1 |
commit: 0ef22ca0826fad8472f23e3451f5eb3295a7538e |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 30 19:54:49 2017 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 30 19:54:49 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ef22ca0 |
7 |
|
8 |
dev-libs/openssl: Security cleanup (bug #640172) |
9 |
|
10 |
Package-Manager: Portage-2.3.19, Repoman-2.3.6 |
11 |
|
12 |
dev-libs/openssl/Manifest | 6 - |
13 |
.../openssl/files/openssl-1.0.0a-ldflags.patch | 29 - |
14 |
.../files/openssl-1.0.1p-default-source.patch | 30 - |
15 |
dev-libs/openssl/files/openssl-1.0.2-ipv6.patch | 611 --------------------- |
16 |
.../openssl-1.0.2a-parallel-install-dirs.patch | 64 --- |
17 |
.../openssl-1.0.2a-parallel-obj-headers.patch | 37 -- |
18 |
.../files/openssl-1.0.2a-parallel-symlinking.patch | 63 --- |
19 |
.../files/openssl-1.0.2i-parallel-build.patch | 326 ----------- |
20 |
dev-libs/openssl/openssl-1.0.2k.ebuild | 254 --------- |
21 |
dev-libs/openssl/openssl-1.0.2l-r1.ebuild | 296 ---------- |
22 |
dev-libs/openssl/openssl-1.0.2l.ebuild | 254 --------- |
23 |
dev-libs/openssl/openssl-1.0.2m.ebuild | 254 --------- |
24 |
12 files changed, 2224 deletions(-) |
25 |
|
26 |
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest |
27 |
index 583d9dd4660..1985ca1d3d7 100644 |
28 |
--- a/dev-libs/openssl/Manifest |
29 |
+++ b/dev-libs/openssl/Manifest |
30 |
@@ -1,11 +1,5 @@ |
31 |
DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 |
32 |
DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9 |
33 |
-DIST openssl-1.0.2k.tar.gz 5309236 BLAKE2B 97069b9c7aaab2381ae5be989caff6907cd44ab1831d84685c3421ad985889a2bbc3a462decdff9c4c158ace96975de2b9e49e4f1b9f306990c3dc0f03767dad SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 |
34 |
-DIST openssl-1.0.2l.tar.gz 5365054 BLAKE2B 0a459a93a0013269dea79bd6df96a434b9dad95b6d98b24a48bc1b1438415c0a8de01b67166ac13a73ae65fb64131568924c3e6f945d862b7e960f05332cf097 SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 |
35 |
-DIST openssl-1.0.2l_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 |
36 |
-DIST openssl-1.0.2l_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 |
37 |
-DIST openssl-1.0.2l_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e |
38 |
-DIST openssl-1.0.2m.tar.gz 5373776 BLAKE2B f40cbea061f84087a079d541f7ba841894c86c00827865f0f508ee297df45e8825d7d74bbbe16bf1f81d46f9af503a6191c9e65df674c4a5ae28172b5b03986f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93 |
39 |
DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 |
40 |
DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 |
41 |
DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 |
42 |
|
43 |
diff --git a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch |
44 |
deleted file mode 100644 |
45 |
index c99ef4abb85..00000000000 |
46 |
--- a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch |
47 |
+++ /dev/null |
48 |
@@ -1,29 +0,0 @@ |
49 |
-http://bugs.gentoo.org/181438 |
50 |
-http://bugs.gentoo.org/327421 |
51 |
-https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest |
52 |
- |
53 |
-make sure we respect LDFLAGS |
54 |
- |
55 |
-also make sure we don't add useless -rpath flags to the system libdir |
56 |
- |
57 |
---- Makefile.org |
58 |
-+++ Makefile.org |
59 |
-@@ -189,6 +189,7 @@ |
60 |
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ |
61 |
- DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ |
62 |
- MAKEDEPPROG='$(MAKEDEPPROG)' \ |
63 |
-+ LDFLAGS='${LDFLAGS}' \ |
64 |
- SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ |
65 |
- KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ |
66 |
- ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ |
67 |
---- Makefile.shared |
68 |
-+++ Makefile.shared |
69 |
-@@ -153,7 +153,7 @@ |
70 |
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ |
71 |
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" |
72 |
- |
73 |
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" |
74 |
-+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" |
75 |
- |
76 |
- #This is rather special. It's a special target with which one can link |
77 |
- #applications without bothering with any features that have anything to |
78 |
|
79 |
diff --git a/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch b/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch |
80 |
deleted file mode 100644 |
81 |
index 73029985ae0..00000000000 |
82 |
--- a/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch |
83 |
+++ /dev/null |
84 |
@@ -1,30 +0,0 @@ |
85 |
-https://bugs.gentoo.org/554338 |
86 |
-https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest |
87 |
- |
88 |
-From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001 |
89 |
-From: Mike Frysinger <vapier@g.o> |
90 |
-Date: Fri, 10 Jul 2015 01:50:52 -0400 |
91 |
-Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions |
92 |
- |
93 |
-The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using |
94 |
-just the former with newer versions leads to a build time warning, so |
95 |
-make sure to use the new macro too. |
96 |
---- |
97 |
- ssl/ssltest.c | 1 + |
98 |
- 1 file changed, 1 insertion(+) |
99 |
- |
100 |
-diff --git a/ssl/ssltest.c b/ssl/ssltest.c |
101 |
-index 26cf96c..b36f667 100644 |
102 |
---- a/ssl/ssltest.c |
103 |
-+++ b/ssl/ssltest.c |
104 |
-@@ -141,6 +141,7 @@ |
105 |
- */ |
106 |
- |
107 |
- /* Or gethostname won't be declared properly on Linux and GNU platforms. */ |
108 |
-+#define _DEFAULT_SOURCE 1 |
109 |
- #define _BSD_SOURCE 1 |
110 |
- |
111 |
- #include <assert.h> |
112 |
--- |
113 |
-2.4.4 |
114 |
- |
115 |
|
116 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch |
117 |
deleted file mode 100644 |
118 |
index 27574ea616d..00000000000 |
119 |
--- a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch |
120 |
+++ /dev/null |
121 |
@@ -1,611 +0,0 @@ |
122 |
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest |
123 |
- |
124 |
---- openssl-1.0.2/apps/s_apps.h |
125 |
-+++ openssl-1.0.2/apps/s_apps.h |
126 |
-@@ -154,7 +154,7 @@ |
127 |
- int do_server(int port, int type, int *ret, |
128 |
- int (*cb) (char *hostname, int s, int stype, |
129 |
- unsigned char *context), unsigned char *context, |
130 |
-- int naccept); |
131 |
-+ int naccept, int use_ipv4, int use_ipv6); |
132 |
- #ifdef HEADER_X509_H |
133 |
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
134 |
- #endif |
135 |
-@@ -167,7 +167,8 @@ |
136 |
- int ssl_print_curves(BIO *out, SSL *s, int noshared); |
137 |
- #endif |
138 |
- int ssl_print_tmp_key(BIO *out, SSL *s); |
139 |
--int init_client(int *sock, char *server, int port, int type); |
140 |
-+int init_client(int *sock, char *server, int port, int type, |
141 |
-+ int use_ipv4, int use_ipv6); |
142 |
- int should_retry(int i); |
143 |
- int extract_port(char *str, short *port_ptr); |
144 |
- int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
145 |
---- openssl-1.0.2/apps/s_client.c |
146 |
-+++ openssl-1.0.2/apps/s_client.c |
147 |
-@@ -302,6 +302,10 @@ |
148 |
- { |
149 |
- BIO_printf(bio_err, "usage: s_client args\n"); |
150 |
- BIO_printf(bio_err, "\n"); |
151 |
-+ BIO_printf(bio_err, " -4 - use IPv4 only\n"); |
152 |
-+#if OPENSSL_USE_IPV6 |
153 |
-+ BIO_printf(bio_err, " -6 - use IPv6 only\n"); |
154 |
-+#endif |
155 |
- BIO_printf(bio_err, " -host host - use -connect instead\n"); |
156 |
- BIO_printf(bio_err, " -port port - use -connect instead\n"); |
157 |
- BIO_printf(bio_err, |
158 |
-@@ -658,6 +662,7 @@ |
159 |
- int sbuf_len, sbuf_off; |
160 |
- fd_set readfds, writefds; |
161 |
- short port = PORT; |
162 |
-+ int use_ipv4, use_ipv6; |
163 |
- int full_log = 1; |
164 |
- char *host = SSL_HOST_NAME; |
165 |
- char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; |
166 |
-@@ -709,7 +714,11 @@ |
167 |
- #endif |
168 |
- char *sess_in = NULL; |
169 |
- char *sess_out = NULL; |
170 |
-- struct sockaddr peer; |
171 |
-+#if OPENSSL_USE_IPV6 |
172 |
-+ struct sockaddr_storage peer; |
173 |
-+#else |
174 |
-+ struct sockaddr_in peer; |
175 |
-+#endif |
176 |
- int peerlen = sizeof(peer); |
177 |
- int fallback_scsv = 0; |
178 |
- int enable_timeouts = 0; |
179 |
-@@ -737,6 +746,12 @@ |
180 |
- |
181 |
- meth = SSLv23_client_method(); |
182 |
- |
183 |
-+ use_ipv4 = 1; |
184 |
-+#if OPENSSL_USE_IPV6 |
185 |
-+ use_ipv6 = 1; |
186 |
-+#else |
187 |
-+ use_ipv6 = 0; |
188 |
-+#endif |
189 |
- apps_startup(); |
190 |
- c_Pause = 0; |
191 |
- c_quiet = 0; |
192 |
-@@ -1096,6 +1111,16 @@ |
193 |
- jpake_secret = *++argv; |
194 |
- } |
195 |
- #endif |
196 |
-+ else if (strcmp(*argv,"-4") == 0) { |
197 |
-+ use_ipv4 = 1; |
198 |
-+ use_ipv6 = 0; |
199 |
-+ } |
200 |
-+#if OPENSSL_USE_IPV6 |
201 |
-+ else if (strcmp(*argv,"-6") == 0) { |
202 |
-+ use_ipv4 = 0; |
203 |
-+ use_ipv6 = 1; |
204 |
-+ } |
205 |
-+#endif |
206 |
- #ifndef OPENSSL_NO_SRTP |
207 |
- else if (strcmp(*argv, "-use_srtp") == 0) { |
208 |
- if (--argc < 1) |
209 |
-@@ -1421,7 +1446,7 @@ |
210 |
- |
211 |
- re_start: |
212 |
- |
213 |
-- if (init_client(&s, host, port, socket_type) == 0) { |
214 |
-+ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) { |
215 |
- BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); |
216 |
- SHUTDOWN(s); |
217 |
- goto end; |
218 |
-@@ -1444,7 +1469,7 @@ |
219 |
- if (socket_type == SOCK_DGRAM) { |
220 |
- |
221 |
- sbio = BIO_new_dgram(s, BIO_NOCLOSE); |
222 |
-- if (getsockname(s, &peer, (void *)&peerlen) < 0) { |
223 |
-+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) { |
224 |
- BIO_printf(bio_err, "getsockname:errno=%d\n", |
225 |
- get_last_socket_error()); |
226 |
- SHUTDOWN(s); |
227 |
---- openssl-1.0.2/apps/s_server.c |
228 |
-+++ openssl-1.0.2/apps/s_server.c |
229 |
-@@ -643,6 +643,10 @@ |
230 |
- BIO_printf(bio_err, |
231 |
- " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
232 |
- #endif |
233 |
-+ BIO_printf(bio_err, " -4 - use IPv4 only\n"); |
234 |
-+#if OPENSSL_USE_IPV6 |
235 |
-+ BIO_printf(bio_err, " -6 - use IPv6 only\n"); |
236 |
-+#endif |
237 |
- BIO_printf(bio_err, |
238 |
- " -keymatexport label - Export keying material using label\n"); |
239 |
- BIO_printf(bio_err, |
240 |
-@@ -1070,6 +1074,7 @@ |
241 |
- int state = 0; |
242 |
- const SSL_METHOD *meth = NULL; |
243 |
- int socket_type = SOCK_STREAM; |
244 |
-+ int use_ipv4, use_ipv6; |
245 |
- ENGINE *e = NULL; |
246 |
- char *inrand = NULL; |
247 |
- int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; |
248 |
-@@ -1111,6 +1116,12 @@ |
249 |
- |
250 |
- meth = SSLv23_server_method(); |
251 |
- |
252 |
-+ use_ipv4 = 1; |
253 |
-+#if OPENSSL_USE_IPV6 |
254 |
-+ use_ipv6 = 1; |
255 |
-+#else |
256 |
-+ use_ipv6 = 0; |
257 |
-+#endif |
258 |
- local_argc = argc; |
259 |
- local_argv = argv; |
260 |
- |
261 |
-@@ -1503,6 +1514,16 @@ |
262 |
- jpake_secret = *(++argv); |
263 |
- } |
264 |
- #endif |
265 |
-+ else if (strcmp(*argv,"-4") == 0) { |
266 |
-+ use_ipv4 = 1; |
267 |
-+ use_ipv6 = 0; |
268 |
-+ } |
269 |
-+#if OPENSSL_USE_IPV6 |
270 |
-+ else if (strcmp(*argv,"-6") == 0) { |
271 |
-+ use_ipv4 = 0; |
272 |
-+ use_ipv6 = 1; |
273 |
-+ } |
274 |
-+#endif |
275 |
- #ifndef OPENSSL_NO_SRTP |
276 |
- else if (strcmp(*argv, "-use_srtp") == 0) { |
277 |
- if (--argc < 1) |
278 |
-@@ -2023,13 +2044,13 @@ |
279 |
- (void)BIO_flush(bio_s_out); |
280 |
- if (rev) |
281 |
- do_server(port, socket_type, &accept_socket, rev_body, context, |
282 |
-- naccept); |
283 |
-+ naccept, use_ipv4, use_ipv6); |
284 |
- else if (www) |
285 |
- do_server(port, socket_type, &accept_socket, www_body, context, |
286 |
-- naccept); |
287 |
-+ naccept, use_ipv4, use_ipv6); |
288 |
- else |
289 |
- do_server(port, socket_type, &accept_socket, sv_body, context, |
290 |
-- naccept); |
291 |
-+ naccept, use_ipv4, use_ipv6); |
292 |
- print_stats(bio_s_out, ctx); |
293 |
- ret = 0; |
294 |
- end: |
295 |
---- openssl-1.0.2/apps/s_socket.c |
296 |
-+++ openssl-1.0.2/apps/s_socket.c |
297 |
-@@ -101,16 +101,16 @@ |
298 |
- # include "netdb.h" |
299 |
- # endif |
300 |
- |
301 |
--static struct hostent *GetHostByName(char *name); |
302 |
-+static struct hostent *GetHostByName(char *name, int domain); |
303 |
- # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
304 |
- static void ssl_sock_cleanup(void); |
305 |
- # endif |
306 |
- static int ssl_sock_init(void); |
307 |
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); |
308 |
--static int init_server(int *sock, int port, int type); |
309 |
--static int init_server_long(int *sock, int port, char *ip, int type); |
310 |
-+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); |
311 |
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); |
312 |
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); |
313 |
- static int do_accept(int acc_sock, int *sock, char **host); |
314 |
--static int host_ip(char *str, unsigned char ip[4]); |
315 |
-+static int host_ip(char *str, unsigned char *ip, int domain); |
316 |
- |
317 |
- # ifdef OPENSSL_SYS_WIN16 |
318 |
- # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
319 |
-@@ -231,38 +231,68 @@ |
320 |
- return (1); |
321 |
- } |
322 |
- |
323 |
--int init_client(int *sock, char *host, int port, int type) |
324 |
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) |
325 |
- { |
326 |
-+# if OPENSSL_USE_IPV6 |
327 |
-+ unsigned char ip[16]; |
328 |
-+# else |
329 |
- unsigned char ip[4]; |
330 |
-+# endif |
331 |
- |
332 |
-- memset(ip, '\0', sizeof ip); |
333 |
-- if (!host_ip(host, &(ip[0]))) |
334 |
-- return 0; |
335 |
-- return init_client_ip(sock, ip, port, type); |
336 |
--} |
337 |
-- |
338 |
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
339 |
--{ |
340 |
-- unsigned long addr; |
341 |
-+ if (use_ipv4) |
342 |
-+ if (host_ip(host, ip, AF_INET)) |
343 |
-+ return(init_client_ip(sock, ip, port, type, AF_INET)); |
344 |
-+# if OPENSSL_USE_IPV6 |
345 |
-+ if (use_ipv6) |
346 |
-+ if (host_ip(host, ip, AF_INET6)) |
347 |
-+ return(init_client_ip(sock, ip, port, type, AF_INET6)); |
348 |
-+# endif |
349 |
-+ return 0; |
350 |
-+} |
351 |
-+ |
352 |
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) |
353 |
-+{ |
354 |
-+# if OPENSSL_USE_IPV6 |
355 |
-+ struct sockaddr_storage them; |
356 |
-+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; |
357 |
-+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; |
358 |
-+# else |
359 |
- struct sockaddr_in them; |
360 |
-+ struct sockaddr_in *them_in = &them; |
361 |
-+# endif |
362 |
-+ socklen_t addr_len; |
363 |
- int s, i; |
364 |
- |
365 |
- if (!ssl_sock_init()) |
366 |
- return (0); |
367 |
- |
368 |
- memset((char *)&them, 0, sizeof(them)); |
369 |
-- them.sin_family = AF_INET; |
370 |
-- them.sin_port = htons((unsigned short)port); |
371 |
-- addr = (unsigned long) |
372 |
-- ((unsigned long)ip[0] << 24L) | |
373 |
-- ((unsigned long)ip[1] << 16L) | |
374 |
-- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); |
375 |
-- them.sin_addr.s_addr = htonl(addr); |
376 |
-+ if (domain == AF_INET) { |
377 |
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
378 |
-+ them_in->sin_family=AF_INET; |
379 |
-+ them_in->sin_port=htons((unsigned short)port); |
380 |
-+# ifndef BIT_FIELD_LIMITS |
381 |
-+ memcpy(&them_in->sin_addr.s_addr, ip, 4); |
382 |
-+# else |
383 |
-+ memcpy(&them_in->sin_addr, ip, 4); |
384 |
-+# endif |
385 |
-+ } |
386 |
-+ else |
387 |
-+# if OPENSSL_USE_IPV6 |
388 |
-+ { |
389 |
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
390 |
-+ them_in6->sin6_family=AF_INET6; |
391 |
-+ them_in6->sin6_port=htons((unsigned short)port); |
392 |
-+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); |
393 |
-+ } |
394 |
-+# else |
395 |
-+ return(0); |
396 |
-+# endif |
397 |
- |
398 |
- if (type == SOCK_STREAM) |
399 |
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
400 |
-+ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); |
401 |
- else /* ( type == SOCK_DGRAM) */ |
402 |
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
403 |
-+ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); |
404 |
- |
405 |
- if (s == INVALID_SOCKET) { |
406 |
- perror("socket"); |
407 |
-@@ -280,7 +310,7 @@ |
408 |
- } |
409 |
- # endif |
410 |
- |
411 |
-- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { |
412 |
-+ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) { |
413 |
- closesocket(s); |
414 |
- perror("connect"); |
415 |
- return (0); |
416 |
-@@ -292,14 +322,14 @@ |
417 |
- int do_server(int port, int type, int *ret, |
418 |
- int (*cb) (char *hostname, int s, int stype, |
419 |
- unsigned char *context), unsigned char *context, |
420 |
-- int naccept) |
421 |
-+ int naccept, int use_ipv4, int use_ipv6) |
422 |
- { |
423 |
- int sock; |
424 |
- char *name = NULL; |
425 |
- int accept_socket = 0; |
426 |
- int i; |
427 |
- |
428 |
-- if (!init_server(&accept_socket, port, type)) |
429 |
-+ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6)) |
430 |
- return (0); |
431 |
- |
432 |
- if (ret != NULL) { |
433 |
-@@ -328,32 +358,41 @@ |
434 |
- } |
435 |
- } |
436 |
- |
437 |
--static int init_server_long(int *sock, int port, char *ip, int type) |
438 |
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) |
439 |
- { |
440 |
- int ret = 0; |
441 |
-+ int domain; |
442 |
-+# if OPENSSL_USE_IPV6 |
443 |
-+ struct sockaddr_storage server; |
444 |
-+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; |
445 |
-+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; |
446 |
-+# else |
447 |
- struct sockaddr_in server; |
448 |
-+ struct sockaddr_in *server_in = &server; |
449 |
-+# endif |
450 |
-+ socklen_t addr_len; |
451 |
- int s = -1; |
452 |
- |
453 |
-+ if (!use_ipv4 && !use_ipv6) |
454 |
-+ goto err; |
455 |
-+# if OPENSSL_USE_IPV6 |
456 |
-+ /* we are fine here */ |
457 |
-+# else |
458 |
-+ if (use_ipv6) |
459 |
-+ goto err; |
460 |
-+# endif |
461 |
- if (!ssl_sock_init()) |
462 |
- return (0); |
463 |
- |
464 |
-- memset((char *)&server, 0, sizeof(server)); |
465 |
-- server.sin_family = AF_INET; |
466 |
-- server.sin_port = htons((unsigned short)port); |
467 |
-- if (ip == NULL) |
468 |
-- server.sin_addr.s_addr = INADDR_ANY; |
469 |
-- else |
470 |
--/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */ |
471 |
--# ifndef BIT_FIELD_LIMITS |
472 |
-- memcpy(&server.sin_addr.s_addr, ip, 4); |
473 |
-+#if OPENSSL_USE_IPV6 |
474 |
-+ domain = use_ipv6 ? AF_INET6 : AF_INET; |
475 |
- # else |
476 |
-- memcpy(&server.sin_addr, ip, 4); |
477 |
-+ domain = AF_INET; |
478 |
- # endif |
479 |
-- |
480 |
- if (type == SOCK_STREAM) |
481 |
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
482 |
-- else /* type == SOCK_DGRAM */ |
483 |
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
484 |
-+ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); |
485 |
-+ else /* type == SOCK_DGRAM */ |
486 |
-+ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP); |
487 |
- |
488 |
- if (s == INVALID_SOCKET) |
489 |
- goto err; |
490 |
-@@ -363,7 +402,42 @@ |
491 |
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); |
492 |
- } |
493 |
- # endif |
494 |
-- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { |
495 |
-+# if OPENSSL_USE_IPV6 |
496 |
-+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) { |
497 |
-+ const int on = 1; |
498 |
-+ |
499 |
-+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, |
500 |
-+ (const void *) &on, sizeof(int)); |
501 |
-+ } |
502 |
-+# endif |
503 |
-+ if (domain == AF_INET) { |
504 |
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
505 |
-+ memset(server_in, 0, sizeof(struct sockaddr_in)); |
506 |
-+ server_in->sin_family=AF_INET; |
507 |
-+ server_in->sin_port = htons((unsigned short)port); |
508 |
-+ if (ip == NULL) |
509 |
-+ server_in->sin_addr.s_addr = htonl(INADDR_ANY); |
510 |
-+ else |
511 |
-+/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */ |
512 |
-+# ifndef BIT_FIELD_LIMITS |
513 |
-+ memcpy(&server_in->sin_addr.s_addr, ip, 4); |
514 |
-+# else |
515 |
-+ memcpy(&server_in->sin_addr, ip, 4); |
516 |
-+# endif |
517 |
-+ } |
518 |
-+# if OPENSSL_USE_IPV6 |
519 |
-+ else { |
520 |
-+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
521 |
-+ memset(server_in6, 0, sizeof(struct sockaddr_in6)); |
522 |
-+ server_in6->sin6_family = AF_INET6; |
523 |
-+ server_in6->sin6_port = htons((unsigned short)port); |
524 |
-+ if (ip == NULL) |
525 |
-+ server_in6->sin6_addr = in6addr_any; |
526 |
-+ else |
527 |
-+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); |
528 |
-+ } |
529 |
-+# endif |
530 |
-+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) { |
531 |
- # ifndef OPENSSL_SYS_WINDOWS |
532 |
- perror("bind"); |
533 |
- # endif |
534 |
-@@ -381,16 +455,23 @@ |
535 |
- return (ret); |
536 |
- } |
537 |
- |
538 |
--static int init_server(int *sock, int port, int type) |
539 |
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) |
540 |
- { |
541 |
-- return (init_server_long(sock, port, NULL, type)); |
542 |
-+ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); |
543 |
- } |
544 |
- |
545 |
- static int do_accept(int acc_sock, int *sock, char **host) |
546 |
- { |
547 |
- int ret; |
548 |
- struct hostent *h1, *h2; |
549 |
-- static struct sockaddr_in from; |
550 |
-+#if OPENSSL_USE_IPV6 |
551 |
-+ struct sockaddr_storage from; |
552 |
-+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; |
553 |
-+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; |
554 |
-+#else |
555 |
-+ struct sockaddr_in from; |
556 |
-+ struct sockaddr_in *from_in = &from; |
557 |
-+#endif |
558 |
- int len; |
559 |
- /* struct linger ling; */ |
560 |
- |
561 |
-@@ -440,14 +521,25 @@ |
562 |
- |
563 |
- if (host == NULL) |
564 |
- goto end; |
565 |
-+# if OPENSSL_USE_IPV6 |
566 |
-+ if (from.ss_family == AF_INET) |
567 |
-+# else |
568 |
-+ if (from.sin_family == AF_INET) |
569 |
-+# endif |
570 |
- # ifndef BIT_FIELD_LIMITS |
571 |
-- /* I should use WSAAsyncGetHostByName() under windows */ |
572 |
-- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, |
573 |
-- sizeof(from.sin_addr.s_addr), AF_INET); |
574 |
-+ /* I should use WSAAsyncGetHostByName() under windows */ |
575 |
-+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, |
576 |
-+ sizeof(from_in->sin_addr.s_addr), AF_INET); |
577 |
- # else |
578 |
-- h1 = gethostbyaddr((char *)&from.sin_addr, |
579 |
-- sizeof(struct in_addr), AF_INET); |
580 |
-+ h1 = gethostbyaddr((char *)&from_in->sin_addr, |
581 |
-+ sizeof(struct in_addr), AF_INET); |
582 |
-+# endif |
583 |
-+# if OPENSSL_USE_IPV6 |
584 |
-+ else |
585 |
-+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr, |
586 |
-+ sizeof(struct in6_addr), AF_INET6); |
587 |
- # endif |
588 |
-+ |
589 |
- if (h1 == NULL) { |
590 |
- BIO_printf(bio_err, "bad gethostbyaddr\n"); |
591 |
- *host = NULL; |
592 |
-@@ -460,14 +552,22 @@ |
593 |
- } |
594 |
- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); |
595 |
- |
596 |
-- h2 = GetHostByName(*host); |
597 |
-+# if OPENSSL_USE_IPV6 |
598 |
-+ h2=GetHostByName(*host, from.ss_family); |
599 |
-+# else |
600 |
-+ h2=GetHostByName(*host, from.sin_family); |
601 |
-+# endif |
602 |
- if (h2 == NULL) { |
603 |
- BIO_printf(bio_err, "gethostbyname failure\n"); |
604 |
- closesocket(ret); |
605 |
- return (0); |
606 |
- } |
607 |
-- if (h2->h_addrtype != AF_INET) { |
608 |
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
609 |
-+# if OPENSSL_USE_IPV6 |
610 |
-+ if (h2->h_addrtype != from.ss_family) { |
611 |
-+# else |
612 |
-+ if (h2->h_addrtype != from.sin_family) { |
613 |
-+# endif |
614 |
-+ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); |
615 |
- closesocket(ret); |
616 |
- return (0); |
617 |
- } |
618 |
-@@ -483,14 +583,14 @@ |
619 |
- char *h, *p; |
620 |
- |
621 |
- h = str; |
622 |
-- p = strchr(str, ':'); |
623 |
-+ p = strrchr(str, ':'); |
624 |
- if (p == NULL) { |
625 |
- BIO_printf(bio_err, "no port defined\n"); |
626 |
- return (0); |
627 |
- } |
628 |
- *(p++) = '\0'; |
629 |
- |
630 |
-- if ((ip != NULL) && !host_ip(str, ip)) |
631 |
-+ if ((ip != NULL) && !host_ip(str, ip, AF_INET)) |
632 |
- goto err; |
633 |
- if (host_ptr != NULL) |
634 |
- *host_ptr = h; |
635 |
-@@ -502,44 +602,51 @@ |
636 |
- return (0); |
637 |
- } |
638 |
- |
639 |
--static int host_ip(char *str, unsigned char ip[4]) |
640 |
-+static int host_ip(char *str, unsigned char *ip, int domain) |
641 |
- { |
642 |
- unsigned int in[4]; |
643 |
-+ unsigned long l; |
644 |
- int i; |
645 |
- |
646 |
-- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == |
647 |
-- 4) { |
648 |
-+ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) { |
649 |
- for (i = 0; i < 4; i++) |
650 |
- if (in[i] > 255) { |
651 |
- BIO_printf(bio_err, "invalid IP address\n"); |
652 |
- goto err; |
653 |
- } |
654 |
-- ip[0] = in[0]; |
655 |
-- ip[1] = in[1]; |
656 |
-- ip[2] = in[2]; |
657 |
-- ip[3] = in[3]; |
658 |
-- } else { /* do a gethostbyname */ |
659 |
-+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); |
660 |
-+ memcpy(ip, &l, 4); |
661 |
-+ return 1; |
662 |
-+ } |
663 |
-+# if OPENSSL_USE_IPV6 |
664 |
-+ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1)) |
665 |
-+ return 1; |
666 |
-+# endif |
667 |
-+ else { /* do a gethostbyname */ |
668 |
- struct hostent *he; |
669 |
- |
670 |
- if (!ssl_sock_init()) |
671 |
- return (0); |
672 |
- |
673 |
-- he = GetHostByName(str); |
674 |
-+ he = GetHostByName(str, domain); |
675 |
- if (he == NULL) { |
676 |
- BIO_printf(bio_err, "gethostbyname failure\n"); |
677 |
- goto err; |
678 |
- } |
679 |
- /* cast to short because of win16 winsock definition */ |
680 |
-- if ((short)he->h_addrtype != AF_INET) { |
681 |
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
682 |
-+ if ((short)he->h_addrtype != domain) { |
683 |
-+ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); |
684 |
- return (0); |
685 |
- } |
686 |
-- ip[0] = he->h_addr_list[0][0]; |
687 |
-- ip[1] = he->h_addr_list[0][1]; |
688 |
-- ip[2] = he->h_addr_list[0][2]; |
689 |
-- ip[3] = he->h_addr_list[0][3]; |
690 |
-+ if (domain == AF_INET) |
691 |
-+ memset(ip, 0, 4); |
692 |
-+# if OPENSSL_USE_IPV6 |
693 |
-+ else |
694 |
-+ memset(ip, 0, 16); |
695 |
-+# endif |
696 |
-+ memcpy(ip, he->h_addr_list[0], he->h_length); |
697 |
-+ return 1; |
698 |
- } |
699 |
-- return (1); |
700 |
- err: |
701 |
- return (0); |
702 |
- } |
703 |
-@@ -573,7 +680,7 @@ |
704 |
- static unsigned long ghbn_hits = 0L; |
705 |
- static unsigned long ghbn_miss = 0L; |
706 |
- |
707 |
--static struct hostent *GetHostByName(char *name) |
708 |
-+static struct hostent *GetHostByName(char *name, int domain) |
709 |
- { |
710 |
- struct hostent *ret; |
711 |
- int i, lowi = 0; |
712 |
-@@ -585,13 +692,18 @@ |
713 |
- lowi = i; |
714 |
- } |
715 |
- if (ghbn_cache[i].order > 0) { |
716 |
-- if (strncmp(name, ghbn_cache[i].name, 128) == 0) |
717 |
-+ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain)) |
718 |
- break; |
719 |
- } |
720 |
- } |
721 |
- if (i == GHBN_NUM) { /* no hit */ |
722 |
- ghbn_miss++; |
723 |
-- ret = gethostbyname(name); |
724 |
-+ if (domain == AF_INET) |
725 |
-+ ret = gethostbyname(name); |
726 |
-+# if OPENSSL_USE_IPV6 |
727 |
-+ else |
728 |
-+ ret = gethostbyname2(name, AF_INET6); |
729 |
-+# endif |
730 |
- if (ret == NULL) |
731 |
- return (NULL); |
732 |
- /* else add to cache */ |
733 |
|
734 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch |
735 |
deleted file mode 100644 |
736 |
index 0198818c5fa..00000000000 |
737 |
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch |
738 |
+++ /dev/null |
739 |
@@ -1,64 +0,0 @@ |
740 |
-https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest |
741 |
- |
742 |
-From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001 |
743 |
-From: Mike Frysinger <vapier@g.o> |
744 |
-Date: Sun, 8 Mar 2015 01:32:01 -0500 |
745 |
-Subject: [PATCH] fix parallel install with dir creation |
746 |
- |
747 |
-The mkdir-p.pl does not handle parallel creation of directories. |
748 |
-This comes up when the install_sw and install_docs rules run and |
749 |
-both call mkdir-p.pl on sibling directory trees. |
750 |
- |
751 |
-Instead, lets create a single install_dirs rule that makes all of |
752 |
-the dirs we need, and have these two install steps depend on that. |
753 |
---- |
754 |
- Makefile.org | 17 +++++++++-------- |
755 |
- 1 file changed, 9 insertions(+), 8 deletions(-) |
756 |
- |
757 |
-diff --git a/Makefile.org b/Makefile.org |
758 |
-index a6d9471..78e6143 100644 |
759 |
---- a/Makefile.org |
760 |
-+++ b/Makefile.org |
761 |
-@@ -536,9 +536,9 @@ |
762 |
- dist_pem_h: |
763 |
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) |
764 |
- |
765 |
--install: all install_docs install_sw |
766 |
-+install: install_docs install_sw |
767 |
- |
768 |
--install_sw: |
769 |
-+install_dirs: |
770 |
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ |
771 |
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ |
772 |
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ |
773 |
-@@ -547,6 +547,13 @@ |
774 |
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ |
775 |
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ |
776 |
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private |
777 |
-+ @$(PERL) $(TOP)/util/mkdir-p.pl \ |
778 |
-+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ |
779 |
-+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ |
780 |
-+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ |
781 |
-+ $(INSTALL_PREFIX)$(MANDIR)/man7 |
782 |
-+ |
783 |
-+install_sw: install_dirs |
784 |
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ |
785 |
- do \ |
786 |
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
787 |
-@@ -636,12 +643,7 @@ |
788 |
- done; \ |
789 |
- done |
790 |
- |
791 |
--install_docs: |
792 |
-- @$(PERL) $(TOP)/util/mkdir-p.pl \ |
793 |
-- $(INSTALL_PREFIX)$(MANDIR)/man1 \ |
794 |
-- $(INSTALL_PREFIX)$(MANDIR)/man3 \ |
795 |
-- $(INSTALL_PREFIX)$(MANDIR)/man5 \ |
796 |
-- $(INSTALL_PREFIX)$(MANDIR)/man7 |
797 |
-+install_docs: install_dirs |
798 |
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ |
799 |
- here="`pwd`"; \ |
800 |
- filecase=; \ |
801 |
--- |
802 |
-2.3.4 |
803 |
- |
804 |
|
805 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch |
806 |
deleted file mode 100644 |
807 |
index a7d6f4effea..00000000000 |
808 |
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch |
809 |
+++ /dev/null |
810 |
@@ -1,37 +0,0 @@ |
811 |
-https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest |
812 |
- |
813 |
-From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001 |
814 |
-From: Mike Frysinger <vapier@g.o> |
815 |
-Date: Sun, 8 Mar 2015 01:34:48 -0500 |
816 |
-Subject: [PATCH] fix parallel generation of obj headers |
817 |
- |
818 |
-The current code has dummy sleep/touch commands to try and work |
819 |
-around the parallel issue, but that is obviously racy. Instead |
820 |
-lets force one of the files to depend on the other so we know |
821 |
-they'll never run in parallel. |
822 |
---- |
823 |
- crypto/objects/Makefile | 6 +++--- |
824 |
- 1 file changed, 3 insertions(+), 3 deletions(-) |
825 |
- |
826 |
-diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile |
827 |
-index ad2db1e..7d32504 100644 |
828 |
---- a/crypto/objects/Makefile |
829 |
-+++ b/crypto/objects/Makefile |
830 |
-@@ -44,11 +44,11 @@ |
831 |
- # objects.pl both reads and writes obj_mac.num |
832 |
- obj_mac.h: objects.pl objects.txt obj_mac.num |
833 |
- $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h |
834 |
-- @sleep 1; touch obj_mac.h; sleep 1 |
835 |
- |
836 |
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num |
837 |
-+# This doesn't really need obj_mac.h, but since that rule reads & writes |
838 |
-+# obj_mac.num, we can't run in parallel with it. |
839 |
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h |
840 |
- $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h |
841 |
-- @sleep 1; touch obj_xref.h; sleep 1 |
842 |
- |
843 |
- files: |
844 |
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO |
845 |
--- |
846 |
-2.3.4 |
847 |
- |
848 |
|
849 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch |
850 |
deleted file mode 100644 |
851 |
index f2be696b106..00000000000 |
852 |
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch |
853 |
+++ /dev/null |
854 |
@@ -1,63 +0,0 @@ |
855 |
-https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest |
856 |
- |
857 |
-From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001 |
858 |
-From: Mike Frysinger <vapier@g.o> |
859 |
-Date: Fri, 3 Apr 2015 01:16:23 -0400 |
860 |
-Subject: [PATCH] fix race when symlink shareds libs |
861 |
- |
862 |
-When the crypto/ssl targets attempt to build their shared libs, they run: |
863 |
- cd ..; make libcrypto.so.1.0.0 |
864 |
-The top level Makefile in turn runs the build-shared target for that lib. |
865 |
- |
866 |
-The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared. |
867 |
-When building in parallel, make is allowed to run both of these. They |
868 |
-both run Makefile.shared for their respective targets: |
869 |
-do_$(SHLIB_TARGET) -> |
870 |
- link_a.linux-shared -> |
871 |
- link_a.gnu -> |
872 |
- ...; $(LINK_SO_A) -> |
873 |
- $(LINK_SO) -> |
874 |
- $(SYMLINK_SO) |
875 |
-link-shared -> |
876 |
- symlink.linux-shared -> |
877 |
- symlink.gnu -> |
878 |
- ...; $(SYMLINK_SO) |
879 |
- |
880 |
-The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails |
881 |
-basic TOCTOU semantics. Depending on the load, that means two processes |
882 |
-will run the sequence: |
883 |
- rm -f libcrypto.so |
884 |
- ln -s libcrypto.so.1.0.0 libcrypto.so |
885 |
- |
886 |
-Which obviously fails: |
887 |
- ln: failed to create symbolic link 'libcrypto.so': File exists |
888 |
- |
889 |
-Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't |
890 |
-bother depending on link-shared at all in the top level Makefile when |
891 |
-building things. |
892 |
- |
893 |
-Reported-by: Martin von Gagern <Martin.vGagern@×××.net> |
894 |
-URL: https://bugs.gentoo.org/545028 |
895 |
---- |
896 |
- Makefile.org | 5 ++++- |
897 |
- 1 file changed, 4 insertions(+), 1 deletion(-) |
898 |
- |
899 |
-diff --git a/Makefile.org b/Makefile.org |
900 |
-index 890bfe4..576c60e 100644 |
901 |
---- a/Makefile.org |
902 |
-+++ b/Makefile.org |
903 |
-@@ -350,7 +350,10 @@ link-shared: |
904 |
- libs="$$libs -l$$i"; \ |
905 |
- done |
906 |
- |
907 |
--build-shared: do_$(SHLIB_TARGET) link-shared |
908 |
-+# The link target in Makefile.shared will create the symlink for us, so no need |
909 |
-+# to call link-shared directly. Doing so will cause races with two processes |
910 |
-+# trying to symlink the lib. |
911 |
-+build-shared: do_$(SHLIB_TARGET) |
912 |
- |
913 |
- do_$(SHLIB_TARGET): |
914 |
- @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ |
915 |
--- |
916 |
-2.3.4 |
917 |
- |
918 |
|
919 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch |
920 |
deleted file mode 100644 |
921 |
index 387a077da27..00000000000 |
922 |
--- a/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch |
923 |
+++ /dev/null |
924 |
@@ -1,326 +0,0 @@ |
925 |
---- openssl-1.0.2i/crypto/Makefile |
926 |
-+++ openssl-1.0.2i/crypto/Makefile |
927 |
-@@ -85,11 +85,11 @@ |
928 |
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi |
929 |
- |
930 |
- subdirs: |
931 |
-- @target=all; $(RECURSIVE_MAKE) |
932 |
-+ +@target=all; $(RECURSIVE_MAKE) |
933 |
- |
934 |
- files: |
935 |
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO |
936 |
-- @target=files; $(RECURSIVE_MAKE) |
937 |
-+ +@target=files; $(RECURSIVE_MAKE) |
938 |
- |
939 |
- links: |
940 |
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) |
941 |
-@@ -100,7 +100,7 @@ |
942 |
- # lib: $(LIB): are splitted to avoid end-less loop |
943 |
- lib: $(LIB) |
944 |
- @touch lib |
945 |
--$(LIB): $(LIBOBJ) |
946 |
-+$(LIB): $(LIBOBJ) | subdirs |
947 |
- $(AR) $(LIB) $(LIBOBJ) |
948 |
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o |
949 |
- $(RANLIB) $(LIB) || echo Never mind. |
950 |
-@@ -111,7 +111,7 @@ |
951 |
- fi |
952 |
- |
953 |
- libs: |
954 |
-- @target=lib; $(RECURSIVE_MAKE) |
955 |
-+ +@target=lib; $(RECURSIVE_MAKE) |
956 |
- |
957 |
- install: |
958 |
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... |
959 |
-@@ -120,7 +120,7 @@ |
960 |
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
961 |
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
962 |
- done; |
963 |
-- @target=install; $(RECURSIVE_MAKE) |
964 |
-+ +@target=install; $(RECURSIVE_MAKE) |
965 |
- |
966 |
- lint: |
967 |
- @target=lint; $(RECURSIVE_MAKE) |
968 |
---- openssl-1.0.2i/engines/Makefile |
969 |
-+++ openssl-1.0.2i/engines/Makefile |
970 |
-@@ -72,7 +72,7 @@ |
971 |
- |
972 |
- all: lib subdirs |
973 |
- |
974 |
--lib: $(LIBOBJ) |
975 |
-+lib: $(LIBOBJ) | subdirs |
976 |
- @if [ -n "$(SHARED_LIBS)" ]; then \ |
977 |
- set -e; \ |
978 |
- for l in $(LIBNAMES); do \ |
979 |
-@@ -89,7 +89,7 @@ |
980 |
- |
981 |
- subdirs: |
982 |
- echo $(EDIRS) |
983 |
-- @target=all; $(RECURSIVE_MAKE) |
984 |
-+ +@target=all; $(RECURSIVE_MAKE) |
985 |
- |
986 |
- files: |
987 |
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO |
988 |
-@@ -128,7 +128,7 @@ |
989 |
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ |
990 |
- done; \ |
991 |
- fi |
992 |
-- @target=install; $(RECURSIVE_MAKE) |
993 |
-+ +@target=install; $(RECURSIVE_MAKE) |
994 |
- |
995 |
- tags: |
996 |
- ctags $(SRC) |
997 |
---- openssl-1.0.2i/Makefile.org |
998 |
-+++ openssl-1.0.2i/Makefile.org |
999 |
-@@ -281,17 +281,17 @@ |
1000 |
- build_libssl: build_ssl libssl.pc |
1001 |
- |
1002 |
- build_crypto: |
1003 |
-- @dir=crypto; target=all; $(BUILD_ONE_CMD) |
1004 |
-+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) |
1005 |
- build_ssl: build_crypto |
1006 |
-- @dir=ssl; target=all; $(BUILD_ONE_CMD) |
1007 |
-+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) |
1008 |
- build_engines: build_crypto |
1009 |
-- @dir=engines; target=all; $(BUILD_ONE_CMD) |
1010 |
-+ +@dir=engines; target=all; $(BUILD_ONE_CMD) |
1011 |
- build_apps: build_libs |
1012 |
-- @dir=apps; target=all; $(BUILD_ONE_CMD) |
1013 |
-+ +@dir=apps; target=all; $(BUILD_ONE_CMD) |
1014 |
- build_tests: build_libs |
1015 |
-- @dir=test; target=all; $(BUILD_ONE_CMD) |
1016 |
-+ +@dir=test; target=all; $(BUILD_ONE_CMD) |
1017 |
- build_tools: build_libs |
1018 |
-- @dir=tools; target=all; $(BUILD_ONE_CMD) |
1019 |
-+ +@dir=tools; target=all; $(BUILD_ONE_CMD) |
1020 |
- |
1021 |
- all_testapps: build_libs build_testapps |
1022 |
- build_testapps: |
1023 |
-@@ -547,7 +547,7 @@ |
1024 |
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
1025 |
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
1026 |
- done; |
1027 |
-- @set -e; target=install; $(RECURSIVE_BUILD_CMD) |
1028 |
-+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) |
1029 |
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ |
1030 |
- do \ |
1031 |
- if [ -f "$$i" ]; then \ |
1032 |
---- openssl-1.0.2i/Makefile.shared |
1033 |
-+++ openssl-1.0.2i/Makefile.shared |
1034 |
-@@ -105,6 +105,7 @@ |
1035 |
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ |
1036 |
- LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ |
1037 |
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ |
1038 |
-+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ |
1039 |
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ |
1040 |
- $${SHAREDCMD} $${SHAREDFLAGS} \ |
1041 |
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ |
1042 |
-@@ -122,6 +123,7 @@ |
1043 |
- done; \ |
1044 |
- fi; \ |
1045 |
- if [ -n "$$SHLIB_SOVER" ]; then \ |
1046 |
-+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ |
1047 |
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ |
1048 |
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ |
1049 |
- fi; \ |
1050 |
---- openssl-1.0.2i/test/Makefile |
1051 |
-+++ openssl-1.0.2i/test/Makefile |
1052 |
-@@ -144,7 +144,7 @@ |
1053 |
- tags: |
1054 |
- ctags $(SRC) |
1055 |
- |
1056 |
--tests: exe apps $(TESTS) |
1057 |
-+tests: exe $(TESTS) |
1058 |
- |
1059 |
- apps: |
1060 |
- @(cd ..; $(MAKE) DIRS=apps all) |
1061 |
-@@ -435,136 +435,136 @@ |
1062 |
- link_app.$${shlib_target} |
1063 |
- |
1064 |
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) |
1065 |
-- @target=$(RSATEST); $(BUILD_CMD) |
1066 |
-+ +@target=$(RSATEST); $(BUILD_CMD) |
1067 |
- |
1068 |
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) |
1069 |
-- @target=$(BNTEST); $(BUILD_CMD) |
1070 |
-+ +@target=$(BNTEST); $(BUILD_CMD) |
1071 |
- |
1072 |
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) |
1073 |
-- @target=$(ECTEST); $(BUILD_CMD) |
1074 |
-+ +@target=$(ECTEST); $(BUILD_CMD) |
1075 |
- |
1076 |
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) |
1077 |
-- @target=$(EXPTEST); $(BUILD_CMD) |
1078 |
-+ +@target=$(EXPTEST); $(BUILD_CMD) |
1079 |
- |
1080 |
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) |
1081 |
-- @target=$(IDEATEST); $(BUILD_CMD) |
1082 |
-+ +@target=$(IDEATEST); $(BUILD_CMD) |
1083 |
- |
1084 |
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) |
1085 |
-- @target=$(MD2TEST); $(BUILD_CMD) |
1086 |
-+ +@target=$(MD2TEST); $(BUILD_CMD) |
1087 |
- |
1088 |
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) |
1089 |
-- @target=$(SHATEST); $(BUILD_CMD) |
1090 |
-+ +@target=$(SHATEST); $(BUILD_CMD) |
1091 |
- |
1092 |
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) |
1093 |
-- @target=$(SHA1TEST); $(BUILD_CMD) |
1094 |
-+ +@target=$(SHA1TEST); $(BUILD_CMD) |
1095 |
- |
1096 |
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) |
1097 |
-- @target=$(SHA256TEST); $(BUILD_CMD) |
1098 |
-+ +@target=$(SHA256TEST); $(BUILD_CMD) |
1099 |
- |
1100 |
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) |
1101 |
-- @target=$(SHA512TEST); $(BUILD_CMD) |
1102 |
-+ +@target=$(SHA512TEST); $(BUILD_CMD) |
1103 |
- |
1104 |
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) |
1105 |
-- @target=$(RMDTEST); $(BUILD_CMD) |
1106 |
-+ +@target=$(RMDTEST); $(BUILD_CMD) |
1107 |
- |
1108 |
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) |
1109 |
-- @target=$(MDC2TEST); $(BUILD_CMD) |
1110 |
-+ +@target=$(MDC2TEST); $(BUILD_CMD) |
1111 |
- |
1112 |
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) |
1113 |
-- @target=$(MD4TEST); $(BUILD_CMD) |
1114 |
-+ +@target=$(MD4TEST); $(BUILD_CMD) |
1115 |
- |
1116 |
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) |
1117 |
-- @target=$(MD5TEST); $(BUILD_CMD) |
1118 |
-+ +@target=$(MD5TEST); $(BUILD_CMD) |
1119 |
- |
1120 |
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) |
1121 |
-- @target=$(HMACTEST); $(BUILD_CMD) |
1122 |
-+ +@target=$(HMACTEST); $(BUILD_CMD) |
1123 |
- |
1124 |
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) |
1125 |
-- @target=$(WPTEST); $(BUILD_CMD) |
1126 |
-+ +@target=$(WPTEST); $(BUILD_CMD) |
1127 |
- |
1128 |
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) |
1129 |
-- @target=$(RC2TEST); $(BUILD_CMD) |
1130 |
-+ +@target=$(RC2TEST); $(BUILD_CMD) |
1131 |
- |
1132 |
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) |
1133 |
-- @target=$(BFTEST); $(BUILD_CMD) |
1134 |
-+ +@target=$(BFTEST); $(BUILD_CMD) |
1135 |
- |
1136 |
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) |
1137 |
-- @target=$(CASTTEST); $(BUILD_CMD) |
1138 |
-+ +@target=$(CASTTEST); $(BUILD_CMD) |
1139 |
- |
1140 |
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) |
1141 |
-- @target=$(RC4TEST); $(BUILD_CMD) |
1142 |
-+ +@target=$(RC4TEST); $(BUILD_CMD) |
1143 |
- |
1144 |
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) |
1145 |
-- @target=$(RC5TEST); $(BUILD_CMD) |
1146 |
-+ +@target=$(RC5TEST); $(BUILD_CMD) |
1147 |
- |
1148 |
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) |
1149 |
-- @target=$(DESTEST); $(BUILD_CMD) |
1150 |
-+ +@target=$(DESTEST); $(BUILD_CMD) |
1151 |
- |
1152 |
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) |
1153 |
-- @target=$(RANDTEST); $(BUILD_CMD) |
1154 |
-+ +@target=$(RANDTEST); $(BUILD_CMD) |
1155 |
- |
1156 |
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) |
1157 |
-- @target=$(DHTEST); $(BUILD_CMD) |
1158 |
-+ +@target=$(DHTEST); $(BUILD_CMD) |
1159 |
- |
1160 |
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) |
1161 |
-- @target=$(DSATEST); $(BUILD_CMD) |
1162 |
-+ +@target=$(DSATEST); $(BUILD_CMD) |
1163 |
- |
1164 |
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) |
1165 |
-- @target=$(METHTEST); $(BUILD_CMD) |
1166 |
-+ +@target=$(METHTEST); $(BUILD_CMD) |
1167 |
- |
1168 |
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) |
1169 |
-- @target=$(SSLTEST); $(FIPS_BUILD_CMD) |
1170 |
-+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) |
1171 |
- |
1172 |
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) |
1173 |
-- @target=$(ENGINETEST); $(BUILD_CMD) |
1174 |
-+ +@target=$(ENGINETEST); $(BUILD_CMD) |
1175 |
- |
1176 |
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) |
1177 |
-- @target=$(EVPTEST); $(BUILD_CMD) |
1178 |
-+ +@target=$(EVPTEST); $(BUILD_CMD) |
1179 |
- |
1180 |
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) |
1181 |
-- @target=$(EVPEXTRATEST); $(BUILD_CMD) |
1182 |
-+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) |
1183 |
- |
1184 |
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) |
1185 |
-- @target=$(ECDSATEST); $(BUILD_CMD) |
1186 |
-+ +@target=$(ECDSATEST); $(BUILD_CMD) |
1187 |
- |
1188 |
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) |
1189 |
-- @target=$(ECDHTEST); $(BUILD_CMD) |
1190 |
-+ +@target=$(ECDHTEST); $(BUILD_CMD) |
1191 |
- |
1192 |
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) |
1193 |
-- @target=$(IGETEST); $(BUILD_CMD) |
1194 |
-+ +@target=$(IGETEST); $(BUILD_CMD) |
1195 |
- |
1196 |
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) |
1197 |
-- @target=$(JPAKETEST); $(BUILD_CMD) |
1198 |
-+ +@target=$(JPAKETEST); $(BUILD_CMD) |
1199 |
- |
1200 |
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) |
1201 |
-- @target=$(ASN1TEST); $(BUILD_CMD) |
1202 |
-+ +@target=$(ASN1TEST); $(BUILD_CMD) |
1203 |
- |
1204 |
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) |
1205 |
-- @target=$(SRPTEST); $(BUILD_CMD) |
1206 |
-+ +@target=$(SRPTEST); $(BUILD_CMD) |
1207 |
- |
1208 |
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) |
1209 |
-- @target=$(V3NAMETEST); $(BUILD_CMD) |
1210 |
-+ +@target=$(V3NAMETEST); $(BUILD_CMD) |
1211 |
- |
1212 |
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) |
1213 |
-- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) |
1214 |
-+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) |
1215 |
- |
1216 |
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o |
1217 |
-- @target=$(CONSTTIMETEST) $(BUILD_CMD) |
1218 |
-+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) |
1219 |
- |
1220 |
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o |
1221 |
-- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) |
1222 |
-+ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) |
1223 |
- |
1224 |
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o |
1225 |
-- @target=$(CLIENTHELLOTEST) $(BUILD_CMD) |
1226 |
-+ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) |
1227 |
- |
1228 |
- $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o |
1229 |
-- @target=$(BADDTLSTEST) $(BUILD_CMD) |
1230 |
-+ +@target=$(BADDTLSTEST) $(BUILD_CMD) |
1231 |
- |
1232 |
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o |
1233 |
-- @target=$(SSLV2CONFTEST) $(BUILD_CMD) |
1234 |
-+ +@target=$(SSLV2CONFTEST) $(BUILD_CMD) |
1235 |
- |
1236 |
- $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) |
1237 |
-- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) |
1238 |
-+ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) |
1239 |
- |
1240 |
- #$(AESTEST).o: $(AESTEST).c |
1241 |
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c |
1242 |
-@@ -577,7 +577,7 @@ |
1243 |
- # fi |
1244 |
- |
1245 |
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) |
1246 |
-- @target=dummytest; $(BUILD_CMD) |
1247 |
-+ +@target=dummytest; $(BUILD_CMD) |
1248 |
- |
1249 |
- # DO NOT DELETE THIS LINE -- make depend depends on it. |
1250 |
- |
1251 |
|
1252 |
diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild |
1253 |
deleted file mode 100644 |
1254 |
index 9ba2eeef6ad..00000000000 |
1255 |
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild |
1256 |
+++ /dev/null |
1257 |
@@ -1,254 +0,0 @@ |
1258 |
-# Copyright 1999-2017 Gentoo Foundation |
1259 |
-# Distributed under the terms of the GNU General Public License v2 |
1260 |
- |
1261 |
-EAPI="5" |
1262 |
- |
1263 |
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
1264 |
- |
1265 |
-MY_P=${P/_/-} |
1266 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
1267 |
-HOMEPAGE="http://www.openssl.org/" |
1268 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
1269 |
- |
1270 |
-LICENSE="openssl" |
1271 |
-SLOT="0" |
1272 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
1273 |
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
1274 |
-RESTRICT="!bindist? ( bindist )" |
1275 |
- |
1276 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
1277 |
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1278 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1279 |
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" |
1280 |
-DEPEND="${RDEPEND} |
1281 |
- >=dev-lang/perl-5 |
1282 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
1283 |
- test? ( |
1284 |
- sys-apps/diffutils |
1285 |
- sys-devel/bc |
1286 |
- )" |
1287 |
-PDEPEND="app-misc/ca-certificates" |
1288 |
- |
1289 |
-S="${WORKDIR}/${MY_P}" |
1290 |
- |
1291 |
-MULTILIB_WRAPPED_HEADERS=( |
1292 |
- usr/include/openssl/opensslconf.h |
1293 |
-) |
1294 |
- |
1295 |
-src_prepare() { |
1296 |
- # keep this in sync with app-misc/c_rehash |
1297 |
- SSL_CNF_DIR="/etc/ssl" |
1298 |
- |
1299 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
1300 |
- # that gets blown away anyways by the Configure script in src_configure |
1301 |
- rm -f Makefile |
1302 |
- |
1303 |
- if ! use vanilla ; then |
1304 |
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
1305 |
- epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch |
1306 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
1307 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
1308 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
1309 |
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
1310 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
1311 |
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
1312 |
- |
1313 |
- epatch_user #332661 |
1314 |
- fi |
1315 |
- |
1316 |
- # disable fips in the build |
1317 |
- # make sure the man pages are suffixed #302165 |
1318 |
- # don't bother building man pages if they're disabled |
1319 |
- sed -i \ |
1320 |
- -e '/DIRS/s: fips : :g' \ |
1321 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
1322 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
1323 |
- -e $(has noman FEATURES \ |
1324 |
- && echo '/^install:/s:install_docs::' \ |
1325 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
1326 |
- Makefile.org \ |
1327 |
- || die |
1328 |
- # show the actual commands in the log |
1329 |
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
1330 |
- |
1331 |
- # since we're forcing $(CC) as makedep anyway, just fix |
1332 |
- # the conditional as always-on |
1333 |
- # helps clang (#417795), and versioned gcc (#499818) |
1334 |
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
1335 |
- |
1336 |
- # quiet out unknown driver argument warnings since openssl |
1337 |
- # doesn't have well-split CFLAGS and we're making it even worse |
1338 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
1339 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
1340 |
- |
1341 |
- # allow openssl to be cross-compiled |
1342 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
1343 |
- chmod a+rx gentoo.config |
1344 |
- |
1345 |
- append-flags -fno-strict-aliasing |
1346 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
1347 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
1348 |
- |
1349 |
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
1350 |
- # The config script does stupid stuff to prompt the user. Kill it. |
1351 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
1352 |
- ./config --test-sanity || die "I AM NOT SANE" |
1353 |
- |
1354 |
- multilib_copy_sources |
1355 |
-} |
1356 |
- |
1357 |
-multilib_src_configure() { |
1358 |
- unset APPS #197996 |
1359 |
- unset SCRIPTS #312551 |
1360 |
- unset CROSS_COMPILE #311473 |
1361 |
- |
1362 |
- tc-export CC AR RANLIB RC |
1363 |
- |
1364 |
- # Clean out patent-or-otherwise-encumbered code |
1365 |
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
1366 |
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
1367 |
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
1368 |
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
1369 |
- # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
1370 |
- |
1371 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
1372 |
- echoit() { echo "$@" ; "$@" ; } |
1373 |
- |
1374 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
1375 |
- |
1376 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
1377 |
- # friendly and can use the nicely optimized code paths. #460790 |
1378 |
- local ec_nistp_64_gcc_128 |
1379 |
- # Disable it for now though #469976 |
1380 |
- #if ! use bindist ; then |
1381 |
- # echo "__uint128_t i;" > "${T}"/128.c |
1382 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
1383 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
1384 |
- # fi |
1385 |
- #fi |
1386 |
- |
1387 |
- # https://github.com/openssl/openssl/issues/2286 |
1388 |
- if use ia64 ; then |
1389 |
- replace-flags -g3 -g2 |
1390 |
- replace-flags -ggdb3 -ggdb2 |
1391 |
- fi |
1392 |
- |
1393 |
- local sslout=$(./gentoo.config) |
1394 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
1395 |
- local config="Configure" |
1396 |
- [[ -z ${sslout} ]] && config="config" |
1397 |
- |
1398 |
- echoit \ |
1399 |
- ./${config} \ |
1400 |
- ${sslout} \ |
1401 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
1402 |
- enable-camellia \ |
1403 |
- $(use_ssl !bindist ec) \ |
1404 |
- ${ec_nistp_64_gcc_128} \ |
1405 |
- enable-idea \ |
1406 |
- enable-mdc2 \ |
1407 |
- enable-rc5 \ |
1408 |
- enable-tlsext \ |
1409 |
- $(use_ssl asm) \ |
1410 |
- $(use_ssl gmp gmp -lgmp) \ |
1411 |
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
1412 |
- $(use_ssl rfc3779) \ |
1413 |
- $(use_ssl sctp) \ |
1414 |
- $(use_ssl sslv2 ssl2) \ |
1415 |
- $(use_ssl sslv3 ssl3) \ |
1416 |
- $(use_ssl tls-heartbeat heartbeats) \ |
1417 |
- $(use_ssl zlib) \ |
1418 |
- --prefix="${EPREFIX}"/usr \ |
1419 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
1420 |
- --libdir=$(get_libdir) \ |
1421 |
- shared threads \ |
1422 |
- || die |
1423 |
- |
1424 |
- # Clean out hardcoded flags that openssl uses |
1425 |
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
1426 |
- -e 's:^CFLAG=::' \ |
1427 |
- -e 's:-fomit-frame-pointer ::g' \ |
1428 |
- -e 's:-O[0-9] ::g' \ |
1429 |
- -e 's:-march=[-a-z0-9]* ::g' \ |
1430 |
- -e 's:-mcpu=[-a-z0-9]* ::g' \ |
1431 |
- -e 's:-m[a-z0-9]* ::g' \ |
1432 |
- ) |
1433 |
- sed -i \ |
1434 |
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
1435 |
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
1436 |
- Makefile || die |
1437 |
-} |
1438 |
- |
1439 |
-multilib_src_compile() { |
1440 |
- # depend is needed to use $confopts; it also doesn't matter |
1441 |
- # that it's -j1 as the code itself serializes subdirs |
1442 |
- emake -j1 depend |
1443 |
- emake all |
1444 |
- # rehash is needed to prep the certs/ dir; do this |
1445 |
- # separately to avoid parallel build issues. |
1446 |
- emake rehash |
1447 |
-} |
1448 |
- |
1449 |
-multilib_src_test() { |
1450 |
- emake -j1 test |
1451 |
-} |
1452 |
- |
1453 |
-multilib_src_install() { |
1454 |
- emake INSTALL_PREFIX="${D}" install |
1455 |
-} |
1456 |
- |
1457 |
-multilib_src_install_all() { |
1458 |
- # openssl installs perl version of c_rehash by default, but |
1459 |
- # we provide a shell version via app-misc/c_rehash |
1460 |
- rm "${ED}"/usr/bin/c_rehash || die |
1461 |
- |
1462 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
1463 |
- dohtml -r doc/* |
1464 |
- use rfc3779 && dodoc engines/ccgost/README.gost |
1465 |
- |
1466 |
- # This is crappy in that the static archives are still built even |
1467 |
- # when USE=static-libs. But this is due to a failing in the openssl |
1468 |
- # build system: the static archives are built as PIC all the time. |
1469 |
- # Only way around this would be to manually configure+compile openssl |
1470 |
- # twice; once with shared lib support enabled and once without. |
1471 |
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
1472 |
- |
1473 |
- # create the certs directory |
1474 |
- dodir ${SSL_CNF_DIR}/certs |
1475 |
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
1476 |
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
1477 |
- |
1478 |
- # Namespace openssl programs to prevent conflicts with other man pages |
1479 |
- cd "${ED}"/usr/share/man |
1480 |
- local m d s |
1481 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
1482 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
1483 |
- [[ ${m} == openssl.1* ]] && continue |
1484 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
1485 |
- mv ${d}/{,ssl-}${m} |
1486 |
- # fix up references to renamed man pages |
1487 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
1488 |
- ln -s ssl-${m} ${d}/openssl-${m} |
1489 |
- # locate any symlinks that point to this man page ... we assume |
1490 |
- # that any broken links are due to the above renaming |
1491 |
- for s in $(find -L ${d} -type l) ; do |
1492 |
- s=${s##*/} |
1493 |
- rm -f ${d}/${s} |
1494 |
- ln -s ssl-${m} ${d}/ssl-${s} |
1495 |
- ln -s ssl-${s} ${d}/openssl-${s} |
1496 |
- done |
1497 |
- done |
1498 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
1499 |
- |
1500 |
- dodir /etc/sandbox.d #254521 |
1501 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
1502 |
- |
1503 |
- diropts -m0700 |
1504 |
- keepdir ${SSL_CNF_DIR}/private |
1505 |
-} |
1506 |
- |
1507 |
-pkg_postinst() { |
1508 |
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
1509 |
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
1510 |
- eend $? |
1511 |
-} |
1512 |
|
1513 |
diff --git a/dev-libs/openssl/openssl-1.0.2l-r1.ebuild b/dev-libs/openssl/openssl-1.0.2l-r1.ebuild |
1514 |
deleted file mode 100644 |
1515 |
index 4c78a177bf6..00000000000 |
1516 |
--- a/dev-libs/openssl/openssl-1.0.2l-r1.ebuild |
1517 |
+++ /dev/null |
1518 |
@@ -1,296 +0,0 @@ |
1519 |
-# Copyright 1999-2017 Gentoo Foundation |
1520 |
-# Distributed under the terms of the GNU General Public License v2 |
1521 |
- |
1522 |
-EAPI="5" |
1523 |
- |
1524 |
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
1525 |
- |
1526 |
-MY_P=${P/_/-} |
1527 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
1528 |
-HOMEPAGE="http://www.openssl.org/" |
1529 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
1530 |
- |
1531 |
-LICENSE="openssl" |
1532 |
-SLOT="0" |
1533 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
1534 |
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
1535 |
-RESTRICT="!bindist? ( bindist )" |
1536 |
- |
1537 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
1538 |
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1539 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1540 |
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" |
1541 |
-DEPEND="${RDEPEND} |
1542 |
- >=dev-lang/perl-5 |
1543 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
1544 |
- test? ( |
1545 |
- sys-apps/diffutils |
1546 |
- sys-devel/bc |
1547 |
- )" |
1548 |
-PDEPEND="app-misc/ca-certificates" |
1549 |
- |
1550 |
-# This does not copy the entire Fedora patchset, but JUST the parts that |
1551 |
-# are needed to make it safe to use EC with RESTRICT=bindist. |
1552 |
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN |
1553 |
-SOURCE1=hobble-openssl |
1554 |
-SOURCE12=ec_curve.c |
1555 |
-SOURCE13=ectest.c |
1556 |
-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC |
1557 |
-#PATCH37=openssl-1.1.0-ec-curves.patch |
1558 |
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' |
1559 |
-FEDORA_GIT_BRANCH='f25' |
1560 |
-FEDORA_SRC_URI=() |
1561 |
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) |
1562 |
-FEDORA_PATCH=( $PATCH1 $PATCH37 ) |
1563 |
-for i in "${FEDORA_SOURCE[@]}" ; do |
1564 |
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) |
1565 |
-done |
1566 |
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix |
1567 |
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) |
1568 |
-done |
1569 |
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" |
1570 |
- |
1571 |
-S="${WORKDIR}/${MY_P}" |
1572 |
- |
1573 |
-MULTILIB_WRAPPED_HEADERS=( |
1574 |
- usr/include/openssl/opensslconf.h |
1575 |
-) |
1576 |
- |
1577 |
-src_prepare() { |
1578 |
- if use bindist; then |
1579 |
- # This just removes the prefix, and puts it into WORKDIR like the RPM. |
1580 |
- for i in "${FEDORA_SOURCE[@]}" ; do |
1581 |
- cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die |
1582 |
- done |
1583 |
- # .spec %prep |
1584 |
- bash "${WORKDIR}"/"${SOURCE1}" || die |
1585 |
- cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die |
1586 |
- cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1 |
1587 |
- for i in "${FEDORA_PATCH[@]}" ; do |
1588 |
- epatch "${DISTDIR}"/"${i}" |
1589 |
- done |
1590 |
- # Also see the configure parts below: |
1591 |
- # enable-ec \ |
1592 |
- # $(use_ssl !bindist ec2m) \ |
1593 |
- # $(use_ssl !bindist srp) \ |
1594 |
- |
1595 |
- fi |
1596 |
- # keep this in sync with app-misc/c_rehash |
1597 |
- SSL_CNF_DIR="/etc/ssl" |
1598 |
- |
1599 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
1600 |
- # that gets blown away anyways by the Configure script in src_configure |
1601 |
- rm -f Makefile |
1602 |
- |
1603 |
- if ! use vanilla ; then |
1604 |
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
1605 |
- epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch |
1606 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
1607 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
1608 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
1609 |
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
1610 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
1611 |
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
1612 |
- |
1613 |
- epatch_user #332661 |
1614 |
- fi |
1615 |
- |
1616 |
- # disable fips in the build |
1617 |
- # make sure the man pages are suffixed #302165 |
1618 |
- # don't bother building man pages if they're disabled |
1619 |
- sed -i \ |
1620 |
- -e '/DIRS/s: fips : :g' \ |
1621 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
1622 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
1623 |
- -e $(has noman FEATURES \ |
1624 |
- && echo '/^install:/s:install_docs::' \ |
1625 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
1626 |
- Makefile.org \ |
1627 |
- || die |
1628 |
- # show the actual commands in the log |
1629 |
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
1630 |
- |
1631 |
- # since we're forcing $(CC) as makedep anyway, just fix |
1632 |
- # the conditional as always-on |
1633 |
- # helps clang (#417795), and versioned gcc (#499818) |
1634 |
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
1635 |
- |
1636 |
- # quiet out unknown driver argument warnings since openssl |
1637 |
- # doesn't have well-split CFLAGS and we're making it even worse |
1638 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
1639 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
1640 |
- |
1641 |
- # allow openssl to be cross-compiled |
1642 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
1643 |
- chmod a+rx gentoo.config |
1644 |
- |
1645 |
- append-flags -fno-strict-aliasing |
1646 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
1647 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
1648 |
- |
1649 |
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
1650 |
- # The config script does stupid stuff to prompt the user. Kill it. |
1651 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
1652 |
- ./config --test-sanity || die "I AM NOT SANE" |
1653 |
- |
1654 |
- multilib_copy_sources |
1655 |
-} |
1656 |
- |
1657 |
-multilib_src_configure() { |
1658 |
- unset APPS #197996 |
1659 |
- unset SCRIPTS #312551 |
1660 |
- unset CROSS_COMPILE #311473 |
1661 |
- |
1662 |
- tc-export CC AR RANLIB RC |
1663 |
- |
1664 |
- # Clean out patent-or-otherwise-encumbered code |
1665 |
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
1666 |
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
1667 |
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
1668 |
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
1669 |
- # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
1670 |
- |
1671 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
1672 |
- echoit() { echo "$@" ; "$@" ; } |
1673 |
- |
1674 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
1675 |
- |
1676 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
1677 |
- # friendly and can use the nicely optimized code paths. #460790 |
1678 |
- local ec_nistp_64_gcc_128 |
1679 |
- # Disable it for now though #469976 |
1680 |
- #if ! use bindist ; then |
1681 |
- # echo "__uint128_t i;" > "${T}"/128.c |
1682 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
1683 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
1684 |
- # fi |
1685 |
- #fi |
1686 |
- |
1687 |
- # https://github.com/openssl/openssl/issues/2286 |
1688 |
- if use ia64 ; then |
1689 |
- replace-flags -g3 -g2 |
1690 |
- replace-flags -ggdb3 -ggdb2 |
1691 |
- fi |
1692 |
- |
1693 |
- local sslout=$(./gentoo.config) |
1694 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
1695 |
- local config="Configure" |
1696 |
- [[ -z ${sslout} ]] && config="config" |
1697 |
- |
1698 |
- # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' |
1699 |
- echoit \ |
1700 |
- ./${config} \ |
1701 |
- ${sslout} \ |
1702 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
1703 |
- enable-camellia \ |
1704 |
- enable-ec \ |
1705 |
- $(use_ssl !bindist ec2m) \ |
1706 |
- $(use_ssl !bindist srp) \ |
1707 |
- ${ec_nistp_64_gcc_128} \ |
1708 |
- enable-idea \ |
1709 |
- enable-mdc2 \ |
1710 |
- enable-rc5 \ |
1711 |
- enable-tlsext \ |
1712 |
- $(use_ssl asm) \ |
1713 |
- $(use_ssl gmp gmp -lgmp) \ |
1714 |
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
1715 |
- $(use_ssl rfc3779) \ |
1716 |
- $(use_ssl sctp) \ |
1717 |
- $(use_ssl sslv2 ssl2) \ |
1718 |
- $(use_ssl sslv3 ssl3) \ |
1719 |
- $(use_ssl tls-heartbeat heartbeats) \ |
1720 |
- $(use_ssl zlib) \ |
1721 |
- --prefix="${EPREFIX}"/usr \ |
1722 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
1723 |
- --libdir=$(get_libdir) \ |
1724 |
- shared threads \ |
1725 |
- || die |
1726 |
- |
1727 |
- # Clean out hardcoded flags that openssl uses |
1728 |
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
1729 |
- -e 's:^CFLAG=::' \ |
1730 |
- -e 's:-fomit-frame-pointer ::g' \ |
1731 |
- -e 's:-O[0-9] ::g' \ |
1732 |
- -e 's:-march=[-a-z0-9]* ::g' \ |
1733 |
- -e 's:-mcpu=[-a-z0-9]* ::g' \ |
1734 |
- -e 's:-m[a-z0-9]* ::g' \ |
1735 |
- ) |
1736 |
- sed -i \ |
1737 |
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
1738 |
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
1739 |
- Makefile || die |
1740 |
-} |
1741 |
- |
1742 |
-multilib_src_compile() { |
1743 |
- # depend is needed to use $confopts; it also doesn't matter |
1744 |
- # that it's -j1 as the code itself serializes subdirs |
1745 |
- emake -j1 depend |
1746 |
- emake all |
1747 |
- # rehash is needed to prep the certs/ dir; do this |
1748 |
- # separately to avoid parallel build issues. |
1749 |
- emake rehash |
1750 |
-} |
1751 |
- |
1752 |
-multilib_src_test() { |
1753 |
- emake -j1 test |
1754 |
-} |
1755 |
- |
1756 |
-multilib_src_install() { |
1757 |
- emake INSTALL_PREFIX="${D}" install |
1758 |
-} |
1759 |
- |
1760 |
-multilib_src_install_all() { |
1761 |
- # openssl installs perl version of c_rehash by default, but |
1762 |
- # we provide a shell version via app-misc/c_rehash |
1763 |
- rm "${ED}"/usr/bin/c_rehash || die |
1764 |
- |
1765 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
1766 |
- dohtml -r doc/* |
1767 |
- use rfc3779 && dodoc engines/ccgost/README.gost |
1768 |
- |
1769 |
- # This is crappy in that the static archives are still built even |
1770 |
- # when USE=static-libs. But this is due to a failing in the openssl |
1771 |
- # build system: the static archives are built as PIC all the time. |
1772 |
- # Only way around this would be to manually configure+compile openssl |
1773 |
- # twice; once with shared lib support enabled and once without. |
1774 |
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
1775 |
- |
1776 |
- # create the certs directory |
1777 |
- dodir ${SSL_CNF_DIR}/certs |
1778 |
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
1779 |
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
1780 |
- |
1781 |
- # Namespace openssl programs to prevent conflicts with other man pages |
1782 |
- cd "${ED}"/usr/share/man |
1783 |
- local m d s |
1784 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
1785 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
1786 |
- [[ ${m} == openssl.1* ]] && continue |
1787 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
1788 |
- mv ${d}/{,ssl-}${m} |
1789 |
- # fix up references to renamed man pages |
1790 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
1791 |
- ln -s ssl-${m} ${d}/openssl-${m} |
1792 |
- # locate any symlinks that point to this man page ... we assume |
1793 |
- # that any broken links are due to the above renaming |
1794 |
- for s in $(find -L ${d} -type l) ; do |
1795 |
- s=${s##*/} |
1796 |
- rm -f ${d}/${s} |
1797 |
- ln -s ssl-${m} ${d}/ssl-${s} |
1798 |
- ln -s ssl-${s} ${d}/openssl-${s} |
1799 |
- done |
1800 |
- done |
1801 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
1802 |
- |
1803 |
- dodir /etc/sandbox.d #254521 |
1804 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
1805 |
- |
1806 |
- diropts -m0700 |
1807 |
- keepdir ${SSL_CNF_DIR}/private |
1808 |
-} |
1809 |
- |
1810 |
-pkg_postinst() { |
1811 |
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
1812 |
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
1813 |
- eend $? |
1814 |
-} |
1815 |
|
1816 |
diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2l.ebuild |
1817 |
deleted file mode 100644 |
1818 |
index 32431370450..00000000000 |
1819 |
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild |
1820 |
+++ /dev/null |
1821 |
@@ -1,254 +0,0 @@ |
1822 |
-# Copyright 1999-2017 Gentoo Foundation |
1823 |
-# Distributed under the terms of the GNU General Public License v2 |
1824 |
- |
1825 |
-EAPI="5" |
1826 |
- |
1827 |
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
1828 |
- |
1829 |
-MY_P=${P/_/-} |
1830 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
1831 |
-HOMEPAGE="http://www.openssl.org/" |
1832 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
1833 |
- |
1834 |
-LICENSE="openssl" |
1835 |
-SLOT="0" |
1836 |
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
1837 |
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
1838 |
-RESTRICT="!bindist? ( bindist )" |
1839 |
- |
1840 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
1841 |
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1842 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
1843 |
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" |
1844 |
-DEPEND="${RDEPEND} |
1845 |
- >=dev-lang/perl-5 |
1846 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
1847 |
- test? ( |
1848 |
- sys-apps/diffutils |
1849 |
- sys-devel/bc |
1850 |
- )" |
1851 |
-PDEPEND="app-misc/ca-certificates" |
1852 |
- |
1853 |
-S="${WORKDIR}/${MY_P}" |
1854 |
- |
1855 |
-MULTILIB_WRAPPED_HEADERS=( |
1856 |
- usr/include/openssl/opensslconf.h |
1857 |
-) |
1858 |
- |
1859 |
-src_prepare() { |
1860 |
- # keep this in sync with app-misc/c_rehash |
1861 |
- SSL_CNF_DIR="/etc/ssl" |
1862 |
- |
1863 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
1864 |
- # that gets blown away anyways by the Configure script in src_configure |
1865 |
- rm -f Makefile |
1866 |
- |
1867 |
- if ! use vanilla ; then |
1868 |
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
1869 |
- epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch |
1870 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
1871 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
1872 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
1873 |
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
1874 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
1875 |
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
1876 |
- |
1877 |
- epatch_user #332661 |
1878 |
- fi |
1879 |
- |
1880 |
- # disable fips in the build |
1881 |
- # make sure the man pages are suffixed #302165 |
1882 |
- # don't bother building man pages if they're disabled |
1883 |
- sed -i \ |
1884 |
- -e '/DIRS/s: fips : :g' \ |
1885 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
1886 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
1887 |
- -e $(has noman FEATURES \ |
1888 |
- && echo '/^install:/s:install_docs::' \ |
1889 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
1890 |
- Makefile.org \ |
1891 |
- || die |
1892 |
- # show the actual commands in the log |
1893 |
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
1894 |
- |
1895 |
- # since we're forcing $(CC) as makedep anyway, just fix |
1896 |
- # the conditional as always-on |
1897 |
- # helps clang (#417795), and versioned gcc (#499818) |
1898 |
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
1899 |
- |
1900 |
- # quiet out unknown driver argument warnings since openssl |
1901 |
- # doesn't have well-split CFLAGS and we're making it even worse |
1902 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
1903 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
1904 |
- |
1905 |
- # allow openssl to be cross-compiled |
1906 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
1907 |
- chmod a+rx gentoo.config |
1908 |
- |
1909 |
- append-flags -fno-strict-aliasing |
1910 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
1911 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
1912 |
- |
1913 |
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
1914 |
- # The config script does stupid stuff to prompt the user. Kill it. |
1915 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
1916 |
- ./config --test-sanity || die "I AM NOT SANE" |
1917 |
- |
1918 |
- multilib_copy_sources |
1919 |
-} |
1920 |
- |
1921 |
-multilib_src_configure() { |
1922 |
- unset APPS #197996 |
1923 |
- unset SCRIPTS #312551 |
1924 |
- unset CROSS_COMPILE #311473 |
1925 |
- |
1926 |
- tc-export CC AR RANLIB RC |
1927 |
- |
1928 |
- # Clean out patent-or-otherwise-encumbered code |
1929 |
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
1930 |
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
1931 |
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
1932 |
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
1933 |
- # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
1934 |
- |
1935 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
1936 |
- echoit() { echo "$@" ; "$@" ; } |
1937 |
- |
1938 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
1939 |
- |
1940 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
1941 |
- # friendly and can use the nicely optimized code paths. #460790 |
1942 |
- local ec_nistp_64_gcc_128 |
1943 |
- # Disable it for now though #469976 |
1944 |
- #if ! use bindist ; then |
1945 |
- # echo "__uint128_t i;" > "${T}"/128.c |
1946 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
1947 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
1948 |
- # fi |
1949 |
- #fi |
1950 |
- |
1951 |
- # https://github.com/openssl/openssl/issues/2286 |
1952 |
- if use ia64 ; then |
1953 |
- replace-flags -g3 -g2 |
1954 |
- replace-flags -ggdb3 -ggdb2 |
1955 |
- fi |
1956 |
- |
1957 |
- local sslout=$(./gentoo.config) |
1958 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
1959 |
- local config="Configure" |
1960 |
- [[ -z ${sslout} ]] && config="config" |
1961 |
- |
1962 |
- echoit \ |
1963 |
- ./${config} \ |
1964 |
- ${sslout} \ |
1965 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
1966 |
- enable-camellia \ |
1967 |
- $(use_ssl !bindist ec) \ |
1968 |
- ${ec_nistp_64_gcc_128} \ |
1969 |
- enable-idea \ |
1970 |
- enable-mdc2 \ |
1971 |
- enable-rc5 \ |
1972 |
- enable-tlsext \ |
1973 |
- $(use_ssl asm) \ |
1974 |
- $(use_ssl gmp gmp -lgmp) \ |
1975 |
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
1976 |
- $(use_ssl rfc3779) \ |
1977 |
- $(use_ssl sctp) \ |
1978 |
- $(use_ssl sslv2 ssl2) \ |
1979 |
- $(use_ssl sslv3 ssl3) \ |
1980 |
- $(use_ssl tls-heartbeat heartbeats) \ |
1981 |
- $(use_ssl zlib) \ |
1982 |
- --prefix="${EPREFIX}"/usr \ |
1983 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
1984 |
- --libdir=$(get_libdir) \ |
1985 |
- shared threads \ |
1986 |
- || die |
1987 |
- |
1988 |
- # Clean out hardcoded flags that openssl uses |
1989 |
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
1990 |
- -e 's:^CFLAG=::' \ |
1991 |
- -e 's:-fomit-frame-pointer ::g' \ |
1992 |
- -e 's:-O[0-9] ::g' \ |
1993 |
- -e 's:-march=[-a-z0-9]* ::g' \ |
1994 |
- -e 's:-mcpu=[-a-z0-9]* ::g' \ |
1995 |
- -e 's:-m[a-z0-9]* ::g' \ |
1996 |
- ) |
1997 |
- sed -i \ |
1998 |
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
1999 |
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
2000 |
- Makefile || die |
2001 |
-} |
2002 |
- |
2003 |
-multilib_src_compile() { |
2004 |
- # depend is needed to use $confopts; it also doesn't matter |
2005 |
- # that it's -j1 as the code itself serializes subdirs |
2006 |
- emake -j1 depend |
2007 |
- emake all |
2008 |
- # rehash is needed to prep the certs/ dir; do this |
2009 |
- # separately to avoid parallel build issues. |
2010 |
- emake rehash |
2011 |
-} |
2012 |
- |
2013 |
-multilib_src_test() { |
2014 |
- emake -j1 test |
2015 |
-} |
2016 |
- |
2017 |
-multilib_src_install() { |
2018 |
- emake INSTALL_PREFIX="${D}" install |
2019 |
-} |
2020 |
- |
2021 |
-multilib_src_install_all() { |
2022 |
- # openssl installs perl version of c_rehash by default, but |
2023 |
- # we provide a shell version via app-misc/c_rehash |
2024 |
- rm "${ED}"/usr/bin/c_rehash || die |
2025 |
- |
2026 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
2027 |
- dohtml -r doc/* |
2028 |
- use rfc3779 && dodoc engines/ccgost/README.gost |
2029 |
- |
2030 |
- # This is crappy in that the static archives are still built even |
2031 |
- # when USE=static-libs. But this is due to a failing in the openssl |
2032 |
- # build system: the static archives are built as PIC all the time. |
2033 |
- # Only way around this would be to manually configure+compile openssl |
2034 |
- # twice; once with shared lib support enabled and once without. |
2035 |
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
2036 |
- |
2037 |
- # create the certs directory |
2038 |
- dodir ${SSL_CNF_DIR}/certs |
2039 |
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
2040 |
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
2041 |
- |
2042 |
- # Namespace openssl programs to prevent conflicts with other man pages |
2043 |
- cd "${ED}"/usr/share/man |
2044 |
- local m d s |
2045 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
2046 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
2047 |
- [[ ${m} == openssl.1* ]] && continue |
2048 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
2049 |
- mv ${d}/{,ssl-}${m} |
2050 |
- # fix up references to renamed man pages |
2051 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
2052 |
- ln -s ssl-${m} ${d}/openssl-${m} |
2053 |
- # locate any symlinks that point to this man page ... we assume |
2054 |
- # that any broken links are due to the above renaming |
2055 |
- for s in $(find -L ${d} -type l) ; do |
2056 |
- s=${s##*/} |
2057 |
- rm -f ${d}/${s} |
2058 |
- ln -s ssl-${m} ${d}/ssl-${s} |
2059 |
- ln -s ssl-${s} ${d}/openssl-${s} |
2060 |
- done |
2061 |
- done |
2062 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
2063 |
- |
2064 |
- dodir /etc/sandbox.d #254521 |
2065 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
2066 |
- |
2067 |
- diropts -m0700 |
2068 |
- keepdir ${SSL_CNF_DIR}/private |
2069 |
-} |
2070 |
- |
2071 |
-pkg_postinst() { |
2072 |
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
2073 |
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
2074 |
- eend $? |
2075 |
-} |
2076 |
|
2077 |
diff --git a/dev-libs/openssl/openssl-1.0.2m.ebuild b/dev-libs/openssl/openssl-1.0.2m.ebuild |
2078 |
deleted file mode 100644 |
2079 |
index c356e4ff2bd..00000000000 |
2080 |
--- a/dev-libs/openssl/openssl-1.0.2m.ebuild |
2081 |
+++ /dev/null |
2082 |
@@ -1,254 +0,0 @@ |
2083 |
-# Copyright 1999-2017 Gentoo Foundation |
2084 |
-# Distributed under the terms of the GNU General Public License v2 |
2085 |
- |
2086 |
-EAPI="5" |
2087 |
- |
2088 |
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
2089 |
- |
2090 |
-MY_P=${P/_/-} |
2091 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
2092 |
-HOMEPAGE="https://www.openssl.org/" |
2093 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
2094 |
- |
2095 |
-LICENSE="openssl" |
2096 |
-SLOT="0" |
2097 |
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" |
2098 |
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" |
2099 |
-RESTRICT="!bindist? ( bindist )" |
2100 |
- |
2101 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
2102 |
- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
2103 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
2104 |
- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" |
2105 |
-DEPEND="${RDEPEND} |
2106 |
- >=dev-lang/perl-5 |
2107 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
2108 |
- test? ( |
2109 |
- sys-apps/diffutils |
2110 |
- sys-devel/bc |
2111 |
- )" |
2112 |
-PDEPEND="app-misc/ca-certificates" |
2113 |
- |
2114 |
-S="${WORKDIR}/${MY_P}" |
2115 |
- |
2116 |
-MULTILIB_WRAPPED_HEADERS=( |
2117 |
- usr/include/openssl/opensslconf.h |
2118 |
-) |
2119 |
- |
2120 |
-src_prepare() { |
2121 |
- # keep this in sync with app-misc/c_rehash |
2122 |
- SSL_CNF_DIR="/etc/ssl" |
2123 |
- |
2124 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
2125 |
- # that gets blown away anyways by the Configure script in src_configure |
2126 |
- rm -f Makefile |
2127 |
- |
2128 |
- if ! use vanilla ; then |
2129 |
- epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
2130 |
- epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch |
2131 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
2132 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
2133 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
2134 |
- epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
2135 |
- epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
2136 |
- epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
2137 |
- |
2138 |
- epatch_user #332661 |
2139 |
- fi |
2140 |
- |
2141 |
- # disable fips in the build |
2142 |
- # make sure the man pages are suffixed #302165 |
2143 |
- # don't bother building man pages if they're disabled |
2144 |
- sed -i \ |
2145 |
- -e '/DIRS/s: fips : :g' \ |
2146 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
2147 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
2148 |
- -e $(has noman FEATURES \ |
2149 |
- && echo '/^install:/s:install_docs::' \ |
2150 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
2151 |
- Makefile.org \ |
2152 |
- || die |
2153 |
- # show the actual commands in the log |
2154 |
- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
2155 |
- |
2156 |
- # since we're forcing $(CC) as makedep anyway, just fix |
2157 |
- # the conditional as always-on |
2158 |
- # helps clang (#417795), and versioned gcc (#499818) |
2159 |
- sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
2160 |
- |
2161 |
- # quiet out unknown driver argument warnings since openssl |
2162 |
- # doesn't have well-split CFLAGS and we're making it even worse |
2163 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
2164 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
2165 |
- |
2166 |
- # allow openssl to be cross-compiled |
2167 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
2168 |
- chmod a+rx gentoo.config |
2169 |
- |
2170 |
- append-flags -fno-strict-aliasing |
2171 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
2172 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
2173 |
- |
2174 |
- sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 |
2175 |
- # The config script does stupid stuff to prompt the user. Kill it. |
2176 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
2177 |
- ./config --test-sanity || die "I AM NOT SANE" |
2178 |
- |
2179 |
- multilib_copy_sources |
2180 |
-} |
2181 |
- |
2182 |
-multilib_src_configure() { |
2183 |
- unset APPS #197996 |
2184 |
- unset SCRIPTS #312551 |
2185 |
- unset CROSS_COMPILE #311473 |
2186 |
- |
2187 |
- tc-export CC AR RANLIB RC |
2188 |
- |
2189 |
- # Clean out patent-or-otherwise-encumbered code |
2190 |
- # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
2191 |
- # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
2192 |
- # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
2193 |
- # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
2194 |
- # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
2195 |
- |
2196 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
2197 |
- echoit() { echo "$@" ; "$@" ; } |
2198 |
- |
2199 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
2200 |
- |
2201 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
2202 |
- # friendly and can use the nicely optimized code paths. #460790 |
2203 |
- local ec_nistp_64_gcc_128 |
2204 |
- # Disable it for now though #469976 |
2205 |
- #if ! use bindist ; then |
2206 |
- # echo "__uint128_t i;" > "${T}"/128.c |
2207 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
2208 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
2209 |
- # fi |
2210 |
- #fi |
2211 |
- |
2212 |
- # https://github.com/openssl/openssl/issues/2286 |
2213 |
- if use ia64 ; then |
2214 |
- replace-flags -g3 -g2 |
2215 |
- replace-flags -ggdb3 -ggdb2 |
2216 |
- fi |
2217 |
- |
2218 |
- local sslout=$(./gentoo.config) |
2219 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
2220 |
- local config="Configure" |
2221 |
- [[ -z ${sslout} ]] && config="config" |
2222 |
- |
2223 |
- echoit \ |
2224 |
- ./${config} \ |
2225 |
- ${sslout} \ |
2226 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
2227 |
- enable-camellia \ |
2228 |
- $(use_ssl !bindist ec) \ |
2229 |
- ${ec_nistp_64_gcc_128} \ |
2230 |
- enable-idea \ |
2231 |
- enable-mdc2 \ |
2232 |
- enable-rc5 \ |
2233 |
- enable-tlsext \ |
2234 |
- $(use_ssl asm) \ |
2235 |
- $(use_ssl gmp gmp -lgmp) \ |
2236 |
- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
2237 |
- $(use_ssl rfc3779) \ |
2238 |
- $(use_ssl sctp) \ |
2239 |
- $(use_ssl sslv2 ssl2) \ |
2240 |
- $(use_ssl sslv3 ssl3) \ |
2241 |
- $(use_ssl tls-heartbeat heartbeats) \ |
2242 |
- $(use_ssl zlib) \ |
2243 |
- --prefix="${EPREFIX}"/usr \ |
2244 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
2245 |
- --libdir=$(get_libdir) \ |
2246 |
- shared threads \ |
2247 |
- || die |
2248 |
- |
2249 |
- # Clean out hardcoded flags that openssl uses |
2250 |
- local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
2251 |
- -e 's:^CFLAG=::' \ |
2252 |
- -e 's:-fomit-frame-pointer ::g' \ |
2253 |
- -e 's:-O[0-9] ::g' \ |
2254 |
- -e 's:-march=[-a-z0-9]* ::g' \ |
2255 |
- -e 's:-mcpu=[-a-z0-9]* ::g' \ |
2256 |
- -e 's:-m[a-z0-9]* ::g' \ |
2257 |
- ) |
2258 |
- sed -i \ |
2259 |
- -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
2260 |
- -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
2261 |
- Makefile || die |
2262 |
-} |
2263 |
- |
2264 |
-multilib_src_compile() { |
2265 |
- # depend is needed to use $confopts; it also doesn't matter |
2266 |
- # that it's -j1 as the code itself serializes subdirs |
2267 |
- emake -j1 depend |
2268 |
- emake all |
2269 |
- # rehash is needed to prep the certs/ dir; do this |
2270 |
- # separately to avoid parallel build issues. |
2271 |
- emake rehash |
2272 |
-} |
2273 |
- |
2274 |
-multilib_src_test() { |
2275 |
- emake -j1 test |
2276 |
-} |
2277 |
- |
2278 |
-multilib_src_install() { |
2279 |
- emake INSTALL_PREFIX="${D}" install |
2280 |
-} |
2281 |
- |
2282 |
-multilib_src_install_all() { |
2283 |
- # openssl installs perl version of c_rehash by default, but |
2284 |
- # we provide a shell version via app-misc/c_rehash |
2285 |
- rm "${ED}"/usr/bin/c_rehash || die |
2286 |
- |
2287 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
2288 |
- dohtml -r doc/* |
2289 |
- use rfc3779 && dodoc engines/ccgost/README.gost |
2290 |
- |
2291 |
- # This is crappy in that the static archives are still built even |
2292 |
- # when USE=static-libs. But this is due to a failing in the openssl |
2293 |
- # build system: the static archives are built as PIC all the time. |
2294 |
- # Only way around this would be to manually configure+compile openssl |
2295 |
- # twice; once with shared lib support enabled and once without. |
2296 |
- use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
2297 |
- |
2298 |
- # create the certs directory |
2299 |
- dodir ${SSL_CNF_DIR}/certs |
2300 |
- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
2301 |
- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
2302 |
- |
2303 |
- # Namespace openssl programs to prevent conflicts with other man pages |
2304 |
- cd "${ED}"/usr/share/man |
2305 |
- local m d s |
2306 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
2307 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
2308 |
- [[ ${m} == openssl.1* ]] && continue |
2309 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
2310 |
- mv ${d}/{,ssl-}${m} |
2311 |
- # fix up references to renamed man pages |
2312 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
2313 |
- ln -s ssl-${m} ${d}/openssl-${m} |
2314 |
- # locate any symlinks that point to this man page ... we assume |
2315 |
- # that any broken links are due to the above renaming |
2316 |
- for s in $(find -L ${d} -type l) ; do |
2317 |
- s=${s##*/} |
2318 |
- rm -f ${d}/${s} |
2319 |
- ln -s ssl-${m} ${d}/ssl-${s} |
2320 |
- ln -s ssl-${s} ${d}/openssl-${s} |
2321 |
- done |
2322 |
- done |
2323 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
2324 |
- |
2325 |
- dodir /etc/sandbox.d #254521 |
2326 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
2327 |
- |
2328 |
- diropts -m0700 |
2329 |
- keepdir ${SSL_CNF_DIR}/private |
2330 |
-} |
2331 |
- |
2332 |
-pkg_postinst() { |
2333 |
- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
2334 |
- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
2335 |
- eend $? |
2336 |
-} |