###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 1.0.1m
+VER = 1.0.2a
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
+
+TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
+
+ifneq "$(KCFG)" "-sse2"
+CFLAGS += -DPURIFY
+else
+CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
+CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
+CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
+CFLAGS+= -fomit-frame-pointer -DPURIFY
+CXXFLAGS="${CFLAGS}"
+endif
+
+export RPM_OPT_FLAGS = $(CFLAGS)
+
+CONFIGURE_OPTIONS = \
+ --prefix=/usr \
+ --openssldir=/etc/ssl \
+ --enginesdir=/usr/lib/openssl/engines \
+ shared \
+ zlib-dynamic \
+ enable-camellia \
+ enable-md2 \
+ enable-seed \
+ enable-tlsext \
+ enable-rfc3779 \
+ no-idea \
+ no-mdc2 \
+ no-rc5 \
+ no-srp \
+ -DSSL_FORBID_ENULL
ifeq "$(MACHINE)" "i586"
- CONFIGURE_ARGS = linux-elf no-asm 386
+ CONFIGURE_OPTIONS += linux-elf
+
+ifneq "$(KCFG)" "-sse2"
+ CONFIGURE_OPTIONS += no-sse2
+endif
endif
ifeq "$(MACHINE)" "armv5tel"
- CONFIGURE_ARGS = linux-generic32
+ CONFIGURE_OPTIONS += linux-generic32
endif
-CFLAGS += -DPURIFY
-export RPM_OPT_FLAGS = $(CFLAGS)
-
###############################################################################
# Top-level Rules
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d143d1555d842a069cb7cc34ba745a06
+$(DL_FILE)_MD5 = a06c547dac9044161a477211049f60ef
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Enable Padlock in i586
+ifeq "$(MACHINE)" "i586"
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
+endif
+
# Apply our CFLAGS
cd $(DIR_APP) && sed -i Configure \
-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
- cd $(DIR_APP) && ./Configure \
- --prefix=/usr \
- --openssldir=/etc/ssl \
- --enginesdir=/usr/lib/openssl/engines \
- shared \
- zlib-dynamic \
- enable-camellia \
- enable-md2 \
- enable-seed \
- enable-tlsext \
- enable-rfc3779 \
- no-idea \
- no-mdc2 \
- no-rc5 \
- no-srp \
- $(CONFIGURE_ARGS) \
- -DSSL_FORBID_ENULL
+ cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make
+ifeq "$(KCFG)" "-sse2"
+ -mkdir -pv /usr/lib/sse2
+ cd $(DIR_APP) && install -m 755 \
+ libcrypto.so.10 /usr/lib/sse2
+else
# Install everything.
cd $(DIR_APP) && make install
install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
-mkdir -pv /usr/lib/openssl
rm -vfr /usr/lib/openssl/engines
mv -v /usr/lib/engines /usr/lib/openssl
+endif
@rm -rf $(DIR_APP)
@$(POSTBUILD)
projects / ipfire-2.x.git / blobdiff