blob: 6a0fe12a128e73b68c56318cac2e437bddf08f83 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.1.1o
_abiver=${pkgver%.*}
pkgrel=0
pkgdesc="Toolkit for Transport Layer Security (TLS)"
url="https://www.openssl.org/"
arch="all"
license="OpenSSL"
replaces="libressl"
makedepends_build="perl"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev $pkgname-doc
libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
man-section.patch
"
# secfixes:
# 1.1.1n-r0:
# - CVE-2022-0778
# 1.1.1l-r0:
# - CVE-2021-3711
# - CVE-2021-3712
# 1.1.1k-r0:
# - CVE-2021-3449
# - CVE-2021-3450
# 1.1.1j-r0:
# - CVE-2021-23841
# - CVE-2021-23840
# - CVE-2021-23839
# 1.1.1i-r0:
# - CVE-2020-1971
# 1.1.1g-r0:
# - CVE-2020-1967
# 1.1.1d-r3:
# - CVE-2019-1551
# 1.1.1d-r1:
# - CVE-2019-1547
# - CVE-2019-1549
# - CVE-2019-1563
# 1.1.1b-r1:
# - CVE-2019-1543
# 1.1.1a-r0:
# - CVE-2018-0734
# - CVE-2018-0735
# 0:
# - CVE-2022-1292
build() {
local _target _optflags
# openssl will prepend crosscompile always core CC et al
CC=${CC#${CROSS_COMPILE}}
CXX=${CXX#${CROSS_COMPILE}}
CPP=${CPP#${CROSS_COMPILE}}
# determine target OS for openssl
case "$CARCH" in
aarch64*) _target="linux-aarch64" ;;
arm*) _target="linux-armv4" ;;
mips64*) _target="linux64-mips64" ;;
# explicit _optflags is needed to prevent automatic -mips3 addition
mips*) _target="linux-mips32"; _optflags="-mips32" ;;
ppc64le) _target="linux-ppc64le" ;;
x86) _target="linux-elf" ;;
x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
s390x) _target="linux64-s390x";;
*) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
esac
# Configure assumes --options are for it, so can't use
# gcc's --sysroot fake this by overriding CC
[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT"
perl ./Configure $_target --prefix=/usr \
--libdir=lib \
--openssldir=/etc/ssl \
shared no-zlib $_optflags \
no-async no-comp no-idea no-mdc2 no-rc5 no-ec2m \
no-sm2 no-sm4 no-ssl2 no-ssl3 no-seed \
no-weak-ssl-ciphers \
$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
make
}
check() {
# AFALG tests have a sporadic test failure, just delete the broken
# test for now.
rm -f test/recipes/30-test_afalg.t
make test
}
package() {
make DESTDIR="$pkgdir" install
# remove the script c_rehash
rm "$pkgdir"/usr/bin/c_rehash
}
dev() {
default_dev
replaces="libressl-dev"
}
_libcrypto() {
pkgdesc="Crypto library from openssl"
replaces="libressl2.7-libcrypto"
mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
mv "$pkgdir"/etc "$subpkgdir"/
for i in "$pkgdir"/usr/lib/libcrypto*; do
mv $i "$subpkgdir"/lib/
ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
done
mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/
}
_libssl() {
pkgdesc="SSL shared libraries"
mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
for i in "$pkgdir"/usr/lib/libssl*; do
mv $i "$subpkgdir"/lib/
ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
done
}
sha512sums="
75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23 openssl-1.1.1o.tar.gz
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch
"
|
