# Maintainer: A. Wilcox pkgname=openssl pkgver=1.1.1d pkgrel=0 pkgdesc="Toolkit for SSL and TLS" url="https://www.openssl.org/" arch="all" license="OpenSSL" depends="" checkdepends="perl" makedepends_build="perl" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.1:libcrypto libssl1.1:libssl" source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz CVE-2019-1551.patch ppc64.patch " # secfixes: # 1.0.2h-r0: # - CVE-2016-2107 # - CVE-2016-2105 # - CVE-2016-2106 # - CVE-2016-2109 # - CVE-2016-2176 # 1.0.2h-r1: # - CVE-2016-2177 # - CVE-2016-2178 # 1.0.2h-r2: # - CVE-2016-2180 # 1.0.2h-r3: # - CVE-2016-2179 # - CVE-2016-2182 # - CVE-2016-6302 # - CVE-2016-6303 # 1.0.2h-r4: # - CVE-2016-2181 # 1.0.2i-r0: # - CVE-2016-2183 # - CVE-2016-6304 # - CVE-2016-6306 # 1.0.2m-r0: # - CVE-2017-3735 # - CVE-2017-3736 # 1.0.2n-r0: # - CVE-2017-3737 # - CVE-2017-3738 # 1.0.2o-r0: # - CVE-2018-0739 # - CVE-2018-0737 # - CVE-2018-0732 # 1.0.2r-r0: # - CVE-2018-0734 # - CVE-2018-5407 # - CVE-2019-1559 # 1.0.2t-r0: # - CVE-2019-1547 # - CVE-2019-1563 # 1.1.1d-r0: # - CVE-2019-1551 build() { # openssl will prepend crosscompile always core CC et al CC=${CC#${CROSS_COMPILE}} CXX=${CXX#${CROSS_COMPILE}} CPP=${CPP#${CROSS_COMPILE}} # determine target OS for openssl case "$CARCH" in aarch64*) _target="linux-aarch64" ;; arm*) _target="linux-armv4" ;; ppc) _target="linux-ppc" ;; ppc64) _target="linux-ppc64" ;; ppc64le) _target="linux-ppc64le" ;; i528 | pmmx | x86) _target="linux-elf" ;; x86_64) _target="linux-x86_64" ;; s390x) _target="linux64-s390x";; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac # Configure assumes --options are for it, so can't use # gcc's --sysroot fake this by overriding CC [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}" perl ./Configure $_target --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ shared no-zlib enable-md2 no-weak-ssl-ciphers \ $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack make } check() { make test } package() { make DESTDIR="$pkgdir" install rm "$pkgdir"/usr/bin/c_rehash for _manfile in "$pkgdir"/usr/share/man/man1/*; do case _manfile in openssl*) ;; *) mv $_manfile "$pkgdir"/usr/share/man/man1/openssl-$(basename $_manfile) esac done } libcrypto() { pkgdesc="OpenSSL cryptography library" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libcrypto*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done mv "$pkgdir"/usr/lib/engines-1.1 "$subpkgdir"/usr/lib/ } libssl() { pkgdesc="OpenSSL socket library" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done } sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 openssl-1.1.1d.tar.gz 11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5 CVE-2019-1551.patch 66bbb0ae769643c8a0b1501d9c8466f08f0d8b3b2bc4fcc2c0c054ab1971ced85c07aa0e4b8168a4394d0ae407dfbd26066a7a068602ce5b58e459b12ce6d36a ppc64.patch"