add zlib support

author: oneup 2017-08-31 20:41:01 -0400
committer: oneup 2017-08-31 20:41:01 -0400
commit: c898c581c0bf91d81c96e5f8f18d694fb92ff6c8 (patch)
tree: dbc2e8db872bcf5b4930edd6b3cf9eaa1c03457a
download: aur-c898c581c0bf91d81c96e5f8f18d694fb92ff6c8.tar.gz
4 files changed, 171 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..e2b9c4d045cc
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,26 @@
+pkgbase = openssl-zlib
+	pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
+	pkgver = 1.1.0.f
+	pkgrel = 1
+	url = https://www.openssl.org
+	arch = i686
+	arch = x86_64
+	license = custom:BSD
+	depends = perl
+	depends = zlib
+	optdepends = ca-certificates
+	provides = openssl
+	conflicts = openssl
+	backup = etc/ssl/openssl.cnf
+	source = https://www.openssl.org/source/openssl-1.1.0f.tar.gz
+	source = https://www.openssl.org/source/openssl-1.1.0f.tar.gz.asc
+	source = ca-dir.patch
+	source = fs54205.patch
+	validpgpkeys = 8657ABB260F056B1E5190839D9C4D26D0E604491
+	sha256sums = 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765
+	sha256sums = SKIP
+	sha256sums = 90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790
+	sha256sums = 04de0feaaa81b5fb1c70a00c9f46670eb748f6d6795bd228d613c5f15c92af15
+
+pkgname = openssl-zlib
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..c1be57a03e23
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,73 @@
+# Based on openssl 1.1.0f PKGBUILD
+# Maintainer: oneup <oneup40 at gmail dot com>
+
+_basename=openssl
+pkgname=openssl-zlib
+_ver=1.1.0f
+# use a pacman compatible version scheme
+pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
+#pkgver=$_ver
+pkgrel=1
+pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
+arch=('i686' 'x86_64')
+url='https://www.openssl.org'
+license=('custom:BSD')
+depends=('perl' 'zlib')
+optdepends=('ca-certificates')
+backup=('etc/ssl/openssl.cnf')
+source=("https://www.openssl.org/source/${_basename}-${_ver}.tar.gz"
+        "https://www.openssl.org/source/${_basename}-${_ver}.tar.gz.asc"
+        'ca-dir.patch'
+	'fs54205.patch')
+sha256sums=('12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765'
+            'SKIP'
+            '90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790'
+            '04de0feaaa81b5fb1c70a00c9f46670eb748f6d6795bd228d613c5f15c92af15')
+validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
+provides=('openssl')
+conflicts=('openssl')
+
+prepare() {
+	cd "$srcdir/$_basename-$_ver"
+
+	# set ca dir to /etc/ssl by default
+	patch -p0 -i "$srcdir/ca-dir.patch"
+
+	patch -Np1 -i "$srcdir/fs54205.patch"
+}
+
+build() {
+	cd "$srcdir/$_basename-$_ver"
+
+	if [ "${CARCH}" == 'x86_64' ]; then
+		openssltarget='linux-x86_64'
+		optflags='enable-ec_nistp_64_gcc_128'
+	elif [ "${CARCH}" == 'i686' ]; then
+		openssltarget='linux-elf'
+		optflags=''
+	fi
+
+	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
+	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
+		shared no-ssl3-method zlib ${optflags} \
+		"${openssltarget}" \
+		"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"
+
+	make depend
+	make
+}
+
+check() {
+	cd "$srcdir/$_basename-$_ver"
+	# the test fails due to missing write permissions in /etc/ssl
+	# revert this patch for make test
+	patch -p0 -R -i "$srcdir/ca-dir.patch"
+	make test
+	patch -p0 -i "$srcdir/ca-dir.patch"
+}
+
+package() {
+	cd "$srcdir/$_basename-$_ver"
+	make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs
+	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
+}
diff --git a/ca-dir.patch b/ca-dir.patch
new file mode 100644
index 000000000000..1daba849b4ca
--- /dev/null
+++ b/ca-dir.patch
@@ -0,0 +1,31 @@
+--- apps/CA.pl.in	2016-09-26 11:46:04.000000000 +0200
++++ apps/CA.pl.in	2016-11-01 16:02:16.709616823 +0100
+@@ -33,7 +33,7 @@
+ my $PKCS12 = "$openssl pkcs12";
+ 
+ # default openssl.cnf file has setup as per the following
+-my $CATOP = "./demoCA";
++my $CATOP = "/etc/ssl";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";
+--- apps/openssl.cnf	2016-09-26 11:46:04.000000000 +0200
++++ apps/openssl.cnf	2016-11-01 16:02:48.378503427 +0100
+@@ -39,7 +39,7 @@
+ ####################################################################
+ [ CA_default ]
+ 
+-dir		= ./demoCA		# Where everything is kept
++dir		= /etc/ssl		# Where everything is kept
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.
+@@ -323,7 +323,7 @@
+ [ tsa_config1 ]
+ 
+ # These are used by the TSA reply generation only.
+-dir		= ./demoCA		# TSA root directory
++dir		= /etc/ssl		# TSA root directory
+ serial		= $dir/tsaserial	# The current serial number (mandatory)
+ crypto_device	= builtin		# OpenSSL engine to use for signing
+ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
diff --git a/fs54205.patch b/fs54205.patch
new file mode 100644
index 000000000000..f20068d42b15
--- /dev/null
+++ b/fs54205.patch
@@ -0,0 +1,41 @@
+From 6831138ced3804f8ebd2079b671a40c74794a8c4 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz@openssl.org>
+Date: Wed, 31 May 2017 12:14:55 -0400
+Subject: [PATCH] Only release thread-local key if we created it.
+
+Thanks to Jan Alexander Steffens for finding the bug and confirming the
+fix.
+---
+ crypto/err/err.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/err/err.c b/crypto/err/err.c
+index f866f2fdd0a..c55f849590b 100644
+--- a/crypto/err/err.c
++++ b/crypto/err/err.c
+@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
+ #endif
+ 
+ static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
++static int set_err_thread_local;
+ static CRYPTO_THREAD_LOCAL err_thread_local;
+ 
+ static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+ 
+ void err_cleanup(void)
+ {
+-    CRYPTO_THREAD_cleanup_local(&err_thread_local);
++    if (set_err_thread_local != 0)
++        CRYPTO_THREAD_cleanup_local(&err_thread_local);
+     CRYPTO_THREAD_lock_free(err_string_lock);
+     err_string_lock = NULL;
+ }
+@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid)
+ 
+ DEFINE_RUN_ONCE_STATIC(err_do_init)
+ {
++    set_err_thread_local = 1;
+     return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+ }
+
author	oneup	2017-08-31 20:41:01 -0400
committer	oneup	2017-08-31 20:41:01 -0400
commit	c898c581c0bf91d81c96e5f8f18d694fb92ff6c8 (patch)
tree	dbc2e8db872bcf5b4930edd6b3cf9eaa1c03457a
download	aur-c898c581c0bf91d81c96e5f8f18d694fb92ff6c8.tar.gz