slackware-current/source/n/openssl11/openssl11.SlackBuild
Patrick J Volkerding a240312484 Wed Mar 8 20:26:54 UTC 2023
Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz:  Rebuilt.
  Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
  libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz:  Added.
ap/cups-2.4.2-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz:  Upgraded.
kde/falkon-22.12.3-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz:  Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz:  Upgraded.
l/neon-0.32.5-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz:  Upgraded.
  Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz:  Upgraded.
  This update fixes two security issues:
  HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
  HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.56
    https://www.cve.org/CVERecord?id=CVE-2023-27522
    https://www.cve.org/CVERecord?id=CVE-2023-25690
  (* Security fix *)
  NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz:  Added.
n/openvpn-2.6.0-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz:  Upgraded.
  Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz:  Upgraded.
  Build with the bundled Heimdal instead of the system MIT Kerberos.
  Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz:  Removed.
extra/php81/php81-8.1.16-x86_64-1.txz:  Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz:  Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz:  Rebuilt.
  Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz:  Removed.
2023-03-08 22:40:50 +01:00

233 lines
8.2 KiB
Bash
Executable file

#!/bin/bash
# Copyright 2000 BSDi, Inc. Concord, CA, USA
# Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA
# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Set initial variables:
cd $(dirname $0) ; CWD=$(pwd)
TMP=${TMP:-/tmp}
PKGNAM=openssl11
VERSION=${VERSION:-$(echo openssl-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
PKG1=$TMP/package-openssl11
PKG2=$TMP/package-ossllibs11
NAME1=openssl11-$VERSION-$ARCH-$BUILD
NAME2=openssl11-solibs-$VERSION-$ARCH-$BUILD
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "${NAME1}.txz"
echo "${NAME2}.txz"
exit 0
fi
# Parallel build doesn't link properly.
#NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
# So that ls has the right field counts for parsing...
export LC_ALL=C
cd $TMP
rm -rf $PKG1 $PKG2 openssl-$VERSION
tar xvf $CWD/openssl-$VERSION.tar.gz || exit 1
cd openssl-$VERSION
# Fix pod syntax errors which are fatal wih a newer perl:
find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|$\)/\=item C<\1>/g" {} \;
## For openssl-1.1.x, don't try to change the soname.
## Use .so.1, not .so.1.0.0:
#sed -i "s/soname=\$\$SHLIB\$\$SHLIB_SOVER\$\$SHLIB_SUFFIX/soname=\$\$SHLIB.1/g" Makefile.shared
if [ "$ARCH" = "i586" ]; then
# Build with -march=i586 -mtune=i686:
sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i586 -mtune=i686/g" Configure
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
# Build with -march=i686 -mtune=i686:
sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
LIBDIRSUFFIX="64"
fi
# OpenSSL has a (nasty?) habit of bumping the internal version number with
# every release. This wouldn't be so bad, but some applications are so
# paranoid that they won't run against a different OpenSSL version than
# what they were compiled against, whether or not the ABI has changed.
#
# So, we will use the OPENSSL_VERSION_NUMBER from openssl-1.1.1 unless ABI
# breakage forces it to change. Yes, we're finally using this old trick. :)
sed -i "s/#define OPENSSL_VERSION_NUMBER.*/\/* Use 0x1010100fL (1.1.1) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x1010100fL/g" include/openssl/opensslv.h || exit 1
chown -R root:root .
mkdir -p $PKG1/usr/doc/openssl-$VERSION
cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \
LICENSE* NEWS NOTES* README* doc \
$PKG1/usr/doc/openssl-$VERSION
find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+
find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG1/usr/doc/*-$VERSION)
cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES
touch -r CHANGES $DOCSDIR/CHANGES
fi
# These are the known patent issues with OpenSSL:
# name # expires
# MDC-2: 4,908,861 2007-03-13, not included.
# IDEA: 5,214,703 2010-05-25, not included.
#
# Although all of the above are expired, it's still probably
# not a good idea to include them as there are better
# algorithms to use.
./config \
--prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib${LIBDIRSUFFIX}/openssl-1.1 \
zlib \
enable-camellia \
enable-seed \
enable-rfc3779 \
enable-cms \
enable-md2 \
enable-rc5 \
enable-ssl3 \
enable-ssl3-method \
no-weak-ssl-ciphers \
no-mdc2 \
no-ec2m \
no-idea \
no-sse2 \
shared
make $NUMJOBS depend || make depend || exit 1
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG1 || exit 1
# No thanks on static libraries:
rm -f $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.1/*.a
# Also no thanks on .pod versions of the already shipped manpages:
rm -rf $PKG1/usr/doc/openssl-*/doc/man*
# Move libraries, as they might be needed by programs that bring a network
# mounted /usr online:
mkdir $PKG1/lib${LIBDIRSUFFIX}
( cd $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.1
for file in lib*.so.?.* ; do
mv $file ../../../lib${LIBDIRSUFFIX}
ln -sf ../../../lib${LIBDIRSUFFIX}/$file .
done
)
# Move include files:
mkdir -p $PKG1/usr/include/openssl-1.1
mv $PKG1/usr/include/openssl $PKG1/usr/include/openssl-1.1/openssl
# Edit .pc files to correct the includedir:
sed -e "s|/include$|/include/openssl-1.1|" -i $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.1/pkgconfig/*.pc
# Rename openssl binary:
mv $PKG1/usr/bin/openssl $PKG1/usr/bin/openssl-1.1
# Don't package these things:
rm -rf $PKG1/etc $PKG1/usr/bin/c_rehash
# Not needed in openssl11 compat package.
#
## Add a cron script to warn root if a certificate is going to expire soon:
#mkdir -p $PKG1/etc/cron.daily
#zcat $CWD/certwatch.gz > $PKG1/etc/cron.daily/certwatch.new
#chmod 755 $PKG1/etc/cron.daily/certwatch.new
#mv $PKG1/etc/ssl/openssl.cnf $PKG1/etc/ssl/openssl.cnf.new
( cd $PKG1
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
# Remove the man pages and installed docs:
rm -r $PKG1/usr/share/{doc,man}
rmdir $PKG1/usr/share
cd $PKG1
#chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig
#sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc
mkdir -p install
cat $CWD/slack-desc.openssl11 > install/slack-desc
/sbin/makepkg -l y -c n $TMP/${NAME1}.txz
# Make runtime package:
mkdir -p $PKG2/lib${LIBDIRSUFFIX}
( cd lib${LIBDIRSUFFIX} ; cp -a lib*.so.* $PKG2/lib${LIBDIRSUFFIX} )
mkdir -p $PKG2/usr/lib${LIBDIRSUFFIX}/openssl-1.1
cp -a $PKG1//usr/lib${LIBDIRSUFFIX}/openssl-1.1/engines-1.1 $PKG2/usr/lib${LIBDIRSUFFIX}/openssl-1.1
( cd $PKG2/lib${LIBDIRSUFFIX}
for file in lib*.so.?.? ; do
( cd $PKG2/usr/lib${LIBDIRSUFFIX}/openssl-1.1 ; ln -sf ../../../lib${LIBDIRSUFFIX}/$file . )
done
)
#mkdir -p $PKG2/etc
#( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . )
mkdir -p $PKG2/usr/doc/openssl-$VERSION
( cd $TMP/openssl-$VERSION
cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \
LICENSE NEWS README README.ENGINE $PKG2/usr/doc/openssl-$VERSION
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG2/usr/doc/*-$VERSION)
cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES
touch -r CHANGES $DOCSDIR/CHANGES
fi
)
find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+
find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+
cd $PKG2
mkdir -p install
cat $CWD/slack-desc.openssl11-solibs > install/slack-desc
/sbin/makepkg -l y -c n $TMP/${NAME2}.txz