# Maintainer: Timo Teras pkgname=openssl pkgver=1.0.2h pkgrel=1 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= makedepends_build="perl" makedepends_host="zlib-dev" makedepends="$makedepends_host $makedepends_build" depends_dev="zlib-dev" arch="all" license="openssl" subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz 0002-busybox-basename.patch 0003-use-termios.patch 0004-fix-default-ca-path-for-apps.patch 0005-fix-parallel-build.patch 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch 0007-reimplement-c_rehash-in-C.patch 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 0009-no-rpath.patch 0010-ssl-env-zlib.patch 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch 1002-backport-changes-from-upstream-padlock-module.patch 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch CVE-2016-2177.patch CVE-2016-2178.patch " _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" for patch in $source; do case $patch in *.patch) msg "Applying patch $patch" patch -p1 -i "$srcdir"/$patch || return 1 ;; esac done # force generate apps, due to c_rehash patch rm -rf "$_builddir"/apps/progs.h } build() { local _target _optflags cd "$_builddir" # openssl will prepend crosscompile always core CC et al CC=${CC#${CROSS_COMPILE}} CXX=${CXX#${CROSS_COMPILE}} CPP=${CPP#${CROSS_COMPILE}} # determine target OS for openssl case "$CARCH" in x86) _target="linux-elf" ;; x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; arm*) _target="linux-armv4" ;; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac # Configure assumes --options are for it, so can't use # gcc's --sysroot fake this by overriding CC [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}" perl ./Configure $_target --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ shared zlib enable-montasm enable-md2 $_optflags \ -DOPENSSL_NO_BUF_FREELISTS \ $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \ enable-ssl2 \ || return 1 make && make build-shared || return 1 # Build standalone version c_rehash app, so the huge openssl # binary is not mandatory requirement of ca-certificates ${CROSS_COMPILE}$CC $CPPFLAGS $CFLAGS $LDFLAGS -I . -I include -L . "$_builddir"/apps/c_rehash.c -o c_rehash -lcrypto || return 1 } package() { cd "$_builddir" make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install || return 1 # c_rehash standalone app install c_rehash "$pkgdir"/usr/bin/c_rehash || return 1 } libcrypto() { pkgdesc="Crypto library from openssl" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib "$subpkgdir"/usr/bin for i in "$pkgdir"/usr/lib/libcrypto*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ || return 1 mv "$pkgdir"/usr/bin/c_rehash "$subpkgdir"/usr/bin/ || return 1 } libssl() { pkgdesc="SSL shared libraries" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done } md5sums="9392e65072ce4b614c1392eefc1f23d0 openssl-1.0.2h.tar.gz 67bdfe450143a41042d2c318003e963a 0002-busybox-basename.patch 84c03f201f55ca7fbfde364cfdfc9cf4 0003-use-termios.patch 9bb9dffdd871eeccc945494771302cc3 0004-fix-default-ca-path-for-apps.patch ed6e779e9799aeb7e029929a5719e631 0005-fix-parallel-build.patch 5a5753f52b9f54f769f1ad915d0119bd 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch 106b2c7590d49a28c782cf3f5d623543 0007-reimplement-c_rehash-in-C.patch 7a2f9c883ecdfca3087062df4a68150a 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 28e89dd715fc4ed85e747bd7306f2970 0009-no-rpath.patch 742ee13d88b13414248f329a09f9a92d 0010-ssl-env-zlib.patch 25091afb907de2b504f8bad6bf70002c 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch aa16c89b283faf0fe546e3f897279c44 1002-backport-changes-from-upstream-padlock-module.patch 57cca845e22c178c3b317010be56edf0 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 1accc0880b6e95726ea9f668808cd8ba CVE-2016-2177.patch 5c8e962b3d7e0082c1af432f6d0ad221 CVE-2016-2178.patch" sha256sums="1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 openssl-1.0.2h.tar.gz b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400 0002-busybox-basename.patch c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd 0003-use-termios.patch 1f022ccab9b2e5850f32d2ac75cb617c8ce7b803a4548ce71e82776fe5b15b67 0004-fix-default-ca-path-for-apps.patch aa1fed25880313bd77fe06fc8a42ac65e02ac944eb4052480de2abbde7867380 0005-fix-parallel-build.patch 9baecc8024bd5004ef045c6c53537f7453029c1e273874ce639834145564ca6d 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch c934b5d1a2cb58b5235da2dfee423f0f66bb83e1d479f511b444751899637c37 0007-reimplement-c_rehash-in-C.patch 1030f885dc76f352854a7a95d73e68cfd1479c5f9ee198d6afef6b0755ee1c81 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 6b7ac5c9db430d9d3e8aaf87e0e95aa8a0ef460517d6563cca24014d4d890fbc 0009-no-rpath.patch fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f 0010-ssl-env-zlib.patch 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 1002-backport-changes-from-upstream-padlock-module.patch c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch e321860623758c8a98b15dfa0b4671244e2cff34b5c62a489c43437d1053ed06 CVE-2016-2177.patch 7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e CVE-2016-2178.patch" sha512sums="780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 openssl-1.0.2h.tar.gz 2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch 58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae 0004-fix-default-ca-path-for-apps.patch 5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb 0005-fix-parallel-build.patch 820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aacae8df16052df6ec628b568519a41706428a3fa07984cc8e3 0007-reimplement-c_rehash-in-C.patch 17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1 0009-no-rpath.patch 5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420 0010-ssl-env-zlib.patch 8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch 6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 6e149213d1c4cbab06e0aedeb04562f96c1430e6e8f9b9836ff4ddd79da361db2bcfbdf83f6615369e8feaaefecfc0dc5f9cee3b56c2eeeca57233a2daf25d2c CVE-2016-2177.patch 9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b CVE-2016-2178.patch"