From b12d226fad5d6f27dcab3e9b5aa2af25ad4f9f6a Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Fri, 30 Jan 2026 09:43:15 +0100 Subject: [PATCH 1/6] libs::openssl: fix configuration options Fix the handling of feature configuration options introduced with ebadfc59. As hyphens are not allowed in environment variables they use underscores, but we need to pass the options using hyphens, otherwise Configure fails. --- recipes/libs/openssl.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/recipes/libs/openssl.yaml b/recipes/libs/openssl.yaml index e7bd28fe..6790324b 100644 --- a/recipes/libs/openssl.yaml +++ b/recipes/libs/openssl.yaml @@ -553,13 +553,13 @@ buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_sm2, OPENSSL_no_sm3, OPENSSL_no_sm4, OPENSSL_no_whirlpool] buildSetup: | collect_options () { - local prefix="$1" + local prefix="OPENSSL_$1" local result="" while IFS='=' read -r name value; do - if [[ "$name" == ${prefix}* && "${value}" == "1" ]]; + if [[ "$name" == OPENSSL_${prefix}* && "${value}" == "1" ]]; then - result+="${name#${prefix}} " + result+="$1-${name#$prefix} " fi done < <(env) @@ -622,8 +622,8 @@ buildScript: | --libdir=lib \ "${SHARED_STATIC[@]}" \ "threads" \ - $(collect_options "OPENSSL_no") \ - $(collect_options "OPENSSL_enable") \ + $(collect_options "no") \ + $(collect_options "enable") \ "-I${BOB_DEP_PATHS[libs::zlib-dev]}/usr/include" \ "-Wl,-L${BOB_DEP_PATHS[libs::zlib-dev]}/usr/lib" \ "-Wl,-rpath-link=${BOB_DEP_PATHS[libs::zlib-dev]}/usr/lib" \ From cf4b419fad1b246ee39b88637223c7c32e6def46 Mon Sep 17 00:00:00 2001 From: Ralf Hubert Date: Fri, 30 Jan 2026 10:00:48 +0100 Subject: [PATCH 2/6] libs/openssl: bump to 3.5.5 --- recipes/libs/openssl.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes/libs/openssl.yaml b/recipes/libs/openssl.yaml index 6790324b..9df766e0 100644 --- a/recipes/libs/openssl.yaml +++ b/recipes/libs/openssl.yaml @@ -2,7 +2,7 @@ inherit: [cpackage, make, install, patch] metaEnvironment: PKG_LICENSE: "Apache-2.0" - PKG_VERSION: "3.5.4" + PKG_VERSION: "3.5.5" depends: - libs::zlib-dev @@ -20,7 +20,7 @@ depends: checkoutSCM: scm: url url: https://www.openssl.org/source/openssl-${PKG_VERSION}.tar.gz - digestSHA256: 967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99 + digestSHA256: b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89 stripComponents: 1 checkoutDeterministic: True From 4189cd628ecdc850e91fe8c934b9a3793d890b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Fri, 30 Jan 2026 21:17:20 +0100 Subject: [PATCH 3/6] libs::openssl: fix option parsing Most options are exclusively using hyphens as word separators. There are some options that need special treatment, though. While at it, simplify the loop a bit and use an array for the return string. --- recipes/libs/openssl.yaml | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/recipes/libs/openssl.yaml b/recipes/libs/openssl.yaml index 9df766e0..aad285af 100644 --- a/recipes/libs/openssl.yaml +++ b/recipes/libs/openssl.yaml @@ -552,19 +552,34 @@ buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_scrypt, OPENSSL_no_seed, OPENSSL_no_siphash, OPENSSL_no_siv, OPENSSL_no_sm2, OPENSSL_no_sm3, OPENSSL_no_sm4, OPENSSL_no_whirlpool] buildSetup: | - collect_options () { - local prefix="OPENSSL_$1" - local result="" + declare -A SPECIAL_OPTIONS=( + ["enable_buildtest_cpp"]="enable-buildtest-c++" + ["enable_ec_nistp_64_gcc_128"]="enable-ec_nistp_64_gcc_128" + ["no_tls1_1"]="no-tls1_1" + ["no_tls1_2"]="no-tls1_2" + ["no_tls1_3"]="no-tls1_3" + ["no_dtls1_2"]="no-dtls1_2" + ) - while IFS='=' read -r name value; do - if [[ "$name" == OPENSSL_${prefix}* && "${value}" == "1" ]]; - then - result+="$1-${name#$prefix} " - fi - done < <(env) + collect_options() + { + declare -a result=() - echo "${result%" "}" + for name in $(compgen -e "OPENSSL_$1") ; do + if [[ "${!name}" == "1" ]]; then + name="${name#OPENSSL_}" + if [[ ${SPECIAL_OPTIONS[$name]+set} ]] ; then + name="${SPECIAL_OPTIONS[$name]}" + else + name="${name//_/-}" + fi + result+=( "$name" ) + fi + done + + IFS=" " echo "${result[*]}" } + buildScript: | mkdir -p install build pushd build From ae8286f3b46a658c841feed127f48bd8d2ad406d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Fri, 30 Jan 2026 21:58:56 +0100 Subject: [PATCH 4/6] libs::openssl: fix zstd option The option must be called "enable-zstd". Otherwise it is not picked up by the configuration option parsing. --- recipes/libs/openssl.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes/libs/openssl.yaml b/recipes/libs/openssl.yaml index aad285af..d34328ec 100644 --- a/recipes/libs/openssl.yaml +++ b/recipes/libs/openssl.yaml @@ -10,7 +10,7 @@ depends: depends: - libs::zlib-tgt - - if: "${OPENSSL_zstd:-False}" + - if: "${OPENSSL_enable_zstd}" depends: - libs::zstd-dev - use: [] @@ -350,7 +350,7 @@ Config: type: bool default: False help: Build support for SSL/TLS ciphers that are considered "weak" - OPENSSL_zstd: + OPENSSL_enable_zstd: type: bool default: False help: Build with support for Zstd compression/decompression. @@ -540,7 +540,7 @@ buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_tests, OPENSSL_enable_tfo, OPENSSL_no_quic, OPENSSL_no_threads, OPENSSL_threads, OPENSSL_no_thread_pool, OPENSSL_enable_trace, OPENSSL_no_ts, OPENSSL_no_ui_console, OPENSSL_enable_unit_test, - OPENSSL_no_uplink, OPENSSL_enable_weak_ssl_ciphers, OPENSSL_no_ssl, + OPENSSL_no_uplink, OPENSSL_enable_weak_ssl_ciphers, OPENSSL_enable_zstd, OPENSSL_no_ssl, OPENSSL_no_ssl3, OPENSSL_no_tls, OPENSSL_no_tls1, OPENSSL_no_tls1_1, OPENSSL_no_tls1_2, OPENSSL_no_tls1_3, OPENSSL_no_dtls, OPENSSL_no_dtls1, OPENSSL_no_dtls1_2, OPENSSL_no_integrity_only_ciphers, OPENSSL_enable_md2, From 4e4cec1355892b05619329ebba4a34539031ffc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Fri, 30 Jan 2026 22:08:32 +0100 Subject: [PATCH 5/6] libs::openssl: remove inert option Options without "no" or "enable" prefix are not picked up. --- recipes/libs/openssl.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/recipes/libs/openssl.yaml b/recipes/libs/openssl.yaml index d34328ec..1b1cc845 100644 --- a/recipes/libs/openssl.yaml +++ b/recipes/libs/openssl.yaml @@ -318,10 +318,6 @@ Config: type: bool default: False help: Don't build with support for multi_threaded applications. - OPENSSL_threads: - type: bool - default: False - help: Build with support for multi_threaded applications. OPENSSL_no_thread_pool: type: bool default: False @@ -538,7 +534,7 @@ buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_sm2_precomp, OPENSSL_no_sock, OPENSSL_no_srp, OPENSSL_no_srtp, OPENSSL_no_sse2, OPENSSL_no_ssl_trace, OPENSSL_no_static_engine, OPENSSL_no_tests, OPENSSL_enable_tfo, OPENSSL_no_quic, OPENSSL_no_threads, - OPENSSL_threads, OPENSSL_no_thread_pool, OPENSSL_enable_trace, + OPENSSL_no_thread_pool, OPENSSL_enable_trace, OPENSSL_no_ts, OPENSSL_no_ui_console, OPENSSL_enable_unit_test, OPENSSL_no_uplink, OPENSSL_enable_weak_ssl_ciphers, OPENSSL_enable_zstd, OPENSSL_no_ssl, OPENSSL_no_ssl3, OPENSSL_no_tls, OPENSSL_no_tls1, OPENSSL_no_tls1_1, From d422d9106b4d84775cd90b7e1094f46d9280efbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Fri, 30 Jan 2026 22:10:25 +0100 Subject: [PATCH 6/6] libs::openssl: unconditionally disable tests ands docs We don't support that in any other packages either. --- recipes/libs/openssl.yaml | 38 +++++--------------------------------- 1 file changed, 5 insertions(+), 33 deletions(-) diff --git a/recipes/libs/openssl.yaml b/recipes/libs/openssl.yaml index 1b1cc845..d8b221e6 100644 --- a/recipes/libs/openssl.yaml +++ b/recipes/libs/openssl.yaml @@ -38,16 +38,6 @@ Config: type: bool default: False help: Build with Kernel TLS support. - OPENSSL_enable_asan: - type: bool - default: False - help: Build with the Address sanitiser. - OPENSSL_enable_acvp_tests: - type: bool - default: False - help: <- - Build support for Automated Cryptographic Validation Protocol (ACVP) - tests. OPENSSL_no_apps: type: bool default: False @@ -84,12 +74,6 @@ Config: type: bool default: False help: Don't automatically load the default `openssl.cnf` file. - OPENSSL_enable_buildtest_cpp: - type: bool - default: False - help: <- - While testing, generate C++ buildtest files that simply check that the public - OpenSSL header files are usable standalone with C++. OPENSSL_no_capieng: type: bool default: False @@ -123,10 +107,6 @@ Config: type: bool default: False help: Don't build support for datagram based BIOs. - OPENSSL_no_docs: - type: bool - default: False - help: Don't build and install documentation, i.e. manual pages in various forms. OPENSSL_no_dso: type: bool default: False @@ -300,10 +280,6 @@ Config: type: bool default: False help: Don't build the statically linked engines. - OPENSSL_no_tests: - type: bool - default: False - help: Don't build test programs or run any tests. OPENSSL_enable_tfo: type: bool default: False @@ -334,10 +310,6 @@ Config: type: bool default: False help: Don't build with the User Interface (UI) console method - OPENSSL_enable_unit_test: - type: bool - default: False - help: Enable additional unit test APIs. OPENSSL_no_uplink: type: bool default: False @@ -515,10 +487,10 @@ buildTools: [target-toolchain] buildToolsWeak: [perl] buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_afalgeng, OPENSSL_enable_ktls, OPENSSL_enable_asan, - OPENSSL_enable_acvp_tests, OPENSSL_no_apps, OPENSSL_no_async, + OPENSSL_no_apps, OPENSSL_no_async, OPENSSL_no_atexit, OPENSSL_no_autoalginit, OPENSSL_no_autoerrinit, OPENSSL_enable_brotli, OPENSSL_enable_brotli_dynamic, - OPENSSL_no_autoload_config, OPENSSL_enable_buildtest_cpp, + OPENSSL_no_autoload_config, OPENSSL_no_capieng, OPENSSL_no_cmp, OPENSSL_no_cms, OPENSSL_no_comp, OPENSSL_no_ct, OPENSSL_no_deprecated, OPENSSL_no_dgram, OPENSSL_no_docs, OPENSSL_no_dso, OPENSSL_enable_devcryptoeng, OPENSSL_no_dynamic_engine, @@ -533,9 +505,9 @@ buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_rdrand, OPENSSL_no_rfc3779, OPENSSL_sctp, OPENSSL_no_slh_dsa, OPENSSL_no_sm2_precomp, OPENSSL_no_sock, OPENSSL_no_srp, OPENSSL_no_srtp, OPENSSL_no_sse2, OPENSSL_no_ssl_trace, OPENSSL_no_static_engine, - OPENSSL_no_tests, OPENSSL_enable_tfo, OPENSSL_no_quic, OPENSSL_no_threads, + OPENSSL_enable_tfo, OPENSSL_no_quic, OPENSSL_no_threads, OPENSSL_no_thread_pool, OPENSSL_enable_trace, - OPENSSL_no_ts, OPENSSL_no_ui_console, OPENSSL_enable_unit_test, + OPENSSL_no_ts, OPENSSL_no_ui_console, OPENSSL_no_uplink, OPENSSL_enable_weak_ssl_ciphers, OPENSSL_enable_zstd, OPENSSL_no_ssl, OPENSSL_no_ssl3, OPENSSL_no_tls, OPENSSL_no_tls1, OPENSSL_no_tls1_1, OPENSSL_no_tls1_2, OPENSSL_no_tls1_3, OPENSSL_no_dtls, OPENSSL_no_dtls1, @@ -549,7 +521,6 @@ buildVars: [CC, AR, RANLIB, ARCH, AUTOCONF_HOST, OPENSSL_no_sm2, OPENSSL_no_sm3, OPENSSL_no_sm4, OPENSSL_no_whirlpool] buildSetup: | declare -A SPECIAL_OPTIONS=( - ["enable_buildtest_cpp"]="enable-buildtest-c++" ["enable_ec_nistp_64_gcc_128"]="enable-ec_nistp_64_gcc_128" ["no_tls1_1"]="no-tls1_1" ["no_tls1_2"]="no-tls1_2" @@ -633,6 +604,7 @@ buildScript: | --libdir=lib \ "${SHARED_STATIC[@]}" \ "threads" \ + no-tests no-docs \ $(collect_options "no") \ $(collect_options "enable") \ "-I${BOB_DEP_PATHS[libs::zlib-dev]}/usr/include" \