core/openssl to 1.1.0.e-1

2024-11-08 22:45:43 +00:00 · 2017-04-24 23:36:52 +00:00 · 2017-04-24 23:36:52 +00:00 · 314660a0ba
commit 314660a0ba
parent 2866dad41a
4 changed files with 25 additions and 75 deletions
--- a/core/openssl/PKGBUILD
+++ b/core/openssl/PKGBUILD
@ -5,7 +5,7 @@
 #  - set ARM architecture targets

 pkgname=openssl
-_ver=1.0.2k
+_ver=1.1.0e
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
@ -16,29 +16,18 @@ url='https://www.openssl.org'
 license=('custom:BSD')
 depends=('perl')
 optdepends=('ca-certificates')
-options=('!makeflags')
 backup=('etc/ssl/openssl.cnf')
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
        "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
-        'no-rpath.patch'
-        'ssl3-test-failure.patch'
        'ca-dir.patch')
-md5sums=('f965fc0bf01bf882b31314b61391ae65'
+md5sums=('51c42d152122e474754aea96f66928c6'
         'SKIP'
-         'dc78d3d06baffc16217519242ce92478'
-         '62fc492252edd3283871632bb77fadbe'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+         '02b53865fb70faef763e262b4971aa4b')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')

 prepare() {
 	cd $srcdir/$pkgname-$_ver

-	# remove rpath: http://bugs.archlinux.org/task/14367
-	patch -p0 -i $srcdir/no-rpath.patch
-
-	# disable a test that fails when ssl3 is disabled
-	patch -p1 -i $srcdir/ssl3-test-failure.patch
-
 	# set ca dir to /etc/ssl by default
 	patch -p0 -i $srcdir/ca-dir.patch
 }
@ -81,6 +70,6 @@ check() {

 package() {
 	cd $srcdir/$pkgname-$_ver
-	make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install
+	make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs
 	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
 }
--- a/core/openssl/ca-dir.patch
+++ b/core/openssl/ca-dir.patch
@ -1,27 +1,16 @@
--- apps/CA.pl.in	2006-04-28 02:30:49.000000000 +0200
-+++ apps/CA.pl.in	2010-04-01 00:35:02.600553509 +0200
-@@ -53,7 +53,7 @@
- $X509="$openssl x509";
- $PKCS12="$openssl pkcs12";
+--- apps/CA.pl.in	2016-09-26 11:46:04.000000000 +0200
+++ apps/CA.pl.in	2016-11-01 16:02:16.709616823 +0100
+@@ -33,7 +33,7 @@
+ my $PKCS12 = "$openssl pkcs12";
 
-$CATOP="./demoCA";
-+$CATOP="/etc/ssl";
- $CAKEY="cakey.pem";
- $CAREQ="careq.pem";
- $CACERT="cacert.pem";
--- apps/CA.sh	2009-10-15 19:27:47.000000000 +0200
-+++ apps/CA.sh	2010-04-01 00:35:02.600553509 +0200
-@@ -68,7 +68,7 @@
- X509="$OPENSSL x509"
- PKCS12="openssl pkcs12"
- 
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
-+if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
- CAKEY=./cakey.pem
- CAREQ=./careq.pem
- CACERT=./cacert.pem
--- apps/openssl.cnf	2009-04-04 20:09:43.000000000 +0200
-+++ apps/openssl.cnf	2010-04-01 00:35:02.607220681 +0200
+ # default openssl.cnf file has setup as per the following
+-my $CATOP = "./demoCA";
+my $CATOP = "/etc/ssl";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";
+--- apps/openssl.cnf	2016-09-26 11:46:04.000000000 +0200
+++ apps/openssl.cnf	2016-11-01 16:02:48.378503427 +0100
@@ -39,7 +39,7 @@
 ####################################################################
 [ CA_default ]
@ -31,3 +20,12 @@
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
+@@ -323,7 +323,7 @@
+ [ tsa_config1 ]
+ 
+ # These are used by the TSA reply generation only.
+-dir		= ./demoCA		# TSA root directory
+dir		= /etc/ssl		# TSA root directory
+ serial		= $dir/tsaserial	# The current serial number (mandatory)
+ crypto_device	= builtin		# OpenSSL engine to use for signing
+ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
--- a/core/openssl/no-rpath.patch
+++ b/core/openssl/no-rpath.patch
@ -1,11 +0,0 @@
--- Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
-+++ Makefile.shared	2005-11-16 22:35:37.000000000 +0100
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to
--- a/core/openssl/ssl3-test-failure.patch
+++ b/core/openssl/ssl3-test-failure.patch
@ -1,26 +0,0 @@
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Sun, 6 Sep 2015 16:04:11 +0200
-Subject: Disable SSLv3 test in test suite
-
-When testing SSLv3 the test program returns 0 for skip.  The test for weak DH
-expects a failure, but gets success.
-
-It should probably be changed to return something other than 0 for a skipped
-test.
---
- test/testssl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/testssl b/test/testssl
-index 747e4ba..1e4370b 100644
--- a/test/testssl
-+++ b/test/testssl
-@@ -160,7 +160,7 @@ test_cipher() {
- }
- 
- echo "Testing ciphersuites"
-for protocol in TLSv1.2 SSLv3; do
-+for protocol in TLSv1.2; do
-   echo "Testing ciphersuites for $protocol"
-   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
-     test_cipher $cipher $protocol