wok-current rev 25681

Up openssl, add openssl-compat, openssl11, patch dropbear CVE-2023-48795
author Stanislas Leduc <shann@slitaz.org>
date Tue Mar 12 19:49:16 2024 +0000 (10 months ago)
parents 36a7b2c61bce
children 117b658b3eeb
files dropbear/receipt dropbear/stuff/CVE-2023-48795.patch libcrypto-compat/receipt libcrypto-dev/receipt libcrypto/receipt libcrypto11-dev/receipt libcrypto11/receipt libssl-compat/receipt libssl/receipt libssl11/receipt openssl-compat/receipt openssl-dev/receipt openssl/receipt openssl11-dev/receipt openssl11/receipt
line diff
     1.1 --- a/dropbear/receipt	Sun Mar 10 13:41:01 2024 +0000
     1.2 +++ b/dropbear/receipt	Tue Mar 12 19:49:16 2024 +0000
     1.3 @@ -37,6 +37,9 @@
     1.4  # Rules to configure and make the package.
     1.5  compile_rules()
     1.6  {
     1.7 +	# CVE-2023-48795
     1.8 +	patch -p1 < $stuff/CVE-2023-48795.patch
     1.9 +
    1.10  	local i
    1.11  	local DROPBEARS
    1.12  	DROPBEARS="dropbearkey dropbearconvert dbclient scp"
    1.13 @@ -44,6 +47,7 @@
    1.14  #define SFTPSERVER_PATH "/usr/sbin/sftp-server"
    1.15  #define DROPBEAR_X11FWD 1
    1.16  EOT
    1.17 +	sed -i 's|"SSH-2.0-dropbear_" DROPBEAR_VERSION|"SSH-2.0-dropbear"|' sysoptions.h
    1.18  	sed -i 's|DROPBEAR_CHANNEL_PRIO_INTERACTIVE|DROPBEAR_PRIO_LOWDELAY|' svr-x11fwd.c
    1.19  	sed -i 's|shell arch|shell uname -m|' libtommath/makefile_include.mk
    1.20  	./configure --prefix=/usr --without-pam $CONFIGURE_ARGS $CROSS_ARGS &&
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/dropbear/stuff/CVE-2023-48795.patch	Tue Mar 12 19:49:16 2024 +0000
     2.3 @@ -0,0 +1,232 @@
     2.4 +From 6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 Mon Sep 17 00:00:00 2001
     2.5 +From: Matt Johnston <matt@ucc.asn.au>
     2.6 +Date: Mon, 20 Nov 2023 14:02:47 +0800
     2.7 +Subject: [PATCH] Implement Strict KEX mode
     2.8 +
     2.9 +As specified by OpenSSH with kex-strict-c-v00@openssh.com and
    2.10 +kex-strict-s-v00@openssh.com.
    2.11 +
    2.12 +Upstream: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356
    2.13 +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
    2.14 +---
    2.15 + src/cli-session.c    | 11 +++++++++++
    2.16 + src/common-algo.c    |  6 ++++++
    2.17 + src/common-kex.c     | 26 +++++++++++++++++++++++++-
    2.18 + src/kex.h            |  3 +++
    2.19 + src/process-packet.c | 34 +++++++++++++++++++---------------
    2.20 + src/ssh.h            |  4 ++++
    2.21 + src/svr-session.c    |  3 +++
    2.22 + 7 files changed, 71 insertions(+), 16 deletions(-)
    2.23 +
    2.24 +diff --git a/cli-session.c b/cli-session.c
    2.25 +index 5981b2470..d261c8f82 100644
    2.26 +--- a/cli-session.c
    2.27 ++++ b/cli-session.c
    2.28 +@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN;
    2.29 + static void recv_msg_service_accept(void);
    2.30 + static void cli_session_cleanup(void);
    2.31 + static void recv_msg_global_request_cli(void);
    2.32 ++static void cli_algos_initialise(void);
    2.33 + 
    2.34 + struct clientsession cli_ses; /* GLOBAL */
    2.35 + 
    2.36 +@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection
    2.37 + 	}
    2.38 + 
    2.39 + 	chaninitialise(cli_chantypes);
    2.40 ++	cli_algos_initialise();
    2.41 + 
    2.42 + 	/* Set up cli_ses vars */
    2.43 + 	cli_session_init(proxy_cmd_pid);
    2.44 +@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) {
    2.45 + 	fflush(stderr);
    2.46 + }
    2.47 + 
    2.48 ++static void cli_algos_initialise(void) {
    2.49 ++	algo_type *algo;
    2.50 ++	for (algo = sshkex; algo->name; algo++) {
    2.51 ++		if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) {
    2.52 ++			algo->usable = 0;
    2.53 ++		}
    2.54 ++	}
    2.55 ++}
    2.56 ++
    2.57 +diff --git a/common-algo.c b/common-algo.c
    2.58 +index 378f0ca8e..f9d46ebb6 100644
    2.59 +--- a/common-algo.c
    2.60 ++++ b/common-algo.c
    2.61 +@@ -307,6 +307,12 @@ algo_type sshkex[] = {
    2.62 + 	/* Set unusable by svr_algos_initialise() */
    2.63 + 	{SSH_EXT_INFO_C, 0, NULL, 1, NULL},
    2.64 + #endif
    2.65 ++#endif
    2.66 ++#if DROPBEAR_CLIENT
    2.67 ++	{SSH_STRICT_KEX_C, 0, NULL, 1, NULL},
    2.68 ++#endif
    2.69 ++#if DROPBEAR_SERVER
    2.70 ++	{SSH_STRICT_KEX_S, 0, NULL, 1, NULL},
    2.71 + #endif
    2.72 + 	{NULL, 0, NULL, 0, NULL}
    2.73 + };
    2.74 +diff --git a/common-kex.c b/common-kex.c
    2.75 +index ac8844246..8e33b12a6 100644
    2.76 +--- a/common-kex.c
    2.77 ++++ b/common-kex.c
    2.78 +@@ -183,6 +183,10 @@ void send_msg_newkeys() {
    2.79 + 	gen_new_keys();
    2.80 + 	switch_keys();
    2.81 + 
    2.82 ++	if (ses.kexstate.strict_kex) {
    2.83 ++		ses.transseq = 0;
    2.84 ++	}
    2.85 ++
    2.86 + 	TRACE(("leave send_msg_newkeys"))
    2.87 + }
    2.88 + 
    2.89 +@@ -193,7 +197,11 @@ void recv_msg_newkeys() {
    2.90 + 
    2.91 + 	ses.kexstate.recvnewkeys = 1;
    2.92 + 	switch_keys();
    2.93 +-	
    2.94 ++
    2.95 ++	if (ses.kexstate.strict_kex) {
    2.96 ++		ses.recvseq = 0;
    2.97 ++	}
    2.98 ++
    2.99 + 	TRACE(("leave recv_msg_newkeys"))
   2.100 + }
   2.101 + 
   2.102 +@@ -550,6 +558,10 @@ void recv_msg_kexinit() {
   2.103 + 
   2.104 + 	ses.kexstate.recvkexinit = 1;
   2.105 + 
   2.106 ++	if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) {
   2.107 ++		dropbear_exit("First packet wasn't kexinit");
   2.108 ++	}
   2.109 ++
   2.110 + 	TRACE(("leave recv_msg_kexinit"))
   2.111 + }
   2.112 + 
   2.113 +@@ -859,6 +871,18 @@ static void read_kex_algos() {
   2.114 + 	}
   2.115 + #endif
   2.116 + 
   2.117 ++	if (!ses.kexstate.donefirstkex) {
   2.118 ++		const char* strict_name;
   2.119 ++		if (IS_DROPBEAR_CLIENT) {
   2.120 ++			strict_name = SSH_STRICT_KEX_S;
   2.121 ++		} else {
   2.122 ++			strict_name = SSH_STRICT_KEX_C;
   2.123 ++		}
   2.124 ++		if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) {
   2.125 ++			ses.kexstate.strict_kex = 1;
   2.126 ++		}
   2.127 ++	}
   2.128 ++
   2.129 + 	algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess);
   2.130 + 	allgood &= goodguess;
   2.131 + 	if (algo == NULL || algo->data == NULL) {
   2.132 +diff --git a/kex.h b/kex.h
   2.133 +index 77cf21a37..7fcc3c252 100644
   2.134 +--- a/kex.h
   2.135 ++++ b/kex.h
   2.136 +@@ -83,6 +83,9 @@ struct KEXState {
   2.137 + 
   2.138 + 	unsigned our_first_follows_matches : 1;
   2.139 + 
   2.140 ++	/* Boolean indicating that strict kex mode is in use */
   2.141 ++	unsigned int strict_kex;
   2.142 ++
   2.143 + 	time_t lastkextime; /* time of the last kex */
   2.144 + 	unsigned int datatrans; /* data transmitted since last kex */
   2.145 + 	unsigned int datarecv; /* data received since last kex */
   2.146 +diff --git a/process-packet.c b/process-packet.c
   2.147 +index 945416023..133a152d0 100644
   2.148 +--- a/process-packet.c
   2.149 ++++ b/process-packet.c
   2.150 +@@ -44,6 +44,7 @@ void process_packet() {
   2.151 + 
   2.152 + 	unsigned char type;
   2.153 + 	unsigned int i;
   2.154 ++	unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex;
   2.155 + 	time_t now;
   2.156 + 
   2.157 + 	TRACE2(("enter process_packet"))
   2.158 +@@ -54,22 +55,24 @@ void process_packet() {
   2.159 + 	now = monotonic_now();
   2.160 + 	ses.last_packet_time_keepalive_recv = now;
   2.161 + 
   2.162 +-	/* These packets we can receive at any time */
   2.163 +-	switch(type) {
   2.164 + 
   2.165 +-		case SSH_MSG_IGNORE:
   2.166 +-			goto out;
   2.167 +-		case SSH_MSG_DEBUG:
   2.168 +-			goto out;
   2.169 ++	if (type == SSH_MSG_DISCONNECT) {
   2.170 ++		/* Allowed at any time */
   2.171 ++		dropbear_close("Disconnect received");
   2.172 ++	}
   2.173 + 
   2.174 +-		case SSH_MSG_UNIMPLEMENTED:
   2.175 +-			/* debugging XXX */
   2.176 +-			TRACE(("SSH_MSG_UNIMPLEMENTED"))
   2.177 +-			goto out;
   2.178 +-			
   2.179 +-		case SSH_MSG_DISCONNECT:
   2.180 +-			/* TODO cleanup? */
   2.181 +-			dropbear_close("Disconnect received");
   2.182 ++	/* These packets may be received at any time,
   2.183 ++	   except during first kex with strict kex */
   2.184 ++	if (!first_strict_kex) {
   2.185 ++		switch(type) {
   2.186 ++			case SSH_MSG_IGNORE:
   2.187 ++				goto out;
   2.188 ++			case SSH_MSG_DEBUG:
   2.189 ++				goto out;
   2.190 ++			case SSH_MSG_UNIMPLEMENTED:
   2.191 ++				TRACE(("SSH_MSG_UNIMPLEMENTED"))
   2.192 ++				goto out;
   2.193 ++		}
   2.194 + 	}
   2.195 + 
   2.196 + 	/* Ignore these packet types so that keepalives don't interfere with
   2.197 +@@ -98,7 +101,8 @@ void process_packet() {
   2.198 + 			if (type >= 1 && type <= 49
   2.199 + 				&& type != SSH_MSG_SERVICE_REQUEST
   2.200 + 				&& type != SSH_MSG_SERVICE_ACCEPT
   2.201 +-				&& type != SSH_MSG_KEXINIT)
   2.202 ++				&& type != SSH_MSG_KEXINIT
   2.203 ++				&& !first_strict_kex)
   2.204 + 			{
   2.205 + 				TRACE(("unknown allowed packet during kexinit"))
   2.206 + 				recv_unimplemented();
   2.207 +diff --git a/ssh.h b/ssh.h
   2.208 +index 1b4fec65f..ef3efdca0 100644
   2.209 +--- a/ssh.h
   2.210 ++++ b/ssh.h
   2.211 +@@ -100,6 +100,10 @@
   2.212 + #define SSH_EXT_INFO_C "ext-info-c"
   2.213 + #define SSH_SERVER_SIG_ALGS "server-sig-algs"
   2.214 + 
   2.215 ++/* OpenSSH strict KEX feature */
   2.216 ++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com"
   2.217 ++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com"
   2.218 ++
   2.219 + /* service types */
   2.220 + #define SSH_SERVICE_USERAUTH "ssh-userauth"
   2.221 + #define SSH_SERVICE_USERAUTH_LEN 12
   2.222 +diff --git a/svr-session.c b/svr-session.c
   2.223 +index 769f0731d..a538e2c5c 100644
   2.224 +--- a/svr-session.c
   2.225 ++++ b/svr-session.c
   2.226 +@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) {
   2.227 + 			algo->usable = 0;
   2.228 + 		}
   2.229 + #endif
   2.230 ++		if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) {
   2.231 ++			algo->usable = 0;
   2.232 ++		}
   2.233 + 	}
   2.234 + }
   2.235 + 
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/libcrypto-compat/receipt	Tue Mar 12 19:49:16 2024 +0000
     3.3 @@ -0,0 +1,19 @@
     3.4 +# SliTaz package receipt.
     3.5 +
     3.6 +PACKAGE="libcrypto-compat"
     3.7 +VERSION="1.1.1w"
     3.8 +CATEGORY="security"
     3.9 +SHORT_DESC="General purpose cryptographic shared library (compat)."
    3.10 +MAINTAINER="maintainer@slitaz.org"
    3.11 +LICENSE="BSD"
    3.12 +WEB_SITE="https://www.openssl.org/"
    3.13 +HOST_ARCH="i486 arm"
    3.14 +
    3.15 +WANTED="openssl-compat"
    3.16 +
    3.17 +# Rules to gen a SliTaz package suitable for Tazpkg.
    3.18 +genpkg_rules()
    3.19 +{
    3.20 +	mkdir -p $fs/usr/lib
    3.21 +	cp -a $install/usr/lib/libcrypto.so.1.1 $fs/usr/lib
    3.22 +}
     4.1 --- a/libcrypto-dev/receipt	Sun Mar 10 13:41:01 2024 +0000
     4.2 +++ b/libcrypto-dev/receipt	Tue Mar 12 19:49:16 2024 +0000
     4.3 @@ -1,7 +1,7 @@
     4.4  # SliTaz package receipt.
     4.5  
     4.6  PACKAGE="libcrypto-dev"
     4.7 -VERSION="1.1.1w"
     4.8 +VERSION="3.0.13"
     4.9  CATEGORY="development"
    4.10  SHORT_DESC="General purpose cryptographic shared library devel files."
    4.11  MAINTAINER="pascal.bellard@slitaz.org"
     5.1 --- a/libcrypto/receipt	Sun Mar 10 13:41:01 2024 +0000
     5.2 +++ b/libcrypto/receipt	Tue Mar 12 19:49:16 2024 +0000
     5.3 @@ -1,7 +1,7 @@
     5.4  # SliTaz package receipt.
     5.5  
     5.6  PACKAGE="libcrypto"
     5.7 -VERSION="1.1.1w"
     5.8 +VERSION="3.0.13"
     5.9  CATEGORY="security"
    5.10  SHORT_DESC="General purpose cryptographic shared library."
    5.11  MAINTAINER="pascal.bellard@slitaz.org"
    5.12 @@ -11,6 +11,9 @@
    5.13  
    5.14  WANTED="openssl"
    5.15  
    5.16 +# We add libcrypto-compat to ensure smooth upgrade between versions
    5.17 +DEPENDS="libcrypto-compat libatomic"
    5.18 +
    5.19  # Rules to gen a SliTaz package suitable for Tazpkg.
    5.20  genpkg_rules()
    5.21  {
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/libcrypto11-dev/receipt	Tue Mar 12 19:49:16 2024 +0000
     6.3 @@ -0,0 +1,24 @@
     6.4 +# SliTaz package receipt.
     6.5 +
     6.6 +PACKAGE="libcrypto11-dev"
     6.7 +VERSION="1.1.1w"
     6.8 +CATEGORY="development"
     6.9 +SHORT_DESC="General purpose cryptographic shared library devel files (1.1.1 series)."
    6.10 +MAINTAINER="pascal.bellard@slitaz.org"
    6.11 +LICENSE="BSD"
    6.12 +WEB_SITE="https://www.openssl.org/"
    6.13 +HOST_ARCH="i486 arm"
    6.14 +
    6.15 +WANTED="openssl11"
    6.16 +DEPENDS="pkg-config"
    6.17 +
    6.18 +# Rules to gen a SliTaz package suitable for Tazpkg.
    6.19 +genpkg_rules()
    6.20 +{
    6.21 +	mkdir -p $fs/usr/lib/openssl-1.1/pkgconfig
    6.22 +	cp -a $install/usr/lib/openssl-1.1/libcrypto.a $fs/usr/lib/openssl-1.1
    6.23 +	cp -a $install/usr/lib/openssl-1.1/pkgconfig/libcrypto* \
    6.24 +		$fs/usr/lib/openssl-1.1/pkgconfig
    6.25 +        sed -e 's|/include$|/include/openssl-1.1|' \
    6.26 +                -i $fs/usr/lib/openssl-1.1/pkgconfig/*.pc
    6.27 +}
     7.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.2 +++ b/libcrypto11/receipt	Tue Mar 12 19:49:16 2024 +0000
     7.3 @@ -0,0 +1,19 @@
     7.4 +# SliTaz package receipt.
     7.5 +
     7.6 +PACKAGE="libcrypto11"
     7.7 +VERSION="1.1.1w"
     7.8 +CATEGORY="security"
     7.9 +SHORT_DESC="General purpose cryptographic shared library (1.1.1 series)."
    7.10 +MAINTAINER="pascal.bellard@slitaz.org"
    7.11 +LICENSE="BSD"
    7.12 +WEB_SITE="https://www.openssl.org/"
    7.13 +HOST_ARCH="i486 arm"
    7.14 +
    7.15 +WANTED="openssl11"
    7.16 +
    7.17 +# Rules to gen a SliTaz package suitable for Tazpkg.
    7.18 +genpkg_rules()
    7.19 +{
    7.20 +	mkdir -p $fs/usr/lib/openssl-1.1
    7.21 +	cp -a $install/usr/lib/openssl-1.1/libcrypto.so.* $fs/usr/lib/openssl-1.1
    7.22 +}
     8.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.2 +++ b/libssl-compat/receipt	Tue Mar 12 19:49:16 2024 +0000
     8.3 @@ -0,0 +1,19 @@
     8.4 +# SliTaz package receipt.
     8.5 +
     8.6 +PACKAGE="libssl-compat"
     8.7 +VERSION="1.1.1w"
     8.8 +CATEGORY="security"
     8.9 +SHORT_DESC="OpenSSL libraries (compat)."
    8.10 +MAINTAINER="maintainer@slitaz.org"
    8.11 +LICENSE="BSD"
    8.12 +WEB_SITE="https://www.openssl.org/"
    8.13 +HOST_ARCH="i486 arm"
    8.14 +
    8.15 +WANTED="openssl-compat"
    8.16 +
    8.17 +# Rules to gen a SliTaz package suitable for Tazpkg.
    8.18 +genpkg_rules()
    8.19 +{
    8.20 +	mkdir -p $fs/usr/lib
    8.21 +	cp -a $install/usr/lib/libssl.so.1.1 $fs/usr/lib
    8.22 +}
     9.1 --- a/libssl/receipt	Sun Mar 10 13:41:01 2024 +0000
     9.2 +++ b/libssl/receipt	Tue Mar 12 19:49:16 2024 +0000
     9.3 @@ -1,7 +1,7 @@
     9.4  # SliTaz package receipt.
     9.5  
     9.6  PACKAGE="libssl"
     9.7 -VERSION="1.1.1w"
     9.8 +VERSION="3.0.13"
     9.9  CATEGORY="security"
    9.10  SHORT_DESC="OpenSSL libraries."
    9.11  MAINTAINER="pascal.bellard@slitaz.org"
    9.12 @@ -10,7 +10,9 @@
    9.13  HOST_ARCH="i486 arm"
    9.14  
    9.15  WANTED="openssl"
    9.16 -DEPENDS="libcrypto"
    9.17 +
    9.18 +# We add libssl-compat to ensure smooth upgrade between versions
    9.19 +DEPENDS="libcrypto libssl-compat"
    9.20  
    9.21  # Rules to gen a SliTaz package suitable for Tazpkg.
    9.22  genpkg_rules()
    10.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    10.2 +++ b/libssl11/receipt	Tue Mar 12 19:49:16 2024 +0000
    10.3 @@ -0,0 +1,20 @@
    10.4 +# SliTaz package receipt.
    10.5 +
    10.6 +PACKAGE="libssl11"
    10.7 +VERSION="1.1.1w"
    10.8 +CATEGORY="security"
    10.9 +SHORT_DESC="OpenSSL libraries (1.1.1 series)."
   10.10 +MAINTAINER="pascal.bellard@slitaz.org"
   10.11 +LICENSE="BSD"
   10.12 +WEB_SITE="https://www.openssl.org/"
   10.13 +HOST_ARCH="i486 arm"
   10.14 +
   10.15 +WANTED="openssl11"
   10.16 +DEPENDS="libcrypto11"
   10.17 +
   10.18 +# Rules to gen a SliTaz package suitable for Tazpkg.
   10.19 +genpkg_rules()
   10.20 +{
   10.21 +	mkdir -p $fs/usr/lib/openssl-1.1
   10.22 +	cp -a $install/usr/lib/openssl-1.1/libssl.so.* $fs/usr/lib/openssl-1.1
   10.23 +}
    11.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    11.2 +++ b/openssl-compat/receipt	Tue Mar 12 19:49:16 2024 +0000
    11.3 @@ -0,0 +1,72 @@
    11.4 +# SliTaz package receipt.
    11.5 +
    11.6 +PACKAGE="openssl-compat"
    11.7 +SOURCE="openssl"
    11.8 +VERSION="1.1.1w"
    11.9 +CATEGORY="security"
   11.10 +SHORT_DESC="Open source Secure Sockets Layer (compat)."
   11.11 +MAINTAINER="pascal.bellard@slitaz.org"
   11.12 +LICENSE="BSD"
   11.13 +WEB_SITE="https://www.openssl.org/"
   11.14 +TAGS="ssl security"
   11.15 +HOST_ARCH="i486 arm"
   11.16 +
   11.17 +TARBALL="$SOURCE-$VERSION.tar.gz"
   11.18 +WGET_URL="https://www.openssl.org/source/$TARBALL"
   11.19 +
   11.20 +DEPENDS="libcrypto-compat libssl-compat"
   11.21 +BUILD_DEPENDS="perl zlib-dev"
   11.22 +SPLIT="libcrypto-compat libssl-compat"
   11.23 +
   11.24 +current_version()
   11.25 +{
   11.26 +	wget -O - $(dirname $WGET_URL) 2>/dev/null | \
   11.27 +	sed '/openssl-/!d;/-[abr]/d;s|.tar.gz</a.*||;s|.*>openssl-||;q'
   11.28 +}
   11.29 +
   11.30 +# Perl is installed in cross env.
   11.31 +case "$ARCH" in
   11.32 +	arm) BUILD_DEPENDS="" ;;
   11.33 +esac
   11.34 +
   11.35 +# Rules to configure and make the package.
   11.36 +compile_rules()
   11.37 +{
   11.38 +	# MAKEFLAGS make openssl build fail.
   11.39 +	unset MAKEFLAGS
   11.40 +
   11.41 +	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
   11.42 +	# marked as not requiring an executable stack (compatibility improvement).
   11.43 +	case "$ARCH" in
   11.44 +		arm)
   11.45 +			# BUG: shared libs are not built
   11.46 +			./Configure --prefix=/usr --openssldir=/etc/ssl \
   11.47 +				 shared zlib enable-md2 -Wa,--noexecstack \
   11.48 +				 linux-armv4 &&
   11.49 +			sed -i 's/\(basename .*\)`/\1 || true `/' Makefile &&
   11.50 +			make \
   11.51 +				CC=${HOST_SYSTEM}-gcc \
   11.52 +				AR="${HOST_SYSTEM}-ar r" \
   11.53 +				RANLIB=${HOST_SYSTEM}-ranlib ;;
   11.54 +		i486)
   11.55 +			MACHINE=i686 \
   11.56 +			./config --prefix=/usr --openssldir=/etc/ssl \
   11.57 +				shared zlib zlib-dynamic enable-md2 \
   11.58 +				no-ssl3-method -Wa,--noexecstack &&
   11.59 +			make depend ;;
   11.60 +	esac &&
   11.61 +	# Install
   11.62 +	make DESTDIR=$PWD/_pkg MANDIR=$PWD/_pkg/usr/share/man \
   11.63 +	install_sw install_ssldirs
   11.64 +}
   11.65 +
   11.66 +# Rules to gen a SliTaz package suitable for Tazpkg.
   11.67 +genpkg_rules()
   11.68 +{
   11.69 +	cook_copy_folders etc bin engines
   11.70 +}
   11.71 +
   11.72 +testsuite()
   11.73 +{
   11.74 +	readelf -h $install/usr/bin/openssl
   11.75 +}
    12.1 --- a/openssl-dev/receipt	Sun Mar 10 13:41:01 2024 +0000
    12.2 +++ b/openssl-dev/receipt	Tue Mar 12 19:49:16 2024 +0000
    12.3 @@ -1,7 +1,7 @@
    12.4  # SliTaz package receipt.
    12.5  
    12.6  PACKAGE="openssl-dev"
    12.7 -VERSION="1.1.1w"
    12.8 +VERSION="3.0.13"
    12.9  CATEGORY="development"
   12.10  SHORT_DESC="Open source Secure Sockets Layer devel files."
   12.11  MAINTAINER="pascal.bellard@slitaz.org"
    13.1 --- a/openssl/receipt	Sun Mar 10 13:41:01 2024 +0000
    13.2 +++ b/openssl/receipt	Tue Mar 12 19:49:16 2024 +0000
    13.3 @@ -1,7 +1,7 @@
    13.4  # SliTaz package receipt.
    13.5  
    13.6  PACKAGE="openssl"
    13.7 -VERSION="1.1.1w"
    13.8 +VERSION="3.0.13"
    13.9  CATEGORY="security"
   13.10  SHORT_DESC="Open source Secure Sockets Layer."
   13.11  MAINTAINER="pascal.bellard@slitaz.org"
   13.12 @@ -13,8 +13,8 @@
   13.13  TARBALL="$PACKAGE-$VERSION.tar.gz"
   13.14  WGET_URL="https://www.openssl.org/source/$TARBALL"
   13.15  
   13.16 -DEPENDS="libcrypto libssl"
   13.17 -BUILD_DEPENDS="perl zlib-dev"
   13.18 +DEPENDS="libcrypto libssl libatomic"
   13.19 +BUILD_DEPENDS="perl zlib-dev libatomic"
   13.20  SPLIT="libcrypto libcrypto-dev libssl openssl-dev"
   13.21  
   13.22  current_version()
   13.23 @@ -34,6 +34,8 @@
   13.24  	# MAKEFLAGS make openssl build fail.
   13.25  	unset MAKEFLAGS
   13.26  
   13.27 +	export LDFLAGS="$LDFLAGS -latomic"
   13.28 +
   13.29  	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
   13.30  	# marked as not requiring an executable stack (compatibility improvement).
   13.31  	case "$ARCH" in
   13.32 @@ -48,8 +50,7 @@
   13.33  				AR="${HOST_SYSTEM}-ar r" \
   13.34  				RANLIB=${HOST_SYSTEM}-ranlib ;;
   13.35  		i486)
   13.36 -			MACHINE=i686 \
   13.37 -			./config --prefix=/usr --openssldir=/etc/ssl \
   13.38 +			./config linux-generic32 --prefix=/usr --openssldir=/etc/ssl \
   13.39  				shared zlib zlib-dynamic enable-md2 \
   13.40  				no-ssl3-method -Wa,--noexecstack &&
   13.41  			make depend ;;
   13.42 @@ -63,6 +64,8 @@
   13.43  genpkg_rules()
   13.44  {
   13.45  	cook_copy_folders etc bin engines
   13.46 +	# Remove .dist file
   13.47 +	rm $fs/etc/ssl/*.dist
   13.48  }
   13.49  
   13.50  testsuite()
    14.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    14.2 +++ b/openssl11-dev/receipt	Tue Mar 12 19:49:16 2024 +0000
    14.3 @@ -0,0 +1,27 @@
    14.4 +# SliTaz package receipt.
    14.5 +
    14.6 +PACKAGE="openssl11-dev"
    14.7 +VERSION="1.1.1w"
    14.8 +CATEGORY="development"
    14.9 +SHORT_DESC="Open source Secure Sockets Layer devel files (1.1.1 series)."
   14.10 +MAINTAINER="pascal.bellard@slitaz.org"
   14.11 +LICENSE="BSD"
   14.12 +WEB_SITE="https://www.openssl.org/"
   14.13 +HOST_ARCH="i486 arm"
   14.14 +
   14.15 +WANTED="openssl11"
   14.16 +DEPENDS="libcrypto11-dev pkg-config"
   14.17 +
   14.18 +# Rules to gen a SliTaz package suitable for Tazpkg.
   14.19 +genpkg_rules()
   14.20 +{
   14.21 +	mkdir -p $fs/usr/lib/openssl-1.1 $fs/usr/include/openssl-1.1
   14.22 +	cp -a $install/usr/include/openssl $fs/usr/include/openssl-1.1
   14.23 +	cp -a $install/usr/lib/openssl-1.1/*.a $fs/usr/lib/openssl-1.1
   14.24 +	cp -a $install/usr/lib/openssl-1.1/pkgconfig $fs/usr/lib/openssl-1.1
   14.25 +	sed -e 's|/include$|/include/openssl-1.1|' \
   14.26 +		-i $fs/usr/lib/openssl-1.1/pkgconfig/*.pc
   14.27 +	# libcrypto* have moved to a specific package
   14.28 +	rm -f $fs/usr/lib/openssl-1.1/libcrypto*
   14.29 +	rm -f $fs/usr/lib/openssl-1.1/pkgconfig/libcrypto*
   14.30 +}
    15.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    15.2 +++ b/openssl11/receipt	Tue Mar 12 19:49:16 2024 +0000
    15.3 @@ -0,0 +1,75 @@
    15.4 +# SliTaz package receipt.
    15.5 +
    15.6 +PACKAGE="openssl11"
    15.7 +SOURCE="openssl"
    15.8 +VERSION="1.1.1w"
    15.9 +CATEGORY="security"
   15.10 +SHORT_DESC="Open source Secure Sockets Layer (1.1.1 series)."
   15.11 +MAINTAINER="pascal.bellard@slitaz.org"
   15.12 +LICENSE="BSD"
   15.13 +WEB_SITE="https://www.openssl.org/"
   15.14 +TAGS="ssl security"
   15.15 +HOST_ARCH="i486 arm"
   15.16 +
   15.17 +TARBALL="$SOURCE-$VERSION.tar.gz"
   15.18 +WGET_URL="https://www.openssl.org/source/$TARBALL"
   15.19 +
   15.20 +DEPENDS="libcrypto11 libssl11"
   15.21 +BUILD_DEPENDS="perl zlib-dev"
   15.22 +SPLIT="libcrypto11 libcrypto11-dev libssl11 openssl11-dev"
   15.23 +
   15.24 +current_version()
   15.25 +{
   15.26 +	wget -O - $(dirname $WGET_URL) 2>/dev/null | \
   15.27 +	sed '/openssl-/!d;/-[abr]/d;s|.tar.gz</a.*||;s|.*>openssl-||;q'
   15.28 +}
   15.29 +
   15.30 +# Perl is installed in cross env.
   15.31 +case "$ARCH" in
   15.32 +	arm) BUILD_DEPENDS="" ;;
   15.33 +esac
   15.34 +
   15.35 +# Rules to configure and make the package.
   15.36 +compile_rules()
   15.37 +{
   15.38 +	# MAKEFLAGS make openssl build fail.
   15.39 +	unset MAKEFLAGS
   15.40 +
   15.41 +	# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
   15.42 +	# marked as not requiring an executable stack (compatibility improvement).
   15.43 +	case "$ARCH" in
   15.44 +		arm)
   15.45 +			# BUG: shared libs are not built
   15.46 +			./Configure --prefix=/usr --openssldir=/etc/ssl \
   15.47 +				 shared zlib enable-md2 -Wa,--noexecstack \
   15.48 +				 linux-armv4 &&
   15.49 +			sed -i 's/\(basename .*\)`/\1 || true `/' Makefile &&
   15.50 +			make \
   15.51 +				CC=${HOST_SYSTEM}-gcc \
   15.52 +				AR="${HOST_SYSTEM}-ar r" \
   15.53 +				RANLIB=${HOST_SYSTEM}-ranlib ;;
   15.54 +		i486)
   15.55 +			MACHINE=i686 \
   15.56 +			./config --prefix=/usr --openssldir=/etc/ssl \
   15.57 +				--libdir=lib/openssl-1.1 shared zlib \
   15.58 +				zlib-dynamic enable-md2 no-ssl3-method \
   15.59 +				-Wa,--noexecstack &&
   15.60 +			make depend ;;
   15.61 +	esac &&
   15.62 +	# Install
   15.63 +	make DESTDIR=$PWD/_pkg MANDIR=$PWD/_pkg/usr/share/man \
   15.64 +	install_sw install_ssldirs
   15.65 +}
   15.66 +
   15.67 +# Rules to gen a SliTaz package suitable for Tazpkg.
   15.68 +genpkg_rules()
   15.69 +{
   15.70 +	mkdir -p $fs/usr/bin $fs/usr/lib/openssl-1.1
   15.71 +	cp -a $install/usr/bin/openssl $fs/usr/bin/openssl-1.1
   15.72 +	cp -a $install/usr/lib/openssl-1.1/engines-1.1 $fs/usr/lib/openssl-1.1
   15.73 +}
   15.74 +
   15.75 +testsuite()
   15.76 +{
   15.77 +	readelf -h $install/usr/bin/openssl
   15.78 +}