1 |
polynomial-c 14/06/05 12:53:23 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: openssl-1.0.1h.ebuild openssl-1.0.0m.ebuild |
5 |
Log: |
6 |
Security bump (bug #512506) |
7 |
|
8 |
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC) |
9 |
|
10 |
Revision Changes Path |
11 |
1.541 dev-libs/openssl/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.541&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/ChangeLog?rev=1.541&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/ChangeLog?r1=1.540&r2=1.541 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v |
20 |
retrieving revision 1.540 |
21 |
retrieving revision 1.541 |
22 |
diff -u -r1.540 -r1.541 |
23 |
--- ChangeLog 30 May 2014 20:54:08 -0000 1.540 |
24 |
+++ ChangeLog 5 Jun 2014 12:53:23 -0000 1.541 |
25 |
@@ -1,6 +1,13 @@ |
26 |
# ChangeLog for dev-libs/openssl |
27 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.540 2014/05/30 20:54:08 mgorny Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.541 2014/06/05 12:53:23 polynomial-c Exp $ |
30 |
+ |
31 |
+*openssl-1.0.1h (05 Jun 2014) |
32 |
+*openssl-1.0.0m (05 Jun 2014) |
33 |
+ |
34 |
+ 05 Jun 2014; Lars Wendler <polynomial-c@g.o> +openssl-1.0.0m.ebuild, |
35 |
+ +openssl-1.0.1h.ebuild, +files/openssl-1.0.1h-ipv6.patch: |
36 |
+ Security bump (bug #512506). |
37 |
|
38 |
30 May 2014; Michał Górny <mgorny@g.o> openssl-0.9.8y-r1.ebuild, |
39 |
openssl-1.0.1g-r1.ebuild, openssl-1.0.2_beta1-r3.ebuild: |
40 |
|
41 |
|
42 |
|
43 |
1.1 dev-libs/openssl/openssl-1.0.1h.ebuild |
44 |
|
45 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-1.0.1h.ebuild?rev=1.1&view=markup |
46 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-1.0.1h.ebuild?rev=1.1&content-type=text/plain |
47 |
|
48 |
Index: openssl-1.0.1h.ebuild |
49 |
=================================================================== |
50 |
# Copyright 1999-2014 Gentoo Foundation |
51 |
# Distributed under the terms of the GNU General Public License v2 |
52 |
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1h.ebuild,v 1.1 2014/06/05 12:53:23 polynomial-c Exp $ |
53 |
|
54 |
EAPI="4" |
55 |
|
56 |
inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
57 |
|
58 |
REV="1.7" |
59 |
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
60 |
HOMEPAGE="http://www.openssl.org/" |
61 |
SRC_URI="mirror://openssl/source/${P}.tar.gz |
62 |
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" |
63 |
|
64 |
LICENSE="openssl" |
65 |
SLOT="0" |
66 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
67 |
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib" |
68 |
|
69 |
# The blocks are temporary just to make sure people upgrade to a |
70 |
# version that lack runtime version checking. We'll drop them in |
71 |
# the future. |
72 |
RDEPEND="gmp? ( dev-libs/gmp[static-libs(+)?,${MULTILIB_USEDEP}] ) |
73 |
zlib? ( sys-libs/zlib[static-libs(+)?,${MULTILIB_USEDEP}] ) |
74 |
kerberos? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] ) |
75 |
abi_x86_32? ( |
76 |
!<=app-emulation/emul-linux-x86-baselibs-20140406-r3 |
77 |
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
78 |
) |
79 |
!<net-misc/openssh-5.9_p1-r4 |
80 |
!<net-libs/neon-0.29.6-r1" |
81 |
DEPEND="${RDEPEND} |
82 |
sys-apps/diffutils |
83 |
>=dev-lang/perl-5 |
84 |
test? ( sys-devel/bc )" |
85 |
PDEPEND="app-misc/ca-certificates" |
86 |
|
87 |
src_unpack() { |
88 |
unpack ${P}.tar.gz |
89 |
SSL_CNF_DIR="/etc/ssl" |
90 |
sed \ |
91 |
-e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ |
92 |
-e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ |
93 |
"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ |
94 |
> "${WORKDIR}"/c_rehash || die #416717 |
95 |
} |
96 |
|
97 |
MULTILIB_WRAPPED_HEADERS=( |
98 |
usr/include/openssl/opensslconf.h |
99 |
) |
100 |
|
101 |
src_prepare() { |
102 |
# Make sure we only ever touch Makefile.org and avoid patching a file |
103 |
# that gets blown away anyways by the Configure script in src_configure |
104 |
rm -f Makefile |
105 |
|
106 |
if ! use vanilla ; then |
107 |
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
108 |
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 |
109 |
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch |
110 |
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch |
111 |
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch |
112 |
epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch |
113 |
epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584 |
114 |
epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 |
115 |
epatch_user #332661 |
116 |
fi |
117 |
|
118 |
# disable fips in the build |
119 |
# make sure the man pages are suffixed #302165 |
120 |
# don't bother building man pages if they're disabled |
121 |
sed -i \ |
122 |
-e '/DIRS/s: fips : :g' \ |
123 |
-e '/^MANSUFFIX/s:=.*:=ssl:' \ |
124 |
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
125 |
-e $(has noman FEATURES \ |
126 |
&& echo '/^install:/s:install_docs::' \ |
127 |
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
128 |
Makefile.org \ |
129 |
|| die |
130 |
# show the actual commands in the log |
131 |
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
132 |
|
133 |
# allow openssl to be cross-compiled |
134 |
cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die |
135 |
chmod a+rx gentoo.config |
136 |
|
137 |
append-flags -fno-strict-aliasing |
138 |
append-flags $(test-flags-CC -Wa,--noexecstack) |
139 |
|
140 |
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
141 |
# The config script does stupid stuff to prompt the user. Kill it. |
142 |
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
143 |
./config --test-sanity || die "I AM NOT SANE" |
144 |
|
145 |
multilib_copy_sources |
146 |
} |
147 |
|
148 |
multilib_src_configure() { |
149 |
unset APPS #197996 |
150 |
unset SCRIPTS #312551 |
151 |
unset CROSS_COMPILE #311473 |
152 |
|
153 |
tc-export CC AR RANLIB RC |
154 |
|
155 |
# Clean out patent-or-otherwise-encumbered code |
156 |
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
157 |
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
158 |
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
159 |
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
160 |
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 |
161 |
|
162 |
use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
163 |
echoit() { echo "$@" ; "$@" ; } |
164 |
|
165 |
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
166 |
|
167 |
# See if our toolchain supports __uint128_t. If so, it's 64bit |
168 |
# friendly and can use the nicely optimized code paths. #460790 |
169 |
local ec_nistp_64_gcc_128 |
170 |
# Disable it for now though #469976 |
171 |
#if ! use bindist ; then |
172 |
# echo "__uint128_t i;" > "${T}"/128.c |
173 |
# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
174 |
# ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
175 |
# fi |
176 |
#fi |
177 |
|
178 |
local sslout=$(./gentoo.config) |
179 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
180 |
local config="Configure" |
181 |
[[ -z ${sslout} ]] && config="config" |
182 |
|
183 |
echoit \ |
184 |
./${config} \ |
185 |
${sslout} \ |
186 |
$(use sse2 || echo "no-sse2") \ |
187 |
enable-camellia \ |
188 |
$(use_ssl !bindist ec) \ |
189 |
${ec_nistp_64_gcc_128} \ |
190 |
enable-idea \ |
191 |
enable-mdc2 \ |
192 |
$(use_ssl !bindist rc5) \ |
193 |
enable-tlsext \ |
194 |
$(use_ssl gmp gmp -lgmp) \ |
195 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
196 |
$(use_ssl rfc3779) \ |
197 |
$(use_ssl tls-heartbeat heartbeats) \ |
198 |
$(use_ssl zlib) \ |
199 |
--prefix="${EPREFIX}"/usr \ |
200 |
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
201 |
--libdir=$(get_libdir) \ |
202 |
shared threads \ |
203 |
|| die |
204 |
|
205 |
# Clean out hardcoded flags that openssl uses |
206 |
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
207 |
-e 's:^CFLAG=::' \ |
208 |
-e 's:-fomit-frame-pointer ::g' \ |
209 |
-e 's:-O[0-9] ::g' \ |
210 |
-e 's:-march=[-a-z0-9]* ::g' \ |
211 |
-e 's:-mcpu=[-a-z0-9]* ::g' \ |
212 |
-e 's:-m[a-z0-9]* ::g' \ |
213 |
) |
214 |
sed -i \ |
215 |
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
216 |
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
217 |
Makefile || die |
218 |
} |
219 |
|
220 |
multilib_src_compile() { |
221 |
# depend is needed to use $confopts; it also doesn't matter |
222 |
# that it's -j1 as the code itself serializes subdirs |
223 |
emake -j1 depend |
224 |
emake all |
225 |
# rehash is needed to prep the certs/ dir; do this |
226 |
# separately to avoid parallel build issues. |
227 |
emake rehash |
228 |
} |
229 |
|
230 |
multilib_src_test() { |
231 |
emake -j1 test |
232 |
} |
233 |
|
234 |
multilib_src_install() { |
235 |
emake INSTALL_PREFIX="${D}" install |
236 |
} |
237 |
|
238 |
multilib_src_install_all() { |
239 |
dobin "${WORKDIR}"/c_rehash #333117 |
240 |
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
241 |
dohtml -r doc/* |
242 |
use rfc3779 && dodoc engines/ccgost/README.gost |
243 |
|
244 |
# This is crappy in that the static archives are still built even |
245 |
# when USE=static-libs. But this is due to a failing in the openssl |
246 |
# build system: the static archives are built as PIC all the time. |
247 |
# Only way around this would be to manually configure+compile openssl |
248 |
# twice; once with shared lib support enabled and once without. |
249 |
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
250 |
|
251 |
# create the certs directory |
252 |
dodir ${SSL_CNF_DIR}/certs |
253 |
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
254 |
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
255 |
|
256 |
# Namespace openssl programs to prevent conflicts with other man pages |
257 |
cd "${ED}"/usr/share/man |
258 |
local m d s |
259 |
for m in $(find . -type f | xargs grep -L '#include') ; do |
260 |
d=${m%/*} ; d=${d#./} ; m=${m##*/} |
261 |
[[ ${m} == openssl.1* ]] && continue |
262 |
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
263 |
mv ${d}/{,ssl-}${m} |
264 |
# fix up references to renamed man pages |
265 |
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
266 |
ln -s ssl-${m} ${d}/openssl-${m} |
267 |
# locate any symlinks that point to this man page ... we assume |
268 |
# that any broken links are due to the above renaming |
269 |
for s in $(find -L ${d} -type l) ; do |
270 |
s=${s##*/} |
271 |
rm -f ${d}/${s} |
272 |
ln -s ssl-${m} ${d}/ssl-${s} |
273 |
ln -s ssl-${s} ${d}/openssl-${s} |
274 |
done |
275 |
done |
276 |
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
277 |
|
278 |
dodir /etc/sandbox.d #254521 |
279 |
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
280 |
|
281 |
diropts -m0700 |
282 |
keepdir ${SSL_CNF_DIR}/private |
283 |
} |
284 |
|
285 |
pkg_preinst() { |
286 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
287 |
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
288 |
} |
289 |
|
290 |
pkg_postinst() { |
291 |
ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
292 |
c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
293 |
eend $? |
294 |
|
295 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
296 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
297 |
} |
298 |
|
299 |
|
300 |
|
301 |
1.1 dev-libs/openssl/openssl-1.0.0m.ebuild |
302 |
|
303 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-1.0.0m.ebuild?rev=1.1&view=markup |
304 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/openssl-1.0.0m.ebuild?rev=1.1&content-type=text/plain |
305 |
|
306 |
Index: openssl-1.0.0m.ebuild |
307 |
=================================================================== |
308 |
# Copyright 1999-2014 Gentoo Foundation |
309 |
# Distributed under the terms of the GNU General Public License v2 |
310 |
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.0m.ebuild,v 1.1 2014/06/05 12:53:23 polynomial-c Exp $ |
311 |
|
312 |
EAPI="4" |
313 |
|
314 |
inherit eutils flag-o-matic toolchain-funcs multilib |
315 |
|
316 |
REV="1.7" |
317 |
DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)" |
318 |
HOMEPAGE="http://www.openssl.org/" |
319 |
SRC_URI="mirror://openssl/source/${P}.tar.gz |
320 |
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" |
321 |
|
322 |
LICENSE="openssl" |
323 |
SLOT="0" |
324 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
325 |
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test zlib" |
326 |
|
327 |
# Have the sub-libs in RDEPEND with [static-libs] since, logically, |
328 |
# our libssl.a depends on libz.a/etc... at runtime. |
329 |
LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) |
330 |
zlib? ( sys-libs/zlib[static-libs(+)] ) |
331 |
kerberos? ( app-crypt/mit-krb5 )" |
332 |
RDEPEND="static-libs? ( ${LIB_DEPEND} ) |
333 |
!static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )" |
334 |
DEPEND="${RDEPEND} |
335 |
sys-apps/diffutils |
336 |
>=dev-lang/perl-5 |
337 |
test? ( sys-devel/bc )" |
338 |
PDEPEND="app-misc/ca-certificates" |
339 |
|
340 |
src_unpack() { |
341 |
unpack ${P}.tar.gz |
342 |
SSL_CNF_DIR="/etc/ssl" |
343 |
sed \ |
344 |
-e "/^DIR=/s:=.*:=${SSL_CNF_DIR}:" \ |
345 |
"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ |
346 |
> "${WORKDIR}"/c_rehash || die #416717 |
347 |
} |
348 |
|
349 |
src_prepare() { |
350 |
# Make sure we only ever touch Makefile.org and avoid patching a file |
351 |
# that gets blown away anyways by the Configure script in src_configure |
352 |
rm -f Makefile |
353 |
|
354 |
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
355 |
#epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089 |
356 |
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 |
357 |
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch |
358 |
epatch "${FILESDIR}"/${PN}-1.0.0e-parallel-build.patch |
359 |
epatch "${FILESDIR}"/${PN}-1.0.0e-x32.patch |
360 |
epatch_user #332661 |
361 |
|
362 |
# disable fips in the build |
363 |
# make sure the man pages are suffixed #302165 |
364 |
# don't bother building man pages if they're disabled |
365 |
sed -i \ |
366 |
-e '/DIRS/s: fips : :g' \ |
367 |
-e '/^MANSUFFIX/s:=.*:=ssl:' \ |
368 |
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
369 |
-e $(has noman FEATURES \ |
370 |
&& echo '/^install:/s:install_docs::' \ |
371 |
|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ |
372 |
Makefile.org \ |
373 |
|| die |
374 |
# show the actual commands in the log |
375 |
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
376 |
|
377 |
# allow openssl to be cross-compiled |
378 |
cp "${FILESDIR}"/gentoo.config-1.0.0 gentoo.config || die |
379 |
chmod a+rx gentoo.config |
380 |
|
381 |
append-flags -fno-strict-aliasing |
382 |
append-flags $(test-flags-CC -Wa,--noexecstack) |
383 |
|
384 |
sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 |
385 |
./config --test-sanity || die "I AM NOT SANE" |
386 |
} |
387 |
|
388 |
src_configure() { |
389 |
unset APPS #197996 |
390 |
unset SCRIPTS #312551 |
391 |
unset CROSS_COMPILE #311473 |
392 |
|
393 |
tc-export CC AR RANLIB RC |
394 |
|
395 |
# Clean out patent-or-otherwise-encumbered code |
396 |
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
397 |
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
398 |
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
399 |
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
400 |
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 |
401 |
|
402 |
use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
403 |
echoit() { echo "$@" ; "$@" ; } |
404 |
|
405 |
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
406 |
|
407 |
local sslout=$(./gentoo.config) |
408 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
409 |
local config="Configure" |
410 |
[[ -z ${sslout} ]] && config="config" |
411 |
echoit \ |
412 |
./${config} \ |
413 |
${sslout} \ |
414 |
$(use sse2 || echo "no-sse2") \ |
415 |
enable-camellia \ |
416 |
$(use_ssl !bindist ec) \ |
417 |
enable-idea \ |
418 |
enable-mdc2 \ |
419 |
$(use_ssl !bindist rc5) \ |
420 |
enable-tlsext \ |
421 |
$(use_ssl gmp gmp -lgmp) \ |
422 |
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
423 |
$(use_ssl rfc3779) \ |
424 |
$(use_ssl zlib) \ |
425 |
--prefix=/usr \ |
426 |
--openssldir=${SSL_CNF_DIR} \ |
427 |
--libdir=$(get_libdir) \ |
428 |
shared threads \ |
429 |
|| die |
430 |
|
431 |
# Clean out hardcoded flags that openssl uses |
432 |
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
433 |
-e 's:^CFLAG=::' \ |
434 |
-e 's:-fomit-frame-pointer ::g' \ |
435 |
-e 's:-O[0-9] ::g' \ |
436 |
-e 's:-march=[-a-z0-9]* ::g' \ |
437 |
-e 's:-mcpu=[-a-z0-9]* ::g' \ |
438 |
-e 's:-m[a-z0-9]* ::g' \ |
439 |
) |
440 |
sed -i \ |
441 |
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
442 |
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
443 |
Makefile || die |
444 |
} |
445 |
|
446 |
src_compile() { |
447 |
# depend is needed to use $confopts; it also doesn't matter |
448 |
# that it's -j1 as the code itself serializes subdirs |
449 |
emake -j1 depend || die |
450 |
emake all || die |
451 |
# rehash is needed to prep the certs/ dir; do this |
452 |
# separately to avoid parallel build issues. |
453 |
emake rehash || die |
454 |
} |
455 |
|
456 |
src_test() { |
457 |
emake -j1 test || die |
458 |
} |
459 |
|
460 |
src_install() { |
461 |
emake INSTALL_PREFIX="${D}" install || die |
462 |
dobin "${WORKDIR}"/c_rehash || die #333117 |
463 |
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
464 |
dohtml -r doc/* |
465 |
use rfc3779 && dodoc engines/ccgost/README.gost |
466 |
|
467 |
# This is crappy in that the static archives are still built even |
468 |
# when USE=static-libs. But this is due to a failing in the openssl |
469 |
# build system: the static archives are built as PIC all the time. |
470 |
# Only way around this would be to manually configure+compile openssl |
471 |
# twice; once with shared lib support enabled and once without. |
472 |
use static-libs || rm -f "${D}"/usr/lib*/lib*.a |
473 |
|
474 |
# create the certs directory |
475 |
dodir ${SSL_CNF_DIR}/certs |
476 |
cp -RP certs/* "${D}"${SSL_CNF_DIR}/certs/ || die |
477 |
rm -r "${D}"${SSL_CNF_DIR}/certs/{demo,expired} |
478 |
|
479 |
# Namespace openssl programs to prevent conflicts with other man pages |
480 |
cd "${D}"/usr/share/man |
481 |
local m d s |
482 |
for m in $(find . -type f | xargs grep -L '#include') ; do |
483 |
d=${m%/*} ; d=${d#./} ; m=${m##*/} |
484 |
[[ ${m} == openssl.1* ]] && continue |
485 |
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
486 |
mv ${d}/{,ssl-}${m} |
487 |
# fix up references to renamed man pages |
488 |
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
489 |
ln -s ssl-${m} ${d}/openssl-${m} |
490 |
# locate any symlinks that point to this man page ... we assume |
491 |
# that any broken links are due to the above renaming |
492 |
for s in $(find -L ${d} -type l) ; do |
493 |
s=${s##*/} |
494 |
rm -f ${d}/${s} |
495 |
ln -s ssl-${m} ${d}/ssl-${s} |
496 |
ln -s ssl-${s} ${d}/openssl-${s} |
497 |
done |
498 |
done |
499 |
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
500 |
|
501 |
dodir /etc/sandbox.d #254521 |
502 |
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl |
503 |
|
504 |
diropts -m0700 |
505 |
keepdir ${SSL_CNF_DIR}/private |
506 |
} |
507 |
|
508 |
pkg_preinst() { |
509 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
510 |
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
511 |
} |
512 |
|
513 |
pkg_postinst() { |
514 |
ebegin "Running 'c_rehash ${ROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
515 |
c_rehash "${ROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
516 |
eend $? |
517 |
|
518 |
has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
519 |
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 |
520 |
} |