@@ -235,7 +235,7 @@ def _extract_archives(self, archives):
235235 self .info (f'Unpacking { archive .name } ' )
236236 try :
237237 with tarfile .open (str (archive )) as tar :
238- tar .extractall (path = str (self .build_libs_dir ))
238+ tar .extractall (path = str (self .build_libs_dir ), filter = 'data' )
239239 except EOFError as error :
240240 raise DistutilsError (f'Bad { archive .name } downloaded; remove it and try again.' ) from error
241241
@@ -287,6 +287,19 @@ def _build_openssl(self, env, prefix_arg, cross_compile):
287287 openssl_dir = next (self .build_libs_dir .glob ('openssl-*' ))
288288 openssl_config_cmd = [prefix_arg , 'no-shared' , '-fPIC' , '--libdir=lib' ]
289289 if platform .machine () == 'riscv64' :
290+ # openssl(riscv64): disable ASM to avoid R_RISCV_JAL relocation failure on 3.5.2
291+ # OpenSSL 3.5.2 enables RISC-V64 AES assembly by default. When we statically
292+ # link libcrypto alongside xmlsec, the AES asm path triggers a link-time error:
293+ # relocation truncated to fit: R_RISCV_JAL against symbol `AES_set_encrypt_key'
294+ # in .../libcrypto.a(libcrypto-lib-aes-riscv64.o)
295+ # This appears to stem from a long-range jump emitted by the AES asm generator
296+ # (see aes-riscv64.pl around L1069), which can exceed the JAL reach when objects
297+ # end up far apart in the final static link.
298+ # As a pragmatic workaround, disable ASM on riscv64 (pass `no-asm`) so the
299+ # portable C implementation is used. This unblocks the build at the cost of
300+ # some crypto performance on riscv64 only.
301+ # Refs:
302+ # - https://github.com/openssl/openssl/blob/0893a62/crypto/aes/asm/aes-riscv64.pl#L1069
290303 openssl_config_cmd .append ('no-asm' )
291304 if cross_compile :
292305 openssl_config_cmd .insert (0 , './Configure' )
0 commit comments