From a3bcd38dfbb6415cfae804869d1f61fe749cf070 Mon Sep 17 00:00:00 2001
From: Giuseppe <jiveaxe@gmail.com>
Date: Fri, 14 Jan 2011 17:35:07 +0000
Subject: [PATCH] added lib32-openssl

---
 lib32-openssl/PKGBUILD              | 65 +++++++++++++++++++++++++++++
 lib32-openssl/ca-dir.patch          | 33 +++++++++++++++
 lib32-openssl/fix-double-free.patch | 10 +++++
 lib32-openssl/no-rpath.patch        | 11 +++++
 4 files changed, 119 insertions(+)
 create mode 100644 lib32-openssl/PKGBUILD
 create mode 100644 lib32-openssl/ca-dir.patch
 create mode 100644 lib32-openssl/fix-double-free.patch
 create mode 100644 lib32-openssl/no-rpath.patch

diff --git a/lib32-openssl/PKGBUILD b/lib32-openssl/PKGBUILD
new file mode 100644
index 0000000..35392c9
--- /dev/null
+++ b/lib32-openssl/PKGBUILD
@@ -0,0 +1,65 @@
+# Lib32 Packages for Chakra, part of chakra-project.org
+#
+# maintainer (x86_64): Giuseppe Calà <jiveaxe@gmail.com>
+# maintainer (x86_64): Anke Boersma <abveritas[at]chakra-project[dot]org>
+
+_pkgbasename=openssl
+pkgname=lib32-$_pkgbasename
+_ver=1.0.0a
+# use a pacman compatible version scheme
+pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
+pkgrel=1
+pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit)'
+arch=('x86_64')
+url='https://www.openssl.org'
+license=('custom:BSD')
+depends=(lib32-zlib $_pkgbasename)
+optdepends=('ca-certificates' perl gcc-multilib)
+options=('!makeflags')
+source=("https://www.openssl.org/source/${_pkgbasename}-${_ver}.tar.gz"
+        'no-rpath.patch'
+        'ca-dir.patch'
+        'fix-double-free.patch')
+md5sums=('e3873edfffc783624cfbdb65e2249cbd'
+         'dc78d3d06baffc16217519242ce92478'
+         '3bf51be3a1bbd262be46dc619f92aa90'
+         'ccb896e23a44b89a3c93ac094c592c1f')
+
+# keep an upgrade path for older installations
+
+build() {
+  export CC="gcc -m32"
+  export CXX="g++ -m32"
+  export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+
+  cd $srcdir/$_pkgbasename-$_ver
+
+  # remove rpath: http://bugs.archlinux.org/task/14367
+  patch -p0 -i $srcdir/no-rpath.patch
+  # set ca dir to /etc/ssl by default
+  patch -p0 -i $srcdir/ca-dir.patch
+  # fix double free
+  # see http://marc.info/?l=openssl-dev&m=128118163216952&w=2
+  # and http://marc.info/?l=openssl-dev&m=128128256314328&w=2
+  patch -p0 -i $srcdir/fix-double-free.patch
+  # mark stack as non-executable: http://bugs.archlinux.org/task/12434
+  ./Configure linux-elf --prefix=/usr --openssldir=/etc/ssl --libdir=lib32 \
+    shared zlib enable-md2 -Wa,--noexecstack
+
+  make
+
+  # the test fails due to missing write permissions in /etc/ssl
+  # revert this patch for make test
+  #patch -p0 -R -i $srcdir/ca-dir.patch
+  #make test
+  #patch -p0 -i $srcdir/ca-dir.patch
+}
+
+package() {
+  cd $srcdir/$_pkgbasename-$_ver
+  make INSTALL_PREFIX=$pkgdir install
+  
+  rm -rf "${pkgdir}"/usr/{include,share,bin} "$pkgdir/etc"
+  mkdir -p "$pkgdir/usr/share/licenses"
+  ln -s $_pkgbasename "$pkgdir/usr/share/licenses/$pkgname"
+}
diff --git a/lib32-openssl/ca-dir.patch b/lib32-openssl/ca-dir.patch
new file mode 100644
index 0000000..41d1386
--- /dev/null
+++ b/lib32-openssl/ca-dir.patch
@@ -0,0 +1,33 @@
+--- apps/CA.pl.in	2006-04-28 02:30:49.000000000 +0200
++++ apps/CA.pl.in	2010-04-01 00:35:02.600553509 +0200
+@@ -53,7 +53,7 @@
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+ 
+-$CATOP="./demoCA";
++$CATOP="/etc/ssl";
+ $CAKEY="cakey.pem";
+ $CAREQ="careq.pem";
+ $CACERT="cacert.pem";
+--- apps/CA.sh	2009-10-15 19:27:47.000000000 +0200
++++ apps/CA.sh	2010-04-01 00:35:02.600553509 +0200
+@@ -68,7 +68,7 @@
+ X509="$OPENSSL x509"
+ PKCS12="openssl pkcs12"
+ 
+-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
+ CAKEY=./cakey.pem
+ CAREQ=./careq.pem
+ CACERT=./cacert.pem
+--- apps/openssl.cnf	2009-04-04 20:09:43.000000000 +0200
++++ apps/openssl.cnf	2010-04-01 00:35:02.607220681 +0200
+@@ -39,7 +39,7 @@
+ ####################################################################
+ [ CA_default ]
+ 
+-dir		= ./demoCA		# Where everything is kept
++dir		= /etc/ssl		# Where everything is kept
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.
diff --git a/lib32-openssl/fix-double-free.patch b/lib32-openssl/fix-double-free.patch
new file mode 100644
index 0000000..6a20c3c
--- /dev/null
+++ b/lib32-openssl/fix-double-free.patch
@@ -0,0 +1,10 @@
+--- ssl/s3_clnt.c.orig	Sun Feb 28 01:24:24 2010
++++ ssl/s3_clnt.c	Sun Aug  8 14:49:30 2010
+@@ -1508,6 +1508,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}
diff --git a/lib32-openssl/no-rpath.patch b/lib32-openssl/no-rpath.patch
new file mode 100644
index 0000000..ebd95e2
--- /dev/null
+++ b/lib32-openssl/no-rpath.patch
@@ -0,0 +1,11 @@
+--- Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
++++ Makefile.shared	2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to