SliTaz Packages

Community Doc Forum Pro Shop Bugs Hg
.

Receipt for package "openssl11"

# SliTaz package receipt.

PACKAGE="openssl11"
SOURCE="openssl"
VERSION="1.1.1zb"
_realver="1.1.1w"
CATEGORY="security"
SHORT_DESC="Open source Secure Sockets Layer (1.1.1 series)."
MAINTAINER="pascal.bellard@slitaz.org"
LICENSE="BSD"
WEB_SITE="https://www.openssl.org/"
TAGS="ssl security"
HOST_ARCH="i486 arm x86_64"

TARBALL="$SOURCE-$_realver.tar.gz"
WGET_URL="https://www.openssl.org/source/$TARBALL"

DEPENDS="libcrypto11 libssl11"
BUILD_DEPENDS="perl zlib-dev"
SPLIT="libcrypto11 libcrypto11-dev libssl11 openssl11-dev"

current_version()
{
    wget -O - $(dirname $WGET_URL) 2>/dev/null | \
    sed '/openssl-/!d;/-[abr]/d;s|.tar.gz</a.*||;s|.*>openssl-||;q'
}

# Perl is installed in cross env.
case "$ARCH" in
    arm) BUILD_DEPENDS="" ;;
esac

# Rules to configure and make the package.
compile_rules()
{
    # MAKEFLAGS make openssl build fail.
    unset MAKEFLAGS

    # Patches from slackware, big thanks to Pat, and Ken Zalewski

    # Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
    # were only available to subscribers to OpenSSL's premium extended support.
    # These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
    # Thanks to Ken Zalewski!
    patch -p1 < $stuff/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch
    patch -p1 < $stuff/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch
    patch -p1 < $stuff/0003-openssl-1.1.1za_CVE-2024-5535.patch
    patch -p1 < $stuff/0004-openssl-1.1.1zb_CVE_2024_9143.patch
    patch -p1 < $stuff/0005-openssl-1.1.1zb_p2_CVE_2024_13176.patch

    # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
    # marked as not requiring an executable stack (compatibility improvement).
    case "$ARCH" in
        arm)
            # BUG: shared libs are not built
            ./Configure --prefix=/usr --openssldir=/etc/ssl \
                 shared zlib enable-md2 -Wa,--noexecstack \
                 linux-armv4 &&
            sed -i 's/\(basename .*\)`/\1 || true `/' Makefile &&
            make \
                CC=${HOST_SYSTEM}-gcc \
                AR="${HOST_SYSTEM}-ar r" \
                RANLIB=${HOST_SYSTEM}-ranlib ;;
        i486)
            MACHINE=i686 \
            ./config --prefix=/usr --openssldir=/etc/ssl \
                --libdir=lib/openssl-1.1 shared zlib \
                zlib-dynamic enable-md2 no-ssl3-method \
                -Wa,--noexecstack &&
            make depend ;;
         x86_64)
             ./config --prefix=/usr --openssldir=/etc/ssl \
                 --libdir=lib/openssl-1.1 shared zlib \
                zlib-dynamic enable-md2 no-ssl3-method \
                 -Wa,--noexecstack &&
             make depend ;;
    esac &&
    # Install
    make DESTDIR=$PWD/_pkg MANDIR=$PWD/_pkg/usr/share/man \
    install_sw install_ssldirs
}

# Rules to gen a SliTaz package suitable for Tazpkg.
genpkg_rules()
{
    mkdir -p $fs/usr/bin $fs/usr/lib/openssl-1.1
    cp -a $install/usr/bin/openssl $fs/usr/bin/openssl-1.1
    cp -a $install/usr/lib/openssl-1.1/engines-1.1 $fs/usr/lib/openssl-1.1
}

testsuite()
{
    readelf -h $install/usr/bin/openssl
}
6107 packages and 261132 files in current database (Mon Jul 7 00:01:25 2025)