Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
Date: Fri, 29 Jan 2016 06:59:11
Message-Id: 1454050737.8cc70f2b5cd0e33c1c5cb25dafd6be28c71cc7d7.polynomial-c@gentoo
1 commit: 8cc70f2b5cd0e33c1c5cb25dafd6be28c71cc7d7
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Fri Jan 29 06:54:06 2016 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Fri Jan 29 06:58:57 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8cc70f2b
7
8 dev-libs/openssl: Security bump to versions 1.0.1r and 1.0.2f (bug #572854).
9
10 Package-Manager: portage-2.2.27
11 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13 dev-libs/openssl/Manifest | 2 +
14 dev-libs/openssl/files/openssl-1.0.1r-x32.patch | 66 ++++++
15 dev-libs/openssl/openssl-1.0.1r.ebuild | 256 +++++++++++++++++++++++
16 dev-libs/openssl/openssl-1.0.2f.ebuild | 265 ++++++++++++++++++++++++
17 4 files changed, 589 insertions(+)
18
19 diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
20 index 9fff022..17b0441 100644
21 --- a/dev-libs/openssl/Manifest
22 +++ b/dev-libs/openssl/Manifest
23 @@ -1,9 +1,11 @@
24 DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0
25 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
26 DIST openssl-1.0.1p.tar.gz 4560208 SHA256 bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 SHA512 64e475c53a85b78de7c5aa71a22d4bb3a456142842373ebf8f22e9857cb0352b646e591b21af866933baecdbdb5ac4a22aeb64914440c53a0f30cd25914029e5 WHIRLPOOL 2a81f3b9274e3fef37a2a88e3084d8283159b3a61db08e7805879905c87a74faa85bc6e570d18525741bd5c27c34fe09eeb58b2bfe500545d0f304716e14f819
27 +DIST openssl-1.0.1r.tar.gz 4547786 SHA256 784bd8d355ed01ce98b812f873f8b2313da61df7c7b5677fcf2e57b0863a3346 SHA512 7a5a2efe5d9421ea6f4f86f75ed40b4459b3825355ad18da3bdba28393bc50a6f457b2e1f11a31828f1af0d62a716d258ac7868fb719c9997f3bc750a1723e86 WHIRLPOOL de9c92f5ddb9bcaac967ac735696e739f5762b7d3a0b2430dbfa0c6cd7ac021fdf3c3257255a2fe995f24aa3550d59ce3067f030f09acc5d43b61dfda627686a
28 DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7
29 DIST openssl-1.0.2b.tar.gz 5281009 SHA256 d5d488cc9f0a07974195a7427094ea3cab9800a4e90178b989aa621fbc238e3f SHA512 563eb662113668bb9ccf17a6e36697ad6392321ac1a32aa2cada9d8f4047651c2fa4da61f508ee3e1834fea343dbba189e09c1d6cabe5d1de5e3e6d022c31f4f WHIRLPOOL d828dc76842d25f02f211031b3ab9a2a8fd44975e9aaf87d0fd5fca9935a27b61c3e4f896a2186194f1a7b4d668fc48cafc5be9f7c670017ba342ce40113935f
30 DIST openssl-1.0.2c.tar.gz 5280670 SHA256 0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83 SHA512 2a68e8b017d0d3e34e4f9d33b77abd960b3d04e418f106e852684a2ff247dc8ea390b7d6a42d130fd84d821a15e84e77b68b3677433433ef5c10d156333b9dae WHIRLPOOL c59878c3bd5e8904913b97d71a15ef1eaafcfb4eb58c691ba4fb38bf81752308d0ef4a902e53aec4c6e7585677f2404d29cdea0832d14206fabf28d744af2622
31 DIST openssl-1.0.2d.tar.gz 5295447 SHA256 671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 SHA512 68a051e92aaed0e7a8b218c185427c534c32f30f50c45f5d2c1f5b7a26d1416e83863d2953c77486acde3b636a148f39faf48246d28a207607ec069f62b13d75 WHIRLPOOL e3d8f0784903c8d6aa05ada7b8b410517c99157a3c2f4ac34c8a9d80c77408bd6ff9e820ded47f6223ccac4a77413174aa625303166ec28fdbf8374a7d4659ec
32 DIST openssl-1.0.2e.tar.gz 5256555 SHA256 e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff SHA512 b73f114a117ccab284cf5891dac050e3016d28e0b1fc71639442cdb42accef676115af90a12deff4bcc1f599cc0cbdeb38142cbf4570bd7d03634786ad32c95f WHIRLPOOL 8e1c1800a66f57fa78dc391e717e4b2bdf0e6e37a837c5ac033d7a4b1a6437451c7e7540c4ec2f75f936a2d2ef4f9293b42c76f51b0c9c93706639589612f196
33 +DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9
34 DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1
35
36 diff --git a/dev-libs/openssl/files/openssl-1.0.1r-x32.patch b/dev-libs/openssl/files/openssl-1.0.1r-x32.patch
37 new file mode 100644
38 index 0000000..9e490fd
39 --- /dev/null
40 +++ b/dev-libs/openssl/files/openssl-1.0.1r-x32.patch
41 @@ -0,0 +1,66 @@
42 +--- openssl-1.0.1r/Configure
43 ++++ openssl-1.0.1r/Configure
44 +@@ -368,6 +368,7 @@
45 + "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
46 + "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
47 + "linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
48 ++"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
49 + "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
50 + #### So called "highgprs" target for z/Architecture CPUs
51 + # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
52 +--- openssl-1.0.1r/crypto/bn/asm/x86_64-gcc.c
53 ++++ openssl-1.0.1r/crypto/bn/asm/x86_64-gcc.c
54 +@@ -55,7 +55,7 @@
55 + * machine.
56 + */
57 +
58 +-# ifdef _WIN64
59 ++# ifdef _WIN64 || !defined __LP64__
60 + # define BN_ULONG unsigned long long
61 + # else
62 + # define BN_ULONG unsigned long
63 +@@ -211,9 +211,9 @@
64 +
65 + asm volatile (" subq %2,%2 \n"
66 + ".p2align 4 \n"
67 +- "1: movq (%4,%2,8),%0 \n"
68 +- " adcq (%5,%2,8),%0 \n"
69 +- " movq %0,(%3,%2,8) \n"
70 ++ "1: movq (%q4,%2,8),%0 \n"
71 ++ " adcq (%q5,%2,8),%0 \n"
72 ++ " movq %0,(%q3,%2,8) \n"
73 + " leaq 1(%2),%2 \n"
74 + " loop 1b \n"
75 + " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
76 +@@ -235,9 +235,9 @@
77 +
78 + asm volatile (" subq %2,%2 \n"
79 + ".p2align 4 \n"
80 +- "1: movq (%4,%2,8),%0 \n"
81 +- " sbbq (%5,%2,8),%0 \n"
82 +- " movq %0,(%3,%2,8) \n"
83 ++ "1: movq (%q4,%2,8),%0 \n"
84 ++ " sbbq (%q5,%2,8),%0 \n"
85 ++ " movq %0,(%q3,%2,8) \n"
86 + " leaq 1(%2),%2 \n"
87 + " loop 1b \n"
88 + " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
89 +--- openssl-1.0.1r/crypto/bn/bn.h
90 ++++ openssl-1.0.1r/crypto/bn/bn.h
91 +@@ -174,6 +174,16 @@
92 + # endif
93 +
94 + /*
95 ++ * Address type.
96 ++ */
97 ++#ifdef _WIN64
98 ++#define BN_ADDR unsigned long long
99 ++#else
100 ++#define BN_ADDR unsigned long
101 ++#endif
102 ++
103 ++
104 ++/*
105 + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
106 + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
107 + */
108
109 diff --git a/dev-libs/openssl/openssl-1.0.1r.ebuild b/dev-libs/openssl/openssl-1.0.1r.ebuild
110 new file mode 100644
111 index 0000000..234c6cc
112 --- /dev/null
113 +++ b/dev-libs/openssl/openssl-1.0.1r.ebuild
114 @@ -0,0 +1,256 @@
115 +# Copyright 1999-2016 Gentoo Foundation
116 +# Distributed under the terms of the GNU General Public License v2
117 +# $Id$
118 +
119 +EAPI=5
120 +
121 +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
122 +
123 +REV="1.7"
124 +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
125 +HOMEPAGE="http://www.openssl.org/"
126 +SRC_URI="mirror://openssl/source/${P}.tar.gz
127 + http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
128 +
129 +LICENSE="openssl"
130 +SLOT="0"
131 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
132 +IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
133 +RESTRICT="!bindist? ( bindist )"
134 +
135 +# The blocks are temporary just to make sure people upgrade to a
136 +# version that lack runtime version checking. We'll drop them in
137 +# the future.
138 +RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
139 + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
140 + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
141 + abi_x86_32? (
142 + !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
143 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
144 + )
145 + !<net-misc/openssh-5.9_p1-r4
146 + !<net-libs/neon-0.29.6-r1"
147 +DEPEND="${RDEPEND}
148 + sys-apps/diffutils
149 + >=dev-lang/perl-5
150 + test? ( sys-devel/bc )"
151 +PDEPEND="app-misc/ca-certificates"
152 +
153 +MULTILIB_WRAPPED_HEADERS=(
154 + usr/include/openssl/opensslconf.h
155 +)
156 +
157 +src_prepare() {
158 + SSL_CNF_DIR="/etc/ssl"
159 + sed \
160 + -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
161 + -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
162 + "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
163 + > "${WORKDIR}"/c_rehash || die #416717
164 +
165 + # Make sure we only ever touch Makefile.org and avoid patching a file
166 + # that gets blown away anyways by the Configure script in src_configure
167 + rm -f Makefile
168 +
169 + if ! use vanilla ; then
170 + epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
171 + epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
172 + epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
173 + epatch "${FILESDIR}"/${PN}-1.0.1p-parallel-build.patch
174 + epatch "${FILESDIR}"/${PN}-1.0.1r-x32.patch
175 + epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
176 + epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
177 + epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
178 + epatch_user #332661
179 + fi
180 +
181 + # disable fips in the build
182 + # make sure the man pages are suffixed #302165
183 + # don't bother building man pages if they're disabled
184 + sed -i \
185 + -e '/DIRS/s: fips : :g' \
186 + -e '/^MANSUFFIX/s:=.*:=ssl:' \
187 + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
188 + -e $(has noman FEATURES \
189 + && echo '/^install:/s:install_docs::' \
190 + || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
191 + Makefile.org \
192 + || die
193 + # show the actual commands in the log
194 + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
195 +
196 + # since we're forcing $(CC) as makedep anyway, just fix
197 + # the conditional as always-on
198 + # helps clang (#417795), and versioned gcc (#499818)
199 + sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
200 +
201 + # quiet out unknown driver argument warnings since openssl
202 + # doesn't have well-split CFLAGS and we're making it even worse
203 + # and 'make depend' uses -Werror for added fun (#417795 again)
204 + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
205 +
206 + # allow openssl to be cross-compiled
207 + cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
208 + chmod a+rx gentoo.config
209 +
210 + append-flags -fno-strict-aliasing
211 + append-flags $(test-flags-CC -Wa,--noexecstack)
212 +
213 + sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
214 + # The config script does stupid stuff to prompt the user. Kill it.
215 + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
216 + ./config --test-sanity || die "I AM NOT SANE"
217 +
218 + multilib_copy_sources
219 +}
220 +
221 +multilib_src_configure() {
222 + unset APPS #197996
223 + unset SCRIPTS #312551
224 + unset CROSS_COMPILE #311473
225 +
226 + tc-export CC AR RANLIB RC
227 +
228 + # Clean out patent-or-otherwise-encumbered code
229 + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
230 + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
231 + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
232 + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
233 + # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
234 +
235 + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
236 + echoit() { echo "$@" ; "$@" ; }
237 +
238 + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
239 +
240 + # See if our toolchain supports __uint128_t. If so, it's 64bit
241 + # friendly and can use the nicely optimized code paths. #460790
242 + local ec_nistp_64_gcc_128
243 + # Disable it for now though #469976
244 + #if ! use bindist ; then
245 + # echo "__uint128_t i;" > "${T}"/128.c
246 + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
247 + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
248 + # fi
249 + #fi
250 +
251 + local sslout=$(./gentoo.config)
252 + einfo "Use configuration ${sslout:-(openssl knows best)}"
253 + local config="Configure"
254 + [[ -z ${sslout} ]] && config="config"
255 +
256 + echoit \
257 + ./${config} \
258 + ${sslout} \
259 + $(use cpu_flags_x86_sse2 || echo "no-sse2") \
260 + enable-camellia \
261 + $(use_ssl !bindist ec) \
262 + ${ec_nistp_64_gcc_128} \
263 + enable-idea \
264 + enable-mdc2 \
265 + $(use_ssl !bindist rc5) \
266 + enable-tlsext \
267 + $(use_ssl gmp gmp -lgmp) \
268 + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
269 + $(use_ssl rfc3779) \
270 + $(use_ssl tls-heartbeat heartbeats) \
271 + $(use_ssl zlib) \
272 + --prefix="${EPREFIX}"/usr \
273 + --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
274 + --libdir=$(get_libdir) \
275 + shared threads \
276 + || die
277 +
278 + # Clean out hardcoded flags that openssl uses
279 + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
280 + -e 's:^CFLAG=::' \
281 + -e 's:-fomit-frame-pointer ::g' \
282 + -e 's:-O[0-9] ::g' \
283 + -e 's:-march=[-a-z0-9]* ::g' \
284 + -e 's:-mcpu=[-a-z0-9]* ::g' \
285 + -e 's:-m[a-z0-9]* ::g' \
286 + )
287 + sed -i \
288 + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
289 + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
290 + Makefile || die
291 +}
292 +
293 +multilib_src_compile() {
294 + # depend is needed to use $confopts; it also doesn't matter
295 + # that it's -j1 as the code itself serializes subdirs
296 + emake -j1 depend
297 + emake all
298 + # rehash is needed to prep the certs/ dir; do this
299 + # separately to avoid parallel build issues.
300 + emake rehash
301 +}
302 +
303 +multilib_src_test() {
304 + emake -j1 test
305 +}
306 +
307 +multilib_src_install() {
308 + emake INSTALL_PREFIX="${D}" install
309 +}
310 +
311 +multilib_src_install_all() {
312 + dobin "${WORKDIR}"/c_rehash #333117
313 + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
314 + dohtml -r doc/*
315 + use rfc3779 && dodoc engines/ccgost/README.gost
316 +
317 + # This is crappy in that the static archives are still built even
318 + # when USE=static-libs. But this is due to a failing in the openssl
319 + # build system: the static archives are built as PIC all the time.
320 + # Only way around this would be to manually configure+compile openssl
321 + # twice; once with shared lib support enabled and once without.
322 + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
323 +
324 + # create the certs directory
325 + dodir ${SSL_CNF_DIR}/certs
326 + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
327 + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
328 +
329 + # Namespace openssl programs to prevent conflicts with other man pages
330 + cd "${ED}"/usr/share/man
331 + local m d s
332 + for m in $(find . -type f | xargs grep -L '#include') ; do
333 + d=${m%/*} ; d=${d#./} ; m=${m##*/}
334 + [[ ${m} == openssl.1* ]] && continue
335 + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
336 + mv ${d}/{,ssl-}${m}
337 + # fix up references to renamed man pages
338 + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
339 + ln -s ssl-${m} ${d}/openssl-${m}
340 + # locate any symlinks that point to this man page ... we assume
341 + # that any broken links are due to the above renaming
342 + for s in $(find -L ${d} -type l) ; do
343 + s=${s##*/}
344 + rm -f ${d}/${s}
345 + ln -s ssl-${m} ${d}/ssl-${s}
346 + ln -s ssl-${s} ${d}/openssl-${s}
347 + done
348 + done
349 + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
350 +
351 + dodir /etc/sandbox.d #254521
352 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
353 +
354 + diropts -m0700
355 + keepdir ${SSL_CNF_DIR}/private
356 +}
357 +
358 +pkg_preinst() {
359 + has_version ${CATEGORY}/${PN}:0.9.8 && return 0
360 + preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
361 +}
362 +
363 +pkg_postinst() {
364 + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
365 + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
366 + eend $?
367 +
368 + has_version ${CATEGORY}/${PN}:0.9.8 && return 0
369 + preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
370 +}
371
372 diff --git a/dev-libs/openssl/openssl-1.0.2f.ebuild b/dev-libs/openssl/openssl-1.0.2f.ebuild
373 new file mode 100644
374 index 0000000..721dde4
375 --- /dev/null
376 +++ b/dev-libs/openssl/openssl-1.0.2f.ebuild
377 @@ -0,0 +1,265 @@
378 +# Copyright 1999-2016 Gentoo Foundation
379 +# Distributed under the terms of the GNU General Public License v2
380 +# $Id$
381 +
382 +EAPI=5
383 +
384 +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
385 +
386 +MY_P=${P/_/-}
387 +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
388 +HOMEPAGE="http://www.openssl.org/"
389 +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
390 +
391 +LICENSE="openssl"
392 +SLOT="0"
393 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
394 +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
395 +RESTRICT="!bindist? ( bindist )"
396 +
397 +# The blocks are temporary just to make sure people upgrade to a
398 +# version that lack runtime version checking. We'll drop them in
399 +# the future.
400 +RDEPEND=">=app-misc/c_rehash-1.7-r1
401 + gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
402 + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
403 + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
404 + abi_x86_32? (
405 + !<=app-emulation/emul-linux-x86-baselibs-20140508
406 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
407 + )
408 + !<net-misc/openssh-5.9_p1-r4
409 + !<net-libs/neon-0.29.6-r1"
410 +DEPEND="${RDEPEND}
411 + >=dev-lang/perl-5
412 + sctp? ( >=net-misc/lksctp-tools-1.0.12 )
413 + test? (
414 + sys-apps/diffutils
415 + sys-devel/bc
416 + )"
417 +PDEPEND="app-misc/ca-certificates"
418 +
419 +S="${WORKDIR}/${MY_P}"
420 +
421 +MULTILIB_WRAPPED_HEADERS=(
422 + usr/include/openssl/opensslconf.h
423 +)
424 +
425 +src_prepare() {
426 + # keep this in sync with app-misc/c_rehash
427 + SSL_CNF_DIR="/etc/ssl"
428 +
429 + # Make sure we only ever touch Makefile.org and avoid patching a file
430 + # that gets blown away anyways by the Configure script in src_configure
431 + rm -f Makefile
432 +
433 + if ! use vanilla ; then
434 + epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
435 + epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
436 + epatch "${FILESDIR}"/${PN}-1.0.2e-parallel-build.patch
437 + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
438 + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
439 + epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
440 + epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
441 + epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
442 + epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
443 +
444 + epatch_user #332661
445 + fi
446 +
447 + # disable fips in the build
448 + # make sure the man pages are suffixed #302165
449 + # don't bother building man pages if they're disabled
450 + sed -i \
451 + -e '/DIRS/s: fips : :g' \
452 + -e '/^MANSUFFIX/s:=.*:=ssl:' \
453 + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
454 + -e $(has noman FEATURES \
455 + && echo '/^install:/s:install_docs::' \
456 + || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
457 + Makefile.org \
458 + || die
459 + # show the actual commands in the log
460 + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
461 +
462 + # since we're forcing $(CC) as makedep anyway, just fix
463 + # the conditional as always-on
464 + # helps clang (#417795), and versioned gcc (#499818)
465 + sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
466 +
467 + # quiet out unknown driver argument warnings since openssl
468 + # doesn't have well-split CFLAGS and we're making it even worse
469 + # and 'make depend' uses -Werror for added fun (#417795 again)
470 + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
471 +
472 + # allow openssl to be cross-compiled
473 + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
474 + chmod a+rx gentoo.config
475 +
476 + append-flags -fno-strict-aliasing
477 + append-flags $(test-flags-CC -Wa,--noexecstack)
478 + append-cppflags -DOPENSSL_NO_BUF_FREELISTS
479 +
480 + sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
481 + # The config script does stupid stuff to prompt the user. Kill it.
482 + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
483 + ./config --test-sanity || die "I AM NOT SANE"
484 +
485 + multilib_copy_sources
486 +}
487 +
488 +multilib_src_configure() {
489 + unset APPS #197996
490 + unset SCRIPTS #312551
491 + unset CROSS_COMPILE #311473
492 +
493 + tc-export CC AR RANLIB RC
494 +
495 + # Clean out patent-or-otherwise-encumbered code
496 + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
497 + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
498 + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
499 + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
500 + # RC5: Expired http://en.wikipedia.org/wiki/RC5
501 +
502 + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
503 + echoit() { echo "$@" ; "$@" ; }
504 +
505 + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
506 +
507 + # See if our toolchain supports __uint128_t. If so, it's 64bit
508 + # friendly and can use the nicely optimized code paths. #460790
509 + local ec_nistp_64_gcc_128
510 + # Disable it for now though #469976
511 + #if ! use bindist ; then
512 + # echo "__uint128_t i;" > "${T}"/128.c
513 + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
514 + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
515 + # fi
516 + #fi
517 +
518 + local sslout=$(./gentoo.config)
519 + einfo "Use configuration ${sslout:-(openssl knows best)}"
520 + local config="Configure"
521 + [[ -z ${sslout} ]] && config="config"
522 +
523 + echoit \
524 + ./${config} \
525 + ${sslout} \
526 + $(use cpu_flags_x86_sse2 || echo "no-sse2") \
527 + enable-camellia \
528 + $(use_ssl !bindist ec) \
529 + ${ec_nistp_64_gcc_128} \
530 + enable-idea \
531 + enable-mdc2 \
532 + enable-rc5 \
533 + enable-tlsext \
534 + $(use_ssl asm) \
535 + $(use_ssl gmp gmp -lgmp) \
536 + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
537 + $(use_ssl rfc3779) \
538 + $(use_ssl sctp) \
539 + $(use_ssl tls-heartbeat heartbeats) \
540 + $(use_ssl zlib) \
541 + --prefix="${EPREFIX}"/usr \
542 + --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
543 + --libdir=$(get_libdir) \
544 + shared threads \
545 + || die
546 +
547 + # Clean out hardcoded flags that openssl uses
548 + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
549 + -e 's:^CFLAG=::' \
550 + -e 's:-fomit-frame-pointer ::g' \
551 + -e 's:-O[0-9] ::g' \
552 + -e 's:-march=[-a-z0-9]* ::g' \
553 + -e 's:-mcpu=[-a-z0-9]* ::g' \
554 + -e 's:-m[a-z0-9]* ::g' \
555 + )
556 + sed -i \
557 + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
558 + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
559 + Makefile || die
560 +}
561 +
562 +multilib_src_compile() {
563 + # depend is needed to use $confopts; it also doesn't matter
564 + # that it's -j1 as the code itself serializes subdirs
565 + emake -j1 depend
566 + emake all
567 + # rehash is needed to prep the certs/ dir; do this
568 + # separately to avoid parallel build issues.
569 + emake rehash
570 +}
571 +
572 +multilib_src_test() {
573 + emake -j1 test
574 +}
575 +
576 +multilib_src_install() {
577 + emake INSTALL_PREFIX="${D}" install
578 +}
579 +
580 +multilib_src_install_all() {
581 + # openssl installs perl version of c_rehash by default, but
582 + # we provide a shell version via app-misc/c_rehash
583 + rm "${ED}"/usr/bin/c_rehash || die
584 +
585 + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
586 + dohtml -r doc/*
587 + use rfc3779 && dodoc engines/ccgost/README.gost
588 +
589 + # This is crappy in that the static archives are still built even
590 + # when USE=static-libs. But this is due to a failing in the openssl
591 + # build system: the static archives are built as PIC all the time.
592 + # Only way around this would be to manually configure+compile openssl
593 + # twice; once with shared lib support enabled and once without.
594 + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
595 +
596 + # create the certs directory
597 + dodir ${SSL_CNF_DIR}/certs
598 + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
599 + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
600 +
601 + # Namespace openssl programs to prevent conflicts with other man pages
602 + cd "${ED}"/usr/share/man
603 + local m d s
604 + for m in $(find . -type f | xargs grep -L '#include') ; do
605 + d=${m%/*} ; d=${d#./} ; m=${m##*/}
606 + [[ ${m} == openssl.1* ]] && continue
607 + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
608 + mv ${d}/{,ssl-}${m}
609 + # fix up references to renamed man pages
610 + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
611 + ln -s ssl-${m} ${d}/openssl-${m}
612 + # locate any symlinks that point to this man page ... we assume
613 + # that any broken links are due to the above renaming
614 + for s in $(find -L ${d} -type l) ; do
615 + s=${s##*/}
616 + rm -f ${d}/${s}
617 + ln -s ssl-${m} ${d}/ssl-${s}
618 + ln -s ssl-${s} ${d}/openssl-${s}
619 + done
620 + done
621 + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
622 +
623 + dodir /etc/sandbox.d #254521
624 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
625 +
626 + diropts -m0700
627 + keepdir ${SSL_CNF_DIR}/private
628 +}
629 +
630 +pkg_preinst() {
631 + has_version ${CATEGORY}/${PN}:0.9.8 && return 0
632 + preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
633 +}
634 +
635 +pkg_postinst() {
636 + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
637 + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
638 + eend $?
639 +
640 + has_version ${CATEGORY}/${PN}:0.9.8 && return 0
641 + preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
642 +}
Report Message
Find on MARC Find on Google Groups