system/openssl/APKBUILD


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=openssl
pkgver=1.1.1d
pkgrel=0
pkgdesc="Toolkit for SSL and TLS"
url="https://www.openssl.org/"
arch="all"
license="OpenSSL"
depends=""
checkdepends="perl"
makedepends_build="perl"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.1:libcrypto
	libssl1.1:libssl"
source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
	CVE-2019-1551.patch
	ppc64.patch
	"

# secfixes:
#   1.0.2h-r0:
#     - CVE-2016-2107
#     - CVE-2016-2105
#     - CVE-2016-2106
#     - CVE-2016-2109
#     - CVE-2016-2176
#   1.0.2h-r1:
#     - CVE-2016-2177
#     - CVE-2016-2178
#   1.0.2h-r2:
#     - CVE-2016-2180
#   1.0.2h-r3:
#     - CVE-2016-2179
#     - CVE-2016-2182
#     - CVE-2016-6302
#     - CVE-2016-6303
#   1.0.2h-r4:
#     - CVE-2016-2181
#   1.0.2i-r0:
#     - CVE-2016-2183
#     - CVE-2016-6304
#     - CVE-2016-6306
#   1.0.2m-r0:
#     - CVE-2017-3735
#     - CVE-2017-3736
#   1.0.2n-r0:
#     - CVE-2017-3737
#     - CVE-2017-3738
#   1.0.2o-r0:
#     - CVE-2018-0739
#     - CVE-2018-0737
#     - CVE-2018-0732
#   1.0.2r-r0:
#     - CVE-2018-0734
#     - CVE-2018-5407
#     - CVE-2019-1559
#   1.0.2t-r0:
#     - CVE-2019-1547
#     - CVE-2019-1563
#   1.1.1d-r0:
#     - CVE-2019-1551

build() {
	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
	aarch64*) _target="linux-aarch64" ;;
	arm*)   _target="linux-armv4" ;;
	ppc)	_target="linux-ppc" ;;
	ppc64)	_target="linux-ppc64" ;;
	ppc64le) _target="linux-ppc64le" ;;
	i528 | pmmx | x86) _target="linux-elf" ;;
	x86_64) _target="linux-x86_64" ;;
	s390x)	_target="linux64-s390x";;
	*)	msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared no-zlib enable-md2 no-weak-ssl-ciphers \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
	make
}

check() {
	make test
}

package() {
	make DESTDIR="$pkgdir" install
	rm "$pkgdir"/usr/bin/c_rehash

	for _manfile in "$pkgdir"/usr/share/man/man1/*; do
		case _manfile in
		openssl*) ;;
		*) mv $_manfile "$pkgdir"/usr/share/man/man1/openssl-$(basename $_manfile)
		esac
	done
}

libcrypto() {
	pkgdesc="OpenSSL cryptography library"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines-1.1 "$subpkgdir"/usr/lib/
}

libssl() {
	pkgdesc="OpenSSL socket library"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7  openssl-1.1.1d.tar.gz
11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5  CVE-2019-1551.patch
66bbb0ae769643c8a0b1501d9c8466f08f0d8b3b2bc4fcc2c0c054ab1971ced85c07aa0e4b8168a4394d0ae407dfbd26066a7a068602ce5b58e459b12ce6d36a  ppc64.patch"