summaryrefslogtreecommitdiffstats
path: root/main/openssl/APKBUILD
blob: ba11da9612613a458afb31deb2968b7e2d43d339 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.2h
pkgrel=4
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
makedepends_build="perl"
makedepends_host="zlib-dev"
makedepends="$makedepends_host $makedepends_build"
depends_dev="zlib-dev"
arch="all"
license="openssl"

subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl"

source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
	0001-fix-manpages.patch
	0002-busybox-basename.patch
	0003-use-termios.patch
	0004-fix-default-ca-path-for-apps.patch
	0005-fix-parallel-build.patch
	0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
	0007-reimplement-c_rehash-in-C.patch
	0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
	0009-no-rpath.patch
	0010-ssl-env-zlib.patch
	1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
	1002-backport-changes-from-upstream-padlock-module.patch
	1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
	1004-crypto-engine-autoload-padlock-dynamic-engine.patch
	CVE-2016-2177.patch
	CVE-2016-2178.patch
	CVE-2016-2179.patch
	CVE-2016-2180.patch
	CVE-2016-2181.patch
	CVE-2016-2182.patch
	CVE-2016-6302.patch
	CVE-2016-6303.patch
	"

# secfixes:
#   1.0.2h-r0:
#     - CVE-2016-2107
#     - CVE-2016-2105
#     - CVE-2016-2106
#     - CVE-2016-2109
#     - CVE-2016-2176
#   1.0.2h-r1:
#     - CVE-2016-2177
#     - CVE-2016-2178
#   1.0.2h-r2:
#     - CVE-2016-2180
#   1.0.2h-r3:
#     - CVE-2016-2179
#     - CVE-2016-2182
#     - CVE-2016-6302
#     - CVE-2016-6303
#   1.0.2h-r4:
#     - CVE-2016-2181

_builddir="$srcdir"/$pkgname-$pkgver

prepare() {
        cd "$_builddir"
        for patch in $source; do
                case $patch in
                *.patch)
                        msg "Applying patch $patch"
                        patch -p1 -i "$srcdir"/$patch || return 1
                        ;;
                esac
        done

	# force generate apps, due to c_rehash patch
	rm -rf "$_builddir"/apps/progs.h
}

build() {
	local _target _optflags
	cd "$_builddir"

	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
	x86)    _target="linux-elf" ;;
	x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
	arm*)   _target="linux-armv4" ;;
	*)	msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared zlib enable-montasm enable-md2 $_optflags \
		enable-ssl2 \
		-DOPENSSL_NO_BUF_FREELISTS \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \
		|| return 1

	make && make build-shared || return 1
}

package() {
	cd "$_builddir"
	make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install || return 1

	# c_rehash compat link
	ln -sf openssl "$pkgdir"/usr/bin/c_rehash

	# rename man pages that conflict with man-pages
	local m
	for m in rand.3 err.3 threads.3 passwd.1; do
		mv "$pkgdir"/usr/share/man/man${m/*.}/$m \
		   "$pkgdir"/usr/share/man/man${m/*.}/openssl-$m \
			|| return 1
	done
}

libcrypto() {
	pkgdesc="Crypto library from openssl"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/
}

libssl() {
	pkgdesc="SSL shared libraries"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

md5sums="9392e65072ce4b614c1392eefc1f23d0  openssl-1.0.2h.tar.gz
ca4b7eea03af14012ca2d4e7c092db23  0001-fix-manpages.patch
67bdfe450143a41042d2c318003e963a  0002-busybox-basename.patch
84c03f201f55ca7fbfde364cfdfc9cf4  0003-use-termios.patch
9bb9dffdd871eeccc945494771302cc3  0004-fix-default-ca-path-for-apps.patch
ed6e779e9799aeb7e029929a5719e631  0005-fix-parallel-build.patch
5a5753f52b9f54f769f1ad915d0119bd  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
106b2c7590d49a28c782cf3f5d623543  0007-reimplement-c_rehash-in-C.patch
7a2f9c883ecdfca3087062df4a68150a  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
28e89dd715fc4ed85e747bd7306f2970  0009-no-rpath.patch
742ee13d88b13414248f329a09f9a92d  0010-ssl-env-zlib.patch
25091afb907de2b504f8bad6bf70002c  1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
aa16c89b283faf0fe546e3f897279c44  1002-backport-changes-from-upstream-padlock-module.patch
57cca845e22c178c3b317010be56edf0  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
2ac874d1249f5f68d8c7cd58d157d29a  1004-crypto-engine-autoload-padlock-dynamic-engine.patch
1accc0880b6e95726ea9f668808cd8ba  CVE-2016-2177.patch
5c8e962b3d7e0082c1af432f6d0ad221  CVE-2016-2178.patch
c00ded9884ee5dbe557e1ee4216bd99a  CVE-2016-2179.patch
6d2276c87a17ae8615b47a1dea306d41  CVE-2016-2180.patch
fec771747e29df875e63bea2bc88f110  CVE-2016-2181.patch
43c75a464bb6c0110717decb76220778  CVE-2016-2182.patch
70159524406c4dc59e1c278d556696e8  CVE-2016-6302.patch
96af7035339f01cebfc26118a6f12795  CVE-2016-6303.patch"
sha256sums="1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919  openssl-1.0.2h.tar.gz
d9c8d3b53a237e88bb333739e9a09d25e9fe647c4bc36acff74c7d49ce56484b  0001-fix-manpages.patch
b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400  0002-busybox-basename.patch
c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd  0003-use-termios.patch
1f022ccab9b2e5850f32d2ac75cb617c8ce7b803a4548ce71e82776fe5b15b67  0004-fix-default-ca-path-for-apps.patch
aa1fed25880313bd77fe06fc8a42ac65e02ac944eb4052480de2abbde7867380  0005-fix-parallel-build.patch
9baecc8024bd5004ef045c6c53537f7453029c1e273874ce639834145564ca6d  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
c934b5d1a2cb58b5235da2dfee423f0f66bb83e1d479f511b444751899637c37  0007-reimplement-c_rehash-in-C.patch
1030f885dc76f352854a7a95d73e68cfd1479c5f9ee198d6afef6b0755ee1c81  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
6b7ac5c9db430d9d3e8aaf87e0e95aa8a0ef460517d6563cca24014d4d890fbc  0009-no-rpath.patch
fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f  0010-ssl-env-zlib.patch
2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7  1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260  1002-backport-changes-from-upstream-padlock-module.patch
c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
2f7c850af078a3ae71b2dd38d5d0b3964ea4262e52673e36ff33498cc6223e6c  1004-crypto-engine-autoload-padlock-dynamic-engine.patch
e321860623758c8a98b15dfa0b4671244e2cff34b5c62a489c43437d1053ed06  CVE-2016-2177.patch
7abe837d39953d0c0f694013a54f444e6f9ca0db8b98ca8aaf1d58683086784e  CVE-2016-2178.patch
707bd694d828178ed6b5855a06ad70052f4c113c26f5ac2cb92133a82c0109e7  CVE-2016-2179.patch
fa906541a97bf0dbb1faa600055e28a1515b073f8c2b607edbcbbb53bdd97c99  CVE-2016-2180.patch
8fa93d64990cccef800faebe892bbb9a7ffff48f049e16964f4362618bec4aa2  CVE-2016-2181.patch
9bf8bf766cd6784ca50fcd99f45ebf2c57e8a821fa05644ce3b70e673f83ed53  CVE-2016-2182.patch
5751fb95b74a4a6b6091ad034a4e5919ff5e5eb186321cac82a8ab590abe76bc  CVE-2016-6302.patch
3fccf95efbd51dff85cd4a04d5c589c6c06dee5cfa8d428edf93c378d106fb1e  CVE-2016-6303.patch"
sha512sums="780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303  openssl-1.0.2h.tar.gz
80589e386fe57470818757a182f444a79050e1f19683650268d551d8aa436902b3bf565bb7a2aa8464013e50229c8bed5bb89fbd8387469cdfdcd3941eb3e5db  0001-fix-manpages.patch
2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c  0002-busybox-basename.patch
58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4  0003-use-termios.patch
c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae  0004-fix-default-ca-path-for-apps.patch
5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb  0005-fix-parallel-build.patch
820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aacae8df16052df6ec628b568519a41706428a3fa07984cc8e3  0007-reimplement-c_rehash-in-C.patch
17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1  0009-no-rpath.patch
5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420  0010-ssl-env-zlib.patch
8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17  1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389  1002-backport-changes-from-upstream-padlock-module.patch
6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
b72436eb8d4dac42d8da76a51d46cfc03e92e162f692a7a1761201221b9c6d66b738c08270b2260f02ce47b42043538474df73a7185dd4a809dd3b14cc8af7c3  1004-crypto-engine-autoload-padlock-dynamic-engine.patch
6e149213d1c4cbab06e0aedeb04562f96c1430e6e8f9b9836ff4ddd79da361db2bcfbdf83f6615369e8feaaefecfc0dc5f9cee3b56c2eeeca57233a2daf25d2c  CVE-2016-2177.patch
9a90ee6b6329dea17a70c6cd62fbf349289b4beab74137adc2448c54652501c2ff47694b9154da6e610e8b947ff2070e0460fe2754b62301a6a439e16eb6fd1b  CVE-2016-2178.patch
02e0f2dfcb13f22b42c3945af5a8c81d4dd12b4c73b1e30de1dd54b6af8d460b15a0d05011fce3168696f39f9a72b126cc7e8c9cd1e889a1f6c37bc5bc329820  CVE-2016-2179.patch
6c330a4a204311b21c0319de4fae7ff99819d462313cb36b4486d3e322d1d7c6393392308ff6c9f7b5a7c070584be46de232a940626ff979db88656299c87d48  CVE-2016-2180.patch
995b2780aaaaf5b56851ab670df2c52ce1cede06e235a380d337cb40785f36677e4456b90b7782f40447c4aedcb8be00b08caf05ada5a2b95c90e073e6316970  CVE-2016-2181.patch
f6a30bdbe6c2bf21b5dcd9a79fe25207c8c8df9e928935bbc84f65a2aa6719d316c5afca320df107cc5c46027859624fbad7a4f41d3d1447a9658e9949614152  CVE-2016-2182.patch
fe88218c57fa8382a565d921d54f6bc20c89b5a63ebf9c80b941095baa76f102152c584ee15aac7e284f71e2bd7d04c621af9ade7719f87b69cb19caf22f823c  CVE-2016-6302.patch
9f3f6f9c2be8830f444c7045a7d54d35461a665b48a6227015bc7fff10f9220d2814a3a045461e57af5b753b90738113e43d916fca28dda6e47519a4564f1f63  CVE-2016-6303.patch"