# Maintainer: Timo Teras pkgname=openssl pkgver=1.1.1d _abiver=${pkgver%.*} pkgrel=5 pkgdesc="Toolkit for Transport Layer Security (TLS)" url="https://www.openssl.org/" arch="all" license="OpenSSL" replaces="libressl" makedepends_build="perl" makedepends_host="linux-headers" makedepends="$makedepends_host $makedepends_build" subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev $pkgname-doc libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" source="https://www.openssl.org/source/openssl-$pkgver.tar.gz man-section.patch CVE-2019-1551.patch " # secfixes: # 1.1.1d-r3: # - CVE-2019-1551 # 1.1.1d-r1: # - CVE-2019-1547 # - CVE-2019-1549 # - CVE-2019-1563 # 1.1.1b-r1: # - CVE-2019-1543 # 1.1.1a-r0: # - CVE-2018-0734 # - CVE-2018-0735 build() { local _target _optflags # openssl will prepend crosscompile always core CC et al CC=${CC#${CROSS_COMPILE}} CXX=${CXX#${CROSS_COMPILE}} CPP=${CPP#${CROSS_COMPILE}} # determine target OS for openssl case "$CARCH" in aarch64*) _target="linux-aarch64" ;; arm*) _target="linux-armv4" ;; mips64*) _target="linux64-mips64" ;; # explicit _optflags is needed to prevent automatic -mips3 addition mips*) _target="linux-mips32"; _optflags="-mips32" ;; ppc64le) _target="linux-ppc64le" ;; x86) _target="linux-elf" ;; x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; s390x) _target="linux64-s390x";; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac # Configure assumes --options are for it, so can't use # gcc's --sysroot fake this by overriding CC [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT" perl ./Configure $_target --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ shared no-zlib $_optflags \ no-async no-comp no-idea no-mdc2 no-rc5 no-ec2m \ no-sm2 no-sm4 no-ssl2 no-ssl3 no-seed \ no-weak-ssl-ciphers \ $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack make } check() { # AFALG tests have a sporadic test failure, just delete the broken # test for now. rm -f test/recipes/30-test_afalg.t make test } package() { make DESTDIR="$pkgdir" install # remove the script c_rehash rm "$pkgdir"/usr/bin/c_rehash } dev() { default_dev replaces="libressl-dev" } _libcrypto() { pkgdesc="Crypto library from openssl" replaces="libressl2.7-libcrypto" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib mv "$pkgdir"/etc "$subpkgdir"/ for i in "$pkgdir"/usr/lib/libcrypto*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/ } _libssl() { pkgdesc="SSL shared libraries" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done } sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 openssl-1.1.1d.tar.gz 3e5c425d219768721d38bb33db7445eb3ea12d9447a16c5b23b9fddfcbd9d40b98b39506aeac9cbaced4be22ad5a6cb8e4d16fbe4850ac50a6b0c716592b2a2b man-section.patch 11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5 CVE-2019-1551.patch"