1 |
commit: 246f6b0590667adffa8967d9ba41bc993119a553 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Oct 31 07:10:08 2016 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 31 07:10:08 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=246f6b05 |
7 |
|
8 |
dev-libs/openssl: Removed vulnerable versions. |
9 |
|
10 |
Package-Manager: portage-2.3.2 |
11 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
12 |
|
13 |
dev-libs/openssl/Manifest | 2 - |
14 |
.../openssl/files/openssl-1.0.0d-windres.patch | 76 ----- |
15 |
.../files/openssl-1.0.2g-parallel-build.patch | 318 --------------------- |
16 |
.../files/openssl-1.0.2h-CVE-2016-2177.patch | 279 ------------------ |
17 |
.../files/openssl-1.0.2h-CVE-2016-2178.patch | 28 -- |
18 |
dev-libs/openssl/openssl-1.0.2h-r2.ebuild | 254 ---------------- |
19 |
dev-libs/openssl/openssl-1.0.2i.ebuild | 249 ---------------- |
20 |
7 files changed, 1206 deletions(-) |
21 |
|
22 |
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest |
23 |
index 4d20371..3e6411e 100644 |
24 |
--- a/dev-libs/openssl/Manifest |
25 |
+++ b/dev-libs/openssl/Manifest |
26 |
@@ -1,5 +1,3 @@ |
27 |
DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf |
28 |
-DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6 |
29 |
-DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d |
30 |
DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7 |
31 |
DIST openssl-1.1.0b.tar.gz 5162355 SHA256 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 SHA512 b6d66261427f1acc049bf5469a0dc668490e752c2ba4802481809e7e35367213eca17ac9fdc3f23ed5f7a53d303abca78b13a48b169f154043199f2680ccf1a4 WHIRLPOOL bc926b2839f2e85751480ac0a6306bd37ca1ac12759b78654fba6861517bb9979245b95676a60900eab9257334ecf2e1b7d9e406c39a6075054a93ffc1f7a76a |
32 |
|
33 |
diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch |
34 |
deleted file mode 100644 |
35 |
index 0b360d2..00000000 |
36 |
--- a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch |
37 |
+++ /dev/null |
38 |
@@ -1,76 +0,0 @@ |
39 |
-URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest |
40 |
-Subject: make windres controllable via build env var settings |
41 |
- |
42 |
-atm, the windres code in openssl is only usable via the cross-compile prefix |
43 |
-option unlike all the other build tools. so add support for the standard $RC |
44 |
-/ $WINDRES env vars as well. |
45 |
- |
46 |
-Index: Configure |
47 |
-=================================================================== |
48 |
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v |
49 |
-retrieving revision 1.621.2.40 |
50 |
-diff -u -p -r1.621.2.40 Configure |
51 |
---- Configure 30 Nov 2010 22:19:26 -0000 1.621.2.40 |
52 |
-+++ Configure 4 Jul 2011 23:12:32 -0000 |
53 |
-@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar |
54 |
- my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; |
55 |
- my $ar = $ENV{'AR'} || "ar"; |
56 |
- my $arflags = $fields[$idx_arflags]; |
57 |
-+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres"; |
58 |
- my $multilib = $fields[$idx_multilib]; |
59 |
- |
60 |
- # if $prefix/lib$multilib is not an existing directory, then |
61 |
-@@ -1511,12 +1512,14 @@ while (<IN>) |
62 |
- s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; |
63 |
- s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; |
64 |
- s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; |
65 |
-+ s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/; |
66 |
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; |
67 |
- } |
68 |
- else { |
69 |
- s/^CC=.*$/CC= $cc/; |
70 |
- s/^AR=\s*ar/AR= $ar/; |
71 |
- s/^RANLIB=.*/RANLIB= $ranlib/; |
72 |
-+ s/^WINDRES=.*/WINDRES= $windres/; |
73 |
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; |
74 |
- } |
75 |
- s/^CFLAG=.*$/CFLAG= $cflags/; |
76 |
-Index: Makefile.org |
77 |
-=================================================================== |
78 |
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v |
79 |
-retrieving revision 1.295.2.10 |
80 |
-diff -u -p -r1.295.2.10 Makefile.org |
81 |
---- Makefile.org 27 Jan 2010 16:06:58 -0000 1.295.2.10 |
82 |
-+++ Makefile.org 4 Jul 2011 23:13:08 -0000 |
83 |
-@@ -66,6 +66,7 @@ EXE_EXT= |
84 |
- ARFLAGS= |
85 |
- AR=ar $(ARFLAGS) r |
86 |
- RANLIB= ranlib |
87 |
-+WINDRES= windres |
88 |
- NM= nm |
89 |
- PERL= perl |
90 |
- TAR= tar |
91 |
-@@ -180,6 +181,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS |
92 |
- CC='$(CC)' CFLAG='$(CFLAG)' \ |
93 |
- AS='$(CC)' ASFLAG='$(CFLAG) -c' \ |
94 |
- AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ |
95 |
-+ WINDRES='$(WINDRES)' \ |
96 |
- CROSS_COMPILE='$(CROSS_COMPILE)' \ |
97 |
- PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ |
98 |
- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ |
99 |
-Index: Makefile.shared |
100 |
-=================================================================== |
101 |
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v |
102 |
-retrieving revision 1.72.2.4 |
103 |
-diff -u -p -r1.72.2.4 Makefile.shared |
104 |
---- Makefile.shared 21 Aug 2010 11:36:49 -0000 1.72.2.4 |
105 |
-+++ Makefile.shared 4 Jul 2011 23:13:52 -0000 |
106 |
-@@ -293,7 +293,7 @@ link_a.cygwin: |
107 |
- fi; \ |
108 |
- dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ |
109 |
- $(PERL) util/mkrc.pl $$dll_name | \ |
110 |
-- $(CROSS_COMPILE)windres -o rc.o; \ |
111 |
-+ $(WINDRES) -o rc.o; \ |
112 |
- extras="$$extras rc.o"; \ |
113 |
- ALLSYMSFLAGS='-Wl,--whole-archive'; \ |
114 |
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ |
115 |
|
116 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch |
117 |
deleted file mode 100644 |
118 |
index 3582810..00000000 |
119 |
--- a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch |
120 |
+++ /dev/null |
121 |
@@ -1,318 +0,0 @@ |
122 |
---- openssl-1.0.2g/crypto/Makefile |
123 |
-+++ openssl-1.0.2g/crypto/Makefile |
124 |
-@@ -85,11 +85,11 @@ |
125 |
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi |
126 |
- |
127 |
- subdirs: |
128 |
-- @target=all; $(RECURSIVE_MAKE) |
129 |
-+ +@target=all; $(RECURSIVE_MAKE) |
130 |
- |
131 |
- files: |
132 |
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO |
133 |
-- @target=files; $(RECURSIVE_MAKE) |
134 |
-+ +@target=files; $(RECURSIVE_MAKE) |
135 |
- |
136 |
- links: |
137 |
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) |
138 |
-@@ -100,7 +100,7 @@ |
139 |
- # lib: $(LIB): are splitted to avoid end-less loop |
140 |
- lib: $(LIB) |
141 |
- @touch lib |
142 |
--$(LIB): $(LIBOBJ) |
143 |
-+$(LIB): $(LIBOBJ) | subdirs |
144 |
- $(AR) $(LIB) $(LIBOBJ) |
145 |
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o |
146 |
- $(RANLIB) $(LIB) || echo Never mind. |
147 |
-@@ -111,7 +111,7 @@ |
148 |
- fi |
149 |
- |
150 |
- libs: |
151 |
-- @target=lib; $(RECURSIVE_MAKE) |
152 |
-+ +@target=lib; $(RECURSIVE_MAKE) |
153 |
- |
154 |
- install: |
155 |
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... |
156 |
-@@ -120,7 +120,7 @@ |
157 |
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
158 |
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
159 |
- done; |
160 |
-- @target=install; $(RECURSIVE_MAKE) |
161 |
-+ +@target=install; $(RECURSIVE_MAKE) |
162 |
- |
163 |
- lint: |
164 |
- @target=lint; $(RECURSIVE_MAKE) |
165 |
---- openssl-1.0.2g/engines/Makefile |
166 |
-+++ openssl-1.0.2g/engines/Makefile |
167 |
-@@ -72,7 +72,7 @@ |
168 |
- |
169 |
- all: lib subdirs |
170 |
- |
171 |
--lib: $(LIBOBJ) |
172 |
-+lib: $(LIBOBJ) | subdirs |
173 |
- @if [ -n "$(SHARED_LIBS)" ]; then \ |
174 |
- set -e; \ |
175 |
- for l in $(LIBNAMES); do \ |
176 |
-@@ -89,7 +89,7 @@ |
177 |
- |
178 |
- subdirs: |
179 |
- echo $(EDIRS) |
180 |
-- @target=all; $(RECURSIVE_MAKE) |
181 |
-+ +@target=all; $(RECURSIVE_MAKE) |
182 |
- |
183 |
- files: |
184 |
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO |
185 |
-@@ -128,7 +128,7 @@ |
186 |
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ |
187 |
- done; \ |
188 |
- fi |
189 |
-- @target=install; $(RECURSIVE_MAKE) |
190 |
-+ +@target=install; $(RECURSIVE_MAKE) |
191 |
- |
192 |
- tags: |
193 |
- ctags $(SRC) |
194 |
---- openssl-1.0.2g/Makefile.org |
195 |
-+++ openssl-1.0.2g/Makefile.org |
196 |
-@@ -279,17 +279,17 @@ |
197 |
- build_libssl: build_ssl libssl.pc |
198 |
- |
199 |
- build_crypto: |
200 |
-- @dir=crypto; target=all; $(BUILD_ONE_CMD) |
201 |
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) |
202 |
- build_ssl: build_crypto |
203 |
-- @dir=ssl; target=all; $(BUILD_ONE_CMD) |
204 |
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) |
205 |
- build_engines: build_crypto |
206 |
-- @dir=engines; target=all; $(BUILD_ONE_CMD) |
207 |
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD) |
208 |
- build_apps: build_libs |
209 |
-- @dir=apps; target=all; $(BUILD_ONE_CMD) |
210 |
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD) |
211 |
- build_tests: build_libs |
212 |
-- @dir=test; target=all; $(BUILD_ONE_CMD) |
213 |
-+ +@dir=test; target=all; $(BUILD_ONE_CMD) |
214 |
- build_tools: build_libs |
215 |
-- @dir=tools; target=all; $(BUILD_ONE_CMD) |
216 |
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD) |
217 |
- |
218 |
- all_testapps: build_libs build_testapps |
219 |
- build_testapps: |
220 |
-@@ -544,7 +544,7 @@ |
221 |
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
222 |
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
223 |
- done; |
224 |
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD) |
225 |
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) |
226 |
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ |
227 |
- do \ |
228 |
- if [ -f "$$i" ]; then \ |
229 |
---- openssl-1.0.2g/Makefile.shared |
230 |
-+++ openssl-1.0.2g/Makefile.shared |
231 |
-@@ -105,6 +105,7 @@ |
232 |
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ |
233 |
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ |
234 |
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ |
235 |
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ |
236 |
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ |
237 |
- $${SHAREDCMD} $${SHAREDFLAGS} \ |
238 |
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ |
239 |
-@@ -122,6 +123,7 @@ |
240 |
- done; \ |
241 |
- fi; \ |
242 |
- if [ -n "$$SHLIB_SOVER" ]; then \ |
243 |
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ |
244 |
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ |
245 |
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ |
246 |
- fi; \ |
247 |
---- openssl-1.0.2g/test/Makefile |
248 |
-+++ openssl-1.0.2g/test/Makefile |
249 |
-@@ -139,7 +139,7 @@ |
250 |
- tags: |
251 |
- ctags $(SRC) |
252 |
- |
253 |
--tests: exe apps $(TESTS) |
254 |
-+tests: exe $(TESTS) |
255 |
- |
256 |
- apps: |
257 |
- @(cd ..; $(MAKE) DIRS=apps all) |
258 |
-@@ -421,130 +421,130 @@ |
259 |
- link_app.$${shlib_target} |
260 |
- |
261 |
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) |
262 |
-- @target=$(RSATEST); $(BUILD_CMD) |
263 |
-+ +@target=$(RSATEST); $(BUILD_CMD) |
264 |
- |
265 |
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) |
266 |
-- @target=$(BNTEST); $(BUILD_CMD) |
267 |
-+ +@target=$(BNTEST); $(BUILD_CMD) |
268 |
- |
269 |
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) |
270 |
-- @target=$(ECTEST); $(BUILD_CMD) |
271 |
-+ +@target=$(ECTEST); $(BUILD_CMD) |
272 |
- |
273 |
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) |
274 |
-- @target=$(EXPTEST); $(BUILD_CMD) |
275 |
-+ +@target=$(EXPTEST); $(BUILD_CMD) |
276 |
- |
277 |
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) |
278 |
-- @target=$(IDEATEST); $(BUILD_CMD) |
279 |
-+ +@target=$(IDEATEST); $(BUILD_CMD) |
280 |
- |
281 |
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) |
282 |
-- @target=$(MD2TEST); $(BUILD_CMD) |
283 |
-+ +@target=$(MD2TEST); $(BUILD_CMD) |
284 |
- |
285 |
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) |
286 |
-- @target=$(SHATEST); $(BUILD_CMD) |
287 |
-+ +@target=$(SHATEST); $(BUILD_CMD) |
288 |
- |
289 |
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) |
290 |
-- @target=$(SHA1TEST); $(BUILD_CMD) |
291 |
-+ +@target=$(SHA1TEST); $(BUILD_CMD) |
292 |
- |
293 |
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) |
294 |
-- @target=$(SHA256TEST); $(BUILD_CMD) |
295 |
-+ +@target=$(SHA256TEST); $(BUILD_CMD) |
296 |
- |
297 |
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) |
298 |
-- @target=$(SHA512TEST); $(BUILD_CMD) |
299 |
-+ +@target=$(SHA512TEST); $(BUILD_CMD) |
300 |
- |
301 |
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) |
302 |
-- @target=$(RMDTEST); $(BUILD_CMD) |
303 |
-+ +@target=$(RMDTEST); $(BUILD_CMD) |
304 |
- |
305 |
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) |
306 |
-- @target=$(MDC2TEST); $(BUILD_CMD) |
307 |
-+ +@target=$(MDC2TEST); $(BUILD_CMD) |
308 |
- |
309 |
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) |
310 |
-- @target=$(MD4TEST); $(BUILD_CMD) |
311 |
-+ +@target=$(MD4TEST); $(BUILD_CMD) |
312 |
- |
313 |
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) |
314 |
-- @target=$(MD5TEST); $(BUILD_CMD) |
315 |
-+ +@target=$(MD5TEST); $(BUILD_CMD) |
316 |
- |
317 |
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) |
318 |
-- @target=$(HMACTEST); $(BUILD_CMD) |
319 |
-+ +@target=$(HMACTEST); $(BUILD_CMD) |
320 |
- |
321 |
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) |
322 |
-- @target=$(WPTEST); $(BUILD_CMD) |
323 |
-+ +@target=$(WPTEST); $(BUILD_CMD) |
324 |
- |
325 |
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) |
326 |
-- @target=$(RC2TEST); $(BUILD_CMD) |
327 |
-+ +@target=$(RC2TEST); $(BUILD_CMD) |
328 |
- |
329 |
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) |
330 |
-- @target=$(BFTEST); $(BUILD_CMD) |
331 |
-+ +@target=$(BFTEST); $(BUILD_CMD) |
332 |
- |
333 |
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) |
334 |
-- @target=$(CASTTEST); $(BUILD_CMD) |
335 |
-+ +@target=$(CASTTEST); $(BUILD_CMD) |
336 |
- |
337 |
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) |
338 |
-- @target=$(RC4TEST); $(BUILD_CMD) |
339 |
-+ +@target=$(RC4TEST); $(BUILD_CMD) |
340 |
- |
341 |
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) |
342 |
-- @target=$(RC5TEST); $(BUILD_CMD) |
343 |
-+ +@target=$(RC5TEST); $(BUILD_CMD) |
344 |
- |
345 |
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) |
346 |
-- @target=$(DESTEST); $(BUILD_CMD) |
347 |
-+ +@target=$(DESTEST); $(BUILD_CMD) |
348 |
- |
349 |
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) |
350 |
-- @target=$(RANDTEST); $(BUILD_CMD) |
351 |
-+ +@target=$(RANDTEST); $(BUILD_CMD) |
352 |
- |
353 |
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) |
354 |
-- @target=$(DHTEST); $(BUILD_CMD) |
355 |
-+ +@target=$(DHTEST); $(BUILD_CMD) |
356 |
- |
357 |
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) |
358 |
-- @target=$(DSATEST); $(BUILD_CMD) |
359 |
-+ +@target=$(DSATEST); $(BUILD_CMD) |
360 |
- |
361 |
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) |
362 |
-- @target=$(METHTEST); $(BUILD_CMD) |
363 |
-+ +@target=$(METHTEST); $(BUILD_CMD) |
364 |
- |
365 |
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) |
366 |
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD) |
367 |
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) |
368 |
- |
369 |
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) |
370 |
-- @target=$(ENGINETEST); $(BUILD_CMD) |
371 |
-+ +@target=$(ENGINETEST); $(BUILD_CMD) |
372 |
- |
373 |
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) |
374 |
-- @target=$(EVPTEST); $(BUILD_CMD) |
375 |
-+ +@target=$(EVPTEST); $(BUILD_CMD) |
376 |
- |
377 |
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) |
378 |
-- @target=$(EVPEXTRATEST); $(BUILD_CMD) |
379 |
-+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) |
380 |
- |
381 |
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) |
382 |
-- @target=$(ECDSATEST); $(BUILD_CMD) |
383 |
-+ +@target=$(ECDSATEST); $(BUILD_CMD) |
384 |
- |
385 |
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) |
386 |
-- @target=$(ECDHTEST); $(BUILD_CMD) |
387 |
-+ +@target=$(ECDHTEST); $(BUILD_CMD) |
388 |
- |
389 |
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) |
390 |
-- @target=$(IGETEST); $(BUILD_CMD) |
391 |
-+ +@target=$(IGETEST); $(BUILD_CMD) |
392 |
- |
393 |
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) |
394 |
-- @target=$(JPAKETEST); $(BUILD_CMD) |
395 |
-+ +@target=$(JPAKETEST); $(BUILD_CMD) |
396 |
- |
397 |
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) |
398 |
-- @target=$(ASN1TEST); $(BUILD_CMD) |
399 |
-+ +@target=$(ASN1TEST); $(BUILD_CMD) |
400 |
- |
401 |
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) |
402 |
-- @target=$(SRPTEST); $(BUILD_CMD) |
403 |
-+ +@target=$(SRPTEST); $(BUILD_CMD) |
404 |
- |
405 |
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) |
406 |
-- @target=$(V3NAMETEST); $(BUILD_CMD) |
407 |
-+ +@target=$(V3NAMETEST); $(BUILD_CMD) |
408 |
- |
409 |
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) |
410 |
-- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) |
411 |
-+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) |
412 |
- |
413 |
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o |
414 |
-- @target=$(CONSTTIMETEST) $(BUILD_CMD) |
415 |
-+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) |
416 |
- |
417 |
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o |
418 |
-- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) |
419 |
-+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) |
420 |
- |
421 |
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o |
422 |
-- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) |
423 |
-+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) |
424 |
- |
425 |
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o |
426 |
-- @target=$(SSLV2CONFTEST) $(BUILD_CMD) |
427 |
-+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) |
428 |
- |
429 |
- #$(AESTEST).o: $(AESTEST).c |
430 |
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c |
431 |
-@@ -557,7 +557,7 @@ |
432 |
- # fi |
433 |
- |
434 |
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) |
435 |
-- @target=dummytest; $(BUILD_CMD) |
436 |
-+ +@target=dummytest; $(BUILD_CMD) |
437 |
- |
438 |
- # DO NOT DELETE THIS LINE -- make depend depends on it. |
439 |
- |
440 |
|
441 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch |
442 |
deleted file mode 100644 |
443 |
index ca934c2..00000000 |
444 |
--- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch |
445 |
+++ /dev/null |
446 |
@@ -1,279 +0,0 @@ |
447 |
-From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001 |
448 |
-From: Matt Caswell <matt@×××××××.org> |
449 |
-Date: Thu, 5 May 2016 11:10:26 +0100 |
450 |
-Subject: [PATCH] Avoid some undefined pointer arithmetic |
451 |
- |
452 |
-A common idiom in the codebase is: |
453 |
- |
454 |
-if (p + len > limit) |
455 |
-{ |
456 |
- return; /* Too long */ |
457 |
-} |
458 |
- |
459 |
-Where "p" points to some malloc'd data of SIZE bytes and |
460 |
-limit == p + SIZE |
461 |
- |
462 |
-"len" here could be from some externally supplied data (e.g. from a TLS |
463 |
-message). |
464 |
- |
465 |
-The rules of C pointer arithmetic are such that "p + len" is only well |
466 |
-defined where len <= SIZE. Therefore the above idiom is actually |
467 |
-undefined behaviour. |
468 |
- |
469 |
-For example this could cause problems if some malloc implementation |
470 |
-provides an address for "p" such that "p + len" actually overflows for |
471 |
-values of len that are too big and therefore p + len < limit! |
472 |
- |
473 |
-Issue reported by Guido Vranken. |
474 |
- |
475 |
-CVE-2016-2177 |
476 |
- |
477 |
-Reviewed-by: Rich Salz <rsalz@×××××××.org> |
478 |
---- |
479 |
- ssl/s3_srvr.c | 14 +++++++------- |
480 |
- ssl/ssl_sess.c | 2 +- |
481 |
- ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++-------------------------- |
482 |
- 3 files changed, 38 insertions(+), 34 deletions(-) |
483 |
- |
484 |
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c |
485 |
-index ab28702..ab7f690 100644 |
486 |
---- a/ssl/s3_srvr.c |
487 |
-+++ b/ssl/s3_srvr.c |
488 |
-@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s) |
489 |
- |
490 |
- session_length = *(p + SSL3_RANDOM_SIZE); |
491 |
- |
492 |
-- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { |
493 |
-+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { |
494 |
- al = SSL_AD_DECODE_ERROR; |
495 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
496 |
- goto f_err; |
497 |
-@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s) |
498 |
- /* get the session-id */ |
499 |
- j = *(p++); |
500 |
- |
501 |
-- if (p + j > d + n) { |
502 |
-+ if ((d + n) - p < j) { |
503 |
- al = SSL_AD_DECODE_ERROR; |
504 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
505 |
- goto f_err; |
506 |
-@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s) |
507 |
- |
508 |
- if (SSL_IS_DTLS(s)) { |
509 |
- /* cookie stuff */ |
510 |
-- if (p + 1 > d + n) { |
511 |
-+ if ((d + n) - p < 1) { |
512 |
- al = SSL_AD_DECODE_ERROR; |
513 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
514 |
- goto f_err; |
515 |
- } |
516 |
- cookie_len = *(p++); |
517 |
- |
518 |
-- if (p + cookie_len > d + n) { |
519 |
-+ if ((d + n ) - p < cookie_len) { |
520 |
- al = SSL_AD_DECODE_ERROR; |
521 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
522 |
- goto f_err; |
523 |
-@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s) |
524 |
- } |
525 |
- } |
526 |
- |
527 |
-- if (p + 2 > d + n) { |
528 |
-+ if ((d + n ) - p < 2) { |
529 |
- al = SSL_AD_DECODE_ERROR; |
530 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
531 |
- goto f_err; |
532 |
-@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s) |
533 |
- } |
534 |
- |
535 |
- /* i bytes of cipher data + 1 byte for compression length later */ |
536 |
-- if ((p + i + 1) > (d + n)) { |
537 |
-+ if ((d + n) - p < i + 1) { |
538 |
- /* not enough data */ |
539 |
- al = SSL_AD_DECODE_ERROR; |
540 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); |
541 |
-@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s) |
542 |
- |
543 |
- /* compression */ |
544 |
- i = *(p++); |
545 |
-- if ((p + i) > (d + n)) { |
546 |
-+ if ((d + n) - p < i) { |
547 |
- /* not enough data */ |
548 |
- al = SSL_AD_DECODE_ERROR; |
549 |
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); |
550 |
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c |
551 |
-index b182998..54ee783 100644 |
552 |
---- a/ssl/ssl_sess.c |
553 |
-+++ b/ssl/ssl_sess.c |
554 |
-@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
555 |
- int r; |
556 |
- #endif |
557 |
- |
558 |
-- if (session_id + len > limit) { |
559 |
-+ if (limit - session_id < len) { |
560 |
- fatal = 1; |
561 |
- goto err; |
562 |
- } |
563 |
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c |
564 |
-index fb64607..cdac011 100644 |
565 |
---- a/ssl/t1_lib.c |
566 |
-+++ b/ssl/t1_lib.c |
567 |
-@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
568 |
- 0x02, 0x03, /* SHA-1/ECDSA */ |
569 |
- }; |
570 |
- |
571 |
-- if (data >= (limit - 2)) |
572 |
-+ if (limit - data <= 2) |
573 |
- return; |
574 |
- data += 2; |
575 |
- |
576 |
-- if (data > (limit - 4)) |
577 |
-+ if (limit - data < 4) |
578 |
- return; |
579 |
- n2s(data, type); |
580 |
- n2s(data, size); |
581 |
-@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
582 |
- if (type != TLSEXT_TYPE_server_name) |
583 |
- return; |
584 |
- |
585 |
-- if (data + size > limit) |
586 |
-+ if (limit - data < size) |
587 |
- return; |
588 |
- data += size; |
589 |
- |
590 |
-@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
591 |
- const size_t len1 = sizeof(kSafariExtensionsBlock); |
592 |
- const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); |
593 |
- |
594 |
-- if (data + len1 + len2 != limit) |
595 |
-+ if (limit - data != (int)(len1 + len2)) |
596 |
- return; |
597 |
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0) |
598 |
- return; |
599 |
-@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
600 |
- } else { |
601 |
- const size_t len = sizeof(kSafariExtensionsBlock); |
602 |
- |
603 |
-- if (data + len != limit) |
604 |
-+ if (limit - data != (int)(len)) |
605 |
- return; |
606 |
- if (memcmp(data, kSafariExtensionsBlock, len) != 0) |
607 |
- return; |
608 |
-@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, |
609 |
- if (data == limit) |
610 |
- goto ri_check; |
611 |
- |
612 |
-- if (data > (limit - 2)) |
613 |
-+ if (limit - data < 2) |
614 |
- goto err; |
615 |
- |
616 |
- n2s(data, len); |
617 |
- |
618 |
-- if (data + len != limit) |
619 |
-+ if (limit - data != len) |
620 |
- goto err; |
621 |
- |
622 |
-- while (data <= (limit - 4)) { |
623 |
-+ while (limit - data >= 4) { |
624 |
- n2s(data, type); |
625 |
- n2s(data, size); |
626 |
- |
627 |
-- if (data + size > (limit)) |
628 |
-+ if (limit - data < size) |
629 |
- goto err; |
630 |
- # if 0 |
631 |
- fprintf(stderr, "Received extension type %d size %d\n", type, size); |
632 |
-@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, |
633 |
- if (s->hit || s->cert->srv_ext.meths_count == 0) |
634 |
- return 1; |
635 |
- |
636 |
-- if (data >= limit - 2) |
637 |
-+ if (limit - data <= 2) |
638 |
- return 1; |
639 |
- n2s(data, len); |
640 |
- |
641 |
-- if (data > limit - len) |
642 |
-+ if (limit - data < len) |
643 |
- return 1; |
644 |
- |
645 |
-- while (data <= limit - 4) { |
646 |
-+ while (limit - data >= 4) { |
647 |
- n2s(data, type); |
648 |
- n2s(data, size); |
649 |
- |
650 |
-- if (data + size > limit) |
651 |
-+ if (limit - data < size) |
652 |
- return 1; |
653 |
- if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0) |
654 |
- return 0; |
655 |
-@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, |
656 |
- SSL_TLSEXT_HB_DONT_SEND_REQUESTS); |
657 |
- # endif |
658 |
- |
659 |
-- if (data >= (d + n - 2)) |
660 |
-+ if ((d + n) - data <= 2) |
661 |
- goto ri_check; |
662 |
- |
663 |
- n2s(data, length); |
664 |
-- if (data + length != d + n) { |
665 |
-+ if ((d + n) - data != length) { |
666 |
- *al = SSL_AD_DECODE_ERROR; |
667 |
- return 0; |
668 |
- } |
669 |
- |
670 |
-- while (data <= (d + n - 4)) { |
671 |
-+ while ((d + n) - data >= 4) { |
672 |
- n2s(data, type); |
673 |
- n2s(data, size); |
674 |
- |
675 |
-- if (data + size > (d + n)) |
676 |
-+ if ((d + n) - data < size) |
677 |
- goto ri_check; |
678 |
- |
679 |
- if (s->tlsext_debug_cb) |
680 |
-@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, |
681 |
- /* Skip past DTLS cookie */ |
682 |
- if (SSL_IS_DTLS(s)) { |
683 |
- i = *(p++); |
684 |
-- p += i; |
685 |
-- if (p >= limit) |
686 |
-+ |
687 |
-+ if (limit - p <= i) |
688 |
- return -1; |
689 |
-+ |
690 |
-+ p += i; |
691 |
- } |
692 |
- /* Skip past cipher list */ |
693 |
- n2s(p, i); |
694 |
-- p += i; |
695 |
-- if (p >= limit) |
696 |
-+ if (limit - p <= i) |
697 |
- return -1; |
698 |
-+ p += i; |
699 |
-+ |
700 |
- /* Skip past compression algorithm list */ |
701 |
- i = *(p++); |
702 |
-- p += i; |
703 |
-- if (p > limit) |
704 |
-+ if (limit - p < i) |
705 |
- return -1; |
706 |
-+ p += i; |
707 |
-+ |
708 |
- /* Now at start of extensions */ |
709 |
-- if ((p + 2) >= limit) |
710 |
-+ if (limit - p <= 2) |
711 |
- return 0; |
712 |
- n2s(p, i); |
713 |
-- while ((p + 4) <= limit) { |
714 |
-+ while (limit - p >= 4) { |
715 |
- unsigned short type, size; |
716 |
- n2s(p, type); |
717 |
- n2s(p, size); |
718 |
-- if (p + size > limit) |
719 |
-+ if (limit - p < size) |
720 |
- return 0; |
721 |
- if (type == TLSEXT_TYPE_session_ticket) { |
722 |
- int r; |
723 |
--- |
724 |
-1.9.1 |
725 |
- |
726 |
|
727 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch |
728 |
deleted file mode 100644 |
729 |
index a64141f..00000000 |
730 |
--- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch |
731 |
+++ /dev/null |
732 |
@@ -1,28 +0,0 @@ |
733 |
-X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_ossl.c;h=beb62b2ff058d3e2bde0397fbddd355e11cd457b;hp=ce1da1cd6fa121f1ae0961ac2d2e9f81de4d8c9b;hb=399944622df7bd81af62e67ea967c470534090e2;hpb=0a4c87a90c6cf6628c688868cd5f13e4b9a5f19d |
734 |
- |
735 |
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c |
736 |
-index ce1da1c..beb62b2 100644 |
737 |
---- a/crypto/dsa/dsa_ossl.c |
738 |
-+++ b/crypto/dsa/dsa_ossl.c |
739 |
-@@ -248,9 +248,6 @@ |
740 |
- if (!BN_rand_range(&k, dsa->q)) |
741 |
- goto err; |
742 |
- while (BN_is_zero(&k)) ; |
743 |
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { |
744 |
-- BN_set_flags(&k, BN_FLG_CONSTTIME); |
745 |
-- } |
746 |
- |
747 |
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { |
748 |
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, |
749 |
-@@ -238,6 +234,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, |
750 |
- } else { |
751 |
- K = k; |
752 |
- } |
753 |
-+ |
754 |
-+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { |
755 |
-+ BN_set_flags(K, BN_FLG_CONSTTIME); |
756 |
-+ } |
757 |
-+ |
758 |
- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, |
759 |
- dsa->method_mont_p); |
760 |
- if (!BN_mod(r, r, dsa->q, ctx)) |
761 |
|
762 |
diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild |
763 |
deleted file mode 100644 |
764 |
index 333ae66..00000000 |
765 |
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild |
766 |
+++ /dev/null |
767 |
@@ -1,254 +0,0 @@ |
768 |
-# Copyright 1999-2016 Gentoo Foundation |
769 |
-# Distributed under the terms of the GNU General Public License v2 |
770 |
-# $Id$ |
771 |
- |
772 |
-EAPI="5" |
773 |
- |
774 |
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
775 |
- |
776 |
-MY_P=${P/_/-} |
777 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
778 |
-HOMEPAGE="http://www.openssl.org/" |
779 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
780 |
- |
781 |
-LICENSE="openssl" |
782 |
-SLOT="0" |
783 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
784 |
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
785 |
-RESTRICT="!bindist? ( bindist )" |
786 |
- |
787 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
788 |
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
789 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
790 |
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" |
791 |
-DEPEND="${RDEPEND} |
792 |
- >=dev-lang/perl-5 |
793 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
794 |
- test? ( |
795 |
- sys-apps/diffutils |
796 |
- sys-devel/bc |
797 |
- )" |
798 |
-PDEPEND="app-misc/ca-certificates" |
799 |
- |
800 |
-S="${WORKDIR}/${MY_P}" |
801 |
- |
802 |
-MULTILIB_WRAPPED_HEADERS=( |
803 |
- usr/include/openssl/opensslconf.h |
804 |
-) |
805 |
- |
806 |
-src_prepare() { |
807 |
- # keep this in sync with app-misc/c_rehash |
808 |
- SSL_CNF_DIR="/etc/ssl" |
809 |
- |
810 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
811 |
- # that gets blown away anyways by the Configure script in src_configure |
812 |
- rm -f Makefile |
813 |
- |
814 |
- # bugs 585142 and 585276 |
815 |
- epatch "${FILESDIR}"/${P}-CVE-2016-2177.patch |
816 |
- epatch "${FILESDIR}"/${P}-CVE-2016-2178.patch |
817 |
- |
818 |
- if ! use vanilla ; then |
819 |
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
820 |
- epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 |
821 |
- epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch |
822 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
823 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
824 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
825 |
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
826 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
827 |
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
828 |
- |
829 |
- epatch_user #332661 |
830 |
- fi |
831 |
- |
832 |
- # disable fips in the build |
833 |
- # make sure the man pages are suffixed #302165 |
834 |
- # don't bother building man pages if they're disabled |
835 |
- sed -i \ |
836 |
- -e '/DIRS/s: fips : :g' \ |
837 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
838 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
839 |
- -e $(has noman FEATURES \ |
840 |
- && echo '/^install:/s:install_docs::' \ |
841 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
842 |
- Makefile.org \ |
843 |
- || die |
844 |
- # show the actual commands in the log |
845 |
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
846 |
- |
847 |
- # since we're forcing $(CC) as makedep anyway, just fix |
848 |
- # the conditional as always-on |
849 |
- # helps clang (#417795), and versioned gcc (#499818) |
850 |
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
851 |
- |
852 |
- # quiet out unknown driver argument warnings since openssl |
853 |
- # doesn't have well-split CFLAGS and we're making it even worse |
854 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
855 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
856 |
- |
857 |
- # allow openssl to be cross-compiled |
858 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
859 |
- chmod a+rx gentoo.config |
860 |
- |
861 |
- append-flags -fno-strict-aliasing |
862 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
863 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
864 |
- |
865 |
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
866 |
- # The config script does stupid stuff to prompt the user. Kill it. |
867 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
868 |
- ./config --test-sanity || die "I AM NOT SANE" |
869 |
- |
870 |
- multilib_copy_sources |
871 |
-} |
872 |
- |
873 |
-multilib_src_configure() { |
874 |
- unset APPS #197996 |
875 |
- unset SCRIPTS #312551 |
876 |
- unset CROSS_COMPILE #311473 |
877 |
- |
878 |
- tc-export CC AR RANLIB RC |
879 |
- |
880 |
- # Clean out patent-or-otherwise-encumbered code |
881 |
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
882 |
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
883 |
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
884 |
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
885 |
- # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
886 |
- |
887 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
888 |
- echoit() { echo "$@" ; "$@" ; } |
889 |
- |
890 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
891 |
- |
892 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
893 |
- # friendly and can use the nicely optimized code paths. #460790 |
894 |
- local ec_nistp_64_gcc_128 |
895 |
- # Disable it for now though #469976 |
896 |
- #if ! use bindist ; then |
897 |
- # echo "__uint128_t i;" > "${T}"/128.c |
898 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
899 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
900 |
- # fi |
901 |
- #fi |
902 |
- |
903 |
- local sslout=$(./gentoo.config) |
904 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
905 |
- local config="Configure" |
906 |
- [[ -z ${sslout} ]] && config="config" |
907 |
- |
908 |
- echoit \ |
909 |
- ./${config} \ |
910 |
- ${sslout} \ |
911 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
912 |
- enable-camellia \ |
913 |
- $(use_ssl !bindist ec) \ |
914 |
- ${ec_nistp_64_gcc_128} \ |
915 |
- enable-idea \ |
916 |
- enable-mdc2 \ |
917 |
- enable-rc5 \ |
918 |
- enable-tlsext \ |
919 |
- $(use_ssl asm) \ |
920 |
- $(use_ssl gmp gmp -lgmp) \ |
921 |
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
922 |
- $(use_ssl rfc3779) \ |
923 |
- $(use_ssl sctp) \ |
924 |
- $(use_ssl sslv2 ssl2) \ |
925 |
- $(use_ssl sslv3 ssl3) \ |
926 |
- $(use_ssl tls-heartbeat heartbeats) \ |
927 |
- $(use_ssl zlib) \ |
928 |
- --prefix="${EPREFIX}"/usr \ |
929 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
930 |
- --libdir=$(get_libdir) \ |
931 |
- shared threads \ |
932 |
- || die |
933 |
- |
934 |
- # Clean out hardcoded flags that openssl uses |
935 |
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
936 |
- -e 's:^CFLAG=::' \ |
937 |
- -e 's:-fomit-frame-pointer ::g' \ |
938 |
- -e 's:-O[0-9] ::g' \ |
939 |
- -e 's:-march=[-a-z0-9]* ::g' \ |
940 |
- -e 's:-mcpu=[-a-z0-9]* ::g' \ |
941 |
- -e 's:-m[a-z0-9]* ::g' \ |
942 |
- ) |
943 |
- sed -i \ |
944 |
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
945 |
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
946 |
- Makefile || die |
947 |
-} |
948 |
- |
949 |
-multilib_src_compile() { |
950 |
- # depend is needed to use $confopts; it also doesn't matter |
951 |
- # that it's -j1 as the code itself serializes subdirs |
952 |
- emake -j1 depend |
953 |
- emake all |
954 |
- # rehash is needed to prep the certs/ dir; do this |
955 |
- # separately to avoid parallel build issues. |
956 |
- emake rehash |
957 |
-} |
958 |
- |
959 |
-multilib_src_test() { |
960 |
- emake -j1 test |
961 |
-} |
962 |
- |
963 |
-multilib_src_install() { |
964 |
- emake INSTALL_PREFIX="${D}" install |
965 |
-} |
966 |
- |
967 |
-multilib_src_install_all() { |
968 |
- # openssl installs perl version of c_rehash by default, but |
969 |
- # we provide a shell version via app-misc/c_rehash |
970 |
- rm "${ED}"/usr/bin/c_rehash || die |
971 |
- |
972 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
973 |
- dohtml -r doc/* |
974 |
- use rfc3779 && dodoc engines/ccgost/README.gost |
975 |
- |
976 |
- # This is crappy in that the static archives are still built even |
977 |
- # when USE=static-libs. But this is due to a failing in the openssl |
978 |
- # build system: the static archives are built as PIC all the time. |
979 |
- # Only way around this would be to manually configure+compile openssl |
980 |
- # twice; once with shared lib support enabled and once without. |
981 |
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
982 |
- |
983 |
- # create the certs directory |
984 |
- dodir ${SSL_CNF_DIR}/certs |
985 |
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
986 |
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
987 |
- |
988 |
- # Namespace openssl programs to prevent conflicts with other man pages |
989 |
- cd "${ED}"/usr/share/man |
990 |
- local m d s |
991 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
992 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
993 |
- [[ ${m} == openssl.1* ]] && continue |
994 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
995 |
- mv ${d}/{,ssl-}${m} |
996 |
- # fix up references to renamed man pages |
997 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
998 |
- ln -s ssl-${m} ${d}/openssl-${m} |
999 |
- # locate any symlinks that point to this man page ... we assume |
1000 |
- # that any broken links are due to the above renaming |
1001 |
- for s in $(find -L ${d} -type l) ; do |
1002 |
- s=${s##*/} |
1003 |
- rm -f ${d}/${s} |
1004 |
- ln -s ssl-${m} ${d}/ssl-${s} |
1005 |
- ln -s ssl-${s} ${d}/openssl-${s} |
1006 |
- done |
1007 |
- done |
1008 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
1009 |
- |
1010 |
- dodir /etc/sandbox.d #254521 |
1011 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
1012 |
- |
1013 |
- diropts -m0700 |
1014 |
- keepdir ${SSL_CNF_DIR}/private |
1015 |
-} |
1016 |
- |
1017 |
-pkg_postinst() { |
1018 |
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
1019 |
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
1020 |
- eend $? |
1021 |
-} |
1022 |
|
1023 |
diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild |
1024 |
deleted file mode 100644 |
1025 |
index ce2aa66..00000000 |
1026 |
--- a/dev-libs/openssl/openssl-1.0.2i.ebuild |
1027 |
+++ /dev/null |
1028 |
@@ -1,249 +0,0 @@ |
1029 |
-# Copyright 1999-2016 Gentoo Foundation |
1030 |
-# Distributed under the terms of the GNU General Public License v2 |
1031 |
-# $Id$ |
1032 |
- |
1033 |
-EAPI="5" |
1034 |
- |
1035 |
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
1036 |
- |
1037 |
-MY_P=${P/_/-} |
1038 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
1039 |
-HOMEPAGE="http://www.openssl.org/" |
1040 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
1041 |
- |
1042 |
-LICENSE="openssl" |
1043 |
-SLOT="0" |
1044 |
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
1045 |
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
1046 |
-RESTRICT="!bindist? ( bindist )" |
1047 |
- |
1048 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
1049 |
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1050 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1051 |
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" |
1052 |
-DEPEND="${RDEPEND} |
1053 |
- >=dev-lang/perl-5 |
1054 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
1055 |
- test? ( |
1056 |
- sys-apps/diffutils |
1057 |
- sys-devel/bc |
1058 |
- )" |
1059 |
-PDEPEND="app-misc/ca-certificates" |
1060 |
- |
1061 |
-S="${WORKDIR}/${MY_P}" |
1062 |
- |
1063 |
-MULTILIB_WRAPPED_HEADERS=( |
1064 |
- usr/include/openssl/opensslconf.h |
1065 |
-) |
1066 |
- |
1067 |
-src_prepare() { |
1068 |
- # keep this in sync with app-misc/c_rehash |
1069 |
- SSL_CNF_DIR="/etc/ssl" |
1070 |
- |
1071 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
1072 |
- # that gets blown away anyways by the Configure script in src_configure |
1073 |
- rm -f Makefile |
1074 |
- |
1075 |
- if ! use vanilla ; then |
1076 |
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
1077 |
- epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch |
1078 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
1079 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
1080 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
1081 |
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
1082 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
1083 |
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
1084 |
- |
1085 |
- epatch_user #332661 |
1086 |
- fi |
1087 |
- |
1088 |
- # disable fips in the build |
1089 |
- # make sure the man pages are suffixed #302165 |
1090 |
- # don't bother building man pages if they're disabled |
1091 |
- sed -i \ |
1092 |
- -e '/DIRS/s: fips : :g' \ |
1093 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
1094 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
1095 |
- -e $(has noman FEATURES \ |
1096 |
- && echo '/^install:/s:install_docs::' \ |
1097 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
1098 |
- Makefile.org \ |
1099 |
- || die |
1100 |
- # show the actual commands in the log |
1101 |
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
1102 |
- |
1103 |
- # since we're forcing $(CC) as makedep anyway, just fix |
1104 |
- # the conditional as always-on |
1105 |
- # helps clang (#417795), and versioned gcc (#499818) |
1106 |
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
1107 |
- |
1108 |
- # quiet out unknown driver argument warnings since openssl |
1109 |
- # doesn't have well-split CFLAGS and we're making it even worse |
1110 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
1111 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
1112 |
- |
1113 |
- # allow openssl to be cross-compiled |
1114 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
1115 |
- chmod a+rx gentoo.config |
1116 |
- |
1117 |
- append-flags -fno-strict-aliasing |
1118 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
1119 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
1120 |
- |
1121 |
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
1122 |
- # The config script does stupid stuff to prompt the user. Kill it. |
1123 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
1124 |
- ./config --test-sanity || die "I AM NOT SANE" |
1125 |
- |
1126 |
- multilib_copy_sources |
1127 |
-} |
1128 |
- |
1129 |
-multilib_src_configure() { |
1130 |
- unset APPS #197996 |
1131 |
- unset SCRIPTS #312551 |
1132 |
- unset CROSS_COMPILE #311473 |
1133 |
- |
1134 |
- tc-export CC AR RANLIB RC |
1135 |
- |
1136 |
- # Clean out patent-or-otherwise-encumbered code |
1137 |
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
1138 |
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
1139 |
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
1140 |
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
1141 |
- # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
1142 |
- |
1143 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
1144 |
- echoit() { echo "$@" ; "$@" ; } |
1145 |
- |
1146 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
1147 |
- |
1148 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
1149 |
- # friendly and can use the nicely optimized code paths. #460790 |
1150 |
- local ec_nistp_64_gcc_128 |
1151 |
- # Disable it for now though #469976 |
1152 |
- #if ! use bindist ; then |
1153 |
- # echo "__uint128_t i;" > "${T}"/128.c |
1154 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
1155 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
1156 |
- # fi |
1157 |
- #fi |
1158 |
- |
1159 |
- local sslout=$(./gentoo.config) |
1160 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
1161 |
- local config="Configure" |
1162 |
- [[ -z ${sslout} ]] && config="config" |
1163 |
- |
1164 |
- echoit \ |
1165 |
- ./${config} \ |
1166 |
- ${sslout} \ |
1167 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
1168 |
- enable-camellia \ |
1169 |
- $(use_ssl !bindist ec) \ |
1170 |
- ${ec_nistp_64_gcc_128} \ |
1171 |
- enable-idea \ |
1172 |
- enable-mdc2 \ |
1173 |
- enable-rc5 \ |
1174 |
- enable-tlsext \ |
1175 |
- $(use_ssl asm) \ |
1176 |
- $(use_ssl gmp gmp -lgmp) \ |
1177 |
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
1178 |
- $(use_ssl rfc3779) \ |
1179 |
- $(use_ssl sctp) \ |
1180 |
- $(use_ssl sslv2 ssl2) \ |
1181 |
- $(use_ssl sslv3 ssl3) \ |
1182 |
- $(use_ssl tls-heartbeat heartbeats) \ |
1183 |
- $(use_ssl zlib) \ |
1184 |
- --prefix="${EPREFIX}"/usr \ |
1185 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
1186 |
- --libdir=$(get_libdir) \ |
1187 |
- shared threads \ |
1188 |
- || die |
1189 |
- |
1190 |
- # Clean out hardcoded flags that openssl uses |
1191 |
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
1192 |
- -e 's:^CFLAG=::' \ |
1193 |
- -e 's:-fomit-frame-pointer ::g' \ |
1194 |
- -e 's:-O[0-9] ::g' \ |
1195 |
- -e 's:-march=[-a-z0-9]* ::g' \ |
1196 |
- -e 's:-mcpu=[-a-z0-9]* ::g' \ |
1197 |
- -e 's:-m[a-z0-9]* ::g' \ |
1198 |
- ) |
1199 |
- sed -i \ |
1200 |
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
1201 |
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
1202 |
- Makefile || die |
1203 |
-} |
1204 |
- |
1205 |
-multilib_src_compile() { |
1206 |
- # depend is needed to use $confopts; it also doesn't matter |
1207 |
- # that it's -j1 as the code itself serializes subdirs |
1208 |
- emake -j1 depend |
1209 |
- emake all |
1210 |
- # rehash is needed to prep the certs/ dir; do this |
1211 |
- # separately to avoid parallel build issues. |
1212 |
- emake rehash |
1213 |
-} |
1214 |
- |
1215 |
-multilib_src_test() { |
1216 |
- emake -j1 test |
1217 |
-} |
1218 |
- |
1219 |
-multilib_src_install() { |
1220 |
- emake INSTALL_PREFIX="${D}" install |
1221 |
-} |
1222 |
- |
1223 |
-multilib_src_install_all() { |
1224 |
- # openssl installs perl version of c_rehash by default, but |
1225 |
- # we provide a shell version via app-misc/c_rehash |
1226 |
- rm "${ED}"/usr/bin/c_rehash || die |
1227 |
- |
1228 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
1229 |
- dohtml -r doc/* |
1230 |
- use rfc3779 && dodoc engines/ccgost/README.gost |
1231 |
- |
1232 |
- # This is crappy in that the static archives are still built even |
1233 |
- # when USE=static-libs. But this is due to a failing in the openssl |
1234 |
- # build system: the static archives are built as PIC all the time. |
1235 |
- # Only way around this would be to manually configure+compile openssl |
1236 |
- # twice; once with shared lib support enabled and once without. |
1237 |
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
1238 |
- |
1239 |
- # create the certs directory |
1240 |
- dodir ${SSL_CNF_DIR}/certs |
1241 |
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
1242 |
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
1243 |
- |
1244 |
- # Namespace openssl programs to prevent conflicts with other man pages |
1245 |
- cd "${ED}"/usr/share/man |
1246 |
- local m d s |
1247 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
1248 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
1249 |
- [[ ${m} == openssl.1* ]] && continue |
1250 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
1251 |
- mv ${d}/{,ssl-}${m} |
1252 |
- # fix up references to renamed man pages |
1253 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
1254 |
- ln -s ssl-${m} ${d}/openssl-${m} |
1255 |
- # locate any symlinks that point to this man page ... we assume |
1256 |
- # that any broken links are due to the above renaming |
1257 |
- for s in $(find -L ${d} -type l) ; do |
1258 |
- s=${s##*/} |
1259 |
- rm -f ${d}/${s} |
1260 |
- ln -s ssl-${m} ${d}/ssl-${s} |
1261 |
- ln -s ssl-${s} ${d}/openssl-${s} |
1262 |
- done |
1263 |
- done |
1264 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
1265 |
- |
1266 |
- dodir /etc/sandbox.d #254521 |
1267 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
1268 |
- |
1269 |
- diropts -m0700 |
1270 |
- keepdir ${SSL_CNF_DIR}/private |
1271 |
-} |
1272 |
- |
1273 |
-pkg_postinst() { |
1274 |
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
1275 |
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
1276 |
- eend $? |
1277 |
-} |