168 lines
4 KiB
Text
168 lines
4 KiB
Text
# Contributor: Ariadne Conill <ariadne@dereferenced.org>
|
|
# Maintainer: Timo Teras <timo.teras@iki.fi>
|
|
pkgname=openssl1.1-compat
|
|
pkgver=1.1.1w
|
|
_abiver=${pkgver%.*}
|
|
pkgrel=1
|
|
pkgdesc="toolkit for transport layer security (TLS) - version 1.1"
|
|
url="https://www.openssl.org/"
|
|
arch="all"
|
|
license="OpenSSL"
|
|
replaces="libressl"
|
|
depends_dev="!openssl-dev"
|
|
makedepends_build="perl"
|
|
makedepends_host="linux-headers"
|
|
makedepends="$makedepends_host $makedepends_build"
|
|
subpackages="$pkgname-dbg $pkgname-libs-static:_static $pkgname-dev
|
|
libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
|
|
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
|
|
man-section.patch
|
|
ppc64.patch
|
|
"
|
|
builddir="$srcdir/openssl-$pkgver"
|
|
pcprefix="openssl$_abiver:pc:"
|
|
|
|
# secfixes:
|
|
# 1.1.1u-r1:
|
|
# - CVE-2023-3446
|
|
# 1.1.1t-r2:
|
|
# - CVE-2023-0465
|
|
# 1.1.1t-r1:
|
|
# - CVE-2023-0464
|
|
# 1.1.1t-r0:
|
|
# - CVE-2022-4304
|
|
# - CVE-2022-4450
|
|
# - CVE-2023-0215
|
|
# - CVE-2023-0286
|
|
# 1.1.1q-r0:
|
|
# - CVE-2022-2097
|
|
# 1.1.1n-r0:
|
|
# - CVE-2022-0778
|
|
# 1.1.1l-r0:
|
|
# - CVE-2021-3711
|
|
# - CVE-2021-3712
|
|
# 1.1.1k-r0:
|
|
# - CVE-2021-3449
|
|
# - CVE-2021-3450
|
|
# 1.1.1j-r0:
|
|
# - CVE-2021-23841
|
|
# - CVE-2021-23840
|
|
# - CVE-2021-23839
|
|
# 1.1.1i-r0:
|
|
# - CVE-2020-1971
|
|
# 1.1.1g-r0:
|
|
# - CVE-2020-1967
|
|
# 1.1.1d-r3:
|
|
# - CVE-2019-1551
|
|
# 1.1.1d-r1:
|
|
# - CVE-2019-1547
|
|
# - CVE-2019-1549
|
|
# - CVE-2019-1563
|
|
# 1.1.1b-r1:
|
|
# - CVE-2019-1543
|
|
# 1.1.1a-r0:
|
|
# - CVE-2018-0734
|
|
# - CVE-2018-0735
|
|
# 0:
|
|
# - CVE-2022-1292
|
|
# - CVE-2022-2068
|
|
|
|
build() {
|
|
local _target _optflags
|
|
|
|
# openssl will prepend crosscompile always core CC et al
|
|
CC=${CC#${CROSS_COMPILE}}
|
|
CXX=${CXX#${CROSS_COMPILE}}
|
|
CPP=${CPP#${CROSS_COMPILE}}
|
|
|
|
# determine target OS for openssl
|
|
case "$CARCH" in
|
|
aarch64*) _target="linux-aarch64" ;;
|
|
arm*) _target="linux-armv4" ;;
|
|
ppc) _target="linux-ppc" ;;
|
|
ppc64) _target="linux-ppc64" ;;
|
|
ppc64le) _target="linux-ppc64le" ;;
|
|
x86) _target="linux-elf" ;;
|
|
x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
|
|
s390x) _target="linux64-s390x";;
|
|
riscv64) _target="linux-generic64";;
|
|
loongarch64) _target="linux-generic64";;
|
|
*) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
|
|
esac
|
|
|
|
# Configure assumes --options are for it, so can't use
|
|
# gcc's --sysroot fake this by overriding CC
|
|
[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT"
|
|
|
|
# when cross building do not enable threads as libatomic is not avaiable
|
|
if [ "$CBUILD" != "$CHOST" ]; then
|
|
case $CARCH in
|
|
riscv64) _optflags="$_optflags no-threads";;
|
|
esac
|
|
fi
|
|
|
|
perl ./Configure \
|
|
$_target \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib \
|
|
--openssldir=/etc/ssl1.1 \
|
|
shared \
|
|
no-zlib \
|
|
no-async \
|
|
no-comp \
|
|
no-idea \
|
|
no-mdc2 \
|
|
no-rc5 \
|
|
no-ec2m \
|
|
no-sm2 \
|
|
no-sm4 \
|
|
no-ssl2 \
|
|
no-ssl3 \
|
|
no-seed \
|
|
no-weak-ssl-ciphers \
|
|
$_optflags \
|
|
$CPPFLAGS \
|
|
$CFLAGS \
|
|
$LDFLAGS -Wa,--noexecstack
|
|
make
|
|
}
|
|
|
|
check() {
|
|
# AFALG tests have a sporadic test failure, just delete the broken
|
|
# test for now.
|
|
rm -f test/recipes/30-test_afalg.t
|
|
|
|
make test
|
|
}
|
|
|
|
package() {
|
|
make DESTDIR="$pkgdir" install_sw install_ssldirs
|
|
# remove the script c_rehash
|
|
rm "$pkgdir"/usr/bin/c_rehash
|
|
mv -f "$pkgdir"/usr/bin/openssl "$pkgdir"/usr/bin/openssl$_abiver
|
|
}
|
|
|
|
_libcrypto() {
|
|
pkgdesc="Crypto library from openssl"
|
|
replaces="libressl2.7-libcrypto"
|
|
|
|
amove etc
|
|
amove usr/lib/libcrypto*
|
|
amove usr/lib/engines-$_abiver
|
|
}
|
|
|
|
_libssl() {
|
|
pkgdesc="SSL shared libraries"
|
|
|
|
amove usr/lib/libssl*
|
|
}
|
|
|
|
_static() {
|
|
default_static
|
|
}
|
|
|
|
sha512sums="
|
|
b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d openssl-1.1.1w.tar.gz
|
|
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch
|
|
e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch
|
|
"
|