use hobbled openssl tarball, use patch that doesnt try to touch removed srp files, resolves bz1374691

2016-09-09 11:13:22 -04:00 · 2016-09-09 11:13:22 -04:00 · da615e40fa
parent d31a567216
commit da615e40fa
5 changed files with 2179 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@
 /edk2-buildtools-r18975.tar.xz
 /edk2-20160418-a8c39ba.tar.gz
 /openssl-1.0.2g.tar.gz
+/openssl-1.0.2g-hobbled.tar.gz
--- a/EDKII_openssl-1.0.2g-no-srp.patch
+++ b/EDKII_openssl-1.0.2g-no-srp.patch
--- a/edk2.spec
+++ b/edk2.spec
@ -4,16 +4,23 @@

 Name:           edk2
 Version:        %{edk2_date}git%{edk2_githash}
-Release:        4%{dist}
+Release:        5%{dist}
 Summary:        EFI Development Kit II

 Group:          Applications/Emulators
 License:        BSD
 URL:            http://www.tianocore.org/edk2/
 Source0:        edk2-%{edk2_date}-%{edk2_githash}.tar.gz
-Source1:        https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
+# We have to remove certain patented algorithms from the openssl source
+# tarball with the hobble-openssl script which is included below.
+# The original openssl upstream tarball cannot be shipped in the .src.rpm.
+Source1:        openssl-%{openssl_version}-hobbled.tar.gz
+Source2:        hobble-openssl
 Source3:        build-iso.sh
 Source9:        update-tarball.sh
+# Version of the OpenSSL patch that does not include the removed srp.* files.
+# This is not a Patch file because we manually replace and apply it.
+Source10:       EDKII_openssl-1.0.2g-no-srp.patch

 # Debug output tweaks, not for upstream
 Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
@ -114,6 +121,9 @@ armv7 UEFI Firmware
 %setup -q -n tianocore-%{name}-%{edk2_githash}
 %autopatch -p1

+# replace upstream patch with ours
+cp %{SOURCE10} CryptoPkg/Library/OpensslLib/EDKII_openssl-%{openssl_version}.patch
+
 # add openssl
 tar -C CryptoPkg/Library/OpensslLib -xf %{SOURCE1}
 (cd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version};
@ -293,6 +303,9 @@ cp -a arm %{buildroot}/usr/share/%{name}


 %changelog
+* Fri Sep  9 2016 Tom Callaway <spot@fedoraproject.org> - 20160418gita8c39ba-5
+- replace legally problematic openssl source with "hobbled" tarball
+
 * Thu Jul 21 2016 Gerd Hoffmann <kraxel@redhat.com> - 20160418gita8c39ba-4
 - Also build for armv7.

--- a/47
+++ b/47
@ -0,0 +1,47 @@
+#!/bin/sh
+
+# Quit out if anything fails.
+set -e
+
+# Clean out patent-or-otherwise-encumbered code.
+# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
+# IDEA:  5,214,703 07/01/2012 - expired, we do not remove it anymore
+# RC5:   5,724,428 01/11/2015 - expired, we do not remove it anymore
+# EC:    ????????? ??/??/2020
+# SRP:   ????????? ??/??/20??
+
+# Remove assembler portions of IDEA, MDC2, and RC5.
+# (find crypto/rc5/asm -type f | xargs -r rm -fv)
+
+# SRP.
+for a in srp; do
+  for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
+	echo Destroying $c
+	> $c
+  done
+done
+
+for c in `find crypto/bn -name "*gf2m.c"`; do
+	echo Destroying $c
+	> $c
+done
+
+for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp22?.c" -o -name "ectest.c"`; do
+	echo Destroying $c
+	> $c
+done
+
+for h in `find crypto ssl apps test -name "*.h"` ; do
+	echo Removing SRP and EC2M references from $h
+	cat $h | \
+	awk    'BEGIN {ech=1;} \
+		/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
+                /^#[ \t]*if/ {if(ech < 1) ech--;} \
+		{if(ech>0) {;print $0};} \
+		/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
+	mv $h.hobbled $h
+done
+
+# Make the makefiles happy.
+# touch crypto/rc5/asm/rc5-586.pl
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 2ba075ea9168725aede3d43486cb4c62  edk2-20160418-a8c39ba.tar.gz
-f3c710c045cdee5fd114feb69feba7aa  openssl-1.0.2g.tar.gz
+aff2adcb97ea24b98fff2a1a0f3d8162  openssl-1.0.2g-hobbled.tar.gz