software/pulseaudio/releases/$PKG_NAME-$PKG_VERSION.tar.xz"
|
||||
PKG_DEPENDS_TARGET="toolchain libtool alsa-lib libsndfile soxr dbus systemd libressl libcap"
|
||||
PKG_DEPENDS_TARGET="toolchain libtool alsa-lib libsndfile soxr dbus systemd openssl libcap"
|
||||
PKG_SECTION="audio"
|
||||
PKG_SHORTDESC="pulseaudio: Yet another sound server for Unix"
|
||||
PKG_LONGDESC="PulseAudio is a sound server for Linux and other Unix-like operating systems. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (esound or esd). In addition to the features esound provides, PulseAudio has an extensible plugin architecture, support for more than one sink per source, better low-latency behavior, the ability to be embedded into other software, a completely asynchronous C API, a simple command line interface for reconfiguring the daemon while running, flexible and implicit sample type conversion and resampling, and a "Zero-Copy" architecture."
|
||||
|
||||
@ -23,7 +23,7 @@ PKG_LICENSE="LGPL"
|
||||
PKG_SITE="http://www.mysql.com"
|
||||
PKG_URL="http://ftp.gwdg.de/pub/misc/$PKG_NAME/Downloads/MySQL-5.7/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_HOST="zlib:host"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib netbsd-curses libressl boost mysql:host"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib netbsd-curses openssl boost mysql:host"
|
||||
PKG_SECTION="database"
|
||||
PKG_SHORTDESC="mysql: A database server"
|
||||
PKG_LONGDESC="MySQL is a SQL (Structured Query Language) database server. SQL is the most popular database language in the world. MySQL is a client server implementation that consists of a server daemon mysqld and many different client programs/libraries."
|
||||
@ -32,7 +32,6 @@ PKG_IS_ADDON="no"
|
||||
PKG_AUTORECONF="no"
|
||||
|
||||
post_unpack() {
|
||||
sed -i 's|OPENSSL_MAJOR_VERSION STREQUAL "1"|OPENSSL_MAJOR_VERSION STREQUAL "2"|' $PKG_BUILD/cmake/ssl.cmake
|
||||
sed -i 's|GET_TARGET_PROPERTY(LIBMYSQL_OS_OUTPUT_NAME libmysql OUTPUT_NAME)|SET(LIBMYSQL_OS_OUTPUT_NAME "mysqlclient")|' $PKG_BUILD/scripts/CMakeLists.txt
|
||||
sed -i "s|COMMAND comp_err|COMMAND $TOOLCHAIN/bin/comp_err|" $PKG_BUILD/extra/CMakeLists.txt
|
||||
sed -i "s|COMMAND comp_sql|COMMAND $TOOLCHAIN/bin/comp_sql|" $PKG_BUILD/scripts/CMakeLists.txt
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="BSD"
|
||||
PKG_SITE="http://www.cmake.org/"
|
||||
PKG_URL="http://www.cmake.org/files/v3.6/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_HOST="ccache:host libressl:host"
|
||||
PKG_DEPENDS_HOST="ccache:host openssl:host"
|
||||
PKG_SECTION="toolchain/devel"
|
||||
PKG_SHORTDESC="cmake: A cross-platform, open-source make system"
|
||||
PKG_LONGDESC="CMake is used to control the software compilation process using simple platform and compiler independent configuration files. CMake generates native makefiles and workspaces that can be used in the compiler environment of your choice. CMake is quite sophisticated: it is possible to support complex environments requiring system configuration, preprocessor generation, code generation, and template instantiation."
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="OSS"
|
||||
PKG_SITE="http://www.mesa3d.org/"
|
||||
PKG_URL="ftp://freedesktop.org/pub/mesa/${PKG_VERSION%-*}/$PKG_NAME-$PKG_VERSION.tar.xz"
|
||||
PKG_DEPENDS_TARGET="toolchain Python:host expat glproto dri2proto presentproto libdrm libXext libXdamage libXfixes libXxf86vm libxcb libX11 systemd dri3proto libxshmfence libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain Python:host expat glproto dri2proto presentproto libdrm libXext libXdamage libXfixes libXxf86vm libxcb libX11 systemd dri3proto libxshmfence openssl"
|
||||
PKG_SECTION="graphics"
|
||||
PKG_SHORTDESC="mesa: 3-D graphics library with OpenGL API"
|
||||
PKG_LONGDESC="Mesa is a 3-D graphics library with an API which is very similar to that of OpenGL*. To the extent that Mesa utilizes the OpenGL command syntax or state machine, it is being used with authorization from Silicon Graphics, Inc. However, the author makes no claim that Mesa is in any way a compatible replacement for OpenGL or associated with Silicon Graphics, Inc. Those who want a licensed implementation of OpenGL should contact a licensed vendor. While Mesa is not a licensed OpenGL implementation, it is currently being tested with the OpenGL conformance tests. For the current conformance status see the CONFORM file included in the Mesa distribution."
|
||||
|
||||
@ -23,7 +23,7 @@ PKG_LICENSE="OSS"
|
||||
PKG_SITE="http://www.python.org/"
|
||||
PKG_URL="http://www.python.org/ftp/python/$PKG_VERSION/$PKG_NAME-$PKG_VERSION.tar.xz"
|
||||
PKG_DEPENDS_HOST="zlib:host bzip2:host sqlite:host"
|
||||
PKG_DEPENDS_TARGET="toolchain sqlite expat zlib bzip2 libressl libffi Python:host"
|
||||
PKG_DEPENDS_TARGET="toolchain sqlite expat zlib bzip2 openssl libffi Python:host"
|
||||
PKG_SECTION="lang"
|
||||
PKG_SHORTDESC="python: The Python programming language"
|
||||
PKG_LONGDESC="Python is an interpreted object-oriented programming language, and is often compared with Tcl, Perl, Java or Scheme."
|
||||
|
||||
@ -219,7 +219,7 @@ PKG_CMAKE_OPTS_TARGET="-DNATIVEPREFIX=$TOOLCHAIN \
|
||||
-DENABLE_CCACHE=ON \
|
||||
-DENABLE_LIRC=ON \
|
||||
-DENABLE_EVENTCLIENTS=ON \
|
||||
-DENABLE_LDGOLD=OFF \
|
||||
-DENABLE_LDGOLD=ON \
|
||||
$KODI_ARCH \
|
||||
$KODI_OPENGL \
|
||||
$KODI_OPENGLES \
|
||||
@ -246,7 +246,6 @@ PKG_CMAKE_OPTS_TARGET="-DNATIVEPREFIX=$TOOLCHAIN \
|
||||
pre_configure_target() {
|
||||
# kodi should never be built with lto
|
||||
strip_lto
|
||||
strip_gold
|
||||
|
||||
export LIBS="$LIBS -lz -lterminfo"
|
||||
}
|
||||
|
||||
@ -24,7 +24,7 @@ PKG_LICENSE="LGPLv2.1+"
|
||||
PKG_SITE="https://ffmpeg.org"
|
||||
PKG_URL="https://github.com/xbmc/FFmpeg/archive/${PKG_VERSION}.tar.gz"
|
||||
PKG_SOURCE_DIR="FFmpeg-${PKG_VERSION}*"
|
||||
PKG_DEPENDS_TARGET="toolchain yasm:host zlib bzip2 libressl speex"
|
||||
PKG_DEPENDS_TARGET="toolchain yasm:host zlib bzip2 openssl speex"
|
||||
PKG_SECTION="multimedia"
|
||||
PKG_SHORTDESC="FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video."
|
||||
PKG_LONGDESC="FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video."
|
||||
@ -123,7 +123,7 @@ configure_target() {
|
||||
--enable-shared \
|
||||
--enable-gpl \
|
||||
--disable-version3 \
|
||||
--disable-nonfree \
|
||||
--enable-nonfree \
|
||||
--enable-logging \
|
||||
--disable-doc \
|
||||
$FFMPEG_DEBUG \
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
diff --git a/configure b/configure
|
||||
index 3960b73..2d9ec93 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -4545,7 +4545,6 @@ die_license_disabled nonfree libaacplus
|
||||
die_license_disabled nonfree libfaac
|
||||
die_license_disabled nonfree nvenc
|
||||
enabled gpl && die_license_disabled_gpl nonfree libfdk_aac
|
||||
-enabled gpl && die_license_disabled_gpl nonfree openssl
|
||||
|
||||
die_license_disabled version3 libopencore_amrnb
|
||||
die_license_disabled version3 libopencore_amrwb
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://rtmpdump.mplayerhq.hu/"
|
||||
PKG_URL="http://repo.or.cz/rtmpdump.git/snapshot/$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib openssl"
|
||||
PKG_SECTION="multimedia"
|
||||
PKG_SHORTDESC="rtmpdump: a toolkit for RTMP streams."
|
||||
PKG_LONGDESC="rtmpdump is a toolkit for RTMP streams. All forms of RTMP are supported, including rtmp://, rtmpt://, rtmpe://, rtmpte://, and rtmps://."
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="OpenSource"
|
||||
PKG_SITE="http://www.libssh.org/"
|
||||
PKG_URL="https://git.libssh.org/projects/libssh.git/snapshot/$PKG_NAME-$PKG_VERSION.tar.xz"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib openssl"
|
||||
PKG_SECTION="network"
|
||||
PKG_SHORTDESC="libssh: A working SSH implementation by means of a library"
|
||||
PKG_LONGDESC="The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl)."
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="OSS"
|
||||
PKG_SITE="http://www.openssh.com/"
|
||||
PKG_URL="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib openssl"
|
||||
PKG_SECTION="network"
|
||||
PKG_SHORTDESC="openssh: An open re-implementation of the SSH package"
|
||||
PKG_LONGDESC="This is a Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, and rdist."
|
||||
|
||||
@ -23,7 +23,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://openvpn.net"
|
||||
PKG_URL="http://swupdate.openvpn.org/community/releases/$PKG_NAME-$PKG_VERSION.tar.xz"
|
||||
PKG_DEPENDS_TARGET="toolchain lzo libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain lzo openssl"
|
||||
PKG_SECTION="network"
|
||||
PKG_SHORTDESC="openvpn: a full featured SSL VPN software solution that integrates OpenVPN server capabilities."
|
||||
PKG_LONGDESC="OpenVPN Access Server is a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux OS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control."
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="GPL"
|
||||
PKG_SITE="http://hostap.epitest.fi/wpa_supplicant/"
|
||||
PKG_URL="http://hostap.epitest.fi/releases/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain dbus libnl libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain dbus libnl openssl"
|
||||
PKG_SECTION="network"
|
||||
PKG_SHORTDESC="wpa_supplicant: An IEEE 802.11i supplicant implementation"
|
||||
PKG_LONGDESC="The wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant. In addition to being a full-featured WPA2 supplicant, it also has support for WPA and older wireless LAN security protocols."
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
$OpenBSD: patch-src_crypto_tls_openssl_c,v 1.3 2015/09/29 11:57:54 dcoppa Exp $
|
||||
|
||||
Compatibility fixes for LibreSSL
|
||||
|
||||
--- a/src/crypto/tls_openssl.c.orig Sun Sep 27 21:02:05 2015
|
||||
+++ b/src/crypto/tls_openssl.c Mon Sep 28 13:43:46 2015
|
||||
@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
|
||||
}
|
||||
|
||||
if (certs) {
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL_clear_chain_certs(ssl);
|
||||
while ((cert = sk_X509_pop(certs)) != NULL) {
|
||||
X509_NAME_oneline(X509_get_subject_name(cert), buf,
|
||||
@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
|
||||
/* Try to continue anyway */
|
||||
}
|
||||
sk_X509_free(certs);
|
||||
-#ifndef OPENSSL_IS_BORINGSSL
|
||||
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
res = SSL_build_cert_chain(ssl,
|
||||
SSL_BUILD_CHAIN_FLAG_CHECK |
|
||||
SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
|
||||
@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
|
||||
if (conn == NULL || keys == NULL)
|
||||
return -1;
|
||||
ssl = conn->ssl;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
|
||||
return -1;
|
||||
|
||||
@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
|
||||
#ifndef CONFIG_FIPS
|
||||
static int openssl_get_keyblock_size(SSL *ssl)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
const EVP_CIPHER *c;
|
||||
const EVP_MD *h;
|
||||
int md_size;
|
||||
@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_connection *conn
|
||||
"mode");
|
||||
return -1;
|
||||
#else /* CONFIG_FIPS */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL *ssl;
|
||||
u8 *rnd;
|
||||
int ret = -1;
|
||||
@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, stru
|
||||
|
||||
wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
|
||||
if (os_strstr(buf, ":ADH-")) {
|
||||
/*
|
||||
@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *
|
||||
struct tls_connection *conn = arg;
|
||||
int ret;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (conn == NULL || conn->session_ticket_cb == NULL)
|
||||
return 0;
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
################################################################################
|
||||
# This file is part of OpenELEC - http://www.openelec.tv
|
||||
# Copyright (C) 2009-2016 Stephan Raue (stephan@openelec.tv)
|
||||
#
|
||||
# OpenELEC is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# OpenELEC is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with OpenELEC. If not, see <http://www.gnu.org/licenses/>.
|
||||
################################################################################
|
||||
|
||||
PKG_NAME="libressl"
|
||||
PKG_VERSION="2.4.5"
|
||||
PKG_ARCH="any"
|
||||
PKG_LICENSE="BSD"
|
||||
PKG_SITE="http://www.libressl.org/"
|
||||
PKG_URL="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_HOST="ccache:host"
|
||||
PKG_DEPENDS_TARGET="toolchain"
|
||||
PKG_SECTION="security"
|
||||
PKG_SHORTDESC="libressl: a FREE version of the SSL/TLS protocol forked from OpenSSL"
|
||||
PKG_LONGDESC="LibreSSL is a FREE version of the SSL/TLS protocol forked from OpenSSL"
|
||||
|
||||
PKG_IS_ADDON="no"
|
||||
PKG_USE_CMAKE="no"
|
||||
PKG_AUTORECONF="yes"
|
||||
|
||||
post_makeinstall_target() {
|
||||
# backwards compatibility
|
||||
mkdir -p $INSTALL/etc/pki/tls
|
||||
ln -sf /etc/ssl/cert.pem $INSTALL/etc/pki/tls/cacert.pem
|
||||
mkdir -p $INSTALL/etc/pki/tls/certs
|
||||
ln -sf /etc/ssl/cert.pem $INSTALL/etc/pki/tls/certs/ca-bundle.crt
|
||||
}
|
||||
@ -1,62 +0,0 @@
|
||||
From 779c075d93f339ee4043ea026586a463376b301c Mon Sep 17 00:00:00 2001
|
||||
From: Jonas Karlman <jonas@kwiboo.se>
|
||||
Date: Wed, 20 Apr 2016 22:26:49 +0200
|
||||
Subject: [PATCH] trusted first
|
||||
|
||||
---
|
||||
apps/openssl/apps.c | 2 ++
|
||||
crypto/x509/x509_vfy.c | 14 ++++++++++++++
|
||||
include/openssl/x509_vfy.h | 2 ++
|
||||
3 files changed, 18 insertions(+)
|
||||
|
||||
diff --git a/apps/openssl/apps.c b/apps/openssl/apps.c
|
||||
index 6e40965..cbdd080 100644
|
||||
--- a/apps/openssl/apps.c
|
||||
+++ b/apps/openssl/apps.c
|
||||
@@ -1943,6 +1943,8 @@ args_verify(char ***pargs, int *pargc, int *badarg, BIO *err,
|
||||
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
||||
else if (!strcmp(arg, "-check_ss_sig"))
|
||||
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
|
||||
+ else if (!strcmp(arg, "-trusted_first"))
|
||||
+ flags |= X509_V_FLAG_TRUSTED_FIRST;
|
||||
else
|
||||
return 0;
|
||||
|
||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
||||
index f9fd3a0..6e51edb 100644
|
||||
--- a/crypto/x509/x509_vfy.c
|
||||
+++ b/crypto/x509/x509_vfy.c
|
||||
@@ -209,6 +209,20 @@ X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
if (ctx->check_issued(ctx, x, x))
|
||||
break;
|
||||
|
||||
+ /* If asked see if we can find issuer in trusted store first */
|
||||
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
|
||||
+ ok = ctx->get_issuer(&xtmp, ctx, x);
|
||||
+ if (ok < 0)
|
||||
+ goto end;
|
||||
+ /* If successful for now free up cert so it
|
||||
+ * will be picked up again later.
|
||||
+ */
|
||||
+ if (ok > 0) {
|
||||
+ X509_free(xtmp);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/* If we were passed a cert chain, use it first */
|
||||
if (ctx->untrusted != NULL) {
|
||||
xtmp = find_issuer(ctx, sktmp, x);
|
||||
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
|
||||
index e4050b2..ddf77e7 100644
|
||||
--- a/include/openssl/x509_vfy.h
|
||||
+++ b/include/openssl/x509_vfy.h
|
||||
@@ -383,6 +383,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
||||
#define X509_V_FLAG_USE_DELTAS 0x2000
|
||||
/* Check selfsigned CA signature */
|
||||
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
|
||||
+/* Use trusted store first */
|
||||
+#define X509_V_FLAG_TRUSTED_FIRST 0x8000
|
||||
/* Do not check certificate or CRL validity against current time. */
|
||||
#define X509_V_FLAG_NO_CHECK_TIME 0x200000
|
||||
|
||||
4043
packages/security/openssl/cert/cacert.pem
Normal file
4043
packages/security/openssl/cert/cacert.pem
Normal file
File diff suppressed because it is too large
Load Diff
119
packages/security/openssl/package.mk
Normal file
119
packages/security/openssl/package.mk
Normal file
@ -0,0 +1,119 @@
|
||||
###############################################################################
|
||||
# This file is part of LibreELEC - https://libreelec.tv
|
||||
# Copyright (C) 2016 Team LibreELEC
|
||||
#
|
||||
# LibreELEC is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# LibreELEC is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with LibreELEC. If not, see <http://www.gnu.org/licenses/>.
|
||||
################################################################################
|
||||
|
||||
PKG_NAME="openssl"
|
||||
PKG_VERSION="1.0.2k"
|
||||
PKG_REV="1"
|
||||
PKG_ARCH="any"
|
||||
PKG_LICENSE="BSD"
|
||||
PKG_SITE="https://www.openssl.org"
|
||||
PKG_URL="https://www.openssl.org/source/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_HOST="ccache:host"
|
||||
PKG_DEPENDS_TARGET="toolchain"
|
||||
PKG_SECTION="security"
|
||||
PKG_SHORTDESC="The Open Source toolkit for Secure Sockets Layer and Transport Layer Security"
|
||||
PKG_LONGDESC="The Open Source toolkit for Secure Sockets Layer and Transport Layer Security"
|
||||
|
||||
PKG_IS_ADDON="no"
|
||||
PKG_AUTORECONF="no"
|
||||
|
||||
PKG_CONFIGURE_OPTS_SHARED="--openssldir=/etc/ssl \
|
||||
--libdir=lib \
|
||||
shared \
|
||||
threads \
|
||||
no-ec2m \
|
||||
no-gmp \
|
||||
no-jpake \
|
||||
no-krb5 \
|
||||
no-libunbound \
|
||||
no-md2 \
|
||||
no-rc5 \
|
||||
no-rfc3779
|
||||
no-sctp \
|
||||
no-ssl-trace \
|
||||
no-ssl2 \
|
||||
no-ssl3 \
|
||||
no-store \
|
||||
no-unit-test \
|
||||
no-weak-ssl-ciphers \
|
||||
no-zlib \
|
||||
no-zlib-dynamic \
|
||||
no-static-engine"
|
||||
|
||||
pre_configure_host() {
|
||||
mkdir -p $ROOT/$PKG_BUILD/.$HOST_NAME
|
||||
cp -a $ROOT/$PKG_BUILD/* $ROOT/$PKG_BUILD/.$HOST_NAME/
|
||||
}
|
||||
|
||||
configure_host() {
|
||||
cd $ROOT/$PKG_BUILD/.$HOST_NAME
|
||||
./Configure --prefix=/ $PKG_CONFIGURE_OPTS_SHARED linux-x86_64 $CFLAGS $LDFLAGS
|
||||
}
|
||||
|
||||
makeinstall_host() {
|
||||
make INSTALL_PREFIX=$ROOT/$TOOLCHAIN install_sw
|
||||
}
|
||||
|
||||
pre_configure_target() {
|
||||
mkdir -p $ROOT/$PKG_BUILD/.$TARGET_NAME
|
||||
cp -a $ROOT/$PKG_BUILD/* $ROOT/$PKG_BUILD/.$TARGET_NAME/
|
||||
|
||||
case $TARGET_ARCH in
|
||||
x86_64)
|
||||
OPENSSL_TARGET=linux-x86_64
|
||||
PLATFORM_FLAGS=enable-ec_nistp_64_gcc_128
|
||||
;;
|
||||
arm)
|
||||
OPENSSL_TARGET=linux-armv4
|
||||
;;
|
||||
aarch64)
|
||||
OPENSSL_TARGET=linux-aarch64
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
configure_target() {
|
||||
cd $ROOT/$PKG_BUILD/.$TARGET_NAME
|
||||
./Configure --prefix=/usr $PKG_CONFIGURE_OPTS_SHARED $PLATFORM_FLAGS $OPENSSL_TARGET $CFLAGS $LDFLAGS
|
||||
}
|
||||
|
||||
makeinstall_target() {
|
||||
make INSTALL_PREFIX=$INSTALL install_sw
|
||||
make INSTALL_PREFIX=$SYSROOT_PREFIX install_sw
|
||||
chmod 755 $INSTALL/usr/lib/*.so*
|
||||
chmod 755 $INSTALL/usr/lib/engines/*.so
|
||||
}
|
||||
|
||||
post_makeinstall_target() {
|
||||
rm -rf $INSTALL/etc/ssl/misc
|
||||
rm -rf $INSTALL/usr/bin/c_rehash
|
||||
|
||||
debug_strip $INSTALL/usr/bin/openssl
|
||||
|
||||
# cert from https://curl.haxx.se/docs/caextract.html
|
||||
mkdir -p $INSTALL/etc/ssl
|
||||
cp $PKG_DIR/cert/cacert.pem $INSTALL/etc/ssl/cert.pem
|
||||
|
||||
# backwards comatibility
|
||||
mkdir -p $INSTALL/etc/pki/tls
|
||||
ln -sf /etc/ssl/cert.pem $INSTALL/etc/pki/tls/cacert.pem
|
||||
mkdir -p $INSTALL/etc/pki/tls/certs
|
||||
ln -sf /etc/ssl/cert.pem $INSTALL/etc/pki/tls/certs/ca-bundle.crt
|
||||
mkdir -p $INSTALL/usr/lib/ssl
|
||||
ln -sf /etc/ssl/cert.pem $INSTALL/usr/lib/ssl/cert.pem
|
||||
}
|
||||
33
packages/security/openssl/patches/openssl-0001-ca-dir.patch
Normal file
33
packages/security/openssl/patches/openssl-0001-ca-dir.patch
Normal file
@ -0,0 +1,33 @@
|
||||
--- openssl-1.0.2j/apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200
|
||||
+++ openssl-1.0.2j/apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200
|
||||
@@ -53,7 +53,7 @@
|
||||
$X509="$openssl x509";
|
||||
$PKCS12="$openssl pkcs12";
|
||||
|
||||
-$CATOP="./demoCA";
|
||||
+$CATOP="/etc/ssl";
|
||||
$CAKEY="cakey.pem";
|
||||
$CAREQ="careq.pem";
|
||||
$CACERT="cacert.pem";
|
||||
--- openssl-1.0.2j/apps/CA.sh 2009-10-15 19:27:47.000000000 +0200
|
||||
+++ openssl-1.0.2j/apps/CA.sh 2010-04-01 00:35:02.600553509 +0200
|
||||
@@ -68,7 +68,7 @@
|
||||
X509="$OPENSSL x509"
|
||||
PKCS12="openssl pkcs12"
|
||||
|
||||
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
|
||||
+if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
|
||||
CAKEY=./cakey.pem
|
||||
CAREQ=./careq.pem
|
||||
CACERT=./cacert.pem
|
||||
--- openssl-1.0.2j/apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200
|
||||
+++ openssl-1.0.2j/apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200
|
||||
@@ -39,7 +39,7 @@
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
-dir = ./demoCA # Where everything is kept
|
||||
+dir = /etc/ssl # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="APSL"
|
||||
PKG_SITE="http://src.gnu-darwin.org/DarwinSourceArchive/expanded/diskdev_cmds/"
|
||||
PKG_URL="http://www.opensource.apple.com/tarballs/diskdev_cmds/$PKG_NAME-$PKG_VERSION.tar.gz"
|
||||
PKG_DEPENDS_TARGET="toolchain libressl"
|
||||
PKG_DEPENDS_TARGET="toolchain openssl"
|
||||
PKG_SECTION="system"
|
||||
PKG_SHORTDESC="diskdev_cmds: hfs filesystem utilities"
|
||||
PKG_LONGDESC="The fsck and mkfs utliities for hfs and hfsplus filesystems."
|
||||
|
||||
@ -30,7 +30,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="MIT"
|
||||
PKG_SITE="http://curl.haxx.se"
|
||||
PKG_URL="http://curl.haxx.se/download/$PKG_NAME-$PKG_VERSION.tar.bz2"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib libressl rtmpdump"
|
||||
PKG_DEPENDS_TARGET="toolchain zlib openssl rtmpdump"
|
||||
PKG_SECTION="web"
|
||||
PKG_SHORTDESC="curl: Client and library for (HTTP, HTTPS, FTP, ...) transfers"
|
||||
PKG_LONGDESC="Curl is a client to get documents/files from or send documents to a server, using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, GOPHER, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction or any kind of interactivity."
|
||||
|
||||
@ -22,7 +22,7 @@ PKG_ARCH="any"
|
||||
PKG_LICENSE="OSS"
|
||||
PKG_SITE="http://www.X.org"
|
||||
PKG_URL="http://xorg.freedesktop.org/archive/individual/xserver/$PKG_NAME-$PKG_VERSION.tar.bz2"
|
||||
PKG_DEPENDS_TARGET="toolchain util-macros font-util fontsproto randrproto recordproto renderproto dri2proto dri3proto fixesproto damageproto videoproto inputproto xf86dgaproto xf86vidmodeproto xf86driproto xf86miscproto presentproto libpciaccess libX11 libXfont2 libXinerama libxshmfence libxkbfile libdrm libressl freetype pixman fontsproto systemd xorg-launch-helper"
|
||||
PKG_DEPENDS_TARGET="toolchain util-macros font-util fontsproto randrproto recordproto renderproto dri2proto dri3proto fixesproto damageproto videoproto inputproto xf86dgaproto xf86vidmodeproto xf86driproto xf86miscproto presentproto libpciaccess libX11 libXfont2 libXinerama libxshmfence libxkbfile libdrm openssl freetype pixman fontsproto systemd xorg-launch-helper"
|
||||
PKG_NEED_UNPACK="$(get_pkg_directory xf86-video-nvidia) $(get_pkg_directory xf86-video-nvidia-legacy)"
|
||||
PKG_SECTION="x11/xserver"
|
||||
PKG_SHORTDESC="xorg-server: The Xorg X server"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user