###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 0.9.8zf
+VER = 1.0.2q
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
+
+TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
+
+export RPM_OPT_FLAGS = $(CFLAGS)
+
+CONFIGURE_OPTIONS = \
+ --prefix=/usr \
+ --openssldir=/etc/ssl \
+ --enginesdir=/usr/lib/openssl/engines \
+ shared \
+ zlib-dynamic \
+ enable-camellia \
+ enable-md2 \
+ disable-ssl2 \
+ enable-seed \
+ enable-tlsext \
+ enable-rfc3779 \
+ no-idea \
+ no-mdc2 \
+ no-rc5 \
+ no-srp \
+ -DSSL_FORBID_ENULL \
+ $(OPENSSL_ARCH)
+
+ifeq "$(IS_64BIT)" "1"
+ OPENSSL_ARCH = linux-generic64
+else
+ OPENSSL_ARCH = linux-generic32
+endif
+
+ifeq "$(BUILD_ARCH)" "aarch64"
+ OPENSSL_ARCH = linux-aarch64
+endif
+
+ifeq "$(BUILD_ARCH)" "x86_64"
+ OPENSSL_ARCH = linux-x86_64
+endif
+
+ifeq "$(BUILD_ARCH)" "i586"
+ OPENSSL_ARCH = linux-elf
+
+ ifneq "$(KCFG)" "-sse2"
+ OPENSSL_ARCH += no-sse2
+ endif
+endif
###############################################################################
# Top-level Rules
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c69a4a679233f7df189e1ad6659511ec
+$(DL_FILE)_MD5 = 7563e1ce046cb21948eeb6ba1a0eb71c
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
+
+ # i586 specific patches
+ifeq "$(BUILD_ARCH)" "i586"
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
+endif
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # With openssl 1.0.2e, pod2mantest is missing
+ echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
+ chmod a+x $(DIR_APP)/util/pod2mantest
# Apply our CFLAGS
cd $(DIR_APP) && sed -i Configure \
-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
- cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
- cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
-
- # Support for engines is disabled, because the shared objects from the
- # new version of openssl cannot be loaded by the old one.
+ cd $(DIR_APP) && find crypto/ -name Makefile -exec \
+ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
- cd $(DIR_APP) && ./Configure \
- --prefix=/usr \
- --openssldir=/etc/ssl \
- shared linux-elf \
- zlib-dynamic \
- no-engines \
- no-asm 386 \
- -DSSL_FORBID_ENULL
+ cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make
- cd $(DIR_APP) && install -v -m 755 libcrypto.so.0.9.8 /usr/lib
- cd $(DIR_APP) && install -v -m 755 libssl.so.0.9.8 /usr/lib
+ # Install libraries only
+ cd $(DIR_APP) && install -m 755 \
+ libcrypto.so.10 libssl.so.10 /usr/lib
@rm -rf $(DIR_APP)
@$(POSTBUILD)
projects / people / pmueller / ipfire-2.x.git / blobdiff