From c5a54e653600120d780402d8c90d35af6305e7f4 Mon Sep 17 00:00:00 2001 From: dkwo Date: Sat, 25 Jun 2022 18:22:28 +0200 Subject: [PATCH 1/4] openssl: update to 3.0.7 --- common/shlibs | 4 +- srcpkgs/{libcrypto1.1 => libcrypto} | 0 srcpkgs/{libssl1.1 => libssl} | 0 srcpkgs/openssl/patches/ppc-auxv.patch | 25 ------- srcpkgs/openssl/patches/ppc64.patch | 96 ------------------------- srcpkgs/openssl/patches/xxx-ppcle.patch | 53 -------------- srcpkgs/openssl/template | 32 +++------ 7 files changed, 13 insertions(+), 197 deletions(-) rename srcpkgs/{libcrypto1.1 => libcrypto} (100%) rename srcpkgs/{libssl1.1 => libssl} (100%) delete mode 100644 srcpkgs/openssl/patches/ppc-auxv.patch delete mode 100644 srcpkgs/openssl/patches/ppc64.patch delete mode 100644 srcpkgs/openssl/patches/xxx-ppcle.patch diff --git a/common/shlibs b/common/shlibs index 481250d5c924..2fe1f4ad026a 100644 --- a/common/shlibs +++ b/common/shlibs @@ -1771,8 +1771,8 @@ libid3.so id3lib-3.8.3_1 libid3-3.8.so.3 id3lib-3.8.3_1 libgirara-gtk3.so.3 girara-0.2.8_1 libjq.so.1 jq-1.6_2 -libcrypto.so.1.1 libcrypto1.1-1.1.1f_1 -libssl.so.1.1 libssl1.1-1.1.1f_1 +libcrypto.so.3 libcrypto-3.0.4_1 +libssl.so.3 libssl-3.0.4_1 libvamp-hostsdk.so.3 libvamp-plugin-sdk-2.2_6 libportmidi.so portmidi-217_1 libWildMidi.so.2 libwildmidi-0.4.3_1 diff --git a/srcpkgs/libcrypto1.1 b/srcpkgs/libcrypto similarity index 100% rename from srcpkgs/libcrypto1.1 rename to srcpkgs/libcrypto diff --git a/srcpkgs/libssl1.1 b/srcpkgs/libssl similarity index 100% rename from srcpkgs/libssl1.1 rename to srcpkgs/libssl diff --git a/srcpkgs/openssl/patches/ppc-auxv.patch b/srcpkgs/openssl/patches/ppc-auxv.patch deleted file mode 100644 index 274ac2d55998..000000000000 --- a/srcpkgs/openssl/patches/ppc-auxv.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/crypto/ppccap.c b/crypto/ppccap.c -index eeaa47c..e6eeb14 100644 ---- a/crypto/ppccap.c -+++ b/crypto/ppccap.c -@@ -207,17 +207,9 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) - return 0; - } - --#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) --# if __GLIBC_PREREQ(2, 16) --# include --# define OSSL_IMPLEMENT_GETAUXVAL --# elif defined(__ANDROID_API__) --/* see https://developer.android.google.cn/ndk/guides/cpu-features */ --# if __ANDROID_API__ >= 18 --# include --# define OSSL_IMPLEMENT_GETAUXVAL --# endif --# endif -+#if defined(__linux__) -+# include -+# define OSSL_IMPLEMENT_GETAUXVAL - #endif - - #if defined(__FreeBSD__) diff --git a/srcpkgs/openssl/patches/ppc64.patch b/srcpkgs/openssl/patches/ppc64.patch deleted file mode 100644 index c75ceedba2c0..000000000000 --- a/srcpkgs/openssl/patches/ppc64.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 34ab13b7d8e3e723adb60be8142e38b7c9cd382a Mon Sep 17 00:00:00 2001 -From: Andy Polyakov -Date: Sun, 5 May 2019 18:25:50 +0200 -Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is a big endian ELFv2 configuration. ELFv2 was already being -used for little endian, and big endian was traditionally ELFv1 -but there are practical configurations that use ELFv2 with big -endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.) - -Reviewed-by: Paul Dale -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/8883) ---- - crypto/perlasm/ppc-xlate.pl | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl -index e52f2f6ea62..5fcd0526dff 100755 ---- a/crypto/perlasm/ppc-xlate.pl -+++ b/crypto/perlasm/ppc-xlate.pl -@@ -49,7 +49,7 @@ - /osx/ && do { $name = "_$name"; - last; - }; -- /linux.*(32|64le)/ -+ /linux.*(32|64(le|v2))/ - && do { $ret .= ".globl $name"; - if (!$$type) { - $ret .= "\n.type $name,\@function"; -@@ -80,7 +80,7 @@ - }; - my $text = sub { - my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text"; -- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/); -+ $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/); - $ret; - }; - my $machine = sub { -@@ -186,7 +186,7 @@ - - # Some ABIs specify vrsave, special-purpose register #256, as reserved - # for system use. --my $no_vrsave = ($flavour =~ /aix|linux64le/); -+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/); - my $mtspr = sub { - my ($f,$idx,$ra) = @_; - if ($idx == 256 && $no_vrsave) { -@@ -318,7 +318,7 @@ sub vfour { - if ($label) { - my $xlated = ($GLOBALS{$label} or $label); - print "$xlated:"; -- if ($flavour =~ /linux.*64le/) { -+ if ($flavour =~ /linux.*64(le|v2)/) { - if ($TYPES{$label} =~ /function/) { - printf "\n.localentry %s,0\n",$xlated; - } - -From 098404128383ded87ba390dd74ecd9e2ffa6f530 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov -Date: Sun, 5 May 2019 18:30:55 +0200 -Subject: [PATCH] Configure: use ELFv2 ABI on some ppc64 big endian systems - -If _CALL_ELF is defined to be 2, it's an ELFv2 system. -Conditionally switch to the v2 perlasm scheme. - -Reviewed-by: Paul Dale -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/8883) ---- - Configure | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/Configure b/Configure -index 22082deb4c7..e303d98deb3 100755 ---- a/Configure -+++ b/Configure -@@ -1402,8 +1402,15 @@ - my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); - my %predefined_CXX = $config{CXX} - ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX}) - : (); - -+unless ($disabled{asm}) { -+ # big endian systems can use ELFv2 ABI -+ if ($target eq "linux-ppc64") { -+ $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2); -+ } -+} -+ - # Check for makedepend capabilities. - if (!$disabled{makedepend}) { - if ($config{target} =~ /^(VC|vms)-/) { diff --git a/srcpkgs/openssl/patches/xxx-ppcle.patch b/srcpkgs/openssl/patches/xxx-ppcle.patch deleted file mode 100644 index 2498af968899..000000000000 --- a/srcpkgs/openssl/patches/xxx-ppcle.patch +++ /dev/null @@ -1,53 +0,0 @@ -commit 56e07856a7a9f7ce3582b8cf3843f252691475a6 -Author: q66 -Date: Fri Mar 5 18:36:01 2021 +0100 - - add ppcle support - -diff --git Configurations/10-main.conf Configurations/10-main.conf -index 8dc3e85..18f10c9 100644 ---- a/Configurations/10-main.conf -+++ b/Configurations/10-main.conf -@@ -665,6 +665,11 @@ my %targets = ( - perlasm_scheme => "linux32", - lib_cppflags => add("-DB_ENDIAN"), - }, -+ "linux-ppcle" => { -+ inherit_from => [ "linux-generic32", asm("ppc32_asm") ], -+ perlasm_scheme => "linux32le", -+ lib_cppflags => add("-DL_ENDIAN"), -+ }, - "linux-ppc64" => { - inherit_from => [ "linux-generic64", asm("ppc64_asm") ], - cflags => add("-m64"), -diff --git config config -index 26225ca..6a1e830 100755 ---- a/config -+++ b/config -@@ -543,6 +543,7 @@ case "$GUESSOS" in - fi - ;; - ppc64le-*-linux2) OUT="linux-ppc64le" ;; -+ ppcle-*-linux2) OUT="linux-ppcle" ;; - ppc-*-linux2) OUT="linux-ppc" ;; - mips64*-*-linux2) - echo "WARNING! If you wish to build 64-bit library, then you have to" -diff --git crypto/poly1305/asm/poly1305-ppc.pl crypto/poly1305/asm/poly1305-ppc.pl -index e5d6933..3283f6b 100755 ---- a/crypto/poly1305/asm/poly1305-ppc.pl -+++ b/crypto/poly1305/asm/poly1305-ppc.pl -@@ -314,10 +314,10 @@ $code.=<<___; - beq- Lno_key - ___ - $code.=<<___ if ($LITTLE_ENDIAN); -- lw $h0,0($inp) # load key material -- lw $h1,4($inp) -- lw $h2,8($inp) -- lw $h3,12($inp) -+ lwz $h0,0($inp) # load key material -+ lwz $h1,4($inp) -+ lwz $h2,8($inp) -+ lwz $h3,12($inp) - ___ - $code.=<<___ if (!$LITTLE_ENDIAN); - li $h1,4 diff --git a/srcpkgs/openssl/template b/srcpkgs/openssl/template index 1461ffd2f7a2..d2b261eafa73 100644 --- a/srcpkgs/openssl/template +++ b/srcpkgs/openssl/template @@ -1,6 +1,6 @@ # Template file for 'openssl' pkgname=openssl -version=1.1.1s +version=3.0.7 revision=1 bootstrap=yes build_style=configure @@ -14,10 +14,10 @@ make_check_target=test make_install_args="MANSUFFIX=ssl" short_desc="Toolkit for Secure Sockets Layer and Transport Layer Security" maintainer="John " -license="OpenSSL" +license="Apache-2.0" homepage="https://www.openssl.org" distfiles="https://www.openssl.org/source/openssl-${version}.tar.gz" -checksum=c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa +checksum=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e conf_files="/etc/ssl/openssl.cnf" replaces="libressl>=0" @@ -26,11 +26,11 @@ build_options=asm if [ "$CHROOT_READY" ]; then hostmakedepends="perl" build_options_default="asm" -else - # openssl-c_rehash depends on perl, ignore on bootstrap - subpackages="libcrypto1.1 libssl1.1 openssl-devel" fi +# due to our libatomic issues +makedepends+=" libatomic-devel" + case $XBPS_TARGET_MACHINE in x86_64*) configure_args+=" enable-ec_nistp_64_gcc_128 linux-x86_64";; i686*) configure_args+=" linux-elf";; @@ -58,36 +58,26 @@ pre_check() { } post_install() { - if [ ! "$CHROOT_READY" ]; then - rm -f "${DESTDIR}/usr/bin/c_rehash" - fi + rm -f "${DESTDIR}/usr/bin/c_rehash" } -libcrypto1.1_package() { +libcrypto_package() { short_desc+=" - crypto library" pkg_install() { vmove "usr/lib/libcrypto.so.*" - vmove usr/lib/engines-1.1 + vmove usr/lib/engines-3 } } -libssl1.1_package() { +libssl_package() { short_desc+=" - SSL/TLS library" pkg_install() { vmove "usr/lib/libssl.so.*" } } -openssl-c_rehash_package() { - short_desc+=" - c_rehash utility" - depends="openssl perl" - pkg_install() { - vmove usr/bin/c_rehash - } -} - openssl-devel_package() { - depends="${sourcepkg}>=${version}_${revision} libssl1.1>=${version}_${revision} libcrypto1.1>=${version}_${revision}" + depends="${sourcepkg}>=${version}_${revision} libssl>=${version}_${revision} libcrypto>=${version}_${revision}" replaces="libressl-devel>=0" short_desc+=" - development files" pkg_install() { From 46f573ad78774f1c2420a1be520396bb44545ab4 Mon Sep 17 00:00:00 2001 From: dkwo Date: Sat, 25 Jun 2022 18:31:09 +0200 Subject: [PATCH 2/4] racket: drop depends on versioned libssl --- srcpkgs/racket/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/racket/template b/srcpkgs/racket/template index ecae3ca9269d..4d3f1edd437a 100644 --- a/srcpkgs/racket/template +++ b/srcpkgs/racket/template @@ -1,7 +1,7 @@ # Template file for 'racket' pkgname=racket version=8.6 -revision=1 +revision=2 archs="aarch64* armv6* armv7* i686* x86_64*" build_wrksrc=src build_style=gnu-configure @@ -9,7 +9,7 @@ configure_args="--enable-useprefix --enable-curses" make_build_args="CC_FOR_BUILD=cc" hostmakedepends="liberation-fonts-ttf" makedepends="gtk+3-devel liblz4-devel ncurses-devel sqlite-devel zlib-devel" -depends="gtk+3 libssl1.1" +depends="gtk+3 libssl" short_desc="Multi-paradigm programming language in the Lisp-Scheme family" maintainer="Andrea Brancaleoni " license="LGPL-3.0-only, MIT" From f485be92c32b5871ff4807b812e584b9aac16bca Mon Sep 17 00:00:00 2001 From: dkwo Date: Sat, 25 Jun 2022 18:33:57 +0200 Subject: [PATCH 3/4] xbps: add patch for openssl --- srcpkgs/xbps/patches/openssl.patch | 23 +++++++++++++++++++++++ srcpkgs/xbps/template | 5 +++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/xbps/patches/openssl.patch diff --git a/srcpkgs/xbps/patches/openssl.patch b/srcpkgs/xbps/patches/openssl.patch new file mode 100644 index 000000000000..ca7274542422 --- /dev/null +++ b/srcpkgs/xbps/patches/openssl.patch @@ -0,0 +1,23 @@ +From db1766986c4389eb7e17c0e0076971b711617ef9 Mon Sep 17 00:00:00 2001 +From: Juan RP +Date: Thu, 16 Apr 2020 14:57:18 +0200 +Subject: [PATCH] configure: accept any openssl version. + +--- + configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure b/configure +index da8ae75f..383bc927 100755 +--- a/configure ++++ b/configure +@@ -704,7 +704,7 @@ fi + # libssl with pkg-config support is required. + # + printf "Checking for libssl via pkg-config ... " +-if pkg-config --exists 'libssl < 1.2' && ! pkg-config --exists libtls ; then ++if pkg-config --exists 'libssl' && ! pkg-config --exists libtls ; then + echo "found OpenSSL version $(pkg-config --modversion libssl)." + elif pkg-config --exists libssl libtls; then + echo "found LibreSSL version $(pkg-config --modversion libssl)." + diff --git a/srcpkgs/xbps/template b/srcpkgs/xbps/template index b77e15c64d6c..03c701bd5c7a 100644 --- a/srcpkgs/xbps/template +++ b/srcpkgs/xbps/template @@ -1,7 +1,7 @@ # Template file for 'xbps' pkgname=xbps version=0.59.1 -revision=7 +revision=8 bootstrap=yes build_style=configure short_desc="XBPS package system utilities" @@ -33,7 +33,8 @@ if [ "$CHROOT_READY" ]; then fi do_configure() { - ./configure --prefix=/usr --sysconfdir=/etc ${CHROOT_READY:+--enable-tests} + # temporarily add Wno-error for openssl + CFLAGS=-Wno-error ./configure --prefix=/usr --sysconfdir=/etc ${CHROOT_READY:+--enable-tests} } post_install() { From bf6269f4d408c289d2578298d8f09b2fc961f0e1 Mon Sep 17 00:00:00 2001 From: dkwo Date: Tue, 19 Jul 2022 08:14:50 +0200 Subject: [PATCH 4/4] openssh: bump for openssl3 --- srcpkgs/openssh/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 2eb9f32405e6..e0169a65dc8c 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=9.1p1 -revision=2 +revision=3 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody