Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
bee-files/openssl1.be0
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Meanwhile openssl ver-3 should be considered as mature, also more and more binary packages use libssl.so.3 and libcrypto.so.3 what causes trouble when we use foreign packages for package/pkg and the like. The package is called openssl, not openssl3 - in the hope that future builds are more standards aware, and avoid the chaos that openssl v1 has produced. (BTW, there is also a libssl3.so in the system, it is from the nss package, so don't get confused) Since there still might be packages around that need openssl-1.1, a pure compat-package might not be sufficient here. Therefore a recent openssl-1.1 package is build aside of openssl3. If the software in question uses pkg-config, setting PKG_CONFIG_PATH=/usr/lib/openssl-1.1/pkgconfig should do the job, otherwise CFLAGS, LDFLAGS, etc. need adjustments (-I/usr/include/openssl-1.1, -L/usr/lib/openssl-1.1). The old openssl command line program is called openssl-1.1
executable file
74 lines (61 sloc)
2.54 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env beesh | |
# BEE_VERSION openssl1-1.1.1za-0 | |
#SRCURL[0]="https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz" | |
SRCURL[0]="https://beehive.molgen.mpg.de/3f76825f195e52d4b10c70040681a275/openssl-1.1.1w.tar.gz" | |
# The patches and the message below are from Slackware | |
# Patches themselves are under the Apache License v2.0. After patching the package | |
# identifies itself as version 'za' | |
# | |
# Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that | |
# were only available to subscribers to OpenSSL's premium extended support. | |
# These patches were prepared by backporting commits from the OpenSSL-3.0 repo. | |
# Thanks to Ken Zalewski! | |
PATCHURL+=("https://beehive.molgen.mpg.de/61daee1e6724b5b2d9dcd8e7a0c45553/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch") | |
PATCHURL+=("https://beehive.molgen.mpg.de/23347a1a7cc77d1b5e8b3832d36bbf71/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch") | |
PATCHURL+=("https://beehive.molgen.mpg.de/ee9011230a6b4317644b04b9e9a7ff57/0003-openssl-1.1.1za_CVE-2024-5535.patch") | |
# build_in_sourcedir | |
# sourcesubdir_append src | |
#mee_extract() { | |
# bee_extract "${@}" | |
#} | |
mee_patch() { | |
bee_patch "${@}" | |
# no html | |
sed -e '/^install_docs:/ s/install_html_docs//' -i Configurations/unix-Makefile.tmpl | |
# no func() docs | |
sed -e 's/podpath=man1:man3:man5:man7/podpath=man1:man5:man7/;s/\[ 1, 3, 5, 7 \]/[ 1, 5, 7 ]/;' -i util/process_docs.pl | |
} | |
mee_configure() { | |
start_cmd ${S}/config \ | |
--prefix=${PREFIX} \ | |
--openssldir=${SYSCONFDIR}/ssl \ | |
--libdir=lib/openssl-1.1 \ | |
shared \ | |
zlib-dynamic | |
} | |
mee_build() { | |
start_cmd make depend | |
start_cmd make ${BEE_MAKEFLAGS} | |
start_cmd make -j1 test | |
} | |
mee_install() { | |
start_cmd make DESTDIR=${D} MANDIR=${MANDIR} MANSUFFIX=ssl install | |
} | |
mee_install_post() { | |
rm -f ${D}/usr/lib/openssl-1.1/*.a # hmmm, see 'shared' above ... | |
# now provide the libraries as 'compat-package', and rearrange | |
# everything in a way, that | |
# PKG_CONFIG_PATH=/usr/lib/openssl-1.1/pkgconfig | |
# allows to build 'legacy' packages. | |
( cd ${D}/usr/lib/openssl-1.1 | |
for file in lib*.so.?.* ; do | |
mv $file ../../lib | |
ln -sf ../../lib/$file . | |
done | |
) | |
mkdir -p ${D}/usr/include/openssl-1.1 | |
mv ${D}/usr/include/openssl ${D}/usr/include/openssl-1.1/openssl | |
sed -e "s|/include$|/include/openssl-1.1|" -i ${D}/usr/lib/openssl-1.1/pkgconfig/*.pc | |
mv ${D}/usr/bin/openssl ${D}/usr/bin/openssl-1.1 | |
rm -rf ${D}/etc ${D}/usr/bin/c_rehash ${D}/usr/share | |
} |