diff options
author | oneup | 2017-08-31 20:41:01 -0400 |
---|---|---|
committer | oneup | 2017-08-31 20:41:01 -0400 |
commit | c898c581c0bf91d81c96e5f8f18d694fb92ff6c8 (patch) | |
tree | dbc2e8db872bcf5b4930edd6b3cf9eaa1c03457a | |
download | aur-c898c581c0bf91d81c96e5f8f18d694fb92ff6c8.tar.gz |
add zlib support
-rw-r--r-- | .SRCINFO | 26 | ||||
-rw-r--r-- | PKGBUILD | 73 | ||||
-rw-r--r-- | ca-dir.patch | 31 | ||||
-rw-r--r-- | fs54205.patch | 41 |
4 files changed, 171 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..e2b9c4d045cc --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,26 @@ +pkgbase = openssl-zlib + pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security + pkgver = 1.1.0.f + pkgrel = 1 + url = https://www.openssl.org + arch = i686 + arch = x86_64 + license = custom:BSD + depends = perl + depends = zlib + optdepends = ca-certificates + provides = openssl + conflicts = openssl + backup = etc/ssl/openssl.cnf + source = https://www.openssl.org/source/openssl-1.1.0f.tar.gz + source = https://www.openssl.org/source/openssl-1.1.0f.tar.gz.asc + source = ca-dir.patch + source = fs54205.patch + validpgpkeys = 8657ABB260F056B1E5190839D9C4D26D0E604491 + sha256sums = 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 + sha256sums = SKIP + sha256sums = 90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790 + sha256sums = 04de0feaaa81b5fb1c70a00c9f46670eb748f6d6795bd228d613c5f15c92af15 + +pkgname = openssl-zlib + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..c1be57a03e23 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,73 @@ +# Based on openssl 1.1.0f PKGBUILD +# Maintainer: oneup <oneup40 at gmail dot com> + +_basename=openssl +pkgname=openssl-zlib +_ver=1.1.0f +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +#pkgver=$_ver +pkgrel=1 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' +arch=('i686' 'x86_64') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('perl' 'zlib') +optdepends=('ca-certificates') +backup=('etc/ssl/openssl.cnf') +source=("https://www.openssl.org/source/${_basename}-${_ver}.tar.gz" + "https://www.openssl.org/source/${_basename}-${_ver}.tar.gz.asc" + 'ca-dir.patch' + 'fs54205.patch') +sha256sums=('12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765' + 'SKIP' + '90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790' + '04de0feaaa81b5fb1c70a00c9f46670eb748f6d6795bd228d613c5f15c92af15') +validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491') +provides=('openssl') +conflicts=('openssl') + +prepare() { + cd "$srcdir/$_basename-$_ver" + + # set ca dir to /etc/ssl by default + patch -p0 -i "$srcdir/ca-dir.patch" + + patch -Np1 -i "$srcdir/fs54205.patch" +} + +build() { + cd "$srcdir/$_basename-$_ver" + + if [ "${CARCH}" == 'x86_64' ]; then + openssltarget='linux-x86_64' + optflags='enable-ec_nistp_64_gcc_128' + elif [ "${CARCH}" == 'i686' ]; then + openssltarget='linux-elf' + optflags='' + fi + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ + shared no-ssl3-method zlib ${optflags} \ + "${openssltarget}" \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make depend + make +} + +check() { + cd "$srcdir/$_basename-$_ver" + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i "$srcdir/ca-dir.patch" + make test + patch -p0 -i "$srcdir/ca-dir.patch" +} + +package() { + cd "$srcdir/$_basename-$_ver" + make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs + install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE +} diff --git a/ca-dir.patch b/ca-dir.patch new file mode 100644 index 000000000000..1daba849b4ca --- /dev/null +++ b/ca-dir.patch @@ -0,0 +1,31 @@ +--- apps/CA.pl.in 2016-09-26 11:46:04.000000000 +0200 ++++ apps/CA.pl.in 2016-11-01 16:02:16.709616823 +0100 +@@ -33,7 +33,7 @@ + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/ssl"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +--- apps/openssl.cnf 2016-09-26 11:46:04.000000000 +0200 ++++ apps/openssl.cnf 2016-11-01 16:02:48.378503427 +0100 +@@ -39,7 +39,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -323,7 +323,7 @@ + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/ssl # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate diff --git a/fs54205.patch b/fs54205.patch new file mode 100644 index 000000000000..f20068d42b15 --- /dev/null +++ b/fs54205.patch @@ -0,0 +1,41 @@ +From 6831138ced3804f8ebd2079b671a40c74794a8c4 Mon Sep 17 00:00:00 2001 +From: Rich Salz <rsalz@openssl.org> +Date: Wed, 31 May 2017 12:14:55 -0400 +Subject: [PATCH] Only release thread-local key if we created it. + +Thanks to Jan Alexander Steffens for finding the bug and confirming the +fix. +--- + crypto/err/err.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/crypto/err/err.c b/crypto/err/err.c +index f866f2fdd0a..c55f849590b 100644 +--- a/crypto/err/err.c ++++ b/crypto/err/err.c +@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { + #endif + + static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; ++static int set_err_thread_local; + static CRYPTO_THREAD_LOCAL err_thread_local; + + static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; +@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init) + + void err_cleanup(void) + { +- CRYPTO_THREAD_cleanup_local(&err_thread_local); ++ if (set_err_thread_local != 0) ++ CRYPTO_THREAD_cleanup_local(&err_thread_local); + CRYPTO_THREAD_lock_free(err_string_lock); + err_string_lock = NULL; + } +@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid) + + DEFINE_RUN_ONCE_STATIC(err_do_init) + { ++ set_err_thread_local = 1; + return CRYPTO_THREAD_init_local(&err_thread_local, NULL); + } + |