[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Thu Oct 13 00:26:55 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  d8631ebaabbf6f31bc8fe50c42e2be8c166cfc6b (commit)
       via  7b7f21cd6033fd7226690640f789d1a8fb0b33b7 (commit)
       via  0de5e4f0924d5101a02480f9b42513d28db1307e (commit)
       via  68f3b899105b5709b8d73265549c93a78e0f6e72 (commit)
      from  e4e407fe829fb474432b62b46e18f8de8e3a1729 (commit)


- Log -----------------------------------------------------------------
commit d8631ebaabbf6f31bc8fe50c42e2be8c166cfc6b
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Oct 12 17:57:10 2016 +0200

    Remove automatic RPATH - Add a CHANGES entry
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 38be1ea85515a34b3f7285134bdfc1f88082331b)

commit 7b7f21cd6033fd7226690640f789d1a8fb0b33b7
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Oct 13 00:08:55 2016 +0200

    Remove automatic RPATH - adapt shlib_wrap.sh
    
    Looking for something starting with '-Wl,-rpath,' isn't good enough,
    as someone might give something like '-Wl,--enable-new-dtags,-rpath,/PATH'.
    Looking for ',-rpath,' should be safe enough.
    
    We could remove the preloading stuff entirely, but just in case the
    user has chosen to given RPATH setting arguments at configuration,
    we'd better make sure testing will still work.  Fair warning, there
    are some configuration options that do not work with preloaded OpenSSL
    libraries, such as the sanity checking ones.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 71d8ff1a8998da20db5ab8d4024c3d155b2f6733)

commit 0de5e4f0924d5101a02480f9b42513d28db1307e
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Oct 12 17:05:35 2016 +0200

    Remove automatic RPATH - add user rpath support
    
    Make Configure recognise -rpath and -R to support user added rpaths
    for OSF1 and Solaris.  For convenience, add a variable LIBRPATH in the
    Unix Makefile, which the users can use as follows:
    
        ./config [options] -Wl,-rpath,\$(LIBRPATH)
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit fad599f7f147ee71e5581211fb654c2c8c491cd8)

commit 68f3b899105b5709b8d73265549c93a78e0f6e72
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Oct 12 17:18:11 2016 +0200

    Remove automatic RPATH
    
    Before OpenSSL 1.1.0, binaries were installed in a non-standard
    location by default, and runpath directories were therefore added in
    those binaries, to make sure the executables would be able to find the
    shared libraries they were linked with.
    
    With OpenSSL 1.1.0 and on, binaries are installed in standard
    directories by default, and the addition of runpath directories is
    therefore not needed any more.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 075f7e2c6062a33352f570eeafe3c95e41419521)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                           |  4 ++++
 Configurations/unix-Makefile.tmpl | 21 ++++++---------------
 Configure                         | 11 ++++++++++-
 Makefile.shared                   | 14 +++++++-------
 util/shlib_wrap.sh.in             |  4 ++--
 5 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3781d06..1ca9e45 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
   *)
 
+  *) Removed automatic addition of RPATH in shared libraries and executables,
+     as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
+     [Richard Levitte]
+
  Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
 
   *) Fix Use After Free for large message sizes
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 021f8c1..a11d7c1 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -153,6 +153,10 @@ LIBDIR={- #
 ENGINESDIR={- use File::Spec::Functions;
               catdir($prefix,$libdir,"engines-$sover") -}
 
+# Convenience variable for those who want to set the rpath in shared
+# libraries and applications
+LIBRPATH=$(INSTALLTOP)/$(LIBDIR)
+
 MANDIR=$(INSTALLTOP)/share/man
 DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
 HTMLDIR=$(DOCDIR)/html
@@ -173,20 +177,7 @@ LDFLAGS= {- $target{lflags} -}
 PLIB_LDFLAGS= {- $target{plib_lflags} -}
 EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
 LIB_CFLAGS={- $target{shared_cflag} || "" -}
-LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag}
-               # Unlike other OSes (like Solaris, Linux, Tru64,
-               # IRIX) BSD run-time linkers (tested OpenBSD, NetBSD
-               # and FreeBSD) "demand" RPATH set on .so objects.
-               # Apparently application RPATH is not global and
-               # does not apply to .so linked with other .so.
-               # Problem manifests itself when libssl.so fails to
-               # load libcrypto.so. One can argue that we should
-               # engrave this into Makefile.shared rules or into
-               # BSD-* config lines above. Meanwhile let's try to
-               # be cautious and pass -rpath to linker only when
-               # $prefix is not /usr.
-               . ($config{target} =~ m|^BSD-| && $prefix !~ m|^/usr/.*$|
-                  ? " -Wl,-rpath,\$\$(LIBRPATH)" : "") -}
+LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag} -}
 DSO_CFLAGS={- $target{shared_cflag} || "" -}
 DSO_LDFLAGS=$(LIB_LDFLAGS)
 BIN_CFLAGS={- $target{bin_cflags} -}
@@ -1077,7 +1068,7 @@ $bin$exeext: $objs $deps
 		APPNAME=$bin$exeext OBJECTS="$objs" \\
 		LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\
 		CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\
-		LDFLAGS='\$(LDFLAGS)' LIBRPATH='\$(INSTALLTOP)/\$(LIBDIR)' \\
+		LDFLAGS='\$(LDFLAGS)' \\
 		link_app.$shlib_target
 EOF
   }
diff --git a/Configure b/Configure
index 04efe67..c9ac097 100755
--- a/Configure
+++ b/Configure
@@ -540,8 +540,9 @@ $config{build_type} = "release";
 
 my %unsupported_options = ();
 my %deprecated_options = ();
-foreach (@argvcopy)
+while (@argvcopy)
 	{
+	$_ = shift @argvcopy;
 	# VMS is a case insensitive environment, and depending on settings
 	# out of our control, we may receive options uppercased.  Let's
 	# downcase at least the part before any equal sign.
@@ -728,6 +729,14 @@ foreach (@argvcopy)
 			{
 			$libs.=$_." ";
 			}
+		elsif (/^-rpath$/ or /^-R$/)
+			# -rpath is the OSF1 rpath flag
+			# -R is the old Solaris rpath flag
+			{
+			my $rpath = shift(@argvcopy) || "";
+			$rpath .= " " if $rpath ne "";
+			$libs.=$_." ".$rpath;
+			}
 		elsif (/^-static$/)
 			{
 			$libs.=$_." ";
diff --git a/Makefile.shared b/Makefile.shared
index 77dae6e..e82ed1d 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -176,7 +176,7 @@ DO_GNU_SO=\
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
 	$(DO_GNU_SO_COMMON)
-DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
 
 #This is rather special.  It's a special target with which one can link
 #applications without bothering with any features that have anything to
@@ -220,7 +220,7 @@ link_shlib.bsd:
 	fi; $(LINK_SO_SHLIB)
 link_app.bsd:
 	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
-	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBPATH)"; \
+	LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
 	fi; $(LINK_APP)
 
 # For Darwin AKA Mac OS/X (dyld)
@@ -352,7 +352,7 @@ link_app.alpha-osf1:
 	@if $(DETECT_GNU_LD); then \
 		$(DO_GNU_APP); \
 	else \
-		LDFLAGS="$(CFLAGS) $(LDFLAGS) -rpath $(LIBRPATH)"; \
+		LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
 	fi; \
 	$(LINK_APP)
 
@@ -385,7 +385,7 @@ link_app.solaris:
 	@ if $(DETECT_GNU_LD); then \
 		$(DO_GNU_APP); \
 	else \
-		LDFLAGS="$(CFLAGS) $(LDFLAGS) -R $(LIBRPATH)"; \
+		LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
 	fi; \
 	$(LINK_APP)
 
@@ -476,7 +476,7 @@ link_shlib.irix:
 	fi; \
 	$(LINK_SO_SHLIB)
 link_app.irix:
-	@LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
+	@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
 	$(LINK_APP)
 
 # 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
@@ -514,7 +514,7 @@ link_shlib.hpux:
 	$(LINK_SO_SHLIB) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
 link_app.hpux:
 	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
-	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
+	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
 	fi; \
 	$(LINK_APP)
 
@@ -540,7 +540,7 @@ link_shlib.aix:
 	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
 	$(LINK_SO_SHLIB_VIA_O)
 link_app.aix:
-	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+	LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
 	$(LINK_APP)
 
 
diff --git a/util/shlib_wrap.sh.in b/util/shlib_wrap.sh.in
index eff1141..27a1e51 100755
--- a/util/shlib_wrap.sh.in
+++ b/util/shlib_wrap.sh.in
@@ -81,7 +81,7 @@ SunOS|IRIX*)
 	;;
 esac
 
-{- output_off() if $config{ex_libs} !~ /(^|\s)-Wl,-rpath,/; ""; -}
+{- output_off() if $config{ex_libs} !~ /,-rpath,/; ""; -}
 if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
 	# Following three lines are major excuse for isolating them into
 	# this wrapper script. Original reason for setting LD_PRELOAD
@@ -97,7 +97,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
 	DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO"	# MacOS X
 	export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
 fi
-{- output_on() if $config{ex_libs} !~ /(^|\s)-Wl,-rpath,/; ""; -}
+{- output_on() if $config{ex_libs} !~ /,-rpath,/; ""; -}
 
 cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}"
 shift


More information about the openssl-commits mailing list