Skip to content
Permalink
1b740d97b9
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

bee-files/openssl1.be0

Go to file
@thomas
thomas openssl: install version 3.3.2 and 1-1.1.1za
Latest commit 1b740d9 Sep 20, 2024 History 
Meanwhile openssl ver-3 should be considered as mature, also
more and more binary packages use libssl.so.3 and libcrypto.so.3
what causes trouble when we use foreign packages for package/pkg
and the like.

The package is called openssl, not openssl3 - in the hope that
future builds are more standards aware, and avoid the chaos that
openssl v1 has produced. (BTW, there is also a libssl3.so in the
system, it is from the nss package, so don't get confused)

Since there still might be packages around that need openssl-1.1,
a pure compat-package might not be sufficient here. Therefore a
recent openssl-1.1 package is build aside of openssl3. If the
software in question uses pkg-config, setting

  PKG_CONFIG_PATH=/usr/lib/openssl-1.1/pkgconfig

should do the job, otherwise CFLAGS, LDFLAGS, etc. need
adjustments (-I/usr/include/openssl-1.1, -L/usr/lib/openssl-1.1).
The old openssl command line program is called openssl-1.1
3 contributors

Users who have contributed to this file

@pmenzel @wwwutz @thomas
executable file 74 lines (61 sloc) 2.54 KB
Raw Blame
#!/usr/bin/env beesh
# BEE_VERSION openssl1-1.1.1za-0
#SRCURL[0]="https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz"
SRCURL[0]="https://beehive.molgen.mpg.de/3f76825f195e52d4b10c70040681a275/openssl-1.1.1w.tar.gz"
# The patches and the message below are from Slackware
# Patches themselves are under the Apache License v2.0. After patching the package
# identifies itself as version 'za'
#
# Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
# were only available to subscribers to OpenSSL's premium extended support.
# These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
# Thanks to Ken Zalewski!
PATCHURL+=("https://beehive.molgen.mpg.de/61daee1e6724b5b2d9dcd8e7a0c45553/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch")
PATCHURL+=("https://beehive.molgen.mpg.de/23347a1a7cc77d1b5e8b3832d36bbf71/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch")
PATCHURL+=("https://beehive.molgen.mpg.de/ee9011230a6b4317644b04b9e9a7ff57/0003-openssl-1.1.1za_CVE-2024-5535.patch")
# build_in_sourcedir
# sourcesubdir_append src
#mee_extract() {
# bee_extract "${@}"
#}
mee_patch() {
bee_patch "${@}"
# no html
sed -e '/^install_docs:/ s/install_html_docs//' -i Configurations/unix-Makefile.tmpl
# no func() docs
sed -e 's/podpath=man1:man3:man5:man7/podpath=man1:man5:man7/;s/\[ 1, 3, 5, 7 \]/[ 1, 5, 7 ]/;' -i util/process_docs.pl
}
mee_configure() {
start_cmd ${S}/config \
--prefix=${PREFIX} \
--openssldir=${SYSCONFDIR}/ssl \
--libdir=lib/openssl-1.1 \
shared \
zlib-dynamic
}
mee_build() {
start_cmd make depend
start_cmd make ${BEE_MAKEFLAGS}
start_cmd make -j1 test
}
mee_install() {
start_cmd make DESTDIR=${D} MANDIR=${MANDIR} MANSUFFIX=ssl install
}
mee_install_post() {
rm -f ${D}/usr/lib/openssl-1.1/*.a # hmmm, see 'shared' above ...
# now provide the libraries as 'compat-package', and rearrange
# everything in a way, that
# PKG_CONFIG_PATH=/usr/lib/openssl-1.1/pkgconfig
# allows to build 'legacy' packages.
( cd ${D}/usr/lib/openssl-1.1
for file in lib*.so.?.* ; do
mv $file ../../lib
ln -sf ../../lib/$file .
done
)
mkdir -p ${D}/usr/include/openssl-1.1
mv ${D}/usr/include/openssl ${D}/usr/include/openssl-1.1/openssl
sed -e "s|/include$|/include/openssl-1.1|" -i ${D}/usr/lib/openssl-1.1/pkgconfig/*.pc
mv ${D}/usr/bin/openssl ${D}/usr/bin/openssl-1.1
rm -rf ${D}/etc ${D}/usr/bin/c_rehash ${D}/usr/share
}