X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=lfs%2Fopenssl-compat;h=062f85fdbc39d53327fdf3db47ce3c4a10f739cc;hb=ed4bbe44d121480e56c817f42f797423507c7630;hp=5e3c1ff706b4cef2dd24d8dda22568c9413f5983;hpb=d4ee6f08135135d7abac777a63fdadccda156052;p=ipfire-2.x.git diff --git a/lfs/openssl-compat b/lfs/openssl-compat index 5e3c1ff706..062f85fdbc 100644 --- a/lfs/openssl-compat +++ b/lfs/openssl-compat @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,13 +24,57 @@ include Config -VER = 0.9.8zf +VER = 1.0.2q THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) + +TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) + +export RPM_OPT_FLAGS = $(CFLAGS) + +CONFIGURE_OPTIONS = \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + --enginesdir=/usr/lib/openssl/engines \ + shared \ + zlib-dynamic \ + enable-camellia \ + enable-md2 \ + disable-ssl2 \ + enable-seed \ + enable-tlsext \ + enable-rfc3779 \ + no-idea \ + no-mdc2 \ + no-rc5 \ + no-srp \ + -DSSL_FORBID_ENULL \ + $(OPENSSL_ARCH) + +ifeq "$(IS_64BIT)" "1" + OPENSSL_ARCH = linux-generic64 +else + OPENSSL_ARCH = linux-generic32 +endif + +ifeq "$(BUILD_ARCH)" "aarch64" + OPENSSL_ARCH = linux-aarch64 +endif + +ifeq "$(BUILD_ARCH)" "x86_64" + OPENSSL_ARCH = linux-x86_64 +endif + +ifeq "$(BUILD_ARCH)" "i586" + OPENSSL_ARCH = linux-elf + + ifneq "$(KCFG)" "-sse2" + OPENSSL_ARCH += no-sse2 + endif +endif ############################################################################### # Top-level Rules @@ -40,7 +84,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = c69a4a679233f7df189e1ad6659511ec +$(DL_FILE)_MD5 = 7563e1ce046cb21948eeb6ba1a0eb71c install : $(TARGET) @@ -70,33 +114,35 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch + + # i586 specific patches +ifeq "$(BUILD_ARCH)" "i586" + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch +endif - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch + # With openssl 1.0.2e, pod2mantest is missing + echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest + chmod a+x $(DIR_APP)/util/pod2mantest # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" - cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config - cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure - - # Support for engines is disabled, because the shared objects from the - # new version of openssl cannot be loaded by the old one. + cd $(DIR_APP) && find crypto/ -name Makefile -exec \ + sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; - cd $(DIR_APP) && ./Configure \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared linux-elf \ - zlib-dynamic \ - no-engines \ - no-asm 386 \ - -DSSL_FORBID_ENULL + cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) cd $(DIR_APP) && make depend cd $(DIR_APP) && make - cd $(DIR_APP) && install -v -m 755 libcrypto.so.0.9.8 /usr/lib - cd $(DIR_APP) && install -v -m 755 libssl.so.0.9.8 /usr/lib + # Install libraries only + cd $(DIR_APP) && install -m 755 \ + libcrypto.so.10 libssl.so.10 /usr/lib @rm -rf $(DIR_APP) @$(POSTBUILD)