Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/, dev-libs/openssl/
Date: Mon, 31 Oct 2016 07:11:36
Message-Id: 1477897808.246f6b0590667adffa8967d9ba41bc993119a553.polynomial-c@gentoo
1 commit: 246f6b0590667adffa8967d9ba41bc993119a553
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Mon Oct 31 07:10:08 2016 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 31 07:10:08 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=246f6b05
7
8 dev-libs/openssl: Removed vulnerable versions.
9
10 Package-Manager: portage-2.3.2
11 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13 dev-libs/openssl/Manifest | 2 -
14 .../openssl/files/openssl-1.0.0d-windres.patch | 76 -----
15 .../files/openssl-1.0.2g-parallel-build.patch | 318 ---------------------
16 .../files/openssl-1.0.2h-CVE-2016-2177.patch | 279 ------------------
17 .../files/openssl-1.0.2h-CVE-2016-2178.patch | 28 --
18 dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 254 ----------------
19 dev-libs/openssl/openssl-1.0.2i.ebuild | 249 ----------------
20 7 files changed, 1206 deletions(-)
21
22 diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
23 index 4d20371..3e6411e 100644
24 --- a/dev-libs/openssl/Manifest
25 +++ b/dev-libs/openssl/Manifest
26 @@ -1,5 +1,3 @@
27 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
28 -DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
29 -DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d
30 DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
31 DIST openssl-1.1.0b.tar.gz 5162355 SHA256 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 SHA512 b6d66261427f1acc049bf5469a0dc668490e752c2ba4802481809e7e35367213eca17ac9fdc3f23ed5f7a53d303abca78b13a48b169f154043199f2680ccf1a4 WHIRLPOOL bc926b2839f2e85751480ac0a6306bd37ca1ac12759b78654fba6861517bb9979245b95676a60900eab9257334ecf2e1b7d9e406c39a6075054a93ffc1f7a76a
32
33 diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
34 deleted file mode 100644
35 index 0b360d2..00000000
36 --- a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
37 +++ /dev/null
38 @@ -1,76 +0,0 @@
39 -URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest
40 -Subject: make windres controllable via build env var settings
41 -
42 -atm, the windres code in openssl is only usable via the cross-compile prefix
43 -option unlike all the other build tools. so add support for the standard $RC
44 -/ $WINDRES env vars as well.
45 -
46 -Index: Configure
47 -===================================================================
48 -RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v
49 -retrieving revision 1.621.2.40
50 -diff -u -p -r1.621.2.40 Configure
51 ---- Configure 30 Nov 2010 22:19:26 -0000 1.621.2.40
52 -+++ Configure 4 Jul 2011 23:12:32 -0000
53 -@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar
54 - my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
55 - my $ar = $ENV{'AR'} || "ar";
56 - my $arflags = $fields[$idx_arflags];
57 -+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
58 - my $multilib = $fields[$idx_multilib];
59 -
60 - # if $prefix/lib$multilib is not an existing directory, then
61 -@@ -1511,12 +1512,14 @@ while (<IN>)
62 - s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
63 - s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
64 - s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
65 -+ s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/;
66 - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
67 - }
68 - else {
69 - s/^CC=.*$/CC= $cc/;
70 - s/^AR=\s*ar/AR= $ar/;
71 - s/^RANLIB=.*/RANLIB= $ranlib/;
72 -+ s/^WINDRES=.*/WINDRES= $windres/;
73 - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
74 - }
75 - s/^CFLAG=.*$/CFLAG= $cflags/;
76 -Index: Makefile.org
77 -===================================================================
78 -RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v
79 -retrieving revision 1.295.2.10
80 -diff -u -p -r1.295.2.10 Makefile.org
81 ---- Makefile.org 27 Jan 2010 16:06:58 -0000 1.295.2.10
82 -+++ Makefile.org 4 Jul 2011 23:13:08 -0000
83 -@@ -66,6 +66,7 @@ EXE_EXT=
84 - ARFLAGS=
85 - AR=ar $(ARFLAGS) r
86 - RANLIB= ranlib
87 -+WINDRES= windres
88 - NM= nm
89 - PERL= perl
90 - TAR= tar
91 -@@ -180,6 +181,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS
92 - CC='$(CC)' CFLAG='$(CFLAG)' \
93 - AS='$(CC)' ASFLAG='$(CFLAG) -c' \
94 - AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
95 -+ WINDRES='$(WINDRES)' \
96 - CROSS_COMPILE='$(CROSS_COMPILE)' \
97 - PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
98 - SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
99 -Index: Makefile.shared
100 -===================================================================
101 -RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v
102 -retrieving revision 1.72.2.4
103 -diff -u -p -r1.72.2.4 Makefile.shared
104 ---- Makefile.shared 21 Aug 2010 11:36:49 -0000 1.72.2.4
105 -+++ Makefile.shared 4 Jul 2011 23:13:52 -0000
106 -@@ -293,7 +293,7 @@ link_a.cygwin:
107 - fi; \
108 - dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
109 - $(PERL) util/mkrc.pl $$dll_name | \
110 -- $(CROSS_COMPILE)windres -o rc.o; \
111 -+ $(WINDRES) -o rc.o; \
112 - extras="$$extras rc.o"; \
113 - ALLSYMSFLAGS='-Wl,--whole-archive'; \
114 - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
115
116 diff --git a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
117 deleted file mode 100644
118 index 3582810..00000000
119 --- a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
120 +++ /dev/null
121 @@ -1,318 +0,0 @@
122 ---- openssl-1.0.2g/crypto/Makefile
123 -+++ openssl-1.0.2g/crypto/Makefile
124 -@@ -85,11 +85,11 @@
125 - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
126 -
127 - subdirs:
128 -- @target=all; $(RECURSIVE_MAKE)
129 -+ +@target=all; $(RECURSIVE_MAKE)
130 -
131 - files:
132 - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
133 -- @target=files; $(RECURSIVE_MAKE)
134 -+ +@target=files; $(RECURSIVE_MAKE)
135 -
136 - links:
137 - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
138 -@@ -100,7 +100,7 @@
139 - # lib: $(LIB): are splitted to avoid end-less loop
140 - lib: $(LIB)
141 - @touch lib
142 --$(LIB): $(LIBOBJ)
143 -+$(LIB): $(LIBOBJ) | subdirs
144 - $(AR) $(LIB) $(LIBOBJ)
145 - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
146 - $(RANLIB) $(LIB) || echo Never mind.
147 -@@ -111,7 +111,7 @@
148 - fi
149 -
150 - libs:
151 -- @target=lib; $(RECURSIVE_MAKE)
152 -+ +@target=lib; $(RECURSIVE_MAKE)
153 -
154 - install:
155 - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
156 -@@ -120,7 +120,7 @@
157 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
158 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
159 - done;
160 -- @target=install; $(RECURSIVE_MAKE)
161 -+ +@target=install; $(RECURSIVE_MAKE)
162 -
163 - lint:
164 - @target=lint; $(RECURSIVE_MAKE)
165 ---- openssl-1.0.2g/engines/Makefile
166 -+++ openssl-1.0.2g/engines/Makefile
167 -@@ -72,7 +72,7 @@
168 -
169 - all: lib subdirs
170 -
171 --lib: $(LIBOBJ)
172 -+lib: $(LIBOBJ) | subdirs
173 - @if [ -n "$(SHARED_LIBS)" ]; then \
174 - set -e; \
175 - for l in $(LIBNAMES); do \
176 -@@ -89,7 +89,7 @@
177 -
178 - subdirs:
179 - echo $(EDIRS)
180 -- @target=all; $(RECURSIVE_MAKE)
181 -+ +@target=all; $(RECURSIVE_MAKE)
182 -
183 - files:
184 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
185 -@@ -128,7 +128,7 @@
186 - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
187 - done; \
188 - fi
189 -- @target=install; $(RECURSIVE_MAKE)
190 -+ +@target=install; $(RECURSIVE_MAKE)
191 -
192 - tags:
193 - ctags $(SRC)
194 ---- openssl-1.0.2g/Makefile.org
195 -+++ openssl-1.0.2g/Makefile.org
196 -@@ -279,17 +279,17 @@
197 - build_libssl: build_ssl libssl.pc
198 -
199 - build_crypto:
200 -- @dir=crypto; target=all; $(BUILD_ONE_CMD)
201 -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
202 - build_ssl: build_crypto
203 -- @dir=ssl; target=all; $(BUILD_ONE_CMD)
204 -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
205 - build_engines: build_crypto
206 -- @dir=engines; target=all; $(BUILD_ONE_CMD)
207 -+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
208 - build_apps: build_libs
209 -- @dir=apps; target=all; $(BUILD_ONE_CMD)
210 -+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
211 - build_tests: build_libs
212 -- @dir=test; target=all; $(BUILD_ONE_CMD)
213 -+ +@dir=test; target=all; $(BUILD_ONE_CMD)
214 - build_tools: build_libs
215 -- @dir=tools; target=all; $(BUILD_ONE_CMD)
216 -+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
217 -
218 - all_testapps: build_libs build_testapps
219 - build_testapps:
220 -@@ -544,7 +544,7 @@
221 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
222 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
223 - done;
224 -- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
225 -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
226 - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
227 - do \
228 - if [ -f "$$i" ]; then \
229 ---- openssl-1.0.2g/Makefile.shared
230 -+++ openssl-1.0.2g/Makefile.shared
231 -@@ -105,6 +105,7 @@
232 - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
233 - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
234 - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
235 -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
236 - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
237 - $${SHAREDCMD} $${SHAREDFLAGS} \
238 - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
239 -@@ -122,6 +123,7 @@
240 - done; \
241 - fi; \
242 - if [ -n "$$SHLIB_SOVER" ]; then \
243 -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
244 - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
245 - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
246 - fi; \
247 ---- openssl-1.0.2g/test/Makefile
248 -+++ openssl-1.0.2g/test/Makefile
249 -@@ -139,7 +139,7 @@
250 - tags:
251 - ctags $(SRC)
252 -
253 --tests: exe apps $(TESTS)
254 -+tests: exe $(TESTS)
255 -
256 - apps:
257 - @(cd ..; $(MAKE) DIRS=apps all)
258 -@@ -421,130 +421,130 @@
259 - link_app.$${shlib_target}
260 -
261 - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
262 -- @target=$(RSATEST); $(BUILD_CMD)
263 -+ +@target=$(RSATEST); $(BUILD_CMD)
264 -
265 - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
266 -- @target=$(BNTEST); $(BUILD_CMD)
267 -+ +@target=$(BNTEST); $(BUILD_CMD)
268 -
269 - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
270 -- @target=$(ECTEST); $(BUILD_CMD)
271 -+ +@target=$(ECTEST); $(BUILD_CMD)
272 -
273 - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
274 -- @target=$(EXPTEST); $(BUILD_CMD)
275 -+ +@target=$(EXPTEST); $(BUILD_CMD)
276 -
277 - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
278 -- @target=$(IDEATEST); $(BUILD_CMD)
279 -+ +@target=$(IDEATEST); $(BUILD_CMD)
280 -
281 - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
282 -- @target=$(MD2TEST); $(BUILD_CMD)
283 -+ +@target=$(MD2TEST); $(BUILD_CMD)
284 -
285 - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
286 -- @target=$(SHATEST); $(BUILD_CMD)
287 -+ +@target=$(SHATEST); $(BUILD_CMD)
288 -
289 - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
290 -- @target=$(SHA1TEST); $(BUILD_CMD)
291 -+ +@target=$(SHA1TEST); $(BUILD_CMD)
292 -
293 - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
294 -- @target=$(SHA256TEST); $(BUILD_CMD)
295 -+ +@target=$(SHA256TEST); $(BUILD_CMD)
296 -
297 - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
298 -- @target=$(SHA512TEST); $(BUILD_CMD)
299 -+ +@target=$(SHA512TEST); $(BUILD_CMD)
300 -
301 - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
302 -- @target=$(RMDTEST); $(BUILD_CMD)
303 -+ +@target=$(RMDTEST); $(BUILD_CMD)
304 -
305 - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
306 -- @target=$(MDC2TEST); $(BUILD_CMD)
307 -+ +@target=$(MDC2TEST); $(BUILD_CMD)
308 -
309 - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
310 -- @target=$(MD4TEST); $(BUILD_CMD)
311 -+ +@target=$(MD4TEST); $(BUILD_CMD)
312 -
313 - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
314 -- @target=$(MD5TEST); $(BUILD_CMD)
315 -+ +@target=$(MD5TEST); $(BUILD_CMD)
316 -
317 - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
318 -- @target=$(HMACTEST); $(BUILD_CMD)
319 -+ +@target=$(HMACTEST); $(BUILD_CMD)
320 -
321 - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
322 -- @target=$(WPTEST); $(BUILD_CMD)
323 -+ +@target=$(WPTEST); $(BUILD_CMD)
324 -
325 - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
326 -- @target=$(RC2TEST); $(BUILD_CMD)
327 -+ +@target=$(RC2TEST); $(BUILD_CMD)
328 -
329 - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
330 -- @target=$(BFTEST); $(BUILD_CMD)
331 -+ +@target=$(BFTEST); $(BUILD_CMD)
332 -
333 - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
334 -- @target=$(CASTTEST); $(BUILD_CMD)
335 -+ +@target=$(CASTTEST); $(BUILD_CMD)
336 -
337 - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
338 -- @target=$(RC4TEST); $(BUILD_CMD)
339 -+ +@target=$(RC4TEST); $(BUILD_CMD)
340 -
341 - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
342 -- @target=$(RC5TEST); $(BUILD_CMD)
343 -+ +@target=$(RC5TEST); $(BUILD_CMD)
344 -
345 - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
346 -- @target=$(DESTEST); $(BUILD_CMD)
347 -+ +@target=$(DESTEST); $(BUILD_CMD)
348 -
349 - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
350 -- @target=$(RANDTEST); $(BUILD_CMD)
351 -+ +@target=$(RANDTEST); $(BUILD_CMD)
352 -
353 - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
354 -- @target=$(DHTEST); $(BUILD_CMD)
355 -+ +@target=$(DHTEST); $(BUILD_CMD)
356 -
357 - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
358 -- @target=$(DSATEST); $(BUILD_CMD)
359 -+ +@target=$(DSATEST); $(BUILD_CMD)
360 -
361 - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
362 -- @target=$(METHTEST); $(BUILD_CMD)
363 -+ +@target=$(METHTEST); $(BUILD_CMD)
364 -
365 - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
366 -- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
367 -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
368 -
369 - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
370 -- @target=$(ENGINETEST); $(BUILD_CMD)
371 -+ +@target=$(ENGINETEST); $(BUILD_CMD)
372 -
373 - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
374 -- @target=$(EVPTEST); $(BUILD_CMD)
375 -+ +@target=$(EVPTEST); $(BUILD_CMD)
376 -
377 - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
378 -- @target=$(EVPEXTRATEST); $(BUILD_CMD)
379 -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
380 -
381 - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
382 -- @target=$(ECDSATEST); $(BUILD_CMD)
383 -+ +@target=$(ECDSATEST); $(BUILD_CMD)
384 -
385 - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
386 -- @target=$(ECDHTEST); $(BUILD_CMD)
387 -+ +@target=$(ECDHTEST); $(BUILD_CMD)
388 -
389 - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
390 -- @target=$(IGETEST); $(BUILD_CMD)
391 -+ +@target=$(IGETEST); $(BUILD_CMD)
392 -
393 - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
394 -- @target=$(JPAKETEST); $(BUILD_CMD)
395 -+ +@target=$(JPAKETEST); $(BUILD_CMD)
396 -
397 - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
398 -- @target=$(ASN1TEST); $(BUILD_CMD)
399 -+ +@target=$(ASN1TEST); $(BUILD_CMD)
400 -
401 - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
402 -- @target=$(SRPTEST); $(BUILD_CMD)
403 -+ +@target=$(SRPTEST); $(BUILD_CMD)
404 -
405 - $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
406 -- @target=$(V3NAMETEST); $(BUILD_CMD)
407 -+ +@target=$(V3NAMETEST); $(BUILD_CMD)
408 -
409 - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
410 -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
411 -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
412 -
413 - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
414 -- @target=$(CONSTTIMETEST) $(BUILD_CMD)
415 -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
416 -
417 - $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
418 -- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
419 -+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
420 -
421 - $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
422 -- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
423 -+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
424 -
425 - $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
426 -- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
427 -+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
428 -
429 - #$(AESTEST).o: $(AESTEST).c
430 - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
431 -@@ -557,7 +557,7 @@
432 - # fi
433 -
434 - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
435 -- @target=dummytest; $(BUILD_CMD)
436 -+ +@target=dummytest; $(BUILD_CMD)
437 -
438 - # DO NOT DELETE THIS LINE -- make depend depends on it.
439 -
440
441 diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
442 deleted file mode 100644
443 index ca934c2..00000000
444 --- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
445 +++ /dev/null
446 @@ -1,279 +0,0 @@
447 -From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
448 -From: Matt Caswell <matt@×××××××.org>
449 -Date: Thu, 5 May 2016 11:10:26 +0100
450 -Subject: [PATCH] Avoid some undefined pointer arithmetic
451 -
452 -A common idiom in the codebase is:
453 -
454 -if (p + len > limit)
455 -{
456 - return; /* Too long */
457 -}
458 -
459 -Where "p" points to some malloc'd data of SIZE bytes and
460 -limit == p + SIZE
461 -
462 -"len" here could be from some externally supplied data (e.g. from a TLS
463 -message).
464 -
465 -The rules of C pointer arithmetic are such that "p + len" is only well
466 -defined where len <= SIZE. Therefore the above idiom is actually
467 -undefined behaviour.
468 -
469 -For example this could cause problems if some malloc implementation
470 -provides an address for "p" such that "p + len" actually overflows for
471 -values of len that are too big and therefore p + len < limit!
472 -
473 -Issue reported by Guido Vranken.
474 -
475 -CVE-2016-2177
476 -
477 -Reviewed-by: Rich Salz <rsalz@×××××××.org>
478 ----
479 - ssl/s3_srvr.c | 14 +++++++-------
480 - ssl/ssl_sess.c | 2 +-
481 - ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
482 - 3 files changed, 38 insertions(+), 34 deletions(-)
483 -
484 -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
485 -index ab28702..ab7f690 100644
486 ---- a/ssl/s3_srvr.c
487 -+++ b/ssl/s3_srvr.c
488 -@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
489 -
490 - session_length = *(p + SSL3_RANDOM_SIZE);
491 -
492 -- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
493 -+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
494 - al = SSL_AD_DECODE_ERROR;
495 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
496 - goto f_err;
497 -@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
498 - /* get the session-id */
499 - j = *(p++);
500 -
501 -- if (p + j > d + n) {
502 -+ if ((d + n) - p < j) {
503 - al = SSL_AD_DECODE_ERROR;
504 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
505 - goto f_err;
506 -@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
507 -
508 - if (SSL_IS_DTLS(s)) {
509 - /* cookie stuff */
510 -- if (p + 1 > d + n) {
511 -+ if ((d + n) - p < 1) {
512 - al = SSL_AD_DECODE_ERROR;
513 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
514 - goto f_err;
515 - }
516 - cookie_len = *(p++);
517 -
518 -- if (p + cookie_len > d + n) {
519 -+ if ((d + n ) - p < cookie_len) {
520 - al = SSL_AD_DECODE_ERROR;
521 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
522 - goto f_err;
523 -@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
524 - }
525 - }
526 -
527 -- if (p + 2 > d + n) {
528 -+ if ((d + n ) - p < 2) {
529 - al = SSL_AD_DECODE_ERROR;
530 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
531 - goto f_err;
532 -@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
533 - }
534 -
535 - /* i bytes of cipher data + 1 byte for compression length later */
536 -- if ((p + i + 1) > (d + n)) {
537 -+ if ((d + n) - p < i + 1) {
538 - /* not enough data */
539 - al = SSL_AD_DECODE_ERROR;
540 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
541 -@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
542 -
543 - /* compression */
544 - i = *(p++);
545 -- if ((p + i) > (d + n)) {
546 -+ if ((d + n) - p < i) {
547 - /* not enough data */
548 - al = SSL_AD_DECODE_ERROR;
549 - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
550 -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
551 -index b182998..54ee783 100644
552 ---- a/ssl/ssl_sess.c
553 -+++ b/ssl/ssl_sess.c
554 -@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
555 - int r;
556 - #endif
557 -
558 -- if (session_id + len > limit) {
559 -+ if (limit - session_id < len) {
560 - fatal = 1;
561 - goto err;
562 - }
563 -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
564 -index fb64607..cdac011 100644
565 ---- a/ssl/t1_lib.c
566 -+++ b/ssl/t1_lib.c
567 -@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
568 - 0x02, 0x03, /* SHA-1/ECDSA */
569 - };
570 -
571 -- if (data >= (limit - 2))
572 -+ if (limit - data <= 2)
573 - return;
574 - data += 2;
575 -
576 -- if (data > (limit - 4))
577 -+ if (limit - data < 4)
578 - return;
579 - n2s(data, type);
580 - n2s(data, size);
581 -@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
582 - if (type != TLSEXT_TYPE_server_name)
583 - return;
584 -
585 -- if (data + size > limit)
586 -+ if (limit - data < size)
587 - return;
588 - data += size;
589 -
590 -@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
591 - const size_t len1 = sizeof(kSafariExtensionsBlock);
592 - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
593 -
594 -- if (data + len1 + len2 != limit)
595 -+ if (limit - data != (int)(len1 + len2))
596 - return;
597 - if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
598 - return;
599 -@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
600 - } else {
601 - const size_t len = sizeof(kSafariExtensionsBlock);
602 -
603 -- if (data + len != limit)
604 -+ if (limit - data != (int)(len))
605 - return;
606 - if (memcmp(data, kSafariExtensionsBlock, len) != 0)
607 - return;
608 -@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
609 - if (data == limit)
610 - goto ri_check;
611 -
612 -- if (data > (limit - 2))
613 -+ if (limit - data < 2)
614 - goto err;
615 -
616 - n2s(data, len);
617 -
618 -- if (data + len != limit)
619 -+ if (limit - data != len)
620 - goto err;
621 -
622 -- while (data <= (limit - 4)) {
623 -+ while (limit - data >= 4) {
624 - n2s(data, type);
625 - n2s(data, size);
626 -
627 -- if (data + size > (limit))
628 -+ if (limit - data < size)
629 - goto err;
630 - # if 0
631 - fprintf(stderr, "Received extension type %d size %d\n", type, size);
632 -@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
633 - if (s->hit || s->cert->srv_ext.meths_count == 0)
634 - return 1;
635 -
636 -- if (data >= limit - 2)
637 -+ if (limit - data <= 2)
638 - return 1;
639 - n2s(data, len);
640 -
641 -- if (data > limit - len)
642 -+ if (limit - data < len)
643 - return 1;
644 -
645 -- while (data <= limit - 4) {
646 -+ while (limit - data >= 4) {
647 - n2s(data, type);
648 - n2s(data, size);
649 -
650 -- if (data + size > limit)
651 -+ if (limit - data < size)
652 - return 1;
653 - if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
654 - return 0;
655 -@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
656 - SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
657 - # endif
658 -
659 -- if (data >= (d + n - 2))
660 -+ if ((d + n) - data <= 2)
661 - goto ri_check;
662 -
663 - n2s(data, length);
664 -- if (data + length != d + n) {
665 -+ if ((d + n) - data != length) {
666 - *al = SSL_AD_DECODE_ERROR;
667 - return 0;
668 - }
669 -
670 -- while (data <= (d + n - 4)) {
671 -+ while ((d + n) - data >= 4) {
672 - n2s(data, type);
673 - n2s(data, size);
674 -
675 -- if (data + size > (d + n))
676 -+ if ((d + n) - data < size)
677 - goto ri_check;
678 -
679 - if (s->tlsext_debug_cb)
680 -@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
681 - /* Skip past DTLS cookie */
682 - if (SSL_IS_DTLS(s)) {
683 - i = *(p++);
684 -- p += i;
685 -- if (p >= limit)
686 -+
687 -+ if (limit - p <= i)
688 - return -1;
689 -+
690 -+ p += i;
691 - }
692 - /* Skip past cipher list */
693 - n2s(p, i);
694 -- p += i;
695 -- if (p >= limit)
696 -+ if (limit - p <= i)
697 - return -1;
698 -+ p += i;
699 -+
700 - /* Skip past compression algorithm list */
701 - i = *(p++);
702 -- p += i;
703 -- if (p > limit)
704 -+ if (limit - p < i)
705 - return -1;
706 -+ p += i;
707 -+
708 - /* Now at start of extensions */
709 -- if ((p + 2) >= limit)
710 -+ if (limit - p <= 2)
711 - return 0;
712 - n2s(p, i);
713 -- while ((p + 4) <= limit) {
714 -+ while (limit - p >= 4) {
715 - unsigned short type, size;
716 - n2s(p, type);
717 - n2s(p, size);
718 -- if (p + size > limit)
719 -+ if (limit - p < size)
720 - return 0;
721 - if (type == TLSEXT_TYPE_session_ticket) {
722 - int r;
723 ---
724 -1.9.1
725 -
726
727 diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
728 deleted file mode 100644
729 index a64141f..00000000
730 --- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
731 +++ /dev/null
732 @@ -1,28 +0,0 @@
733 -X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_ossl.c;h=beb62b2ff058d3e2bde0397fbddd355e11cd457b;hp=ce1da1cd6fa121f1ae0961ac2d2e9f81de4d8c9b;hb=399944622df7bd81af62e67ea967c470534090e2;hpb=0a4c87a90c6cf6628c688868cd5f13e4b9a5f19d
734 -
735 -diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
736 -index ce1da1c..beb62b2 100644
737 ---- a/crypto/dsa/dsa_ossl.c
738 -+++ b/crypto/dsa/dsa_ossl.c
739 -@@ -248,9 +248,6 @@
740 - if (!BN_rand_range(&k, dsa->q))
741 - goto err;
742 - while (BN_is_zero(&k)) ;
743 -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
744 -- BN_set_flags(&k, BN_FLG_CONSTTIME);
745 -- }
746 -
747 - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
748 - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
749 -@@ -238,6 +234,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
750 - } else {
751 - K = k;
752 - }
753 -+
754 -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
755 -+ BN_set_flags(K, BN_FLG_CONSTTIME);
756 -+ }
757 -+
758 - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
759 - dsa->method_mont_p);
760 - if (!BN_mod(r, r, dsa->q, ctx))
761
762 diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
763 deleted file mode 100644
764 index 333ae66..00000000
765 --- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
766 +++ /dev/null
767 @@ -1,254 +0,0 @@
768 -# Copyright 1999-2016 Gentoo Foundation
769 -# Distributed under the terms of the GNU General Public License v2
770 -# $Id$
771 -
772 -EAPI="5"
773 -
774 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
775 -
776 -MY_P=${P/_/-}
777 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
778 -HOMEPAGE="http://www.openssl.org/"
779 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
780 -
781 -LICENSE="openssl"
782 -SLOT="0"
783 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
784 -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
785 -RESTRICT="!bindist? ( bindist )"
786 -
787 -RDEPEND=">=app-misc/c_rehash-1.7-r1
788 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
789 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
790 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
791 -DEPEND="${RDEPEND}
792 - >=dev-lang/perl-5
793 - sctp? ( >=net-misc/lksctp-tools-1.0.12 )
794 - test? (
795 - sys-apps/diffutils
796 - sys-devel/bc
797 - )"
798 -PDEPEND="app-misc/ca-certificates"
799 -
800 -S="${WORKDIR}/${MY_P}"
801 -
802 -MULTILIB_WRAPPED_HEADERS=(
803 - usr/include/openssl/opensslconf.h
804 -)
805 -
806 -src_prepare() {
807 - # keep this in sync with app-misc/c_rehash
808 - SSL_CNF_DIR="/etc/ssl"
809 -
810 - # Make sure we only ever touch Makefile.org and avoid patching a file
811 - # that gets blown away anyways by the Configure script in src_configure
812 - rm -f Makefile
813 -
814 - # bugs 585142 and 585276
815 - epatch "${FILESDIR}"/${P}-CVE-2016-2177.patch
816 - epatch "${FILESDIR}"/${P}-CVE-2016-2178.patch
817 -
818 - if ! use vanilla ; then
819 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
820 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
821 - epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
822 - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
823 - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
824 - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
825 - epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
826 - epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
827 - epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
828 -
829 - epatch_user #332661
830 - fi
831 -
832 - # disable fips in the build
833 - # make sure the man pages are suffixed #302165
834 - # don't bother building man pages if they're disabled
835 - sed -i \
836 - -e '/DIRS/s: fips : :g' \
837 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
838 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
839 - -e $(has noman FEATURES \
840 - && echo '/^install:/s:install_docs::' \
841 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
842 - Makefile.org \
843 - || die
844 - # show the actual commands in the log
845 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
846 -
847 - # since we're forcing $(CC) as makedep anyway, just fix
848 - # the conditional as always-on
849 - # helps clang (#417795), and versioned gcc (#499818)
850 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
851 -
852 - # quiet out unknown driver argument warnings since openssl
853 - # doesn't have well-split CFLAGS and we're making it even worse
854 - # and 'make depend' uses -Werror for added fun (#417795 again)
855 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
856 -
857 - # allow openssl to be cross-compiled
858 - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
859 - chmod a+rx gentoo.config
860 -
861 - append-flags -fno-strict-aliasing
862 - append-flags $(test-flags-CC -Wa,--noexecstack)
863 - append-cppflags -DOPENSSL_NO_BUF_FREELISTS
864 -
865 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
866 - # The config script does stupid stuff to prompt the user. Kill it.
867 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
868 - ./config --test-sanity || die "I AM NOT SANE"
869 -
870 - multilib_copy_sources
871 -}
872 -
873 -multilib_src_configure() {
874 - unset APPS #197996
875 - unset SCRIPTS #312551
876 - unset CROSS_COMPILE #311473
877 -
878 - tc-export CC AR RANLIB RC
879 -
880 - # Clean out patent-or-otherwise-encumbered code
881 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
882 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
883 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
884 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
885 - # RC5: Expired http://en.wikipedia.org/wiki/RC5
886 -
887 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
888 - echoit() { echo "$@" ; "$@" ; }
889 -
890 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
891 -
892 - # See if our toolchain supports __uint128_t. If so, it's 64bit
893 - # friendly and can use the nicely optimized code paths. #460790
894 - local ec_nistp_64_gcc_128
895 - # Disable it for now though #469976
896 - #if ! use bindist ; then
897 - # echo "__uint128_t i;" > "${T}"/128.c
898 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
899 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
900 - # fi
901 - #fi
902 -
903 - local sslout=$(./gentoo.config)
904 - einfo "Use configuration ${sslout:-(openssl knows best)}"
905 - local config="Configure"
906 - [[ -z ${sslout} ]] && config="config"
907 -
908 - echoit \
909 - ./${config} \
910 - ${sslout} \
911 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
912 - enable-camellia \
913 - $(use_ssl !bindist ec) \
914 - ${ec_nistp_64_gcc_128} \
915 - enable-idea \
916 - enable-mdc2 \
917 - enable-rc5 \
918 - enable-tlsext \
919 - $(use_ssl asm) \
920 - $(use_ssl gmp gmp -lgmp) \
921 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
922 - $(use_ssl rfc3779) \
923 - $(use_ssl sctp) \
924 - $(use_ssl sslv2 ssl2) \
925 - $(use_ssl sslv3 ssl3) \
926 - $(use_ssl tls-heartbeat heartbeats) \
927 - $(use_ssl zlib) \
928 - --prefix="${EPREFIX}"/usr \
929 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
930 - --libdir=$(get_libdir) \
931 - shared threads \
932 - || die
933 -
934 - # Clean out hardcoded flags that openssl uses
935 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
936 - -e 's:^CFLAG=::' \
937 - -e 's:-fomit-frame-pointer ::g' \
938 - -e 's:-O[0-9] ::g' \
939 - -e 's:-march=[-a-z0-9]* ::g' \
940 - -e 's:-mcpu=[-a-z0-9]* ::g' \
941 - -e 's:-m[a-z0-9]* ::g' \
942 - )
943 - sed -i \
944 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
945 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
946 - Makefile || die
947 -}
948 -
949 -multilib_src_compile() {
950 - # depend is needed to use $confopts; it also doesn't matter
951 - # that it's -j1 as the code itself serializes subdirs
952 - emake -j1 depend
953 - emake all
954 - # rehash is needed to prep the certs/ dir; do this
955 - # separately to avoid parallel build issues.
956 - emake rehash
957 -}
958 -
959 -multilib_src_test() {
960 - emake -j1 test
961 -}
962 -
963 -multilib_src_install() {
964 - emake INSTALL_PREFIX="${D}" install
965 -}
966 -
967 -multilib_src_install_all() {
968 - # openssl installs perl version of c_rehash by default, but
969 - # we provide a shell version via app-misc/c_rehash
970 - rm "${ED}"/usr/bin/c_rehash || die
971 -
972 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
973 - dohtml -r doc/*
974 - use rfc3779 && dodoc engines/ccgost/README.gost
975 -
976 - # This is crappy in that the static archives are still built even
977 - # when USE=static-libs. But this is due to a failing in the openssl
978 - # build system: the static archives are built as PIC all the time.
979 - # Only way around this would be to manually configure+compile openssl
980 - # twice; once with shared lib support enabled and once without.
981 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
982 -
983 - # create the certs directory
984 - dodir ${SSL_CNF_DIR}/certs
985 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
986 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
987 -
988 - # Namespace openssl programs to prevent conflicts with other man pages
989 - cd "${ED}"/usr/share/man
990 - local m d s
991 - for m in $(find . -type f | xargs grep -L '#include') ; do
992 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
993 - [[ ${m} == openssl.1* ]] && continue
994 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
995 - mv ${d}/{,ssl-}${m}
996 - # fix up references to renamed man pages
997 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
998 - ln -s ssl-${m} ${d}/openssl-${m}
999 - # locate any symlinks that point to this man page ... we assume
1000 - # that any broken links are due to the above renaming
1001 - for s in $(find -L ${d} -type l) ; do
1002 - s=${s##*/}
1003 - rm -f ${d}/${s}
1004 - ln -s ssl-${m} ${d}/ssl-${s}
1005 - ln -s ssl-${s} ${d}/openssl-${s}
1006 - done
1007 - done
1008 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
1009 -
1010 - dodir /etc/sandbox.d #254521
1011 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
1012 -
1013 - diropts -m0700
1014 - keepdir ${SSL_CNF_DIR}/private
1015 -}
1016 -
1017 -pkg_postinst() {
1018 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
1019 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
1020 - eend $?
1021 -}
1022
1023 diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild
1024 deleted file mode 100644
1025 index ce2aa66..00000000
1026 --- a/dev-libs/openssl/openssl-1.0.2i.ebuild
1027 +++ /dev/null
1028 @@ -1,249 +0,0 @@
1029 -# Copyright 1999-2016 Gentoo Foundation
1030 -# Distributed under the terms of the GNU General Public License v2
1031 -# $Id$
1032 -
1033 -EAPI="5"
1034 -
1035 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
1036 -
1037 -MY_P=${P/_/-}
1038 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
1039 -HOMEPAGE="http://www.openssl.org/"
1040 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
1041 -
1042 -LICENSE="openssl"
1043 -SLOT="0"
1044 -KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
1045 -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
1046 -RESTRICT="!bindist? ( bindist )"
1047 -
1048 -RDEPEND=">=app-misc/c_rehash-1.7-r1
1049 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
1050 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
1051 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
1052 -DEPEND="${RDEPEND}
1053 - >=dev-lang/perl-5
1054 - sctp? ( >=net-misc/lksctp-tools-1.0.12 )
1055 - test? (
1056 - sys-apps/diffutils
1057 - sys-devel/bc
1058 - )"
1059 -PDEPEND="app-misc/ca-certificates"
1060 -
1061 -S="${WORKDIR}/${MY_P}"
1062 -
1063 -MULTILIB_WRAPPED_HEADERS=(
1064 - usr/include/openssl/opensslconf.h
1065 -)
1066 -
1067 -src_prepare() {
1068 - # keep this in sync with app-misc/c_rehash
1069 - SSL_CNF_DIR="/etc/ssl"
1070 -
1071 - # Make sure we only ever touch Makefile.org and avoid patching a file
1072 - # that gets blown away anyways by the Configure script in src_configure
1073 - rm -f Makefile
1074 -
1075 - if ! use vanilla ; then
1076 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
1077 - epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
1078 - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
1079 - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
1080 - epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
1081 - epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
1082 - epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
1083 - epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
1084 -
1085 - epatch_user #332661
1086 - fi
1087 -
1088 - # disable fips in the build
1089 - # make sure the man pages are suffixed #302165
1090 - # don't bother building man pages if they're disabled
1091 - sed -i \
1092 - -e '/DIRS/s: fips : :g' \
1093 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
1094 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
1095 - -e $(has noman FEATURES \
1096 - && echo '/^install:/s:install_docs::' \
1097 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
1098 - Makefile.org \
1099 - || die
1100 - # show the actual commands in the log
1101 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
1102 -
1103 - # since we're forcing $(CC) as makedep anyway, just fix
1104 - # the conditional as always-on
1105 - # helps clang (#417795), and versioned gcc (#499818)
1106 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
1107 -
1108 - # quiet out unknown driver argument warnings since openssl
1109 - # doesn't have well-split CFLAGS and we're making it even worse
1110 - # and 'make depend' uses -Werror for added fun (#417795 again)
1111 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
1112 -
1113 - # allow openssl to be cross-compiled
1114 - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
1115 - chmod a+rx gentoo.config
1116 -
1117 - append-flags -fno-strict-aliasing
1118 - append-flags $(test-flags-CC -Wa,--noexecstack)
1119 - append-cppflags -DOPENSSL_NO_BUF_FREELISTS
1120 -
1121 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
1122 - # The config script does stupid stuff to prompt the user. Kill it.
1123 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
1124 - ./config --test-sanity || die "I AM NOT SANE"
1125 -
1126 - multilib_copy_sources
1127 -}
1128 -
1129 -multilib_src_configure() {
1130 - unset APPS #197996
1131 - unset SCRIPTS #312551
1132 - unset CROSS_COMPILE #311473
1133 -
1134 - tc-export CC AR RANLIB RC
1135 -
1136 - # Clean out patent-or-otherwise-encumbered code
1137 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
1138 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
1139 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
1140 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
1141 - # RC5: Expired http://en.wikipedia.org/wiki/RC5
1142 -
1143 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
1144 - echoit() { echo "$@" ; "$@" ; }
1145 -
1146 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
1147 -
1148 - # See if our toolchain supports __uint128_t. If so, it's 64bit
1149 - # friendly and can use the nicely optimized code paths. #460790
1150 - local ec_nistp_64_gcc_128
1151 - # Disable it for now though #469976
1152 - #if ! use bindist ; then
1153 - # echo "__uint128_t i;" > "${T}"/128.c
1154 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
1155 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
1156 - # fi
1157 - #fi
1158 -
1159 - local sslout=$(./gentoo.config)
1160 - einfo "Use configuration ${sslout:-(openssl knows best)}"
1161 - local config="Configure"
1162 - [[ -z ${sslout} ]] && config="config"
1163 -
1164 - echoit \
1165 - ./${config} \
1166 - ${sslout} \
1167 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
1168 - enable-camellia \
1169 - $(use_ssl !bindist ec) \
1170 - ${ec_nistp_64_gcc_128} \
1171 - enable-idea \
1172 - enable-mdc2 \
1173 - enable-rc5 \
1174 - enable-tlsext \
1175 - $(use_ssl asm) \
1176 - $(use_ssl gmp gmp -lgmp) \
1177 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
1178 - $(use_ssl rfc3779) \
1179 - $(use_ssl sctp) \
1180 - $(use_ssl sslv2 ssl2) \
1181 - $(use_ssl sslv3 ssl3) \
1182 - $(use_ssl tls-heartbeat heartbeats) \
1183 - $(use_ssl zlib) \
1184 - --prefix="${EPREFIX}"/usr \
1185 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
1186 - --libdir=$(get_libdir) \
1187 - shared threads \
1188 - || die
1189 -
1190 - # Clean out hardcoded flags that openssl uses
1191 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
1192 - -e 's:^CFLAG=::' \
1193 - -e 's:-fomit-frame-pointer ::g' \
1194 - -e 's:-O[0-9] ::g' \
1195 - -e 's:-march=[-a-z0-9]* ::g' \
1196 - -e 's:-mcpu=[-a-z0-9]* ::g' \
1197 - -e 's:-m[a-z0-9]* ::g' \
1198 - )
1199 - sed -i \
1200 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
1201 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
1202 - Makefile || die
1203 -}
1204 -
1205 -multilib_src_compile() {
1206 - # depend is needed to use $confopts; it also doesn't matter
1207 - # that it's -j1 as the code itself serializes subdirs
1208 - emake -j1 depend
1209 - emake all
1210 - # rehash is needed to prep the certs/ dir; do this
1211 - # separately to avoid parallel build issues.
1212 - emake rehash
1213 -}
1214 -
1215 -multilib_src_test() {
1216 - emake -j1 test
1217 -}
1218 -
1219 -multilib_src_install() {
1220 - emake INSTALL_PREFIX="${D}" install
1221 -}
1222 -
1223 -multilib_src_install_all() {
1224 - # openssl installs perl version of c_rehash by default, but
1225 - # we provide a shell version via app-misc/c_rehash
1226 - rm "${ED}"/usr/bin/c_rehash || die
1227 -
1228 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
1229 - dohtml -r doc/*
1230 - use rfc3779 && dodoc engines/ccgost/README.gost
1231 -
1232 - # This is crappy in that the static archives are still built even
1233 - # when USE=static-libs. But this is due to a failing in the openssl
1234 - # build system: the static archives are built as PIC all the time.
1235 - # Only way around this would be to manually configure+compile openssl
1236 - # twice; once with shared lib support enabled and once without.
1237 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
1238 -
1239 - # create the certs directory
1240 - dodir ${SSL_CNF_DIR}/certs
1241 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
1242 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
1243 -
1244 - # Namespace openssl programs to prevent conflicts with other man pages
1245 - cd "${ED}"/usr/share/man
1246 - local m d s
1247 - for m in $(find . -type f | xargs grep -L '#include') ; do
1248 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
1249 - [[ ${m} == openssl.1* ]] && continue
1250 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
1251 - mv ${d}/{,ssl-}${m}
1252 - # fix up references to renamed man pages
1253 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
1254 - ln -s ssl-${m} ${d}/openssl-${m}
1255 - # locate any symlinks that point to this man page ... we assume
1256 - # that any broken links are due to the above renaming
1257 - for s in $(find -L ${d} -type l) ; do
1258 - s=${s##*/}
1259 - rm -f ${d}/${s}
1260 - ln -s ssl-${m} ${d}/ssl-${s}
1261 - ln -s ssl-${s} ${d}/openssl-${s}
1262 - done
1263 - done
1264 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
1265 -
1266 - dodir /etc/sandbox.d #254521
1267 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
1268 -
1269 - diropts -m0700
1270 - keepdir ${SSL_CNF_DIR}/private
1271 -}
1272 -
1273 -pkg_postinst() {
1274 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
1275 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
1276 - eend $?
1277 -}
Report Message
Find on MARC Find on Google Groups