diff options
Diffstat (limited to 'main/openssl/APKBUILD')
-rw-r--r-- | main/openssl/APKBUILD | 122 |
1 files changed, 102 insertions, 20 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index b681fa5cf83..ce0902cd985 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,24 +1,81 @@ -# Maintainer: Timo Teras <timo.teras@iki.fi> +# Contributor: Ariadne Conill <ariadne@dereferenced.org> +# Contributor: Timo Teras <timo.teras@iki.fi> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssl -pkgver=1.1.1k -_abiver=${pkgver%.*} +pkgver=3.3.0 +_abiver=${pkgver%.*.*} pkgrel=1 pkgdesc="Toolkit for Transport Layer Security (TLS)" url="https://www.openssl.org/" arch="all" -license="OpenSSL" -replaces="libressl" +license="Apache-2.0" +replaces="openssl" makedepends_build="perl" makedepends_host="linux-headers" makedepends="$makedepends_host $makedepends_build" subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev $pkgname-doc - libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" + $pkgname-misc::noarch libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" source="https://www.openssl.org/source/openssl-$pkgver.tar.gz man-section.patch - ppc64.patch " +builddir="$srcdir/openssl-$pkgver" # secfixes: +# 3.2.1-r2: +# - CVE-2024-2511 +# 3.1.4-r5: +# - CVE-2024-0727 +# 3.1.4-r4: +# - CVE-2023-6237 +# 3.1.4-r3: +# - CVE-2023-6129 +# 3.1.4-r1: +# - CVE-2023-5678 +# 3.1.4-r0: +# - CVE-2023-5363 +# 3.1.2-r0: +# - CVE-2023-3817 +# 3.1.1-r3: +# - CVE-2023-3446 +# 3.1.1-r2: +# - CVE-2023-2975 +# 3.1.1-r0: +# - CVE-2023-2650 +# 3.1.0-r4: +# - CVE-2023-1255 +# 3.1.0-r2: +# - CVE-2023-0465 +# 3.1.0-r1: +# - CVE-2023-0464 +# 3.0.8-r0: +# - CVE-2022-4203 +# - CVE-2022-4304 +# - CVE-2022-4450 +# - CVE-2023-0215 +# - CVE-2023-0216 +# - CVE-2023-0217 +# - CVE-2023-0286 +# - CVE-2023-0401 +# 3.0.7-r2: +# - CVE-2022-3996 +# 3.0.7-r0: +# - CVE-2022-3786 +# - CVE-2022-3602 +# 3.0.6-r0: +# - CVE-2022-3358 +# 3.0.5-r0: +# - CVE-2022-2097 +# 3.0.3-r0: +# - CVE-2022-1343 +# - CVE-2022-1434 +# - CVE-2022-1473 +# 3.0.2-r0: +# - CVE-2022-0778 +# 3.0.1-r0: +# - CVE-2021-4044 +# 1.1.1l-r0: +# - CVE-2021-3711 +# - CVE-2021-3712 # 1.1.1k-r0: # - CVE-2021-3449 # - CVE-2021-3450 @@ -41,14 +98,20 @@ source="https://www.openssl.org/source/openssl-$pkgver.tar.gz # 1.1.1a-r0: # - CVE-2018-0734 # - CVE-2018-0735 +# 0: +# - CVE-2022-1292 +# - CVE-2022-2068 +# - CVE-2022-2274 +# - CVE-2023-0466 +# - CVE-2023-4807 build() { local _target _optflags # openssl will prepend crosscompile always core CC et al - CC=${CC#${CROSS_COMPILE}} - CXX=${CXX#${CROSS_COMPILE}} - CPP=${CPP#${CROSS_COMPILE}} + CC=${CC#"$CROSS_COMPILE"} + CXX=${CXX#"$CROSS_COMPILE"} + CPP=${CPP#"$CROSS_COMPILE"} # determine target OS for openssl case "$CARCH" in @@ -62,8 +125,9 @@ build() { ppc64le) _target="linux-ppc64le" ;; x86) _target="linux-elf" ;; x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; - s390x) _target="linux64-s390x";; - riscv64) _target="linux-generic64";; + s390x) _target="linux64-s390x";; + riscv64) _target="linux64-riscv64";; + loongarch64) _target="linux64-loongarch64";; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac @@ -83,6 +147,7 @@ build() { --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ + enable-ktls \ shared \ no-zlib \ no-async \ @@ -91,9 +156,6 @@ build() { no-mdc2 \ no-rc5 \ no-ec2m \ - no-sm2 \ - no-sm4 \ - no-ssl2 \ no-ssl3 \ no-seed \ no-weak-ssl-ciphers \ @@ -101,6 +163,10 @@ build() { $CPPFLAGS \ $CFLAGS \ $LDFLAGS -Wa,--noexecstack + + # dump configuration into logs + perl configdata.pm --dump + make } @@ -113,19 +179,32 @@ check() { } package() { + depends="libssl$_abiver=$pkgver-r$pkgrel libcrypto$_abiver=$pkgver-r$pkgrel" + provides="openssl3=$pkgver-r$pkgrel" + replaces="openssl3" + make DESTDIR="$pkgdir" install # remove the script c_rehash rm "$pkgdir"/usr/bin/c_rehash } dev() { + provides="openssl3-dev=$pkgver-r$pkgrel" + replaces="openssl3-dev" + default_dev - replaces="libressl-dev" +} + +misc() { + depends="$pkgname=$pkgver-r$pkgrel perl" + pkgdesc="Various perl scripts from $pkgname" + + amove etc/ssl/misc } _libcrypto() { pkgdesc="Crypto library from openssl" - replaces="libressl2.7-libcrypto" + replaces="libcrypto1.1" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib mv "$pkgdir"/etc "$subpkgdir"/ for i in "$pkgdir"/usr/lib/libcrypto*; do @@ -133,10 +212,12 @@ _libcrypto() { ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/ossl-modules "$subpkgdir"/usr/lib/ } _libssl() { pkgdesc="SSL shared libraries" + depends="libcrypto$_abiver=$pkgver-r$pkgrel" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do @@ -145,6 +226,7 @@ _libssl() { done } -sha512sums="73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121 openssl-1.1.1k.tar.gz -43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch -e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch" +sha512sums=" +1f9daeee6542e1b831c65f1f87befaef98ccedc3abc958c9d17f064ef771924c30849e3ff880f94eed4aaa9d81ea105e3bc8815e6d2e4d6b60b5e890f14fc5da openssl-3.3.0.tar.gz +8c44e990fe8a820f649631b9f81cf28225b7516065169a7f68e2dd7c067b30df9b2c6cb88fa826afbc9fcdaf156360aabf7c498d2d9ed452968815b12b004809 man-section.patch +" |