aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpsyc://loupsycedyglgamf.onion/~lynX <ircs://psyced.org/youbroketheinternet>1984-04-04 00:44:15 +0000
committerpsyc://loupsycedyglgamf.onion/~lynX <ircs://psyced.org/youbroketheinternet>1984-04-04 00:44:15 +0000
commit56815f9a4e93e7601ab6c45339396e0f9b09c217 (patch)
treeab74c6c3faacdf7c47d01251d85be1947e94a78f
parent5614f819da096a643ae2943e8ecfa428bda0b26c (diff)
downloadyoubroketheinternet-overlay-56815f9a4e93e7601ab6c45339396e0f9b09c217.tar.gz
youbroketheinternet-overlay-56815f9a4e93e7601ab6c45339396e0f9b09c217.zip
openssl update
Diffstat
-rw-r--r--dev-libs/openssl/Manifest29
-rw-r--r--dev-libs/openssl/files/gentoo.config-0.9.8144
-rw-r--r--dev-libs/openssl/files/gentoo.config-1.0.22
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch25
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch29
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8m-binutils.patch24
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch13
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch39
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch290
-rw-r--r--dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch77
-rw-r--r--dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch39
-rw-r--r--dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch31
-rw-r--r--dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch21
-rw-r--r--dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch19
-rw-r--r--dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch30
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch39
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch107
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch52
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch62
-rw-r--r--dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild163
-rw-r--r--dev-libs/openssl/openssl-0.9.8z_p8.ebuild158
-rw-r--r--dev-libs/openssl/openssl-1.0.2n.ebuild251
-rw-r--r--dev-libs/openssl/openssl-1.0.2o-r3.ebuild252
-rw-r--r--dev-libs/openssl/openssl-1.0.2u.ebuild (renamed from dev-libs/openssl/openssl-1.0.2o-r6.ebuild)130
-rw-r--r--dev-libs/openssl/openssl-1.1.0g-r2.ebuild284
-rw-r--r--dev-libs/openssl/openssl-1.1.0l.ebuild (renamed from dev-libs/openssl/openssl-1.1.0h-r2.ebuild)139
-rw-r--r--dev-libs/openssl/openssl-1.1.1d-r3.ebuild (renamed from dev-libs/openssl/openssl-1.1.1_pre7-r1.ebuild)149
27 files changed, 564 insertions, 2034 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 987a5c1..e4814a5 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,22 +1,7 @@
1DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 1DIST openssl-1.0.2-patches-1.5.tar.xz 12404 SHA256 2a94d5390b8210fca2e01d5e94558feffba8f1c92c14eb5fe3b63ccd5a8b3159 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 WHIRLPOOL 469e959182767ae9e29606490701be199bbe14ffa3caa2063556c3dea4a4f577fda0062d369438ce7aadfc479152257dcaa722ee07d135f0a92e87c747b45cd7
2DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d 2DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 SHA256 e1591d3eb0c0fefc3eaef8ea26ff94368c0ce82ecd2788ea34943bde4bc780f1 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 WHIRLPOOL 6844b392bf890920f86f08f5e6165a6a8958d01f11cb9b4f95f7611d094ca72fddc991e379a357fb32969a3f6c70d9f3d7cdd3b679b4801c4c244e44b607f2c6
3DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd 3DIST openssl-1.0.2u.tar.gz 5355412 SHA256 ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 WHIRLPOOL 63c1c7ded399c9500e12bba6c86cea7c704ede268ec6149a7abb593e7c01df1a170f4a10d2ac1096a3a94146d88fa345a3151ce77d4f67a560c720d4bd2b98ad
4DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 4DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 SHA256 808fdec5729e46ea2643e99130459488db69ab2ef68c7c9f6379009f724e80d8 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793 WHIRLPOOL 162a1973a96e7caf31d655067e3448928a1cd85980ae3efeaf0992ce665468ab1f7886be1fac0d3b5fd3ca194bd27f8d247e8a126382757d1503a321844b877d
5DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 5DIST openssl-1.1.0l.tar.gz 5294857 SHA256 74a2f756c64fd7386a29184dc0344f4831192d61dc2481a93a4c5dd727f41148 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad WHIRLPOOL 588ebeeae7b3d25405bd425b610bc70e2aa351034022c1f25cc663d220cc1be43580c6f461b9fe6c08d6ae8758722b9489e63cd13a2fd88c386be239f62c8f62
6DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e 6DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 SHA256 73c4ee17b98f0d4fea6e0e338ed75af3394c07b9d469caecb75c9c32ab6455c8 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f WHIRLPOOL 4f6383d117202673c3c7209da48d71677c2a27141bcd03d779a1888a16553cfa928ccfe5435ef367cee62ff2844ca4665f588053bc4e0511bbcd1f49071b2fc1
7DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 7DIST openssl-1.1.1d.tar.gz 8845861 SHA256 1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 WHIRLPOOL 6cafc834a88d43970d6c0008dfac63b26b9c720bf90ff9d539334e38f20f309573b824d6047dd7ca62fff72cbcf642645c3d75ffd2c93345bbc5426cd8649057
8DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
9DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39
10DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
11DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
12DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
13DIST openssl-1.1.1-pre7.tar.gz 8308876 BLAKE2B 621cc6c541d81c2fa62e12eb75b62f1444af2bc1fcf001620515810700eacc3b36975a5b0c4764fed78c37ad1c9ad78b94f5115794b929626b085ccab15d9ab0 SHA512 38efa67b26e83a4dcb6da2d61d92b6be890535c61cec23d781d49efe66173fd9b9185b89ba50d591fed65f440417e16ba0738ffba58a684e48e8b82032ea36ff
14DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
15DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9
16DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
17DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
18DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
19DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328a9d1186b4922e284fcfe0f68259ea12d21c4472d92d65a7fcef21e049cf9371cc9bdad11b66a3df11286418ed42 SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a
20DIST openssl-1.1.0g_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
21DIST openssl-1.1.0g_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
22DIST openssl-1.1.0g_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
diff --git a/dev-libs/openssl/files/gentoo.config-0.9.8 b/dev-libs/openssl/files/gentoo.config-0.9.8
deleted file mode 100644
index 07bf13a..0000000
--- a/dev-libs/openssl/files/gentoo.config-0.9.8
+++ /dev/null
@@ -1,144 +0,0 @@
1#!/usr/bin/env bash
2# Copyright 1999-2009 Gentoo Authors
3# Distributed under the terms of the GNU General Public License v2
4#
5# Openssl doesn't play along nicely with cross-compiling
6# like autotools based projects, so let's teach it new tricks.
7#
8# Review the bundled 'config' script to see why kind of targets
9# we can pass to the 'Configure' script.
10
11
12# Testing routines
13if [[ $1 == "test" ]] ; then
14 for c in \
15 "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
16 "armv5b-linux-gnu |linux-generic32 -DB_ENDIAN" \
17 "x86_64-pc-linux-gnu |linux-x86_64" \
18 "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
19 "i686-pc-linux-gnu |linux-elf" \
20 "whatever-gentoo-freebsdX.Y |BSD-generic32" \
21 "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
22 "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
23 "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
24 "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
25 "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
26 "powerpc-gentOO-linux-uclibc |linux-ppc" \
27 "powerpc64-unk-linux-gnu |linux-ppc64" \
28 "x86_64-apple-darwinX |darwin64-x86_64-cc" \
29 "powerpc64-apple-darwinX |darwin64-ppc-cc" \
30 "i686-apple-darwinX |darwin-i386-cc" \
31 "i386-apple-darwinX |darwin-i386-cc" \
32 "powerpc-apple-darwinX |darwin-ppc-cc" \
33 "i586-pc-winnt |winnt-parity" \
34 ;do
35 CHOST=${c/|*}
36 ret_want=${c/*|}
37 ret_got=$(CHOST=${CHOST} "$0")
38
39 if [[ ${ret_want} == "${ret_got}" ]] ; then
40 echo "PASS: ${CHOST}"
41 else
42 echo "FAIL: ${CHOST}"
43 echo -e "\twanted: ${ret_want}"
44 echo -e "\twe got: ${ret_got}"
45 fi
46 done
47 exit 0
48fi
49[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
50
51
52# Detect the operating system
53case ${CHOST} in
54 *-aix*) system="aix";;
55 *-darwin*) system="darwin";;
56 *-freebsd*) system="BSD";;
57 *-hpux*) system="hpux";;
58 *-linux*) system="linux";;
59 *-solaris*) system="solaris";;
60 *-winnt*) system="winnt";;
61 *) exit 0;;
62esac
63
64
65# Compiler munging
66compiler="gcc"
67if [[ ${CC} == "ccc" ]] ; then
68 compiler=${CC}
69fi
70
71
72# Detect target arch
73machine=""
74chost_machine=${CHOST%%-*}
75case ${system} in
76linux)
77 case ${chost_machine} in
78 alphaev56*) machine=alpha+bwx-${compiler};;
79 alphaev[678]*)machine=alpha+bwx-${compiler};;
80 alpha*) machine=alpha-${compiler};;
81 arm*b*) machine="generic32 -DB_ENDIAN";;
82 arm*) machine="generic32 -DL_ENDIAN";;
83 # hppa64*) machine=parisc64;;
84 hppa*) machine="generic32 -DB_ENDIAN";;
85 i[0-9]86*) machine=elf;;
86 ia64*) machine=ia64;;
87 m68*) machine="generic32 -DB_ENDIAN";;
88 mips*el*) machine="generic32 -DL_ENDIAN";;
89 mips*) machine="generic32 -DB_ENDIAN";;
90 powerpc64*) machine=ppc64;;
91 powerpc*) machine=ppc;;
92 # sh64*) machine=elf;;
93 sh*b*) machine="generic32 -DB_ENDIAN";;
94 sh*) machine="generic32 -DL_ENDIAN";;
95 sparc*v7*) machine="generic32 -DB_ENDIAN";;
96 sparc64*) machine=sparcv9;;
97 sparc*) machine=sparcv8;;
98 s390x*) machine="generic64 -DB_ENDIAN";;
99 s390*) machine="generic32 -DB_ENDIAN";;
100 x86_64*) machine=x86_64;;
101 esac
102 ;;
103BSD)
104 case ${chost_machine} in
105 alpha*) machine=generic64;;
106 i[6-9]86*) machine=x86-elf;;
107 ia64*) machine=ia64;;
108 sparc64*) machine=sparc64;;
109 x86_64*) machine=x86_64;;
110 *) machine=generic32;;
111 esac
112 ;;
113aix)
114 machine=${compiler}
115 ;;
116darwin)
117 case ${chost_machine} in
118 powerpc64) machine=ppc-cc; system=${system}64;;
119 powerpc) machine=ppc-cc;;
120 i?86*) machine=i386-cc;;
121 x86_64) machine=x86_64-cc; system=${system}64;;
122 esac
123 ;;
124hpux)
125 case ${chost_machine} in
126 ia64) machine=ia64-${compiler} ;;
127 esac
128 ;;
129solaris)
130 case ${chost_machine} in
131 i386) machine=x86-${compiler} ;;
132 x86_64*) machine=x86_64-${compiler}; system=${system}64;;
133 sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
134 sparc*) machine=sparcv8-${compiler};;
135 esac
136 ;;
137winnt)
138 machine=parity
139 ;;
140esac
141
142
143# If we have something, show it
144[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 3d01656..d16175e 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,5 +1,5 @@
1#!/usr/bin/env bash 1#!/usr/bin/env bash
2# Copyright 1999-2018 Gentoo Authors 2# Copyright 1999-2018 Gentoo Foundation
3# Distributed under the terms of the GNU General Public License v2 3# Distributed under the terms of the GNU General Public License v2
4# 4#
5# Openssl doesn't play along nicely with cross-compiling 5# Openssl doesn't play along nicely with cross-compiling
diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
deleted file mode 100644
index a798164..0000000
--- a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
+++ /dev/null
@@ -1,25 +0,0 @@
1--- a/Configure
2+++ b/Configure
3@@ -365,7 +365,7 @@
4 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
5 # simply *happens* to work around a compiler bug in gcc 3.3.3,
6 # triggered by RIPEMD160 code.
7-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
8+"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
9 "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
10 "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
11
12
13the -B flag is a no-op nowadays
14
15--- a/crypto/des/Makefile
16+++ b/crypto/des/Makefile
17@@ -62,7 +62,7 @@
18 $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
19
20 des_enc-sparc.S: asm/des_enc.m4
21- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
22+ m4 asm/des_enc.m4 > des_enc-sparc.S
23
24 # ELF
25 dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
deleted file mode 100644
index 64cc7bd..0000000
--- a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1http://bugs.gentoo.org/181438
2http://bugs.gentoo.org/327421
3https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
4
5make sure we respect LDFLAGS
6
7also make sure we don't add useless -rpath flags to the system libdir
8
9--- openssl-0.9.8h/Makefile.org
10+++ openssl-0.9.8h/Makefile.org
11@@ -180,6 +181,7 @@
12 MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
13 DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
14 MAKEDEPPROG='${MAKEDEPPROG}' \
15+ LDFLAGS='${LDFLAGS}' \
16 SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
17 KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
18 EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
19--- openssl-0.9.8h/Makefile.shared
20+++ openssl-0.9.8h/Makefile.shared
21@@ -153,7 +153,7 @@
22 NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
23 SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
24
25-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
26+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
27
28 #This is rather special. It's a special target with which one can link
29 #applications without bothering with any features that have anything to
diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
deleted file mode 100644
index 9fa79b9..0000000
--- a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
+++ /dev/null
@@ -1,24 +0,0 @@
1http://bugs.gentoo.org/289130
2
3Ripped from Fedora
4
5--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100
6+++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100
7@@ -150,7 +150,7 @@ ___
8 sub BODY_20_39 {
9 my ($i,$a,$b,$c,$d,$e,$f)=@_;
10 my $j=$i+1;
11-my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
12+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
13 $code.=<<___ if ($i<79);
14 lea $K($xi,$e),$f
15 mov `4*($j%16)`(%rsp),$xi
16@@ -187,7 +187,7 @@ sub BODY_40_59 {
17 my ($i,$a,$b,$c,$d,$e,$f)=@_;
18 my $j=$i+1;
19 $code.=<<___;
20- lea 0x8f1bbcdc($xi,$e),$f
21+ lea -0x70e44324($xi,$e),$f
22 mov `4*($j%16)`(%rsp),$xi
23 mov $b,$t0
24 mov $b,$t1
diff --git a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch b/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch
deleted file mode 100644
index c932b82..0000000
--- a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch
+++ /dev/null
@@ -1,13 +0,0 @@
1https://bugs.gentoo.org/639876
2
3--- a/crypto/des/asm/des-586.pl
4+++ b/crypto/des/asm/des-586.pl
5@@ -4,7 +4,7 @@
6 # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
7 #
8
9-push(@INC,"perlasm","../../perlasm");
10+push(@INC,".","perlasm","../../perlasm");
11 require "x86asm.pl";
12 require "cbc.pl";
13 require "desboth.pl";
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch
deleted file mode 100644
index 148e7c3..0000000
--- a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
2From: Guido Vranken <guidovranken@gmail.com>
3Date: Mon, 11 Jun 2018 19:38:54 +0200
4Subject: [PATCH] Reject excessively large primes in DH key generation.
5
6CVE-2018-0732
7
8Signed-off-by: Guido Vranken <guidovranken@gmail.com>
9
10(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
11
12Reviewed-by: Tim Hudson <tjh@openssl.org>
13Reviewed-by: Matt Caswell <matt@openssl.org>
14(Merged from https://github.com/openssl/openssl/pull/6457)
15---
16 crypto/dh/dh_key.c | 7 ++++++-
17 1 file changed, 6 insertions(+), 1 deletion(-)
18
19diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
20index 387558f1467..f235e0d682b 100644
21--- a/crypto/dh/dh_key.c
22+++ b/crypto/dh/dh_key.c
23@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
24 int ok = 0;
25 int generate_new_key = 0;
26 unsigned l;
27- BN_CTX *ctx;
28+ BN_CTX *ctx = NULL;
29 BN_MONT_CTX *mont = NULL;
30 BIGNUM *pub_key = NULL, *priv_key = NULL;
31
32+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
33+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
34+ return 0;
35+ }
36+
37 ctx = BN_CTX_new();
38 if (ctx == NULL)
39 goto err;
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch
deleted file mode 100644
index e105fe4..0000000
--- a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch
+++ /dev/null
@@ -1,290 +0,0 @@
1Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
2
3From https://src.fedoraproject.org/git/rpms/openssl.git
4
5Contains parts of the following patches, rediffed. The patches are on various
6different branches.
7f23 openssl-1.0.2c-ecc-suiteb.patch
8f23 openssl-1.0.2a-fips-ec.patch
9f28 openssl-1.1.0-ec-curves.patch
10
11Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
12
13diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/apps/speed.c openssl-1.0.2m.mod/apps/speed.c
14--- openssl-1.0.2m.hobble/apps/speed.c 2017-11-02 07:32:57.000000000 -0700
15+++ openssl-1.0.2m.mod/apps/speed.c 2018-06-10 19:00:09.264550382 -0700
16@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
17 } else
18 # endif
19 # ifndef OPENSSL_NO_ECDSA
20- if (strcmp(*argv, "ecdsap160") == 0)
21- ecdsa_doit[R_EC_P160] = 2;
22- else if (strcmp(*argv, "ecdsap192") == 0)
23- ecdsa_doit[R_EC_P192] = 2;
24+ if (0) {}
25 else if (strcmp(*argv, "ecdsap224") == 0)
26 ecdsa_doit[R_EC_P224] = 2;
27 else if (strcmp(*argv, "ecdsap256") == 0)
28@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
29 ecdsa_doit[R_EC_P384] = 2;
30 else if (strcmp(*argv, "ecdsap521") == 0)
31 ecdsa_doit[R_EC_P521] = 2;
32- else if (strcmp(*argv, "ecdsak163") == 0)
33- ecdsa_doit[R_EC_K163] = 2;
34- else if (strcmp(*argv, "ecdsak233") == 0)
35- ecdsa_doit[R_EC_K233] = 2;
36- else if (strcmp(*argv, "ecdsak283") == 0)
37- ecdsa_doit[R_EC_K283] = 2;
38- else if (strcmp(*argv, "ecdsak409") == 0)
39- ecdsa_doit[R_EC_K409] = 2;
40- else if (strcmp(*argv, "ecdsak571") == 0)
41- ecdsa_doit[R_EC_K571] = 2;
42- else if (strcmp(*argv, "ecdsab163") == 0)
43- ecdsa_doit[R_EC_B163] = 2;
44- else if (strcmp(*argv, "ecdsab233") == 0)
45- ecdsa_doit[R_EC_B233] = 2;
46- else if (strcmp(*argv, "ecdsab283") == 0)
47- ecdsa_doit[R_EC_B283] = 2;
48- else if (strcmp(*argv, "ecdsab409") == 0)
49- ecdsa_doit[R_EC_B409] = 2;
50- else if (strcmp(*argv, "ecdsab571") == 0)
51- ecdsa_doit[R_EC_B571] = 2;
52 else if (strcmp(*argv, "ecdsa") == 0) {
53- for (i = 0; i < EC_NUM; i++)
54+ for (i = R_EC_P224; i < R_EC_P521; i++)
55 ecdsa_doit[i] = 1;
56 } else
57 # endif
58 # ifndef OPENSSL_NO_ECDH
59- if (strcmp(*argv, "ecdhp160") == 0)
60- ecdh_doit[R_EC_P160] = 2;
61- else if (strcmp(*argv, "ecdhp192") == 0)
62- ecdh_doit[R_EC_P192] = 2;
63+ if (0) {}
64 else if (strcmp(*argv, "ecdhp224") == 0)
65 ecdh_doit[R_EC_P224] = 2;
66 else if (strcmp(*argv, "ecdhp256") == 0)
67@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
68 ecdh_doit[R_EC_P384] = 2;
69 else if (strcmp(*argv, "ecdhp521") == 0)
70 ecdh_doit[R_EC_P521] = 2;
71- else if (strcmp(*argv, "ecdhk163") == 0)
72- ecdh_doit[R_EC_K163] = 2;
73- else if (strcmp(*argv, "ecdhk233") == 0)
74- ecdh_doit[R_EC_K233] = 2;
75- else if (strcmp(*argv, "ecdhk283") == 0)
76- ecdh_doit[R_EC_K283] = 2;
77- else if (strcmp(*argv, "ecdhk409") == 0)
78- ecdh_doit[R_EC_K409] = 2;
79- else if (strcmp(*argv, "ecdhk571") == 0)
80- ecdh_doit[R_EC_K571] = 2;
81- else if (strcmp(*argv, "ecdhb163") == 0)
82- ecdh_doit[R_EC_B163] = 2;
83- else if (strcmp(*argv, "ecdhb233") == 0)
84- ecdh_doit[R_EC_B233] = 2;
85- else if (strcmp(*argv, "ecdhb283") == 0)
86- ecdh_doit[R_EC_B283] = 2;
87- else if (strcmp(*argv, "ecdhb409") == 0)
88- ecdh_doit[R_EC_B409] = 2;
89- else if (strcmp(*argv, "ecdhb571") == 0)
90- ecdh_doit[R_EC_B571] = 2;
91 else if (strcmp(*argv, "ecdh") == 0) {
92- for (i = 0; i < EC_NUM; i++)
93+ for (i = R_EC_P224; i <= R_EC_P521; i++)
94 ecdh_doit[i] = 1;
95 } else
96 # endif
97@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
98 BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
99 # endif
100 # ifndef OPENSSL_NO_ECDSA
101- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
102+ BIO_printf(bio_err, "ecdsap224 "
103 "ecdsap256 ecdsap384 ecdsap521\n");
104- BIO_printf(bio_err,
105- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
106- BIO_printf(bio_err,
107- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
108 BIO_printf(bio_err, "ecdsa\n");
109 # endif
110 # ifndef OPENSSL_NO_ECDH
111- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
112+ BIO_printf(bio_err, "ecdhp224 "
113 "ecdhp256 ecdhp384 ecdhp521\n");
114- BIO_printf(bio_err,
115- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
116- BIO_printf(bio_err,
117- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
118 BIO_printf(bio_err, "ecdh\n");
119 # endif
120
121@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
122 for (i = 0; i < DSA_NUM; i++)
123 dsa_doit[i] = 1;
124 # ifndef OPENSSL_NO_ECDSA
125- for (i = 0; i < EC_NUM; i++)
126+ for (i = R_EC_P224; i <= R_EC_P521; i++)
127 ecdsa_doit[i] = 1;
128 # endif
129 # ifndef OPENSSL_NO_ECDH
130- for (i = 0; i < EC_NUM; i++)
131+ for (i = R_EC_P224; i <= R_EC_P521; i++)
132 ecdh_doit[i] = 1;
133 # endif
134 }
135diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c
136--- openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c 2017-11-02 07:32:57.000000000 -0700
137+++ openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c 2018-06-10 18:45:36.909911848 -0700
138@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
139 return 0;
140 }
141
142+ if (BN_num_bits(p) < 224) {
143+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
144+ return 0;
145+ }
146+
147 if (ctx == NULL) {
148 ctx = new_ctx = BN_CTX_new();
149 if (ctx == NULL)
150diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/ssl/t1_lib.c openssl-1.0.2m.mod/ssl/t1_lib.c
151--- openssl-1.0.2m.hobble/ssl/t1_lib.c 2017-11-02 07:32:58.000000000 -0700
152+++ openssl-1.0.2m.mod/ssl/t1_lib.c 2018-06-10 18:46:55.329811812 -0700
153@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto
154 0, 23, /* secp256r1 (23) */
155 /* Other >= 256-bit prime curves. */
156 0, 25, /* secp521r1 (25) */
157- 0, 28, /* brainpool512r1 (28) */
158- 0, 27, /* brainpoolP384r1 (27) */
159 0, 24, /* secp384r1 (24) */
160- 0, 26, /* brainpoolP256r1 (26) */
161 0, 22, /* secp256k1 (22) */
162 # ifndef OPENSSL_NO_EC2M
163 /* >= 256-bit binary curves. */
164@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[
165 0, 23, /* secp256r1 (23) */
166 /* Other >= 256-bit prime curves. */
167 0, 25, /* secp521r1 (25) */
168- 0, 28, /* brainpool512r1 (28) */
169- 0, 27, /* brainpoolP384r1 (27) */
170 0, 24, /* secp384r1 (24) */
171- 0, 26, /* brainpoolP256r1 (26) */
172 0, 22, /* secp256k1 (22) */
173 # ifndef OPENSSL_NO_EC2M
174 /* >= 256-bit binary curves. */
175@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[
176 * Remaining curves disabled by default but still permitted if set
177 * via an explicit callback or parameters.
178 */
179- 0, 20, /* secp224k1 (20) */
180- 0, 21, /* secp224r1 (21) */
181- 0, 18, /* secp192k1 (18) */
182- 0, 19, /* secp192r1 (19) */
183- 0, 15, /* secp160k1 (15) */
184- 0, 16, /* secp160r1 (16) */
185- 0, 17, /* secp160r2 (17) */
186 # ifndef OPENSSL_NO_EC2M
187 0, 8, /* sect239k1 (8) */
188 0, 6, /* sect233k1 (6) */
189@@ -351,29 +338,21 @@ static const unsigned char fips_curves_d
190 0, 9, /* sect283k1 (9) */
191 0, 10, /* sect283r1 (10) */
192 # endif
193- 0, 22, /* secp256k1 (22) */
194 0, 23, /* secp256r1 (23) */
195 # ifndef OPENSSL_NO_EC2M
196 0, 8, /* sect239k1 (8) */
197 0, 6, /* sect233k1 (6) */
198 0, 7, /* sect233r1 (7) */
199 # endif
200- 0, 20, /* secp224k1 (20) */
201- 0, 21, /* secp224r1 (21) */
202 # ifndef OPENSSL_NO_EC2M
203 0, 4, /* sect193r1 (4) */
204 0, 5, /* sect193r2 (5) */
205 # endif
206- 0, 18, /* secp192k1 (18) */
207- 0, 19, /* secp192r1 (19) */
208 # ifndef OPENSSL_NO_EC2M
209 0, 1, /* sect163k1 (1) */
210 0, 2, /* sect163r1 (2) */
211 0, 3, /* sect163r2 (3) */
212 # endif
213- 0, 15, /* secp160k1 (15) */
214- 0, 16, /* secp160r1 (16) */
215- 0, 17, /* secp160r2 (17) */
216 };
217 # endif
218
219diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c
220--- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
221+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200
222@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
223 goto err;
224
225 /* NIST PRIME CURVES TESTS */
226+# if 0
227 if (!test_ecdh_curve
228 (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
229 goto err;
230 if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
231 goto err;
232+# endif
233 if (!test_ecdh_curve
234 (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
235 goto err;
236@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
237 if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
238 goto err;
239 # endif
240+# if 0
241 if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
242 goto err;
243 if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
244 goto err;
245 if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
246 goto err;
247-
248+# endif
249 ret = 0;
250
251 err:
252diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c
253--- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
254+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200
255@@ -138,11 +138,14 @@ int restore_rand(void)
256 }
257
258 static int fbytes_counter = 0;
259-static const char *numbers[8] = {
260+static const char *numbers[10] = {
261+ "651056770906015076056810763456358567190100156695615665659",
262 "651056770906015076056810763456358567190100156695615665659",
263 "6140507067065001063065065565667405560006161556565665656654",
264 "8763001015071075675010661307616710783570106710677817767166"
265 "71676178726717",
266+ "8763001015071075675010661307616710783570106710677817767166"
267+ "71676178726717",
268 "7000000175690566466555057817571571075705015757757057795755"
269 "55657156756655",
270 "1275552191113212300012030439187146164646146646466749494799",
271@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num)
272 int ret;
273 BIGNUM *tmp = NULL;
274
275- if (fbytes_counter >= 8)
276+ if (fbytes_counter >= 10)
277 return 0;
278 tmp = BN_new();
279 if (!tmp)
280@@ -532,8 +535,10 @@ int main(void)
281 RAND_seed(rnd_seed, sizeof(rnd_seed));
282
283 /* the tests */
284+# if 0
285 if (!x9_62_tests(out))
286 goto err;
287+# endif
288 if (!test_builtin(out))
289 goto err;
290
diff --git a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch b/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
deleted file mode 100644
index 4b01feb..0000000
--- a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
+++ /dev/null
@@ -1,77 +0,0 @@
1From e502cc86df9dafded1694fceb3228ee34d11c11a Mon Sep 17 00:00:00 2001
2From: Andy Polyakov <appro@openssl.org>
3Date: Fri, 24 Nov 2017 11:35:50 +0100
4Subject: [PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in
5 rsaz_1024_mul_avx2.
6
7Credit to OSS-Fuzz for finding this.
8
9CVE-2017-3738
10
11Reviewed-by: Rich Salz <rsalz@openssl.org>
12---
13 crypto/bn/asm/rsaz-avx2.pl | 15 +++++++--------
14 1 file changed, 7 insertions(+), 8 deletions(-)
15
16diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
17index 0c1b236ef98..46d746b7d0e 100755
18--- a/crypto/bn/asm/rsaz-avx2.pl
19+++ b/crypto/bn/asm/rsaz-avx2.pl
20@@ -246,7 +246,7 @@
21 vmovdqu 32*8-128($ap), $ACC8
22
23 lea 192(%rsp), $tp0 # 64+128=192
24- vpbroadcastq .Land_mask(%rip), $AND_MASK
25+ vmovdqu .Land_mask(%rip), $AND_MASK
26 jmp .LOOP_GRANDE_SQR_1024
27
28 .align 32
29@@ -1077,10 +1077,10 @@
30 vpmuludq 32*6-128($np),$Yi,$TEMP1
31 vpaddq $TEMP1,$ACC6,$ACC6
32 vpmuludq 32*7-128($np),$Yi,$TEMP2
33- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3
34+ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3
35 vpaddq $TEMP2,$ACC7,$ACC7
36 vpmuludq 32*8-128($np),$Yi,$TEMP0
37- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3
38+ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3
39 vpaddq $TEMP0,$ACC8,$ACC8
40
41 mov %rbx, %rax
42@@ -1093,7 +1093,9 @@
43 vmovdqu -8+32*2-128($ap),$TEMP2
44
45 mov $r1, %rax
46+ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3
47 imull $n0, %eax
48+ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3
49 and \$0x1fffffff, %eax
50
51 imulq 16-128($ap),%rbx
52@@ -1329,15 +1331,12 @@
53 # But as we underutilize resources, it's possible to correct in
54 # each iteration with marginal performance loss. But then, as
55 # we do it in each iteration, we can correct less digits, and
56-# avoid performance penalties completely. Also note that we
57-# correct only three digits out of four. This works because
58-# most significant digit is subjected to less additions.
59+# avoid performance penalties completely.
60
61 $TEMP0 = $ACC9;
62 $TEMP3 = $Bi;
63 $TEMP4 = $Yi;
64 $code.=<<___;
65- vpermq \$0, $AND_MASK, $AND_MASK
66 vpaddq (%rsp), $TEMP1, $ACC0
67
68 vpsrlq \$29, $ACC0, $TEMP1
69@@ -1770,7 +1769,7 @@
70
71 .align 64
72 .Land_mask:
73- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
74+ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
75 .Lscatter_permd:
76 .long 0,2,4,6,7,7,7,7
77 .Lgather_permd:
diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
deleted file mode 100644
index e7dfba4..0000000
--- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001
2From: Guido Vranken <guidovranken@gmail.com>
3Date: Mon, 11 Jun 2018 19:38:54 +0200
4Subject: [PATCH] Reject excessively large primes in DH key generation.
5
6CVE-2018-0732
7
8Signed-off-by: Guido Vranken <guidovranken@gmail.com>
9
10(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
11
12Reviewed-by: Tim Hudson <tjh@openssl.org>
13Reviewed-by: Matt Caswell <matt@openssl.org>
14(Merged from https://github.com/openssl/openssl/pull/6457)
15---
16 crypto/dh/dh_key.c | 7 ++++++-
17 1 file changed, 6 insertions(+), 1 deletion(-)
18
19diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
20index fce9ff47f36..58003d70878 100644
21--- a/crypto/dh/dh_key.c
22+++ b/crypto/dh/dh_key.c
23@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
24 int ok = 0;
25 int generate_new_key = 0;
26 unsigned l;
27- BN_CTX *ctx;
28+ BN_CTX *ctx = NULL;
29 BN_MONT_CTX *mont = NULL;
30 BIGNUM *pub_key = NULL, *priv_key = NULL;
31
32+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
33+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
34+ return 0;
35+ }
36+
37 ctx = BN_CTX_new();
38 if (ctx == NULL)
39 goto err;
diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch
deleted file mode 100644
index 34c9cc0..0000000
--- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
2From: Billy Brumley <bbrumley@gmail.com>
3Date: Wed, 11 Apr 2018 10:10:58 +0300
4Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
5 both get called with BN_FLG_CONSTTIME flag set.
6
7CVE-2018-0737
8
9Reviewed-by: Rich Salz <rsalz@openssl.org>
10Reviewed-by: Matt Caswell <matt@openssl.org>
11(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
12---
13 crypto/rsa/rsa_gen.c | 2 ++
14 1 file changed, 2 insertions(+)
15
16diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
17index 9ca5dfe..42b89a8 100644
18--- a/crypto/rsa/rsa_gen.c
19+++ b/crypto/rsa/rsa_gen.c
20@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
21 if (BN_copy(rsa->e, e_value) == NULL)
22 goto err;
23
24+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
25+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
26 BN_set_flags(r2, BN_FLG_CONSTTIME);
27 /* generate p and q */
28 for (;;) {
29--
302.7.4
31
diff --git a/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch b/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch
new file mode 100644
index 0000000..c837e20
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch
@@ -0,0 +1,21 @@
1https://github.com/openssl/openssl/issues/7679
2
3--- a/Configurations/unix-Makefile.tmpl
4+++ b/Configurations/unix-Makefile.tmpl
5@@ -77,8 +77,14 @@
6 # to. You're welcome.
7 sub dependmagic {
8 my $target = shift;
9-
10- return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
11+ my $magic = <<"_____";
12+$target: build_generated depend
13+ \$(MAKE) _$target
14+_$target
15+_____
16+ # Remove line ending
17+ $magic =~ s|\R$||;
18+ return $magic;
19 }
20 '';
21 -}
diff --git a/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch
new file mode 100644
index 0000000..2c4cc31
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch
@@ -0,0 +1,19 @@
1Test fuzz was forgotten when
2
3 Perl: Use our own globbing wrapper rather than File::Glob::glob
4
5was backported to openssl-1.1.0 branch.
6
7Link: https://github.com/openssl/openssl/commit/b81cfa07ada850fd287d0a0c82ba280907f18ce7
8
9--- a/test/recipes/90-test_fuzz.t
10+++ b/test/recipes/90-test_fuzz.t
11@@ -9,7 +9,7 @@
12 use strict;
13 use warnings;
14
15-use if $^O ne "VMS", 'File::Glob' => qw/glob/;
16+use OpenSSL::Glob;
17 use OpenSSL::Test qw/:DEFAULT srctop_file/;
18 use OpenSSL::Test::Utils;
19
diff --git a/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch b/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch
new file mode 100644
index 0000000..35a435d
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch
@@ -0,0 +1,30 @@
1From bcf6a94c4bc912ad313ea21abdf7e83bbae450e5 Mon Sep 17 00:00:00 2001
2From: Nicola Tuveri <nic.tuv@gmail.com>
3Date: Thu, 12 Sep 2019 01:57:47 +0300
4Subject: [PATCH] Fix no-ec2m in ec_curve.c (1.1.0)
5
6I made a mistake in d4a5dac9f9242c580fb9d0a4389440eccd3494a7 and
7inverted the GF2m and GFp calls in ec_point_get_affine_coordinates, this
8fixes it.
9---
10 crypto/ec/ec_curve.c | 4 ++--
11 1 file changed, 2 insertions(+), 2 deletions(-)
12
13diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
14index 2d28d7f70bb..6a58b3a23e0 100644
15--- a/crypto/ec/ec_curve.c
16+++ b/crypto/ec/ec_curve.c
17@@ -3200,11 +3200,11 @@ int ec_point_get_affine_coordinates(const EC_GROUP *group,
18
19 #ifndef OPENSSL_NO_EC2M
20 if (field_nid == NID_X9_62_characteristic_two_field) {
21- return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
22+ return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx);
23 } else
24 #endif /* !def(OPENSSL_NO_EC2M) */
25 if (field_nid == NID_X9_62_prime_field) {
26- return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx);
27+ return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
28 } else {
29 /* this should never happen */
30 return 0;
diff --git a/dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch
deleted file mode 100644
index 6c336f2..0000000
--- a/dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1From 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe Mon Sep 17 00:00:00 2001
2From: Guido Vranken <guidovranken@gmail.com>
3Date: Mon, 11 Jun 2018 19:38:54 +0200
4Subject: [PATCH] Reject excessively large primes in DH key generation.
5
6CVE-2018-0732
7
8Signed-off-by: Guido Vranken <guidovranken@gmail.com>
9
10Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
11Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
12Reviewed-by: Rich Salz <rsalz@openssl.org>
13Reviewed-by: Matt Caswell <matt@openssl.org>
14(Merged from https://github.com/openssl/openssl/pull/6457)
15---
16 crypto/dh/dh_key.c | 7 ++++++-
17 1 file changed, 6 insertions(+), 1 deletion(-)
18
19diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
20index 6901548ed69..752542b5563 100644
21--- a/crypto/dh/dh_key.c
22+++ b/crypto/dh/dh_key.c
23@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
24 int ok = 0;
25 int generate_new_key = 0;
26 unsigned l;
27- BN_CTX *ctx;
28+ BN_CTX *ctx = NULL;
29 BN_MONT_CTX *mont = NULL;
30 BIGNUM *pub_key = NULL, *priv_key = NULL;
31
32+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
33+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
34+ return 0;
35+ }
36+
37 ctx = BN_CTX_new();
38 if (ctx == NULL)
39 goto err;
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
new file mode 100644
index 0000000..1f195d0
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
@@ -0,0 +1,107 @@
1From 515c728dbaa92211d2eafb0041ab9fcd258fdc41 Mon Sep 17 00:00:00 2001
2From: Bernd Edlinger <bernd.edlinger@hotmail.de>
3Date: Mon, 9 Sep 2019 19:12:25 +0200
4Subject: [PATCH] Fix potential memory leaks with BN_to_ASN1_INTEGER
5
6Reviewed-by: Paul Dale <paul.dale@oracle.com>
7Reviewed-by: Matt Caswell <matt@openssl.org>
8(Merged from https://github.com/openssl/openssl/pull/9833)
9
10(cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09)
11---
12 crypto/ec/ec_asn1.c | 7 +++++--
13 crypto/x509v3/v3_asid.c | 26 ++++++++++++++++++++------
14 2 files changed, 25 insertions(+), 8 deletions(-)
15
16diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
17index 1ce1181fc10..7cbf8de9813 100644
18--- a/crypto/ec/ec_asn1.c
19+++ b/crypto/ec/ec_asn1.c
20@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
21 unsigned char *buffer = NULL;
22 const EC_POINT *point = NULL;
23 point_conversion_form_t form;
24+ ASN1_INTEGER *orig;
25
26 if (params == NULL) {
27 if ((ret = ECPARAMETERS_new()) == NULL) {
28@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
29 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
30 goto err;
31 }
32- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
33+ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
34 if (ret->order == NULL) {
35+ ret->order = orig;
36 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
37 goto err;
38 }
39@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
40 /* set the cofactor (optional) */
41 tmp = EC_GROUP_get0_cofactor(group);
42 if (tmp != NULL) {
43- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
44+ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
45 if (ret->cofactor == NULL) {
46+ ret->cofactor = orig;
47 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
48 goto err;
49 }
50diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
51index 089f2ae29f0..ef2d64826fb 100644
52--- a/crypto/x509v3/v3_asid.c
53+++ b/crypto/x509v3/v3_asid.c
54@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
55 static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
56 {
57 ASN1_INTEGER *a_max_plus_one = NULL;
58+ ASN1_INTEGER *orig;
59 BIGNUM *bn = NULL;
60 int i, ret = 0;
61
62@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
63 */
64 if ((bn == NULL && (bn = BN_new()) == NULL) ||
65 ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
66- !BN_add_word(bn, 1) ||
67- (a_max_plus_one =
68- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
69+ !BN_add_word(bn, 1)) {
70+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
71+ ERR_R_MALLOC_FAILURE);
72+ goto done;
73+ }
74+
75+ if ((a_max_plus_one =
76+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
77+ a_max_plus_one = orig;
78 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
79 ERR_R_MALLOC_FAILURE);
80 goto done;
81@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
82 static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
83 {
84 ASN1_INTEGER *a_max_plus_one = NULL;
85+ ASN1_INTEGER *orig;
86 BIGNUM *bn = NULL;
87 int i, ret = 0;
88
89@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
90 */
91 if ((bn == NULL && (bn = BN_new()) == NULL) ||
92 ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
93- !BN_add_word(bn, 1) ||
94- (a_max_plus_one =
95- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
96+ !BN_add_word(bn, 1)) {
97+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
98+ ERR_R_MALLOC_FAILURE);
99+ goto done;
100+ }
101+
102+ if ((a_max_plus_one =
103+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
104+ a_max_plus_one = orig;
105 X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
106 ERR_R_MALLOC_FAILURE);
107 goto done;
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch
new file mode 100644
index 0000000..5d2f923
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch
@@ -0,0 +1,52 @@
1From 86ed78676c660b553696cc10c682962522dfeb6c Mon Sep 17 00:00:00 2001
2From: Tomas Mraz <tmraz@fedoraproject.org>
3Date: Thu, 12 Sep 2019 12:27:36 +0200
4Subject: [PATCH] BIO_f_zlib: Properly handle BIO_CTRL_PENDING and
5 BIO_CTRL_WPENDING calls.
6
7There can be data to write in output buffer and data to read that were
8not yet read in the input stream.
9
10Fixes #9866
11
12Reviewed-by: Richard Levitte <levitte@openssl.org>
13(Merged from https://github.com/openssl/openssl/pull/9877)
14
15(cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95)
16---
17 crypto/comp/c_zlib.c | 22 ++++++++++++++++++++++
18 1 file changed, 22 insertions(+)
19
20diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
21index d688deee5f2..7c1be358fd7 100644
22--- a/crypto/comp/c_zlib.c
23+++ b/crypto/comp/c_zlib.c
24@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
25 BIO_copy_next_retry(b);
26 break;
27
28+ case BIO_CTRL_WPENDING:
29+ if (ctx->obuf == NULL)
30+ return 0;
31+
32+ if (ctx->odone) {
33+ ret = ctx->ocount;
34+ } else {
35+ ret = ctx->ocount;
36+ if (ret == 0)
37+ /* Unknown amount pending but we are not finished */
38+ ret = 1;
39+ }
40+ if (ret == 0)
41+ ret = BIO_ctrl(next, cmd, num, ptr);
42+ break;
43+
44+ case BIO_CTRL_PENDING:
45+ ret = ctx->zin.avail_in;
46+ if (ret == 0)
47+ ret = BIO_ctrl(next, cmd, num, ptr);
48+ break;
49+
50 default:
51 ret = BIO_ctrl(next, cmd, num, ptr);
52 break;
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
new file mode 100644
index 0000000..dc8fe71
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
@@ -0,0 +1,62 @@
1From 61cc715240d2d3f9511ca88043a3e9797c11482f Mon Sep 17 00:00:00 2001
2From: Richard Levitte <levitte@openssl.org>
3Date: Thu, 3 Oct 2019 08:28:31 +0200
4Subject: [PATCH] Define AESNI_ASM if AESNI assembler is included, and use it
5
6Because we have cases where basic assembler support isn't present, but
7AESNI asssembler support is, we need a separate macro that indicates
8that, and use it.
9
10Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
11Reviewed-by: Paul Dale <paul.dale@oracle.com>
12(Merged from https://github.com/openssl/openssl/pull/10080)
13---
14 Configure | 1 +
15 crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +-
16 crypto/evp/e_aes_cbc_hmac_sha256.c | 4 ++--
17 3 files changed, 4 insertions(+), 3 deletions(-)
18
19diff --git a/Configure b/Configure
20index 811bee81f54..f498ac2f81b 100755
21--- a/Configure
22+++ b/Configure
23@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) {
24 }
25 if ($target{aes_asm_src}) {
26 push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
27+ push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
28 # aes-ctr.fake is not a real file, only indication that assembler
29 # module implements AES_ctr32_encrypt...
30 push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
31diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
32index c9f5969162c..27c36b46e7a 100644
33--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
34+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
35@@ -33,7 +33,7 @@ typedef struct {
36
37 #define NO_PAYLOAD_LENGTH ((size_t)-1)
38
39-#if defined(AES_ASM) && ( \
40+#if defined(AESNI_ASM) && ( \
41 defined(__x86_64) || defined(__x86_64__) || \
42 defined(_M_AMD64) || defined(_M_X64) )
43
44diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
45index d5178313ae3..cc622b6faa8 100644
46--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
47+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
48@@ -34,7 +34,7 @@ typedef struct {
49
50 # define NO_PAYLOAD_LENGTH ((size_t)-1)
51
52-#if defined(AES_ASM) && ( \
53+#if defined(AESNI_ASM) && ( \
54 defined(__x86_64) || defined(__x86_64__) || \
55 defined(_M_AMD64) || defined(_M_X64) )
56
57@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
58 {
59 return NULL;
60 }
61-#endif
62+#endif /* AESNI_ASM */
diff --git a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
deleted file mode 100644
index 0129ddc..0000000
--- a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild
+++ /dev/null
@@ -1,163 +0,0 @@
1# Copyright 1999-2018 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2
3
4# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
5
6EAPI="6"
7
8inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
9
10#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))")
11PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h'
12MY_PV=${PV/_p*/${PLEVEL}}
13MY_P=${PN}-${MY_PV}
14S="${WORKDIR}/${MY_P}"
15DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
16HOMEPAGE="https://www.openssl.org/"
17SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
18
19LICENSE="openssl"
20SLOT="0.9.8"
21KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
22IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
23# RESTRICT="!bindist? ( bindist )"
24
25RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
26 zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
27 kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
28 !=dev-libs/openssl-0.9.8*:0"
29DEPEND="${RDEPEND}
30 >=dev-lang/perl-5
31 test? (
32 sys-apps/diffutils
33 sys-devel/bc
34 )"
35
36# Do not install any docs
37DOCS=()
38
39PATCHES=(
40 "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
41 "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
42 "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
43 "${FILESDIR}"/${PN}-0.9.8z_p8-perl-5.26.patch
44)
45
46src_prepare() {
47 default
48
49 # disable fips in the build
50 # make sure the man pages are suffixed #302165
51 # don't bother building man pages if they're disabled
52 sed -i \
53 -e '/DIRS/s: fips : :g' \
54 -e '/^MANSUFFIX/s:=.*:=ssl:' \
55 -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
56 -e $(has noman FEATURES \
57 && echo '/^install:/s:install_docs::' \
58 || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
59 Makefile{,.org} \
60 || die
61 # show the actual commands in the log
62 sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared || die
63 # update the enginedir path.
64 # punt broken config we don't care about as it fails sanity check.
65 sed -i \
66 -e '/^"debug-ben-debug-64"/d' \
67 -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
68 Configure || die
69
70 # since we're forcing $(CC) as makedep anyway, just fix
71 # the conditional as always-on
72 # helps clang (#417795), and versioned gcc (#499818)
73 sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
74
75 # quiet out unknown driver argument warnings since openssl
76 # doesn't have well-split CFLAGS and we're making it even worse
77 # and 'make depend' uses -Werror for added fun (#417795 again)
78 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
79
80 # allow openssl to be cross-compiled
81 cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
82 chmod a+rx gentoo.config || die
83
84 append-flags -fno-strict-aliasing
85 append-flags -Wa,--noexecstack
86
87 sed -i '1s,^:$,#!/usr/bin/perl,' Configure || die #141906
88 sed -i '/^"debug-bodo/d' Configure || die # 0.9.8za shipped broken
89 ./config --test-sanity || die "I AM NOT SANE"
90
91 multilib_copy_sources
92}
93
94multilib_src_configure() {
95 unset APPS #197996
96 unset SCRIPTS #312551
97
98 tc-export CC AR RANLIB
99
100 # Clean out patent-or-otherwise-encumbered code
101 # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
102 # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
103 # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
104 # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
105 # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5
106
107 use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
108 echoit() { echo "$@" ; "$@" ; }
109
110 local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
111
112 local sslout=$(./gentoo.config)
113 einfo "Use configuration ${sslout:-(openssl knows best)}"
114 local config="Configure"
115 [[ -z ${sslout} ]] && config="config"
116
117 echoit \
118 ./${config} \
119 ${sslout} \
120 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
121 enable-camellia \
122 $(use_ssl !bindist ec) \
123 enable-idea \
124 enable-mdc2 \
125 $(use_ssl !bindist rc5) \
126 enable-tlsext \
127 $(use_ssl gmp gmp -lgmp) \
128 $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
129 $(use_ssl zlib) \
130 --prefix=/usr \
131 --openssldir=/etc/ssl \
132 shared threads \
133 || die "Configure failed"
134
135 # Clean out hardcoded flags that openssl uses
136 local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
137 -e 's:^CFLAG=::' \
138 -e 's:-fomit-frame-pointer ::g' \
139 -e 's:-O[0-9] ::g' \
140 -e 's:-march=[-a-z0-9]* ::g' \
141 -e 's:-mcpu=[-a-z0-9]* ::g' \
142 -e 's:-m[a-z0-9]* ::g' \
143 )
144 sed -i \
145 -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
146 -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
147 -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
148 Makefile || die
149}
150
151multilib_src_compile() {
152 # depend is needed to use $confopts
153 emake -j1 depend
154 emake -j1 build_libs
155}
156
157multilib_src_test() {
158 emake -j1 test
159}
160
161multilib_src_install() {
162 dolib.so lib{crypto,ssl}.so.0.9.8
163}
diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
deleted file mode 100644
index d6d5912..0000000
--- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild
+++ /dev/null
@@ -1,158 +0,0 @@
1# Copyright 1999-2018 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2
3
4# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
5
6EAPI="5"
7
8inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
9
10#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))")
11PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h'
12MY_PV=${PV/_p*/${PLEVEL}}
13MY_P=${PN}-${MY_PV}
14S="${WORKDIR}/${MY_P}"
15DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
16HOMEPAGE="http://www.openssl.org/"
17SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
18
19LICENSE="openssl"
20SLOT="0.9.8"
21KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
22IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
23# RESTRICT="!bindist? ( bindist )"
24
25RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
26 zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
27 kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
28 !=dev-libs/openssl-0.9.8*:0"
29DEPEND="${RDEPEND}
30 >=dev-lang/perl-5
31 test? (
32 sys-apps/diffutils
33 sys-devel/bc
34 )"
35
36# Do not install any docs
37DOCS=()
38
39src_prepare() {
40 epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
41 epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
42 epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
43
44 # disable fips in the build
45 # make sure the man pages are suffixed #302165
46 # don't bother building man pages if they're disabled
47 sed -i \
48 -e '/DIRS/s: fips : :g' \
49 -e '/^MANSUFFIX/s:=.*:=ssl:' \
50 -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
51 -e $(has noman FEATURES \
52 && echo '/^install:/s:install_docs::' \
53 || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
54 Makefile{,.org} \
55 || die
56 # show the actual commands in the log
57 sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
58 # update the enginedir path.
59 # punt broken config we don't care about as it fails sanity check.
60 sed -i \
61 -e '/^"debug-ben-debug-64"/d' \
62 -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
63 Configure || die
64
65 # since we're forcing $(CC) as makedep anyway, just fix
66 # the conditional as always-on
67 # helps clang (#417795), and versioned gcc (#499818)
68 sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
69
70 # quiet out unknown driver argument warnings since openssl
71 # doesn't have well-split CFLAGS and we're making it even worse
72 # and 'make depend' uses -Werror for added fun (#417795 again)
73 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
74
75 # allow openssl to be cross-compiled
76 cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
77 chmod a+rx gentoo.config
78
79 append-flags -fno-strict-aliasing
80 append-flags -Wa,--noexecstack
81
82 sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
83 sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
84 ./config --test-sanity || die "I AM NOT SANE"
85
86 multilib_copy_sources
87}
88
89multilib_src_configure() {
90 unset APPS #197996
91 unset SCRIPTS #312551
92
93 tc-export CC AR RANLIB
94
95 # Clean out patent-or-otherwise-encumbered code
96 # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
97 # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
98 # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
99 # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
100 # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5
101
102 use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
103 echoit() { echo "$@" ; "$@" ; }
104
105 local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
106
107 local sslout=$(./gentoo.config)
108 einfo "Use configuration ${sslout:-(openssl knows best)}"
109 local config="Configure"
110 [[ -z ${sslout} ]] && config="config"
111
112 echoit \
113 ./${config} \
114 ${sslout} \
115 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
116 enable-camellia \
117 $(use_ssl !bindist ec) \
118 enable-idea \
119 enable-mdc2 \
120 $(use_ssl !bindist rc5) \
121 enable-tlsext \
122 $(use_ssl gmp gmp -lgmp) \
123 $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
124 $(use_ssl zlib) \
125 --prefix=/usr \
126 --openssldir=/etc/ssl \
127 shared threads \
128 || die "Configure failed"
129
130 # Clean out hardcoded flags that openssl uses
131 local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
132 -e 's:^CFLAG=::' \
133 -e 's:-fomit-frame-pointer ::g' \
134 -e 's:-O[0-9] ::g' \
135 -e 's:-march=[-a-z0-9]* ::g' \
136 -e 's:-mcpu=[-a-z0-9]* ::g' \
137 -e 's:-m[a-z0-9]* ::g' \
138 )
139 sed -i \
140 -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
141 -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
142 -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
143 Makefile || die
144}
145
146multilib_src_compile() {
147 # depend is needed to use $confopts
148 emake -j1 depend
149 emake -j1 build_libs
150}
151
152multilib_src_test() {
153 emake -j1 test
154}
155
156multilib_src_install() {
157 dolib.so lib{crypto,ssl}.so.0.9.8
158}
diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
deleted file mode 100644
index 5255150..0000000
--- a/dev-libs/openssl/openssl-1.0.2n.ebuild
+++ /dev/null
@@ -1,251 +0,0 @@
1# Copyright 1999-2018 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2
3
4EAPI="6"
5
6inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
7
8PATCH_SET="openssl-1.0.2-patches-1.0"
9MY_P=${P/_/-}
10DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
11HOMEPAGE="https://www.openssl.org/"
12SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
13 mirror://gentoo/${PATCH_SET}.tar.xz
14 https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
15
16LICENSE="openssl"
17SLOT="0"
18KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
19IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
20# RESTRICT="!bindist? ( bindist )"
21
22RDEPEND=">=app-misc/c_rehash-1.7-r1
23 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
24 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
25 kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
26DEPEND="${RDEPEND}
27 >=dev-lang/perl-5
28 sctp? ( >=net-misc/lksctp-tools-1.0.12 )
29 test? (
30 sys-apps/diffutils
31 sys-devel/bc
32 )"
33PDEPEND="app-misc/ca-certificates"
34
35S="${WORKDIR}/${MY_P}"
36
37MULTILIB_WRAPPED_HEADERS=(
38 usr/include/openssl/opensslconf.h
39)
40
41src_prepare() {
42 # keep this in sync with app-misc/c_rehash
43 SSL_CNF_DIR="/etc/ssl"
44
45 # Make sure we only ever touch Makefile.org and avoid patching a file
46 # that gets blown away anyways by the Configure script in src_configure
47 rm -f Makefile
48
49 if ! use vanilla ; then
50 eapply "${WORKDIR}"/patch/*.patch
51 fi
52
53 eapply_user
54
55 # disable fips in the build
56 # make sure the man pages are suffixed #302165
57 # don't bother building man pages if they're disabled
58 sed -i \
59 -e '/DIRS/s: fips : :g' \
60 -e '/^MANSUFFIX/s:=.*:=ssl:' \
61 -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
62 -e $(has noman FEATURES \
63 && echo '/^install:/s:install_docs::' \
64 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
65 Makefile.org \
66 || die
67 # show the actual commands in the log
68 sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
69
70 # since we're forcing $(CC) as makedep anyway, just fix
71 # the conditional as always-on
72 # helps clang (#417795), and versioned gcc (#499818)
73 sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
74
75 # quiet out unknown driver argument warnings since openssl
76 # doesn't have well-split CFLAGS and we're making it even worse
77 # and 'make depend' uses -Werror for added fun (#417795 again)
78 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
79
80 # allow openssl to be cross-compiled
81 cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
82 chmod a+rx gentoo.config || die
83
84 append-flags -fno-strict-aliasing
85 append-flags $(test-flags-CC -Wa,--noexecstack)
86 append-cppflags -DOPENSSL_NO_BUF_FREELISTS
87
88 sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
89 # The config script does stupid stuff to prompt the user. Kill it.
90 sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
91 ./config --test-sanity || die "I AM NOT SANE"
92
93 multilib_copy_sources
94}
95
96multilib_src_configure() {
97 unset APPS #197996
98 unset SCRIPTS #312551
99 unset CROSS_COMPILE #311473
100
101 tc-export CC AR RANLIB RC
102
103 # Clean out patent-or-otherwise-encumbered code
104 # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
105 # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
106 # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
107 # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
108 # RC5: Expired http://en.wikipedia.org/wiki/RC5
109
110 use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
111 echoit() { echo "$@" ; "$@" ; }
112
113 local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
114
115 # See if our toolchain supports __uint128_t. If so, it's 64bit
116 # friendly and can use the nicely optimized code paths. #460790
117 local ec_nistp_64_gcc_128
118 # Disable it for now though #469976
119 #if ! use bindist ; then
120 # echo "__uint128_t i;" > "${T}"/128.c
121 # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
122 # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
123 # fi
124 #fi
125
126 # https://github.com/openssl/openssl/issues/2286
127 if use ia64 ; then
128 replace-flags -g3 -g2
129 replace-flags -ggdb3 -ggdb2
130 fi
131
132 local sslout=$(./gentoo.config)
133 einfo "Use configuration ${sslout:-(openssl knows best)}"
134 local config="Configure"
135 [[ -z ${sslout} ]] && config="config"
136
137 echoit \
138 ./${config} \
139 ${sslout} \
140 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
141 enable-camellia \
142 $(use_ssl !bindist ec) \
143 ${ec_nistp_64_gcc_128} \
144 enable-idea \
145 enable-mdc2 \
146 enable-rc5 \
147 enable-tlsext \
148 $(use_ssl asm) \
149 $(use_ssl gmp gmp -lgmp) \
150 $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
151 $(use_ssl rfc3779) \
152 $(use_ssl sctp) \
153 $(use_ssl sslv2 ssl2) \
154 $(use_ssl sslv3 ssl3) \
155 $(use_ssl tls-heartbeat heartbeats) \
156 $(use_ssl zlib) \
157 --prefix="${EPREFIX}"/usr \
158 --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
159 --libdir=$(get_libdir) \
160 shared threads \
161 || die
162
163 # Clean out hardcoded flags that openssl uses
164 local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
165 -e 's:^CFLAG=::' \
166 -e 's:-fomit-frame-pointer ::g' \
167 -e 's:-O[0-9] ::g' \
168 -e 's:-march=[-a-z0-9]* ::g' \
169 -e 's:-mcpu=[-a-z0-9]* ::g' \
170 -e 's:-m[a-z0-9]* ::g' \
171 )
172 sed -i \
173 -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
174 -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
175 Makefile || die
176}
177
178multilib_src_compile() {
179 # depend is needed to use $confopts; it also doesn't matter
180 # that it's -j1 as the code itself serializes subdirs
181 emake -j1 depend
182 emake all
183 # rehash is needed to prep the certs/ dir; do this
184 # separately to avoid parallel build issues.
185 emake rehash
186}
187
188multilib_src_test() {
189 emake -j1 test
190}
191
192multilib_src_install() {
193 emake INSTALL_PREFIX="${D}" install
194}
195
196multilib_src_install_all() {
197 # openssl installs perl version of c_rehash by default, but
198 # we provide a shell version via app-misc/c_rehash
199 rm "${ED}"/usr/bin/c_rehash || die
200
201 local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
202 einstalldocs
203
204 use rfc3779 && dodoc engines/ccgost/README.gost
205
206 # This is crappy in that the static archives are still built even
207 # when USE=static-libs. But this is due to a failing in the openssl
208 # build system: the static archives are built as PIC all the time.
209 # Only way around this would be to manually configure+compile openssl
210 # twice; once with shared lib support enabled and once without.
211 use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
212
213 # create the certs directory
214 dodir ${SSL_CNF_DIR}/certs
215 cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
216 rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
217
218 # Namespace openssl programs to prevent conflicts with other man pages
219 cd "${ED}"/usr/share/man
220 local m d s
221 for m in $(find . -type f | xargs grep -L '#include') ; do
222 d=${m%/*} ; d=${d#./} ; m=${m##*/}
223 [[ ${m} == openssl.1* ]] && continue
224 [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
225 mv ${d}/{,ssl-}${m}
226 # fix up references to renamed man pages
227 sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
228 ln -s ssl-${m} ${d}/openssl-${m}
229 # locate any symlinks that point to this man page ... we assume
230 # that any broken links are due to the above renaming
231 for s in $(find -L ${d} -type l) ; do
232 s=${s##*/}
233 rm -f ${d}/${s}
234 ln -s ssl-${m} ${d}/ssl-${s}
235 ln -s ssl-${s} ${d}/openssl-${s}
236 done
237 done
238 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
239
240 dodir /etc/sandbox.d #254521
241 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
242
243 diropts -m0700
244 keepdir ${SSL_CNF_DIR}/private
245}
246
247pkg_postinst() {
248 ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
249 c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
250 eend $?
251}
diff --git a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild b/dev-libs/openssl/openssl-1.0.2o-r3.ebuild
deleted file mode 100644
index f0360e4..0000000
--- a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild
+++ /dev/null
@@ -1,252 +0,0 @@
1# Copyright 1999-2018 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2
3
4EAPI="6"
5
6inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
7
8PATCH_SET="openssl-1.0.2-patches-1.4"
9MY_P=${P/_/-}
10DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
11HOMEPAGE="https://www.openssl.org/"
12SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
13 mirror://gentoo/${PATCH_SET}.tar.xz
14 https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
15 https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz"
16
17LICENSE="openssl"
18SLOT="0"
19KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
20IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
21# RESTRICT="!bindist? ( bindist )"
22
23RDEPEND=">=app-misc/c_rehash-1.7-r1
24 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
25 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
26 kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
27DEPEND="${RDEPEND}
28 >=dev-lang/perl-5
29 sctp? ( >=net-misc/lksctp-tools-1.0.12 )
30 test? (
31 sys-apps/diffutils
32 sys-devel/bc
33 )"
34PDEPEND="app-misc/ca-certificates"
35
36S="${WORKDIR}/${MY_P}"
37
38MULTILIB_WRAPPED_HEADERS=(
39 usr/include/openssl/opensslconf.h
40)
41
42src_prepare() {
43 # keep this in sync with app-misc/c_rehash
44 SSL_CNF_DIR="/etc/ssl"
45
46 # Make sure we only ever touch Makefile.org and avoid patching a file
47 # that gets blown away anyways by the Configure script in src_configure
48 rm -f Makefile
49
50 if ! use vanilla ; then
51 eapply "${WORKDIR}"/patch/*.patch
52 fi
53
54 eapply_user
55
56 # disable fips in the build
57 # make sure the man pages are suffixed #302165
58 # don't bother building man pages if they're disabled
59 sed -i \
60 -e '/DIRS/s: fips : :g' \
61 -e '/^MANSUFFIX/s:=.*:=ssl:' \
62 -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
63 -e $(has noman FEATURES \
64 && echo '/^install:/s:install_docs::' \
65 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
66 Makefile.org \
67 || die
68 # show the actual commands in the log
69 sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
70
71 # since we're forcing $(CC) as makedep anyway, just fix
72 # the conditional as always-on
73 # helps clang (#417795), and versioned gcc (#499818)
74 sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
75
76 # quiet out unknown driver argument warnings since openssl
77 # doesn't have well-split CFLAGS and we're making it even worse
78 # and 'make depend' uses -Werror for added fun (#417795 again)
79 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
80
81 # allow openssl to be cross-compiled
82 cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
83 chmod a+rx gentoo.config || die
84
85 append-flags -fno-strict-aliasing
86 append-flags $(test-flags-CC -Wa,--noexecstack)
87 append-cppflags -DOPENSSL_NO_BUF_FREELISTS
88
89 sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
90 # The config script does stupid stuff to prompt the user. Kill it.
91 sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
92 ./config --test-sanity || die "I AM NOT SANE"
93
94 multilib_copy_sources
95}
96
97multilib_src_configure() {
98 unset APPS #197996
99 unset SCRIPTS #312551
100 unset CROSS_COMPILE #311473
101
102 tc-export CC AR RANLIB RC
103
104 # Clean out patent-or-otherwise-encumbered code
105 # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
106 # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
107 # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
108 # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
109 # RC5: Expired https://en.wikipedia.org/wiki/RC5
110
111 use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
112 echoit() { echo "$@" ; "$@" ; }
113
114 local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
115
116 # See if our toolchain supports __uint128_t. If so, it's 64bit
117 # friendly and can use the nicely optimized code paths. #460790
118 local ec_nistp_64_gcc_128
119 # Disable it for now though #469976
120 #if ! use bindist ; then
121 # echo "__uint128_t i;" > "${T}"/128.c
122 # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
123 # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
124 # fi
125 #fi
126
127 # https://github.com/openssl/openssl/issues/2286
128 if use ia64 ; then
129 replace-flags -g3 -g2
130 replace-flags -ggdb3 -ggdb2
131 fi
132
133 local sslout=$(./gentoo.config)
134 einfo "Use configuration ${sslout:-(openssl knows best)}"
135 local config="Configure"
136 [[ -z ${sslout} ]] && config="config"
137
138 echoit \
139 ./${config} \
140 ${sslout} \
141 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
142 enable-camellia \
143 $(use_ssl !bindist ec) \
144 ${ec_nistp_64_gcc_128} \
145 enable-idea \
146 enable-mdc2 \
147 enable-rc5 \
148 enable-tlsext \
149 $(use_ssl asm) \
150 $(use_ssl gmp gmp -lgmp) \
151 $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
152 $(use_ssl rfc3779) \
153 $(use_ssl sctp) \
154 $(use_ssl sslv2 ssl2) \
155 $(use_ssl sslv3 ssl3) \
156 $(use_ssl tls-heartbeat heartbeats) \
157 $(use_ssl zlib) \
158 --prefix="${EPREFIX}"/usr \
159 --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
160 --libdir=$(get_libdir) \
161 shared threads \
162 || die
163
164 # Clean out hardcoded flags that openssl uses
165 local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
166 -e 's:^CFLAG=::' \
167 -e 's:-fomit-frame-pointer ::g' \
168 -e 's:-O[0-9] ::g' \
169 -e 's:-march=[-a-z0-9]* ::g' \
170 -e 's:-mcpu=[-a-z0-9]* ::g' \
171 -e 's:-m[a-z0-9]* ::g' \
172 )
173 sed -i \
174 -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
175 -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
176 Makefile || die
177}
178
179multilib_src_compile() {
180 # depend is needed to use $confopts; it also doesn't matter
181 # that it's -j1 as the code itself serializes subdirs
182 emake -j1 depend
183 emake all
184 # rehash is needed to prep the certs/ dir; do this
185 # separately to avoid parallel build issues.
186 emake rehash
187}
188
189multilib_src_test() {
190 emake -j1 test
191}
192
193multilib_src_install() {
194 emake INSTALL_PREFIX="${D}" install
195}
196
197multilib_src_install_all() {
198 # openssl installs perl version of c_rehash by default, but
199 # we provide a shell version via app-misc/c_rehash
200 rm "${ED}"/usr/bin/c_rehash || die
201
202 local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
203 einstalldocs
204
205 use rfc3779 && dodoc engines/ccgost/README.gost
206
207 # This is crappy in that the static archives are still built even
208 # when USE=static-libs. But this is due to a failing in the openssl
209 # build system: the static archives are built as PIC all the time.
210 # Only way around this would be to manually configure+compile openssl
211 # twice; once with shared lib support enabled and once without.
212 use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
213
214 # create the certs directory
215 dodir ${SSL_CNF_DIR}/certs
216 cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
217 rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
218
219 # Namespace openssl programs to prevent conflicts with other man pages
220 cd "${ED}"/usr/share/man
221 local m d s
222 for m in $(find . -type f | xargs grep -L '#include') ; do
223 d=${m%/*} ; d=${d#./} ; m=${m##*/}
224 [[ ${m} == openssl.1* ]] && continue
225 [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
226 mv ${d}/{,ssl-}${m}
227 # fix up references to renamed man pages
228 sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
229 ln -s ssl-${m} ${d}/openssl-${m}
230 # locate any symlinks that point to this man page ... we assume
231 # that any broken links are due to the above renaming
232 for s in $(find -L ${d} -type l) ; do
233 s=${s##*/}
234 rm -f ${d}/${s}
235 ln -s ssl-${m} ${d}/ssl-${s}
236 ln -s ssl-${s} ${d}/openssl-${s}
237 done
238 done
239 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
240
241 dodir /etc/sandbox.d #254521
242 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
243
244 diropts -m0700
245 keepdir ${SSL_CNF_DIR}/private
246}
247
248pkg_postinst() {
249 ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
250 c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
251 eend $?
252}
diff --git a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild b/dev-libs/openssl/openssl-1.0.2u.ebuild
index 7fb511c..be5a74d 100644
--- a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2u.ebuild
@@ -1,30 +1,52 @@
1# Copyright 1999-2018 Gentoo Authors 1# Copyright 1999-2020 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3 3
4EAPI="6" 4EAPI="7"
5 5
6inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal 6inherit flag-o-matic toolchain-funcs multilib multilib-minimal
7
8# openssl-1.0.2-patches-1.6 contain additional CVE patches
9# which got fixed with this release.
10# Please use 1.7 version number when rolling a new tarball!
11PATCH_SET="openssl-1.0.2-patches-1.5"
7 12
8PATCH_SET="openssl-1.0.2-patches-1.4"
9MY_P=${P/_/-} 13MY_P=${P/_/-}
14
15# This patch set is based on the following files from Fedora 25,
16# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
17# for more details:
18# - hobble-openssl (SOURCE1)
19# - ec_curve.c (SOURCE12) -- MODIFIED
20# - ectest.c (SOURCE13)
21# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
22BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
23
10DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" 24DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
11HOMEPAGE="https://www.openssl.org/" 25HOMEPAGE="https://www.openssl.org/"
12SRC_URI="mirror://openssl/source/${MY_P}.tar.gz 26SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
13 mirror://gentoo/${PATCH_SET}.tar.xz 27 bindist? (
14 https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz 28 mirror://gentoo/${BINDIST_PATCH_SET}
15 https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" 29 https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
30 )
31 !vanilla? (
32 mirror://gentoo/${PATCH_SET}.tar.xz
33 https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
34 https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
35 https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
36 )"
16 37
17LICENSE="openssl" 38LICENSE="openssl"
18SLOT="0" 39SLOT="0"
19KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" 40KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
20IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" 41IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
21# RESTRICT="!bindist? ( bindist )" 42RESTRICT="!test? ( test )"
22 43
23RDEPEND=">=app-misc/c_rehash-1.7-r1 44RDEPEND=">=app-misc/c_rehash-1.7-r1
24 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) 45 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
25 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) 46 kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
26 kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" 47 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
27DEPEND="${RDEPEND} 48DEPEND="${RDEPEND}"
49BDEPEND="
28 >=dev-lang/perl-5 50 >=dev-lang/perl-5
29 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) 51 sctp? ( >=net-misc/lksctp-tools-1.0.12 )
30 test? ( 52 test? (
@@ -33,28 +55,6 @@ DEPEND="${RDEPEND}
33 )" 55 )"
34PDEPEND="app-misc/ca-certificates" 56PDEPEND="app-misc/ca-certificates"
35 57
36# This does not copy the entire Fedora patchset, but JUST the parts that
37# are needed to make it safe to use EC with RESTRICT=bindist.
38# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
39SOURCE1=hobble-openssl
40SOURCE12=ec_curve.c
41SOURCE13=ectest.c
42# These are ported instead
43#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
44#PATCH37=openssl-1.1.0-ec-curves.patch
45FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
46FEDORA_GIT_BRANCH='f25'
47FEDORA_SRC_URI=()
48FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
49FEDORA_PATCH=( $PATCH1 $PATCH37 )
50for i in "${FEDORA_SOURCE[@]}" ; do
51 FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
52done
53for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
54 FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
55done
56SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
57
58S="${WORKDIR}/${MY_P}" 58S="${WORKDIR}/${MY_P}"
59 59
60MULTILIB_WRAPPED_HEADERS=( 60MULTILIB_WRAPPED_HEADERS=(
@@ -63,18 +63,14 @@ MULTILIB_WRAPPED_HEADERS=(
63 63
64src_prepare() { 64src_prepare() {
65 if use bindist; then 65 if use bindist; then
66 # This just removes the prefix, and puts it into WORKDIR like the RPM. 66 mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
67 for i in "${FEDORA_SOURCE[@]}" ; do 67 bash "${WORKDIR}"/hobble-openssl || die
68 cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die 68
69 done 69 cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
70 # .spec %prep 70 cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
71 bash "${WORKDIR}"/"${SOURCE1}" || die 71
72 cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die 72 eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
73 cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1 73
74 for i in "${FEDORA_PATCH[@]}" ; do
75 eapply "${DISTDIR}"/"${i}"
76 done
77 eapply "${FILESDIR}"/openssl-1.0.2o-hobble-ecc.patch
78 # Also see the configure parts below: 74 # Also see the configure parts below:
79 # enable-ec \ 75 # enable-ec \
80 # $(use_ssl !bindist ec2m) \ 76 # $(use_ssl !bindist ec2m) \
@@ -90,7 +86,6 @@ src_prepare() {
90 86
91 if ! use vanilla ; then 87 if ! use vanilla ; then
92 eapply "${WORKDIR}"/patch/*.patch 88 eapply "${WORKDIR}"/patch/*.patch
93 eapply "${FILESDIR}"/${P}-CVE-2018-0732.patch
94 fi 89 fi
95 90
96 eapply_user 91 eapply_user
@@ -113,7 +108,8 @@ src_prepare() {
113 # since we're forcing $(CC) as makedep anyway, just fix 108 # since we're forcing $(CC) as makedep anyway, just fix
114 # the conditional as always-on 109 # the conditional as always-on
115 # helps clang (#417795), and versioned gcc (#499818) 110 # helps clang (#417795), and versioned gcc (#499818)
116 sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die 111 # this breaks build with 1.0.2p, not sure if it is needed anymore
112 #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
117 113
118 # quiet out unknown driver argument warnings since openssl 114 # quiet out unknown driver argument warnings since openssl
119 # doesn't have well-split CFLAGS and we're making it even worse 115 # doesn't have well-split CFLAGS and we're making it even worse
@@ -178,7 +174,9 @@ multilib_src_configure() {
178 [[ -z ${sslout} ]] && config="config" 174 [[ -z ${sslout} ]] && config="config"
179 175
180 # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' 176 # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
181 echoit \ 177 # Make sure user flags don't get added *yet* to avoid duplicated
178 # flags.
179 CFLAGS= LDFLAGS= echoit \
182 ./${config} \ 180 ./${config} \
183 ${sslout} \ 181 ${sslout} \
184 $(use cpu_flags_x86_sse2 || echo "no-sse2") \ 182 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
@@ -207,24 +205,30 @@ multilib_src_configure() {
207 || die 205 || die
208 206
209 # Clean out hardcoded flags that openssl uses 207 # Clean out hardcoded flags that openssl uses
210 local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ 208 local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
211 -e 's:^CFLAG=::' \ 209 -e 's:^CFLAG=::' \
212 -e 's:-fomit-frame-pointer ::g' \ 210 -e 's:\(^\| \)-fomit-frame-pointer::g' \
213 -e 's:-O[0-9] ::g' \ 211 -e 's:\(^\| \)-O[^ ]*::g' \
214 -e 's:-march=[-a-z0-9]* ::g' \ 212 -e 's:\(^\| \)-march=[^ ]*::g' \
215 -e 's:-mcpu=[-a-z0-9]* ::g' \ 213 -e 's:\(^\| \)-mcpu=[^ ]*::g' \
216 -e 's:-m[a-z0-9]* ::g' \ 214 -e 's:\(^\| \)-m[^ ]*::g' \
215 -e 's:^ *::' \
216 -e 's: *$::' \
217 -e 's: \+: :g' \
218 -e 's:\\:\\\\:g'
217 ) 219 )
220
221 # Now insert clean default flags with user flags
218 sed -i \ 222 sed -i \
219 -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ 223 -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
220 -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ 224 -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
221 Makefile || die 225 Makefile || die
222} 226}
223 227
224multilib_src_compile() { 228multilib_src_compile() {
225 # depend is needed to use $confopts; it also doesn't matter 229 # depend is needed to use $confopts; it also doesn't matter
226 # that it's -j1 as the code itself serializes subdirs 230 # that it's -j1 as the code itself serializes subdirs
227 emake -j1 depend 231 emake -j1 V=1 depend
228 emake all 232 emake all
229 # rehash is needed to prep the certs/ dir; do this 233 # rehash is needed to prep the certs/ dir; do this
230 # separately to avoid parallel build issues. 234 # separately to avoid parallel build issues.
@@ -236,6 +240,12 @@ multilib_src_test() {
236} 240}
237 241
238multilib_src_install() { 242multilib_src_install() {
243 # We need to create $ED/usr on our own to avoid a race condition #665130
244 if [[ ! -d "${ED}/usr" ]]; then
245 # We can only create this directory once
246 mkdir "${ED}"/usr || die
247 fi
248
239 emake INSTALL_PREFIX="${D}" install 249 emake INSTALL_PREFIX="${D}" install
240} 250}
241 251
@@ -291,7 +301,7 @@ multilib_src_install_all() {
291} 301}
292 302
293pkg_postinst() { 303pkg_postinst() {
294 ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" 304 ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
295 c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null 305 c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
296 eend $? 306 eend $?
297} 307}
diff --git a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild b/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
deleted file mode 100644
index 90ae90f..0000000
--- a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
+++ /dev/null
@@ -1,284 +0,0 @@
1# Copyright 1999-2018 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2
3
4EAPI="6"
5
6inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
7
8MY_P=${P/_/-}
9DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
10HOMEPAGE="http://www.openssl.org/"
11SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
12
13LICENSE="openssl"
14SLOT="0/1.1" # .so version of libssl/libcrypto
15KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
16IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
17# RESTRICT="!bindist? ( bindist )"
18
19RDEPEND=">=app-misc/c_rehash-1.7-r1
20 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
21DEPEND="${RDEPEND}
22 >=dev-lang/perl-5
23 sctp? ( >=net-misc/lksctp-tools-1.0.12 )
24 test? (
25 sys-apps/diffutils
26 sys-devel/bc
27 )"
28PDEPEND="app-misc/ca-certificates"
29
30# This does not copy the entire Fedora patchset, but JUST the parts that
31# are needed to make it safe to use EC with RESTRICT=bindist.
32# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
33SOURCE1=hobble-openssl
34SOURCE12=ec_curve.c
35SOURCE13=ectest.c
36PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
37PATCH37=openssl-1.1.0-ec-curves.patch
38FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
39FEDORA_GIT_BRANCH='f27'
40FEDORA_SRC_URI=()
41FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
42FEDORA_PATCH=( $PATCH1 $PATCH37 )
43for i in "${FEDORA_SOURCE[@]}" ; do
44 FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
45done
46for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
47 FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
48done
49SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
50
51S="${WORKDIR}/${MY_P}"
52
53MULTILIB_WRAPPED_HEADERS=(
54 usr/include/openssl/opensslconf.h
55)
56
57PATCHES=(
58 "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
59 "${FILESDIR}"/${PN}-1.1.0g-CVE-2017-3738.patch
60)
61
62src_prepare() {
63 if use bindist; then
64 # This just removes the prefix, and puts it into WORKDIR like the RPM.
65 for i in "${FEDORA_SOURCE[@]}" ; do
66 cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
67 done
68 # .spec %prep
69 bash "${WORKDIR}"/"${SOURCE1}" || die
70 cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
71 cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
72 for i in "${FEDORA_PATCH[@]}" ; do
73 epatch "${DISTDIR}"/"${i}"
74 done
75 # Also see the configure parts below:
76 # enable-ec \
77 # $(use_ssl !bindist ec2m) \
78
79 fi
80 # keep this in sync with app-misc/c_rehash
81 SSL_CNF_DIR="/etc/ssl"
82
83 # Make sure we only ever touch Makefile.org and avoid patching a file
84 # that gets blown away anyways by the Configure script in src_configure
85 rm -f Makefile
86
87 if ! use vanilla ; then
88 epatch "${PATCHES[@]}"
89 fi
90
91 eapply_user #332661
92
93 # make sure the man pages are suffixed #302165
94 # don't bother building man pages if they're disabled
95 # Make DOCDIR Gentoo compliant
96 sed -i \
97 -e '/^MANSUFFIX/s:=.*:=ssl:' \
98 -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
99 -e $(has noman FEATURES \
100 && echo '/^install:/s:install_docs::' \
101 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
102 -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
103 Configurations/unix-Makefile.tmpl \
104 || die
105
106 # show the actual commands in the log
107 sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
108
109 # quiet out unknown driver argument warnings since openssl
110 # doesn't have well-split CFLAGS and we're making it even worse
111 # and 'make depend' uses -Werror for added fun (#417795 again)
112 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
113
114 # allow openssl to be cross-compiled
115 cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
116 chmod a+rx gentoo.config
117
118 append-flags -fno-strict-aliasing
119 append-flags $(test-flags-CC -Wa,--noexecstack)
120 append-cppflags -DOPENSSL_NO_BUF_FREELISTS
121
122 # Prefixify Configure shebang (#141906)
123 sed \
124 -e "1s,/usr/bin/env,${EPREFIX}&," \
125 -i Configure || die
126 # Remove test target when FEATURES=test isn't set
127 if ! use test ; then
128 sed \
129 -e '/^$config{dirs}/s@ "test",@@' \
130 -i Configure || die
131 fi
132 # The config script does stupid stuff to prompt the user. Kill it.
133 sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
134 ./config --test-sanity || die "I AM NOT SANE"
135
136 multilib_copy_sources
137}
138
139multilib_src_configure() {
140 unset APPS #197996
141 unset SCRIPTS #312551
142 unset CROSS_COMPILE #311473
143
144 tc-export CC AR RANLIB RC
145
146 # Clean out patent-or-otherwise-encumbered code
147 # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
148 # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
149 # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
150 # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
151 # RC5: Expired http://en.wikipedia.org/wiki/RC5
152
153 use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
154 echoit() { echo "$@" ; "$@" ; }
155
156 local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
157
158 # See if our toolchain supports __uint128_t. If so, it's 64bit
159 # friendly and can use the nicely optimized code paths. #460790
160 local ec_nistp_64_gcc_128
161 # Disable it for now though #469976
162 #if ! use bindist ; then
163 # echo "__uint128_t i;" > "${T}"/128.c
164 # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
165 # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
166 # fi
167 #fi
168
169 local sslout=$(./gentoo.config)
170 einfo "Use configuration ${sslout:-(openssl knows best)}"
171 local config="Configure"
172 [[ -z ${sslout} ]] && config="config"
173
174 # Fedora hobbled-EC needs 'no-ec2m'
175 # 'srp' was restricted until early 2017 as well.
176 echoit \
177 ./${config} \
178 ${sslout} \
179 --api=1.0.0 \
180 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
181 enable-camellia \
182 disable-deprecated \
183 enable-ec \
184 $(use_ssl !bindist ec2m) \
185 enable-srp \
186 $(use elibc_musl && echo "no-async") \
187 ${ec_nistp_64_gcc_128} \
188 enable-idea \
189 enable-mdc2 \
190 enable-rc5 \
191 $(use_ssl asm) \
192 $(use_ssl rfc3779) \
193 $(use_ssl sctp) \
194 $(use_ssl tls-heartbeat heartbeats) \
195 $(use_ssl zlib) \
196 --prefix="${EPREFIX}"/usr \
197 --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
198 --libdir=$(get_libdir) \
199 shared threads \
200 || die
201
202 # Clean out hardcoded flags that openssl uses
203 # Fix quoting for sed
204 local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
205 -e 's:^CFLAGS=::' \
206 -e 's:-fomit-frame-pointer ::g' \
207 -e 's:-O[0-9] ::g' \
208 -e 's:-march=[-a-z0-9]* ::g' \
209 -e 's:-mcpu=[-a-z0-9]* ::g' \
210 -e 's:-m[a-z0-9]* ::g' \
211 -e 's:\\:\\\\:g' \
212 )
213 sed -i \
214 -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
215 -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
216 Makefile || die
217}
218
219multilib_src_compile() {
220 # depend is needed to use $confopts; it also doesn't matter
221 # that it's -j1 as the code itself serializes subdirs
222 emake -j1 depend
223 emake all
224}
225
226multilib_src_test() {
227 emake -j1 test
228}
229
230multilib_src_install() {
231 emake DESTDIR="${D}" install
232}
233
234multilib_src_install_all() {
235 # openssl installs perl version of c_rehash by default, but
236 # we provide a shell version via app-misc/c_rehash
237 rm "${ED}"/usr/bin/c_rehash || die
238
239 dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
240
241 # This is crappy in that the static archives are still built even
242 # when USE=static-libs. But this is due to a failing in the openssl
243 # build system: the static archives are built as PIC all the time.
244 # Only way around this would be to manually configure+compile openssl
245 # twice; once with shared lib support enabled and once without.
246 use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
247
248 # create the certs directory
249 keepdir ${SSL_CNF_DIR}/certs
250
251 # Namespace openssl programs to prevent conflicts with other man pages
252 cd "${ED}"/usr/share/man
253 local m d s
254 for m in $(find . -type f | xargs grep -L '#include') ; do
255 d=${m%/*} ; d=${d#./} ; m=${m##*/}
256 [[ ${m} == openssl.1* ]] && continue
257 [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
258 mv ${d}/{,ssl-}${m}
259 # fix up references to renamed man pages
260 sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
261 ln -s ssl-${m} ${d}/openssl-${m}
262 # locate any symlinks that point to this man page ... we assume
263 # that any broken links are due to the above renaming
264 for s in $(find -L ${d} -type l) ; do
265 s=${s##*/}
266 rm -f ${d}/${s}
267 ln -s ssl-${m} ${d}/ssl-${s}
268 ln -s ssl-${s} ${d}/openssl-${s}
269 done
270 done
271 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
272
273 dodir /etc/sandbox.d #254521
274 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
275
276 diropts -m0700
277 keepdir ${SSL_CNF_DIR}/private
278}
279
280pkg_postinst() {
281 ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
282 c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
283 eend $?
284}
diff --git a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild
index 3228201..49c2bcd 100644
--- a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0l.ebuild
@@ -1,24 +1,39 @@
1# Copyright 1999-2018 Gentoo Authors 1# Copyright 1999-2019 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3 3
4EAPI="6" 4EAPI="7"
5 5
6inherit flag-o-matic toolchain-funcs multilib multilib-minimal 6inherit flag-o-matic toolchain-funcs multilib multilib-minimal
7 7
8MY_P=${P/_/-} 8MY_P=${P/_/-}
9
10# This patch set is based on the following files from Fedora 28,
11# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec
12# for more details:
13# - hobble-openssl (SOURCE1)
14# - ec_curve.c (SOURCE12) -- MODIFIED
15# - ectest.c (SOURCE13)
16# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED
17BINDIST_PATCH_SET="openssl-1.1.0l-bindist-1.0.tar.xz"
18
9DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" 19DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
10HOMEPAGE="https://www.openssl.org/" 20HOMEPAGE="https://www.openssl.org/"
11SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" 21SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
22 bindist? (
23 mirror://gentoo/${BINDIST_PATCH_SET}
24 https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
25 )"
12 26
13LICENSE="openssl" 27LICENSE="openssl"
14SLOT="0/1.1" # .so version of libssl/libcrypto 28SLOT="0/1.1" # .so version of libssl/libcrypto
15KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" 29KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
16IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" 30IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
17# RESTRICT="!bindist? ( bindist )" 31RESTRICT="!test? ( test )"
18 32
19RDEPEND=">=app-misc/c_rehash-1.7-r1 33RDEPEND=">=app-misc/c_rehash-1.7-r1
20 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" 34 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
21DEPEND="${RDEPEND} 35DEPEND="${RDEPEND}"
36BDEPEND="
22 >=dev-lang/perl-5 37 >=dev-lang/perl-5
23 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) 38 sctp? ( >=net-misc/lksctp-tools-1.0.12 )
24 test? ( 39 test? (
@@ -27,26 +42,11 @@ DEPEND="${RDEPEND}
27 )" 42 )"
28PDEPEND="app-misc/ca-certificates" 43PDEPEND="app-misc/ca-certificates"
29 44
30# This does not copy the entire Fedora patchset, but JUST the parts that 45PATCHES=(
31# are needed to make it safe to use EC with RESTRICT=bindist. 46 "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
32# See openssl.spec for the matching numbering of SourceNNN, PatchNNN 47 "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
33SOURCE1=hobble-openssl 48 "${FILESDIR}"/${PN}-1.1.0k-fix-test_fuzz.patch
34SOURCE12=ec_curve.c 49)
35SOURCE13=ectest.c
36PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
37PATCH37=openssl-1.1.0-ec-curves.patch
38FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
39FEDORA_GIT_BRANCH='f27'
40FEDORA_SRC_URI=()
41FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
42FEDORA_PATCH=( $PATCH1 $PATCH37 )
43for i in "${FEDORA_SOURCE[@]}" ; do
44 FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
45done
46for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
47 FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
48done
49SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
50 50
51S="${WORKDIR}/${MY_P}" 51S="${WORKDIR}/${MY_P}"
52 52
@@ -54,30 +54,31 @@ MULTILIB_WRAPPED_HEADERS=(
54 usr/include/openssl/opensslconf.h 54 usr/include/openssl/opensslconf.h
55) 55)
56 56
57PATCHES=(
58 "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
59 "${FILESDIR}"/${P}-CVE-2018-0737.patch
60 "${FILESDIR}"/${P}-CVE-2018-0732.patch
61)
62
63src_prepare() { 57src_prepare() {
64 if use bindist; then 58 if use bindist; then
65 # This just removes the prefix, and puts it into WORKDIR like the RPM. 59 mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
66 for i in "${FEDORA_SOURCE[@]}" ; do 60 bash "${WORKDIR}"/hobble-openssl || die
67 cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die 61
68 done 62 cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
69 # .spec %prep 63 cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
70 bash "${WORKDIR}"/"${SOURCE1}" || die 64
71 cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die 65 eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
72 cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die 66
73 for i in "${FEDORA_PATCH[@]}" ; do 67 local known_failing_test
74 eapply "${DISTDIR}"/"${i}" 68 for known_failing_test in \
69 30-test_evp_extra.t \
70 80-test_ssl_new.t \
71 ; do
72 ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
73 rm test/recipes/${known_failing_test} || die
74 eend $?
75 done 75 done
76
76 # Also see the configure parts below: 77 # Also see the configure parts below:
77 # enable-ec \ 78 # enable-ec \
78 # $(use_ssl !bindist ec2m) \ 79 # $(use_ssl !bindist ec2m) \
79
80 fi 80 fi
81
81 # keep this in sync with app-misc/c_rehash 82 # keep this in sync with app-misc/c_rehash
82 SSL_CNF_DIR="/etc/ssl" 83 SSL_CNF_DIR="/etc/ssl"
83 84
@@ -86,7 +87,11 @@ src_prepare() {
86 rm -f Makefile 87 rm -f Makefile
87 88
88 if ! use vanilla ; then 89 if ! use vanilla ; then
89 eapply "${PATCHES[@]}" 90 if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
91 [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
92 fi
93
94 use bindist || eapply "${FILESDIR}"/${PN}-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch
90 fi 95 fi
91 96
92 eapply_user #332661 97 eapply_user #332661
@@ -100,7 +105,7 @@ src_prepare() {
100 -e $(has noman FEATURES \ 105 -e $(has noman FEATURES \
101 && echo '/^install:/s:install_docs::' \ 106 && echo '/^install:/s:install_docs::' \
102 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ 107 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
103 -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ 108 -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
104 Configurations/unix-Makefile.tmpl \ 109 Configurations/unix-Makefile.tmpl \
105 || die 110 || die
106 111
@@ -176,7 +181,9 @@ multilib_src_configure() {
176 # 'srp' was restricted until early 2017 as well. 181 # 'srp' was restricted until early 2017 as well.
177 # "disable-deprecated" option breaks too many consumers. 182 # "disable-deprecated" option breaks too many consumers.
178 # Don't set it without thorough revdeps testing. 183 # Don't set it without thorough revdeps testing.
179 echoit \ 184 # Make sure user flags don't get added *yet* to avoid duplicated
185 # flags.
186 CFLAGS= LDFLAGS= echoit \
180 ./${config} \ 187 ./${config} \
181 ${sslout} \ 188 ${sslout} \
182 $(use cpu_flags_x86_sse2 || echo "no-sse2") \ 189 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
@@ -189,6 +196,8 @@ multilib_src_configure() {
189 enable-idea \ 196 enable-idea \
190 enable-mdc2 \ 197 enable-mdc2 \
191 enable-rc5 \ 198 enable-rc5 \
199 $(use_ssl sslv3 ssl3) \
200 $(use_ssl sslv3 ssl3-method) \
192 $(use_ssl asm) \ 201 $(use_ssl asm) \
193 $(use_ssl rfc3779) \ 202 $(use_ssl rfc3779) \
194 $(use_ssl sctp) \ 203 $(use_ssl sctp) \
@@ -201,16 +210,20 @@ multilib_src_configure() {
201 || die 210 || die
202 211
203 # Clean out hardcoded flags that openssl uses 212 # Clean out hardcoded flags that openssl uses
204 # Fix quoting for sed
205 local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ 213 local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
206 -e 's:^CFLAGS=::' \ 214 -e 's:^CFLAGS=::' \
207 -e 's:-fomit-frame-pointer ::g' \ 215 -e 's:\(^\| \)-fomit-frame-pointer::g' \
208 -e 's:-O[0-9] ::g' \ 216 -e 's:\(^\| \)-O[^ ]*::g' \
209 -e 's:-march=[-a-z0-9]* ::g' \ 217 -e 's:\(^\| \)-march=[^ ]*::g' \
210 -e 's:-mcpu=[-a-z0-9]* ::g' \ 218 -e 's:\(^\| \)-mcpu=[^ ]*::g' \
211 -e 's:-m[a-z0-9]* ::g' \ 219 -e 's:\(^\| \)-m[^ ]*::g' \
212 -e 's:\\:\\\\:g' \ 220 -e 's:^ *::' \
221 -e 's: *$::' \
222 -e 's: \+: :g' \
223 -e 's:\\:\\\\:g'
213 ) 224 )
225
226 # Now insert clean default flags with user flags
214 sed -i \ 227 sed -i \
215 -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ 228 -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
216 -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ 229 -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
@@ -229,13 +242,19 @@ multilib_src_test() {
229} 242}
230 243
231multilib_src_install() { 244multilib_src_install() {
245 # We need to create $ED/usr on our own to avoid a race condition #665130
246 if [[ ! -d "${ED}/usr" ]]; then
247 # We can only create this directory once
248 mkdir "${ED}"/usr || die
249 fi
250
232 emake DESTDIR="${D}" install 251 emake DESTDIR="${D}" install
233} 252}
234 253
235multilib_src_install_all() { 254multilib_src_install_all() {
236 # openssl installs perl version of c_rehash by default, but 255 # openssl installs perl version of c_rehash by default, but
237 # we provide a shell version via app-misc/c_rehash 256 # we provide a shell version via app-misc/c_rehash
238 rm "${ED%/}"/usr/bin/c_rehash || die 257 rm "${ED}"/usr/bin/c_rehash || die
239 258
240 dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el 259 dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
241 260
@@ -244,13 +263,13 @@ multilib_src_install_all() {
244 # build system: the static archives are built as PIC all the time. 263 # build system: the static archives are built as PIC all the time.
245 # Only way around this would be to manually configure+compile openssl 264 # Only way around this would be to manually configure+compile openssl
246 # twice; once with shared lib support enabled and once without. 265 # twice; once with shared lib support enabled and once without.
247 use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a 266 use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
248 267
249 # create the certs directory 268 # create the certs directory
250 keepdir ${SSL_CNF_DIR}/certs 269 keepdir ${SSL_CNF_DIR}/certs
251 270
252 # Namespace openssl programs to prevent conflicts with other man pages 271 # Namespace openssl programs to prevent conflicts with other man pages
253 cd "${ED%/}"/usr/share/man || die 272 cd "${ED}"/usr/share/man || die
254 local m d s 273 local m d s
255 for m in $(find . -type f | xargs grep -L '#include') ; do 274 for m in $(find . -type f | xargs grep -L '#include') ; do
256 d=${m%/*} ; d=${d#./} ; m=${m##*/} 275 d=${m%/*} ; d=${d#./} ; m=${m##*/}
@@ -273,14 +292,14 @@ multilib_src_install_all() {
273 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" 292 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
274 293
275 dodir /etc/sandbox.d #254521 294 dodir /etc/sandbox.d #254521
276 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl 295 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
277 296
278 diropts -m0700 297 diropts -m0700
279 keepdir ${SSL_CNF_DIR}/private 298 keepdir ${SSL_CNF_DIR}/private
280} 299}
281 300
282pkg_postinst() { 301pkg_postinst() {
283 ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" 302 ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
284 c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null 303 c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
285 eend $? 304 eend $?
286} 305}
diff --git a/dev-libs/openssl/openssl-1.1.1_pre7-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
index eebb47a..2ad3769 100644
--- a/dev-libs/openssl/openssl-1.1.1_pre7-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
@@ -1,45 +1,108 @@
1# Copyright 1999-2018 Gentoo Authors 1# Copyright 1999-2019 Gentoo Authors
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3 3
4EAPI="6" 4EAPI="7"
5 5
6inherit flag-o-matic toolchain-funcs multilib multilib-minimal 6inherit flag-o-matic toolchain-funcs multilib multilib-minimal
7 7
8MY_P=${P/_/-} 8MY_P=${P/_/-}
9
10# This patch set is based on the following files from Fedora 31,
11# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
12# for more details:
13# - hobble-openssl (SOURCE1)
14# - ec_curve.c (SOURCE12) -- MODIFIED
15# - ectest.c (SOURCE13)
16# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
17BINDIST_PATCH_SET="openssl-1.1.1d-bindist-1.0.tar.xz"
18
9DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" 19DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
10HOMEPAGE="https://www.openssl.org/" 20HOMEPAGE="https://www.openssl.org/"
11SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" 21SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
22 bindist? (
23 mirror://gentoo/${BINDIST_PATCH_SET}
24 https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
25 )"
12 26
13LICENSE="openssl" 27LICENSE="openssl"
14SLOT="0/1.1" # .so version of libssl/libcrypto 28SLOT="0/1.1" # .so version of libssl/libcrypto
15[[ "${PV}" = *_pre* ]] || \ 29[[ "${PV}" = *_pre* ]] || \
16KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" 30KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
17IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" 31IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
18# RESTRICT="!bindist? ( bindist )" 32RESTRICT="!test? ( test )"
19 33
20RDEPEND=">=app-misc/c_rehash-1.7-r1 34RDEPEND=">=app-misc/c_rehash-1.7-r1
21 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" 35 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
22DEPEND="${RDEPEND} 36DEPEND="${RDEPEND}"
37BDEPEND="
23 >=dev-lang/perl-5 38 >=dev-lang/perl-5
24 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) 39 sctp? ( >=net-misc/lksctp-tools-1.0.12 )
25 test? ( 40 test? (
26 sys-apps/diffutils 41 sys-apps/diffutils
27 sys-devel/bc 42 sys-devel/bc
43 sys-process/procps
28 )" 44 )"
29PDEPEND="app-misc/ca-certificates" 45PDEPEND="app-misc/ca-certificates"
30 46
47PATCHES=(
48 "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
49 "${FILESDIR}"/${P}-fix-zlib.patch
50 "${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
51 "${FILESDIR}"/${P}-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
52)
53
31S="${WORKDIR}/${MY_P}" 54S="${WORKDIR}/${MY_P}"
32 55
56# force upgrade to prevent broken login, bug 696950
57RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
58
33MULTILIB_WRAPPED_HEADERS=( 59MULTILIB_WRAPPED_HEADERS=(
34 usr/include/openssl/opensslconf.h 60 usr/include/openssl/opensslconf.h
35) 61)
36 62
37PATCHES=( 63pkg_setup() {
38 "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 64 [[ ${MERGE_TYPE} == binary ]] && return
39 "${FILESDIR}"/${P}-CVE-2018-0732.patch 65
40) 66 # must check in pkg_setup; sysctl don't work with userpriv!
67 if has test ${FEATURES} && use sctp; then
68 # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
69 # if sctp.auth_enable is not enabled.
70 local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
71 if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
72 die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
73 fi
74 fi
75}
41 76
42src_prepare() { 77src_prepare() {
78 # allow openssl to be cross-compiled
79 cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
80 chmod a+rx gentoo.config || die
81
82 if use bindist; then
83 mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
84 bash "${WORKDIR}"/hobble-openssl || die
85
86 cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
87 cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
88
89 eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
90
91 local known_failing_test
92 for known_failing_test in \
93 30-test_evp_extra.t \
94 80-test_ssl_new.t \
95 ; do
96 ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
97 rm test/recipes/${known_failing_test} || die
98 eend $?
99 done
100
101 # Also see the configure parts below:
102 # enable-ec \
103 # $(use_ssl !bindist ec2m) \
104 fi
105
43 # keep this in sync with app-misc/c_rehash 106 # keep this in sync with app-misc/c_rehash
44 SSL_CNF_DIR="/etc/ssl" 107 SSL_CNF_DIR="/etc/ssl"
45 108
@@ -48,11 +111,19 @@ src_prepare() {
48 rm -f Makefile 111 rm -f Makefile
49 112
50 if ! use vanilla ; then 113 if ! use vanilla ; then
51 eapply "${PATCHES[@]}" 114 if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
115 [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
116 fi
52 fi 117 fi
53 118
54 eapply_user #332661 119 eapply_user #332661
55 120
121 if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
122 ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
123 rm test/recipes/80-test_ssl_new.t || die
124 eend $?
125 fi
126
56 # make sure the man pages are suffixed #302165 127 # make sure the man pages are suffixed #302165
57 # don't bother building man pages if they're disabled 128 # don't bother building man pages if they're disabled
58 # Make DOCDIR Gentoo compliant 129 # Make DOCDIR Gentoo compliant
@@ -62,7 +133,7 @@ src_prepare() {
62 -e $(has noman FEATURES \ 133 -e $(has noman FEATURES \
63 && echo '/^install:/s:install_docs::' \ 134 && echo '/^install:/s:install_docs::' \
64 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ 135 || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
65 -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ 136 -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
66 Configurations/unix-Makefile.tmpl \ 137 Configurations/unix-Makefile.tmpl \
67 || die 138 || die
68 139
@@ -71,10 +142,6 @@ src_prepare() {
71 # and 'make depend' uses -Werror for added fun (#417795 again) 142 # and 'make depend' uses -Werror for added fun (#417795 again)
72 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments 143 [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
73 144
74 # allow openssl to be cross-compiled
75 cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
76 chmod a+rx gentoo.config || die
77
78 append-flags -fno-strict-aliasing 145 append-flags -fno-strict-aliasing
79 append-flags $(test-flags-CC -Wa,--noexecstack) 146 append-flags $(test-flags-CC -Wa,--noexecstack)
80 append-cppflags -DOPENSSL_NO_BUF_FREELISTS 147 append-cppflags -DOPENSSL_NO_BUF_FREELISTS
@@ -131,21 +198,27 @@ multilib_src_configure() {
131 local config="Configure" 198 local config="Configure"
132 [[ -z ${sslout} ]] && config="config" 199 [[ -z ${sslout} ]] && config="config"
133 200
201 # Fedora hobbled-EC needs 'no-ec2m'
134 # 'srp' was restricted until early 2017 as well. 202 # 'srp' was restricted until early 2017 as well.
135 # "disable-deprecated" option breaks too many consumers. 203 # "disable-deprecated" option breaks too many consumers.
136 # Don't set it without thorough revdeps testing. 204 # Don't set it without thorough revdeps testing.
137 echoit \ 205 # Make sure user flags don't get added *yet* to avoid duplicated
206 # flags.
207 CFLAGS= LDFLAGS= echoit \
138 ./${config} \ 208 ./${config} \
139 ${sslout} \ 209 ${sslout} \
140 $(use cpu_flags_x86_sse2 || echo "no-sse2") \ 210 $(use cpu_flags_x86_sse2 || echo "no-sse2") \
141 enable-camellia \ 211 enable-camellia \
142 $(use_ssl !bindist ec) \ 212 enable-ec \
143 $(use_ssl !bindist srp) \ 213 $(use_ssl !bindist ec2m) \
214 enable-srp \
144 $(use elibc_musl && echo "no-async") \ 215 $(use elibc_musl && echo "no-async") \
145 ${ec_nistp_64_gcc_128} \ 216 ${ec_nistp_64_gcc_128} \
146 enable-idea \ 217 enable-idea \
147 enable-mdc2 \ 218 enable-mdc2 \
148 enable-rc5 \ 219 enable-rc5 \
220 $(use_ssl sslv3 ssl3) \
221 $(use_ssl sslv3 ssl3-method) \
149 $(use_ssl asm) \ 222 $(use_ssl asm) \
150 $(use_ssl rfc3779) \ 223 $(use_ssl rfc3779) \
151 $(use_ssl sctp) \ 224 $(use_ssl sctp) \
@@ -158,16 +231,20 @@ multilib_src_configure() {
158 || die 231 || die
159 232
160 # Clean out hardcoded flags that openssl uses 233 # Clean out hardcoded flags that openssl uses
161 # Fix quoting for sed
162 local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ 234 local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
163 -e 's:^CFLAGS=::' \ 235 -e 's:^CFLAGS=::' \
164 -e 's:-fomit-frame-pointer ::g' \ 236 -e 's:\(^\| \)-fomit-frame-pointer::g' \
165 -e 's:-O[0-9] ::g' \ 237 -e 's:\(^\| \)-O[^ ]*::g' \
166 -e 's:-march=[-a-z0-9]* ::g' \ 238 -e 's:\(^\| \)-march=[^ ]*::g' \
167 -e 's:-mcpu=[-a-z0-9]* ::g' \ 239 -e 's:\(^\| \)-mcpu=[^ ]*::g' \
168 -e 's:-m[a-z0-9]* ::g' \ 240 -e 's:\(^\| \)-m[^ ]*::g' \
169 -e 's:\\:\\\\:g' \ 241 -e 's:^ *::' \
242 -e 's: *$::' \
243 -e 's: \+: :g' \
244 -e 's:\\:\\\\:g'
170 ) 245 )
246
247 # Now insert clean default flags with user flags
171 sed -i \ 248 sed -i \
172 -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ 249 -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
173 -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ 250 -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
@@ -186,13 +263,19 @@ multilib_src_test() {
186} 263}
187 264
188multilib_src_install() { 265multilib_src_install() {
266 # We need to create $ED/usr on our own to avoid a race condition #665130
267 if [[ ! -d "${ED}/usr" ]]; then
268 # We can only create this directory once
269 mkdir "${ED}"/usr || die
270 fi
271
189 emake DESTDIR="${D}" install 272 emake DESTDIR="${D}" install
190} 273}
191 274
192multilib_src_install_all() { 275multilib_src_install_all() {
193 # openssl installs perl version of c_rehash by default, but 276 # openssl installs perl version of c_rehash by default, but
194 # we provide a shell version via app-misc/c_rehash 277 # we provide a shell version via app-misc/c_rehash
195 rm "${ED%/}"/usr/bin/c_rehash || die 278 rm "${ED}"/usr/bin/c_rehash || die
196 279
197 dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el 280 dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
198 281
@@ -201,13 +284,13 @@ multilib_src_install_all() {
201 # build system: the static archives are built as PIC all the time. 284 # build system: the static archives are built as PIC all the time.
202 # Only way around this would be to manually configure+compile openssl 285 # Only way around this would be to manually configure+compile openssl
203 # twice; once with shared lib support enabled and once without. 286 # twice; once with shared lib support enabled and once without.
204 use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a 287 use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
205 288
206 # create the certs directory 289 # create the certs directory
207 keepdir ${SSL_CNF_DIR}/certs 290 keepdir ${SSL_CNF_DIR}/certs
208 291
209 # Namespace openssl programs to prevent conflicts with other man pages 292 # Namespace openssl programs to prevent conflicts with other man pages
210 cd "${ED%/}"/usr/share/man || die 293 cd "${ED}"/usr/share/man || die
211 local m d s 294 local m d s
212 for m in $(find . -type f | xargs grep -L '#include') ; do 295 for m in $(find . -type f | xargs grep -L '#include') ; do
213 d=${m%/*} ; d=${d#./} ; m=${m##*/} 296 d=${m%/*} ; d=${d#./} ; m=${m##*/}
@@ -230,14 +313,14 @@ multilib_src_install_all() {
230 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" 313 [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
231 314
232 dodir /etc/sandbox.d #254521 315 dodir /etc/sandbox.d #254521
233 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl 316 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
234 317
235 diropts -m0700 318 diropts -m0700
236 keepdir ${SSL_CNF_DIR}/private 319 keepdir ${SSL_CNF_DIR}/private
237} 320}
238 321
239pkg_postinst() { 322pkg_postinst() {
240 ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" 323 ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
241 c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null 324 c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
242 eend $? 325 eend $?
243} 326}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 23:33:11 +0000