# Maintainer: Timo Teras <timo.teras@iki.fi>
setvar pkgname = 'openssl'
setvar pkgver = '1.0.2l'
setvar pkgrel = '0'
setvar pkgdesc = ""Toolkit for SSL v2/v3 and TLS v1""
setvar url = ""http://openssl.org""
setvar depends = ''
setvar makedepends_build = ""perl""
setvar makedepends_host = ""zlib-dev""
setvar makedepends = ""$makedepends_host $makedepends_build""
setvar depends_dev = ""zlib-dev""
setvar arch = ""all""
setvar license = ""openssl""

setvar subpackages = ""$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl""

setvar source = ""http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
	0002-busybox-basename.patch
	0003-use-termios.patch
	0004-fix-default-ca-path-for-apps.patch
	0005-fix-parallel-build.patch
	0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
	0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
	0009-no-rpath.patch
	0010-ssl-env-zlib.patch
	1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
	1002-backport-changes-from-upstream-padlock-module.patch
	1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
	""

# secfixes:
#   1.0.2h-r0:
#     - CVE-2016-2107
#     - CVE-2016-2105
#     - CVE-2016-2106
#     - CVE-2016-2109
#     - CVE-2016-2176
#   1.0.2h-r1:
#     - CVE-2016-2177
#     - CVE-2016-2178
#   1.0.2h-r2:
#     - CVE-2016-2180
#   1.0.2h-r3:
#     - CVE-2016-2179
#     - CVE-2016-2182
#     - CVE-2016-6302
#     - CVE-2016-6303
#   1.0.2h-r4:
#     - CVE-2016-2181
#   1.0.2i-r0:
#     - CVE-2016-2183
#     - CVE-2016-6304
#     - CVE-2016-6306

setvar builddir = ""$srcdir"/$pkgname-$pkgver"

proc build {
	local _target _optflags
	cd $builddir

	# openssl will prepend crosscompile always core CC et al
	setvar CC = ${CC#${CROSS_COMPILE}}
	setvar CXX = ${CXX#${CROSS_COMPILE}}
	setvar CPP = ${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case (CARCH) {
	aarch64* { setvar _target = ""linux-aarch64"" }
	arm* {   setvar _target = ""linux-armv4"" }
	ppc64le { setvar _target = ""linux-ppc64le"" }
	x86 {    setvar _target = ""linux-elf"" }
	x86_64 { setvar _target = ""linux-x86_64""; setvar _optflags = ""enable-ec_nistp_64_gcc_128"" }
	s390x {	setvar _target = ""linux64-s390x""}
	* {	msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 }
	}

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	test -n $CBUILDROOT && setvar CC = ""$CC --sysroot=${CBUILDROOT}""

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared zlib enable-montasm enable-md2 $_optflags \
		-DOPENSSL_NO_BUF_FREELISTS \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \
		enable-ssl2

	make && make build-shared
}

proc package {
	cd $builddir
	make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install
	# remove the script c_rehash
	rm "$pkgdir"/usr/bin/c_rehash
}

proc libcrypto {
	setvar pkgdesc = ""Crypto library from openssl""

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libcrypto* {
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	}
	mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/
}

proc libssl {
	setvar pkgdesc = ""SSL shared libraries""

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl* {
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	}
}

setvar sha512sums = ""047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3  openssl-1.0.2l.tar.gz
2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c  0002-busybox-basename.patch
58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4  0003-use-termios.patch
c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae  0004-fix-default-ca-path-for-apps.patch
5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb  0005-fix-parallel-build.patch
820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5  0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351  0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1  0009-no-rpath.patch
5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420  0010-ssl-env-zlib.patch
8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17  1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389  1002-backport-changes-from-upstream-padlock-module.patch
6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc  1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch""