From c3edc5cf8ac538d1804872b4a0871c74f9195607 Mon Sep 17 00:00:00 2001
From: Britney Fransen <brfransen@gmail.com>
Date: Thu, 22 Feb 2018 19:44:26 +0000
Subject: openssl: update to 1.1.0

---
 abs/core/openssl/PKGBUILD                | 39 ++++++++++------------------
 abs/core/openssl/ca-dir.patch            | 44 +++++++++++++++-----------------
 abs/core/openssl/no-rpath.patch          | 11 --------
 abs/core/openssl/ssl3-test-failure.patch | 26 -------------------
 4 files changed, 35 insertions(+), 85 deletions(-)
 delete mode 100644 abs/core/openssl/no-rpath.patch
 delete mode 100644 abs/core/openssl/ssl3-test-failure.patch

diff --git a/abs/core/openssl/PKGBUILD b/abs/core/openssl/PKGBUILD
index 8752c9d..caeb0e2 100644
--- a/abs/core/openssl/PKGBUILD
+++ b/abs/core/openssl/PKGBUILD
@@ -2,46 +2,35 @@
 # Maintainer: Pierre Schmitz <pierre@archlinux.de>
 
 pkgname=openssl
-_ver=1.0.2g
+_ver=1.1.0g
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
-pkgrel=3
+pkgrel=1
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
-arch=('i686' 'x86_64')
+arch=('x86_64')
 url='https://www.openssl.org'
 license=('custom:BSD')
 depends=('perl')
 optdepends=('ca-certificates')
-options=('!makeflags')
 backup=('etc/ssl/openssl.cnf')
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
         "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
-        'no-rpath.patch'
-        'ssl3-test-failure.patch'
         'ca-dir.patch')
-md5sums=('f3c710c045cdee5fd114feb69feba7aa'
-         'SKIP'
-         'dc78d3d06baffc16217519242ce92478'
-         '62fc492252edd3283871632bb77fadbe'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+sha256sums=('de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af'
+            'SKIP'
+            '90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
 
 prepare() {
-	cd $srcdir/$pkgname-$_ver
-
-	# remove rpath: http://bugs.archlinux.org/task/14367
-	patch -p0 -i $srcdir/no-rpath.patch
-
-	# disable a test that fails when ssl3 is disabled
-	patch -p1 -i $srcdir/ssl3-test-failure.patch
+	cd "$srcdir/$pkgname-$_ver"
 
 	# set ca dir to /etc/ssl by default
-	patch -p0 -i $srcdir/ca-dir.patch
+	patch -p0 -i "$srcdir/ca-dir.patch"
 }
 
 build() {
-	cd $srcdir/$pkgname-$_ver
+	cd "$srcdir/$pkgname-$_ver"
 
 	if [ "${CARCH}" == 'x86_64' ]; then
 		openssltarget='linux-x86_64'
@@ -62,16 +51,16 @@ build() {
 }
 
 check() {
-	cd $srcdir/$pkgname-$_ver
+	cd "$srcdir/$pkgname-$_ver"
 	# the test fails due to missing write permissions in /etc/ssl
 	# revert this patch for make test
-	patch -p0 -R -i $srcdir/ca-dir.patch
+	patch -p0 -R -i "$srcdir/ca-dir.patch"
 	make test
-	patch -p0 -i $srcdir/ca-dir.patch
+	patch -p0 -i "$srcdir/ca-dir.patch"
 }
 
 package() {
-	cd $srcdir/$pkgname-$_ver
-	make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install
+	cd "$srcdir/$pkgname-$_ver"
+	make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs
 	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
 }
diff --git a/abs/core/openssl/ca-dir.patch b/abs/core/openssl/ca-dir.patch
index 41d1386..1daba84 100644
--- a/abs/core/openssl/ca-dir.patch
+++ b/abs/core/openssl/ca-dir.patch
@@ -1,27 +1,16 @@
---- apps/CA.pl.in	2006-04-28 02:30:49.000000000 +0200
-+++ apps/CA.pl.in	2010-04-01 00:35:02.600553509 +0200
-@@ -53,7 +53,7 @@
- $X509="$openssl x509";
- $PKCS12="$openssl pkcs12";
+--- apps/CA.pl.in	2016-09-26 11:46:04.000000000 +0200
++++ apps/CA.pl.in	2016-11-01 16:02:16.709616823 +0100
+@@ -33,7 +33,7 @@
+ my $PKCS12 = "$openssl pkcs12";
  
--$CATOP="./demoCA";
-+$CATOP="/etc/ssl";
- $CAKEY="cakey.pem";
- $CAREQ="careq.pem";
- $CACERT="cacert.pem";
---- apps/CA.sh	2009-10-15 19:27:47.000000000 +0200
-+++ apps/CA.sh	2010-04-01 00:35:02.600553509 +0200
-@@ -68,7 +68,7 @@
- X509="$OPENSSL x509"
- PKCS12="openssl pkcs12"
- 
--if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
-+if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
- CAKEY=./cakey.pem
- CAREQ=./careq.pem
- CACERT=./cacert.pem
---- apps/openssl.cnf	2009-04-04 20:09:43.000000000 +0200
-+++ apps/openssl.cnf	2010-04-01 00:35:02.607220681 +0200
+ # default openssl.cnf file has setup as per the following
+-my $CATOP = "./demoCA";
++my $CATOP = "/etc/ssl";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";
+--- apps/openssl.cnf	2016-09-26 11:46:04.000000000 +0200
++++ apps/openssl.cnf	2016-11-01 16:02:48.378503427 +0100
 @@ -39,7 +39,7 @@
  ####################################################################
  [ CA_default ]
@@ -31,3 +20,12 @@
  certs		= $dir/certs		# Where the issued certs are kept
  crl_dir		= $dir/crl		# Where the issued crl are kept
  database	= $dir/index.txt	# database index file.
+@@ -323,7 +323,7 @@
+ [ tsa_config1 ]
+ 
+ # These are used by the TSA reply generation only.
+-dir		= ./demoCA		# TSA root directory
++dir		= /etc/ssl		# TSA root directory
+ serial		= $dir/tsaserial	# The current serial number (mandatory)
+ crypto_device	= builtin		# OpenSSL engine to use for signing
+ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
diff --git a/abs/core/openssl/no-rpath.patch b/abs/core/openssl/no-rpath.patch
deleted file mode 100644
index ebd95e2..0000000
--- a/abs/core/openssl/no-rpath.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
-+++ Makefile.shared	2005-11-16 22:35:37.000000000 +0100
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/abs/core/openssl/ssl3-test-failure.patch b/abs/core/openssl/ssl3-test-failure.patch
deleted file mode 100644
index d161c3d..0000000
--- a/abs/core/openssl/ssl3-test-failure.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Sun, 6 Sep 2015 16:04:11 +0200
-Subject: Disable SSLv3 test in test suite
-
-When testing SSLv3 the test program returns 0 for skip.  The test for weak DH
-expects a failure, but gets success.
-
-It should probably be changed to return something other than 0 for a skipped
-test.
----
- test/testssl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/testssl b/test/testssl
-index 747e4ba..1e4370b 100644
---- a/test/testssl
-+++ b/test/testssl
-@@ -160,7 +160,7 @@ test_cipher() {
- }
- 
- echo "Testing ciphersuites"
--for protocol in TLSv1.2 SSLv3; do
-+for protocol in TLSv1.2; do
-   echo "Testing ciphersuites for $protocol"
-   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
-     test_cipher $cipher $protocol
-- 
cgit v0.12