From b93d61a1646e2c2d5570dd0d6d364dffa7d2a3b3 Mon Sep 17 00:00:00 2001
From: tobtoht <tob@featherwallet.org>
Date: Mon, 6 Mar 2023 20:13:04 +0100
Subject: [PATCH] depends: OpenSSL 3.0.8 build fixes

---
 contrib/depends/packages/openssl.mk           | 14 +++++++------
 contrib/depends/packages/unbound.mk           |  3 ++-
 .../unbound/remove-SHA384_Init-check.patch    | 20 +++++++++++++++++++
 3 files changed, 30 insertions(+), 7 deletions(-)
 create mode 100644 contrib/depends/patches/unbound/remove-SHA384_Init-check.patch

diff --git a/contrib/depends/packages/openssl.mk b/contrib/depends/packages/openssl.mk
index 91f7ae4c..06b2ebbd 100644
--- a/contrib/depends/packages/openssl.mk
+++ b/contrib/depends/packages/openssl.mk
@@ -6,15 +6,14 @@ $(package)_sha256_hash=6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a412
 
 define $(package)_set_vars
 $(package)_config_env=AR="$($(package)_ar)" ARFLAGS=$($(package)_arflags) RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
-$(package)_config_env_android=ANDROID_NDK_HOME="$(host_prefix)/native" PATH="$(host_prefix)/native/bin" CC=clang AR=ar RANLIB=ranlib
-$(package)_build_env_android=ANDROID_NDK_HOME="$(host_prefix)/native"
-$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl
+$(package)_config_env_android=ANDROID_NDK_ROOT="$(host_prefix)/native" PATH="$(host_prefix)/native/bin" CC=clang AR=ar RANLIB=ranlib
+$(package)_build_env_android=ANDROID_NDK_ROOT="$(host_prefix)/native"
+$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl --libdir=$(host_prefix)/lib
 $(package)_config_opts+=no-capieng
 $(package)_config_opts+=no-dso
 $(package)_config_opts+=no-dtls1
 $(package)_config_opts+=no-ec_nistp_64_gcc_128
 $(package)_config_opts+=no-gost
-$(package)_config_opts+=no-heartbeats
 $(package)_config_opts+=no-md2
 $(package)_config_opts+=no-rc5
 $(package)_config_opts+=no-rdrand
@@ -22,8 +21,8 @@ $(package)_config_opts+=no-rfc3779
 $(package)_config_opts+=no-sctp
 $(package)_config_opts+=no-shared
 $(package)_config_opts+=no-ssl-trace
-$(package)_config_opts+=no-ssl2
 $(package)_config_opts+=no-ssl3
+$(package)_config_opts+=no-tests
 $(package)_config_opts+=no-unit-test
 $(package)_config_opts+=no-weak-ssl-ciphers
 $(package)_config_opts+=no-zlib
@@ -48,6 +47,10 @@ $(package)_config_opts_i686_mingw32=mingw
 $(package)_config_opts_x86_64_freebsd=BSD-x86_64
 endef
 
+define $(package)_preprocess_cmds
+  sed -i.old 's|crypto ssl apps util tools fuzz providers doc|crypto ssl util tools providers|' build.info
+endef
+
 define $(package)_config_cmds
   ./Configure $($(package)_config_opts)
 endef
@@ -61,6 +64,5 @@ define $(package)_stage_cmds
 endef
 
 define $(package)_postprocess_cmds
-  mv lib64 lib && \
   rm -rf share bin etc
 endef
diff --git a/contrib/depends/packages/unbound.mk b/contrib/depends/packages/unbound.mk
index 45f4fa05..08a4ef35 100644
--- a/contrib/depends/packages/unbound.mk
+++ b/contrib/depends/packages/unbound.mk
@@ -4,7 +4,7 @@ $(package)_download_path=https://www.nlnetlabs.nl/downloads/$(package)/
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
 $(package)_sha256_hash=a480dc6c8937447b98d161fe911ffc76cfaffa2da18788781314e81339f1126f
 $(package)_dependencies=openssl expat
-$(package)_patches=disable-glibc-reallocarray.patch
+$(package)_patches=disable-glibc-reallocarray.patch remove-SHA384_Init-check.patch
 
 define $(package)_set_vars
   $(package)_config_opts=--disable-shared --enable-static --without-pyunbound --prefix=$(host_prefix) --with-libexpat=$(host_prefix) --with-ssl=$(host_prefix) --with-libevent=no --without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only
@@ -15,6 +15,7 @@ endef
 
 define $(package)_preprocess_cmds
   patch -p1 < $($(package)_patch_dir)/disable-glibc-reallocarray.patch &&\
+  patch -p1 < $($(package)_patch_dir)/remove-SHA384_Init-check.patch &&\
   autoconf
 endef
 
diff --git a/contrib/depends/patches/unbound/remove-SHA384_Init-check.patch b/contrib/depends/patches/unbound/remove-SHA384_Init-check.patch
new file mode 100644
index 00000000..5cce4b85
--- /dev/null
+++ b/contrib/depends/patches/unbound/remove-SHA384_Init-check.patch
@@ -0,0 +1,20 @@
+https://stackoverflow.com/a/28947978
+---
+ configure.ac | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2c758331..33b7ae33 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1150,7 +1150,6 @@ case "$enable_ecdsa" in
+     *)
+       if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
+ 	      AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])])
+-	      AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])])
+ 	      AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
+ #include <openssl/evp.h>
+ 	      ])
+-- 
+2.39.2
+
-- 
2.52.0