You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by tr...@apache.org on 2016/08/19 18:28:06 UTC
svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./ openssl/
Author: truckman
Date: Fri Aug 19 18:28:06 2016
New Revision: 1756954
URL: http://svn.apache.org/viewvc?rev=1756954&view=rev
Log:
Update the bundled version of OpenSSL from 0.9.8zh to 1.0.2h which
fixes many vulnerabiliies and adds support for newer, more secure
ciphers and versions of the protocol.
Note: OpenSSL version 1.0.2h contains two known minor vulnerabilites,
CVE-2016-2177 and CVE-2016-2178, which will be fixed in the next
OpenSSL release. Their potential impact is low enough that that
various Linux distros have chosen not to apply the upstream patches
to the versions that they distribute.
On Windows, there is an optional new dependency on NASM,
<http://www.nasm.us/>. If NASM is not available, then the C
implementations of the low-level crypto code will be used instead
of the optimized assembly language versions. Since OpenOffice is
not a heavy user of this code, the impact should be minor. If NASM
is installed, but its location is not in $PATH, the directory
containing nasm.exe should be passed to configure using --with-nasm-home.
The fallback to the C crypto implementation also happens on Linux
if the version of gcc is sufficently old to indicate that the
toolchain is likely to not support the some of the instructions in
the assembly language versions of the code.
Removed:
openoffice/trunk/main/openssl/openssl-0.9.8zh-clang.patch
openoffice/trunk/main/openssl/opensslmacosx.patch
Modified:
openoffice/trunk/main/LICENSE
openoffice/trunk/main/configure.ac
openoffice/trunk/main/external_deps.lst
openoffice/trunk/main/openssl/makefile.mk
openoffice/trunk/main/openssl/openssl.patch
openoffice/trunk/main/openssl/openssllnx.patch
openoffice/trunk/main/openssl/version.mk
openoffice/trunk/main/set_soenv.in
Modified: openoffice/trunk/main/LICENSE
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/LICENSE?rev=1756954&r1=1756953&r2=1756954&view=diff
==============================================================================
--- openoffice/trunk/main/LICENSE (original)
+++ openoffice/trunk/main/LICENSE Fri Aug 19 18:28:06 2016
@@ -1222,7 +1222,7 @@ OpenSSL License
---------------
====================================================================
-Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
Modified: openoffice/trunk/main/configure.ac
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/configure.ac?rev=1756954&r1=1756953&r2=1756954&view=diff
==============================================================================
--- openoffice/trunk/main/configure.ac (original)
+++ openoffice/trunk/main/configure.ac Fri Aug 19 18:28:06 2016
@@ -870,6 +870,12 @@ AC_ARG_WITH(asm-home,
Usage: --with-asm-home=<path to ml.exe directory>
],,)
+AC_ARG_WITH(nasm-home,
+[ --with-nasm-home For Windows users, please supply the path for the
+ nasm.exe assembler.
+
+ Usage: --with-nasm-home=<path to nasm.exe directory>
+],,)
AC_ARG_WITH(os-version,
[ --with-os-version For FreeBSD users, use this option option to override
the detected OSVERSION.
@@ -5554,6 +5560,29 @@ fi
ASM_HOME="$with_asm_home"
AC_SUBST(ASM_HOME)
+dnl ***************************************
+dnl testing nasm.exe assembler path
+dnl ***************************************
+if test "$_os" = "WINNT" -a "$WITH_MINGWIN" != "yes" -a "$SYSTEM_OPENSSL" = "NO"; then
+ AC_MSG_CHECKING([nasm.exe assembler path])
+ if test -n "$with_nasm_home"; then
+ with_nasm_home=`cygpath -u "$with_nasm_home"`
+ fi
+ if test ! -x "$with_nasm_home/nasm.exe"; then
+ AC_PATH_PROG(NASM_EXE, nasm.exe)
+ if test -z "$NASM_EXE"; then
+ with_nasm_home="NO_NASM_HOME"
+ else
+ with_nasm_home="NASM_IN_PATH"
+ fi
+ fi
+ AC_MSG_RESULT([$NASM_HOME])
+else
+ with_nasm_home="NO_NASM_HOME"
+fi
+NASM_HOME="$with_nasm_home"
+AC_SUBST(NASM_HOME)
+
dnl ===================================================================
dnl testing handle deprecated unzip switch
dnl ===================================================================
Modified: openoffice/trunk/main/external_deps.lst
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/external_deps.lst?rev=1756954&r1=1756953&r2=1756954&view=diff
==============================================================================
--- openoffice/trunk/main/external_deps.lst (original)
+++ openoffice/trunk/main/external_deps.lst Fri Aug 19 18:28:06 2016
@@ -155,9 +155,9 @@ if (SOLAR_JAVA==TRUE && ENABLE_MEDIAWIKI
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if (SYSTEM_OPENSSL!=YES && DISABLE_OPENSSL!=TRUE)
- MD5 = c813c065dd53d7bd0a560a870ddd0af5
- name = openssl-0.9.8zh.tar.gz
- URL1 = http://www.openssl.org/source/openssl-0.9.8zh.tar.gz
+ MD5 = 9392e65072ce4b614c1392eefc1f23d0
+ name = openssl-1.0.2h.tar.gz
+ URL1 = http://www.openssl.org/source/openssl-1.0.2h.tar.gz
URL2 = $(OOO_EXTRAS)$(MD5)-$(name)
if ( true )
Modified: openoffice/trunk/main/openssl/makefile.mk
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/openssl/makefile.mk?rev=1756954&r1=1756953&r2=1756954&view=diff
==============================================================================
--- openoffice/trunk/main/openssl/makefile.mk (original)
+++ openoffice/trunk/main/openssl/makefile.mk Fri Aug 19 18:28:06 2016
@@ -42,17 +42,17 @@ TARGET=openssl
@echo "openssl disabled...."
.ENDIF
-OPENSSL_NAME=openssl-0.9.8zh
+OPENSSL_NAME=openssl-1.0.2h
TARFILE_NAME=$(OPENSSL_NAME)
-TARFILE_MD5=c813c065dd53d7bd0a560a870ddd0af5
+TARFILE_MD5=9392e65072ce4b614c1392eefc1f23d0
CONFIGURE_DIR=.
CONFIGURE_ACTION=config
CONFIGURE_FLAGS=-I$(SYSBASE)$/usr$/include -L$(SYSBASE)$/usr$/lib shared
BUILD_DIR=.
-BUILD_ACTION=make CC='$(CC)'
+BUILD_ACTION=make CC='$(CC)' build_libs
OUT2LIB = libssl.*
OUT2LIB += libcrypto.*
@@ -60,25 +60,32 @@ OUT2INC += include/openssl/*
UNAME=$(shell uname)
+.IF "$(COM)"=="GCC" && "$(CCNUMVER)">="000400060000" || "$(OS)"=="WNT" && "$(NASM_PATH)"=="NO_NASM_HOME"
+ NO_ASM="no-asm"
+.ELSE
+ NO_ASM=
+.ENDIF
+
.IF "$(OS)" == "LINUX" || "$(OS)" == "FREEBSD"
PATCH_FILES=openssllnx.patch
- ADDITIONAL_FILES:= \
- libcrypto_OOo_0_9_8zh.map \
- libssl_OOo_0_9_8zh.map
.IF "$(CPU)" == "I"
.IF "$(UNAME)" == "GNU/kFreeBSD"
- CONFIGURE_ACTION=Configure debian-kfreebsd-i386
+ CONFIGURE_ACTION=Configure debian-kfreebsd-i386 no-dso no-shared $(NO_ASM)
+ .ELIF "$(UNAME)" == "FreeBSD"
+ CONFIGURE_ACTION=Configure BSD-x86-elf no-dso no-shared $(NO_ASM)
.ELSE
- CONFIGURE_ACTION=Configure linux-elf
+ CONFIGURE_ACTION=Configure linux-generic32 no-dso no-shared $(NO_ASM)
.ENDIF
.ELIF "$(BUILD64)" == "1"
.IF "$(UNAME)" == "GNU/kFreeBSD"
- CONFIGURE_ACTION=Configure debian-kfreebsd-amd64
+ CONFIGURE_ACTION=Configure debian-kfreebsd-amd64 no-dso no-shared $(NO_ASM)
+ .ELIF "$(UNAME)" == "FreeBSD"
+ CONFIGURE_ACTION=Configure BSD-x86_64 no-dso no-shared $(NO_ASM)
.ELSE
- CONFIGURE_ACTION=Configure linux-generic64
+ CONFIGURE_ACTION=Configure linux-x86_64 no-dso no-shared $(NO_ASM)
.ENDIF
.ELSE
- CONFIGURE_ACTION=Configure linux-generic32
+ CONFIGURE_ACTION=Configure linux-generic32 no-dso no-shared $(NO_ASM)
.ENDIF
# if you build openssl as shared library you have to patch the Makefile.Shared "LD_LIBRARY_PATH=$$LD_LIBRARY_PATH \"
#BUILD_ACTION=make 'SHARED_LDFLAGS=-Wl,--version-script=./lib$$(SHLIBDIRS)_OOo_0_9_8e.map'
@@ -86,9 +93,6 @@ UNAME=$(shell uname)
.IF "$(OS)" == "SOLARIS"
PATCH_FILES=opensslsol.patch
- ADDITIONAL_FILES:= \
- libcrypto_OOo_0_9_8zh.map \
- libssl_OOo_0_9_8zh.map
#BUILD_ACTION=make 'SHARED_LDFLAGS=-G -dy -z text -M./lib$$$$$$$$(SHLIBDIRS)_OOo_0_9_8e.map'
# Use BUILD64 when 1 to select new specific 64bit Configurations if necessary
@@ -147,9 +151,13 @@ OUT2BIN += out/libeay32.dll
.ENDIF
#CONFIGURE_ACTION=cmd /c $(PERL:s!\!/!) configure
- CONFIGURE_ACTION=$(PERL) configure
+ CONFIGURE_ACTION=$(PERL) configure $(NO_ASM)
CONFIGURE_FLAGS=VC-WIN32
- BUILD_ACTION=cmd /c "ms$(EMQ)\do_ms.bat $(subst,/,\ $(normpath,1 $(PERL)))" && nmake -f ms/ntdll.mak
+ .IF "$(NASM_PATH)"=="NO_NASM_HOME"
+ BUILD_ACTION=cmd /c "ms$(EMQ)\do_ms.bat $(subst,/,\ $(normpath,1 $(PERL)))" && nmake -f ms/ntdll.mak
+ .ELSE
+ BUILD_ACTION=cmd /c "ms$(EMQ)\do_nasm.bat $(subst,/,\ $(normpath,1 $(PERL)))" && nmake -f ms/ntdll.mak
+ .ENDIF
OUT2LIB = out32dll$/ssleay32.lib
OUT2LIB += out32dll$/libeay32.lib
@@ -159,8 +167,6 @@ OUT2BIN += out/libeay32.dll
.ENDIF
.ENDIF
-PATCH_FILES += openssl-0.9.8zh-clang.patch
-
#set INCLUDE=D:\sol_temp\n\msvc7net3\PlatformSDK\include;D:\sol_temp\n\msvc7net3\include\ && set path=%path%;D:\sol_temp\r\btw\SRC680\perl\bin &&
# --- Targets ------------------------------------------------------
Modified: openoffice/trunk/main/openssl/openssl.patch
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/openssl/openssl.patch?rev=1756954&r1=1756953&r2=1756954&view=diff
==============================================================================
--- openoffice/trunk/main/openssl/openssl.patch (original)
+++ openoffice/trunk/main/openssl/openssl.patch Fri Aug 19 18:28:06 2016
@@ -1,27 +1,72 @@
---- misc/openssl-0.9.8zh/crypto/x509v3/v3_pci.c 2007-03-05 01:06:47.000000000 +0100
-+++ misc/build/openssl-0.9.8zh/crypto/x509v3/v3_pci.c 2010-03-26 12:04:20.961547300 +0100
-@@ -2,7 +2,7 @@
- /* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
--/* Copyright (c) 2004 Kungliga Tekniska H�gskolan
-+/* Copyright (c) 2004 Kungliga Tekniska Hoegskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
---- misc/openssl-0.9.8zh/crypto/x509v3/v3_pcia.c 2004-12-28 01:21:33.000000000 +0100
-+++ misc/build/openssl-0.9.8zh/crypto/x509v3/v3_pcia.c 2010-03-26 12:04:20.961547300 +0100
-@@ -3,7 +3,7 @@
- /* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
--/* Copyright (c) 2004 Kungliga Tekniska H�gskolan
-+/* Copyright (c) 2004 Kungliga Tekniska Hoegskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
---- misc/openssl-0.9.8zh/ms/do_ms.bat 2009-07-28 14:51:19.000000000 +0200
-+++ misc/build/openssl-0.9.8zh/ms/do_ms.bat 2010-03-26 12:19:19.399047300 +0100
+diff -ur misc/openssl-1.0.2h/Configure misc/build/openssl-1.0.2h/Configure
+--- misc/openssl-1.0.2h/Configure 2016-05-03 06:44:42.000000000 -0700
++++ misc/build/openssl-1.0.2h/Configure 2016-08-14 23:51:42.672229000 -0700
+@@ -475,19 +475,20 @@
+ "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ #### *BSD [do see comment about ${BSDthreads} above!]
+-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-generic32","$ENV{'FREEBSDCC'}:-O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-x86", "$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-x86-elf", "$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
++"debug-BSD-x86-elf", "$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -Wall -g $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-sparcv8", "$ENV{'FREEBSDCC'}:-DB_ENDIAN -O3 -mcpu=v8 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+
+-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-generic64","$ENV{'FREEBSDCC'}:-O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparc64", "$ENV{'FREEBSDCC'}:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-ia64", "$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-x86_64", "$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-alpha", "$ENV{'FREEBSDCC'}:-DL_ENDIAN -O -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+
+ "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+@@ -2031,10 +2032,12 @@
+ if ( $perl =~ m@^/@) {
+ &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+ &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
++ &dofile("apps/tsget",$perl,'^#!/', '#!%s');
+ } else {
+ # No path for Perl known ...
+ &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+ &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
++ &dofile("apps/tsget",'/usr/local/bin/perl',,'^#!/', '#!%s');
+ }
+ if ($depflags ne $default_depflags && !$make_depend) {
+ $warn_make_depend++;
+diff -ur misc/openssl-1.0.2h/config misc/build/openssl-1.0.2h/config
+--- misc/openssl-1.0.2h/config 2016-05-03 06:44:42.000000000 -0700
++++ misc/build/openssl-1.0.2h/config 2016-08-15 00:25:50.870874000 -0700
+@@ -753,14 +753,8 @@
+ sparc64-*-*bsd*) OUT="BSD-sparc64" ;;
+ ia64-*-*bsd*) OUT="BSD-ia64" ;;
+ amd64-*-*bsd*) OUT="BSD-x86_64" ;;
+- *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc...
+- if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
+- libc=/usr/lib/libc.so
+- else # OpenBSD
+- # ld searches for highest libc.so.* and so do we
+- libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
+- fi
+- case "`(file -L $libc) 2>/dev/null`" in
++ *86*-*-*bsd*)
++ case "`(file -L /bin/sh) 2>/dev/null`" in
+ *ELF*) OUT="BSD-x86-elf" ;;
+ *) OUT="BSD-x86"; options="$options no-sse2" ;;
+ esac ;;
+diff -ur misc/openssl-1.0.2h/ms/do_ms.bat misc/build/openssl-1.0.2h/ms/do_ms.bat
+--- misc/openssl-1.0.2h/ms/do_ms.bat 2016-05-03 06:44:42.000000000 -0700
++++ misc/build/openssl-1.0.2h/ms/do_ms.bat 2016-08-14 23:49:39.418111000 -0700
@@ -1,11 +1,11 @@
-perl util\mkfiles.pl >MINFO
@@ -41,9 +86,10 @@
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+%1 util\mkdef.pl 32 libeay > ms\libeay32.def
+%1 util\mkdef.pl 32 ssleay > ms\ssleay32.def
---- misc/openssl-0.9.8zh/util/mk1mf.pl 2009-09-20 14:46:42.000000000 +0200
-+++ misc/build/openssl-0.9.8zh/util/mk1mf.pl 2010-03-26 12:04:20.977172300 +0100
-@@ -128,7 +128,7 @@
+diff -ur misc/openssl-1.0.2h/util/mk1mf.pl misc/build/openssl-1.0.2h/util/mk1mf.pl
+--- misc/openssl-1.0.2h/util/mk1mf.pl 2016-05-03 06:44:42.000000000 -0700
++++ misc/build/openssl-1.0.2h/util/mk1mf.pl 2016-08-14 23:49:39.419397000 -0700
+@@ -163,7 +163,7 @@
$inc_def="outinc";
$tmp_def="tmp";
@@ -52,8 +98,8 @@
$mkdir="-mkdir" unless defined $mkdir;
($ssl,$crypto)=("ssl","crypto");
-@@ -290,6 +290,11 @@
- chop;
+@@ -345,6 +345,11 @@
+ s/\s*$//; # was chop, didn't work in mixture of perls for Windows...
($key,$val)=/^([^=]+)=(.*)/;
+
@@ -64,19 +110,11 @@
if ($key eq "RELATIVE_DIRECTORY")
{
if ($lib ne "")
-@@ -730,7 +735,7 @@
- printf OUT <<EOF;
- #ifdef $platform_cpp_symbol
- /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
-- #define CFLAGS "$cc $cflags"
-+ #define CFLAGS "$cflags"
- #define PLATFORM "$platform"
- EOF
- printf OUT " #define DATE \"%s\"\n", scalar gmtime();
---- misc/openssl-0.9.8zh/util/pl/VC-32.pl 2010-02-04 02:10:24.000000000 +0100
-+++ misc/build/openssl-0.9.8zh/util/pl/VC-32.pl 2010-03-26 12:04:20.977172300 +0100
-@@ -32,7 +32,7 @@
- $l_flags =~ s/-L(\S+)/\/libpath:$1/g;
+diff -ur misc/openssl-1.0.2h/util/pl/VC-32.pl misc/build/openssl-1.0.2h/util/pl/VC-32.pl
+--- misc/openssl-1.0.2h/util/pl/VC-32.pl 2016-05-03 06:44:42.000000000 -0700
++++ misc/build/openssl-1.0.2h/util/pl/VC-32.pl 2016-08-14 23:49:39.420331000 -0700
+@@ -30,7 +30,7 @@
+ my $ff = "";
# C compiler stuff
-$cc='cl';
@@ -84,51 +122,3 @@
if ($FLAVOR =~ /WIN64/)
{
# Note that we currently don't have /WX on Win64! There is a lot of
-@@ -103,21 +103,21 @@
- }
-
- $cc='$(CC)';
-- $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT';
-+ $base_cflags=' -W3 -WX -GF -Gy -nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT';
- $base_cflags.=" $wcecdefs";
-- $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics...
-- $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
-+ $opt_cflags=' -MC -O1i'; # optimize for space, but with intrinsics...
-+ $dbg_clfags=' -MC -Od -DDEBUG -D_DEBUG';
- $lflags="/nologo /opt:ref $wcelflag";
- }
- else # Win32
- {
-- $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
-+ $base_cflags=' -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
- $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
- $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
-- my $f = $shlib || $fips ?' /MD':' /MT';
-- $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
-- $opt_cflags=$f.' /Ox /O2 /Ob2';
-- $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-+ my $f = $shlib || $fips ?' -MD':' -MT';
-+ $lib_cflag='-Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
-+ $opt_cflags=$f.' -Ox -O2 -Ob2';
-+ $dbg_cflags=$f.'d -Od -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
- }
- $mlflags='';
-@@ -138,7 +138,7 @@
- }
-
- $obj='.obj';
--$ofile="/Fo";
-+$ofile="-Fo.\\";
-
- # EXE linking stuff
- $link="link";
-@@ -298,7 +298,7 @@
- $tmp_def='tmp32dll_$(TARGETCPU)';
- }
-
--$cflags.=" /Fd$out_def";
-+$cflags.=" -Fd$out_def";
-
- sub do_lib_rule
- {
Re: svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./
openssl/
Posted by Don Lewis <tr...@apache.org>.
On 19 Aug, To: dev@openoffice.apache.org wrote:
> On 19 Aug, Dennis E. Hamilton wrote:
>> Great commit messages!
>>
>>> -----Original Message-----
>>> From: truckman@apache.org [mailto:truckman@apache.org]
>>> Sent: Friday, August 19, 2016 11:28
>>> To: commits@openoffice.apache.org
>>> Subject: svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./
>>> openssl/
>>>
>>> Author: truckman
>>> Date: Fri Aug 19 18:28:06 2016
>>> New Revision: 1756954
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1756954&view=rev
>>> Log:
>>> Update the bundled version of OpenSSL from 0.9.8zh to 1.0.2h which
>>> fixes many vulnerabiliies and adds support for newer, more secure
>>> ciphers and versions of the protocol.
>>>
>>> Note: OpenSSL version 1.0.2h contains two known minor vulnerabilites,
>>> CVE-2016-2177 and CVE-2016-2178, which will be fixed in the next
>>> OpenSSL release. Their potential impact is low enough that that
>>> various Linux distros have chosen not to apply the upstream patches
>>> to the versions that they distribute.
>>>
>>> On Windows, there is an optional new dependency on NASM,
>>> <http://www.nasm.us/>. If NASM is not available, then the C
>>> implementations of the low-level crypto code will be used instead
>>> of the optimized assembly language versions. Since OpenOffice is
>>> not a heavy user of this code, the impact should be minor. If NASM
>>> is installed, but its location is not in $PATH, the directory
>>> containing nasm.exe should be passed to configure using --with-nasm-
>>> home.
>>>
>> [ ... ]
>> [orcmid]
>>
>> Does the NASM code do the right thing with regard to CPU model
>> detection? It sounds like there may be dependencies on instructions
>> that may not be on all processors for which Apache OpenOffice is
>> supported. I am thinking in particular about processors on which
>> Windows XP will run but Windows 7 and later will not because of
>> hardware protection requirements and, I suspect, extended instruction
>> sets.
>
> It is supposed to select the appropriate version of the code at runtime
> based on the CPU feature bits that tell whether the machine supports the
> newer SSE* and AVX instructions. I should be able to give this a try in
> the next few days.
I'm pretty sure the old version of OpenSSL also had optimized assembly
language code as well. What's interesting is that the VS 7 assembler
wasn't choking on any of the newer instructions but on a couple of
ordinary looking MOV instructions.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./
openssl/
Posted by Don Lewis <tr...@apache.org>.
On 19 Aug, Dennis E. Hamilton wrote:
> Great commit messages!
>
>> -----Original Message-----
>> From: truckman@apache.org [mailto:truckman@apache.org]
>> Sent: Friday, August 19, 2016 11:28
>> To: commits@openoffice.apache.org
>> Subject: svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./
>> openssl/
>>
>> Author: truckman
>> Date: Fri Aug 19 18:28:06 2016
>> New Revision: 1756954
>>
>> URL: http://svn.apache.org/viewvc?rev=1756954&view=rev
>> Log:
>> Update the bundled version of OpenSSL from 0.9.8zh to 1.0.2h which
>> fixes many vulnerabiliies and adds support for newer, more secure
>> ciphers and versions of the protocol.
>>
>> Note: OpenSSL version 1.0.2h contains two known minor vulnerabilites,
>> CVE-2016-2177 and CVE-2016-2178, which will be fixed in the next
>> OpenSSL release. Their potential impact is low enough that that
>> various Linux distros have chosen not to apply the upstream patches
>> to the versions that they distribute.
>>
>> On Windows, there is an optional new dependency on NASM,
>> <http://www.nasm.us/>. If NASM is not available, then the C
>> implementations of the low-level crypto code will be used instead
>> of the optimized assembly language versions. Since OpenOffice is
>> not a heavy user of this code, the impact should be minor. If NASM
>> is installed, but its location is not in $PATH, the directory
>> containing nasm.exe should be passed to configure using --with-nasm-
>> home.
>>
> [ ... ]
> [orcmid]
>
> Does the NASM code do the right thing with regard to CPU model
> detection? It sounds like there may be dependencies on instructions
> that may not be on all processors for which Apache OpenOffice is
> supported. I am thinking in particular about processors on which
> Windows XP will run but Windows 7 and later will not because of
> hardware protection requirements and, I suspect, extended instruction
> sets.
It is supposed to select the appropriate version of the code at runtime
based on the CPU feature bits that tell whether the machine supports the
newer SSE* and AVX instructions. I should be able to give this a try in
the next few days.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
RE: svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./ openssl/
Posted by "Dennis E. Hamilton" <de...@acm.org>.
Great commit messages!
> -----Original Message-----
> From: truckman@apache.org [mailto:truckman@apache.org]
> Sent: Friday, August 19, 2016 11:28
> To: commits@openoffice.apache.org
> Subject: svn commit: r1756954 [1/2] - in /openoffice/trunk/main: ./
> openssl/
>
> Author: truckman
> Date: Fri Aug 19 18:28:06 2016
> New Revision: 1756954
>
> URL: http://svn.apache.org/viewvc?rev=1756954&view=rev
> Log:
> Update the bundled version of OpenSSL from 0.9.8zh to 1.0.2h which
> fixes many vulnerabiliies and adds support for newer, more secure
> ciphers and versions of the protocol.
>
> Note: OpenSSL version 1.0.2h contains two known minor vulnerabilites,
> CVE-2016-2177 and CVE-2016-2178, which will be fixed in the next
> OpenSSL release. Their potential impact is low enough that that
> various Linux distros have chosen not to apply the upstream patches
> to the versions that they distribute.
>
> On Windows, there is an optional new dependency on NASM,
> <http://www.nasm.us/>. If NASM is not available, then the C
> implementations of the low-level crypto code will be used instead
> of the optimized assembly language versions. Since OpenOffice is
> not a heavy user of this code, the impact should be minor. If NASM
> is installed, but its location is not in $PATH, the directory
> containing nasm.exe should be passed to configure using --with-nasm-
> home.
>
[ ... ]
[orcmid]
Does the NASM code do the right thing with regard to CPU model detection? It sounds like there may be dependencies on instructions that may not be on all processors for which Apache OpenOffice is supported. I am thinking in particular about processors on which Windows XP will run but Windows 7 and later will not because of hardware protection requirements and, I suspect, extended instruction sets.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org