diff --git a/_versions.sh b/_versions.sh index f23e2250b..24f3320fe 100755 --- a/_versions.sh +++ b/_versions.sh @@ -50,8 +50,8 @@ export OPENSSL_VER_='3.2.1' export OPENSSL_HASH=83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39 export BORINGSSL_VER_='4fe29ebc759e482891e96fc4170eb3db26c0bc13' export BORINGSSL_HASH=6c6ffd273a9bda604d619e8c82d5573258e805ce5cb25fe96bd89d510a312685 -export LIBRESSL_VER_='3.8.3' -export LIBRESSL_HASH=a65f40e3ef6e3c9451c8318e6f2c454c367e67f09c0cde1849731a4d6ecc7272 +export LIBRESSL_VER_='3.8.2' +export LIBRESSL_HASH=6d4b8d5bbb25a1f8336639e56ec5088052d43a95256697a85c4ce91323c25954 export ZLIBNG_VER_='2.1.6' export ZLIBNG_HASH=a5d504c0d52e2e2721e7e7d86988dec2e290d723ced2307145dedd06aeb6fef2 export ZLIB_VER_='1.3.1' diff --git a/libressl-cmake.sh b/libressl-cmake.sh index f2b9b5fd0..84b22d805 100755 --- a/libressl-cmake.sh +++ b/libressl-cmake.sh @@ -20,11 +20,18 @@ _VER="$1" CFLAGS="-ffile-prefix-map=$(pwd)=" CPPFLAGS='' - # FIXME upstream: debug options are permanently force-enabled. [FIX MERGED THEN LOST] + # FIXME upstream: debug options are permanently force-enabled. [FIX MERGED] if [[ "${_CONFIG}" != *'debug'* ]]; then CPPFLAGS+=' -DNDEBUG' fi + if [ "${LIBRESSL_VER_}" = '3.8.2' ]; then + # LibreSSL (as of v3.8.2) hangs with ASM enabled on Windows ARM64. + if [ "${_OS}" = 'win' ] && [ "${_CPU}" = 'a64' ]; then + options+=' -DENABLE_ASM=OFF' + fi + fi + if [ "${_CC}" = 'llvm' ]; then CFLAGS+=' -Wa,--noexecstack' else @@ -36,10 +43,17 @@ _VER="$1" if [ "${_OS}" = 'mac' ]; then CPPFLAGS+=' -Dglobl=private_extern' # make assembly symbols hidden - # Workaround for mis-detecting 'strtonum' successfully despite targeting - # older OS version, then using it. - if [ "${_OSVER}" -lt '1100' ]; then - options+=' -DHAVE_STRTONUM=0' + # Syncs behaviour with autotools on next version: https://github.com/libressl/portable/pull/963 + if [ "${LIBRESSL_VER_}" = '3.8.2' ]; then + if [ "${_OSVER}" -ge '1100' ]; then + options+=' -DHAVE_STRTONUM=1' + fi + else + # Workaround for mis-detecting 'strtonum' successfully despite targeting + # older OS version, then using it. + if [ "${_OSVER}" -lt '1100' ]; then + options+=' -DHAVE_STRTONUM=0' + fi fi elif [ "${_OS}" = 'linux' ] && [ "${_CPU}" = 'x64' ]; then # Add a `.hidden ` next to each `.globl ` one: @@ -61,9 +75,20 @@ _VER="$1" options+=' -DHAVE_SYS_TYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STDDEF_H=1' fi + if [ "${LIBRESSL_VER_}" = '3.8.2' ]; then + # We might prefer passing the triplet as-is, but as of LibreSSL v3.8.2, + # a triplet does not work in all cases due to the use of `STREQUAL`. + [ "${_CPU}" = 'x86' ] && cpu='x86' + [ "${_CPU}" = 'x64' ] && cpu='x86_64' + [ "${_CPU}" = 'a64' ] && cpu='aarch64' + [ "${_CPU}" = 'r64' ] && cpu='riscv64' + else + cpu="${_TRIPLET}" + fi + # shellcheck disable=SC2086 cmake -B "${_BLDDIR}" ${_CMAKE_GLOBAL} ${options} \ - "-DCMAKE_SYSTEM_PROCESSOR=${_TRIPLET}" \ + "-DCMAKE_SYSTEM_PROCESSOR=${cpu}" \ '-DBUILD_SHARED_LIBS=OFF' \ '-DLIBRESSL_APPS=OFF' \ '-DLIBRESSL_TESTS=OFF' \ diff --git a/libressl-pkg.sh b/libressl-pkg.sh index 4ba22fb44..2f73f4a84 100755 --- a/libressl-pkg.sh +++ b/libressl-pkg.sh @@ -3,13 +3,18 @@ # Copyright (C) Viktor Szakats. See LICENSE.md # SPDX-License-Identifier: MIT -# Caveats (as of 3.9.0): -# - CMake builds override -NDEBUG and do not allow building with this option. [FIX MERGED THEN LOST] https://github.com/libressl/portable/pull/988 +# Caveats (as of 3.8.2): +# - ARM64 Windows builds exit with an assert and hang with asserts disabled. [FIX MERGED] +# - CMake builds override -NDEBUG and do not allow building with this option. [FIX MERGED] # - ASM support only for x64. +# - ASM missing Intel CET support, resulting in linker warnings: +# ld.lld-17: warning: libressl/_x64-linux-gnu/usr/lib/libcrypto.a(cpuid-elf-x86_64.S.o): -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_IBT property +# ld.lld-17: warning: libressl/_x64-linux-gnu/usr/lib/libcrypto.a(cpuid-elf-x86_64.S.o): -z cet-report: file does not have GNU_PROPERTY_X86_FEATURE_1_SHSTK property +# https://github.com/curl/curl-for-win/actions/runs/7159857921/job/19493575609#step:3:11146 # - Not possible to hide most ASM symbols from shared lib exports in Linux, macOS. # https://github.com/libressl/portable/issues/957 # Local patch exists for this, or ASM can be disabled. -# - Non-namespaced functions are defined and exported from libcrypto. [FIXED IN 3.9.0?] +# - Non-namespaced functions are defined and exported from libcrypto. [fix pending] # This causes a list of issues, from mis-detection, mis-use, unhidden # export from shared lib. Mostly affects macOS. # https://github.com/libressl/portable/issues/928