From 389f8ff1d2cd4ae4bdb8d4669528483e175bd0b7 Mon Sep 17 00:00:00 2001 From: Hood Chatham Date: Thu, 31 Mar 2022 20:40:12 -0700 Subject: [PATCH] Update openssl to 1.1.1n (#2334) Update says: 'Security Advisory: one high severity fix' so probably a good idea to include it. --- Makefile.envs | 2 ++ packages/cryptography/meta.yaml | 4 ++-- packages/openssl/meta.yaml | 6 +++--- packages/ssl/meta.yaml | 2 +- pyodide-build/pyodide_build/buildpkg.py | 1 + 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile.envs b/Makefile.envs index c7613be92..071f5e6ce 100644 --- a/Makefile.envs +++ b/Makefile.envs @@ -35,6 +35,8 @@ export PYODIDE_BASE_URL?=./ # For packages that depend on numpy. # TODO: maybe move this somewhere else? export NUMPY_LIB=$(HOSTINSTALLDIR)/numpy-wasm-libs +export OPEN_SSL_ROOT=$(PYODIDE_ROOT)/packages/openssl/build/openssl-1.1.1n/ + # This environment variable is used for packages to detect if they are built # for pyodide during build time diff --git a/packages/cryptography/meta.yaml b/packages/cryptography/meta.yaml index 349a0fe0e..9137b4e21 100644 --- a/packages/cryptography/meta.yaml +++ b/packages/cryptography/meta.yaml @@ -7,10 +7,10 @@ source: sha256: 5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29e19bed build: cflags: | - -I$(PYODIDE_ROOT)/packages/openssl/build/openssl-1.1.1m/include/ + -I$(OPEN_SSL_ROOT)/include/ -Wno-implicit-function-declaration ldflags: | - -L$(PYODIDE_ROOT)/packages/openssl/build/openssl-1.1.1m/dist/ + -L$(OPEN_SSL_ROOT)/dist/ requirements: run: - openssl diff --git a/packages/openssl/meta.yaml b/packages/openssl/meta.yaml index acba459dc..266a3f806 100644 --- a/packages/openssl/meta.yaml +++ b/packages/openssl/meta.yaml @@ -1,10 +1,10 @@ package: name: openssl - version: 1.1.1m + version: 1.1.1n source: - url: https://www.openssl.org/source/openssl-1.1.1m.tar.gz - sha256: f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96 + url: https://www.openssl.org/source/openssl-1.1.1n.tar.gz + sha256: 40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a build: sharedlibrary: true script: | diff --git a/packages/ssl/meta.yaml b/packages/ssl/meta.yaml index 5eb600c75..5b349a739 100644 --- a/packages/ssl/meta.yaml +++ b/packages/ssl/meta.yaml @@ -10,7 +10,7 @@ build: export DISTDIR=$(pwd)/dist cd $CPYTHONBUILD emcc $STDLIB_MODULE_CFLAGS -c Modules/socketmodule.c -o Modules/socketmodule.o - emcc $STDLIB_MODULE_CFLAGS -c Modules/_ssl.c -o Modules/_ssl.o -I$PYODIDE_ROOT/packages/openssl/build/openssl-1.1.1m/include/ \ + emcc $STDLIB_MODULE_CFLAGS -c Modules/_ssl.c -o Modules/_ssl.o -I$OPEN_SSL_ROOT/include/ \ -DOPENSSL_THREADS # This declares that OPENSSL is threadsafe. We are single threaded so everything is threadsafe. emcc Modules/_ssl.o -o $DISTDIR/_ssl.so $SIDE_MODULE_LDFLAGS emcc Modules/socketmodule.o -o $DISTDIR/socketmodule.so $SIDE_MODULE_LDFLAGS diff --git a/pyodide-build/pyodide_build/buildpkg.py b/pyodide-build/pyodide_build/buildpkg.py index 400abbd45..cff182a35 100755 --- a/pyodide-build/pyodide_build/buildpkg.py +++ b/pyodide-build/pyodide_build/buildpkg.py @@ -144,6 +144,7 @@ def get_bash_runner(): "SIDE_MODULE_CFLAGS", "SIDE_MODULE_LDFLAGS", "STDLIB_MODULE_CFLAGS", + "OPEN_SSL_ROOT", ] } | {"PYODIDE": "1"} if "PYODIDE_JOBS" in os.environ: