From 5e6fb116232f9243e8223f971d877cae901dd81a Mon Sep 17 00:00:00 2001
From: Edmund Lodewijks <edmund@proteamail.com>
Date: Wed, 27 Aug 2025 21:57:57 +0200
Subject: [PATCH] Updated to 1.59.0. FIPS now enabled by default.

---
 .SRCINFO |  8 +++++---
 PKGBUILD | 24 ++++++++++++++++++------
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/.SRCINFO b/.SRCINFO
index 90aac8369931d..99d09c57ddba2 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = aws-lc
 	pkgdesc = general-purpose cryptographic library maintained by the AWS Cryptography team for AWS
-	pkgver = 1.58.1
+	pkgver = 1.59.0
 	pkgrel = 1
 	url = https://github.com/aws/aws-lc
 	arch = x86_64
@@ -18,7 +18,9 @@ pkgbase = aws-lc
 	depends = gcc-libs
 	optdepends = libunwind: For extra tests
 	optdepends = clang: Alternative for gcc (gcc preferred by upstream)
-	source = aws-lc-1.58.1.tar.gz::https://github.com/aws/aws-lc/archive/refs/tags/v1.58.1.tar.gz
-	b2sums = ddb87f058b8206af7997437604743777e33c5686e8c20315f52e829b117e897cf4852188c2e2bdea33d68090c9e0ab1617f4cf7f3d9f82befff99a1f8df0e4ff
+	options = !strip
+	options = !lto
+	source = aws-lc-1.59.0.tar.gz::https://github.com/aws/aws-lc/archive/refs/tags/v1.59.0.tar.gz
+	b2sums = b094b3f777888559d88b8ce56f29f04c3e0d633bb2664184a65a2d561104b1a4304f7e3e943f6d10ec2a1682541e1643ad124c725273f4d3d7f2f527286246b7
 
 pkgname = aws-lc
diff --git a/PKGBUILD b/PKGBUILD
index 8cff4bc69ce3b..32318b8865efb 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,10 +5,10 @@
 #     Cf.: https://newreleases.io/project/github/aws/aws-lc/release/v1.57.0
 # 2.) Three binaries are installed into /usr/bin/aws-lc so that 'openssl' does not interfere
 #     with the binary from the package 'openssl'. Check with 'which openssl'.
-# 3.) FIPS does not work, it throws errors during build. Reported upstream.
+# 3.) FIPS does work now, see below. Reported upstream.
 
 pkgname=aws-lc
-pkgver=1.58.1
+pkgver=1.59.0
 pkgrel=1
 pkgdesc='general-purpose cryptographic library maintained by the AWS Cryptography team for AWS'
 url='https://github.com/aws/aws-lc'
@@ -32,24 +32,36 @@ optdepends=(
 )
 arch=('x86_64')
 source=("${pkgname}-${pkgver}.tar.gz::${url}/archive/refs/tags/v${pkgver}.tar.gz")
-b2sums=('ddb87f058b8206af7997437604743777e33c5686e8c20315f52e829b117e897cf4852188c2e2bdea33d68090c9e0ab1617f4cf7f3d9f82befff99a1f8df0e4ff')
+b2sums=('b094b3f777888559d88b8ce56f29f04c3e0d633bb2664184a65a2d561104b1a4304f7e3e943f6d10ec2a1682541e1643ad124c725273f4d3d7f2f527286246b7')
+options=(!strip !lto)
 
 build() {
     cd ${pkgname}-${pkgver}
 
+    # IF you want to build with FIPS support:
+    #   1.) Add "-DFIPS=ON" to the "cmake -B build" options below;
+    #   1.) Set '!lto' in 'options()' above; and
+    #   2.) Enable the following 3 lines of Flags.
+    # There might be a better way to get rid of '-no-plt', but we're testing now.
+
+    # Remove -no-plt flag from CFLAGS and CXXFLAGS for building with FIPS support:
+    CFLAGS="${CFLAGS//-fno-plt/}"
+    CXXFLAGS="${CXXFLAGS//-fno-plt/}"
+    export CFLAGS CXXFLAGS
+
     # CMake does not respect ASFLAGs set in /etc/makepkg.conf, so we have to set CMAKE_ASM_FLAGS here.
     cmake -B build \
 	  -GNinja \
 	  -DCMAKE_BUILD_TYPE=RelWithAssert \
-	  -DCMAKE_ASM_FLAGS="${CMAKE_ASM_FLAGS} -fcf-protection=full" \
-	  -DBUILD_SHARED_LIBS=ON \
+      -DFIPS=ON \
 	  -DCMAKE_INSTALL_PREFIX=/usr \
 	  -DCMAKE_INSTALL_SBINDIR:PATH=bin/aws-lc \
 	  -DCMAKE_INSTALL_BINDIR:PATH=bin/aws-lc \
 	  -DCMAKE_INSTALL_LIBDIR:PATH=lib/aws-lc \
 	  -DCMAKE_INSTALL_INCLUDEDIR:PATH=include/aws-lc \
 	  -DCMAKE_INSTALL_RPATH=/usr/lib/aws-lc \
-      -DENABLE_PRE_SONAME_BUILD=0
+      -DCMAKE_C_FLAGS="$CFLAGS" \
+      -DCMAKE_CXX_FLAGS="$CXXFLAGS"
 
     ninja -C build -j $(nproc)
 }