diff options
Diffstat (limited to 'main/openssl/APKBUILD')
| -rw-r--r-- | main/openssl/APKBUILD | 130 |
1 files changed, 100 insertions, 30 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index ccf31faabdc..ce0902cd985 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,26 +1,78 @@ # Contributor: Ariadne Conill <ariadne@dereferenced.org> -# Maintainer: Timo Teras <timo.teras@iki.fi> +# Contributor: Timo Teras <timo.teras@iki.fi> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssl -pkgver=1.1.1l -_abiver=${pkgver%.*} -pkgrel=7 -pkgdesc="toolkit for transport layer security (TLS) - version 1.1" +pkgver=3.3.0 +_abiver=${pkgver%.*.*} +pkgrel=1 +pkgdesc="Toolkit for Transport Layer Security (TLS)" url="https://www.openssl.org/" arch="all" -license="OpenSSL" -replaces="libressl" +license="Apache-2.0" +replaces="openssl" makedepends_build="perl" makedepends_host="linux-headers" makedepends="$makedepends_host $makedepends_build" -subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev - libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" +subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev $pkgname-doc + $pkgname-misc::noarch libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" source="https://www.openssl.org/source/openssl-$pkgver.tar.gz man-section.patch - ppc64.patch " builddir="$srcdir/openssl-$pkgver" # secfixes: +# 3.2.1-r2: +# - CVE-2024-2511 +# 3.1.4-r5: +# - CVE-2024-0727 +# 3.1.4-r4: +# - CVE-2023-6237 +# 3.1.4-r3: +# - CVE-2023-6129 +# 3.1.4-r1: +# - CVE-2023-5678 +# 3.1.4-r0: +# - CVE-2023-5363 +# 3.1.2-r0: +# - CVE-2023-3817 +# 3.1.1-r3: +# - CVE-2023-3446 +# 3.1.1-r2: +# - CVE-2023-2975 +# 3.1.1-r0: +# - CVE-2023-2650 +# 3.1.0-r4: +# - CVE-2023-1255 +# 3.1.0-r2: +# - CVE-2023-0465 +# 3.1.0-r1: +# - CVE-2023-0464 +# 3.0.8-r0: +# - CVE-2022-4203 +# - CVE-2022-4304 +# - CVE-2022-4450 +# - CVE-2023-0215 +# - CVE-2023-0216 +# - CVE-2023-0217 +# - CVE-2023-0286 +# - CVE-2023-0401 +# 3.0.7-r2: +# - CVE-2022-3996 +# 3.0.7-r0: +# - CVE-2022-3786 +# - CVE-2022-3602 +# 3.0.6-r0: +# - CVE-2022-3358 +# 3.0.5-r0: +# - CVE-2022-2097 +# 3.0.3-r0: +# - CVE-2022-1343 +# - CVE-2022-1434 +# - CVE-2022-1473 +# 3.0.2-r0: +# - CVE-2022-0778 +# 3.0.1-r0: +# - CVE-2021-4044 # 1.1.1l-r0: # - CVE-2021-3711 # - CVE-2021-3712 @@ -46,14 +98,20 @@ builddir="$srcdir/openssl-$pkgver" # 1.1.1a-r0: # - CVE-2018-0734 # - CVE-2018-0735 +# 0: +# - CVE-2022-1292 +# - CVE-2022-2068 +# - CVE-2022-2274 +# - CVE-2023-0466 +# - CVE-2023-4807 build() { local _target _optflags # openssl will prepend crosscompile always core CC et al - CC=${CC#${CROSS_COMPILE}} - CXX=${CXX#${CROSS_COMPILE}} - CPP=${CPP#${CROSS_COMPILE}} + CC=${CC#"$CROSS_COMPILE"} + CXX=${CXX#"$CROSS_COMPILE"} + CPP=${CPP#"$CROSS_COMPILE"} # determine target OS for openssl case "$CARCH" in @@ -67,8 +125,9 @@ build() { ppc64le) _target="linux-ppc64le" ;; x86) _target="linux-elf" ;; x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; - s390x) _target="linux64-s390x";; - riscv64) _target="linux-generic64";; + s390x) _target="linux64-s390x";; + riscv64) _target="linux64-riscv64";; + loongarch64) _target="linux64-loongarch64";; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac @@ -87,7 +146,8 @@ build() { $_target \ --prefix=/usr \ --libdir=lib \ - --openssldir=/etc/ssl1.1 \ + --openssldir=/etc/ssl \ + enable-ktls \ shared \ no-zlib \ no-async \ @@ -96,9 +156,6 @@ build() { no-mdc2 \ no-rc5 \ no-ec2m \ - no-sm2 \ - no-sm4 \ - no-ssl2 \ no-ssl3 \ no-seed \ no-weak-ssl-ciphers \ @@ -106,6 +163,10 @@ build() { $CPPFLAGS \ $CFLAGS \ $LDFLAGS -Wa,--noexecstack + + # dump configuration into logs + perl configdata.pm --dump + make } @@ -118,24 +179,32 @@ check() { } package() { - make DESTDIR="$pkgdir" install_sw install_ssldirs + depends="libssl$_abiver=$pkgver-r$pkgrel libcrypto$_abiver=$pkgver-r$pkgrel" + provides="openssl3=$pkgver-r$pkgrel" + replaces="openssl3" + + make DESTDIR="$pkgdir" install # remove the script c_rehash rm "$pkgdir"/usr/bin/c_rehash - #mv -f "$pkgdir"/usr/bin/openssl "$pkgdir"/usr/bin/openssl$_abiver - - rm -r "$pkgdir"/etc/ssl1.1/certs "$pkgdir"/etc/ssl1.1/misc - ln -fs ../ssl/cert.pem ../ssl/certs ../ssl/ct_log_list.cnf "$pkgdir"/etc/ssl1.1/ } dev() { + provides="openssl3-dev=$pkgver-r$pkgrel" + replaces="openssl3-dev" + default_dev - replaces="libressl-dev" - provides="openssl1.1-compat-dev=${pkgver}-r${pkgrel}" +} + +misc() { + depends="$pkgname=$pkgver-r$pkgrel perl" + pkgdesc="Various perl scripts from $pkgname" + + amove etc/ssl/misc } _libcrypto() { pkgdesc="Crypto library from openssl" - replaces="libressl2.7-libcrypto" + replaces="libcrypto1.1" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib mv "$pkgdir"/etc "$subpkgdir"/ for i in "$pkgdir"/usr/lib/libcrypto*; do @@ -143,10 +212,12 @@ _libcrypto() { ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/ossl-modules "$subpkgdir"/usr/lib/ } _libssl() { pkgdesc="SSL shared libraries" + depends="libcrypto$_abiver=$pkgver-r$pkgrel" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do @@ -156,7 +227,6 @@ _libssl() { } sha512sums=" -d9611f393e37577cca05004531388d3e0ebbf714894cab9f95f4903909cd4f45c214faab664c0cbc3ad3cca309d500b9e6d0ecbf9a0a0588d1677dc6b047f9e0 openssl-1.1.1l.tar.gz -43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch -e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch +1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da openssl-3.3.0.tar.gz +8c44e990fe8a820f649631b9f81cf28225b7516065169a7f68e2dd7c067b30df9b2c6cb88fa826afbc9fcdaf156360aabf7c498d2d9ed452968815b12b004809 man-section.patch " |