blob: 22090b345c1b50be95cfc3dcbfaab1520bddb896 (
plain) (
tree)
|
|
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.1.1k
_abiver=${pkgver%.*}
pkgrel=0
pkgdesc="Toolkit for Transport Layer Security (TLS)"
url="https://www.openssl.org"
arch="all"
license="OpenSSL"
replaces="libressl"
makedepends_build="perl"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
man-section.patch
"
case "$CARCH" in
s390x) options="$options !check";; # FIXME: test hangs
esac
builddir="$srcdir/openssl-$pkgver"
# secfixes:
# 1.1.1k-r0:
# - CVE-2021-3449
# - CVE-2021-3450
# 1.1.1j-r0:
# - CVE-2021-23841
# - CVE-2021-23840
# - CVE-2021-23839
# 1.1.1i-r0:
# - CVE-2020-1971
# 1.1.1g-r0:
# - CVE-2020-1967
# 1.1.1d-r2:
# - CVE-2019-1551
# 1.1.1d-r0:
# - CVE-2019-1547
# - CVE-2019-1549
# - CVE-2019-1563
# 1.1.1b-r1:
# - CVE-2019-1543
# 1.1.1a-r0:
# - CVE-2018-0734
# - CVE-2018-0735
build() {
local _target _optflags
cd "$builddir"
# openssl will prepend crosscompile always core CC et al
CC=${CC#${CROSS_COMPILE}}
CXX=${CXX#${CROSS_COMPILE}}
CPP=${CPP#${CROSS_COMPILE}}
# determine target OS for openssl
case "$CARCH" in
aarch64*) _target="linux-aarch64" ;;
arm*) _target="linux-armv4" ;;
mips64*) _target="linux64-mips64" ;;
# explicit _optflags is needed to prevent automatic -mips3 addition
mips*) _target="linux-mips32"; _optflags="-mips32" ;;
ppc64le) _target="linux-ppc64le" ;;
x86) _target="linux-elf" ;;
x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
s390x) _target="linux64-s390x";;
*) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
esac
# Configure assumes --options are for it, so can't use
# gcc's --sysroot fake this by overriding CC
[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"
perl ./Configure $_target --prefix=/usr \
--libdir=lib \
--openssldir=/etc/ssl \
shared no-zlib $_optflags \
no-async no-comp no-idea no-mdc2 no-rc5 no-ec2m \
no-sm2 no-sm4 no-ssl2 no-ssl3 no-seed \
no-weak-ssl-ciphers \
$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
make
}
check() {
cd "$builddir"
make test
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
# remove the script c_rehash
rm "$pkgdir"/usr/bin/c_rehash
}
dev() {
default_dev
replaces="libressl-dev"
}
_libcrypto() {
pkgdesc="Crypto library from openssl"
replaces="libressl2.7-libcrypto"
mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
mv "$pkgdir"/etc "$subpkgdir"/
for i in "$pkgdir"/usr/lib/libcrypto*; do
mv $i "$subpkgdir"/lib/
ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
done
mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/
}
_libssl() {
pkgdesc="SSL shared libraries"
mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
for i in "$pkgdir"/usr/lib/libssl*; do
mv $i "$subpkgdir"/lib/
ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
done
}
sha512sums="73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121 openssl-1.1.1k.tar.gz
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch"
|
