X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=lfs%2Fopenssl;h=d7a616ff240ef45718148a2e5b45ee8f2b9b562d;hp=cece0074ef228331146e8d62b536c6b5d0593d9c;hb=928b3cbf66a249236ffa672f66edaf402a54289f;hpb=83d225dd43a00070fb51d1c434cb3738427438c1 diff --git a/lfs/openssl b/lfs/openssl index cece0074ef..d7a616ff24 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2016 IPFire Team # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.0.2k +VER = 1.1.0j THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -33,14 +33,11 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) -ifneq "$(KCFG)" "-sse2" -CFLAGS += -DPURIFY -else -CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC -CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4 -CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse -CFLAGS+= -fomit-frame-pointer -DPURIFY -CXXFLAGS="${CFLAGS}" +CFLAGS += -DPURIFY -Wa,--noexecstack + +# Enable SSE2 for this build +ifeq "$(KCFG)" "-sse2" + CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse endif export RPM_OPT_FLAGS = $(CFLAGS) @@ -48,35 +45,38 @@ export RPM_OPT_FLAGS = $(CFLAGS) CONFIGURE_OPTIONS = \ --prefix=/usr \ --openssldir=/etc/ssl \ - --enginesdir=/usr/lib/openssl/engines \ shared \ zlib-dynamic \ enable-camellia \ enable-md2 \ - disable-ssl2 \ enable-seed \ - enable-tlsext \ enable-rfc3779 \ no-idea \ no-mdc2 \ no-rc5 \ no-srp \ - -DSSL_FORBID_ENULL + $(OPENSSL_ARCH) -ifeq "$(MACHINE)" "x86_64" - CONFIGURE_OPTIONS += linux-x86_64 +ifeq "$(IS_64BIT)" "1" + OPENSSL_ARCH = linux-generic64 +else + OPENSSL_ARCH = linux-generic32 endif -ifeq "$(MACHINE)" "i586" - CONFIGURE_OPTIONS += linux-elf - -ifneq "$(KCFG)" "-sse2" - CONFIGURE_OPTIONS += no-sse2 +ifeq "$(BUILD_ARCH)" "aarch64" + OPENSSL_ARCH = linux-aarch64 endif + +ifeq "$(BUILD_ARCH)" "x86_64" + OPENSSL_ARCH = linux-x86_64 endif -ifeq "$(MACHINE)" "armv5tel" - CONFIGURE_OPTIONS += linux-generic32 +ifeq "$(BUILD_ARCH)" "i586" + OPENSSL_ARCH = linux-elf + + ifneq "$(KCFG)" "-sse2" + OPENSSL_ARCH += no-sse2 + endif endif ############################################################################### @@ -87,7 +87,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f965fc0bf01bf882b31314b61391ae65 +$(DL_FILE)_MD5 = b4ca5b78ae6ae79da80790b30dbedbdc install : $(TARGET) @@ -117,20 +117,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch - - # i586 specific patches -ifeq "$(MACHINE)" "i586" - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch -endif - - # With openssl 1.0.2e, pod2mantest is missing - echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest - chmod a+x $(DIR_APP)/util/pod2mantest + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.0g-weak-ciphers.patch # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ @@ -139,7 +126,8 @@ endif cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; - cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) + cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) \ + $(CFLAGS) $(LDFLAGS) cd $(DIR_APP) && make depend cd $(DIR_APP) && make @@ -147,19 +135,11 @@ endif ifeq "$(KCFG)" "-sse2" -mkdir -pv /usr/lib/sse2 cd $(DIR_APP) && install -m 755 \ - libcrypto.so.10 /usr/lib/sse2 + libcrypto.so.1.1 /usr/lib/sse2 else # Install everything. cd $(DIR_APP) && make install install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl - - # Remove man pages. - -rm -vfr /etc/ssl/man - - # Move engines to the right place. - -mkdir -pv /usr/lib/openssl - rm -vfr /usr/lib/openssl/engines - mv -v /usr/lib/engines /usr/lib/openssl endif @rm -rf $(DIR_APP)