backports/openssl1.1-compat: new aport
This commit is contained in:
parent
2b18c58e1f
commit
9c726f38c4
3 changed files with 327 additions and 0 deletions
177
backports/openssl1.1-compat/APKBUILD
Normal file
177
backports/openssl1.1-compat/APKBUILD
Normal file
|
@ -0,0 +1,177 @@
|
||||||
|
# Contributor: Ariadne Conill <ariadne@dereferenced.org>
|
||||||
|
# Maintainer: Timo Teras <timo.teras@iki.fi>
|
||||||
|
pkgname=openssl1.1-compat
|
||||||
|
pkgver=1.1.1w
|
||||||
|
_abiver=${pkgver%.*}
|
||||||
|
pkgrel=0
|
||||||
|
pkgdesc="toolkit for transport layer security (TLS) - version 1.1"
|
||||||
|
url="https://www.openssl.org/"
|
||||||
|
arch="all"
|
||||||
|
license="OpenSSL"
|
||||||
|
replaces="libressl"
|
||||||
|
depends_dev="!openssl-dev"
|
||||||
|
makedepends_build="perl"
|
||||||
|
makedepends_host="linux-headers"
|
||||||
|
makedepends="$makedepends_host $makedepends_build"
|
||||||
|
subpackages="$pkgname-dbg $pkgname-libs-static:_static $pkgname-dev
|
||||||
|
libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
|
||||||
|
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
|
||||||
|
man-section.patch
|
||||||
|
ppc64.patch
|
||||||
|
"
|
||||||
|
builddir="$srcdir/openssl-$pkgver"
|
||||||
|
pcprefix="openssl$_abiver:pc:"
|
||||||
|
|
||||||
|
# secfixes:
|
||||||
|
# 1.1.1u-r1:
|
||||||
|
# - CVE-2023-3446
|
||||||
|
# 1.1.1t-r2:
|
||||||
|
# - CVE-2023-0465
|
||||||
|
# 1.1.1t-r1:
|
||||||
|
# - CVE-2023-0464
|
||||||
|
# 1.1.1t-r0:
|
||||||
|
# - CVE-2022-4304
|
||||||
|
# - CVE-2022-4450
|
||||||
|
# - CVE-2023-0215
|
||||||
|
# - CVE-2023-0286
|
||||||
|
# 1.1.1q-r0:
|
||||||
|
# - CVE-2022-2097
|
||||||
|
# 1.1.1n-r0:
|
||||||
|
# - CVE-2022-0778
|
||||||
|
# 1.1.1l-r0:
|
||||||
|
# - CVE-2021-3711
|
||||||
|
# - CVE-2021-3712
|
||||||
|
# 1.1.1k-r0:
|
||||||
|
# - CVE-2021-3449
|
||||||
|
# - CVE-2021-3450
|
||||||
|
# 1.1.1j-r0:
|
||||||
|
# - CVE-2021-23841
|
||||||
|
# - CVE-2021-23840
|
||||||
|
# - CVE-2021-23839
|
||||||
|
# 1.1.1i-r0:
|
||||||
|
# - CVE-2020-1971
|
||||||
|
# 1.1.1g-r0:
|
||||||
|
# - CVE-2020-1967
|
||||||
|
# 1.1.1d-r3:
|
||||||
|
# - CVE-2019-1551
|
||||||
|
# 1.1.1d-r1:
|
||||||
|
# - CVE-2019-1547
|
||||||
|
# - CVE-2019-1549
|
||||||
|
# - CVE-2019-1563
|
||||||
|
# 1.1.1b-r1:
|
||||||
|
# - CVE-2019-1543
|
||||||
|
# 1.1.1a-r0:
|
||||||
|
# - CVE-2018-0734
|
||||||
|
# - CVE-2018-0735
|
||||||
|
# 0:
|
||||||
|
# - CVE-2022-1292
|
||||||
|
# - CVE-2022-2068
|
||||||
|
|
||||||
|
build() {
|
||||||
|
local _target _optflags
|
||||||
|
|
||||||
|
# openssl will prepend crosscompile always core CC et al
|
||||||
|
CC=${CC#${CROSS_COMPILE}}
|
||||||
|
CXX=${CXX#${CROSS_COMPILE}}
|
||||||
|
CPP=${CPP#${CROSS_COMPILE}}
|
||||||
|
|
||||||
|
# determine target OS for openssl
|
||||||
|
case "$CARCH" in
|
||||||
|
aarch64*) _target="linux-aarch64" ;;
|
||||||
|
arm*) _target="linux-armv4" ;;
|
||||||
|
mips64*) _target="linux64-mips64" ;;
|
||||||
|
# explicit _optflags is needed to prevent automatic -mips3 addition
|
||||||
|
mips*) _target="linux-mips32"; _optflags="-mips32" ;;
|
||||||
|
ppc) _target="linux-ppc" ;;
|
||||||
|
ppc64) _target="linux-ppc64" ;;
|
||||||
|
ppc64le) _target="linux-ppc64le" ;;
|
||||||
|
x86) _target="linux-elf" ;;
|
||||||
|
x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
|
||||||
|
s390x) _target="linux64-s390x";;
|
||||||
|
riscv64) _target="linux-generic64";;
|
||||||
|
*) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Configure assumes --options are for it, so can't use
|
||||||
|
# gcc's --sysroot fake this by overriding CC
|
||||||
|
[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT"
|
||||||
|
|
||||||
|
# when cross building do not enable threads as libatomic is not avaiable
|
||||||
|
if [ "$CBUILD" != "$CHOST" ]; then
|
||||||
|
case $CARCH in
|
||||||
|
riscv64) _optflags="$_optflags no-threads";;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
perl ./Configure \
|
||||||
|
$_target \
|
||||||
|
--prefix=/usr \
|
||||||
|
--libdir=lib \
|
||||||
|
--openssldir=/etc/ssl1.1 \
|
||||||
|
shared \
|
||||||
|
no-zlib \
|
||||||
|
no-async \
|
||||||
|
no-comp \
|
||||||
|
no-idea \
|
||||||
|
no-mdc2 \
|
||||||
|
no-rc5 \
|
||||||
|
no-ec2m \
|
||||||
|
no-sm2 \
|
||||||
|
no-sm4 \
|
||||||
|
no-ssl2 \
|
||||||
|
no-ssl3 \
|
||||||
|
no-seed \
|
||||||
|
no-weak-ssl-ciphers \
|
||||||
|
$_optflags \
|
||||||
|
$CPPFLAGS \
|
||||||
|
$CFLAGS \
|
||||||
|
$LDFLAGS -Wa,--noexecstack
|
||||||
|
make
|
||||||
|
}
|
||||||
|
|
||||||
|
check() {
|
||||||
|
# AFALG tests have a sporadic test failure, just delete the broken
|
||||||
|
# test for now.
|
||||||
|
rm -f test/recipes/30-test_afalg.t
|
||||||
|
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
package() {
|
||||||
|
make DESTDIR="$pkgdir" install_sw install_ssldirs
|
||||||
|
# remove the script c_rehash
|
||||||
|
rm "$pkgdir"/usr/bin/c_rehash
|
||||||
|
mv -f "$pkgdir"/usr/bin/openssl "$pkgdir"/usr/bin/openssl$_abiver
|
||||||
|
}
|
||||||
|
|
||||||
|
_libcrypto() {
|
||||||
|
pkgdesc="Crypto library from openssl"
|
||||||
|
replaces="libressl2.7-libcrypto"
|
||||||
|
mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
|
||||||
|
mv "$pkgdir"/etc "$subpkgdir"/
|
||||||
|
for i in "$pkgdir"/usr/lib/libcrypto*; do
|
||||||
|
mv $i "$subpkgdir"/lib/
|
||||||
|
ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
|
||||||
|
done
|
||||||
|
mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/
|
||||||
|
}
|
||||||
|
|
||||||
|
_libssl() {
|
||||||
|
pkgdesc="SSL shared libraries"
|
||||||
|
|
||||||
|
mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
|
||||||
|
for i in "$pkgdir"/usr/lib/libssl*; do
|
||||||
|
mv $i "$subpkgdir"/lib/
|
||||||
|
ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
_static() {
|
||||||
|
default_static
|
||||||
|
}
|
||||||
|
|
||||||
|
sha512sums="
|
||||||
|
b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d openssl-1.1.1w.tar.gz
|
||||||
|
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch
|
||||||
|
e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch
|
||||||
|
"
|
54
backports/openssl1.1-compat/man-section.patch
Normal file
54
backports/openssl1.1-compat/man-section.patch
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
|
||||||
|
Date: Sun, 5 Nov 2017 15:09:09 +0100
|
||||||
|
Subject: man-section
|
||||||
|
|
||||||
|
---
|
||||||
|
Configurations/unix-Makefile.tmpl | 6 ++++--
|
||||||
|
util/process_docs.pl | 3 ++-
|
||||||
|
2 files changed, 6 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
|
||||||
|
index 1292053546f5..c034d21884d8 100644
|
||||||
|
--- a/Configurations/unix-Makefile.tmpl
|
||||||
|
+++ b/Configurations/unix-Makefile.tmpl
|
||||||
|
@@ -183,7 +183,8 @@ HTMLDIR=$(DOCDIR)/html
|
||||||
|
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
|
||||||
|
# appended after the manpage file section number. "ssl" is popular,
|
||||||
|
# resulting in files such as config.5ssl rather than config.5.
|
||||||
|
-MANSUFFIX=
|
||||||
|
+MANSUFFIX=ssl
|
||||||
|
+MANSECTION=SSL
|
||||||
|
HTMLSUFFIX=html
|
||||||
|
|
||||||
|
# For "optional" echo messages, to get "real" silence
|
||||||
|
@@ -726,7 +727,8 @@ uninstall_runtime: uninstall_programs uninstall_runtime_libs
|
||||||
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
|
@$(ECHO) "*** Installing manpages"
|
||||||
|
$(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
- "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
|
||||||
|
+ "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) \
|
||||||
|
+ --mansection=$(MANSECTION)
|
||||||
|
|
||||||
|
uninstall_man_docs:
|
||||||
|
@$(ECHO) "*** Uninstalling manpages"
|
||||||
|
diff --git a/util/process_docs.pl b/util/process_docs.pl
|
||||||
|
index 30b149eb8fcc..424155ea808e 100755
|
||||||
|
--- a/util/process_docs.pl
|
||||||
|
+++ b/util/process_docs.pl
|
||||||
|
@@ -37,6 +37,7 @@ GetOptions(\%options,
|
||||||
|
'type=s', # The result type, 'man' or 'html'
|
||||||
|
'suffix:s', # Suffix to add to the extension.
|
||||||
|
# Only used with type=man
|
||||||
|
+ 'mansection:s', # Section to put to manpage in
|
||||||
|
'remove', # To remove files rather than writing them
|
||||||
|
'dry-run|n', # Only output file names on STDOUT
|
||||||
|
'debug|D+',
|
||||||
|
@@ -97,7 +98,7 @@ foreach my $section (sort @{$options{section}}) {
|
||||||
|
my $name = uc $podname;
|
||||||
|
my $suffix = { man => ".$podinfo{section}".($options{suffix} // ""),
|
||||||
|
html => ".html" } -> {$options{type}};
|
||||||
|
- my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
|
||||||
|
+ my $generate = { man => "pod2man --name=$name --section=$podinfo{section}$options{mansection} --center=OpenSSL --release=$config{version} \"$podpath\"",
|
||||||
|
html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet"
|
||||||
|
} -> {$options{type}};
|
||||||
|
my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
|
96
backports/openssl1.1-compat/ppc64.patch
Normal file
96
backports/openssl1.1-compat/ppc64.patch
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
From 34ab13b7d8e3e723adb60be8142e38b7c9cd382a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andy Polyakov <appro@openssl.org>
|
||||||
|
Date: Sun, 5 May 2019 18:25:50 +0200
|
||||||
|
Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This is a big endian ELFv2 configuration. ELFv2 was already being
|
||||||
|
used for little endian, and big endian was traditionally ELFv1
|
||||||
|
but there are practical configurations that use ELFv2 with big
|
||||||
|
endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.)
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
||||||
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/8883)
|
||||||
|
---
|
||||||
|
crypto/perlasm/ppc-xlate.pl | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
|
||||||
|
index e52f2f6ea62..5fcd0526dff 100755
|
||||||
|
--- a/crypto/perlasm/ppc-xlate.pl
|
||||||
|
+++ b/crypto/perlasm/ppc-xlate.pl
|
||||||
|
@@ -49,7 +49,7 @@
|
||||||
|
/osx/ && do { $name = "_$name";
|
||||||
|
last;
|
||||||
|
};
|
||||||
|
- /linux.*(32|64le)/
|
||||||
|
+ /linux.*(32|64(le|v2))/
|
||||||
|
&& do { $ret .= ".globl $name";
|
||||||
|
if (!$$type) {
|
||||||
|
$ret .= "\n.type $name,\@function";
|
||||||
|
@@ -80,7 +80,7 @@
|
||||||
|
};
|
||||||
|
my $text = sub {
|
||||||
|
my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
|
||||||
|
- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/);
|
||||||
|
+ $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/);
|
||||||
|
$ret;
|
||||||
|
};
|
||||||
|
my $machine = sub {
|
||||||
|
@@ -186,7 +186,7 @@
|
||||||
|
|
||||||
|
# Some ABIs specify vrsave, special-purpose register #256, as reserved
|
||||||
|
# for system use.
|
||||||
|
-my $no_vrsave = ($flavour =~ /aix|linux64le/);
|
||||||
|
+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/);
|
||||||
|
my $mtspr = sub {
|
||||||
|
my ($f,$idx,$ra) = @_;
|
||||||
|
if ($idx == 256 && $no_vrsave) {
|
||||||
|
@@ -318,7 +318,7 @@ sub vfour {
|
||||||
|
if ($label) {
|
||||||
|
my $xlated = ($GLOBALS{$label} or $label);
|
||||||
|
print "$xlated:";
|
||||||
|
- if ($flavour =~ /linux.*64le/) {
|
||||||
|
+ if ($flavour =~ /linux.*64(le|v2)/) {
|
||||||
|
if ($TYPES{$label} =~ /function/) {
|
||||||
|
printf "\n.localentry %s,0\n",$xlated;
|
||||||
|
}
|
||||||
|
|
||||||
|
From 098404128383ded87ba390dd74ecd9e2ffa6f530 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andy Polyakov <appro@openssl.org>
|
||||||
|
Date: Sun, 5 May 2019 18:30:55 +0200
|
||||||
|
Subject: [PATCH] Configure: use ELFv2 ABI on some ppc64 big endian systems
|
||||||
|
|
||||||
|
If _CALL_ELF is defined to be 2, it's an ELFv2 system.
|
||||||
|
Conditionally switch to the v2 perlasm scheme.
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
||||||
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/8883)
|
||||||
|
---
|
||||||
|
Configure | 10 +++++++---
|
||||||
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Configure b/Configure
|
||||||
|
index 22082deb4c7..e303d98deb3 100755
|
||||||
|
--- a/Configure
|
||||||
|
+++ b/Configure
|
||||||
|
@@ -1402,8 +1402,15 @@
|
||||||
|
my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC});
|
||||||
|
my %predefined_CXX = $config{CXX}
|
||||||
|
? compiler_predefined($config{CROSS_COMPILE}.$config{CXX})
|
||||||
|
: ();
|
||||||
|
|
||||||
|
+unless ($disabled{asm}) {
|
||||||
|
+ # big endian systems can use ELFv2 ABI
|
||||||
|
+ if ($target eq "linux-ppc64") {
|
||||||
|
+ $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
# Check for makedepend capabilities.
|
||||||
|
if (!$disabled{makedepend}) {
|
||||||
|
if ($config{target} =~ /^(VC|vms)-/) {
|
Loading…
Reference in a new issue