core/openssl to 1.1.0.e-1

core/openssl/PKGBUILD

@@ -5,7 +5,7 @@
 #  - set ARM architecture targets
 
 pkgname=openssl
-_ver=1.0.2k
+_ver=1.1.0e
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
@@ -16,29 +16,18 @@ url='https://www.openssl.org'
 license=('custom:BSD')
 depends=('perl')
 optdepends=('ca-certificates')
-options=('!makeflags')
 backup=('etc/ssl/openssl.cnf')
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
         "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
-        'no-rpath.patch'
-        'ssl3-test-failure.patch'
         'ca-dir.patch')
-md5sums=('f965fc0bf01bf882b31314b61391ae65'
+md5sums=('51c42d152122e474754aea96f66928c6'
          'SKIP'
-         'dc78d3d06baffc16217519242ce92478'
+         '02b53865fb70faef763e262b4971aa4b')
-         '62fc492252edd3283871632bb77fadbe'
-         '3bf51be3a1bbd262be46dc619f92aa90')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
 
 prepare() {
 	cd $srcdir/$pkgname-$_ver
 
-	# remove rpath: http://bugs.archlinux.org/task/14367
-	patch -p0 -i $srcdir/no-rpath.patch
-
-	# disable a test that fails when ssl3 is disabled
-	patch -p1 -i $srcdir/ssl3-test-failure.patch
-
 	# set ca dir to /etc/ssl by default
 	patch -p0 -i $srcdir/ca-dir.patch
 }
@@ -81,6 +70,6 @@ check() {
 
 package() {
 	cd $srcdir/$pkgname-$_ver
-	make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install
+	make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs
 	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
 }

core/openssl/ca-dir.patch

@@ -1,27 +1,16 @@
---- apps/CA.pl.in	2006-04-28 02:30:49.000000000 +0200
+--- apps/CA.pl.in	2016-09-26 11:46:04.000000000 +0200
-+++ apps/CA.pl.in	2010-04-01 00:35:02.600553509 +0200
++++ apps/CA.pl.in	2016-11-01 16:02:16.709616823 +0100
-@@ -53,7 +53,7 @@
+@@ -33,7 +33,7 @@
- $X509="$openssl x509";
+ my $PKCS12 = "$openssl pkcs12";
- $PKCS12="$openssl pkcs12";
  
--$CATOP="./demoCA";
+ # default openssl.cnf file has setup as per the following
-+$CATOP="/etc/ssl";
+-my $CATOP = "./demoCA";
- $CAKEY="cakey.pem";
++my $CATOP = "/etc/ssl";
- $CAREQ="careq.pem";
+ my $CAKEY = "cakey.pem";
- $CACERT="cacert.pem";
+ my $CAREQ = "careq.pem";
---- apps/CA.sh	2009-10-15 19:27:47.000000000 +0200
+ my $CACERT = "cacert.pem";
-+++ apps/CA.sh	2010-04-01 00:35:02.600553509 +0200
+--- apps/openssl.cnf	2016-09-26 11:46:04.000000000 +0200
-@@ -68,7 +68,7 @@
++++ apps/openssl.cnf	2016-11-01 16:02:48.378503427 +0100
- X509="$OPENSSL x509"
- PKCS12="openssl pkcs12"
- 
--if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
-+if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
- CAKEY=./cakey.pem
- CAREQ=./careq.pem
- CACERT=./cacert.pem
---- apps/openssl.cnf	2009-04-04 20:09:43.000000000 +0200
-+++ apps/openssl.cnf	2010-04-01 00:35:02.607220681 +0200
 @@ -39,7 +39,7 @@
  ####################################################################
  [ CA_default ]
@@ -31,3 +20,12 @@
  certs		= $dir/certs		# Where the issued certs are kept
  crl_dir		= $dir/crl		# Where the issued crl are kept
  database	= $dir/index.txt	# database index file.
+@@ -323,7 +323,7 @@
+ [ tsa_config1 ]
+ 
+ # These are used by the TSA reply generation only.
+-dir		= ./demoCA		# TSA root directory
++dir		= /etc/ssl		# TSA root directory
+ serial		= $dir/tsaserial	# The current serial number (mandatory)
+ crypto_device	= builtin		# OpenSSL engine to use for signing
+ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate

core/openssl/no-rpath.patch

@@ -1,11 +0,0 @@
---- Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
-+++ Makefile.shared	2005-11-16 22:35:37.000000000 +0100
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to

core/openssl/ssl3-test-failure.patch

@@ -1,26 +0,0 @@
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Sun, 6 Sep 2015 16:04:11 +0200
-Subject: Disable SSLv3 test in test suite
-
-When testing SSLv3 the test program returns 0 for skip.  The test for weak DH
-expects a failure, but gets success.
-
-It should probably be changed to return something other than 0 for a skipped
-test.
----
- test/testssl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/testssl b/test/testssl
-index 747e4ba..1e4370b 100644
---- a/test/testssl
-+++ b/test/testssl
-@@ -160,7 +160,7 @@ test_cipher() {
- }
- 
- echo "Testing ciphersuites"
--for protocol in TLSv1.2 SSLv3; do
-+for protocol in TLSv1.2; do
-   echo "Testing ciphersuites for $protocol"
-   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
-     test_cipher $cipher $protocol