# Contributor: Ariadne Conill # Maintainer: Timo Teras pkgname=openssl1.1-compat pkgver=1.1.1w _abiver=${pkgver%.*} pkgrel=0 pkgdesc="toolkit for transport layer security (TLS) - version 1.1" url="https://www.openssl.org/" arch="all" license="OpenSSL" replaces="libressl" depends_dev="!openssl-dev" makedepends_build="perl" makedepends_host="linux-headers" makedepends="$makedepends_host $makedepends_build" subpackages="$pkgname-dbg $pkgname-libs-static:_static $pkgname-dev libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" source="https://www.openssl.org/source/openssl-$pkgver.tar.gz man-section.patch ppc64.patch " builddir="$srcdir/openssl-$pkgver" pcprefix="openssl$_abiver:pc:" # secfixes: # 1.1.1u-r1: # - CVE-2023-3446 # 1.1.1t-r2: # - CVE-2023-0465 # 1.1.1t-r1: # - CVE-2023-0464 # 1.1.1t-r0: # - CVE-2022-4304 # - CVE-2022-4450 # - CVE-2023-0215 # - CVE-2023-0286 # 1.1.1q-r0: # - CVE-2022-2097 # 1.1.1n-r0: # - CVE-2022-0778 # 1.1.1l-r0: # - CVE-2021-3711 # - CVE-2021-3712 # 1.1.1k-r0: # - CVE-2021-3449 # - CVE-2021-3450 # 1.1.1j-r0: # - CVE-2021-23841 # - CVE-2021-23840 # - CVE-2021-23839 # 1.1.1i-r0: # - CVE-2020-1971 # 1.1.1g-r0: # - CVE-2020-1967 # 1.1.1d-r3: # - CVE-2019-1551 # 1.1.1d-r1: # - CVE-2019-1547 # - CVE-2019-1549 # - CVE-2019-1563 # 1.1.1b-r1: # - CVE-2019-1543 # 1.1.1a-r0: # - CVE-2018-0734 # - CVE-2018-0735 # 0: # - CVE-2022-1292 # - CVE-2022-2068 build() { local _target _optflags # openssl will prepend crosscompile always core CC et al CC=${CC#${CROSS_COMPILE}} CXX=${CXX#${CROSS_COMPILE}} CPP=${CPP#${CROSS_COMPILE}} # determine target OS for openssl case "$CARCH" in aarch64*) _target="linux-aarch64" ;; arm*) _target="linux-armv4" ;; ppc) _target="linux-ppc" ;; ppc64) _target="linux-ppc64" ;; ppc64le) _target="linux-ppc64le" ;; x86) _target="linux-elf" ;; x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; s390x) _target="linux64-s390x";; riscv64) _target="linux-generic64";; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac # Configure assumes --options are for it, so can't use # gcc's --sysroot fake this by overriding CC [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT" # when cross building do not enable threads as libatomic is not avaiable if [ "$CBUILD" != "$CHOST" ]; then case $CARCH in riscv64) _optflags="$_optflags no-threads";; esac fi perl ./Configure \ $_target \ --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl1.1 \ shared \ no-zlib \ no-async \ no-comp \ no-idea \ no-mdc2 \ no-rc5 \ no-ec2m \ no-sm2 \ no-sm4 \ no-ssl2 \ no-ssl3 \ no-seed \ no-weak-ssl-ciphers \ $_optflags \ $CPPFLAGS \ $CFLAGS \ $LDFLAGS -Wa,--noexecstack make } check() { # AFALG tests have a sporadic test failure, just delete the broken # test for now. rm -f test/recipes/30-test_afalg.t make test } package() { make DESTDIR="$pkgdir" install_sw install_ssldirs # remove the script c_rehash rm "$pkgdir"/usr/bin/c_rehash mv -f "$pkgdir"/usr/bin/openssl "$pkgdir"/usr/bin/openssl$_abiver } _libcrypto() { pkgdesc="Crypto library from openssl" replaces="libressl2.7-libcrypto" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib mv "$pkgdir"/etc "$subpkgdir"/ for i in "$pkgdir"/usr/lib/libcrypto*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/ } _libssl() { pkgdesc="SSL shared libraries" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done } _static() { default_static } sha512sums=" b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d openssl-1.1.1w.tar.gz 43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch "