From 0608868e179aa52fbbc0040d8275a073545721dd Mon Sep 17 00:00:00 2001 From: Yaksh Bariya Date: Sat, 22 Jan 2022 20:00:36 +0530 Subject: [PATCH] openssl: update to 3.0.1 Changes made:- - OpenSSL has been updates to 3.0.1 - `openssl-1.1` package has been added for packages still needing the legacy version. Any package that still needs legacy openssl-1.1 needs some extra CFLAGS, CXXFLAGS, LDFLAGS and CPPFLAGS CFLAGS="-I$TERMUX_PREFIX/include/openssl-1.1 $CFLAGS" CXXFLAGS="-I$TERMUX_PREFIX/include/openssl-1.1 $CXXFLAGS" CPPFLAGS="-I$TERMUX_PREFIX/include/openssl-1.1 $CPPFLAGS" LDFLAGS="-L$TERMUX_PREFIX/lib/openssl-1.1 $LDFLAGS" Additionally if the package by itself adds `-I$prefix/include` or similar, it needs to be patched not to do so in order to prevent it from using OpenSSL 3 headers Similarly for LDFLAGS, make sure that package doesn't add `-L$prefix/lib` and `-Wl,-rpath=$prefix/lib` before OpenSSL 1.1 LDFLAGS nentioned above or else it will cause compilation errors --- .../Configurations-15-android.conf.patch | 47 ++++++++++++ .../apps-ocsp.c.patch | 0 packages/openssl-1.1/build.sh | 76 +++++++++++++++++++ .../{openssl => openssl-1.1}/e_os.h.patch | 0 .../openssl-1.1/openssl1.1-tool.subpackage.sh | 2 + .../Configurations-15-android.conf.patch | 30 ++++---- packages/openssl/build.sh | 9 +-- packages/openssl/include-crypto-rand.h.patch | 11 +++ 8 files changed, 156 insertions(+), 19 deletions(-) create mode 100644 packages/openssl-1.1/Configurations-15-android.conf.patch rename packages/{openssl => openssl-1.1}/apps-ocsp.c.patch (100%) create mode 100644 packages/openssl-1.1/build.sh rename packages/{openssl => openssl-1.1}/e_os.h.patch (100%) create mode 100644 packages/openssl-1.1/openssl1.1-tool.subpackage.sh create mode 100644 packages/openssl/include-crypto-rand.h.patch diff --git a/packages/openssl-1.1/Configurations-15-android.conf.patch b/packages/openssl-1.1/Configurations-15-android.conf.patch new file mode 100644 index 000000000..cabdfa800 --- /dev/null +++ b/packages/openssl-1.1/Configurations-15-android.conf.patch @@ -0,0 +1,47 @@ +diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations/15-android.conf +--- ../openssl-1.1.1-pre9/Configurations/15-android.conf 2018-08-21 12:14:11.000000000 +0000 ++++ ./Configurations/15-android.conf 2018-08-22 09:48:30.506584421 +0000 +@@ -130,10 +130,10 @@ + # systems are perfectly capable of executing binaries targeting + # Froyo. Keep in mind that in the nutshell Android builds are + # about JNI, i.e. shared libraries, not applications. +- cflags => add(sub { android_ndk()->{cflags} }), +- cppflags => add(sub { android_ndk()->{cppflags} }), +- cxxflags => add(sub { android_ndk()->{cflags} }), +- bn_ops => sub { android_ndk()->{bn_ops} }, ++ #cflags => add(sub { android_ndk()->{cflags} }), ++ #cppflags => add(sub { android_ndk()->{cppflags} }), ++ #cxxflags => add(sub { android_ndk()->{cflags} }), ++ #bn_ops => sub { android_ndk()->{bn_ops} }, + bin_cflags => "-pie", + enable => [ ], + }, +@@ -166,11 +166,11 @@ + # Newer NDK versions reportedly require additional -latomic. + # + inherit_from => [ "android", asm("armv4_asm") ], +- bn_ops => add("RC4_CHAR"), ++ bn_ops => "BN_LLONG RC4_CHAR", + }, + "android-arm64" => { + inherit_from => [ "android", asm("aarch64_asm") ], +- bn_ops => add("RC4_CHAR"), ++ bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "linux64", + }, + +@@ -197,12 +197,12 @@ + "android-x86" => { + inherit_from => [ "android", asm("x86_asm") ], + CFLAGS => add(picker(release => "-fomit-frame-pointer")), +- bn_ops => add("RC4_INT"), ++ bn_ops => "BN_LLONG RC4_INT", + perlasm_scheme => "android", + }, + "android-x86_64" => { + inherit_from => [ "android", asm("x86_64_asm") ], +- bn_ops => add("RC4_INT"), ++ bn_ops => "SIXTY_FOUR_BIT_LONG RC4_INT", + perlasm_scheme => "elf", + }, + diff --git a/packages/openssl/apps-ocsp.c.patch b/packages/openssl-1.1/apps-ocsp.c.patch similarity index 100% rename from packages/openssl/apps-ocsp.c.patch rename to packages/openssl-1.1/apps-ocsp.c.patch diff --git a/packages/openssl-1.1/build.sh b/packages/openssl-1.1/build.sh new file mode 100644 index 000000000..83c35e6de --- /dev/null +++ b/packages/openssl-1.1/build.sh @@ -0,0 +1,76 @@ +TERMUX_PKG_HOMEPAGE=https://www.openssl.org/ +TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions" +TERMUX_PKG_LICENSE="BSD" +TERMUX_PKG_MAINTAINER="@termux" +TERMUX_PKG_VERSION=1.1.1m +TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION/\~/-}.tar.gz +TERMUX_PKG_SHA256=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96 +TERMUX_PKG_DEPENDS="ca-certificates, zlib" +TERMUX_PKG_CONFFILES="etc/tls/openssl.cnf" +TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/" +TERMUX_PKG_BUILD_IN_SRC=true +TERMUX_PKG_CONFLICTS="libcurl (<< 7.61.0-1)" +TERMUX_PKG_BREAKS="openssl (<< 1.1.1m)" +TERMUX_PKG_REPLACES="openssl (<< 1.1.1m)" + +termux_step_pre_configure() { + test -d $TERMUX_PREFIX/include/openssl && mv $TERMUX_PREFIX/include/openssl{,.tmp} || : +} + +termux_step_configure() { + # Certain packages are not safe to build on device because their + # build.sh script deletes specific files in $TERMUX_PREFIX. + if $TERMUX_ON_DEVICE_BUILD; then + termux_error_exit "Package '$TERMUX_PKG_NAME' is not safe for on-device builds." + fi + + CFLAGS+=" -DNO_SYSLOG" + if [ $TERMUX_ARCH = arm ]; then + CFLAGS+=" -fno-integrated-as" + fi + + perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure + test $TERMUX_ARCH = "arm" && TERMUX_OPENSSL_PLATFORM="android-arm" + test $TERMUX_ARCH = "aarch64" && TERMUX_OPENSSL_PLATFORM="android-arm64" + test $TERMUX_ARCH = "i686" && TERMUX_OPENSSL_PLATFORM="android-x86" + test $TERMUX_ARCH = "x86_64" && TERMUX_OPENSSL_PLATFORM="android-x86_64" + + install -m755 -d $TERMUX_PREFIX/lib/openssl-1.1 + + ./Configure $TERMUX_OPENSSL_PLATFORM \ + --prefix=$TERMUX_PREFIX \ + --openssldir=$TERMUX_PREFIX/etc/tls \ + --libdir=$TERMUX_PREFIX/lib/openssl-1.1 \ + shared \ + zlib-dynamic \ + no-ssl \ + no-hw \ + no-srp \ + no-tests +} + +termux_step_make() { + make depend + make -j $TERMUX_MAKE_PROCESSES all +} + +termux_step_make_install() { + # "install_sw" instead of "install" to not install man pages: + make -j 1 install_sw MANDIR=$TERMUX_PREFIX/share/man MANSUFFIX=.ssl + + mkdir -p $TERMUX_PREFIX/etc/tls/ + + cp apps/openssl.cnf $TERMUX_PREFIX/etc/tls/openssl.cnf + + install -m755 -d $TERMUX_PREFIX/include/openssl-1.1 + mv $TERMUX_PREFIX/include/openssl $TERMUX_PREFIX/include/openssl-1.1/ + mv $TERMUX_PREFIX/bin/openssl $TERMUX_PREFIX/bin/openssl-1.1 +} + +termux_step_post_make_install() { + test -d $TERMUX_PREFIX/include/openssl.tmp && mv $TERMUX_PREFIX/include/openssl{.tmp,} || : +} + +termux_step_post_massage() { + rm -rf include/openssl +} diff --git a/packages/openssl/e_os.h.patch b/packages/openssl-1.1/e_os.h.patch similarity index 100% rename from packages/openssl/e_os.h.patch rename to packages/openssl-1.1/e_os.h.patch diff --git a/packages/openssl-1.1/openssl1.1-tool.subpackage.sh b/packages/openssl-1.1/openssl1.1-tool.subpackage.sh new file mode 100644 index 000000000..af673bb66 --- /dev/null +++ b/packages/openssl-1.1/openssl1.1-tool.subpackage.sh @@ -0,0 +1,2 @@ +TERMUX_SUBPKG_INCLUDE="bin" +TERMUX_SUBPKG_DESCRIPTION="The openssl command line cryptographic tool" diff --git a/packages/openssl/Configurations-15-android.conf.patch b/packages/openssl/Configurations-15-android.conf.patch index cabdfa800..533f0f6aa 100644 --- a/packages/openssl/Configurations-15-android.conf.patch +++ b/packages/openssl/Configurations-15-android.conf.patch @@ -1,7 +1,6 @@ -diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations/15-android.conf ---- ../openssl-1.1.1-pre9/Configurations/15-android.conf 2018-08-21 12:14:11.000000000 +0000 -+++ ./Configurations/15-android.conf 2018-08-22 09:48:30.506584421 +0000 -@@ -130,10 +130,10 @@ +--- ./Configurations/15-android.conf.orig 2021-10-04 14:25:47.176057752 +0530 ++++ ./Configurations/15-android.conf 2021-10-04 14:33:03.366057586 +0530 +@@ -184,10 +184,10 @@ # systems are perfectly capable of executing binaries targeting # Froyo. Keep in mind that in the nutshell Android builds are # about JNI, i.e. shared libraries, not applications. @@ -13,35 +12,38 @@ diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations + #cppflags => add(sub { android_ndk()->{cppflags} }), + #cxxflags => add(sub { android_ndk()->{cflags} }), + #bn_ops => sub { android_ndk()->{bn_ops} }, - bin_cflags => "-pie", + bin_cflags => "-fPIE", + bin_lflags => "-pie", enable => [ ], - }, -@@ -166,11 +166,11 @@ +@@ -222,13 +222,13 @@ # Newer NDK versions reportedly require additional -latomic. # - inherit_from => [ "android", asm("armv4_asm") ], + inherit_from => [ "android" ], - bn_ops => add("RC4_CHAR"), + bn_ops => "BN_LLONG RC4_CHAR", + asm_arch => 'armv4', + perlasm_scheme => "void", }, "android-arm64" => { - inherit_from => [ "android", asm("aarch64_asm") ], + inherit_from => [ "android" ], - bn_ops => add("RC4_CHAR"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + asm_arch => 'aarch64', perlasm_scheme => "linux64", }, - -@@ -197,12 +197,12 @@ +@@ -258,13 +258,13 @@ "android-x86" => { - inherit_from => [ "android", asm("x86_asm") ], + inherit_from => [ "android" ], CFLAGS => add(picker(release => "-fomit-frame-pointer")), - bn_ops => add("RC4_INT"), + bn_ops => "BN_LLONG RC4_INT", + asm_arch => 'x86', perlasm_scheme => "android", }, "android-x86_64" => { - inherit_from => [ "android", asm("x86_64_asm") ], + inherit_from => [ "android" ], - bn_ops => add("RC4_INT"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_INT", + asm_arch => 'x86_64', perlasm_scheme => "elf", }, - diff --git a/packages/openssl/build.sh b/packages/openssl/build.sh index 86b897063..be296001f 100644 --- a/packages/openssl/build.sh +++ b/packages/openssl/build.sh @@ -1,11 +1,10 @@ TERMUX_PKG_HOMEPAGE=https://www.openssl.org/ TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions" -TERMUX_PKG_LICENSE="BSD" +TERMUX_PKG_LICENSE="Apache-2.0" TERMUX_PKG_MAINTAINER="@termux" -TERMUX_PKG_VERSION=1.1.1m -TERMUX_PKG_REVISION=2 +TERMUX_PKG_VERSION=3.0.1 TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION/\~/-}.tar.gz -TERMUX_PKG_SHA256=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96 +TERMUX_PKG_SHA256=c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1 TERMUX_PKG_DEPENDS="ca-certificates, zlib" TERMUX_PKG_CONFFILES="etc/tls/openssl.cnf" TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc" @@ -23,7 +22,7 @@ termux_step_configure() { CFLAGS+=" -DNO_SYSLOG" if [ $TERMUX_ARCH = arm ]; then - CFLAGS+=" -fno-integrated-as" + ASLAGS+=" -fno-integrated-as" fi perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure diff --git a/packages/openssl/include-crypto-rand.h.patch b/packages/openssl/include-crypto-rand.h.patch new file mode 100644 index 000000000..8473b8e4c --- /dev/null +++ b/packages/openssl/include-crypto-rand.h.patch @@ -0,0 +1,11 @@ +--- ./include/crypto/rand.h.orig 2022-01-22 19:24:47.338975179 +0530 ++++ ./include/crypto/rand.h 2022-01-22 19:25:38.608975159 +0530 +@@ -78,7 +78,7 @@ + * sockets will be tried in the order listed in case accessing the device + * files listed in DEVRANDOM did not return enough randomness. + */ +-# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" ++# define DEVRANDOM_EGD "@TERMUX_PREFIX@/var/run/egd-pool", "/dev/egd-pool", "@TERMUX_PREFIX@/etc/egd-pool", "@TERMUX_PREFIX@/etc/entropy" + #endif + + void ossl_rand_cleanup_int(void);