###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.0.2f
+VER = 1.1.1g
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
-ifneq "$(KCFG)" "-sse2"
-CFLAGS += -DPURIFY
-else
-CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
-CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
-CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
-CFLAGS+= -fomit-frame-pointer -DPURIFY
-CXXFLAGS="${CFLAGS}"
+CFLAGS += -DPURIFY -Wa,--noexecstack
+
+# Enable SSE2 for this build
+ifeq "$(KCFG)" "-sse2"
+ CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
endif
export RPM_OPT_FLAGS = $(CFLAGS)
CONFIGURE_OPTIONS = \
--prefix=/usr \
--openssldir=/etc/ssl \
- --enginesdir=/usr/lib/openssl/engines \
shared \
zlib-dynamic \
enable-camellia \
- enable-md2 \
enable-seed \
- enable-tlsext \
enable-rfc3779 \
no-idea \
no-mdc2 \
no-rc5 \
no-srp \
- -DSSL_FORBID_ENULL
+ no-aria \
+ $(OPENSSL_ARCH)
-ifeq "$(MACHINE)" "x86_64"
- CONFIGURE_OPTIONS += linux-x86_64
+ifeq "$(IS_64BIT)" "1"
+ OPENSSL_ARCH = linux-generic64
+else
+ OPENSSL_ARCH = linux-generic32
endif
-ifeq "$(MACHINE)" "i586"
- CONFIGURE_OPTIONS += linux-elf
-
-ifneq "$(KCFG)" "-sse2"
- CONFIGURE_OPTIONS += no-sse2
+ifeq "$(BUILD_ARCH)" "aarch64"
+ OPENSSL_ARCH = linux-aarch64
endif
+
+ifeq "$(BUILD_ARCH)" "x86_64"
+ OPENSSL_ARCH = linux-x86_64
endif
-ifeq "$(MACHINE)" "armv5tel"
- CONFIGURE_OPTIONS += linux-generic32
+ifeq "$(BUILD_ARCH)" "i586"
+ OPENSSL_ARCH = linux-elf
+
+ ifneq "$(KCFG)" "-sse2"
+ OPENSSL_ARCH += no-sse2
+ endif
endif
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b3bf73f507172be9292ea2a8c28b659d
+$(DL_FILE)_MD5 = 76766e98997660138cdaf13a187bd234
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
-
- # i586 specific patches
-ifeq "$(MACHINE)" "i586"
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
-endif
-
- # With openssl 1.0.2e, pod2mantest is missing
- echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
- chmod a+x $(DIR_APP)/util/pod2mantest
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1d-default-cipherlist.patch
# Apply our CFLAGS
cd $(DIR_APP) && sed -i Configure \
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
- cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
+ cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) \
+ $(CFLAGS) $(LDFLAGS)
cd $(DIR_APP) && make depend
- cd $(DIR_APP) && make
+ cd $(DIR_APP) && make $(MAKETUNING)
ifeq "$(KCFG)" "-sse2"
-mkdir -pv /usr/lib/sse2
cd $(DIR_APP) && install -m 755 \
- libcrypto.so.10 /usr/lib/sse2
+ libcrypto.so.1.1 /usr/lib/sse2
else
# Install everything.
cd $(DIR_APP) && make install
install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
-
- # Remove man pages.
- -rm -vfr /etc/ssl/man
-
- # Move engines to the right place.
- -mkdir -pv /usr/lib/openssl
- rm -vfr /usr/lib/openssl/engines
- mv -v /usr/lib/engines /usr/lib/openssl
endif
@rm -rf $(DIR_APP)