summaryrefslogtreecommitdiff
path: root/system/openssl/APKBUILD
blob: dc4c4aab4fef91e964b949e6d12d2e1eb9f15e0f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=openssl
pkgver=1.1.1d
pkgrel=0
pkgdesc="Toolkit for SSL and TLS"
url="https://www.openssl.org/"
arch="all"
license="OpenSSL"
depends=""
checkdepends="perl"
makedepends_build="perl"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.1:libcrypto
	libssl1.1:libssl"
source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
	CVE-2019-1551.patch
	ppc64.patch
	"

# secfixes:
#   1.0.2h-r0:
#     - CVE-2016-2107
#     - CVE-2016-2105
#     - CVE-2016-2106
#     - CVE-2016-2109
#     - CVE-2016-2176
#   1.0.2h-r1:
#     - CVE-2016-2177
#     - CVE-2016-2178
#   1.0.2h-r2:
#     - CVE-2016-2180
#   1.0.2h-r3:
#     - CVE-2016-2179
#     - CVE-2016-2182
#     - CVE-2016-6302
#     - CVE-2016-6303
#   1.0.2h-r4:
#     - CVE-2016-2181
#   1.0.2i-r0:
#     - CVE-2016-2183
#     - CVE-2016-6304
#     - CVE-2016-6306
#   1.0.2m-r0:
#     - CVE-2017-3735
#     - CVE-2017-3736
#   1.0.2n-r0:
#     - CVE-2017-3737
#     - CVE-2017-3738
#   1.0.2o-r0:
#     - CVE-2018-0739
#     - CVE-2018-0737
#     - CVE-2018-0732
#   1.0.2r-r0:
#     - CVE-2018-0734
#     - CVE-2018-5407
#     - CVE-2019-1559
#   1.0.2t-r0:
#     - CVE-2019-1547
#     - CVE-2019-1563
#   1.1.1d-r0:
#     - CVE-2019-1551

build() {
	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
	aarch64*) _target="linux-aarch64" ;;
	arm*)   _target="linux-armv4" ;;
	ppc)	_target="linux-ppc" ;;
	ppc64)	_target="linux-ppc64" ;;
	ppc64le) _target="linux-ppc64le" ;;
	i528 | pmmx | x86) _target="linux-elf" ;;
	x86_64) _target="linux-x86_64" ;;
	s390x)	_target="linux64-s390x";;
	*)	msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared no-zlib enable-md2 no-weak-ssl-ciphers \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
	make
}

check() {
	make test
}

package() {
	make DESTDIR="$pkgdir" install
	rm "$pkgdir"/usr/bin/c_rehash
}

libcrypto() {
	pkgdesc="OpenSSL cryptography library"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines-1.1 "$subpkgdir"/usr/lib/
}

libssl() {
	pkgdesc="OpenSSL socket library"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7  openssl-1.1.1d.tar.gz
11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5  CVE-2019-1551.patch
66bbb0ae769643c8a0b1501d9c8466f08f0d8b3b2bc4fcc2c0c054ab1971ced85c07aa0e4b8168a4394d0ae407dfbd26066a7a068602ce5b58e459b12ce6d36a  ppc64.patch"