wok-current rev 25681
Up openssl, add openssl-compat, openssl11, patch dropbear CVE-2023-48795
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Mar 12 19:49:16 2024 +0000 (8 months ago) |
| parents | 36a7b2c61bce |
| children | 117b658b3eeb |
| files | dropbear/receipt dropbear/stuff/CVE-2023-48795.patch libcrypto-compat/receipt libcrypto-dev/receipt libcrypto/receipt libcrypto11-dev/receipt libcrypto11/receipt libssl-compat/receipt libssl/receipt libssl11/receipt openssl-compat/receipt openssl-dev/receipt openssl/receipt openssl11-dev/receipt openssl11/receipt |
line diff
1.1 --- a/dropbear/receipt Sun Mar 10 13:41:01 2024 +0000 1.2 +++ b/dropbear/receipt Tue Mar 12 19:49:16 2024 +0000 1.3 @@ -37,6 +37,9 @@ 1.4 # Rules to configure and make the package. 1.5 compile_rules() 1.6 { 1.7 + # CVE-2023-48795 1.8 + patch -p1 < $stuff/CVE-2023-48795.patch 1.9 + 1.10 local i 1.11 local DROPBEARS 1.12 DROPBEARS="dropbearkey dropbearconvert dbclient scp" 1.13 @@ -44,6 +47,7 @@ 1.14 #define SFTPSERVER_PATH "/usr/sbin/sftp-server" 1.15 #define DROPBEAR_X11FWD 1 1.16 EOT 1.17 + sed -i 's|"SSH-2.0-dropbear_" DROPBEAR_VERSION|"SSH-2.0-dropbear"|' sysoptions.h 1.18 sed -i 's|DROPBEAR_CHANNEL_PRIO_INTERACTIVE|DROPBEAR_PRIO_LOWDELAY|' svr-x11fwd.c 1.19 sed -i 's|shell arch|shell uname -m|' libtommath/makefile_include.mk 1.20 ./configure --prefix=/usr --without-pam $CONFIGURE_ARGS $CROSS_ARGS &&
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/dropbear/stuff/CVE-2023-48795.patch Tue Mar 12 19:49:16 2024 +0000 2.3 @@ -0,0 +1,232 @@ 2.4 +From 6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 Mon Sep 17 00:00:00 2001 2.5 +From: Matt Johnston <matt@ucc.asn.au> 2.6 +Date: Mon, 20 Nov 2023 14:02:47 +0800 2.7 +Subject: [PATCH] Implement Strict KEX mode 2.8 + 2.9 +As specified by OpenSSH with kex-strict-c-v00@openssh.com and 2.10 +kex-strict-s-v00@openssh.com. 2.11 + 2.12 +Upstream: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 2.13 +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 2.14 +--- 2.15 + src/cli-session.c | 11 +++++++++++ 2.16 + src/common-algo.c | 6 ++++++ 2.17 + src/common-kex.c | 26 +++++++++++++++++++++++++- 2.18 + src/kex.h | 3 +++ 2.19 + src/process-packet.c | 34 +++++++++++++++++++--------------- 2.20 + src/ssh.h | 4 ++++ 2.21 + src/svr-session.c | 3 +++ 2.22 + 7 files changed, 71 insertions(+), 16 deletions(-) 2.23 + 2.24 +diff --git a/cli-session.c b/cli-session.c 2.25 +index 5981b2470..d261c8f82 100644 2.26 +--- a/cli-session.c 2.27 ++++ b/cli-session.c 2.28 +@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN; 2.29 + static void recv_msg_service_accept(void); 2.30 + static void cli_session_cleanup(void); 2.31 + static void recv_msg_global_request_cli(void); 2.32 ++static void cli_algos_initialise(void); 2.33 + 2.34 + struct clientsession cli_ses; /* GLOBAL */ 2.35 + 2.36 +@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection 2.37 + } 2.38 + 2.39 + chaninitialise(cli_chantypes); 2.40 ++ cli_algos_initialise(); 2.41 + 2.42 + /* Set up cli_ses vars */ 2.43 + cli_session_init(proxy_cmd_pid); 2.44 +@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) { 2.45 + fflush(stderr); 2.46 + } 2.47 + 2.48 ++static void cli_algos_initialise(void) { 2.49 ++ algo_type *algo; 2.50 ++ for (algo = sshkex; algo->name; algo++) { 2.51 ++ if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) { 2.52 ++ algo->usable = 0; 2.53 ++ } 2.54 ++ } 2.55 ++} 2.56 ++ 2.57 +diff --git a/common-algo.c b/common-algo.c 2.58 +index 378f0ca8e..f9d46ebb6 100644 2.59 +--- a/common-algo.c 2.60 ++++ b/common-algo.c 2.61 +@@ -307,6 +307,12 @@ algo_type sshkex[] = { 2.62 + /* Set unusable by svr_algos_initialise() */ 2.63 + {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, 2.64 + #endif 2.65 ++#endif 2.66 ++#if DROPBEAR_CLIENT 2.67 ++ {SSH_STRICT_KEX_C, 0, NULL, 1, NULL}, 2.68 ++#endif 2.69 ++#if DROPBEAR_SERVER 2.70 ++ {SSH_STRICT_KEX_S, 0, NULL, 1, NULL}, 2.71 + #endif 2.72 + {NULL, 0, NULL, 0, NULL} 2.73 + }; 2.74 +diff --git a/common-kex.c b/common-kex.c 2.75 +index ac8844246..8e33b12a6 100644 2.76 +--- a/common-kex.c 2.77 ++++ b/common-kex.c 2.78 +@@ -183,6 +183,10 @@ void send_msg_newkeys() { 2.79 + gen_new_keys(); 2.80 + switch_keys(); 2.81 + 2.82 ++ if (ses.kexstate.strict_kex) { 2.83 ++ ses.transseq = 0; 2.84 ++ } 2.85 ++ 2.86 + TRACE(("leave send_msg_newkeys")) 2.87 + } 2.88 + 2.89 +@@ -193,7 +197,11 @@ void recv_msg_newkeys() { 2.90 + 2.91 + ses.kexstate.recvnewkeys = 1; 2.92 + switch_keys(); 2.93 +- 2.94 ++ 2.95 ++ if (ses.kexstate.strict_kex) { 2.96 ++ ses.recvseq = 0; 2.97 ++ } 2.98 ++ 2.99 + TRACE(("leave recv_msg_newkeys")) 2.100 + } 2.101 + 2.102 +@@ -550,6 +558,10 @@ void recv_msg_kexinit() { 2.103 + 2.104 + ses.kexstate.recvkexinit = 1; 2.105 + 2.106 ++ if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) { 2.107 ++ dropbear_exit("First packet wasn't kexinit"); 2.108 ++ } 2.109 ++ 2.110 + TRACE(("leave recv_msg_kexinit")) 2.111 + } 2.112 + 2.113 +@@ -859,6 +871,18 @@ static void read_kex_algos() { 2.114 + } 2.115 + #endif 2.116 + 2.117 ++ if (!ses.kexstate.donefirstkex) { 2.118 ++ const char* strict_name; 2.119 ++ if (IS_DROPBEAR_CLIENT) { 2.120 ++ strict_name = SSH_STRICT_KEX_S; 2.121 ++ } else { 2.122 ++ strict_name = SSH_STRICT_KEX_C; 2.123 ++ } 2.124 ++ if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) { 2.125 ++ ses.kexstate.strict_kex = 1; 2.126 ++ } 2.127 ++ } 2.128 ++ 2.129 + algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); 2.130 + allgood &= goodguess; 2.131 + if (algo == NULL || algo->data == NULL) { 2.132 +diff --git a/kex.h b/kex.h 2.133 +index 77cf21a37..7fcc3c252 100644 2.134 +--- a/kex.h 2.135 ++++ b/kex.h 2.136 +@@ -83,6 +83,9 @@ struct KEXState { 2.137 + 2.138 + unsigned our_first_follows_matches : 1; 2.139 + 2.140 ++ /* Boolean indicating that strict kex mode is in use */ 2.141 ++ unsigned int strict_kex; 2.142 ++ 2.143 + time_t lastkextime; /* time of the last kex */ 2.144 + unsigned int datatrans; /* data transmitted since last kex */ 2.145 + unsigned int datarecv; /* data received since last kex */ 2.146 +diff --git a/process-packet.c b/process-packet.c 2.147 +index 945416023..133a152d0 100644 2.148 +--- a/process-packet.c 2.149 ++++ b/process-packet.c 2.150 +@@ -44,6 +44,7 @@ void process_packet() { 2.151 + 2.152 + unsigned char type; 2.153 + unsigned int i; 2.154 ++ unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex; 2.155 + time_t now; 2.156 + 2.157 + TRACE2(("enter process_packet")) 2.158 +@@ -54,22 +55,24 @@ void process_packet() { 2.159 + now = monotonic_now(); 2.160 + ses.last_packet_time_keepalive_recv = now; 2.161 + 2.162 +- /* These packets we can receive at any time */ 2.163 +- switch(type) { 2.164 + 2.165 +- case SSH_MSG_IGNORE: 2.166 +- goto out; 2.167 +- case SSH_MSG_DEBUG: 2.168 +- goto out; 2.169 ++ if (type == SSH_MSG_DISCONNECT) { 2.170 ++ /* Allowed at any time */ 2.171 ++ dropbear_close("Disconnect received"); 2.172 ++ } 2.173 + 2.174 +- case SSH_MSG_UNIMPLEMENTED: 2.175 +- /* debugging XXX */ 2.176 +- TRACE(("SSH_MSG_UNIMPLEMENTED")) 2.177 +- goto out; 2.178 +- 2.179 +- case SSH_MSG_DISCONNECT: 2.180 +- /* TODO cleanup? */ 2.181 +- dropbear_close("Disconnect received"); 2.182 ++ /* These packets may be received at any time, 2.183 ++ except during first kex with strict kex */ 2.184 ++ if (!first_strict_kex) { 2.185 ++ switch(type) { 2.186 ++ case SSH_MSG_IGNORE: 2.187 ++ goto out; 2.188 ++ case SSH_MSG_DEBUG: 2.189 ++ goto out; 2.190 ++ case SSH_MSG_UNIMPLEMENTED: 2.191 ++ TRACE(("SSH_MSG_UNIMPLEMENTED")) 2.192 ++ goto out; 2.193 ++ } 2.194 + } 2.195 + 2.196 + /* Ignore these packet types so that keepalives don't interfere with 2.197 +@@ -98,7 +101,8 @@ void process_packet() { 2.198 + if (type >= 1 && type <= 49 2.199 + && type != SSH_MSG_SERVICE_REQUEST 2.200 + && type != SSH_MSG_SERVICE_ACCEPT 2.201 +- && type != SSH_MSG_KEXINIT) 2.202 ++ && type != SSH_MSG_KEXINIT 2.203 ++ && !first_strict_kex) 2.204 + { 2.205 + TRACE(("unknown allowed packet during kexinit")) 2.206 + recv_unimplemented(); 2.207 +diff --git a/ssh.h b/ssh.h 2.208 +index 1b4fec65f..ef3efdca0 100644 2.209 +--- a/ssh.h 2.210 ++++ b/ssh.h 2.211 +@@ -100,6 +100,10 @@ 2.212 + #define SSH_EXT_INFO_C "ext-info-c" 2.213 + #define SSH_SERVER_SIG_ALGS "server-sig-algs" 2.214 + 2.215 ++/* OpenSSH strict KEX feature */ 2.216 ++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com" 2.217 ++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com" 2.218 ++ 2.219 + /* service types */ 2.220 + #define SSH_SERVICE_USERAUTH "ssh-userauth" 2.221 + #define SSH_SERVICE_USERAUTH_LEN 12 2.222 +diff --git a/svr-session.c b/svr-session.c 2.223 +index 769f0731d..a538e2c5c 100644 2.224 +--- a/svr-session.c 2.225 ++++ b/svr-session.c 2.226 +@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) { 2.227 + algo->usable = 0; 2.228 + } 2.229 + #endif 2.230 ++ if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) { 2.231 ++ algo->usable = 0; 2.232 ++ } 2.233 + } 2.234 + } 2.235 +
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/libcrypto-compat/receipt Tue Mar 12 19:49:16 2024 +0000 3.3 @@ -0,0 +1,19 @@ 3.4 +# SliTaz package receipt. 3.5 + 3.6 +PACKAGE="libcrypto-compat" 3.7 +VERSION="1.1.1w" 3.8 +CATEGORY="security" 3.9 +SHORT_DESC="General purpose cryptographic shared library (compat)." 3.10 +MAINTAINER="maintainer@slitaz.org" 3.11 +LICENSE="BSD" 3.12 +WEB_SITE="https://www.openssl.org/" 3.13 +HOST_ARCH="i486 arm" 3.14 + 3.15 +WANTED="openssl-compat" 3.16 + 3.17 +# Rules to gen a SliTaz package suitable for Tazpkg. 3.18 +genpkg_rules() 3.19 +{ 3.20 + mkdir -p $fs/usr/lib 3.21 + cp -a $install/usr/lib/libcrypto.so.1.1 $fs/usr/lib 3.22 +}
4.1 --- a/libcrypto-dev/receipt Sun Mar 10 13:41:01 2024 +0000 4.2 +++ b/libcrypto-dev/receipt Tue Mar 12 19:49:16 2024 +0000 4.3 @@ -1,7 +1,7 @@ 4.4 # SliTaz package receipt. 4.5 4.6 PACKAGE="libcrypto-dev" 4.7 -VERSION="1.1.1w" 4.8 +VERSION="3.0.13" 4.9 CATEGORY="development" 4.10 SHORT_DESC="General purpose cryptographic shared library devel files." 4.11 MAINTAINER="pascal.bellard@slitaz.org"
5.1 --- a/libcrypto/receipt Sun Mar 10 13:41:01 2024 +0000 5.2 +++ b/libcrypto/receipt Tue Mar 12 19:49:16 2024 +0000 5.3 @@ -1,7 +1,7 @@ 5.4 # SliTaz package receipt. 5.5 5.6 PACKAGE="libcrypto" 5.7 -VERSION="1.1.1w" 5.8 +VERSION="3.0.13" 5.9 CATEGORY="security" 5.10 SHORT_DESC="General purpose cryptographic shared library." 5.11 MAINTAINER="pascal.bellard@slitaz.org" 5.12 @@ -11,6 +11,9 @@ 5.13 5.14 WANTED="openssl" 5.15 5.16 +# We add libcrypto-compat to ensure smooth upgrade between versions 5.17 +DEPENDS="libcrypto-compat libatomic" 5.18 + 5.19 # Rules to gen a SliTaz package suitable for Tazpkg. 5.20 genpkg_rules() 5.21 {
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/libcrypto11-dev/receipt Tue Mar 12 19:49:16 2024 +0000 6.3 @@ -0,0 +1,24 @@ 6.4 +# SliTaz package receipt. 6.5 + 6.6 +PACKAGE="libcrypto11-dev" 6.7 +VERSION="1.1.1w" 6.8 +CATEGORY="development" 6.9 +SHORT_DESC="General purpose cryptographic shared library devel files (1.1.1 series)." 6.10 +MAINTAINER="pascal.bellard@slitaz.org" 6.11 +LICENSE="BSD" 6.12 +WEB_SITE="https://www.openssl.org/" 6.13 +HOST_ARCH="i486 arm" 6.14 + 6.15 +WANTED="openssl11" 6.16 +DEPENDS="pkg-config" 6.17 + 6.18 +# Rules to gen a SliTaz package suitable for Tazpkg. 6.19 +genpkg_rules() 6.20 +{ 6.21 + mkdir -p $fs/usr/lib/openssl-1.1/pkgconfig 6.22 + cp -a $install/usr/lib/openssl-1.1/libcrypto.a $fs/usr/lib/openssl-1.1 6.23 + cp -a $install/usr/lib/openssl-1.1/pkgconfig/libcrypto* \ 6.24 + $fs/usr/lib/openssl-1.1/pkgconfig 6.25 + sed -e 's|/include$|/include/openssl-1.1|' \ 6.26 + -i $fs/usr/lib/openssl-1.1/pkgconfig/*.pc 6.27 +}
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/libcrypto11/receipt Tue Mar 12 19:49:16 2024 +0000 7.3 @@ -0,0 +1,19 @@ 7.4 +# SliTaz package receipt. 7.5 + 7.6 +PACKAGE="libcrypto11" 7.7 +VERSION="1.1.1w" 7.8 +CATEGORY="security" 7.9 +SHORT_DESC="General purpose cryptographic shared library (1.1.1 series)." 7.10 +MAINTAINER="pascal.bellard@slitaz.org" 7.11 +LICENSE="BSD" 7.12 +WEB_SITE="https://www.openssl.org/" 7.13 +HOST_ARCH="i486 arm" 7.14 + 7.15 +WANTED="openssl11" 7.16 + 7.17 +# Rules to gen a SliTaz package suitable for Tazpkg. 7.18 +genpkg_rules() 7.19 +{ 7.20 + mkdir -p $fs/usr/lib/openssl-1.1 7.21 + cp -a $install/usr/lib/openssl-1.1/libcrypto.so.* $fs/usr/lib/openssl-1.1 7.22 +}
8.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 8.2 +++ b/libssl-compat/receipt Tue Mar 12 19:49:16 2024 +0000 8.3 @@ -0,0 +1,19 @@ 8.4 +# SliTaz package receipt. 8.5 + 8.6 +PACKAGE="libssl-compat" 8.7 +VERSION="1.1.1w" 8.8 +CATEGORY="security" 8.9 +SHORT_DESC="OpenSSL libraries (compat)." 8.10 +MAINTAINER="maintainer@slitaz.org" 8.11 +LICENSE="BSD" 8.12 +WEB_SITE="https://www.openssl.org/" 8.13 +HOST_ARCH="i486 arm" 8.14 + 8.15 +WANTED="openssl-compat" 8.16 + 8.17 +# Rules to gen a SliTaz package suitable for Tazpkg. 8.18 +genpkg_rules() 8.19 +{ 8.20 + mkdir -p $fs/usr/lib 8.21 + cp -a $install/usr/lib/libssl.so.1.1 $fs/usr/lib 8.22 +}
9.1 --- a/libssl/receipt Sun Mar 10 13:41:01 2024 +0000 9.2 +++ b/libssl/receipt Tue Mar 12 19:49:16 2024 +0000 9.3 @@ -1,7 +1,7 @@ 9.4 # SliTaz package receipt. 9.5 9.6 PACKAGE="libssl" 9.7 -VERSION="1.1.1w" 9.8 +VERSION="3.0.13" 9.9 CATEGORY="security" 9.10 SHORT_DESC="OpenSSL libraries." 9.11 MAINTAINER="pascal.bellard@slitaz.org" 9.12 @@ -10,7 +10,9 @@ 9.13 HOST_ARCH="i486 arm" 9.14 9.15 WANTED="openssl" 9.16 -DEPENDS="libcrypto" 9.17 + 9.18 +# We add libssl-compat to ensure smooth upgrade between versions 9.19 +DEPENDS="libcrypto libssl-compat" 9.20 9.21 # Rules to gen a SliTaz package suitable for Tazpkg. 9.22 genpkg_rules()
10.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 10.2 +++ b/libssl11/receipt Tue Mar 12 19:49:16 2024 +0000 10.3 @@ -0,0 +1,20 @@ 10.4 +# SliTaz package receipt. 10.5 + 10.6 +PACKAGE="libssl11" 10.7 +VERSION="1.1.1w" 10.8 +CATEGORY="security" 10.9 +SHORT_DESC="OpenSSL libraries (1.1.1 series)." 10.10 +MAINTAINER="pascal.bellard@slitaz.org" 10.11 +LICENSE="BSD" 10.12 +WEB_SITE="https://www.openssl.org/" 10.13 +HOST_ARCH="i486 arm" 10.14 + 10.15 +WANTED="openssl11" 10.16 +DEPENDS="libcrypto11" 10.17 + 10.18 +# Rules to gen a SliTaz package suitable for Tazpkg. 10.19 +genpkg_rules() 10.20 +{ 10.21 + mkdir -p $fs/usr/lib/openssl-1.1 10.22 + cp -a $install/usr/lib/openssl-1.1/libssl.so.* $fs/usr/lib/openssl-1.1 10.23 +}
11.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 11.2 +++ b/openssl-compat/receipt Tue Mar 12 19:49:16 2024 +0000 11.3 @@ -0,0 +1,72 @@ 11.4 +# SliTaz package receipt. 11.5 + 11.6 +PACKAGE="openssl-compat" 11.7 +SOURCE="openssl" 11.8 +VERSION="1.1.1w" 11.9 +CATEGORY="security" 11.10 +SHORT_DESC="Open source Secure Sockets Layer (compat)." 11.11 +MAINTAINER="pascal.bellard@slitaz.org" 11.12 +LICENSE="BSD" 11.13 +WEB_SITE="https://www.openssl.org/" 11.14 +TAGS="ssl security" 11.15 +HOST_ARCH="i486 arm" 11.16 + 11.17 +TARBALL="$SOURCE-$VERSION.tar.gz" 11.18 +WGET_URL="https://www.openssl.org/source/$TARBALL" 11.19 + 11.20 +DEPENDS="libcrypto-compat libssl-compat" 11.21 +BUILD_DEPENDS="perl zlib-dev" 11.22 +SPLIT="libcrypto-compat libssl-compat" 11.23 + 11.24 +current_version() 11.25 +{ 11.26 + wget -O - $(dirname $WGET_URL) 2>/dev/null | \ 11.27 + sed '/openssl-/!d;/-[abr]/d;s|.tar.gz</a.*||;s|.*>openssl-||;q' 11.28 +} 11.29 + 11.30 +# Perl is installed in cross env. 11.31 +case "$ARCH" in 11.32 + arm) BUILD_DEPENDS="" ;; 11.33 +esac 11.34 + 11.35 +# Rules to configure and make the package. 11.36 +compile_rules() 11.37 +{ 11.38 + # MAKEFLAGS make openssl build fail. 11.39 + unset MAKEFLAGS 11.40 + 11.41 + # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be 11.42 + # marked as not requiring an executable stack (compatibility improvement). 11.43 + case "$ARCH" in 11.44 + arm) 11.45 + # BUG: shared libs are not built 11.46 + ./Configure --prefix=/usr --openssldir=/etc/ssl \ 11.47 + shared zlib enable-md2 -Wa,--noexecstack \ 11.48 + linux-armv4 && 11.49 + sed -i 's/\(basename .*\)`/\1 || true `/' Makefile && 11.50 + make \ 11.51 + CC=${HOST_SYSTEM}-gcc \ 11.52 + AR="${HOST_SYSTEM}-ar r" \ 11.53 + RANLIB=${HOST_SYSTEM}-ranlib ;; 11.54 + i486) 11.55 + MACHINE=i686 \ 11.56 + ./config --prefix=/usr --openssldir=/etc/ssl \ 11.57 + shared zlib zlib-dynamic enable-md2 \ 11.58 + no-ssl3-method -Wa,--noexecstack && 11.59 + make depend ;; 11.60 + esac && 11.61 + # Install 11.62 + make DESTDIR=$PWD/_pkg MANDIR=$PWD/_pkg/usr/share/man \ 11.63 + install_sw install_ssldirs 11.64 +} 11.65 + 11.66 +# Rules to gen a SliTaz package suitable for Tazpkg. 11.67 +genpkg_rules() 11.68 +{ 11.69 + cook_copy_folders etc bin engines 11.70 +} 11.71 + 11.72 +testsuite() 11.73 +{ 11.74 + readelf -h $install/usr/bin/openssl 11.75 +}
12.1 --- a/openssl-dev/receipt Sun Mar 10 13:41:01 2024 +0000 12.2 +++ b/openssl-dev/receipt Tue Mar 12 19:49:16 2024 +0000 12.3 @@ -1,7 +1,7 @@ 12.4 # SliTaz package receipt. 12.5 12.6 PACKAGE="openssl-dev" 12.7 -VERSION="1.1.1w" 12.8 +VERSION="3.0.13" 12.9 CATEGORY="development" 12.10 SHORT_DESC="Open source Secure Sockets Layer devel files." 12.11 MAINTAINER="pascal.bellard@slitaz.org"
13.1 --- a/openssl/receipt Sun Mar 10 13:41:01 2024 +0000 13.2 +++ b/openssl/receipt Tue Mar 12 19:49:16 2024 +0000 13.3 @@ -1,7 +1,7 @@ 13.4 # SliTaz package receipt. 13.5 13.6 PACKAGE="openssl" 13.7 -VERSION="1.1.1w" 13.8 +VERSION="3.0.13" 13.9 CATEGORY="security" 13.10 SHORT_DESC="Open source Secure Sockets Layer." 13.11 MAINTAINER="pascal.bellard@slitaz.org" 13.12 @@ -13,8 +13,8 @@ 13.13 TARBALL="$PACKAGE-$VERSION.tar.gz" 13.14 WGET_URL="https://www.openssl.org/source/$TARBALL" 13.15 13.16 -DEPENDS="libcrypto libssl" 13.17 -BUILD_DEPENDS="perl zlib-dev" 13.18 +DEPENDS="libcrypto libssl libatomic" 13.19 +BUILD_DEPENDS="perl zlib-dev libatomic" 13.20 SPLIT="libcrypto libcrypto-dev libssl openssl-dev" 13.21 13.22 current_version() 13.23 @@ -34,6 +34,8 @@ 13.24 # MAKEFLAGS make openssl build fail. 13.25 unset MAKEFLAGS 13.26 13.27 + export LDFLAGS="$LDFLAGS -latomic" 13.28 + 13.29 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be 13.30 # marked as not requiring an executable stack (compatibility improvement). 13.31 case "$ARCH" in 13.32 @@ -48,8 +50,7 @@ 13.33 AR="${HOST_SYSTEM}-ar r" \ 13.34 RANLIB=${HOST_SYSTEM}-ranlib ;; 13.35 i486) 13.36 - MACHINE=i686 \ 13.37 - ./config --prefix=/usr --openssldir=/etc/ssl \ 13.38 + ./config linux-generic32 --prefix=/usr --openssldir=/etc/ssl \ 13.39 shared zlib zlib-dynamic enable-md2 \ 13.40 no-ssl3-method -Wa,--noexecstack && 13.41 make depend ;; 13.42 @@ -63,6 +64,8 @@ 13.43 genpkg_rules() 13.44 { 13.45 cook_copy_folders etc bin engines 13.46 + # Remove .dist file 13.47 + rm $fs/etc/ssl/*.dist 13.48 } 13.49 13.50 testsuite()
14.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 14.2 +++ b/openssl11-dev/receipt Tue Mar 12 19:49:16 2024 +0000 14.3 @@ -0,0 +1,27 @@ 14.4 +# SliTaz package receipt. 14.5 + 14.6 +PACKAGE="openssl11-dev" 14.7 +VERSION="1.1.1w" 14.8 +CATEGORY="development" 14.9 +SHORT_DESC="Open source Secure Sockets Layer devel files (1.1.1 series)." 14.10 +MAINTAINER="pascal.bellard@slitaz.org" 14.11 +LICENSE="BSD" 14.12 +WEB_SITE="https://www.openssl.org/" 14.13 +HOST_ARCH="i486 arm" 14.14 + 14.15 +WANTED="openssl11" 14.16 +DEPENDS="libcrypto11-dev pkg-config" 14.17 + 14.18 +# Rules to gen a SliTaz package suitable for Tazpkg. 14.19 +genpkg_rules() 14.20 +{ 14.21 + mkdir -p $fs/usr/lib/openssl-1.1 $fs/usr/include/openssl-1.1 14.22 + cp -a $install/usr/include/openssl $fs/usr/include/openssl-1.1 14.23 + cp -a $install/usr/lib/openssl-1.1/*.a $fs/usr/lib/openssl-1.1 14.24 + cp -a $install/usr/lib/openssl-1.1/pkgconfig $fs/usr/lib/openssl-1.1 14.25 + sed -e 's|/include$|/include/openssl-1.1|' \ 14.26 + -i $fs/usr/lib/openssl-1.1/pkgconfig/*.pc 14.27 + # libcrypto* have moved to a specific package 14.28 + rm -f $fs/usr/lib/openssl-1.1/libcrypto* 14.29 + rm -f $fs/usr/lib/openssl-1.1/pkgconfig/libcrypto* 14.30 +}
15.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 15.2 +++ b/openssl11/receipt Tue Mar 12 19:49:16 2024 +0000 15.3 @@ -0,0 +1,75 @@ 15.4 +# SliTaz package receipt. 15.5 + 15.6 +PACKAGE="openssl11" 15.7 +SOURCE="openssl" 15.8 +VERSION="1.1.1w" 15.9 +CATEGORY="security" 15.10 +SHORT_DESC="Open source Secure Sockets Layer (1.1.1 series)." 15.11 +MAINTAINER="pascal.bellard@slitaz.org" 15.12 +LICENSE="BSD" 15.13 +WEB_SITE="https://www.openssl.org/" 15.14 +TAGS="ssl security" 15.15 +HOST_ARCH="i486 arm" 15.16 + 15.17 +TARBALL="$SOURCE-$VERSION.tar.gz" 15.18 +WGET_URL="https://www.openssl.org/source/$TARBALL" 15.19 + 15.20 +DEPENDS="libcrypto11 libssl11" 15.21 +BUILD_DEPENDS="perl zlib-dev" 15.22 +SPLIT="libcrypto11 libcrypto11-dev libssl11 openssl11-dev" 15.23 + 15.24 +current_version() 15.25 +{ 15.26 + wget -O - $(dirname $WGET_URL) 2>/dev/null | \ 15.27 + sed '/openssl-/!d;/-[abr]/d;s|.tar.gz</a.*||;s|.*>openssl-||;q' 15.28 +} 15.29 + 15.30 +# Perl is installed in cross env. 15.31 +case "$ARCH" in 15.32 + arm) BUILD_DEPENDS="" ;; 15.33 +esac 15.34 + 15.35 +# Rules to configure and make the package. 15.36 +compile_rules() 15.37 +{ 15.38 + # MAKEFLAGS make openssl build fail. 15.39 + unset MAKEFLAGS 15.40 + 15.41 + # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be 15.42 + # marked as not requiring an executable stack (compatibility improvement). 15.43 + case "$ARCH" in 15.44 + arm) 15.45 + # BUG: shared libs are not built 15.46 + ./Configure --prefix=/usr --openssldir=/etc/ssl \ 15.47 + shared zlib enable-md2 -Wa,--noexecstack \ 15.48 + linux-armv4 && 15.49 + sed -i 's/\(basename .*\)`/\1 || true `/' Makefile && 15.50 + make \ 15.51 + CC=${HOST_SYSTEM}-gcc \ 15.52 + AR="${HOST_SYSTEM}-ar r" \ 15.53 + RANLIB=${HOST_SYSTEM}-ranlib ;; 15.54 + i486) 15.55 + MACHINE=i686 \ 15.56 + ./config --prefix=/usr --openssldir=/etc/ssl \ 15.57 + --libdir=lib/openssl-1.1 shared zlib \ 15.58 + zlib-dynamic enable-md2 no-ssl3-method \ 15.59 + -Wa,--noexecstack && 15.60 + make depend ;; 15.61 + esac && 15.62 + # Install 15.63 + make DESTDIR=$PWD/_pkg MANDIR=$PWD/_pkg/usr/share/man \ 15.64 + install_sw install_ssldirs 15.65 +} 15.66 + 15.67 +# Rules to gen a SliTaz package suitable for Tazpkg. 15.68 +genpkg_rules() 15.69 +{ 15.70 + mkdir -p $fs/usr/bin $fs/usr/lib/openssl-1.1 15.71 + cp -a $install/usr/bin/openssl $fs/usr/bin/openssl-1.1 15.72 + cp -a $install/usr/lib/openssl-1.1/engines-1.1 $fs/usr/lib/openssl-1.1 15.73 +} 15.74 + 15.75 +testsuite() 15.76 +{ 15.77 + readelf -h $install/usr/bin/openssl 15.78 +}