core/openssl to 1.0.2.g-3

2025-01-27 23:44:04 +00:00 · 2016-03-06 16:23:36 +00:00 · 2016-03-06 16:23:36 +00:00 · 3bb4e18336
commit 3bb4e18336
parent bef8b76e4c
2 changed files with 49 additions and 11 deletions
--- a/core/openssl/PKGBUILD
+++ b/core/openssl/PKGBUILD
@ -2,37 +2,45 @@
 # Maintainer: Pierre Schmitz <pierre@archlinux.de>

 # ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
-#  - use linux-armv4 target for our architectures
+#  - set ARM architecture targets

 pkgname=openssl
-_ver=1.0.2f
+_ver=1.0.2g
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
-pkgrel=1
+pkgrel=3
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
 arch=('i686' 'x86_64')
 url='https://www.openssl.org'
 license=('custom:BSD')
-depends=('zlib' 'perl')
+depends=('perl')
 optdepends=('ca-certificates')
 options=('!makeflags')
 backup=('etc/ssl/openssl.cnf')
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
+        "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
        'no-rpath.patch'
+        'ssl3-test-failure.patch'
        'ca-dir.patch')
-md5sums=('b3bf73f507172be9292ea2a8c28b659d'
+md5sums=('f3c710c045cdee5fd114feb69feba7aa'
+         'SKIP'
         'dc78d3d06baffc16217519242ce92478'
+         '62fc492252edd3283871632bb77fadbe'
         '3bf51be3a1bbd262be46dc619f92aa90')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')

 prepare() {
-    cd $srcdir/$pkgname-$_ver
+	cd $srcdir/$pkgname-$_ver

-    # remove rpath: http://bugs.archlinux.org/task/14367
-    patch -p0 -i $srcdir/no-rpath.patch
-    # set ca dir to /etc/ssl by default
-    patch -p0 -i $srcdir/ca-dir.patch
+	# remove rpath: http://bugs.archlinux.org/task/14367
+	patch -p0 -i $srcdir/no-rpath.patch
+
+	# disable a test that fails when ssl3 is disabled
+	patch -p1 -i $srcdir/ssl3-test-failure.patch
+
+	# set ca dir to /etc/ssl by default
+	patch -p0 -i $srcdir/ca-dir.patch
 }

 build() {
@ -40,17 +48,21 @@ build() {

 	if [ "${CARCH}" == 'x86_64' ]; then
 		openssltarget='linux-x86_64'
+		optflags='enable-ec_nistp_64_gcc_128'
 	elif [ "${CARCH}" == 'i686' ]; then
 		openssltarget='linux-elf'
+		optflags=''
 	elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv6h' -o "${CARCH}" == 'armv7h' ]; then
 		openssltarget='linux-armv4'
+		optflags=''
 	elif [ "${CARCH}" == 'aarch64' ]; then
 		openssltarget='linux-aarch64'
+		optflags=''
 	fi

 	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
 	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-		shared zlib \
+		shared no-ssl3-method ${optflags} \
 		"${openssltarget}" \
 		"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"

--- a/core/openssl/ssl3-test-failure.patch
+++ b/core/openssl/ssl3-test-failure.patch
@ -0,0 +1,26 @@
+From: Kurt Roeckx <kurt@roeckx.be>
+Date: Sun, 6 Sep 2015 16:04:11 +0200
+Subject: Disable SSLv3 test in test suite
+
+When testing SSLv3 the test program returns 0 for skip.  The test for weak DH
+expects a failure, but gets success.
+
+It should probably be changed to return something other than 0 for a skipped
+test.
+---
+ test/testssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/testssl b/test/testssl
+index 747e4ba..1e4370b 100644
+--- a/test/testssl
+++ b/test/testssl
+@@ -160,7 +160,7 @@ test_cipher() {
+ }
+ 
+ echo "Testing ciphersuites"
+-for protocol in TLSv1.2 SSLv3; do
+for protocol in TLSv1.2; do
+   echo "Testing ciphersuites for $protocol"
+   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+     test_cipher $cipher $protocol