diff options
author | psyc://loupsycedyglgamf.onion/~lynX <ircs://psyced.org/youbroketheinternet> | 1984-04-04 00:44:15 +0000 |
---|---|---|
committer | psyc://loupsycedyglgamf.onion/~lynX <ircs://psyced.org/youbroketheinternet> | 1984-04-04 00:44:15 +0000 |
commit | 56815f9a4e93e7601ab6c45339396e0f9b09c217 (patch) | |
tree | ab74c6c3faacdf7c47d01251d85be1947e94a78f | |
parent | 5614f819da096a643ae2943e8ecfa428bda0b26c (diff) | |
download | youbroketheinternet-overlay-56815f9a4e93e7601ab6c45339396e0f9b09c217.tar.gz youbroketheinternet-overlay-56815f9a4e93e7601ab6c45339396e0f9b09c217.zip |
openssl update
27 files changed, 564 insertions, 2034 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 987a5c1..e4814a5 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest | |||
@@ -1,22 +1,7 @@ | |||
1 | DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 | 1 | DIST openssl-1.0.2-patches-1.5.tar.xz 12404 SHA256 2a94d5390b8210fca2e01d5e94558feffba8f1c92c14eb5fe3b63ccd5a8b3159 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 WHIRLPOOL 469e959182767ae9e29606490701be199bbe14ffa3caa2063556c3dea4a4f577fda0062d369438ce7aadfc479152257dcaa722ee07d135f0a92e87c747b45cd7 |
2 | DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d | 2 | DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 SHA256 e1591d3eb0c0fefc3eaef8ea26ff94368c0ce82ecd2788ea34943bde4bc780f1 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 WHIRLPOOL 6844b392bf890920f86f08f5e6165a6a8958d01f11cb9b4f95f7611d094ca72fddc991e379a357fb32969a3f6c70d9f3d7cdd3b679b4801c4c244e44b607f2c6 |
3 | DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd | 3 | DIST openssl-1.0.2u.tar.gz 5355412 SHA256 ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 WHIRLPOOL 63c1c7ded399c9500e12bba6c86cea7c704ede268ec6149a7abb593e7c01df1a170f4a10d2ac1096a3a94146d88fa345a3151ce77d4f67a560c720d4bd2b98ad |
4 | DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 | 4 | DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 SHA256 808fdec5729e46ea2643e99130459488db69ab2ef68c7c9f6379009f724e80d8 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793 WHIRLPOOL 162a1973a96e7caf31d655067e3448928a1cd85980ae3efeaf0992ce665468ab1f7886be1fac0d3b5fd3ca194bd27f8d247e8a126382757d1503a321844b877d |
5 | DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 | 5 | DIST openssl-1.1.0l.tar.gz 5294857 SHA256 74a2f756c64fd7386a29184dc0344f4831192d61dc2481a93a4c5dd727f41148 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad WHIRLPOOL 588ebeeae7b3d25405bd425b610bc70e2aa351034022c1f25cc663d220cc1be43580c6f461b9fe6c08d6ae8758722b9489e63cd13a2fd88c386be239f62c8f62 |
6 | DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e | 6 | DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 SHA256 73c4ee17b98f0d4fea6e0e338ed75af3394c07b9d469caecb75c9c32ab6455c8 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f WHIRLPOOL 4f6383d117202673c3c7209da48d71677c2a27141bcd03d779a1888a16553cfa928ccfe5435ef367cee62ff2844ca4665f588053bc4e0511bbcd1f49071b2fc1 |
7 | DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 | 7 | DIST openssl-1.1.1d.tar.gz 8845861 SHA256 1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 WHIRLPOOL 6cafc834a88d43970d6c0008dfac63b26b9c720bf90ff9d539334e38f20f309573b824d6047dd7ca62fff72cbcf642645c3d75ffd2c93345bbc5426cd8649057 |
8 | DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 | ||
9 | DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39 | ||
10 | DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 | ||
11 | DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae | ||
12 | DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 | ||
13 | DIST openssl-1.1.1-pre7.tar.gz 8308876 BLAKE2B 621cc6c541d81c2fa62e12eb75b62f1444af2bc1fcf001620515810700eacc3b36975a5b0c4764fed78c37ad1c9ad78b94f5115794b929626b085ccab15d9ab0 SHA512 38efa67b26e83a4dcb6da2d61d92b6be890535c61cec23d781d49efe66173fd9b9185b89ba50d591fed65f440417e16ba0738ffba58a684e48e8b82032ea36ff | ||
14 | DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf | ||
15 | DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9 | ||
16 | DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 | ||
17 | DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 | ||
18 | DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 | ||
19 | DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328a9d1186b4922e284fcfe0f68259ea12d21c4472d92d65a7fcef21e049cf9371cc9bdad11b66a3df11286418ed42 SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a | ||
20 | DIST openssl-1.1.0g_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 | ||
21 | DIST openssl-1.1.0g_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae | ||
22 | DIST openssl-1.1.0g_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 | ||
diff --git a/dev-libs/openssl/files/gentoo.config-0.9.8 b/dev-libs/openssl/files/gentoo.config-0.9.8 deleted file mode 100644 index 07bf13a..0000000 --- a/dev-libs/openssl/files/gentoo.config-0.9.8 +++ /dev/null | |||
@@ -1,144 +0,0 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | # Copyright 1999-2009 Gentoo Authors | ||
3 | # Distributed under the terms of the GNU General Public License v2 | ||
4 | # | ||
5 | # Openssl doesn't play along nicely with cross-compiling | ||
6 | # like autotools based projects, so let's teach it new tricks. | ||
7 | # | ||
8 | # Review the bundled 'config' script to see why kind of targets | ||
9 | # we can pass to the 'Configure' script. | ||
10 | |||
11 | |||
12 | # Testing routines | ||
13 | if [[ $1 == "test" ]] ; then | ||
14 | for c in \ | ||
15 | "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ | ||
16 | "armv5b-linux-gnu |linux-generic32 -DB_ENDIAN" \ | ||
17 | "x86_64-pc-linux-gnu |linux-x86_64" \ | ||
18 | "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ | ||
19 | "i686-pc-linux-gnu |linux-elf" \ | ||
20 | "whatever-gentoo-freebsdX.Y |BSD-generic32" \ | ||
21 | "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ | ||
22 | "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ | ||
23 | "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ | ||
24 | "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ | ||
25 | "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ | ||
26 | "powerpc-gentOO-linux-uclibc |linux-ppc" \ | ||
27 | "powerpc64-unk-linux-gnu |linux-ppc64" \ | ||
28 | "x86_64-apple-darwinX |darwin64-x86_64-cc" \ | ||
29 | "powerpc64-apple-darwinX |darwin64-ppc-cc" \ | ||
30 | "i686-apple-darwinX |darwin-i386-cc" \ | ||
31 | "i386-apple-darwinX |darwin-i386-cc" \ | ||
32 | "powerpc-apple-darwinX |darwin-ppc-cc" \ | ||
33 | "i586-pc-winnt |winnt-parity" \ | ||
34 | ;do | ||
35 | CHOST=${c/|*} | ||
36 | ret_want=${c/*|} | ||
37 | ret_got=$(CHOST=${CHOST} "$0") | ||
38 | |||
39 | if [[ ${ret_want} == "${ret_got}" ]] ; then | ||
40 | echo "PASS: ${CHOST}" | ||
41 | else | ||
42 | echo "FAIL: ${CHOST}" | ||
43 | echo -e "\twanted: ${ret_want}" | ||
44 | echo -e "\twe got: ${ret_got}" | ||
45 | fi | ||
46 | done | ||
47 | exit 0 | ||
48 | fi | ||
49 | [[ -z ${CHOST} && -n $1 ]] && CHOST=$1 | ||
50 | |||
51 | |||
52 | # Detect the operating system | ||
53 | case ${CHOST} in | ||
54 | *-aix*) system="aix";; | ||
55 | *-darwin*) system="darwin";; | ||
56 | *-freebsd*) system="BSD";; | ||
57 | *-hpux*) system="hpux";; | ||
58 | *-linux*) system="linux";; | ||
59 | *-solaris*) system="solaris";; | ||
60 | *-winnt*) system="winnt";; | ||
61 | *) exit 0;; | ||
62 | esac | ||
63 | |||
64 | |||
65 | # Compiler munging | ||
66 | compiler="gcc" | ||
67 | if [[ ${CC} == "ccc" ]] ; then | ||
68 | compiler=${CC} | ||
69 | fi | ||
70 | |||
71 | |||
72 | # Detect target arch | ||
73 | machine="" | ||
74 | chost_machine=${CHOST%%-*} | ||
75 | case ${system} in | ||
76 | linux) | ||
77 | case ${chost_machine} in | ||
78 | alphaev56*) machine=alpha+bwx-${compiler};; | ||
79 | alphaev[678]*)machine=alpha+bwx-${compiler};; | ||
80 | alpha*) machine=alpha-${compiler};; | ||
81 | arm*b*) machine="generic32 -DB_ENDIAN";; | ||
82 | arm*) machine="generic32 -DL_ENDIAN";; | ||
83 | # hppa64*) machine=parisc64;; | ||
84 | hppa*) machine="generic32 -DB_ENDIAN";; | ||
85 | i[0-9]86*) machine=elf;; | ||
86 | ia64*) machine=ia64;; | ||
87 | m68*) machine="generic32 -DB_ENDIAN";; | ||
88 | mips*el*) machine="generic32 -DL_ENDIAN";; | ||
89 | mips*) machine="generic32 -DB_ENDIAN";; | ||
90 | powerpc64*) machine=ppc64;; | ||
91 | powerpc*) machine=ppc;; | ||
92 | # sh64*) machine=elf;; | ||
93 | sh*b*) machine="generic32 -DB_ENDIAN";; | ||
94 | sh*) machine="generic32 -DL_ENDIAN";; | ||
95 | sparc*v7*) machine="generic32 -DB_ENDIAN";; | ||
96 | sparc64*) machine=sparcv9;; | ||
97 | sparc*) machine=sparcv8;; | ||
98 | s390x*) machine="generic64 -DB_ENDIAN";; | ||
99 | s390*) machine="generic32 -DB_ENDIAN";; | ||
100 | x86_64*) machine=x86_64;; | ||
101 | esac | ||
102 | ;; | ||
103 | BSD) | ||
104 | case ${chost_machine} in | ||
105 | alpha*) machine=generic64;; | ||
106 | i[6-9]86*) machine=x86-elf;; | ||
107 | ia64*) machine=ia64;; | ||
108 | sparc64*) machine=sparc64;; | ||
109 | x86_64*) machine=x86_64;; | ||
110 | *) machine=generic32;; | ||
111 | esac | ||
112 | ;; | ||
113 | aix) | ||
114 | machine=${compiler} | ||
115 | ;; | ||
116 | darwin) | ||
117 | case ${chost_machine} in | ||
118 | powerpc64) machine=ppc-cc; system=${system}64;; | ||
119 | powerpc) machine=ppc-cc;; | ||
120 | i?86*) machine=i386-cc;; | ||
121 | x86_64) machine=x86_64-cc; system=${system}64;; | ||
122 | esac | ||
123 | ;; | ||
124 | hpux) | ||
125 | case ${chost_machine} in | ||
126 | ia64) machine=ia64-${compiler} ;; | ||
127 | esac | ||
128 | ;; | ||
129 | solaris) | ||
130 | case ${chost_machine} in | ||
131 | i386) machine=x86-${compiler} ;; | ||
132 | x86_64*) machine=x86_64-${compiler}; system=${system}64;; | ||
133 | sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; | ||
134 | sparc*) machine=sparcv8-${compiler};; | ||
135 | esac | ||
136 | ;; | ||
137 | winnt) | ||
138 | machine=parity | ||
139 | ;; | ||
140 | esac | ||
141 | |||
142 | |||
143 | # If we have something, show it | ||
144 | [[ -n ${machine} ]] && echo ${system}-${machine} | ||
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2 index 3d01656..d16175e 100644 --- a/dev-libs/openssl/files/gentoo.config-1.0.2 +++ b/dev-libs/openssl/files/gentoo.config-1.0.2 | |||
@@ -1,5 +1,5 @@ | |||
1 | #!/usr/bin/env bash | 1 | #!/usr/bin/env bash |
2 | # Copyright 1999-2018 Gentoo Authors | 2 | # Copyright 1999-2018 Gentoo Foundation |
3 | # Distributed under the terms of the GNU General Public License v2 | 3 | # Distributed under the terms of the GNU General Public License v2 |
4 | # | 4 | # |
5 | # Openssl doesn't play along nicely with cross-compiling | 5 | # Openssl doesn't play along nicely with cross-compiling |
diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch deleted file mode 100644 index a798164..0000000 --- a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | --- a/Configure | ||
2 | +++ b/Configure | ||
3 | @@ -365,7 +365,7 @@ | ||
4 | # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it | ||
5 | # simply *happens* to work around a compiler bug in gcc 3.3.3, | ||
6 | # triggered by RIPEMD160 code. | ||
7 | -"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
8 | +"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
9 | "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
10 | "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
11 | |||
12 | |||
13 | the -B flag is a no-op nowadays | ||
14 | |||
15 | --- a/crypto/des/Makefile | ||
16 | +++ b/crypto/des/Makefile | ||
17 | @@ -62,7 +62,7 @@ | ||
18 | $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) | ||
19 | |||
20 | des_enc-sparc.S: asm/des_enc.m4 | ||
21 | - m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S | ||
22 | + m4 asm/des_enc.m4 > des_enc-sparc.S | ||
23 | |||
24 | # ELF | ||
25 | dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl | ||
diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch deleted file mode 100644 index 64cc7bd..0000000 --- a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | http://bugs.gentoo.org/181438 | ||
2 | http://bugs.gentoo.org/327421 | ||
3 | https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest | ||
4 | |||
5 | make sure we respect LDFLAGS | ||
6 | |||
7 | also make sure we don't add useless -rpath flags to the system libdir | ||
8 | |||
9 | --- openssl-0.9.8h/Makefile.org | ||
10 | +++ openssl-0.9.8h/Makefile.org | ||
11 | @@ -180,6 +181,7 @@ | ||
12 | MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ | ||
13 | DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ | ||
14 | MAKEDEPPROG='${MAKEDEPPROG}' \ | ||
15 | + LDFLAGS='${LDFLAGS}' \ | ||
16 | SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ | ||
17 | KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ | ||
18 | EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ | ||
19 | --- openssl-0.9.8h/Makefile.shared | ||
20 | +++ openssl-0.9.8h/Makefile.shared | ||
21 | @@ -153,7 +153,7 @@ | ||
22 | NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ | ||
23 | SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" | ||
24 | |||
25 | -DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" | ||
26 | +DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" | ||
27 | |||
28 | #This is rather special. It's a special target with which one can link | ||
29 | #applications without bothering with any features that have anything to | ||
diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch deleted file mode 100644 index 9fa79b9..0000000 --- a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | http://bugs.gentoo.org/289130 | ||
2 | |||
3 | Ripped from Fedora | ||
4 | |||
5 | --- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100 | ||
6 | +++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100 | ||
7 | @@ -150,7 +150,7 @@ ___ | ||
8 | sub BODY_20_39 { | ||
9 | my ($i,$a,$b,$c,$d,$e,$f)=@_; | ||
10 | my $j=$i+1; | ||
11 | -my $K=($i<40)?0x6ed9eba1:0xca62c1d6; | ||
12 | +my $K=($i<40)?0x6ed9eba1:-0x359d3e2a; | ||
13 | $code.=<<___ if ($i<79); | ||
14 | lea $K($xi,$e),$f | ||
15 | mov `4*($j%16)`(%rsp),$xi | ||
16 | @@ -187,7 +187,7 @@ sub BODY_40_59 { | ||
17 | my ($i,$a,$b,$c,$d,$e,$f)=@_; | ||
18 | my $j=$i+1; | ||
19 | $code.=<<___; | ||
20 | - lea 0x8f1bbcdc($xi,$e),$f | ||
21 | + lea -0x70e44324($xi,$e),$f | ||
22 | mov `4*($j%16)`(%rsp),$xi | ||
23 | mov $b,$t0 | ||
24 | mov $b,$t1 | ||
diff --git a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch b/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch deleted file mode 100644 index c932b82..0000000 --- a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | https://bugs.gentoo.org/639876 | ||
2 | |||
3 | --- a/crypto/des/asm/des-586.pl | ||
4 | +++ b/crypto/des/asm/des-586.pl | ||
5 | @@ -4,7 +4,7 @@ | ||
6 | # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> | ||
7 | # | ||
8 | |||
9 | -push(@INC,"perlasm","../../perlasm"); | ||
10 | +push(@INC,".","perlasm","../../perlasm"); | ||
11 | require "x86asm.pl"; | ||
12 | require "cbc.pl"; | ||
13 | require "desboth.pl"; | ||
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch deleted file mode 100644 index 148e7c3..0000000 --- a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001 | ||
2 | From: Guido Vranken <guidovranken@gmail.com> | ||
3 | Date: Mon, 11 Jun 2018 19:38:54 +0200 | ||
4 | Subject: [PATCH] Reject excessively large primes in DH key generation. | ||
5 | |||
6 | CVE-2018-0732 | ||
7 | |||
8 | Signed-off-by: Guido Vranken <guidovranken@gmail.com> | ||
9 | |||
10 | (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) | ||
11 | |||
12 | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||
13 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
14 | (Merged from https://github.com/openssl/openssl/pull/6457) | ||
15 | --- | ||
16 | crypto/dh/dh_key.c | 7 ++++++- | ||
17 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c | ||
20 | index 387558f1467..f235e0d682b 100644 | ||
21 | --- a/crypto/dh/dh_key.c | ||
22 | +++ b/crypto/dh/dh_key.c | ||
23 | @@ -130,10 +130,15 @@ static int generate_key(DH *dh) | ||
24 | int ok = 0; | ||
25 | int generate_new_key = 0; | ||
26 | unsigned l; | ||
27 | - BN_CTX *ctx; | ||
28 | + BN_CTX *ctx = NULL; | ||
29 | BN_MONT_CTX *mont = NULL; | ||
30 | BIGNUM *pub_key = NULL, *priv_key = NULL; | ||
31 | |||
32 | + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { | ||
33 | + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); | ||
34 | + return 0; | ||
35 | + } | ||
36 | + | ||
37 | ctx = BN_CTX_new(); | ||
38 | if (ctx == NULL) | ||
39 | goto err; | ||
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch deleted file mode 100644 index e105fe4..0000000 --- a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch +++ /dev/null | |||
@@ -1,290 +0,0 @@ | |||
1 | Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. | ||
2 | |||
3 | From https://src.fedoraproject.org/git/rpms/openssl.git | ||
4 | |||
5 | Contains parts of the following patches, rediffed. The patches are on various | ||
6 | different branches. | ||
7 | f23 openssl-1.0.2c-ecc-suiteb.patch | ||
8 | f23 openssl-1.0.2a-fips-ec.patch | ||
9 | f28 openssl-1.1.0-ec-curves.patch | ||
10 | |||
11 | Signed-off-By: Robin H. Johnson <robbat2@gentoo.org> | ||
12 | |||
13 | diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/apps/speed.c openssl-1.0.2m.mod/apps/speed.c | ||
14 | --- openssl-1.0.2m.hobble/apps/speed.c 2017-11-02 07:32:57.000000000 -0700 | ||
15 | +++ openssl-1.0.2m.mod/apps/speed.c 2018-06-10 19:00:09.264550382 -0700 | ||
16 | @@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) | ||
17 | } else | ||
18 | # endif | ||
19 | # ifndef OPENSSL_NO_ECDSA | ||
20 | - if (strcmp(*argv, "ecdsap160") == 0) | ||
21 | - ecdsa_doit[R_EC_P160] = 2; | ||
22 | - else if (strcmp(*argv, "ecdsap192") == 0) | ||
23 | - ecdsa_doit[R_EC_P192] = 2; | ||
24 | + if (0) {} | ||
25 | else if (strcmp(*argv, "ecdsap224") == 0) | ||
26 | ecdsa_doit[R_EC_P224] = 2; | ||
27 | else if (strcmp(*argv, "ecdsap256") == 0) | ||
28 | @@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) | ||
29 | ecdsa_doit[R_EC_P384] = 2; | ||
30 | else if (strcmp(*argv, "ecdsap521") == 0) | ||
31 | ecdsa_doit[R_EC_P521] = 2; | ||
32 | - else if (strcmp(*argv, "ecdsak163") == 0) | ||
33 | - ecdsa_doit[R_EC_K163] = 2; | ||
34 | - else if (strcmp(*argv, "ecdsak233") == 0) | ||
35 | - ecdsa_doit[R_EC_K233] = 2; | ||
36 | - else if (strcmp(*argv, "ecdsak283") == 0) | ||
37 | - ecdsa_doit[R_EC_K283] = 2; | ||
38 | - else if (strcmp(*argv, "ecdsak409") == 0) | ||
39 | - ecdsa_doit[R_EC_K409] = 2; | ||
40 | - else if (strcmp(*argv, "ecdsak571") == 0) | ||
41 | - ecdsa_doit[R_EC_K571] = 2; | ||
42 | - else if (strcmp(*argv, "ecdsab163") == 0) | ||
43 | - ecdsa_doit[R_EC_B163] = 2; | ||
44 | - else if (strcmp(*argv, "ecdsab233") == 0) | ||
45 | - ecdsa_doit[R_EC_B233] = 2; | ||
46 | - else if (strcmp(*argv, "ecdsab283") == 0) | ||
47 | - ecdsa_doit[R_EC_B283] = 2; | ||
48 | - else if (strcmp(*argv, "ecdsab409") == 0) | ||
49 | - ecdsa_doit[R_EC_B409] = 2; | ||
50 | - else if (strcmp(*argv, "ecdsab571") == 0) | ||
51 | - ecdsa_doit[R_EC_B571] = 2; | ||
52 | else if (strcmp(*argv, "ecdsa") == 0) { | ||
53 | - for (i = 0; i < EC_NUM; i++) | ||
54 | + for (i = R_EC_P224; i < R_EC_P521; i++) | ||
55 | ecdsa_doit[i] = 1; | ||
56 | } else | ||
57 | # endif | ||
58 | # ifndef OPENSSL_NO_ECDH | ||
59 | - if (strcmp(*argv, "ecdhp160") == 0) | ||
60 | - ecdh_doit[R_EC_P160] = 2; | ||
61 | - else if (strcmp(*argv, "ecdhp192") == 0) | ||
62 | - ecdh_doit[R_EC_P192] = 2; | ||
63 | + if (0) {} | ||
64 | else if (strcmp(*argv, "ecdhp224") == 0) | ||
65 | ecdh_doit[R_EC_P224] = 2; | ||
66 | else if (strcmp(*argv, "ecdhp256") == 0) | ||
67 | @@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) | ||
68 | ecdh_doit[R_EC_P384] = 2; | ||
69 | else if (strcmp(*argv, "ecdhp521") == 0) | ||
70 | ecdh_doit[R_EC_P521] = 2; | ||
71 | - else if (strcmp(*argv, "ecdhk163") == 0) | ||
72 | - ecdh_doit[R_EC_K163] = 2; | ||
73 | - else if (strcmp(*argv, "ecdhk233") == 0) | ||
74 | - ecdh_doit[R_EC_K233] = 2; | ||
75 | - else if (strcmp(*argv, "ecdhk283") == 0) | ||
76 | - ecdh_doit[R_EC_K283] = 2; | ||
77 | - else if (strcmp(*argv, "ecdhk409") == 0) | ||
78 | - ecdh_doit[R_EC_K409] = 2; | ||
79 | - else if (strcmp(*argv, "ecdhk571") == 0) | ||
80 | - ecdh_doit[R_EC_K571] = 2; | ||
81 | - else if (strcmp(*argv, "ecdhb163") == 0) | ||
82 | - ecdh_doit[R_EC_B163] = 2; | ||
83 | - else if (strcmp(*argv, "ecdhb233") == 0) | ||
84 | - ecdh_doit[R_EC_B233] = 2; | ||
85 | - else if (strcmp(*argv, "ecdhb283") == 0) | ||
86 | - ecdh_doit[R_EC_B283] = 2; | ||
87 | - else if (strcmp(*argv, "ecdhb409") == 0) | ||
88 | - ecdh_doit[R_EC_B409] = 2; | ||
89 | - else if (strcmp(*argv, "ecdhb571") == 0) | ||
90 | - ecdh_doit[R_EC_B571] = 2; | ||
91 | else if (strcmp(*argv, "ecdh") == 0) { | ||
92 | - for (i = 0; i < EC_NUM; i++) | ||
93 | + for (i = R_EC_P224; i <= R_EC_P521; i++) | ||
94 | ecdh_doit[i] = 1; | ||
95 | } else | ||
96 | # endif | ||
97 | @@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) | ||
98 | BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); | ||
99 | # endif | ||
100 | # ifndef OPENSSL_NO_ECDSA | ||
101 | - BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " | ||
102 | + BIO_printf(bio_err, "ecdsap224 " | ||
103 | "ecdsap256 ecdsap384 ecdsap521\n"); | ||
104 | - BIO_printf(bio_err, | ||
105 | - "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); | ||
106 | - BIO_printf(bio_err, | ||
107 | - "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); | ||
108 | BIO_printf(bio_err, "ecdsa\n"); | ||
109 | # endif | ||
110 | # ifndef OPENSSL_NO_ECDH | ||
111 | - BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " | ||
112 | + BIO_printf(bio_err, "ecdhp224 " | ||
113 | "ecdhp256 ecdhp384 ecdhp521\n"); | ||
114 | - BIO_printf(bio_err, | ||
115 | - "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); | ||
116 | - BIO_printf(bio_err, | ||
117 | - "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); | ||
118 | BIO_printf(bio_err, "ecdh\n"); | ||
119 | # endif | ||
120 | |||
121 | @@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) | ||
122 | for (i = 0; i < DSA_NUM; i++) | ||
123 | dsa_doit[i] = 1; | ||
124 | # ifndef OPENSSL_NO_ECDSA | ||
125 | - for (i = 0; i < EC_NUM; i++) | ||
126 | + for (i = R_EC_P224; i <= R_EC_P521; i++) | ||
127 | ecdsa_doit[i] = 1; | ||
128 | # endif | ||
129 | # ifndef OPENSSL_NO_ECDH | ||
130 | - for (i = 0; i < EC_NUM; i++) | ||
131 | + for (i = R_EC_P224; i <= R_EC_P521; i++) | ||
132 | ecdh_doit[i] = 1; | ||
133 | # endif | ||
134 | } | ||
135 | diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c | ||
136 | --- openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c 2017-11-02 07:32:57.000000000 -0700 | ||
137 | +++ openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c 2018-06-10 18:45:36.909911848 -0700 | ||
138 | @@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO | ||
139 | return 0; | ||
140 | } | ||
141 | |||
142 | + if (BN_num_bits(p) < 224) { | ||
143 | + ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); | ||
144 | + return 0; | ||
145 | + } | ||
146 | + | ||
147 | if (ctx == NULL) { | ||
148 | ctx = new_ctx = BN_CTX_new(); | ||
149 | if (ctx == NULL) | ||
150 | diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/ssl/t1_lib.c openssl-1.0.2m.mod/ssl/t1_lib.c | ||
151 | --- openssl-1.0.2m.hobble/ssl/t1_lib.c 2017-11-02 07:32:58.000000000 -0700 | ||
152 | +++ openssl-1.0.2m.mod/ssl/t1_lib.c 2018-06-10 18:46:55.329811812 -0700 | ||
153 | @@ -271,10 +271,7 @@ static const unsigned char eccurves_auto | ||
154 | 0, 23, /* secp256r1 (23) */ | ||
155 | /* Other >= 256-bit prime curves. */ | ||
156 | 0, 25, /* secp521r1 (25) */ | ||
157 | - 0, 28, /* brainpool512r1 (28) */ | ||
158 | - 0, 27, /* brainpoolP384r1 (27) */ | ||
159 | 0, 24, /* secp384r1 (24) */ | ||
160 | - 0, 26, /* brainpoolP256r1 (26) */ | ||
161 | 0, 22, /* secp256k1 (22) */ | ||
162 | # ifndef OPENSSL_NO_EC2M | ||
163 | /* >= 256-bit binary curves. */ | ||
164 | @@ -292,10 +289,7 @@ static const unsigned char eccurves_all[ | ||
165 | 0, 23, /* secp256r1 (23) */ | ||
166 | /* Other >= 256-bit prime curves. */ | ||
167 | 0, 25, /* secp521r1 (25) */ | ||
168 | - 0, 28, /* brainpool512r1 (28) */ | ||
169 | - 0, 27, /* brainpoolP384r1 (27) */ | ||
170 | 0, 24, /* secp384r1 (24) */ | ||
171 | - 0, 26, /* brainpoolP256r1 (26) */ | ||
172 | 0, 22, /* secp256k1 (22) */ | ||
173 | # ifndef OPENSSL_NO_EC2M | ||
174 | /* >= 256-bit binary curves. */ | ||
175 | @@ -310,13 +304,6 @@ static const unsigned char eccurves_all[ | ||
176 | * Remaining curves disabled by default but still permitted if set | ||
177 | * via an explicit callback or parameters. | ||
178 | */ | ||
179 | - 0, 20, /* secp224k1 (20) */ | ||
180 | - 0, 21, /* secp224r1 (21) */ | ||
181 | - 0, 18, /* secp192k1 (18) */ | ||
182 | - 0, 19, /* secp192r1 (19) */ | ||
183 | - 0, 15, /* secp160k1 (15) */ | ||
184 | - 0, 16, /* secp160r1 (16) */ | ||
185 | - 0, 17, /* secp160r2 (17) */ | ||
186 | # ifndef OPENSSL_NO_EC2M | ||
187 | 0, 8, /* sect239k1 (8) */ | ||
188 | 0, 6, /* sect233k1 (6) */ | ||
189 | @@ -351,29 +338,21 @@ static const unsigned char fips_curves_d | ||
190 | 0, 9, /* sect283k1 (9) */ | ||
191 | 0, 10, /* sect283r1 (10) */ | ||
192 | # endif | ||
193 | - 0, 22, /* secp256k1 (22) */ | ||
194 | 0, 23, /* secp256r1 (23) */ | ||
195 | # ifndef OPENSSL_NO_EC2M | ||
196 | 0, 8, /* sect239k1 (8) */ | ||
197 | 0, 6, /* sect233k1 (6) */ | ||
198 | 0, 7, /* sect233r1 (7) */ | ||
199 | # endif | ||
200 | - 0, 20, /* secp224k1 (20) */ | ||
201 | - 0, 21, /* secp224r1 (21) */ | ||
202 | # ifndef OPENSSL_NO_EC2M | ||
203 | 0, 4, /* sect193r1 (4) */ | ||
204 | 0, 5, /* sect193r2 (5) */ | ||
205 | # endif | ||
206 | - 0, 18, /* secp192k1 (18) */ | ||
207 | - 0, 19, /* secp192r1 (19) */ | ||
208 | # ifndef OPENSSL_NO_EC2M | ||
209 | 0, 1, /* sect163k1 (1) */ | ||
210 | 0, 2, /* sect163r1 (2) */ | ||
211 | 0, 3, /* sect163r2 (3) */ | ||
212 | # endif | ||
213 | - 0, 15, /* secp160k1 (15) */ | ||
214 | - 0, 16, /* secp160r1 (16) */ | ||
215 | - 0, 17, /* secp160r2 (17) */ | ||
216 | }; | ||
217 | # endif | ||
218 | |||
219 | diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c | ||
220 | --- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 | ||
221 | +++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200 | ||
222 | @@ -501,11 +501,13 @@ int main(int argc, char *argv[]) | ||
223 | goto err; | ||
224 | |||
225 | /* NIST PRIME CURVES TESTS */ | ||
226 | +# if 0 | ||
227 | if (!test_ecdh_curve | ||
228 | (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) | ||
229 | goto err; | ||
230 | if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) | ||
231 | goto err; | ||
232 | +# endif | ||
233 | if (!test_ecdh_curve | ||
234 | (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) | ||
235 | goto err; | ||
236 | @@ -536,13 +538,14 @@ int main(int argc, char *argv[]) | ||
237 | if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) | ||
238 | goto err; | ||
239 | # endif | ||
240 | +# if 0 | ||
241 | if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) | ||
242 | goto err; | ||
243 | if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) | ||
244 | goto err; | ||
245 | if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) | ||
246 | goto err; | ||
247 | - | ||
248 | +# endif | ||
249 | ret = 0; | ||
250 | |||
251 | err: | ||
252 | diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c | ||
253 | --- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 | ||
254 | +++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200 | ||
255 | @@ -138,11 +138,14 @@ int restore_rand(void) | ||
256 | } | ||
257 | |||
258 | static int fbytes_counter = 0; | ||
259 | -static const char *numbers[8] = { | ||
260 | +static const char *numbers[10] = { | ||
261 | + "651056770906015076056810763456358567190100156695615665659", | ||
262 | "651056770906015076056810763456358567190100156695615665659", | ||
263 | "6140507067065001063065065565667405560006161556565665656654", | ||
264 | "8763001015071075675010661307616710783570106710677817767166" | ||
265 | "71676178726717", | ||
266 | + "8763001015071075675010661307616710783570106710677817767166" | ||
267 | + "71676178726717", | ||
268 | "7000000175690566466555057817571571075705015757757057795755" | ||
269 | "55657156756655", | ||
270 | "1275552191113212300012030439187146164646146646466749494799", | ||
271 | @@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num) | ||
272 | int ret; | ||
273 | BIGNUM *tmp = NULL; | ||
274 | |||
275 | - if (fbytes_counter >= 8) | ||
276 | + if (fbytes_counter >= 10) | ||
277 | return 0; | ||
278 | tmp = BN_new(); | ||
279 | if (!tmp) | ||
280 | @@ -532,8 +535,10 @@ int main(void) | ||
281 | RAND_seed(rnd_seed, sizeof(rnd_seed)); | ||
282 | |||
283 | /* the tests */ | ||
284 | +# if 0 | ||
285 | if (!x9_62_tests(out)) | ||
286 | goto err; | ||
287 | +# endif | ||
288 | if (!test_builtin(out)) | ||
289 | goto err; | ||
290 | |||
diff --git a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch b/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch deleted file mode 100644 index 4b01feb..0000000 --- a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch +++ /dev/null | |||
@@ -1,77 +0,0 @@ | |||
1 | From e502cc86df9dafded1694fceb3228ee34d11c11a Mon Sep 17 00:00:00 2001 | ||
2 | From: Andy Polyakov <appro@openssl.org> | ||
3 | Date: Fri, 24 Nov 2017 11:35:50 +0100 | ||
4 | Subject: [PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in | ||
5 | rsaz_1024_mul_avx2. | ||
6 | |||
7 | Credit to OSS-Fuzz for finding this. | ||
8 | |||
9 | CVE-2017-3738 | ||
10 | |||
11 | Reviewed-by: Rich Salz <rsalz@openssl.org> | ||
12 | --- | ||
13 | crypto/bn/asm/rsaz-avx2.pl | 15 +++++++-------- | ||
14 | 1 file changed, 7 insertions(+), 8 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl | ||
17 | index 0c1b236ef98..46d746b7d0e 100755 | ||
18 | --- a/crypto/bn/asm/rsaz-avx2.pl | ||
19 | +++ b/crypto/bn/asm/rsaz-avx2.pl | ||
20 | @@ -246,7 +246,7 @@ | ||
21 | vmovdqu 32*8-128($ap), $ACC8 | ||
22 | |||
23 | lea 192(%rsp), $tp0 # 64+128=192 | ||
24 | - vpbroadcastq .Land_mask(%rip), $AND_MASK | ||
25 | + vmovdqu .Land_mask(%rip), $AND_MASK | ||
26 | jmp .LOOP_GRANDE_SQR_1024 | ||
27 | |||
28 | .align 32 | ||
29 | @@ -1077,10 +1077,10 @@ | ||
30 | vpmuludq 32*6-128($np),$Yi,$TEMP1 | ||
31 | vpaddq $TEMP1,$ACC6,$ACC6 | ||
32 | vpmuludq 32*7-128($np),$Yi,$TEMP2 | ||
33 | - vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3 | ||
34 | + vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3 | ||
35 | vpaddq $TEMP2,$ACC7,$ACC7 | ||
36 | vpmuludq 32*8-128($np),$Yi,$TEMP0 | ||
37 | - vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3 | ||
38 | + vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3 | ||
39 | vpaddq $TEMP0,$ACC8,$ACC8 | ||
40 | |||
41 | mov %rbx, %rax | ||
42 | @@ -1093,7 +1093,9 @@ | ||
43 | vmovdqu -8+32*2-128($ap),$TEMP2 | ||
44 | |||
45 | mov $r1, %rax | ||
46 | + vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3 | ||
47 | imull $n0, %eax | ||
48 | + vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3 | ||
49 | and \$0x1fffffff, %eax | ||
50 | |||
51 | imulq 16-128($ap),%rbx | ||
52 | @@ -1329,15 +1331,12 @@ | ||
53 | # But as we underutilize resources, it's possible to correct in | ||
54 | # each iteration with marginal performance loss. But then, as | ||
55 | # we do it in each iteration, we can correct less digits, and | ||
56 | -# avoid performance penalties completely. Also note that we | ||
57 | -# correct only three digits out of four. This works because | ||
58 | -# most significant digit is subjected to less additions. | ||
59 | +# avoid performance penalties completely. | ||
60 | |||
61 | $TEMP0 = $ACC9; | ||
62 | $TEMP3 = $Bi; | ||
63 | $TEMP4 = $Yi; | ||
64 | $code.=<<___; | ||
65 | - vpermq \$0, $AND_MASK, $AND_MASK | ||
66 | vpaddq (%rsp), $TEMP1, $ACC0 | ||
67 | |||
68 | vpsrlq \$29, $ACC0, $TEMP1 | ||
69 | @@ -1770,7 +1769,7 @@ | ||
70 | |||
71 | .align 64 | ||
72 | .Land_mask: | ||
73 | - .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1 | ||
74 | + .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff | ||
75 | .Lscatter_permd: | ||
76 | .long 0,2,4,6,7,7,7,7 | ||
77 | .Lgather_permd: | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch deleted file mode 100644 index e7dfba4..0000000 --- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Guido Vranken <guidovranken@gmail.com> | ||
3 | Date: Mon, 11 Jun 2018 19:38:54 +0200 | ||
4 | Subject: [PATCH] Reject excessively large primes in DH key generation. | ||
5 | |||
6 | CVE-2018-0732 | ||
7 | |||
8 | Signed-off-by: Guido Vranken <guidovranken@gmail.com> | ||
9 | |||
10 | (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) | ||
11 | |||
12 | Reviewed-by: Tim Hudson <tjh@openssl.org> | ||
13 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
14 | (Merged from https://github.com/openssl/openssl/pull/6457) | ||
15 | --- | ||
16 | crypto/dh/dh_key.c | 7 ++++++- | ||
17 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c | ||
20 | index fce9ff47f36..58003d70878 100644 | ||
21 | --- a/crypto/dh/dh_key.c | ||
22 | +++ b/crypto/dh/dh_key.c | ||
23 | @@ -78,10 +78,15 @@ static int generate_key(DH *dh) | ||
24 | int ok = 0; | ||
25 | int generate_new_key = 0; | ||
26 | unsigned l; | ||
27 | - BN_CTX *ctx; | ||
28 | + BN_CTX *ctx = NULL; | ||
29 | BN_MONT_CTX *mont = NULL; | ||
30 | BIGNUM *pub_key = NULL, *priv_key = NULL; | ||
31 | |||
32 | + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { | ||
33 | + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); | ||
34 | + return 0; | ||
35 | + } | ||
36 | + | ||
37 | ctx = BN_CTX_new(); | ||
38 | if (ctx == NULL) | ||
39 | goto err; | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch deleted file mode 100644 index 34c9cc0..0000000 --- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001 | ||
2 | From: Billy Brumley <bbrumley@gmail.com> | ||
3 | Date: Wed, 11 Apr 2018 10:10:58 +0300 | ||
4 | Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont | ||
5 | both get called with BN_FLG_CONSTTIME flag set. | ||
6 | |||
7 | CVE-2018-0737 | ||
8 | |||
9 | Reviewed-by: Rich Salz <rsalz@openssl.org> | ||
10 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
11 | (cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787) | ||
12 | --- | ||
13 | crypto/rsa/rsa_gen.c | 2 ++ | ||
14 | 1 file changed, 2 insertions(+) | ||
15 | |||
16 | diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c | ||
17 | index 9ca5dfe..42b89a8 100644 | ||
18 | --- a/crypto/rsa/rsa_gen.c | ||
19 | +++ b/crypto/rsa/rsa_gen.c | ||
20 | @@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, | ||
21 | if (BN_copy(rsa->e, e_value) == NULL) | ||
22 | goto err; | ||
23 | |||
24 | + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); | ||
25 | + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); | ||
26 | BN_set_flags(r2, BN_FLG_CONSTTIME); | ||
27 | /* generate p and q */ | ||
28 | for (;;) { | ||
29 | -- | ||
30 | 2.7.4 | ||
31 | |||
diff --git a/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch b/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch new file mode 100644 index 0000000..c837e20 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch | |||
@@ -0,0 +1,21 @@ | |||
1 | https://github.com/openssl/openssl/issues/7679 | ||
2 | |||
3 | --- a/Configurations/unix-Makefile.tmpl | ||
4 | +++ b/Configurations/unix-Makefile.tmpl | ||
5 | @@ -77,8 +77,14 @@ | ||
6 | # to. You're welcome. | ||
7 | sub dependmagic { | ||
8 | my $target = shift; | ||
9 | - | ||
10 | - return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; | ||
11 | + my $magic = <<"_____"; | ||
12 | +$target: build_generated depend | ||
13 | + \$(MAKE) _$target | ||
14 | +_$target | ||
15 | +_____ | ||
16 | + # Remove line ending | ||
17 | + $magic =~ s|\R$||; | ||
18 | + return $magic; | ||
19 | } | ||
20 | ''; | ||
21 | -} | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch new file mode 100644 index 0000000..2c4cc31 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch | |||
@@ -0,0 +1,19 @@ | |||
1 | Test fuzz was forgotten when | ||
2 | |||
3 | Perl: Use our own globbing wrapper rather than File::Glob::glob | ||
4 | |||
5 | was backported to openssl-1.1.0 branch. | ||
6 | |||
7 | Link: https://github.com/openssl/openssl/commit/b81cfa07ada850fd287d0a0c82ba280907f18ce7 | ||
8 | |||
9 | --- a/test/recipes/90-test_fuzz.t | ||
10 | +++ b/test/recipes/90-test_fuzz.t | ||
11 | @@ -9,7 +9,7 @@ | ||
12 | use strict; | ||
13 | use warnings; | ||
14 | |||
15 | -use if $^O ne "VMS", 'File::Glob' => qw/glob/; | ||
16 | +use OpenSSL::Glob; | ||
17 | use OpenSSL::Test qw/:DEFAULT srctop_file/; | ||
18 | use OpenSSL::Test::Utils; | ||
19 | |||
diff --git a/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch b/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch new file mode 100644 index 0000000..35a435d --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From bcf6a94c4bc912ad313ea21abdf7e83bbae450e5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nicola Tuveri <nic.tuv@gmail.com> | ||
3 | Date: Thu, 12 Sep 2019 01:57:47 +0300 | ||
4 | Subject: [PATCH] Fix no-ec2m in ec_curve.c (1.1.0) | ||
5 | |||
6 | I made a mistake in d4a5dac9f9242c580fb9d0a4389440eccd3494a7 and | ||
7 | inverted the GF2m and GFp calls in ec_point_get_affine_coordinates, this | ||
8 | fixes it. | ||
9 | --- | ||
10 | crypto/ec/ec_curve.c | 4 ++-- | ||
11 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
12 | |||
13 | diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c | ||
14 | index 2d28d7f70bb..6a58b3a23e0 100644 | ||
15 | --- a/crypto/ec/ec_curve.c | ||
16 | +++ b/crypto/ec/ec_curve.c | ||
17 | @@ -3200,11 +3200,11 @@ int ec_point_get_affine_coordinates(const EC_GROUP *group, | ||
18 | |||
19 | #ifndef OPENSSL_NO_EC2M | ||
20 | if (field_nid == NID_X9_62_characteristic_two_field) { | ||
21 | - return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx); | ||
22 | + return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx); | ||
23 | } else | ||
24 | #endif /* !def(OPENSSL_NO_EC2M) */ | ||
25 | if (field_nid == NID_X9_62_prime_field) { | ||
26 | - return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx); | ||
27 | + return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx); | ||
28 | } else { | ||
29 | /* this should never happen */ | ||
30 | return 0; | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch deleted file mode 100644 index 6c336f2..0000000 --- a/dev-libs/openssl/files/openssl-1.1.1_pre7-CVE-2018-0732.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | From 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe Mon Sep 17 00:00:00 2001 | ||
2 | From: Guido Vranken <guidovranken@gmail.com> | ||
3 | Date: Mon, 11 Jun 2018 19:38:54 +0200 | ||
4 | Subject: [PATCH] Reject excessively large primes in DH key generation. | ||
5 | |||
6 | CVE-2018-0732 | ||
7 | |||
8 | Signed-off-by: Guido Vranken <guidovranken@gmail.com> | ||
9 | |||
10 | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | ||
11 | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> | ||
12 | Reviewed-by: Rich Salz <rsalz@openssl.org> | ||
13 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
14 | (Merged from https://github.com/openssl/openssl/pull/6457) | ||
15 | --- | ||
16 | crypto/dh/dh_key.c | 7 ++++++- | ||
17 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c | ||
20 | index 6901548ed69..752542b5563 100644 | ||
21 | --- a/crypto/dh/dh_key.c | ||
22 | +++ b/crypto/dh/dh_key.c | ||
23 | @@ -78,10 +78,15 @@ static int generate_key(DH *dh) | ||
24 | int ok = 0; | ||
25 | int generate_new_key = 0; | ||
26 | unsigned l; | ||
27 | - BN_CTX *ctx; | ||
28 | + BN_CTX *ctx = NULL; | ||
29 | BN_MONT_CTX *mont = NULL; | ||
30 | BIGNUM *pub_key = NULL, *priv_key = NULL; | ||
31 | |||
32 | + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { | ||
33 | + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); | ||
34 | + return 0; | ||
35 | + } | ||
36 | + | ||
37 | ctx = BN_CTX_new(); | ||
38 | if (ctx == NULL) | ||
39 | goto err; | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch new file mode 100644 index 0000000..1f195d0 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch | |||
@@ -0,0 +1,107 @@ | |||
1 | From 515c728dbaa92211d2eafb0041ab9fcd258fdc41 Mon Sep 17 00:00:00 2001 | ||
2 | From: Bernd Edlinger <bernd.edlinger@hotmail.de> | ||
3 | Date: Mon, 9 Sep 2019 19:12:25 +0200 | ||
4 | Subject: [PATCH] Fix potential memory leaks with BN_to_ASN1_INTEGER | ||
5 | |||
6 | Reviewed-by: Paul Dale <paul.dale@oracle.com> | ||
7 | Reviewed-by: Matt Caswell <matt@openssl.org> | ||
8 | (Merged from https://github.com/openssl/openssl/pull/9833) | ||
9 | |||
10 | (cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09) | ||
11 | --- | ||
12 | crypto/ec/ec_asn1.c | 7 +++++-- | ||
13 | crypto/x509v3/v3_asid.c | 26 ++++++++++++++++++++------ | ||
14 | 2 files changed, 25 insertions(+), 8 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c | ||
17 | index 1ce1181fc10..7cbf8de9813 100644 | ||
18 | --- a/crypto/ec/ec_asn1.c | ||
19 | +++ b/crypto/ec/ec_asn1.c | ||
20 | @@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, | ||
21 | unsigned char *buffer = NULL; | ||
22 | const EC_POINT *point = NULL; | ||
23 | point_conversion_form_t form; | ||
24 | + ASN1_INTEGER *orig; | ||
25 | |||
26 | if (params == NULL) { | ||
27 | if ((ret = ECPARAMETERS_new()) == NULL) { | ||
28 | @@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, | ||
29 | ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); | ||
30 | goto err; | ||
31 | } | ||
32 | - ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); | ||
33 | + ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); | ||
34 | if (ret->order == NULL) { | ||
35 | + ret->order = orig; | ||
36 | ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); | ||
37 | goto err; | ||
38 | } | ||
39 | @@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, | ||
40 | /* set the cofactor (optional) */ | ||
41 | tmp = EC_GROUP_get0_cofactor(group); | ||
42 | if (tmp != NULL) { | ||
43 | - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); | ||
44 | + ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); | ||
45 | if (ret->cofactor == NULL) { | ||
46 | + ret->cofactor = orig; | ||
47 | ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); | ||
48 | goto err; | ||
49 | } | ||
50 | diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c | ||
51 | index 089f2ae29f0..ef2d64826fb 100644 | ||
52 | --- a/crypto/x509v3/v3_asid.c | ||
53 | +++ b/crypto/x509v3/v3_asid.c | ||
54 | @@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, | ||
55 | static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) | ||
56 | { | ||
57 | ASN1_INTEGER *a_max_plus_one = NULL; | ||
58 | + ASN1_INTEGER *orig; | ||
59 | BIGNUM *bn = NULL; | ||
60 | int i, ret = 0; | ||
61 | |||
62 | @@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) | ||
63 | */ | ||
64 | if ((bn == NULL && (bn = BN_new()) == NULL) || | ||
65 | ASN1_INTEGER_to_BN(a_max, bn) == NULL || | ||
66 | - !BN_add_word(bn, 1) || | ||
67 | - (a_max_plus_one = | ||
68 | - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { | ||
69 | + !BN_add_word(bn, 1)) { | ||
70 | + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, | ||
71 | + ERR_R_MALLOC_FAILURE); | ||
72 | + goto done; | ||
73 | + } | ||
74 | + | ||
75 | + if ((a_max_plus_one = | ||
76 | + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { | ||
77 | + a_max_plus_one = orig; | ||
78 | X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, | ||
79 | ERR_R_MALLOC_FAILURE); | ||
80 | goto done; | ||
81 | @@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) | ||
82 | static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | ||
83 | { | ||
84 | ASN1_INTEGER *a_max_plus_one = NULL; | ||
85 | + ASN1_INTEGER *orig; | ||
86 | BIGNUM *bn = NULL; | ||
87 | int i, ret = 0; | ||
88 | |||
89 | @@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | ||
90 | */ | ||
91 | if ((bn == NULL && (bn = BN_new()) == NULL) || | ||
92 | ASN1_INTEGER_to_BN(a_max, bn) == NULL || | ||
93 | - !BN_add_word(bn, 1) || | ||
94 | - (a_max_plus_one = | ||
95 | - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { | ||
96 | + !BN_add_word(bn, 1)) { | ||
97 | + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, | ||
98 | + ERR_R_MALLOC_FAILURE); | ||
99 | + goto done; | ||
100 | + } | ||
101 | + | ||
102 | + if ((a_max_plus_one = | ||
103 | + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { | ||
104 | + a_max_plus_one = orig; | ||
105 | X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, | ||
106 | ERR_R_MALLOC_FAILURE); | ||
107 | goto done; | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch b/dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch new file mode 100644 index 0000000..5d2f923 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1d-fix-zlib.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 86ed78676c660b553696cc10c682962522dfeb6c Mon Sep 17 00:00:00 2001 | ||
2 | From: Tomas Mraz <tmraz@fedoraproject.org> | ||
3 | Date: Thu, 12 Sep 2019 12:27:36 +0200 | ||
4 | Subject: [PATCH] BIO_f_zlib: Properly handle BIO_CTRL_PENDING and | ||
5 | BIO_CTRL_WPENDING calls. | ||
6 | |||
7 | There can be data to write in output buffer and data to read that were | ||
8 | not yet read in the input stream. | ||
9 | |||
10 | Fixes #9866 | ||
11 | |||
12 | Reviewed-by: Richard Levitte <levitte@openssl.org> | ||
13 | (Merged from https://github.com/openssl/openssl/pull/9877) | ||
14 | |||
15 | (cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95) | ||
16 | --- | ||
17 | crypto/comp/c_zlib.c | 22 ++++++++++++++++++++++ | ||
18 | 1 file changed, 22 insertions(+) | ||
19 | |||
20 | diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c | ||
21 | index d688deee5f2..7c1be358fd7 100644 | ||
22 | --- a/crypto/comp/c_zlib.c | ||
23 | +++ b/crypto/comp/c_zlib.c | ||
24 | @@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) | ||
25 | BIO_copy_next_retry(b); | ||
26 | break; | ||
27 | |||
28 | + case BIO_CTRL_WPENDING: | ||
29 | + if (ctx->obuf == NULL) | ||
30 | + return 0; | ||
31 | + | ||
32 | + if (ctx->odone) { | ||
33 | + ret = ctx->ocount; | ||
34 | + } else { | ||
35 | + ret = ctx->ocount; | ||
36 | + if (ret == 0) | ||
37 | + /* Unknown amount pending but we are not finished */ | ||
38 | + ret = 1; | ||
39 | + } | ||
40 | + if (ret == 0) | ||
41 | + ret = BIO_ctrl(next, cmd, num, ptr); | ||
42 | + break; | ||
43 | + | ||
44 | + case BIO_CTRL_PENDING: | ||
45 | + ret = ctx->zin.avail_in; | ||
46 | + if (ret == 0) | ||
47 | + ret = BIO_ctrl(next, cmd, num, ptr); | ||
48 | + break; | ||
49 | + | ||
50 | default: | ||
51 | ret = BIO_ctrl(next, cmd, num, ptr); | ||
52 | break; | ||
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch new file mode 100644 index 0000000..dc8fe71 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From 61cc715240d2d3f9511ca88043a3e9797c11482f Mon Sep 17 00:00:00 2001 | ||
2 | From: Richard Levitte <levitte@openssl.org> | ||
3 | Date: Thu, 3 Oct 2019 08:28:31 +0200 | ||
4 | Subject: [PATCH] Define AESNI_ASM if AESNI assembler is included, and use it | ||
5 | |||
6 | Because we have cases where basic assembler support isn't present, but | ||
7 | AESNI asssembler support is, we need a separate macro that indicates | ||
8 | that, and use it. | ||
9 | |||
10 | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> | ||
11 | Reviewed-by: Paul Dale <paul.dale@oracle.com> | ||
12 | (Merged from https://github.com/openssl/openssl/pull/10080) | ||
13 | --- | ||
14 | Configure | 1 + | ||
15 | crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- | ||
16 | crypto/evp/e_aes_cbc_hmac_sha256.c | 4 ++-- | ||
17 | 3 files changed, 4 insertions(+), 3 deletions(-) | ||
18 | |||
19 | diff --git a/Configure b/Configure | ||
20 | index 811bee81f54..f498ac2f81b 100755 | ||
21 | --- a/Configure | ||
22 | +++ b/Configure | ||
23 | @@ -1376,6 +1376,7 @@ unless ($disabled{asm}) { | ||
24 | } | ||
25 | if ($target{aes_asm_src}) { | ||
26 | push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; | ||
27 | + push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);; | ||
28 | # aes-ctr.fake is not a real file, only indication that assembler | ||
29 | # module implements AES_ctr32_encrypt... | ||
30 | push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); | ||
31 | diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c | ||
32 | index c9f5969162c..27c36b46e7a 100644 | ||
33 | --- a/crypto/evp/e_aes_cbc_hmac_sha1.c | ||
34 | +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c | ||
35 | @@ -33,7 +33,7 @@ typedef struct { | ||
36 | |||
37 | #define NO_PAYLOAD_LENGTH ((size_t)-1) | ||
38 | |||
39 | -#if defined(AES_ASM) && ( \ | ||
40 | +#if defined(AESNI_ASM) && ( \ | ||
41 | defined(__x86_64) || defined(__x86_64__) || \ | ||
42 | defined(_M_AMD64) || defined(_M_X64) ) | ||
43 | |||
44 | diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c | ||
45 | index d5178313ae3..cc622b6faa8 100644 | ||
46 | --- a/crypto/evp/e_aes_cbc_hmac_sha256.c | ||
47 | +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c | ||
48 | @@ -34,7 +34,7 @@ typedef struct { | ||
49 | |||
50 | # define NO_PAYLOAD_LENGTH ((size_t)-1) | ||
51 | |||
52 | -#if defined(AES_ASM) && ( \ | ||
53 | +#if defined(AESNI_ASM) && ( \ | ||
54 | defined(__x86_64) || defined(__x86_64__) || \ | ||
55 | defined(_M_AMD64) || defined(_M_X64) ) | ||
56 | |||
57 | @@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) | ||
58 | { | ||
59 | return NULL; | ||
60 | } | ||
61 | -#endif | ||
62 | +#endif /* AESNI_ASM */ | ||
diff --git a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild deleted file mode 100644 index 0129ddc..0000000 --- a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild +++ /dev/null | |||
@@ -1,163 +0,0 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | ||
2 | # Distributed under the terms of the GNU General Public License v2 | ||
3 | |||
4 | # this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat | ||
5 | |||
6 | EAPI="6" | ||
7 | |||
8 | inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal | ||
9 | |||
10 | #PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))") | ||
11 | PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h' | ||
12 | MY_PV=${PV/_p*/${PLEVEL}} | ||
13 | MY_P=${PN}-${MY_PV} | ||
14 | S="${WORKDIR}/${MY_P}" | ||
15 | DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" | ||
16 | HOMEPAGE="https://www.openssl.org/" | ||
17 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" | ||
18 | |||
19 | LICENSE="openssl" | ||
20 | SLOT="0.9.8" | ||
21 | KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" | ||
22 | IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" | ||
23 | # RESTRICT="!bindist? ( bindist )" | ||
24 | |||
25 | RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) | ||
26 | zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) | ||
27 | kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) | ||
28 | !=dev-libs/openssl-0.9.8*:0" | ||
29 | DEPEND="${RDEPEND} | ||
30 | >=dev-lang/perl-5 | ||
31 | test? ( | ||
32 | sys-apps/diffutils | ||
33 | sys-devel/bc | ||
34 | )" | ||
35 | |||
36 | # Do not install any docs | ||
37 | DOCS=() | ||
38 | |||
39 | PATCHES=( | ||
40 | "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch | ||
41 | "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 | ||
42 | "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 | ||
43 | "${FILESDIR}"/${PN}-0.9.8z_p8-perl-5.26.patch | ||
44 | ) | ||
45 | |||
46 | src_prepare() { | ||
47 | default | ||
48 | |||
49 | # disable fips in the build | ||
50 | # make sure the man pages are suffixed #302165 | ||
51 | # don't bother building man pages if they're disabled | ||
52 | sed -i \ | ||
53 | -e '/DIRS/s: fips : :g' \ | ||
54 | -e '/^MANSUFFIX/s:=.*:=ssl:' \ | ||
55 | -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ | ||
56 | -e $(has noman FEATURES \ | ||
57 | && echo '/^install:/s:install_docs::' \ | ||
58 | || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ | ||
59 | Makefile{,.org} \ | ||
60 | || die | ||
61 | # show the actual commands in the log | ||
62 | sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared || die | ||
63 | # update the enginedir path. | ||
64 | # punt broken config we don't care about as it fails sanity check. | ||
65 | sed -i \ | ||
66 | -e '/^"debug-ben-debug-64"/d' \ | ||
67 | -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ | ||
68 | Configure || die | ||
69 | |||
70 | # since we're forcing $(CC) as makedep anyway, just fix | ||
71 | # the conditional as always-on | ||
72 | # helps clang (#417795), and versioned gcc (#499818) | ||
73 | sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die | ||
74 | |||
75 | # quiet out unknown driver argument warnings since openssl | ||
76 | # doesn't have well-split CFLAGS and we're making it even worse | ||
77 | # and 'make depend' uses -Werror for added fun (#417795 again) | ||
78 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments | ||
79 | |||
80 | # allow openssl to be cross-compiled | ||
81 | cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" | ||
82 | chmod a+rx gentoo.config || die | ||
83 | |||
84 | append-flags -fno-strict-aliasing | ||
85 | append-flags -Wa,--noexecstack | ||
86 | |||
87 | sed -i '1s,^:$,#!/usr/bin/perl,' Configure || die #141906 | ||
88 | sed -i '/^"debug-bodo/d' Configure || die # 0.9.8za shipped broken | ||
89 | ./config --test-sanity || die "I AM NOT SANE" | ||
90 | |||
91 | multilib_copy_sources | ||
92 | } | ||
93 | |||
94 | multilib_src_configure() { | ||
95 | unset APPS #197996 | ||
96 | unset SCRIPTS #312551 | ||
97 | |||
98 | tc-export CC AR RANLIB | ||
99 | |||
100 | # Clean out patent-or-otherwise-encumbered code | ||
101 | # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) | ||
102 | # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm | ||
103 | # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography | ||
104 | # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 | ||
105 | # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5 | ||
106 | |||
107 | use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } | ||
108 | echoit() { echo "$@" ; "$@" ; } | ||
109 | |||
110 | local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") | ||
111 | |||
112 | local sslout=$(./gentoo.config) | ||
113 | einfo "Use configuration ${sslout:-(openssl knows best)}" | ||
114 | local config="Configure" | ||
115 | [[ -z ${sslout} ]] && config="config" | ||
116 | |||
117 | echoit \ | ||
118 | ./${config} \ | ||
119 | ${sslout} \ | ||
120 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | ||
121 | enable-camellia \ | ||
122 | $(use_ssl !bindist ec) \ | ||
123 | enable-idea \ | ||
124 | enable-mdc2 \ | ||
125 | $(use_ssl !bindist rc5) \ | ||
126 | enable-tlsext \ | ||
127 | $(use_ssl gmp gmp -lgmp) \ | ||
128 | $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ | ||
129 | $(use_ssl zlib) \ | ||
130 | --prefix=/usr \ | ||
131 | --openssldir=/etc/ssl \ | ||
132 | shared threads \ | ||
133 | || die "Configure failed" | ||
134 | |||
135 | # Clean out hardcoded flags that openssl uses | ||
136 | local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ | ||
137 | -e 's:^CFLAG=::' \ | ||
138 | -e 's:-fomit-frame-pointer ::g' \ | ||
139 | -e 's:-O[0-9] ::g' \ | ||
140 | -e 's:-march=[-a-z0-9]* ::g' \ | ||
141 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | ||
142 | -e 's:-m[a-z0-9]* ::g' \ | ||
143 | ) | ||
144 | sed -i \ | ||
145 | -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ | ||
146 | -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ | ||
147 | -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ | ||
148 | Makefile || die | ||
149 | } | ||
150 | |||
151 | multilib_src_compile() { | ||
152 | # depend is needed to use $confopts | ||
153 | emake -j1 depend | ||
154 | emake -j1 build_libs | ||
155 | } | ||
156 | |||
157 | multilib_src_test() { | ||
158 | emake -j1 test | ||
159 | } | ||
160 | |||
161 | multilib_src_install() { | ||
162 | dolib.so lib{crypto,ssl}.so.0.9.8 | ||
163 | } | ||
diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild deleted file mode 100644 index d6d5912..0000000 --- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild +++ /dev/null | |||
@@ -1,158 +0,0 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | ||
2 | # Distributed under the terms of the GNU General Public License v2 | ||
3 | |||
4 | # this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat | ||
5 | |||
6 | EAPI="5" | ||
7 | |||
8 | inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal | ||
9 | |||
10 | #PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))") | ||
11 | PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h' | ||
12 | MY_PV=${PV/_p*/${PLEVEL}} | ||
13 | MY_P=${PN}-${MY_PV} | ||
14 | S="${WORKDIR}/${MY_P}" | ||
15 | DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" | ||
16 | HOMEPAGE="http://www.openssl.org/" | ||
17 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" | ||
18 | |||
19 | LICENSE="openssl" | ||
20 | SLOT="0.9.8" | ||
21 | KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" | ||
22 | IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" | ||
23 | # RESTRICT="!bindist? ( bindist )" | ||
24 | |||
25 | RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) | ||
26 | zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) | ||
27 | kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) | ||
28 | !=dev-libs/openssl-0.9.8*:0" | ||
29 | DEPEND="${RDEPEND} | ||
30 | >=dev-lang/perl-5 | ||
31 | test? ( | ||
32 | sys-apps/diffutils | ||
33 | sys-devel/bc | ||
34 | )" | ||
35 | |||
36 | # Do not install any docs | ||
37 | DOCS=() | ||
38 | |||
39 | src_prepare() { | ||
40 | epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch | ||
41 | epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 | ||
42 | epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 | ||
43 | |||
44 | # disable fips in the build | ||
45 | # make sure the man pages are suffixed #302165 | ||
46 | # don't bother building man pages if they're disabled | ||
47 | sed -i \ | ||
48 | -e '/DIRS/s: fips : :g' \ | ||
49 | -e '/^MANSUFFIX/s:=.*:=ssl:' \ | ||
50 | -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ | ||
51 | -e $(has noman FEATURES \ | ||
52 | && echo '/^install:/s:install_docs::' \ | ||
53 | || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ | ||
54 | Makefile{,.org} \ | ||
55 | || die | ||
56 | # show the actual commands in the log | ||
57 | sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared | ||
58 | # update the enginedir path. | ||
59 | # punt broken config we don't care about as it fails sanity check. | ||
60 | sed -i \ | ||
61 | -e '/^"debug-ben-debug-64"/d' \ | ||
62 | -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ | ||
63 | Configure || die | ||
64 | |||
65 | # since we're forcing $(CC) as makedep anyway, just fix | ||
66 | # the conditional as always-on | ||
67 | # helps clang (#417795), and versioned gcc (#499818) | ||
68 | sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die | ||
69 | |||
70 | # quiet out unknown driver argument warnings since openssl | ||
71 | # doesn't have well-split CFLAGS and we're making it even worse | ||
72 | # and 'make depend' uses -Werror for added fun (#417795 again) | ||
73 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments | ||
74 | |||
75 | # allow openssl to be cross-compiled | ||
76 | cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" | ||
77 | chmod a+rx gentoo.config | ||
78 | |||
79 | append-flags -fno-strict-aliasing | ||
80 | append-flags -Wa,--noexecstack | ||
81 | |||
82 | sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 | ||
83 | sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken | ||
84 | ./config --test-sanity || die "I AM NOT SANE" | ||
85 | |||
86 | multilib_copy_sources | ||
87 | } | ||
88 | |||
89 | multilib_src_configure() { | ||
90 | unset APPS #197996 | ||
91 | unset SCRIPTS #312551 | ||
92 | |||
93 | tc-export CC AR RANLIB | ||
94 | |||
95 | # Clean out patent-or-otherwise-encumbered code | ||
96 | # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) | ||
97 | # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm | ||
98 | # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography | ||
99 | # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 | ||
100 | # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5 | ||
101 | |||
102 | use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } | ||
103 | echoit() { echo "$@" ; "$@" ; } | ||
104 | |||
105 | local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") | ||
106 | |||
107 | local sslout=$(./gentoo.config) | ||
108 | einfo "Use configuration ${sslout:-(openssl knows best)}" | ||
109 | local config="Configure" | ||
110 | [[ -z ${sslout} ]] && config="config" | ||
111 | |||
112 | echoit \ | ||
113 | ./${config} \ | ||
114 | ${sslout} \ | ||
115 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | ||
116 | enable-camellia \ | ||
117 | $(use_ssl !bindist ec) \ | ||
118 | enable-idea \ | ||
119 | enable-mdc2 \ | ||
120 | $(use_ssl !bindist rc5) \ | ||
121 | enable-tlsext \ | ||
122 | $(use_ssl gmp gmp -lgmp) \ | ||
123 | $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ | ||
124 | $(use_ssl zlib) \ | ||
125 | --prefix=/usr \ | ||
126 | --openssldir=/etc/ssl \ | ||
127 | shared threads \ | ||
128 | || die "Configure failed" | ||
129 | |||
130 | # Clean out hardcoded flags that openssl uses | ||
131 | local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ | ||
132 | -e 's:^CFLAG=::' \ | ||
133 | -e 's:-fomit-frame-pointer ::g' \ | ||
134 | -e 's:-O[0-9] ::g' \ | ||
135 | -e 's:-march=[-a-z0-9]* ::g' \ | ||
136 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | ||
137 | -e 's:-m[a-z0-9]* ::g' \ | ||
138 | ) | ||
139 | sed -i \ | ||
140 | -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ | ||
141 | -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ | ||
142 | -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ | ||
143 | Makefile || die | ||
144 | } | ||
145 | |||
146 | multilib_src_compile() { | ||
147 | # depend is needed to use $confopts | ||
148 | emake -j1 depend | ||
149 | emake -j1 build_libs | ||
150 | } | ||
151 | |||
152 | multilib_src_test() { | ||
153 | emake -j1 test | ||
154 | } | ||
155 | |||
156 | multilib_src_install() { | ||
157 | dolib.so lib{crypto,ssl}.so.0.9.8 | ||
158 | } | ||
diff --git a/dev-libs/openssl/openssl-1.0.2n.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild deleted file mode 100644 index 5255150..0000000 --- a/dev-libs/openssl/openssl-1.0.2n.ebuild +++ /dev/null | |||
@@ -1,251 +0,0 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | ||
2 | # Distributed under the terms of the GNU General Public License v2 | ||
3 | |||
4 | EAPI="6" | ||
5 | |||
6 | inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal | ||
7 | |||
8 | PATCH_SET="openssl-1.0.2-patches-1.0" | ||
9 | MY_P=${P/_/-} | ||
10 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" | ||
11 | HOMEPAGE="https://www.openssl.org/" | ||
12 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz | ||
13 | mirror://gentoo/${PATCH_SET}.tar.xz | ||
14 | https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz" | ||
15 | |||
16 | LICENSE="openssl" | ||
17 | SLOT="0" | ||
18 | KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" | ||
19 | IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" | ||
20 | # RESTRICT="!bindist? ( bindist )" | ||
21 | |||
22 | RDEPEND=">=app-misc/c_rehash-1.7-r1 | ||
23 | gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) | ||
24 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) | ||
25 | kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" | ||
26 | DEPEND="${RDEPEND} | ||
27 | >=dev-lang/perl-5 | ||
28 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) | ||
29 | test? ( | ||
30 | sys-apps/diffutils | ||
31 | sys-devel/bc | ||
32 | )" | ||
33 | PDEPEND="app-misc/ca-certificates" | ||
34 | |||
35 | S="${WORKDIR}/${MY_P}" | ||
36 | |||
37 | MULTILIB_WRAPPED_HEADERS=( | ||
38 | usr/include/openssl/opensslconf.h | ||
39 | ) | ||
40 | |||
41 | src_prepare() { | ||
42 | # keep this in sync with app-misc/c_rehash | ||
43 | SSL_CNF_DIR="/etc/ssl" | ||
44 | |||
45 | # Make sure we only ever touch Makefile.org and avoid patching a file | ||
46 | # that gets blown away anyways by the Configure script in src_configure | ||
47 | rm -f Makefile | ||
48 | |||
49 | if ! use vanilla ; then | ||
50 | eapply "${WORKDIR}"/patch/*.patch | ||
51 | fi | ||
52 | |||
53 | eapply_user | ||
54 | |||
55 | # disable fips in the build | ||
56 | # make sure the man pages are suffixed #302165 | ||
57 | # don't bother building man pages if they're disabled | ||
58 | sed -i \ | ||
59 | -e '/DIRS/s: fips : :g' \ | ||
60 | -e '/^MANSUFFIX/s:=.*:=ssl:' \ | ||
61 | -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ | ||
62 | -e $(has noman FEATURES \ | ||
63 | && echo '/^install:/s:install_docs::' \ | ||
64 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ | ||
65 | Makefile.org \ | ||
66 | || die | ||
67 | # show the actual commands in the log | ||
68 | sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared | ||
69 | |||
70 | # since we're forcing $(CC) as makedep anyway, just fix | ||
71 | # the conditional as always-on | ||
72 | # helps clang (#417795), and versioned gcc (#499818) | ||
73 | sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die | ||
74 | |||
75 | # quiet out unknown driver argument warnings since openssl | ||
76 | # doesn't have well-split CFLAGS and we're making it even worse | ||
77 | # and 'make depend' uses -Werror for added fun (#417795 again) | ||
78 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments | ||
79 | |||
80 | # allow openssl to be cross-compiled | ||
81 | cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die | ||
82 | chmod a+rx gentoo.config || die | ||
83 | |||
84 | append-flags -fno-strict-aliasing | ||
85 | append-flags $(test-flags-CC -Wa,--noexecstack) | ||
86 | append-cppflags -DOPENSSL_NO_BUF_FREELISTS | ||
87 | |||
88 | sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 | ||
89 | # The config script does stupid stuff to prompt the user. Kill it. | ||
90 | sed -i '/stty -icanon min 0 time 50; read waste/d' config || die | ||
91 | ./config --test-sanity || die "I AM NOT SANE" | ||
92 | |||
93 | multilib_copy_sources | ||
94 | } | ||
95 | |||
96 | multilib_src_configure() { | ||
97 | unset APPS #197996 | ||
98 | unset SCRIPTS #312551 | ||
99 | unset CROSS_COMPILE #311473 | ||
100 | |||
101 | tc-export CC AR RANLIB RC | ||
102 | |||
103 | # Clean out patent-or-otherwise-encumbered code | ||
104 | # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) | ||
105 | # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm | ||
106 | # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography | ||
107 | # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 | ||
108 | # RC5: Expired http://en.wikipedia.org/wiki/RC5 | ||
109 | |||
110 | use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } | ||
111 | echoit() { echo "$@" ; "$@" ; } | ||
112 | |||
113 | local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") | ||
114 | |||
115 | # See if our toolchain supports __uint128_t. If so, it's 64bit | ||
116 | # friendly and can use the nicely optimized code paths. #460790 | ||
117 | local ec_nistp_64_gcc_128 | ||
118 | # Disable it for now though #469976 | ||
119 | #if ! use bindist ; then | ||
120 | # echo "__uint128_t i;" > "${T}"/128.c | ||
121 | # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then | ||
122 | # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" | ||
123 | # fi | ||
124 | #fi | ||
125 | |||
126 | # https://github.com/openssl/openssl/issues/2286 | ||
127 | if use ia64 ; then | ||
128 | replace-flags -g3 -g2 | ||
129 | replace-flags -ggdb3 -ggdb2 | ||
130 | fi | ||
131 | |||
132 | local sslout=$(./gentoo.config) | ||
133 | einfo "Use configuration ${sslout:-(openssl knows best)}" | ||
134 | local config="Configure" | ||
135 | [[ -z ${sslout} ]] && config="config" | ||
136 | |||
137 | echoit \ | ||
138 | ./${config} \ | ||
139 | ${sslout} \ | ||
140 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | ||
141 | enable-camellia \ | ||
142 | $(use_ssl !bindist ec) \ | ||
143 | ${ec_nistp_64_gcc_128} \ | ||
144 | enable-idea \ | ||
145 | enable-mdc2 \ | ||
146 | enable-rc5 \ | ||
147 | enable-tlsext \ | ||
148 | $(use_ssl asm) \ | ||
149 | $(use_ssl gmp gmp -lgmp) \ | ||
150 | $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ | ||
151 | $(use_ssl rfc3779) \ | ||
152 | $(use_ssl sctp) \ | ||
153 | $(use_ssl sslv2 ssl2) \ | ||
154 | $(use_ssl sslv3 ssl3) \ | ||
155 | $(use_ssl tls-heartbeat heartbeats) \ | ||
156 | $(use_ssl zlib) \ | ||
157 | --prefix="${EPREFIX}"/usr \ | ||
158 | --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ | ||
159 | --libdir=$(get_libdir) \ | ||
160 | shared threads \ | ||
161 | || die | ||
162 | |||
163 | # Clean out hardcoded flags that openssl uses | ||
164 | local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ | ||
165 | -e 's:^CFLAG=::' \ | ||
166 | -e 's:-fomit-frame-pointer ::g' \ | ||
167 | -e 's:-O[0-9] ::g' \ | ||
168 | -e 's:-march=[-a-z0-9]* ::g' \ | ||
169 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | ||
170 | -e 's:-m[a-z0-9]* ::g' \ | ||
171 | ) | ||
172 | sed -i \ | ||
173 | -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ | ||
174 | -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ | ||
175 | Makefile || die | ||
176 | } | ||
177 | |||
178 | multilib_src_compile() { | ||
179 | # depend is needed to use $confopts; it also doesn't matter | ||
180 | # that it's -j1 as the code itself serializes subdirs | ||
181 | emake -j1 depend | ||
182 | emake all | ||
183 | # rehash is needed to prep the certs/ dir; do this | ||
184 | # separately to avoid parallel build issues. | ||
185 | emake rehash | ||
186 | } | ||
187 | |||
188 | multilib_src_test() { | ||
189 | emake -j1 test | ||
190 | } | ||
191 | |||
192 | multilib_src_install() { | ||
193 | emake INSTALL_PREFIX="${D}" install | ||
194 | } | ||
195 | |||
196 | multilib_src_install_all() { | ||
197 | # openssl installs perl version of c_rehash by default, but | ||
198 | # we provide a shell version via app-misc/c_rehash | ||
199 | rm "${ED}"/usr/bin/c_rehash || die | ||
200 | |||
201 | local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) | ||
202 | einstalldocs | ||
203 | |||
204 | use rfc3779 && dodoc engines/ccgost/README.gost | ||
205 | |||
206 | # This is crappy in that the static archives are still built even | ||
207 | # when USE=static-libs. But this is due to a failing in the openssl | ||
208 | # build system: the static archives are built as PIC all the time. | ||
209 | # Only way around this would be to manually configure+compile openssl | ||
210 | # twice; once with shared lib support enabled and once without. | ||
211 | use static-libs || rm -f "${ED}"/usr/lib*/lib*.a | ||
212 | |||
213 | # create the certs directory | ||
214 | dodir ${SSL_CNF_DIR}/certs | ||
215 | cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die | ||
216 | rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} | ||
217 | |||
218 | # Namespace openssl programs to prevent conflicts with other man pages | ||
219 | cd "${ED}"/usr/share/man | ||
220 | local m d s | ||
221 | for m in $(find . -type f | xargs grep -L '#include') ; do | ||
222 | d=${m%/*} ; d=${d#./} ; m=${m##*/} | ||
223 | [[ ${m} == openssl.1* ]] && continue | ||
224 | [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" | ||
225 | mv ${d}/{,ssl-}${m} | ||
226 | # fix up references to renamed man pages | ||
227 | sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} | ||
228 | ln -s ssl-${m} ${d}/openssl-${m} | ||
229 | # locate any symlinks that point to this man page ... we assume | ||
230 | # that any broken links are due to the above renaming | ||
231 | for s in $(find -L ${d} -type l) ; do | ||
232 | s=${s##*/} | ||
233 | rm -f ${d}/${s} | ||
234 | ln -s ssl-${m} ${d}/ssl-${s} | ||
235 | ln -s ssl-${s} ${d}/openssl-${s} | ||
236 | done | ||
237 | done | ||
238 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" | ||
239 | |||
240 | dodir /etc/sandbox.d #254521 | ||
241 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl | ||
242 | |||
243 | diropts -m0700 | ||
244 | keepdir ${SSL_CNF_DIR}/private | ||
245 | } | ||
246 | |||
247 | pkg_postinst() { | ||
248 | ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" | ||
249 | c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null | ||
250 | eend $? | ||
251 | } | ||
diff --git a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild b/dev-libs/openssl/openssl-1.0.2o-r3.ebuild deleted file mode 100644 index f0360e4..0000000 --- a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild +++ /dev/null | |||
@@ -1,252 +0,0 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | ||
2 | # Distributed under the terms of the GNU General Public License v2 | ||
3 | |||
4 | EAPI="6" | ||
5 | |||
6 | inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal | ||
7 | |||
8 | PATCH_SET="openssl-1.0.2-patches-1.4" | ||
9 | MY_P=${P/_/-} | ||
10 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" | ||
11 | HOMEPAGE="https://www.openssl.org/" | ||
12 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz | ||
13 | mirror://gentoo/${PATCH_SET}.tar.xz | ||
14 | https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz | ||
15 | https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" | ||
16 | |||
17 | LICENSE="openssl" | ||
18 | SLOT="0" | ||
19 | KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" | ||
20 | IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" | ||
21 | # RESTRICT="!bindist? ( bindist )" | ||
22 | |||
23 | RDEPEND=">=app-misc/c_rehash-1.7-r1 | ||
24 | gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) | ||
25 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) | ||
26 | kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" | ||
27 | DEPEND="${RDEPEND} | ||
28 | >=dev-lang/perl-5 | ||
29 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) | ||
30 | test? ( | ||
31 | sys-apps/diffutils | ||
32 | sys-devel/bc | ||
33 | )" | ||
34 | PDEPEND="app-misc/ca-certificates" | ||
35 | |||
36 | S="${WORKDIR}/${MY_P}" | ||
37 | |||
38 | MULTILIB_WRAPPED_HEADERS=( | ||
39 | usr/include/openssl/opensslconf.h | ||
40 | ) | ||
41 | |||
42 | src_prepare() { | ||
43 | # keep this in sync with app-misc/c_rehash | ||
44 | SSL_CNF_DIR="/etc/ssl" | ||
45 | |||
46 | # Make sure we only ever touch Makefile.org and avoid patching a file | ||
47 | # that gets blown away anyways by the Configure script in src_configure | ||
48 | rm -f Makefile | ||
49 | |||
50 | if ! use vanilla ; then | ||
51 | eapply "${WORKDIR}"/patch/*.patch | ||
52 | fi | ||
53 | |||
54 | eapply_user | ||
55 | |||
56 | # disable fips in the build | ||
57 | # make sure the man pages are suffixed #302165 | ||
58 | # don't bother building man pages if they're disabled | ||
59 | sed -i \ | ||
60 | -e '/DIRS/s: fips : :g' \ | ||
61 | -e '/^MANSUFFIX/s:=.*:=ssl:' \ | ||
62 | -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ | ||
63 | -e $(has noman FEATURES \ | ||
64 | && echo '/^install:/s:install_docs::' \ | ||
65 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ | ||
66 | Makefile.org \ | ||
67 | || die | ||
68 | # show the actual commands in the log | ||
69 | sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared | ||
70 | |||
71 | # since we're forcing $(CC) as makedep anyway, just fix | ||
72 | # the conditional as always-on | ||
73 | # helps clang (#417795), and versioned gcc (#499818) | ||
74 | sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die | ||
75 | |||
76 | # quiet out unknown driver argument warnings since openssl | ||
77 | # doesn't have well-split CFLAGS and we're making it even worse | ||
78 | # and 'make depend' uses -Werror for added fun (#417795 again) | ||
79 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments | ||
80 | |||
81 | # allow openssl to be cross-compiled | ||
82 | cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die | ||
83 | chmod a+rx gentoo.config || die | ||
84 | |||
85 | append-flags -fno-strict-aliasing | ||
86 | append-flags $(test-flags-CC -Wa,--noexecstack) | ||
87 | append-cppflags -DOPENSSL_NO_BUF_FREELISTS | ||
88 | |||
89 | sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 | ||
90 | # The config script does stupid stuff to prompt the user. Kill it. | ||
91 | sed -i '/stty -icanon min 0 time 50; read waste/d' config || die | ||
92 | ./config --test-sanity || die "I AM NOT SANE" | ||
93 | |||
94 | multilib_copy_sources | ||
95 | } | ||
96 | |||
97 | multilib_src_configure() { | ||
98 | unset APPS #197996 | ||
99 | unset SCRIPTS #312551 | ||
100 | unset CROSS_COMPILE #311473 | ||
101 | |||
102 | tc-export CC AR RANLIB RC | ||
103 | |||
104 | # Clean out patent-or-otherwise-encumbered code | ||
105 | # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) | ||
106 | # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm | ||
107 | # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography | ||
108 | # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 | ||
109 | # RC5: Expired https://en.wikipedia.org/wiki/RC5 | ||
110 | |||
111 | use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } | ||
112 | echoit() { echo "$@" ; "$@" ; } | ||
113 | |||
114 | local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") | ||
115 | |||
116 | # See if our toolchain supports __uint128_t. If so, it's 64bit | ||
117 | # friendly and can use the nicely optimized code paths. #460790 | ||
118 | local ec_nistp_64_gcc_128 | ||
119 | # Disable it for now though #469976 | ||
120 | #if ! use bindist ; then | ||
121 | # echo "__uint128_t i;" > "${T}"/128.c | ||
122 | # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then | ||
123 | # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" | ||
124 | # fi | ||
125 | #fi | ||
126 | |||
127 | # https://github.com/openssl/openssl/issues/2286 | ||
128 | if use ia64 ; then | ||
129 | replace-flags -g3 -g2 | ||
130 | replace-flags -ggdb3 -ggdb2 | ||
131 | fi | ||
132 | |||
133 | local sslout=$(./gentoo.config) | ||
134 | einfo "Use configuration ${sslout:-(openssl knows best)}" | ||
135 | local config="Configure" | ||
136 | [[ -z ${sslout} ]] && config="config" | ||
137 | |||
138 | echoit \ | ||
139 | ./${config} \ | ||
140 | ${sslout} \ | ||
141 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | ||
142 | enable-camellia \ | ||
143 | $(use_ssl !bindist ec) \ | ||
144 | ${ec_nistp_64_gcc_128} \ | ||
145 | enable-idea \ | ||
146 | enable-mdc2 \ | ||
147 | enable-rc5 \ | ||
148 | enable-tlsext \ | ||
149 | $(use_ssl asm) \ | ||
150 | $(use_ssl gmp gmp -lgmp) \ | ||
151 | $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ | ||
152 | $(use_ssl rfc3779) \ | ||
153 | $(use_ssl sctp) \ | ||
154 | $(use_ssl sslv2 ssl2) \ | ||
155 | $(use_ssl sslv3 ssl3) \ | ||
156 | $(use_ssl tls-heartbeat heartbeats) \ | ||
157 | $(use_ssl zlib) \ | ||
158 | --prefix="${EPREFIX}"/usr \ | ||
159 | --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ | ||
160 | --libdir=$(get_libdir) \ | ||
161 | shared threads \ | ||
162 | || die | ||
163 | |||
164 | # Clean out hardcoded flags that openssl uses | ||
165 | local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ | ||
166 | -e 's:^CFLAG=::' \ | ||
167 | -e 's:-fomit-frame-pointer ::g' \ | ||
168 | -e 's:-O[0-9] ::g' \ | ||
169 | -e 's:-march=[-a-z0-9]* ::g' \ | ||
170 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | ||
171 | -e 's:-m[a-z0-9]* ::g' \ | ||
172 | ) | ||
173 | sed -i \ | ||
174 | -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ | ||
175 | -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ | ||
176 | Makefile || die | ||
177 | } | ||
178 | |||
179 | multilib_src_compile() { | ||
180 | # depend is needed to use $confopts; it also doesn't matter | ||
181 | # that it's -j1 as the code itself serializes subdirs | ||
182 | emake -j1 depend | ||
183 | emake all | ||
184 | # rehash is needed to prep the certs/ dir; do this | ||
185 | # separately to avoid parallel build issues. | ||
186 | emake rehash | ||
187 | } | ||
188 | |||
189 | multilib_src_test() { | ||
190 | emake -j1 test | ||
191 | } | ||
192 | |||
193 | multilib_src_install() { | ||
194 | emake INSTALL_PREFIX="${D}" install | ||
195 | } | ||
196 | |||
197 | multilib_src_install_all() { | ||
198 | # openssl installs perl version of c_rehash by default, but | ||
199 | # we provide a shell version via app-misc/c_rehash | ||
200 | rm "${ED}"/usr/bin/c_rehash || die | ||
201 | |||
202 | local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) | ||
203 | einstalldocs | ||
204 | |||
205 | use rfc3779 && dodoc engines/ccgost/README.gost | ||
206 | |||
207 | # This is crappy in that the static archives are still built even | ||
208 | # when USE=static-libs. But this is due to a failing in the openssl | ||
209 | # build system: the static archives are built as PIC all the time. | ||
210 | # Only way around this would be to manually configure+compile openssl | ||
211 | # twice; once with shared lib support enabled and once without. | ||
212 | use static-libs || rm -f "${ED}"/usr/lib*/lib*.a | ||
213 | |||
214 | # create the certs directory | ||
215 | dodir ${SSL_CNF_DIR}/certs | ||
216 | cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die | ||
217 | rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} | ||
218 | |||
219 | # Namespace openssl programs to prevent conflicts with other man pages | ||
220 | cd "${ED}"/usr/share/man | ||
221 | local m d s | ||
222 | for m in $(find . -type f | xargs grep -L '#include') ; do | ||
223 | d=${m%/*} ; d=${d#./} ; m=${m##*/} | ||
224 | [[ ${m} == openssl.1* ]] && continue | ||
225 | [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" | ||
226 | mv ${d}/{,ssl-}${m} | ||
227 | # fix up references to renamed man pages | ||
228 | sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} | ||
229 | ln -s ssl-${m} ${d}/openssl-${m} | ||
230 | # locate any symlinks that point to this man page ... we assume | ||
231 | # that any broken links are due to the above renaming | ||
232 | for s in $(find -L ${d} -type l) ; do | ||
233 | s=${s##*/} | ||
234 | rm -f ${d}/${s} | ||
235 | ln -s ssl-${m} ${d}/ssl-${s} | ||
236 | ln -s ssl-${s} ${d}/openssl-${s} | ||
237 | done | ||
238 | done | ||
239 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" | ||
240 | |||
241 | dodir /etc/sandbox.d #254521 | ||
242 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl | ||
243 | |||
244 | diropts -m0700 | ||
245 | keepdir ${SSL_CNF_DIR}/private | ||
246 | } | ||
247 | |||
248 | pkg_postinst() { | ||
249 | ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" | ||
250 | c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null | ||
251 | eend $? | ||
252 | } | ||
diff --git a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild b/dev-libs/openssl/openssl-1.0.2u.ebuild index 7fb511c..be5a74d 100644 --- a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild +++ b/dev-libs/openssl/openssl-1.0.2u.ebuild | |||
@@ -1,30 +1,52 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | 1 | # Copyright 1999-2020 Gentoo Authors |
2 | # Distributed under the terms of the GNU General Public License v2 | 2 | # Distributed under the terms of the GNU General Public License v2 |
3 | 3 | ||
4 | EAPI="6" | 4 | EAPI="7" |
5 | 5 | ||
6 | inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal | 6 | inherit flag-o-matic toolchain-funcs multilib multilib-minimal |
7 | |||
8 | # openssl-1.0.2-patches-1.6 contain additional CVE patches | ||
9 | # which got fixed with this release. | ||
10 | # Please use 1.7 version number when rolling a new tarball! | ||
11 | PATCH_SET="openssl-1.0.2-patches-1.5" | ||
7 | 12 | ||
8 | PATCH_SET="openssl-1.0.2-patches-1.4" | ||
9 | MY_P=${P/_/-} | 13 | MY_P=${P/_/-} |
14 | |||
15 | # This patch set is based on the following files from Fedora 25, | ||
16 | # see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec | ||
17 | # for more details: | ||
18 | # - hobble-openssl (SOURCE1) | ||
19 | # - ec_curve.c (SOURCE12) -- MODIFIED | ||
20 | # - ectest.c (SOURCE13) | ||
21 | # - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED | ||
22 | BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz" | ||
23 | |||
10 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" | 24 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
11 | HOMEPAGE="https://www.openssl.org/" | 25 | HOMEPAGE="https://www.openssl.org/" |
12 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz | 26 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
13 | mirror://gentoo/${PATCH_SET}.tar.xz | 27 | bindist? ( |
14 | https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz | 28 | mirror://gentoo/${BINDIST_PATCH_SET} |
15 | https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" | 29 | https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} |
30 | ) | ||
31 | !vanilla? ( | ||
32 | mirror://gentoo/${PATCH_SET}.tar.xz | ||
33 | https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz | ||
34 | https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz | ||
35 | https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz | ||
36 | )" | ||
16 | 37 | ||
17 | LICENSE="openssl" | 38 | LICENSE="openssl" |
18 | SLOT="0" | 39 | SLOT="0" |
19 | KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" | 40 | KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux" |
20 | IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" | 41 | IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
21 | # RESTRICT="!bindist? ( bindist )" | 42 | RESTRICT="!test? ( test )" |
22 | 43 | ||
23 | RDEPEND=">=app-misc/c_rehash-1.7-r1 | 44 | RDEPEND=">=app-misc/c_rehash-1.7-r1 |
24 | gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) | 45 | gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
25 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) | 46 | kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) |
26 | kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" | 47 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
27 | DEPEND="${RDEPEND} | 48 | DEPEND="${RDEPEND}" |
49 | BDEPEND=" | ||
28 | >=dev-lang/perl-5 | 50 | >=dev-lang/perl-5 |
29 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) | 51 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
30 | test? ( | 52 | test? ( |
@@ -33,28 +55,6 @@ DEPEND="${RDEPEND} | |||
33 | )" | 55 | )" |
34 | PDEPEND="app-misc/ca-certificates" | 56 | PDEPEND="app-misc/ca-certificates" |
35 | 57 | ||
36 | # This does not copy the entire Fedora patchset, but JUST the parts that | ||
37 | # are needed to make it safe to use EC with RESTRICT=bindist. | ||
38 | # See openssl.spec for the matching numbering of SourceNNN, PatchNNN | ||
39 | SOURCE1=hobble-openssl | ||
40 | SOURCE12=ec_curve.c | ||
41 | SOURCE13=ectest.c | ||
42 | # These are ported instead | ||
43 | #PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC | ||
44 | #PATCH37=openssl-1.1.0-ec-curves.patch | ||
45 | FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' | ||
46 | FEDORA_GIT_BRANCH='f25' | ||
47 | FEDORA_SRC_URI=() | ||
48 | FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) | ||
49 | FEDORA_PATCH=( $PATCH1 $PATCH37 ) | ||
50 | for i in "${FEDORA_SOURCE[@]}" ; do | ||
51 | FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) | ||
52 | done | ||
53 | for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix | ||
54 | FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) | ||
55 | done | ||
56 | SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" | ||
57 | |||
58 | S="${WORKDIR}/${MY_P}" | 58 | S="${WORKDIR}/${MY_P}" |
59 | 59 | ||
60 | MULTILIB_WRAPPED_HEADERS=( | 60 | MULTILIB_WRAPPED_HEADERS=( |
@@ -63,18 +63,14 @@ MULTILIB_WRAPPED_HEADERS=( | |||
63 | 63 | ||
64 | src_prepare() { | 64 | src_prepare() { |
65 | if use bindist; then | 65 | if use bindist; then |
66 | # This just removes the prefix, and puts it into WORKDIR like the RPM. | 66 | mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die |
67 | for i in "${FEDORA_SOURCE[@]}" ; do | 67 | bash "${WORKDIR}"/hobble-openssl || die |
68 | cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die | 68 | |
69 | done | 69 | cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die |
70 | # .spec %prep | 70 | cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die |
71 | bash "${WORKDIR}"/"${SOURCE1}" || die | 71 | |
72 | cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die | 72 | eapply "${WORKDIR}"/bindist-patches/ec-curves.patch |
73 | cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1 | 73 | |
74 | for i in "${FEDORA_PATCH[@]}" ; do | ||
75 | eapply "${DISTDIR}"/"${i}" | ||
76 | done | ||
77 | eapply "${FILESDIR}"/openssl-1.0.2o-hobble-ecc.patch | ||
78 | # Also see the configure parts below: | 74 | # Also see the configure parts below: |
79 | # enable-ec \ | 75 | # enable-ec \ |
80 | # $(use_ssl !bindist ec2m) \ | 76 | # $(use_ssl !bindist ec2m) \ |
@@ -90,7 +86,6 @@ src_prepare() { | |||
90 | 86 | ||
91 | if ! use vanilla ; then | 87 | if ! use vanilla ; then |
92 | eapply "${WORKDIR}"/patch/*.patch | 88 | eapply "${WORKDIR}"/patch/*.patch |
93 | eapply "${FILESDIR}"/${P}-CVE-2018-0732.patch | ||
94 | fi | 89 | fi |
95 | 90 | ||
96 | eapply_user | 91 | eapply_user |
@@ -113,7 +108,8 @@ src_prepare() { | |||
113 | # since we're forcing $(CC) as makedep anyway, just fix | 108 | # since we're forcing $(CC) as makedep anyway, just fix |
114 | # the conditional as always-on | 109 | # the conditional as always-on |
115 | # helps clang (#417795), and versioned gcc (#499818) | 110 | # helps clang (#417795), and versioned gcc (#499818) |
116 | sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die | 111 | # this breaks build with 1.0.2p, not sure if it is needed anymore |
112 | #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die | ||
117 | 113 | ||
118 | # quiet out unknown driver argument warnings since openssl | 114 | # quiet out unknown driver argument warnings since openssl |
119 | # doesn't have well-split CFLAGS and we're making it even worse | 115 | # doesn't have well-split CFLAGS and we're making it even worse |
@@ -178,7 +174,9 @@ multilib_src_configure() { | |||
178 | [[ -z ${sslout} ]] && config="config" | 174 | [[ -z ${sslout} ]] && config="config" |
179 | 175 | ||
180 | # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' | 176 | # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' |
181 | echoit \ | 177 | # Make sure user flags don't get added *yet* to avoid duplicated |
178 | # flags. | ||
179 | CFLAGS= LDFLAGS= echoit \ | ||
182 | ./${config} \ | 180 | ./${config} \ |
183 | ${sslout} \ | 181 | ${sslout} \ |
184 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | 182 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
@@ -207,24 +205,30 @@ multilib_src_configure() { | |||
207 | || die | 205 | || die |
208 | 206 | ||
209 | # Clean out hardcoded flags that openssl uses | 207 | # Clean out hardcoded flags that openssl uses |
210 | local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ | 208 | local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
211 | -e 's:^CFLAG=::' \ | 209 | -e 's:^CFLAG=::' \ |
212 | -e 's:-fomit-frame-pointer ::g' \ | 210 | -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
213 | -e 's:-O[0-9] ::g' \ | 211 | -e 's:\(^\| \)-O[^ ]*::g' \ |
214 | -e 's:-march=[-a-z0-9]* ::g' \ | 212 | -e 's:\(^\| \)-march=[^ ]*::g' \ |
215 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | 213 | -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
216 | -e 's:-m[a-z0-9]* ::g' \ | 214 | -e 's:\(^\| \)-m[^ ]*::g' \ |
215 | -e 's:^ *::' \ | ||
216 | -e 's: *$::' \ | ||
217 | -e 's: \+: :g' \ | ||
218 | -e 's:\\:\\\\:g' | ||
217 | ) | 219 | ) |
220 | |||
221 | # Now insert clean default flags with user flags | ||
218 | sed -i \ | 222 | sed -i \ |
219 | -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ | 223 | -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
220 | -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ | 224 | -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
221 | Makefile || die | 225 | Makefile || die |
222 | } | 226 | } |
223 | 227 | ||
224 | multilib_src_compile() { | 228 | multilib_src_compile() { |
225 | # depend is needed to use $confopts; it also doesn't matter | 229 | # depend is needed to use $confopts; it also doesn't matter |
226 | # that it's -j1 as the code itself serializes subdirs | 230 | # that it's -j1 as the code itself serializes subdirs |
227 | emake -j1 depend | 231 | emake -j1 V=1 depend |
228 | emake all | 232 | emake all |
229 | # rehash is needed to prep the certs/ dir; do this | 233 | # rehash is needed to prep the certs/ dir; do this |
230 | # separately to avoid parallel build issues. | 234 | # separately to avoid parallel build issues. |
@@ -236,6 +240,12 @@ multilib_src_test() { | |||
236 | } | 240 | } |
237 | 241 | ||
238 | multilib_src_install() { | 242 | multilib_src_install() { |
243 | # We need to create $ED/usr on our own to avoid a race condition #665130 | ||
244 | if [[ ! -d "${ED}/usr" ]]; then | ||
245 | # We can only create this directory once | ||
246 | mkdir "${ED}"/usr || die | ||
247 | fi | ||
248 | |||
239 | emake INSTALL_PREFIX="${D}" install | 249 | emake INSTALL_PREFIX="${D}" install |
240 | } | 250 | } |
241 | 251 | ||
@@ -291,7 +301,7 @@ multilib_src_install_all() { | |||
291 | } | 301 | } |
292 | 302 | ||
293 | pkg_postinst() { | 303 | pkg_postinst() { |
294 | ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" | 304 | ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
295 | c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null | 305 | c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
296 | eend $? | 306 | eend $? |
297 | } | 307 | } |
diff --git a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild b/dev-libs/openssl/openssl-1.1.0g-r2.ebuild deleted file mode 100644 index 90ae90f..0000000 --- a/dev-libs/openssl/openssl-1.1.0g-r2.ebuild +++ /dev/null | |||
@@ -1,284 +0,0 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | ||
2 | # Distributed under the terms of the GNU General Public License v2 | ||
3 | |||
4 | EAPI="6" | ||
5 | |||
6 | inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal | ||
7 | |||
8 | MY_P=${P/_/-} | ||
9 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" | ||
10 | HOMEPAGE="http://www.openssl.org/" | ||
11 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" | ||
12 | |||
13 | LICENSE="openssl" | ||
14 | SLOT="0/1.1" # .so version of libssl/libcrypto | ||
15 | KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" | ||
16 | IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" | ||
17 | # RESTRICT="!bindist? ( bindist )" | ||
18 | |||
19 | RDEPEND=">=app-misc/c_rehash-1.7-r1 | ||
20 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" | ||
21 | DEPEND="${RDEPEND} | ||
22 | >=dev-lang/perl-5 | ||
23 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) | ||
24 | test? ( | ||
25 | sys-apps/diffutils | ||
26 | sys-devel/bc | ||
27 | )" | ||
28 | PDEPEND="app-misc/ca-certificates" | ||
29 | |||
30 | # This does not copy the entire Fedora patchset, but JUST the parts that | ||
31 | # are needed to make it safe to use EC with RESTRICT=bindist. | ||
32 | # See openssl.spec for the matching numbering of SourceNNN, PatchNNN | ||
33 | SOURCE1=hobble-openssl | ||
34 | SOURCE12=ec_curve.c | ||
35 | SOURCE13=ectest.c | ||
36 | PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC | ||
37 | PATCH37=openssl-1.1.0-ec-curves.patch | ||
38 | FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' | ||
39 | FEDORA_GIT_BRANCH='f27' | ||
40 | FEDORA_SRC_URI=() | ||
41 | FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) | ||
42 | FEDORA_PATCH=( $PATCH1 $PATCH37 ) | ||
43 | for i in "${FEDORA_SOURCE[@]}" ; do | ||
44 | FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) | ||
45 | done | ||
46 | for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix | ||
47 | FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) | ||
48 | done | ||
49 | SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" | ||
50 | |||
51 | S="${WORKDIR}/${MY_P}" | ||
52 | |||
53 | MULTILIB_WRAPPED_HEADERS=( | ||
54 | usr/include/openssl/opensslconf.h | ||
55 | ) | ||
56 | |||
57 | PATCHES=( | ||
58 | "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 | ||
59 | "${FILESDIR}"/${PN}-1.1.0g-CVE-2017-3738.patch | ||
60 | ) | ||
61 | |||
62 | src_prepare() { | ||
63 | if use bindist; then | ||
64 | # This just removes the prefix, and puts it into WORKDIR like the RPM. | ||
65 | for i in "${FEDORA_SOURCE[@]}" ; do | ||
66 | cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die | ||
67 | done | ||
68 | # .spec %prep | ||
69 | bash "${WORKDIR}"/"${SOURCE1}" || die | ||
70 | cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die | ||
71 | cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die | ||
72 | for i in "${FEDORA_PATCH[@]}" ; do | ||
73 | epatch "${DISTDIR}"/"${i}" | ||
74 | done | ||
75 | # Also see the configure parts below: | ||
76 | # enable-ec \ | ||
77 | # $(use_ssl !bindist ec2m) \ | ||
78 | |||
79 | fi | ||
80 | # keep this in sync with app-misc/c_rehash | ||
81 | SSL_CNF_DIR="/etc/ssl" | ||
82 | |||
83 | # Make sure we only ever touch Makefile.org and avoid patching a file | ||
84 | # that gets blown away anyways by the Configure script in src_configure | ||
85 | rm -f Makefile | ||
86 | |||
87 | if ! use vanilla ; then | ||
88 | epatch "${PATCHES[@]}" | ||
89 | fi | ||
90 | |||
91 | eapply_user #332661 | ||
92 | |||
93 | # make sure the man pages are suffixed #302165 | ||
94 | # don't bother building man pages if they're disabled | ||
95 | # Make DOCDIR Gentoo compliant | ||
96 | sed -i \ | ||
97 | -e '/^MANSUFFIX/s:=.*:=ssl:' \ | ||
98 | -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ | ||
99 | -e $(has noman FEATURES \ | ||
100 | && echo '/^install:/s:install_docs::' \ | ||
101 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ | ||
102 | -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ | ||
103 | Configurations/unix-Makefile.tmpl \ | ||
104 | || die | ||
105 | |||
106 | # show the actual commands in the log | ||
107 | sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared | ||
108 | |||
109 | # quiet out unknown driver argument warnings since openssl | ||
110 | # doesn't have well-split CFLAGS and we're making it even worse | ||
111 | # and 'make depend' uses -Werror for added fun (#417795 again) | ||
112 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments | ||
113 | |||
114 | # allow openssl to be cross-compiled | ||
115 | cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die | ||
116 | chmod a+rx gentoo.config | ||
117 | |||
118 | append-flags -fno-strict-aliasing | ||
119 | append-flags $(test-flags-CC -Wa,--noexecstack) | ||
120 | append-cppflags -DOPENSSL_NO_BUF_FREELISTS | ||
121 | |||
122 | # Prefixify Configure shebang (#141906) | ||
123 | sed \ | ||
124 | -e "1s,/usr/bin/env,${EPREFIX}&," \ | ||
125 | -i Configure || die | ||
126 | # Remove test target when FEATURES=test isn't set | ||
127 | if ! use test ; then | ||
128 | sed \ | ||
129 | -e '/^$config{dirs}/s@ "test",@@' \ | ||
130 | -i Configure || die | ||
131 | fi | ||
132 | # The config script does stupid stuff to prompt the user. Kill it. | ||
133 | sed -i '/stty -icanon min 0 time 50; read waste/d' config || die | ||
134 | ./config --test-sanity || die "I AM NOT SANE" | ||
135 | |||
136 | multilib_copy_sources | ||
137 | } | ||
138 | |||
139 | multilib_src_configure() { | ||
140 | unset APPS #197996 | ||
141 | unset SCRIPTS #312551 | ||
142 | unset CROSS_COMPILE #311473 | ||
143 | |||
144 | tc-export CC AR RANLIB RC | ||
145 | |||
146 | # Clean out patent-or-otherwise-encumbered code | ||
147 | # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) | ||
148 | # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm | ||
149 | # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography | ||
150 | # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 | ||
151 | # RC5: Expired http://en.wikipedia.org/wiki/RC5 | ||
152 | |||
153 | use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } | ||
154 | echoit() { echo "$@" ; "$@" ; } | ||
155 | |||
156 | local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") | ||
157 | |||
158 | # See if our toolchain supports __uint128_t. If so, it's 64bit | ||
159 | # friendly and can use the nicely optimized code paths. #460790 | ||
160 | local ec_nistp_64_gcc_128 | ||
161 | # Disable it for now though #469976 | ||
162 | #if ! use bindist ; then | ||
163 | # echo "__uint128_t i;" > "${T}"/128.c | ||
164 | # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then | ||
165 | # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" | ||
166 | # fi | ||
167 | #fi | ||
168 | |||
169 | local sslout=$(./gentoo.config) | ||
170 | einfo "Use configuration ${sslout:-(openssl knows best)}" | ||
171 | local config="Configure" | ||
172 | [[ -z ${sslout} ]] && config="config" | ||
173 | |||
174 | # Fedora hobbled-EC needs 'no-ec2m' | ||
175 | # 'srp' was restricted until early 2017 as well. | ||
176 | echoit \ | ||
177 | ./${config} \ | ||
178 | ${sslout} \ | ||
179 | --api=1.0.0 \ | ||
180 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | ||
181 | enable-camellia \ | ||
182 | disable-deprecated \ | ||
183 | enable-ec \ | ||
184 | $(use_ssl !bindist ec2m) \ | ||
185 | enable-srp \ | ||
186 | $(use elibc_musl && echo "no-async") \ | ||
187 | ${ec_nistp_64_gcc_128} \ | ||
188 | enable-idea \ | ||
189 | enable-mdc2 \ | ||
190 | enable-rc5 \ | ||
191 | $(use_ssl asm) \ | ||
192 | $(use_ssl rfc3779) \ | ||
193 | $(use_ssl sctp) \ | ||
194 | $(use_ssl tls-heartbeat heartbeats) \ | ||
195 | $(use_ssl zlib) \ | ||
196 | --prefix="${EPREFIX}"/usr \ | ||
197 | --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ | ||
198 | --libdir=$(get_libdir) \ | ||
199 | shared threads \ | ||
200 | || die | ||
201 | |||
202 | # Clean out hardcoded flags that openssl uses | ||
203 | # Fix quoting for sed | ||
204 | local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ | ||
205 | -e 's:^CFLAGS=::' \ | ||
206 | -e 's:-fomit-frame-pointer ::g' \ | ||
207 | -e 's:-O[0-9] ::g' \ | ||
208 | -e 's:-march=[-a-z0-9]* ::g' \ | ||
209 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | ||
210 | -e 's:-m[a-z0-9]* ::g' \ | ||
211 | -e 's:\\:\\\\:g' \ | ||
212 | ) | ||
213 | sed -i \ | ||
214 | -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ | ||
215 | -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ | ||
216 | Makefile || die | ||
217 | } | ||
218 | |||
219 | multilib_src_compile() { | ||
220 | # depend is needed to use $confopts; it also doesn't matter | ||
221 | # that it's -j1 as the code itself serializes subdirs | ||
222 | emake -j1 depend | ||
223 | emake all | ||
224 | } | ||
225 | |||
226 | multilib_src_test() { | ||
227 | emake -j1 test | ||
228 | } | ||
229 | |||
230 | multilib_src_install() { | ||
231 | emake DESTDIR="${D}" install | ||
232 | } | ||
233 | |||
234 | multilib_src_install_all() { | ||
235 | # openssl installs perl version of c_rehash by default, but | ||
236 | # we provide a shell version via app-misc/c_rehash | ||
237 | rm "${ED}"/usr/bin/c_rehash || die | ||
238 | |||
239 | dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el | ||
240 | |||
241 | # This is crappy in that the static archives are still built even | ||
242 | # when USE=static-libs. But this is due to a failing in the openssl | ||
243 | # build system: the static archives are built as PIC all the time. | ||
244 | # Only way around this would be to manually configure+compile openssl | ||
245 | # twice; once with shared lib support enabled and once without. | ||
246 | use static-libs || rm -f "${ED}"/usr/lib*/lib*.a | ||
247 | |||
248 | # create the certs directory | ||
249 | keepdir ${SSL_CNF_DIR}/certs | ||
250 | |||
251 | # Namespace openssl programs to prevent conflicts with other man pages | ||
252 | cd "${ED}"/usr/share/man | ||
253 | local m d s | ||
254 | for m in $(find . -type f | xargs grep -L '#include') ; do | ||
255 | d=${m%/*} ; d=${d#./} ; m=${m##*/} | ||
256 | [[ ${m} == openssl.1* ]] && continue | ||
257 | [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" | ||
258 | mv ${d}/{,ssl-}${m} | ||
259 | # fix up references to renamed man pages | ||
260 | sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} | ||
261 | ln -s ssl-${m} ${d}/openssl-${m} | ||
262 | # locate any symlinks that point to this man page ... we assume | ||
263 | # that any broken links are due to the above renaming | ||
264 | for s in $(find -L ${d} -type l) ; do | ||
265 | s=${s##*/} | ||
266 | rm -f ${d}/${s} | ||
267 | ln -s ssl-${m} ${d}/ssl-${s} | ||
268 | ln -s ssl-${s} ${d}/openssl-${s} | ||
269 | done | ||
270 | done | ||
271 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" | ||
272 | |||
273 | dodir /etc/sandbox.d #254521 | ||
274 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl | ||
275 | |||
276 | diropts -m0700 | ||
277 | keepdir ${SSL_CNF_DIR}/private | ||
278 | } | ||
279 | |||
280 | pkg_postinst() { | ||
281 | ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" | ||
282 | c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null | ||
283 | eend $? | ||
284 | } | ||
diff --git a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild index 3228201..49c2bcd 100644 --- a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild +++ b/dev-libs/openssl/openssl-1.1.0l.ebuild | |||
@@ -1,24 +1,39 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | 1 | # Copyright 1999-2019 Gentoo Authors |
2 | # Distributed under the terms of the GNU General Public License v2 | 2 | # Distributed under the terms of the GNU General Public License v2 |
3 | 3 | ||
4 | EAPI="6" | 4 | EAPI="7" |
5 | 5 | ||
6 | inherit flag-o-matic toolchain-funcs multilib multilib-minimal | 6 | inherit flag-o-matic toolchain-funcs multilib multilib-minimal |
7 | 7 | ||
8 | MY_P=${P/_/-} | 8 | MY_P=${P/_/-} |
9 | |||
10 | # This patch set is based on the following files from Fedora 28, | ||
11 | # see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec | ||
12 | # for more details: | ||
13 | # - hobble-openssl (SOURCE1) | ||
14 | # - ec_curve.c (SOURCE12) -- MODIFIED | ||
15 | # - ectest.c (SOURCE13) | ||
16 | # - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED | ||
17 | BINDIST_PATCH_SET="openssl-1.1.0l-bindist-1.0.tar.xz" | ||
18 | |||
9 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" | 19 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
10 | HOMEPAGE="https://www.openssl.org/" | 20 | HOMEPAGE="https://www.openssl.org/" |
11 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" | 21 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
22 | bindist? ( | ||
23 | mirror://gentoo/${BINDIST_PATCH_SET} | ||
24 | https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} | ||
25 | )" | ||
12 | 26 | ||
13 | LICENSE="openssl" | 27 | LICENSE="openssl" |
14 | SLOT="0/1.1" # .so version of libssl/libcrypto | 28 | SLOT="0/1.1" # .so version of libssl/libcrypto |
15 | KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" | 29 | KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux" |
16 | IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" | 30 | IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" |
17 | # RESTRICT="!bindist? ( bindist )" | 31 | RESTRICT="!test? ( test )" |
18 | 32 | ||
19 | RDEPEND=">=app-misc/c_rehash-1.7-r1 | 33 | RDEPEND=">=app-misc/c_rehash-1.7-r1 |
20 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" | 34 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
21 | DEPEND="${RDEPEND} | 35 | DEPEND="${RDEPEND}" |
36 | BDEPEND=" | ||
22 | >=dev-lang/perl-5 | 37 | >=dev-lang/perl-5 |
23 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) | 38 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
24 | test? ( | 39 | test? ( |
@@ -27,26 +42,11 @@ DEPEND="${RDEPEND} | |||
27 | )" | 42 | )" |
28 | PDEPEND="app-misc/ca-certificates" | 43 | PDEPEND="app-misc/ca-certificates" |
29 | 44 | ||
30 | # This does not copy the entire Fedora patchset, but JUST the parts that | 45 | PATCHES=( |
31 | # are needed to make it safe to use EC with RESTRICT=bindist. | 46 | "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
32 | # See openssl.spec for the matching numbering of SourceNNN, PatchNNN | 47 | "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
33 | SOURCE1=hobble-openssl | 48 | "${FILESDIR}"/${PN}-1.1.0k-fix-test_fuzz.patch |
34 | SOURCE12=ec_curve.c | 49 | ) |
35 | SOURCE13=ectest.c | ||
36 | PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC | ||
37 | PATCH37=openssl-1.1.0-ec-curves.patch | ||
38 | FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' | ||
39 | FEDORA_GIT_BRANCH='f27' | ||
40 | FEDORA_SRC_URI=() | ||
41 | FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) | ||
42 | FEDORA_PATCH=( $PATCH1 $PATCH37 ) | ||
43 | for i in "${FEDORA_SOURCE[@]}" ; do | ||
44 | FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) | ||
45 | done | ||
46 | for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix | ||
47 | FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) | ||
48 | done | ||
49 | SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" | ||
50 | 50 | ||
51 | S="${WORKDIR}/${MY_P}" | 51 | S="${WORKDIR}/${MY_P}" |
52 | 52 | ||
@@ -54,30 +54,31 @@ MULTILIB_WRAPPED_HEADERS=( | |||
54 | usr/include/openssl/opensslconf.h | 54 | usr/include/openssl/opensslconf.h |
55 | ) | 55 | ) |
56 | 56 | ||
57 | PATCHES=( | ||
58 | "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 | ||
59 | "${FILESDIR}"/${P}-CVE-2018-0737.patch | ||
60 | "${FILESDIR}"/${P}-CVE-2018-0732.patch | ||
61 | ) | ||
62 | |||
63 | src_prepare() { | 57 | src_prepare() { |
64 | if use bindist; then | 58 | if use bindist; then |
65 | # This just removes the prefix, and puts it into WORKDIR like the RPM. | 59 | mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die |
66 | for i in "${FEDORA_SOURCE[@]}" ; do | 60 | bash "${WORKDIR}"/hobble-openssl || die |
67 | cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die | 61 | |
68 | done | 62 | cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die |
69 | # .spec %prep | 63 | cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die |
70 | bash "${WORKDIR}"/"${SOURCE1}" || die | 64 | |
71 | cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die | 65 | eapply "${WORKDIR}"/bindist-patches/ec-curves.patch |
72 | cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die | 66 | |
73 | for i in "${FEDORA_PATCH[@]}" ; do | 67 | local known_failing_test |
74 | eapply "${DISTDIR}"/"${i}" | 68 | for known_failing_test in \ |
69 | 30-test_evp_extra.t \ | ||
70 | 80-test_ssl_new.t \ | ||
71 | ; do | ||
72 | ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" | ||
73 | rm test/recipes/${known_failing_test} || die | ||
74 | eend $? | ||
75 | done | 75 | done |
76 | |||
76 | # Also see the configure parts below: | 77 | # Also see the configure parts below: |
77 | # enable-ec \ | 78 | # enable-ec \ |
78 | # $(use_ssl !bindist ec2m) \ | 79 | # $(use_ssl !bindist ec2m) \ |
79 | |||
80 | fi | 80 | fi |
81 | |||
81 | # keep this in sync with app-misc/c_rehash | 82 | # keep this in sync with app-misc/c_rehash |
82 | SSL_CNF_DIR="/etc/ssl" | 83 | SSL_CNF_DIR="/etc/ssl" |
83 | 84 | ||
@@ -86,7 +87,11 @@ src_prepare() { | |||
86 | rm -f Makefile | 87 | rm -f Makefile |
87 | 88 | ||
88 | if ! use vanilla ; then | 89 | if ! use vanilla ; then |
89 | eapply "${PATCHES[@]}" | 90 | if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then |
91 | [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}" | ||
92 | fi | ||
93 | |||
94 | use bindist || eapply "${FILESDIR}"/${PN}-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch | ||
90 | fi | 95 | fi |
91 | 96 | ||
92 | eapply_user #332661 | 97 | eapply_user #332661 |
@@ -100,7 +105,7 @@ src_prepare() { | |||
100 | -e $(has noman FEATURES \ | 105 | -e $(has noman FEATURES \ |
101 | && echo '/^install:/s:install_docs::' \ | 106 | && echo '/^install:/s:install_docs::' \ |
102 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ | 107 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
103 | -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ | 108 | -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ |
104 | Configurations/unix-Makefile.tmpl \ | 109 | Configurations/unix-Makefile.tmpl \ |
105 | || die | 110 | || die |
106 | 111 | ||
@@ -176,7 +181,9 @@ multilib_src_configure() { | |||
176 | # 'srp' was restricted until early 2017 as well. | 181 | # 'srp' was restricted until early 2017 as well. |
177 | # "disable-deprecated" option breaks too many consumers. | 182 | # "disable-deprecated" option breaks too many consumers. |
178 | # Don't set it without thorough revdeps testing. | 183 | # Don't set it without thorough revdeps testing. |
179 | echoit \ | 184 | # Make sure user flags don't get added *yet* to avoid duplicated |
185 | # flags. | ||
186 | CFLAGS= LDFLAGS= echoit \ | ||
180 | ./${config} \ | 187 | ./${config} \ |
181 | ${sslout} \ | 188 | ${sslout} \ |
182 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | 189 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
@@ -189,6 +196,8 @@ multilib_src_configure() { | |||
189 | enable-idea \ | 196 | enable-idea \ |
190 | enable-mdc2 \ | 197 | enable-mdc2 \ |
191 | enable-rc5 \ | 198 | enable-rc5 \ |
199 | $(use_ssl sslv3 ssl3) \ | ||
200 | $(use_ssl sslv3 ssl3-method) \ | ||
192 | $(use_ssl asm) \ | 201 | $(use_ssl asm) \ |
193 | $(use_ssl rfc3779) \ | 202 | $(use_ssl rfc3779) \ |
194 | $(use_ssl sctp) \ | 203 | $(use_ssl sctp) \ |
@@ -201,16 +210,20 @@ multilib_src_configure() { | |||
201 | || die | 210 | || die |
202 | 211 | ||
203 | # Clean out hardcoded flags that openssl uses | 212 | # Clean out hardcoded flags that openssl uses |
204 | # Fix quoting for sed | ||
205 | local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ | 213 | local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |
206 | -e 's:^CFLAGS=::' \ | 214 | -e 's:^CFLAGS=::' \ |
207 | -e 's:-fomit-frame-pointer ::g' \ | 215 | -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
208 | -e 's:-O[0-9] ::g' \ | 216 | -e 's:\(^\| \)-O[^ ]*::g' \ |
209 | -e 's:-march=[-a-z0-9]* ::g' \ | 217 | -e 's:\(^\| \)-march=[^ ]*::g' \ |
210 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | 218 | -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
211 | -e 's:-m[a-z0-9]* ::g' \ | 219 | -e 's:\(^\| \)-m[^ ]*::g' \ |
212 | -e 's:\\:\\\\:g' \ | 220 | -e 's:^ *::' \ |
221 | -e 's: *$::' \ | ||
222 | -e 's: \+: :g' \ | ||
223 | -e 's:\\:\\\\:g' | ||
213 | ) | 224 | ) |
225 | |||
226 | # Now insert clean default flags with user flags | ||
214 | sed -i \ | 227 | sed -i \ |
215 | -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ | 228 | -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
216 | -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ | 229 | -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
@@ -229,13 +242,19 @@ multilib_src_test() { | |||
229 | } | 242 | } |
230 | 243 | ||
231 | multilib_src_install() { | 244 | multilib_src_install() { |
245 | # We need to create $ED/usr on our own to avoid a race condition #665130 | ||
246 | if [[ ! -d "${ED}/usr" ]]; then | ||
247 | # We can only create this directory once | ||
248 | mkdir "${ED}"/usr || die | ||
249 | fi | ||
250 | |||
232 | emake DESTDIR="${D}" install | 251 | emake DESTDIR="${D}" install |
233 | } | 252 | } |
234 | 253 | ||
235 | multilib_src_install_all() { | 254 | multilib_src_install_all() { |
236 | # openssl installs perl version of c_rehash by default, but | 255 | # openssl installs perl version of c_rehash by default, but |
237 | # we provide a shell version via app-misc/c_rehash | 256 | # we provide a shell version via app-misc/c_rehash |
238 | rm "${ED%/}"/usr/bin/c_rehash || die | 257 | rm "${ED}"/usr/bin/c_rehash || die |
239 | 258 | ||
240 | dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el | 259 | dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el |
241 | 260 | ||
@@ -244,13 +263,13 @@ multilib_src_install_all() { | |||
244 | # build system: the static archives are built as PIC all the time. | 263 | # build system: the static archives are built as PIC all the time. |
245 | # Only way around this would be to manually configure+compile openssl | 264 | # Only way around this would be to manually configure+compile openssl |
246 | # twice; once with shared lib support enabled and once without. | 265 | # twice; once with shared lib support enabled and once without. |
247 | use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a | 266 | use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
248 | 267 | ||
249 | # create the certs directory | 268 | # create the certs directory |
250 | keepdir ${SSL_CNF_DIR}/certs | 269 | keepdir ${SSL_CNF_DIR}/certs |
251 | 270 | ||
252 | # Namespace openssl programs to prevent conflicts with other man pages | 271 | # Namespace openssl programs to prevent conflicts with other man pages |
253 | cd "${ED%/}"/usr/share/man || die | 272 | cd "${ED}"/usr/share/man || die |
254 | local m d s | 273 | local m d s |
255 | for m in $(find . -type f | xargs grep -L '#include') ; do | 274 | for m in $(find . -type f | xargs grep -L '#include') ; do |
256 | d=${m%/*} ; d=${d#./} ; m=${m##*/} | 275 | d=${m%/*} ; d=${d#./} ; m=${m##*/} |
@@ -273,14 +292,14 @@ multilib_src_install_all() { | |||
273 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" | 292 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
274 | 293 | ||
275 | dodir /etc/sandbox.d #254521 | 294 | dodir /etc/sandbox.d #254521 |
276 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl | 295 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
277 | 296 | ||
278 | diropts -m0700 | 297 | diropts -m0700 |
279 | keepdir ${SSL_CNF_DIR}/private | 298 | keepdir ${SSL_CNF_DIR}/private |
280 | } | 299 | } |
281 | 300 | ||
282 | pkg_postinst() { | 301 | pkg_postinst() { |
283 | ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" | 302 | ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
284 | c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null | 303 | c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
285 | eend $? | 304 | eend $? |
286 | } | 305 | } |
diff --git a/dev-libs/openssl/openssl-1.1.1_pre7-r1.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild index eebb47a..2ad3769 100644 --- a/dev-libs/openssl/openssl-1.1.1_pre7-r1.ebuild +++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild | |||
@@ -1,45 +1,108 @@ | |||
1 | # Copyright 1999-2018 Gentoo Authors | 1 | # Copyright 1999-2019 Gentoo Authors |
2 | # Distributed under the terms of the GNU General Public License v2 | 2 | # Distributed under the terms of the GNU General Public License v2 |
3 | 3 | ||
4 | EAPI="6" | 4 | EAPI="7" |
5 | 5 | ||
6 | inherit flag-o-matic toolchain-funcs multilib multilib-minimal | 6 | inherit flag-o-matic toolchain-funcs multilib multilib-minimal |
7 | 7 | ||
8 | MY_P=${P/_/-} | 8 | MY_P=${P/_/-} |
9 | |||
10 | # This patch set is based on the following files from Fedora 31, | ||
11 | # see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec | ||
12 | # for more details: | ||
13 | # - hobble-openssl (SOURCE1) | ||
14 | # - ec_curve.c (SOURCE12) -- MODIFIED | ||
15 | # - ectest.c (SOURCE13) | ||
16 | # - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED | ||
17 | BINDIST_PATCH_SET="openssl-1.1.1d-bindist-1.0.tar.xz" | ||
18 | |||
9 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" | 19 | DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
10 | HOMEPAGE="https://www.openssl.org/" | 20 | HOMEPAGE="https://www.openssl.org/" |
11 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" | 21 | SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
22 | bindist? ( | ||
23 | mirror://gentoo/${BINDIST_PATCH_SET} | ||
24 | https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} | ||
25 | )" | ||
12 | 26 | ||
13 | LICENSE="openssl" | 27 | LICENSE="openssl" |
14 | SLOT="0/1.1" # .so version of libssl/libcrypto | 28 | SLOT="0/1.1" # .so version of libssl/libcrypto |
15 | [[ "${PV}" = *_pre* ]] || \ | 29 | [[ "${PV}" = *_pre* ]] || \ |
16 | KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" | 30 | KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux" |
17 | IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" | 31 | IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" |
18 | # RESTRICT="!bindist? ( bindist )" | 32 | RESTRICT="!test? ( test )" |
19 | 33 | ||
20 | RDEPEND=">=app-misc/c_rehash-1.7-r1 | 34 | RDEPEND=">=app-misc/c_rehash-1.7-r1 |
21 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" | 35 | zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
22 | DEPEND="${RDEPEND} | 36 | DEPEND="${RDEPEND}" |
37 | BDEPEND=" | ||
23 | >=dev-lang/perl-5 | 38 | >=dev-lang/perl-5 |
24 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) | 39 | sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
25 | test? ( | 40 | test? ( |
26 | sys-apps/diffutils | 41 | sys-apps/diffutils |
27 | sys-devel/bc | 42 | sys-devel/bc |
43 | sys-process/procps | ||
28 | )" | 44 | )" |
29 | PDEPEND="app-misc/ca-certificates" | 45 | PDEPEND="app-misc/ca-certificates" |
30 | 46 | ||
47 | PATCHES=( | ||
48 | "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 | ||
49 | "${FILESDIR}"/${P}-fix-zlib.patch | ||
50 | "${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch | ||
51 | "${FILESDIR}"/${P}-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch | ||
52 | ) | ||
53 | |||
31 | S="${WORKDIR}/${MY_P}" | 54 | S="${WORKDIR}/${MY_P}" |
32 | 55 | ||
56 | # force upgrade to prevent broken login, bug 696950 | ||
57 | RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" | ||
58 | |||
33 | MULTILIB_WRAPPED_HEADERS=( | 59 | MULTILIB_WRAPPED_HEADERS=( |
34 | usr/include/openssl/opensslconf.h | 60 | usr/include/openssl/opensslconf.h |
35 | ) | 61 | ) |
36 | 62 | ||
37 | PATCHES=( | 63 | pkg_setup() { |
38 | "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 | 64 | [[ ${MERGE_TYPE} == binary ]] && return |
39 | "${FILESDIR}"/${P}-CVE-2018-0732.patch | 65 | |
40 | ) | 66 | # must check in pkg_setup; sysctl don't work with userpriv! |
67 | if has test ${FEATURES} && use sctp; then | ||
68 | # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" | ||
69 | # if sctp.auth_enable is not enabled. | ||
70 | local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) | ||
71 | if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then | ||
72 | die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" | ||
73 | fi | ||
74 | fi | ||
75 | } | ||
41 | 76 | ||
42 | src_prepare() { | 77 | src_prepare() { |
78 | # allow openssl to be cross-compiled | ||
79 | cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die | ||
80 | chmod a+rx gentoo.config || die | ||
81 | |||
82 | if use bindist; then | ||
83 | mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die | ||
84 | bash "${WORKDIR}"/hobble-openssl || die | ||
85 | |||
86 | cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die | ||
87 | cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die | ||
88 | |||
89 | eapply "${WORKDIR}"/bindist-patches/ec-curves.patch | ||
90 | |||
91 | local known_failing_test | ||
92 | for known_failing_test in \ | ||
93 | 30-test_evp_extra.t \ | ||
94 | 80-test_ssl_new.t \ | ||
95 | ; do | ||
96 | ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" | ||
97 | rm test/recipes/${known_failing_test} || die | ||
98 | eend $? | ||
99 | done | ||
100 | |||
101 | # Also see the configure parts below: | ||
102 | # enable-ec \ | ||
103 | # $(use_ssl !bindist ec2m) \ | ||
104 | fi | ||
105 | |||
43 | # keep this in sync with app-misc/c_rehash | 106 | # keep this in sync with app-misc/c_rehash |
44 | SSL_CNF_DIR="/etc/ssl" | 107 | SSL_CNF_DIR="/etc/ssl" |
45 | 108 | ||
@@ -48,11 +111,19 @@ src_prepare() { | |||
48 | rm -f Makefile | 111 | rm -f Makefile |
49 | 112 | ||
50 | if ! use vanilla ; then | 113 | if ! use vanilla ; then |
51 | eapply "${PATCHES[@]}" | 114 | if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then |
115 | [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}" | ||
116 | fi | ||
52 | fi | 117 | fi |
53 | 118 | ||
54 | eapply_user #332661 | 119 | eapply_user #332661 |
55 | 120 | ||
121 | if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then | ||
122 | ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox" | ||
123 | rm test/recipes/80-test_ssl_new.t || die | ||
124 | eend $? | ||
125 | fi | ||
126 | |||
56 | # make sure the man pages are suffixed #302165 | 127 | # make sure the man pages are suffixed #302165 |
57 | # don't bother building man pages if they're disabled | 128 | # don't bother building man pages if they're disabled |
58 | # Make DOCDIR Gentoo compliant | 129 | # Make DOCDIR Gentoo compliant |
@@ -62,7 +133,7 @@ src_prepare() { | |||
62 | -e $(has noman FEATURES \ | 133 | -e $(has noman FEATURES \ |
63 | && echo '/^install:/s:install_docs::' \ | 134 | && echo '/^install:/s:install_docs::' \ |
64 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ | 135 | || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
65 | -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ | 136 | -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ |
66 | Configurations/unix-Makefile.tmpl \ | 137 | Configurations/unix-Makefile.tmpl \ |
67 | || die | 138 | || die |
68 | 139 | ||
@@ -71,10 +142,6 @@ src_prepare() { | |||
71 | # and 'make depend' uses -Werror for added fun (#417795 again) | 142 | # and 'make depend' uses -Werror for added fun (#417795 again) |
72 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments | 143 | [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
73 | 144 | ||
74 | # allow openssl to be cross-compiled | ||
75 | cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die | ||
76 | chmod a+rx gentoo.config || die | ||
77 | |||
78 | append-flags -fno-strict-aliasing | 145 | append-flags -fno-strict-aliasing |
79 | append-flags $(test-flags-CC -Wa,--noexecstack) | 146 | append-flags $(test-flags-CC -Wa,--noexecstack) |
80 | append-cppflags -DOPENSSL_NO_BUF_FREELISTS | 147 | append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
@@ -131,21 +198,27 @@ multilib_src_configure() { | |||
131 | local config="Configure" | 198 | local config="Configure" |
132 | [[ -z ${sslout} ]] && config="config" | 199 | [[ -z ${sslout} ]] && config="config" |
133 | 200 | ||
201 | # Fedora hobbled-EC needs 'no-ec2m' | ||
134 | # 'srp' was restricted until early 2017 as well. | 202 | # 'srp' was restricted until early 2017 as well. |
135 | # "disable-deprecated" option breaks too many consumers. | 203 | # "disable-deprecated" option breaks too many consumers. |
136 | # Don't set it without thorough revdeps testing. | 204 | # Don't set it without thorough revdeps testing. |
137 | echoit \ | 205 | # Make sure user flags don't get added *yet* to avoid duplicated |
206 | # flags. | ||
207 | CFLAGS= LDFLAGS= echoit \ | ||
138 | ./${config} \ | 208 | ./${config} \ |
139 | ${sslout} \ | 209 | ${sslout} \ |
140 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ | 210 | $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
141 | enable-camellia \ | 211 | enable-camellia \ |
142 | $(use_ssl !bindist ec) \ | 212 | enable-ec \ |
143 | $(use_ssl !bindist srp) \ | 213 | $(use_ssl !bindist ec2m) \ |
214 | enable-srp \ | ||
144 | $(use elibc_musl && echo "no-async") \ | 215 | $(use elibc_musl && echo "no-async") \ |
145 | ${ec_nistp_64_gcc_128} \ | 216 | ${ec_nistp_64_gcc_128} \ |
146 | enable-idea \ | 217 | enable-idea \ |
147 | enable-mdc2 \ | 218 | enable-mdc2 \ |
148 | enable-rc5 \ | 219 | enable-rc5 \ |
220 | $(use_ssl sslv3 ssl3) \ | ||
221 | $(use_ssl sslv3 ssl3-method) \ | ||
149 | $(use_ssl asm) \ | 222 | $(use_ssl asm) \ |
150 | $(use_ssl rfc3779) \ | 223 | $(use_ssl rfc3779) \ |
151 | $(use_ssl sctp) \ | 224 | $(use_ssl sctp) \ |
@@ -158,16 +231,20 @@ multilib_src_configure() { | |||
158 | || die | 231 | || die |
159 | 232 | ||
160 | # Clean out hardcoded flags that openssl uses | 233 | # Clean out hardcoded flags that openssl uses |
161 | # Fix quoting for sed | ||
162 | local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ | 234 | local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |
163 | -e 's:^CFLAGS=::' \ | 235 | -e 's:^CFLAGS=::' \ |
164 | -e 's:-fomit-frame-pointer ::g' \ | 236 | -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
165 | -e 's:-O[0-9] ::g' \ | 237 | -e 's:\(^\| \)-O[^ ]*::g' \ |
166 | -e 's:-march=[-a-z0-9]* ::g' \ | 238 | -e 's:\(^\| \)-march=[^ ]*::g' \ |
167 | -e 's:-mcpu=[-a-z0-9]* ::g' \ | 239 | -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
168 | -e 's:-m[a-z0-9]* ::g' \ | 240 | -e 's:\(^\| \)-m[^ ]*::g' \ |
169 | -e 's:\\:\\\\:g' \ | 241 | -e 's:^ *::' \ |
242 | -e 's: *$::' \ | ||
243 | -e 's: \+: :g' \ | ||
244 | -e 's:\\:\\\\:g' | ||
170 | ) | 245 | ) |
246 | |||
247 | # Now insert clean default flags with user flags | ||
171 | sed -i \ | 248 | sed -i \ |
172 | -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ | 249 | -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
173 | -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ | 250 | -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
@@ -186,13 +263,19 @@ multilib_src_test() { | |||
186 | } | 263 | } |
187 | 264 | ||
188 | multilib_src_install() { | 265 | multilib_src_install() { |
266 | # We need to create $ED/usr on our own to avoid a race condition #665130 | ||
267 | if [[ ! -d "${ED}/usr" ]]; then | ||
268 | # We can only create this directory once | ||
269 | mkdir "${ED}"/usr || die | ||
270 | fi | ||
271 | |||
189 | emake DESTDIR="${D}" install | 272 | emake DESTDIR="${D}" install |
190 | } | 273 | } |
191 | 274 | ||
192 | multilib_src_install_all() { | 275 | multilib_src_install_all() { |
193 | # openssl installs perl version of c_rehash by default, but | 276 | # openssl installs perl version of c_rehash by default, but |
194 | # we provide a shell version via app-misc/c_rehash | 277 | # we provide a shell version via app-misc/c_rehash |
195 | rm "${ED%/}"/usr/bin/c_rehash || die | 278 | rm "${ED}"/usr/bin/c_rehash || die |
196 | 279 | ||
197 | dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el | 280 | dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el |
198 | 281 | ||
@@ -201,13 +284,13 @@ multilib_src_install_all() { | |||
201 | # build system: the static archives are built as PIC all the time. | 284 | # build system: the static archives are built as PIC all the time. |
202 | # Only way around this would be to manually configure+compile openssl | 285 | # Only way around this would be to manually configure+compile openssl |
203 | # twice; once with shared lib support enabled and once without. | 286 | # twice; once with shared lib support enabled and once without. |
204 | use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a | 287 | use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
205 | 288 | ||
206 | # create the certs directory | 289 | # create the certs directory |
207 | keepdir ${SSL_CNF_DIR}/certs | 290 | keepdir ${SSL_CNF_DIR}/certs |
208 | 291 | ||
209 | # Namespace openssl programs to prevent conflicts with other man pages | 292 | # Namespace openssl programs to prevent conflicts with other man pages |
210 | cd "${ED%/}"/usr/share/man || die | 293 | cd "${ED}"/usr/share/man || die |
211 | local m d s | 294 | local m d s |
212 | for m in $(find . -type f | xargs grep -L '#include') ; do | 295 | for m in $(find . -type f | xargs grep -L '#include') ; do |
213 | d=${m%/*} ; d=${d#./} ; m=${m##*/} | 296 | d=${m%/*} ; d=${d#./} ; m=${m##*/} |
@@ -230,14 +313,14 @@ multilib_src_install_all() { | |||
230 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" | 313 | [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
231 | 314 | ||
232 | dodir /etc/sandbox.d #254521 | 315 | dodir /etc/sandbox.d #254521 |
233 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl | 316 | echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
234 | 317 | ||
235 | diropts -m0700 | 318 | diropts -m0700 |
236 | keepdir ${SSL_CNF_DIR}/private | 319 | keepdir ${SSL_CNF_DIR}/private |
237 | } | 320 | } |
238 | 321 | ||
239 | pkg_postinst() { | 322 | pkg_postinst() { |
240 | ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" | 323 | ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
241 | c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null | 324 | c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
242 | eend $? | 325 | eend $? |
243 | } | 326 | } |