openssl: update to 3.0.1

Changes made:- - OpenSSL has been updates to 3.0.1 - `openssl-1.1` package has been added for packages still needing the legacy version. Any package that still needs legacy openssl-1.1 needs some extra CFLAGS, CXXFLAGS, LDFLAGS and CPPFLAGS CFLAGS="-I$TERMUX_PREFIX/include/openssl-1.1 $CFLAGS" CXXFLAGS="-I$TERMUX_PREFIX/include/openssl-1.1 $CXXFLAGS" CPPFLAGS="-I$TERMUX_PREFIX/include/openssl-1.1 $CPPFLAGS" LDFLAGS="-L$TERMUX_PREFIX/lib/openssl-1.1 $LDFLAGS" Additionally if the package by itself adds `-I$prefix/include` or similar, it needs to be patched not to do so in order to prevent it from using OpenSSL 3 headers Similarly for LDFLAGS, make sure that package doesn't add `-L$prefix/lib` and `-Wl,-rpath=$prefix/lib` before OpenSSL 1.1 LDFLAGS nentioned above or else it will cause compilation errors
2022-01-22 20:00:36 +05:30 · 2022-01-22 20:00:36 +05:30 · 0608868e17
commit 0608868e17
parent 4df7cc3000
8 changed files with 156 additions and 19 deletions
--- a/packages/openssl-1.1/Configurations-15-android.conf.patch
+++ b/packages/openssl-1.1/Configurations-15-android.conf.patch
@ -0,0 +1,47 @@
+diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations/15-android.conf
+--- ../openssl-1.1.1-pre9/Configurations/15-android.conf	2018-08-21 12:14:11.000000000 +0000
+++ ./Configurations/15-android.conf	2018-08-22 09:48:30.506584421 +0000
+@@ -130,10 +130,10 @@
+         # systems are perfectly capable of executing binaries targeting
+         # Froyo. Keep in mind that in the nutshell Android builds are
+         # about JNI, i.e. shared libraries, not applications.
+-        cflags           => add(sub { android_ndk()->{cflags} }),
+-        cppflags         => add(sub { android_ndk()->{cppflags} }),
+-        cxxflags         => add(sub { android_ndk()->{cflags} }),
+-        bn_ops           => sub { android_ndk()->{bn_ops} },
+        #cflags           => add(sub { android_ndk()->{cflags} }),
+        #cppflags         => add(sub { android_ndk()->{cppflags} }),
+        #cxxflags         => add(sub { android_ndk()->{cflags} }),
+        #bn_ops           => sub { android_ndk()->{bn_ops} },
+         bin_cflags       => "-pie",
+         enable           => [ ],
+     },
+@@ -166,11 +166,11 @@
+         # Newer NDK versions reportedly require additional -latomic.
+         #
+         inherit_from     => [ "android", asm("armv4_asm") ],
+-        bn_ops           => add("RC4_CHAR"),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+     },
+     "android-arm64" => {
+         inherit_from     => [ "android", asm("aarch64_asm") ],
+-        bn_ops           => add("RC4_CHAR"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+         perlasm_scheme   => "linux64",
+     },
+ 
+@@ -197,12 +197,12 @@
+     "android-x86" => {
+         inherit_from     => [ "android", asm("x86_asm") ],
+         CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+-        bn_ops           => add("RC4_INT"),
+        bn_ops           => "BN_LLONG RC4_INT",
+         perlasm_scheme   => "android",
+     },
+     "android-x86_64" => {
+         inherit_from     => [ "android", asm("x86_64_asm") ],
+-        bn_ops           => add("RC4_INT"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_INT",
+         perlasm_scheme   => "elf",
+     },
+ 
--- a/packages/openssl-1.1/apps-ocsp.c.patch
+++ b/packages/openssl-1.1/apps-ocsp.c.patch
--- a/packages/openssl-1.1/build.sh
+++ b/packages/openssl-1.1/build.sh
@ -0,0 +1,76 @@
+TERMUX_PKG_HOMEPAGE=https://www.openssl.org/
+TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions"
+TERMUX_PKG_LICENSE="BSD"
+TERMUX_PKG_MAINTAINER="@termux"
+TERMUX_PKG_VERSION=1.1.1m
+TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION/\~/-}.tar.gz
+TERMUX_PKG_SHA256=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
+TERMUX_PKG_DEPENDS="ca-certificates, zlib"
+TERMUX_PKG_CONFFILES="etc/tls/openssl.cnf"
+TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/"
+TERMUX_PKG_BUILD_IN_SRC=true
+TERMUX_PKG_CONFLICTS="libcurl (<< 7.61.0-1)"
+TERMUX_PKG_BREAKS="openssl (<< 1.1.1m)"
+TERMUX_PKG_REPLACES="openssl (<< 1.1.1m)"
+
+termux_step_pre_configure() {
+	test -d $TERMUX_PREFIX/include/openssl && mv $TERMUX_PREFIX/include/openssl{,.tmp} || :
+}
+
+termux_step_configure() {
+	# Certain packages are not safe to build on device because their
+	# build.sh script deletes specific files in $TERMUX_PREFIX.
+	if $TERMUX_ON_DEVICE_BUILD; then
+		termux_error_exit "Package '$TERMUX_PKG_NAME' is not safe for on-device builds."
+	fi
+
+	CFLAGS+=" -DNO_SYSLOG"
+	if [ $TERMUX_ARCH = arm ]; then
+		CFLAGS+=" -fno-integrated-as"
+	fi
+
+	perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure
+	test $TERMUX_ARCH = "arm" && TERMUX_OPENSSL_PLATFORM="android-arm"
+	test $TERMUX_ARCH = "aarch64" && TERMUX_OPENSSL_PLATFORM="android-arm64"
+	test $TERMUX_ARCH = "i686" && TERMUX_OPENSSL_PLATFORM="android-x86"
+	test $TERMUX_ARCH = "x86_64" && TERMUX_OPENSSL_PLATFORM="android-x86_64"
+
+	install -m755 -d $TERMUX_PREFIX/lib/openssl-1.1
+
+	./Configure $TERMUX_OPENSSL_PLATFORM \
+		--prefix=$TERMUX_PREFIX \
+		--openssldir=$TERMUX_PREFIX/etc/tls \
+		--libdir=$TERMUX_PREFIX/lib/openssl-1.1 \
+		shared \
+		zlib-dynamic \
+		no-ssl \
+		no-hw \
+		no-srp \
+		no-tests
+}
+
+termux_step_make() {
+	make depend
+	make -j $TERMUX_MAKE_PROCESSES all
+}
+
+termux_step_make_install() {
+	# "install_sw" instead of "install" to not install man pages:
+	make -j 1 install_sw MANDIR=$TERMUX_PREFIX/share/man MANSUFFIX=.ssl
+
+	mkdir -p $TERMUX_PREFIX/etc/tls/
+
+	cp apps/openssl.cnf $TERMUX_PREFIX/etc/tls/openssl.cnf
+
+	install -m755 -d $TERMUX_PREFIX/include/openssl-1.1
+	mv $TERMUX_PREFIX/include/openssl $TERMUX_PREFIX/include/openssl-1.1/
+	mv $TERMUX_PREFIX/bin/openssl $TERMUX_PREFIX/bin/openssl-1.1
+}
+
+termux_step_post_make_install() {
+	test -d $TERMUX_PREFIX/include/openssl.tmp && mv $TERMUX_PREFIX/include/openssl{.tmp,} || :
+}
+
+termux_step_post_massage() {
+	rm -rf include/openssl
+}
--- a/packages/openssl-1.1/e_os.h.patch
+++ b/packages/openssl-1.1/e_os.h.patch
--- a/packages/openssl-1.1/openssl1.1-tool.subpackage.sh
+++ b/packages/openssl-1.1/openssl1.1-tool.subpackage.sh
@ -0,0 +1,2 @@
+TERMUX_SUBPKG_INCLUDE="bin"
+TERMUX_SUBPKG_DESCRIPTION="The openssl command line cryptographic tool"
--- a/packages/openssl/Configurations-15-android.conf.patch
+++ b/packages/openssl/Configurations-15-android.conf.patch
@ -1,7 +1,6 @@
-diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations/15-android.conf
--- ../openssl-1.1.1-pre9/Configurations/15-android.conf	2018-08-21 12:14:11.000000000 +0000
-+++ ./Configurations/15-android.conf	2018-08-22 09:48:30.506584421 +0000
-@@ -130,10 +130,10 @@
+--- ./Configurations/15-android.conf.orig	2021-10-04 14:25:47.176057752 +0530
+++ ./Configurations/15-android.conf	2021-10-04 14:33:03.366057586 +0530
+@@ -184,10 +184,10 @@
         # systems are perfectly capable of executing binaries targeting
         # Froyo. Keep in mind that in the nutshell Android builds are
         # about JNI, i.e. shared libraries, not applications.
@ -13,35 +12,38 @@ diff -u -r ../openssl-1.1.1-pre9/Configurations/15-android.conf ./Configurations
 +        #cppflags         => add(sub { android_ndk()->{cppflags} }),
 +        #cxxflags         => add(sub { android_ndk()->{cflags} }),
 +        #bn_ops           => sub { android_ndk()->{bn_ops} },
-         bin_cflags       => "-pie",
+         bin_cflags       => "-fPIE",
+         bin_lflags       => "-pie",
         enable           => [ ],
-     },
-@@ -166,11 +166,11 @@
+@@ -222,13 +222,13 @@
         # Newer NDK versions reportedly require additional -latomic.
         #
-         inherit_from     => [ "android", asm("armv4_asm") ],
+         inherit_from     => [ "android" ],
 -        bn_ops           => add("RC4_CHAR"),
 +        bn_ops           => "BN_LLONG RC4_CHAR",
+         asm_arch         => 'armv4',
+         perlasm_scheme   => "void",
     },
     "android-arm64" => {
-         inherit_from     => [ "android", asm("aarch64_asm") ],
+         inherit_from     => [ "android" ],
 -        bn_ops           => add("RC4_CHAR"),
 +        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+         asm_arch         => 'aarch64',
         perlasm_scheme   => "linux64",
     },
- 
-@@ -197,12 +197,12 @@
+@@ -258,13 +258,13 @@
     "android-x86" => {
-         inherit_from     => [ "android", asm("x86_asm") ],
+         inherit_from     => [ "android" ],
         CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
 -        bn_ops           => add("RC4_INT"),
 +        bn_ops           => "BN_LLONG RC4_INT",
+         asm_arch         => 'x86',
         perlasm_scheme   => "android",
     },
     "android-x86_64" => {
-         inherit_from     => [ "android", asm("x86_64_asm") ],
+         inherit_from     => [ "android" ],
 -        bn_ops           => add("RC4_INT"),
 +        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_INT",
+         asm_arch         => 'x86_64',
         perlasm_scheme   => "elf",
     },
- 
--- a/packages/openssl/build.sh
+++ b/packages/openssl/build.sh
@ -1,11 +1,10 @@
 TERMUX_PKG_HOMEPAGE=https://www.openssl.org/
 TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions"
-TERMUX_PKG_LICENSE="BSD"
+TERMUX_PKG_LICENSE="Apache-2.0"
 TERMUX_PKG_MAINTAINER="@termux"
-TERMUX_PKG_VERSION=1.1.1m
-TERMUX_PKG_REVISION=2
+TERMUX_PKG_VERSION=3.0.1
 TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION/\~/-}.tar.gz
-TERMUX_PKG_SHA256=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
+TERMUX_PKG_SHA256=c311ad853353bce796edad01a862c50a8a587f62e7e2100ef465ab53ec9b06d1
 TERMUX_PKG_DEPENDS="ca-certificates, zlib"
 TERMUX_PKG_CONFFILES="etc/tls/openssl.cnf"
 TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc"
@ -23,7 +22,7 @@ termux_step_configure() {

 	CFLAGS+=" -DNO_SYSLOG"
 	if [ $TERMUX_ARCH = arm ]; then
-		CFLAGS+=" -fno-integrated-as"
+		ASLAGS+=" -fno-integrated-as"
 	fi

 	perl -p -i -e "s@TERMUX_CFLAGS@$CFLAGS@g" Configure
--- a/packages/openssl/include-crypto-rand.h.patch
+++ b/packages/openssl/include-crypto-rand.h.patch
@ -0,0 +1,11 @@
+--- ./include/crypto/rand.h.orig	2022-01-22 19:24:47.338975179 +0530
+++ ./include/crypto/rand.h	2022-01-22 19:25:38.608975159 +0530
+@@ -78,7 +78,7 @@
+  * sockets will be tried in the order listed in case accessing the device
+  * files listed in DEVRANDOM did not return enough randomness.
+  */
+-# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
+# define DEVRANDOM_EGD "@TERMUX_PREFIX@/var/run/egd-pool", "/dev/egd-pool", "@TERMUX_PREFIX@/etc/egd-pool", "@TERMUX_PREFIX@/etc/entropy"
+ #endif
+ 
+ void ossl_rand_cleanup_int(void);