Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Frysinger <vapier@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/, dev-libs/openssl/
Date: Wed, 02 Sep 2015 05:04:48
Message-Id: 1441170263.d93bba52f83fea4e6393988686e10fb2da64a64b.vapier@gentoo
1 commit: d93bba52f83fea4e6393988686e10fb2da64a64b
2 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
3 AuthorDate: Wed Sep 2 05:04:23 2015 +0000
4 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
5 CommitDate: Wed Sep 2 05:04:23 2015 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93bba52
7
8 dev-libs/openssl: delete old
9
10 dev-libs/openssl/Manifest | 8 -
11 dev-libs/openssl/files/gentoo.config-1.0.0 | 159 -----
12 .../files/openssl-0.9.8ze-CVE-2015-0286.patch | 326 -----------
13 .../files/openssl-1.0.0e-parallel-build.patch | 315 ----------
14 dev-libs/openssl/files/openssl-1.0.0r-x32.patch | 76 ---
15 .../files/openssl-1.0.1-parallel-build.patch | 354 ------------
16 dev-libs/openssl/files/openssl-1.0.1-x32.patch | 79 ---
17 .../files/openssl-1.0.1e-s_client-verify.patch | 18 -
18 dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch | 642 ---------------------
19 .../files/openssl-1.0.1l-CVE-2015-0286.patch | 356 ------------
20 .../files/openssl-1.0.1m-parallel-build.patch | 364 ------------
21 .../files/openssl-1.0.1m-s_client-verify.patch | 21 -
22 .../files/openssl-1.0.2-CVE-2015-0209.patch | 49 --
23 .../files/openssl-1.0.2-CVE-2015-0288.patch | 31 -
24 .../files/openssl-1.0.2-CVE-2015-0291.patch | 459 ---------------
25 .../files/openssl-1.0.2-parallel-build.patch | 354 ------------
26 dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild | 161 ------
27 dev-libs/openssl/openssl-0.9.8z_p6.ebuild | 160 -----
28 dev-libs/openssl/openssl-1.0.0r.ebuild | 214 -------
29 dev-libs/openssl/openssl-1.0.1l-r1.ebuild | 260 ---------
30 dev-libs/openssl/openssl-1.0.1m.ebuild | 259 ---------
31 dev-libs/openssl/openssl-1.0.1n.ebuild | 258 ---------
32 dev-libs/openssl/openssl-1.0.1o.ebuild | 258 ---------
33 dev-libs/openssl/openssl-1.0.2-r3.ebuild | 263 ---------
34 24 files changed, 5444 deletions(-)
35
36 diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
37 index 458ddc5..d78f82a 100644
38 --- a/dev-libs/openssl/Manifest
39 +++ b/dev-libs/openssl/Manifest
40 @@ -1,13 +1,5 @@
41 -DIST openssl-0.9.8ze.tar.gz 3734873 SHA256 ee3da602826e975b47e4d7af8a27be8258c160876194898c58881eab814b55b8 SHA512 6ab08065ab2cdf6699e462e2a082e6d4c21f027383e12d4dd1d0dce2a4073ae52230494215b3fe24b8a8d73f5f5dd3a1fe53c66acd8db6e162e4bf3636e229c3 WHIRLPOOL 8a5de0aed7b48007b3b8092726c9c8eb6771c49d388baaff4d7ba3591be0b1856cb17842db5bc608994b38f5d87a8b07a441c874523e577b786a4612bba7789f
42 -DIST openssl-0.9.8zf.tar.gz 3822386 SHA256 d5245a29128984192acc5b1fc01e37429b7a01c53cadcb2645e546718b300edb SHA512 8a68f024c31b7de25e19732ad556a27d69cface8e7a546ca4221873053a270e5e36336626f7fe857bbbec5427204bddbb5fc9dea8d7a187a8db6719d970431ab WHIRLPOOL 842e5bc71a12bf363fe797e95faf988ae949aa15f8faee935ee8861e4093e9d4e0b766b24dda8d415f29d2ee2821050cfc3ce095d265d59574e7fe0af4024c66
43 DIST openssl-0.9.8zg.tar.gz 3826891 SHA256 06500060639930e471050474f537fcd28ec934af92ee282d78b52460fbe8f580 SHA512 c757454de321d168ac6d89fe2859966a9f07a8b28305bf697af9018db13fc457e0883346b3d35977461ab058442375563554ecb2a8756a687ff9fc2fdd9103c9 WHIRLPOOL 55ecf50a264a2ddd9b5755b5d90b9b736d2f27e0ba2fd529ccff3b68bbd726d1f60460182a0d215ae6712dbc4d3ef2df11339fb2d8424e049f54c3e904fcfab0
44 -DIST openssl-1.0.0r.tar.gz 4095201 SHA256 6538b33a1b95681c86ac8c5cc54d22835f0f0a5bf42ee6df4138c672d7e75f17 SHA512 a65292a7b43f7d0637952476356a95908b5843ca17f717158dd4d2171113192f04c92f4f9133bb4750172f06367dae64733aa239b90c52d4d9323f467012428f WHIRLPOOL 71c7d726a3a5d70735d4b34c3e00c15fa2ef8640801f8a265e4e92cf01db4a517630084dd7632850f3df6f4dbd848a3a7ec908a71db996a45c29f1ac53ac7877
45 -DIST openssl-1.0.1l.tar.gz 4429979 SHA256 b2cf4d48fe5d49f240c61c9e624193a6f232b5ed0baf010681e725963c40d1d4 SHA512 27fe42f33815a3aafff75f2b9a5604c328fe5945c5cecaca74e5d2c2a1e066d64ddcc1fdb14b54fc7523cc730ab8a57d7d56b2879c289e86673f91fee0cca65e WHIRLPOOL 79f5698585c68ba647fcdfc4b342a43d06d69230658ca1bc265dd10d8da939c3e27b9a4125bd2adfbf50002b1dddef18be086dfc23a5050e69fb77350131909f
46 -DIST openssl-1.0.1m.tar.gz 4533406 SHA256 095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 SHA512 f37b60cb4449674d5c06a4056acc3d11f1c9773da6111148fa3fbf8d14362ba1ff5eb5e0c0e06c2b5c84543b2b974584617e393ca83de2230cbbe69b52975afc WHIRLPOOL c33cc05debc31d5044be4de58267e1a07281f28f9d68f4288d3da1c3cdfcff6939a47abe1f50b377272d0dbd9475ae5fec84919b0c53d37e0bd3d94c44f68c91
47 -DIST openssl-1.0.1n.tar.gz 4545564 SHA256 3581a405ccbe0fd1f6f17ea41773f77cdd51db55c01e1b4d8549e519882c6caf SHA512 439e37879e379b77ae0e912222771ac54c0dcc4ad187b8e2eb6771df6cf71d56c4369931f4e16b8922b9d4a22e8f0aa9802c6828b8406fba7481426eade628aa WHIRLPOOL 8c08fc98863c444db3c1fee6970d1866123b7a525f4fe303016c0cf040351f7cb71f49a00ac1f1948ae9b7edaf9a4e5664814415447c8a88d4c49fe9014411d5
48 -DIST openssl-1.0.1o.tar.gz 4546659 SHA256 16e678c6a05f2502811e075f2c4059ac01c878d091c9c585afc49ebc541f7b13 SHA512 dc05fc6f47239330ad0c36f27049f02752bb168b7b1234b12760e42a920d41dd47d1e652dfee897b4c99729308fbb59cab80b93c8614acf498215a8b80607fbf WHIRLPOOL af7505625730ea6e59517289fcc6044b24e0826b2538463f36e876ae96ca7d591627ca09386e6a69e8234df88fec11fb9e2a098c2f6996592a0f74cecbf4af30
49 DIST openssl-1.0.1p.tar.gz 4560208 SHA256 bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1 SHA512 64e475c53a85b78de7c5aa71a22d4bb3a456142842373ebf8f22e9857cb0352b646e591b21af866933baecdbdb5ac4a22aeb64914440c53a0f30cd25914029e5 WHIRLPOOL 2a81f3b9274e3fef37a2a88e3084d8283159b3a61db08e7805879905c87a74faa85bc6e570d18525741bd5c27c34fe09eeb58b2bfe500545d0f304716e14f819
50 -DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25
51 DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7
52 DIST openssl-1.0.2b.tar.gz 5281009 SHA256 d5d488cc9f0a07974195a7427094ea3cab9800a4e90178b989aa621fbc238e3f SHA512 563eb662113668bb9ccf17a6e36697ad6392321ac1a32aa2cada9d8f4047651c2fa4da61f508ee3e1834fea343dbba189e09c1d6cabe5d1de5e3e6d022c31f4f WHIRLPOOL d828dc76842d25f02f211031b3ab9a2a8fd44975e9aaf87d0fd5fca9935a27b61c3e4f896a2186194f1a7b4d668fc48cafc5be9f7c670017ba342ce40113935f
53 DIST openssl-1.0.2c.tar.gz 5280670 SHA256 0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83 SHA512 2a68e8b017d0d3e34e4f9d33b77abd960b3d04e418f106e852684a2ff247dc8ea390b7d6a42d130fd84d821a15e84e77b68b3677433433ef5c10d156333b9dae WHIRLPOOL c59878c3bd5e8904913b97d71a15ef1eaafcfb4eb58c691ba4fb38bf81752308d0ef4a902e53aec4c6e7585677f2404d29cdea0832d14206fabf28d744af2622
54
55 diff --git a/dev-libs/openssl/files/gentoo.config-1.0.0 b/dev-libs/openssl/files/gentoo.config-1.0.0
56 deleted file mode 100644
57 index 475bda3..0000000
58 --- a/dev-libs/openssl/files/gentoo.config-1.0.0
59 +++ /dev/null
60 @@ -1,159 +0,0 @@
61 -#!/usr/bin/env bash
62 -# Copyright 1999-2011 Gentoo Foundation
63 -# Distributed under the terms of the GNU General Public License v2
64 -# $Id$
65 -#
66 -# Openssl doesn't play along nicely with cross-compiling
67 -# like autotools based projects, so let's teach it new tricks.
68 -#
69 -# Review the bundled 'config' script to see why kind of targets
70 -# we can pass to the 'Configure' script.
71 -
72 -
73 -# Testing routines
74 -if [[ $1 == "test" ]] ; then
75 - for c in \
76 - "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
77 - "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \
78 - "x86_64-pc-linux-gnu |linux-x86_64" \
79 - "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
80 - "i686-pc-linux-gnu |linux-elf" \
81 - "whatever-gentoo-freebsdX.Y |BSD-generic32" \
82 - "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
83 - "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
84 - "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
85 - "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
86 - "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
87 - "powerpc-gentOO-linux-uclibc |linux-ppc" \
88 - "powerpc64-unk-linux-gnu |linux-ppc64" \
89 - "x86_64-apple-darwinX |darwin64-x86_64-cc" \
90 - "powerpc64-apple-darwinX |darwin64-ppc-cc" \
91 - "i686-apple-darwinX |darwin-i386-cc" \
92 - "i386-apple-darwinX |darwin-i386-cc" \
93 - "powerpc-apple-darwinX |darwin-ppc-cc" \
94 - "i586-pc-winnt |winnt-parity" \
95 - "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
96 - "s390x-linux-gnu |linux-s390x" \
97 - ;do
98 - CHOST=${c/|*}
99 - ret_want=${c/*|}
100 - ret_got=$(CHOST=${CHOST} "$0")
101 -
102 - if [[ ${ret_want} == "${ret_got}" ]] ; then
103 - echo "PASS: ${CHOST}"
104 - else
105 - echo "FAIL: ${CHOST}"
106 - echo -e "\twanted: ${ret_want}"
107 - echo -e "\twe got: ${ret_got}"
108 - fi
109 - done
110 - exit 0
111 -fi
112 -[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
113 -
114 -
115 -# Detect the operating system
116 -case ${CHOST} in
117 - *-aix*) system="aix";;
118 - *-darwin*) system="darwin";;
119 - *-freebsd*) system="BSD";;
120 - *-hpux*) system="hpux";;
121 - *-linux*) system="linux";;
122 - *-solaris*) system="solaris";;
123 - *-winnt*) system="winnt";;
124 - x86_64-*-mingw*) system="mingw64";;
125 - *mingw*) system="mingw";;
126 - *) exit 0;;
127 -esac
128 -
129 -
130 -# Compiler munging
131 -compiler="gcc"
132 -if [[ ${CC} == "ccc" ]] ; then
133 - compiler=${CC}
134 -fi
135 -
136 -
137 -# Detect target arch
138 -machine=""
139 -chost_machine=${CHOST%%-*}
140 -case ${system} in
141 -linux)
142 - case ${chost_machine}:${ABI} in
143 - alphaev56*) machine=alpha+bwx-${compiler};;
144 - alphaev[678]*)machine=alpha+bwx-${compiler};;
145 - alpha*) machine=alpha-${compiler};;
146 - armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
147 - armv[4-9]*) machine="armv4 -DL_ENDIAN";;
148 - arm*b*) machine="generic32 -DB_ENDIAN";;
149 - arm*) machine="generic32 -DL_ENDIAN";;
150 - avr*) machine="generic32 -DL_ENDIAN";;
151 - bfin*) machine="generic32 -DL_ENDIAN";;
152 - # hppa64*) machine=parisc64;;
153 - hppa*) machine="generic32 -DB_ENDIAN";;
154 - i[0-9]86*|\
155 - x86_64*:x86) machine=elf;;
156 - ia64*) machine=ia64;;
157 - m68*) machine="generic32 -DB_ENDIAN";;
158 - mips*el*) machine="generic32 -DL_ENDIAN";;
159 - mips*) machine="generic32 -DB_ENDIAN";;
160 - powerpc64*) machine=ppc64;;
161 - powerpc*) machine=ppc;;
162 - # sh64*) machine=elf;;
163 - sh*b*) machine="generic32 -DB_ENDIAN";;
164 - sh*) machine="generic32 -DL_ENDIAN";;
165 - sparc*v7*) machine="generic32 -DB_ENDIAN";;
166 - sparc64*) machine=sparcv9;;
167 - sparc*) machine=sparcv8;;
168 - s390x*) machine=s390x;;
169 - s390*) machine="generic32 -DB_ENDIAN";;
170 - x86_64*:x32) machine=x32;;
171 - x86_64*) machine=x86_64;;
172 - esac
173 - ;;
174 -BSD)
175 - case ${chost_machine} in
176 - alpha*) machine=generic64;;
177 - i[6-9]86*) machine=x86-elf;;
178 - ia64*) machine=ia64;;
179 - sparc64*) machine=sparc64;;
180 - x86_64*) machine=x86_64;;
181 - *) machine=generic32;;
182 - esac
183 - ;;
184 -aix)
185 - machine=${compiler}
186 - ;;
187 -darwin)
188 - case ${chost_machine} in
189 - powerpc64) machine=ppc-cc; system=${system}64;;
190 - powerpc) machine=ppc-cc;;
191 - i?86*) machine=i386-cc;;
192 - x86_64) machine=x86_64-cc; system=${system}64;;
193 - esac
194 - ;;
195 -hpux)
196 - case ${chost_machine} in
197 - ia64) machine=ia64-${compiler} ;;
198 - esac
199 - ;;
200 -solaris)
201 - case ${chost_machine} in
202 - i386) machine=x86-${compiler} ;;
203 - x86_64*) machine=x86_64-${compiler}; system=${system}64;;
204 - sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
205 - sparc*) machine=sparcv8-${compiler};;
206 - esac
207 - ;;
208 -winnt)
209 - machine=parity
210 - ;;
211 -mingw*)
212 - # special case ... no xxx-yyy style name
213 - echo ${system}
214 - ;;
215 -esac
216 -
217 -
218 -# If we have something, show it
219 -[[ -n ${machine} ]] && echo ${system}-${machine}
220
221 diff --git a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
222 deleted file mode 100644
223 index facb77d..0000000
224 --- a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
225 +++ /dev/null
226 @@ -1,326 +0,0 @@
227 ---- openssl-0.9.8ze/crypto/asn1/a_type.c
228 -+++ openssl-0.9.8ze/crypto/asn1/a_type.c
229 -@@ -121,6 +121,9 @@
230 - case V_ASN1_OBJECT:
231 - result = OBJ_cmp(a->value.object, b->value.object);
232 - break;
233 -+ case V_ASN1_BOOLEAN:
234 -+ result = a->value.boolean - b->value.boolean;
235 -+ break;
236 - case V_ASN1_NULL:
237 - result = 0; /* They do not have content. */
238 - break;
239 ---- openssl-0.9.8ze/crypto/asn1/tasn_dec.c
240 -+++ openssl-0.9.8ze/crypto/asn1/tasn_dec.c
241 -@@ -128,11 +128,17 @@
242 - {
243 - ASN1_TLC c;
244 - ASN1_VALUE *ptmpval = NULL;
245 -- if (!pval)
246 -- pval = &ptmpval;
247 - c.valid = 0;
248 -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
249 -- return *pval;
250 -+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
251 -+ ptmpval = *pval;
252 -+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
253 -+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
254 -+ if (*pval)
255 -+ ASN1_item_free(*pval, it);
256 -+ *pval = ptmpval;
257 -+ }
258 -+ return ptmpval;
259 -+ }
260 - return NULL;
261 - }
262 -
263 -@@ -309,9 +315,16 @@
264 - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
265 - goto auxerr;
266 -
267 -- /* Allocate structure */
268 -- if (!*pval && !ASN1_item_ex_new(pval, it))
269 -- {
270 -+ if (*pval) {
271 -+ /* Free up and zero CHOICE value if initialised */
272 -+ i = asn1_get_choice_selector(pval, it);
273 -+ if ((i >= 0) && (i < it->tcount)) {
274 -+ tt = it->templates + i;
275 -+ pchptr = asn1_get_field_ptr(pval, tt);
276 -+ ASN1_template_free(pchptr, tt);
277 -+ asn1_set_choice_selector(pval, -1, it);
278 -+ }
279 -+ } else if (!ASN1_item_ex_new(pval, it)) {
280 - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
281 - ERR_R_NESTED_ASN1_ERROR);
282 - goto err;
283 -@@ -405,6 +418,17 @@
284 - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
285 - goto auxerr;
286 -
287 -+ /* Free up and zero any ADB found */
288 -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
289 -+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
290 -+ const ASN1_TEMPLATE *seqtt;
291 -+ ASN1_VALUE **pseqval;
292 -+ seqtt = asn1_do_adb(pval, tt, 1);
293 -+ pseqval = asn1_get_field_ptr(pval, seqtt);
294 -+ ASN1_template_free(pseqval, seqtt);
295 -+ }
296 -+ }
297 -+
298 - /* Get each field entry */
299 - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
300 - {
301 ---- openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
302 -+++ openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
303 -@@ -151,6 +151,25 @@
304 - EVP_PKEY *pkey;
305 - ASN1_OCTET_STRING *os=NULL;
306 -
307 -+ if (p7 == NULL) {
308 -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
309 -+ return NULL;
310 -+ }
311 -+ /*
312 -+ * The content field in the PKCS7 ContentInfo is optional, but that really
313 -+ * only applies to inner content (precisely, detached signatures).
314 -+ *
315 -+ * When reading content, missing outer content is therefore treated as an
316 -+ * error.
317 -+ *
318 -+ * When creating content, PKCS7_content_new() must be called before
319 -+ * calling this method, so a NULL p7->d is always an error.
320 -+ */
321 -+ if (p7->d.ptr == NULL) {
322 -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
323 -+ return NULL;
324 -+ }
325 -+
326 - i=OBJ_obj2nid(p7->type);
327 - p7->state=PKCS7_S_HEADER;
328 -
329 -@@ -344,6 +363,16 @@
330 - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
331 - PKCS7_RECIP_INFO *ri=NULL;
332 -
333 -+ if (p7 == NULL) {
334 -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
335 -+ return NULL;
336 -+ }
337 -+
338 -+ if (p7->d.ptr == NULL) {
339 -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
340 -+ return NULL;
341 -+ }
342 -+
343 - i=OBJ_obj2nid(p7->type);
344 - p7->state=PKCS7_S_HEADER;
345 -
346 -@@ -637,6 +666,16 @@
347 - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
348 - ASN1_OCTET_STRING *os=NULL;
349 -
350 -+ if (p7 == NULL) {
351 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
352 -+ return 0;
353 -+ }
354 -+
355 -+ if (p7->d.ptr == NULL) {
356 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
357 -+ return 0;
358 -+ }
359 -+
360 - EVP_MD_CTX_init(&ctx_tmp);
361 - i=OBJ_obj2nid(p7->type);
362 - p7->state=PKCS7_S_HEADER;
363 -@@ -668,6 +707,7 @@
364 - /* If detached data then the content is excluded */
365 - if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
366 - M_ASN1_OCTET_STRING_free(os);
367 -+ os = NULL;
368 - p7->d.sign->contents->d.data = NULL;
369 - }
370 - break;
371 -@@ -678,6 +718,7 @@
372 - if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
373 - {
374 - M_ASN1_OCTET_STRING_free(os);
375 -+ os = NULL;
376 - p7->d.digest->contents->d.data = NULL;
377 - }
378 - break;
379 -@@ -815,6 +856,11 @@
380 -
381 - if (!PKCS7_is_detached(p7))
382 - {
383 -+ /*
384 -+ * NOTE(emilia): I think we only reach os == NULL here because detached
385 -+ */
386 -+ if (os == NULL)
387 -+ goto err;
388 - btmp=BIO_find_type(bio,BIO_TYPE_MEM);
389 - if (btmp == NULL)
390 - {
391 -@@ -849,6 +895,16 @@
392 - STACK_OF(X509) *cert;
393 - X509 *x509;
394 -
395 -+ if (p7 == NULL) {
396 -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
397 -+ return 0;
398 -+ }
399 -+
400 -+ if (p7->d.ptr == NULL) {
401 -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
402 -+ return 0;
403 -+ }
404 -+
405 - if (PKCS7_type_is_signed(p7))
406 - {
407 - cert=p7->d.sign->cert;
408 ---- openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
409 -+++ openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
410 -@@ -70,6 +70,7 @@
411 -
412 - switch (cmd)
413 - {
414 -+ /* NOTE(emilia): does not support detached digested data. */
415 - case PKCS7_OP_SET_DETACHED_SIGNATURE:
416 - if (nid == NID_pkcs7_signed)
417 - {
418 -@@ -473,6 +474,8 @@
419 -
420 - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
421 - {
422 -+ if (p7 == NULL || p7->d.ptr == NULL)
423 -+ return NULL;
424 - if (PKCS7_type_is_signed(p7))
425 - {
426 - return(p7->d.sign->signer_info);
427 ---- openssl-0.9.8ze/doc/crypto/d2i_X509.pod
428 -+++ openssl-0.9.8ze/doc/crypto/d2i_X509.pod
429 -@@ -199,6 +199,12 @@
430 - persist if they are not present in the new one. As a result the use
431 - of this "reuse" behaviour is strongly discouraged.
432 -
433 -+Current versions of OpenSSL will not modify B<*px> if an error occurs.
434 -+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
435 -+set to the value of the newly decoded structure. As a result B<*px>
436 -+B<must not> be allocated on the stack or an attempt will be made to
437 -+free an invalid pointer.
438 -+
439 - i2d_X509() will not return an error in many versions of OpenSSL,
440 - if mandatory fields are not initialized due to a programming error
441 - then the encoded structure may contain invalid data or omit the
442 -@@ -210,7 +216,9 @@
443 -
444 - d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
445 - or B<NULL> if an error occurs. The error code that can be obtained by
446 --L<ERR_get_error(3)|ERR_get_error(3)>.
447 -+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
448 -+with a valid X509 structure being passed in via B<px> then the object is not
449 -+modified in the event of error.
450 -
451 - i2d_X509() returns the number of bytes successfully encoded or a negative
452 - value if an error occurs. The error code can be obtained by
453 ---- openssl-0.9.8ze/ssl/s2_lib.c
454 -+++ openssl-0.9.8ze/ssl/s2_lib.c
455 -@@ -410,7 +410,7 @@
456 -
457 - OPENSSL_assert(s->session->master_key_length >= 0
458 - && s->session->master_key_length
459 -- < (int)sizeof(s->session->master_key));
460 -+ <= (int)sizeof(s->session->master_key));
461 - EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
462 - EVP_DigestUpdate(&ctx,&c,1);
463 - c++;
464 ---- openssl-0.9.8ze/ssl/s2_srvr.c
465 -+++ openssl-0.9.8ze/ssl/s2_srvr.c
466 -@@ -446,10 +446,6 @@
467 - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
468 - return(-1);
469 - }
470 -- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
471 -- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
472 -- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
473 --
474 - is_export=SSL_C_IS_EXPORT(s->session->cipher);
475 -
476 - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
477 -@@ -467,21 +463,59 @@
478 - else
479 - ek=5;
480 -
481 -+ /*
482 -+ * The format of the CLIENT-MASTER-KEY message is
483 -+ * 1 byte message type
484 -+ * 3 bytes cipher
485 -+ * 2-byte clear key length (stored in s->s2->tmp.clear)
486 -+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
487 -+ * 2-byte key args length (IV etc)
488 -+ * clear key
489 -+ * encrypted key
490 -+ * key args
491 -+ *
492 -+ * If the cipher is an export cipher, then the encrypted key bytes
493 -+ * are a fixed portion of the total key (5 or 8 bytes). The size of
494 -+ * this portion is in |ek|. If the cipher is not an export cipher,
495 -+ * then the entire key material is encrypted (i.e., clear key length
496 -+ * must be zero).
497 -+ */
498 -+ if ((!is_export && s->s2->tmp.clear != 0) ||
499 -+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
500 -+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
501 -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
502 -+ return -1;
503 -+ }
504 -+ /*
505 -+ * The encrypted blob must decrypt to the encrypted portion of the key.
506 -+ * Decryption can't be expanding, so if we don't have enough encrypted
507 -+ * bytes to fit the key in the buffer, stop now.
508 -+ */
509 -+ if ((is_export && s->s2->tmp.enc < ek) ||
510 -+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
511 -+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
512 -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
513 -+ return -1;
514 -+ }
515 -+
516 -+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
517 -+ &(p[s->s2->tmp.clear]),
518 -+ &(p[s->s2->tmp.clear]),
519 -+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
520 -+ RSA_PKCS1_PADDING);
521 -+
522 - /* bad decrypt */
523 - #if 1
524 - /* If a bad decrypt, continue with protocol but with a
525 - * random master secret (Bleichenbacher attack) */
526 -- if ((i < 0) ||
527 -- ((!is_export && (i != EVP_CIPHER_key_length(c)))
528 -- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
529 -- (unsigned int)EVP_CIPHER_key_length(c))))))
530 -- {
531 -+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
532 -+ || (is_export && i != ek))) {
533 - ERR_clear_error();
534 - if (is_export)
535 - i=ek;
536 - else
537 - i=EVP_CIPHER_key_length(c);
538 -- if (RAND_pseudo_bytes(p,i) <= 0)
539 -+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
540 - return 0;
541 - }
542 - #else
543 -@@ -505,7 +539,8 @@
544 - }
545 - #endif
546 -
547 -- if (is_export) i+=s->s2->tmp.clear;
548 -+ if (is_export)
549 -+ i = EVP_CIPHER_key_length(c);
550 -
551 - if (i > SSL_MAX_MASTER_KEY_LENGTH)
552 - {
553
554 diff --git a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
555 deleted file mode 100644
556 index e1a030f..0000000
557 --- a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
558 +++ /dev/null
559 @@ -1,315 +0,0 @@
560 -http://rt.openssl.org/Ticket/Display.html?id=2084
561 -
562 ---- a/Makefile.org
563 -+++ b/Makefile.org
564 -@@ -247,17 +247,17 @@
565 - build_libs: build_crypto build_ssl build_engines
566 -
567 - build_crypto:
568 -- @dir=crypto; target=all; $(BUILD_ONE_CMD)
569 -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
570 --build_ssl:
571 -+build_ssl: build_crypto
572 -- @dir=ssl; target=all; $(BUILD_ONE_CMD)
573 -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
574 --build_engines:
575 -+build_engines: build_crypto
576 -- @dir=engines; target=all; $(BUILD_ONE_CMD)
577 -+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
578 --build_apps:
579 -+build_apps: build_libs
580 -- @dir=apps; target=all; $(BUILD_ONE_CMD)
581 -+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
582 --build_tests:
583 -+build_tests: build_libs
584 -- @dir=test; target=all; $(BUILD_ONE_CMD)
585 -+ +@dir=test; target=all; $(BUILD_ONE_CMD)
586 --build_tools:
587 -+build_tools: build_libs
588 -- @dir=tools; target=all; $(BUILD_ONE_CMD)
589 -+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
590 -
591 - all_testapps: build_libs build_testapps
592 - build_testapps:
593 -@@ -497,9 +497,9 @@
594 - dist_pem_h:
595 - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
596 -
597 --install: all install_docs install_sw
598 -+install: install_docs install_sw
599 -
600 --install_sw:
601 -+install_dirs:
602 - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
603 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
604 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
605 -@@ -508,6 +508,13 @@
606 - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
607 - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
608 - $(INSTALL_PREFIX)$(OPENSSLDIR)/private
609 -+ @$(PERL) $(TOP)/util/mkdir-p.pl \
610 -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
611 -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
612 -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
613 -+ $(INSTALL_PREFIX)$(MANDIR)/man7
614 -+
615 -+install_sw: install_dirs
616 - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
617 - do \
618 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
619 -@@ -511,7 +511,7 @@
620 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
621 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
622 - done;
623 -- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
624 -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
625 - @set -e; for i in $(LIBS) ;\
626 - do \
627 - if [ -f "$$i" ]; then \
628 -@@ -593,12 +600,7 @@
629 - done; \
630 - done
631 -
632 --install_docs:
633 -- @$(PERL) $(TOP)/util/mkdir-p.pl \
634 -- $(INSTALL_PREFIX)$(MANDIR)/man1 \
635 -- $(INSTALL_PREFIX)$(MANDIR)/man3 \
636 -- $(INSTALL_PREFIX)$(MANDIR)/man5 \
637 -- $(INSTALL_PREFIX)$(MANDIR)/man7
638 -+install_docs: install_dirs
639 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
640 - here="`pwd`"; \
641 - filecase=; \
642 ---- a/crypto/Makefile
643 -+++ b/crypto/Makefile
644 -@@ -85,11 +85,11 @@
645 - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
646 -
647 - subdirs:
648 -- @target=all; $(RECURSIVE_MAKE)
649 -+ +@target=all; $(RECURSIVE_MAKE)
650 -
651 - files:
652 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
653 -- @target=files; $(RECURSIVE_MAKE)
654 -+ +@target=files; $(RECURSIVE_MAKE)
655 -
656 - links:
657 - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
658 -@@ -100,7 +100,7 @@
659 - # lib: $(LIB): are splitted to avoid end-less loop
660 - lib: $(LIB)
661 - @touch lib
662 --$(LIB): $(LIBOBJ)
663 -+$(LIB): $(LIBOBJ) | subdirs
664 - $(AR) $(LIB) $(LIBOBJ)
665 - $(RANLIB) $(LIB) || echo Never mind.
666 -
667 -@@ -110,7 +110,7 @@
668 - fi
669 -
670 - libs:
671 -- @target=lib; $(RECURSIVE_MAKE)
672 -+ +@target=lib; $(RECURSIVE_MAKE)
673 -
674 - install:
675 - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
676 -@@ -119,7 +119,7 @@
677 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
678 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
679 - done;
680 -- @target=install; $(RECURSIVE_MAKE)
681 -+ +@target=install; $(RECURSIVE_MAKE)
682 -
683 - lint:
684 - @target=lint; $(RECURSIVE_MAKE)
685 ---- a/engines/Makefile
686 -+++ b/engines/Makefile
687 -@@ -72,7 +72,7 @@
688 -
689 - all: lib subdirs
690 -
691 --lib: $(LIBOBJ)
692 -+lib: $(LIBOBJ) | subdirs
693 - @if [ -n "$(SHARED_LIBS)" ]; then \
694 - set -e; \
695 - for l in $(LIBNAMES); do \
696 -@@ -89,7 +89,7 @@
697 -
698 - subdirs:
699 - echo $(EDIRS)
700 -- @target=all; $(RECURSIVE_MAKE)
701 -+ +@target=all; $(RECURSIVE_MAKE)
702 -
703 - files:
704 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
705 -@@ -128,7 +128,7 @@
706 - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
707 - done; \
708 - fi
709 -- @target=install; $(RECURSIVE_MAKE)
710 -+ +@target=install; $(RECURSIVE_MAKE)
711 -
712 - tags:
713 - ctags $(SRC)
714 ---- a/test/Makefile
715 -+++ b/test/Makefile
716 -@@ -123,7 +123,7 @@
717 - tags:
718 - ctags $(SRC)
719 -
720 --tests: exe apps $(TESTS)
721 -+tests: exe $(TESTS)
722 -
723 - apps:
724 - @(cd ..; $(MAKE) DIRS=apps all)
725 -@@ -345,106 +345,106 @@
726 - link_app.$${shlib_target}
727 -
728 - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
729 -- @target=$(RSATEST); $(BUILD_CMD)
730 -+ +@target=$(RSATEST); $(BUILD_CMD)
731 -
732 - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
733 -- @target=$(BNTEST); $(BUILD_CMD)
734 -+ +@target=$(BNTEST); $(BUILD_CMD)
735 -
736 - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
737 -- @target=$(ECTEST); $(BUILD_CMD)
738 -+ +@target=$(ECTEST); $(BUILD_CMD)
739 -
740 - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
741 -- @target=$(EXPTEST); $(BUILD_CMD)
742 -+ +@target=$(EXPTEST); $(BUILD_CMD)
743 -
744 - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
745 -- @target=$(IDEATEST); $(BUILD_CMD)
746 -+ +@target=$(IDEATEST); $(BUILD_CMD)
747 -
748 - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
749 -- @target=$(MD2TEST); $(BUILD_CMD)
750 -+ +@target=$(MD2TEST); $(BUILD_CMD)
751 -
752 - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
753 -- @target=$(SHATEST); $(BUILD_CMD)
754 -+ +@target=$(SHATEST); $(BUILD_CMD)
755 -
756 - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
757 -- @target=$(SHA1TEST); $(BUILD_CMD)
758 -+ +@target=$(SHA1TEST); $(BUILD_CMD)
759 -
760 - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
761 -- @target=$(SHA256TEST); $(BUILD_CMD)
762 -+ +@target=$(SHA256TEST); $(BUILD_CMD)
763 -
764 - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
765 -- @target=$(SHA512TEST); $(BUILD_CMD)
766 -+ +@target=$(SHA512TEST); $(BUILD_CMD)
767 -
768 - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
769 -- @target=$(RMDTEST); $(BUILD_CMD)
770 -+ +@target=$(RMDTEST); $(BUILD_CMD)
771 -
772 - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
773 -- @target=$(MDC2TEST); $(BUILD_CMD)
774 -+ +@target=$(MDC2TEST); $(BUILD_CMD)
775 -
776 - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
777 -- @target=$(MD4TEST); $(BUILD_CMD)
778 -+ +@target=$(MD4TEST); $(BUILD_CMD)
779 -
780 - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
781 -- @target=$(MD5TEST); $(BUILD_CMD)
782 -+ +@target=$(MD5TEST); $(BUILD_CMD)
783 -
784 - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
785 -- @target=$(HMACTEST); $(BUILD_CMD)
786 -+ +@target=$(HMACTEST); $(BUILD_CMD)
787 -
788 - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
789 -- @target=$(WPTEST); $(BUILD_CMD)
790 -+ +@target=$(WPTEST); $(BUILD_CMD)
791 -
792 - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
793 -- @target=$(RC2TEST); $(BUILD_CMD)
794 -+ +@target=$(RC2TEST); $(BUILD_CMD)
795 -
796 - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
797 -- @target=$(BFTEST); $(BUILD_CMD)
798 -+ +@target=$(BFTEST); $(BUILD_CMD)
799 -
800 - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
801 -- @target=$(CASTTEST); $(BUILD_CMD)
802 -+ +@target=$(CASTTEST); $(BUILD_CMD)
803 -
804 - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
805 -- @target=$(RC4TEST); $(BUILD_CMD)
806 -+ +@target=$(RC4TEST); $(BUILD_CMD)
807 -
808 - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
809 -- @target=$(RC5TEST); $(BUILD_CMD)
810 -+ +@target=$(RC5TEST); $(BUILD_CMD)
811 -
812 - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
813 -- @target=$(DESTEST); $(BUILD_CMD)
814 -+ +@target=$(DESTEST); $(BUILD_CMD)
815 -
816 - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
817 -- @target=$(RANDTEST); $(BUILD_CMD)
818 -+ +@target=$(RANDTEST); $(BUILD_CMD)
819 -
820 - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
821 -- @target=$(DHTEST); $(BUILD_CMD)
822 -+ +@target=$(DHTEST); $(BUILD_CMD)
823 -
824 - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
825 -- @target=$(DSATEST); $(BUILD_CMD)
826 -+ +@target=$(DSATEST); $(BUILD_CMD)
827 -
828 - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
829 -- @target=$(METHTEST); $(BUILD_CMD)
830 -+ +@target=$(METHTEST); $(BUILD_CMD)
831 -
832 - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
833 -- @target=$(SSLTEST); $(BUILD_CMD)
834 -+ +@target=$(SSLTEST); $(BUILD_CMD)
835 -
836 - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
837 -- @target=$(ENGINETEST); $(BUILD_CMD)
838 -+ +@target=$(ENGINETEST); $(BUILD_CMD)
839 -
840 - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
841 -- @target=$(EVPTEST); $(BUILD_CMD)
842 -+ +@target=$(EVPTEST); $(BUILD_CMD)
843 -
844 - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
845 -- @target=$(ECDSATEST); $(BUILD_CMD)
846 -+ +@target=$(ECDSATEST); $(BUILD_CMD)
847 -
848 - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
849 -- @target=$(ECDHTEST); $(BUILD_CMD)
850 -+ +@target=$(ECDHTEST); $(BUILD_CMD)
851 -
852 - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
853 -- @target=$(IGETEST); $(BUILD_CMD)
854 -+ +@target=$(IGETEST); $(BUILD_CMD)
855 -
856 - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
857 -- @target=$(JPAKETEST); $(BUILD_CMD)
858 -+ +@target=$(JPAKETEST); $(BUILD_CMD)
859 -
860 - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
861 -- @target=$(ASN1TEST); $(BUILD_CMD)
862 -+ +@target=$(ASN1TEST); $(BUILD_CMD)
863 -
864 - #$(AESTEST).o: $(AESTEST).c
865 - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
866 -@@ -457,7 +457,7 @@
867 - # fi
868 -
869 - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
870 -- @target=dummytest; $(BUILD_CMD)
871 -+ +@target=dummytest; $(BUILD_CMD)
872 -
873 - # DO NOT DELETE THIS LINE -- make depend depends on it.
874 -
875
876 diff --git a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch b/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
877 deleted file mode 100644
878 index 2d715eb..0000000
879 --- a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
880 +++ /dev/null
881 @@ -1,76 +0,0 @@
882 ---- openssl-1.0.0r/Configure
883 -+++ openssl-1.0.0r/Configure
884 -@@ -353,6 +353,7 @@ my %table=(
885 - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
886 - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
887 - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
888 -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
889 - "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
890 - #### SPARC Linux setups
891 - # Ray Miller <ray.miller@××××××××××××××××××××××××××××.uk> has patiently
892 ---- openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
893 -+++ openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
894 -@@ -55,7 +55,7 @@
895 - * machine.
896 - */
897 -
898 --# ifdef _WIN64
899 -+# if defined _WIN64 || !defined __LP64__
900 - # define BN_ULONG unsigned long long
901 - # else
902 - # define BN_ULONG unsigned long
903 -@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
904 -
905 - asm volatile (" subq %2,%2 \n"
906 - ".p2align 4 \n"
907 -- "1: movq (%4,%2,8),%0 \n"
908 -- " adcq (%5,%2,8),%0 \n"
909 -- " movq %0,(%3,%2,8) \n"
910 -+ "1: movq (%q4,%2,8),%0 \n"
911 -+ " adcq (%q5,%2,8),%0 \n"
912 -+ " movq %0,(%q3,%2,8) \n"
913 - " leaq 1(%2),%2 \n"
914 - " loop 1b \n"
915 - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
916 -@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
917 -
918 - asm volatile (" subq %2,%2 \n"
919 - ".p2align 4 \n"
920 -- "1: movq (%4,%2,8),%0 \n"
921 -- " sbbq (%5,%2,8),%0 \n"
922 -- " movq %0,(%3,%2,8) \n"
923 -+ "1: movq (%q4,%2,8),%0 \n"
924 -+ " sbbq (%q5,%2,8),%0 \n"
925 -+ " movq %0,(%q3,%2,8) \n"
926 - " leaq 1(%2),%2 \n"
927 - " loop 1b \n"
928 - " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
929 ---- openssl-1.0.0r/crypto/bn/bn_exp.c
930 -+++ openssl-1.0.0r/crypto/bn/bn_exp.c
931 -@@ -564,7 +564,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
932 - * multiple.
933 - */
934 - #define MOD_EXP_CTIME_ALIGN(x_) \
935 -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
936 -+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
937 -
938 - /*
939 - * This variant of BN_mod_exp_mont() uses fixed windows and the special
940 ---- openssl-1.0.0r/crypto/bn/bn.h
941 -+++ openssl-1.0.0r/crypto/bn/bn.h
942 -@@ -174,6 +174,15 @@ extern "C" {
943 - # endif
944 -
945 - /*
946 -+ * Address type.
947 -+ */
948 -+#ifdef _WIN64
949 -+#define BN_ADDR unsigned long long
950 -+#else
951 -+#define BN_ADDR unsigned long
952 -+#endif
953 -+
954 -+/*
955 - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
956 - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
957 - */
958
959 diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
960 deleted file mode 100644
961 index 19f859a..0000000
962 --- a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
963 +++ /dev/null
964 @@ -1,354 +0,0 @@
965 -http://rt.openssl.org/Ticket/Display.html?id=2084
966 -
967 ---- a/Makefile.org
968 -+++ b/Makefile.org
969 -@@ -247,17 +247,17 @@
970 - build_libs: build_crypto build_ssl build_engines
971 -
972 - build_crypto:
973 -- @dir=crypto; target=all; $(BUILD_ONE_CMD)
974 -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
975 --build_ssl:
976 -+build_ssl: build_crypto
977 -- @dir=ssl; target=all; $(BUILD_ONE_CMD)
978 -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
979 --build_engines:
980 -+build_engines: build_crypto
981 -- @dir=engines; target=all; $(BUILD_ONE_CMD)
982 -+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
983 --build_apps:
984 -+build_apps: build_libs
985 -- @dir=apps; target=all; $(BUILD_ONE_CMD)
986 -+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
987 --build_tests:
988 -+build_tests: build_libs
989 -- @dir=test; target=all; $(BUILD_ONE_CMD)
990 -+ +@dir=test; target=all; $(BUILD_ONE_CMD)
991 --build_tools:
992 -+build_tools: build_libs
993 -- @dir=tools; target=all; $(BUILD_ONE_CMD)
994 -+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
995 -
996 - all_testapps: build_libs build_testapps
997 - build_testapps:
998 -@@ -497,9 +497,9 @@
999 - dist_pem_h:
1000 - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
1001 -
1002 --install: all install_docs install_sw
1003 -+install: install_docs install_sw
1004 -
1005 --install_sw:
1006 -+install_dirs:
1007 - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
1008 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
1009 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
1010 -@@ -508,6 +508,13 @@
1011 - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
1012 - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
1013 - $(INSTALL_PREFIX)$(OPENSSLDIR)/private
1014 -+ @$(PERL) $(TOP)/util/mkdir-p.pl \
1015 -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
1016 -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
1017 -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
1018 -+ $(INSTALL_PREFIX)$(MANDIR)/man7
1019 -+
1020 -+install_sw: install_dirs
1021 - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
1022 - do \
1023 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
1024 -@@ -511,7 +511,7 @@
1025 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
1026 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
1027 - done;
1028 -- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
1029 -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
1030 - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
1031 - do \
1032 - if [ -f "$$i" ]; then \
1033 -@@ -593,12 +600,7 @@
1034 - done; \
1035 - done
1036 -
1037 --install_docs:
1038 -- @$(PERL) $(TOP)/util/mkdir-p.pl \
1039 -- $(INSTALL_PREFIX)$(MANDIR)/man1 \
1040 -- $(INSTALL_PREFIX)$(MANDIR)/man3 \
1041 -- $(INSTALL_PREFIX)$(MANDIR)/man5 \
1042 -- $(INSTALL_PREFIX)$(MANDIR)/man7
1043 -+install_docs: install_dirs
1044 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
1045 - here="`pwd`"; \
1046 - filecase=; \
1047 ---- a/Makefile.shared
1048 -+++ b/Makefile.shared
1049 -@@ -105,6 +105,7 @@ LINK_SO= \
1050 - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
1051 - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
1052 - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
1053 -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
1054 - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
1055 - $${SHAREDCMD} $${SHAREDFLAGS} \
1056 - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
1057 -@@ -122,6 +124,7 @@ SYMLINK_SO= \
1058 - done; \
1059 - fi; \
1060 - if [ -n "$$SHLIB_SOVER" ]; then \
1061 -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
1062 - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
1063 - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
1064 - fi; \
1065 ---- a/crypto/Makefile
1066 -+++ b/crypto/Makefile
1067 -@@ -85,11 +85,11 @@
1068 - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
1069 -
1070 - subdirs:
1071 -- @target=all; $(RECURSIVE_MAKE)
1072 -+ +@target=all; $(RECURSIVE_MAKE)
1073 -
1074 - files:
1075 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
1076 -- @target=files; $(RECURSIVE_MAKE)
1077 -+ +@target=files; $(RECURSIVE_MAKE)
1078 -
1079 - links:
1080 - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
1081 -@@ -100,7 +100,7 @@
1082 - # lib: $(LIB): are splitted to avoid end-less loop
1083 - lib: $(LIB)
1084 - @touch lib
1085 --$(LIB): $(LIBOBJ)
1086 -+$(LIB): $(LIBOBJ) | subdirs
1087 - $(AR) $(LIB) $(LIBOBJ)
1088 - $(RANLIB) $(LIB) || echo Never mind.
1089 -
1090 -@@ -110,7 +110,7 @@
1091 - fi
1092 -
1093 - libs:
1094 -- @target=lib; $(RECURSIVE_MAKE)
1095 -+ +@target=lib; $(RECURSIVE_MAKE)
1096 -
1097 - install:
1098 - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
1099 -@@ -119,7 +119,7 @@
1100 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
1101 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
1102 - done;
1103 -- @target=install; $(RECURSIVE_MAKE)
1104 -+ +@target=install; $(RECURSIVE_MAKE)
1105 -
1106 - lint:
1107 - @target=lint; $(RECURSIVE_MAKE)
1108 ---- a/engines/Makefile
1109 -+++ b/engines/Makefile
1110 -@@ -72,7 +72,7 @@
1111 -
1112 - all: lib subdirs
1113 -
1114 --lib: $(LIBOBJ)
1115 -+lib: $(LIBOBJ) | subdirs
1116 - @if [ -n "$(SHARED_LIBS)" ]; then \
1117 - set -e; \
1118 - for l in $(LIBNAMES); do \
1119 -@@ -89,7 +89,7 @@
1120 -
1121 - subdirs:
1122 - echo $(EDIRS)
1123 -- @target=all; $(RECURSIVE_MAKE)
1124 -+ +@target=all; $(RECURSIVE_MAKE)
1125 -
1126 - files:
1127 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
1128 -@@ -128,7 +128,7 @@
1129 - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
1130 - done; \
1131 - fi
1132 -- @target=install; $(RECURSIVE_MAKE)
1133 -+ +@target=install; $(RECURSIVE_MAKE)
1134 -
1135 - tags:
1136 - ctags $(SRC)
1137 ---- a/test/Makefile
1138 -+++ b/test/Makefile
1139 -@@ -123,7 +123,7 @@
1140 - tags:
1141 - ctags $(SRC)
1142 -
1143 --tests: exe apps $(TESTS)
1144 -+tests: exe $(TESTS)
1145 -
1146 - apps:
1147 - @(cd ..; $(MAKE) DIRS=apps all)
1148 -@@ -365,109 +365,109 @@
1149 - link_app.$${shlib_target}
1150 -
1151 - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
1152 -- @target=$(RSATEST); $(BUILD_CMD)
1153 -+ +@target=$(RSATEST); $(BUILD_CMD)
1154 -
1155 - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
1156 -- @target=$(BNTEST); $(BUILD_CMD)
1157 -+ +@target=$(BNTEST); $(BUILD_CMD)
1158 -
1159 - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
1160 -- @target=$(ECTEST); $(BUILD_CMD)
1161 -+ +@target=$(ECTEST); $(BUILD_CMD)
1162 -
1163 - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
1164 -- @target=$(EXPTEST); $(BUILD_CMD)
1165 -+ +@target=$(EXPTEST); $(BUILD_CMD)
1166 -
1167 - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
1168 -- @target=$(IDEATEST); $(BUILD_CMD)
1169 -+ +@target=$(IDEATEST); $(BUILD_CMD)
1170 -
1171 - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
1172 -- @target=$(MD2TEST); $(BUILD_CMD)
1173 -+ +@target=$(MD2TEST); $(BUILD_CMD)
1174 -
1175 - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
1176 -- @target=$(SHATEST); $(BUILD_CMD)
1177 -+ +@target=$(SHATEST); $(BUILD_CMD)
1178 -
1179 - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
1180 -- @target=$(SHA1TEST); $(BUILD_CMD)
1181 -+ +@target=$(SHA1TEST); $(BUILD_CMD)
1182 -
1183 - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
1184 -- @target=$(SHA256TEST); $(BUILD_CMD)
1185 -+ +@target=$(SHA256TEST); $(BUILD_CMD)
1186 -
1187 - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
1188 -- @target=$(SHA512TEST); $(BUILD_CMD)
1189 -+ +@target=$(SHA512TEST); $(BUILD_CMD)
1190 -
1191 - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
1192 -- @target=$(RMDTEST); $(BUILD_CMD)
1193 -+ +@target=$(RMDTEST); $(BUILD_CMD)
1194 -
1195 - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
1196 -- @target=$(MDC2TEST); $(BUILD_CMD)
1197 -+ +@target=$(MDC2TEST); $(BUILD_CMD)
1198 -
1199 - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
1200 -- @target=$(MD4TEST); $(BUILD_CMD)
1201 -+ +@target=$(MD4TEST); $(BUILD_CMD)
1202 -
1203 - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
1204 -- @target=$(MD5TEST); $(BUILD_CMD)
1205 -+ +@target=$(MD5TEST); $(BUILD_CMD)
1206 -
1207 - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
1208 -- @target=$(HMACTEST); $(BUILD_CMD)
1209 -+ +@target=$(HMACTEST); $(BUILD_CMD)
1210 -
1211 - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
1212 -- @target=$(WPTEST); $(BUILD_CMD)
1213 -+ +@target=$(WPTEST); $(BUILD_CMD)
1214 -
1215 - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
1216 -- @target=$(RC2TEST); $(BUILD_CMD)
1217 -+ +@target=$(RC2TEST); $(BUILD_CMD)
1218 -
1219 - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
1220 -- @target=$(BFTEST); $(BUILD_CMD)
1221 -+ +@target=$(BFTEST); $(BUILD_CMD)
1222 -
1223 - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
1224 -- @target=$(CASTTEST); $(BUILD_CMD)
1225 -+ +@target=$(CASTTEST); $(BUILD_CMD)
1226 -
1227 - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
1228 -- @target=$(RC4TEST); $(BUILD_CMD)
1229 -+ +@target=$(RC4TEST); $(BUILD_CMD)
1230 -
1231 - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
1232 -- @target=$(RC5TEST); $(BUILD_CMD)
1233 -+ +@target=$(RC5TEST); $(BUILD_CMD)
1234 -
1235 - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
1236 -- @target=$(DESTEST); $(BUILD_CMD)
1237 -+ +@target=$(DESTEST); $(BUILD_CMD)
1238 -
1239 - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
1240 -- @target=$(RANDTEST); $(BUILD_CMD)
1241 -+ +@target=$(RANDTEST); $(BUILD_CMD)
1242 -
1243 - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
1244 -- @target=$(DHTEST); $(BUILD_CMD)
1245 -+ +@target=$(DHTEST); $(BUILD_CMD)
1246 -
1247 - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
1248 -- @target=$(DSATEST); $(BUILD_CMD)
1249 -+ +@target=$(DSATEST); $(BUILD_CMD)
1250 -
1251 - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
1252 -- @target=$(METHTEST); $(BUILD_CMD)
1253 -+ +@target=$(METHTEST); $(BUILD_CMD)
1254 -
1255 - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
1256 -- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
1257 -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
1258 -
1259 - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
1260 -- @target=$(ENGINETEST); $(BUILD_CMD)
1261 -+ +@target=$(ENGINETEST); $(BUILD_CMD)
1262 -
1263 - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
1264 -- @target=$(EVPTEST); $(BUILD_CMD)
1265 -+ +@target=$(EVPTEST); $(BUILD_CMD)
1266 -
1267 - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
1268 -- @target=$(ECDSATEST); $(BUILD_CMD)
1269 -+ +@target=$(ECDSATEST); $(BUILD_CMD)
1270 -
1271 - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
1272 -- @target=$(ECDHTEST); $(BUILD_CMD)
1273 -+ +@target=$(ECDHTEST); $(BUILD_CMD)
1274 -
1275 - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
1276 -- @target=$(IGETEST); $(BUILD_CMD)
1277 -+ +@target=$(IGETEST); $(BUILD_CMD)
1278 -
1279 - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
1280 -- @target=$(JPAKETEST); $(BUILD_CMD)
1281 -+ +@target=$(JPAKETEST); $(BUILD_CMD)
1282 -
1283 - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
1284 -- @target=$(ASN1TEST); $(BUILD_CMD)
1285 -+ +@target=$(ASN1TEST); $(BUILD_CMD)
1286 -
1287 - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
1288 -- @target=$(SRPTEST); $(BUILD_CMD)
1289 -+ +@target=$(SRPTEST); $(BUILD_CMD)
1290 -
1291 - #$(AESTEST).o: $(AESTEST).c
1292 - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
1293 -@@ -480,7 +480,7 @@
1294 - # fi
1295 -
1296 - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
1297 -- @target=dummytest; $(BUILD_CMD)
1298 -+ +@target=dummytest; $(BUILD_CMD)
1299 -
1300 - # DO NOT DELETE THIS LINE -- make depend depends on it.
1301 -
1302 ---- a/crypto/objects/Makefile
1303 -+++ b/crypto/objects/Makefile
1304 -@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
1305 - # objects.pl both reads and writes obj_mac.num
1306 - obj_mac.h: objects.pl objects.txt obj_mac.num
1307 - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
1308 -- @sleep 1; touch obj_mac.h; sleep 1
1309 -
1310 --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
1311 -+# This doesn't really need obj_mac.h, but since that rule reads & writes
1312 -+# obj_mac.num, we can't run in parallel with it.
1313 -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
1314 - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
1315 -- @sleep 1; touch obj_xref.h; sleep 1
1316 -
1317 - files:
1318 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
1319
1320 diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch
1321 deleted file mode 100644
1322 index 5106cb6..0000000
1323 --- a/dev-libs/openssl/files/openssl-1.0.1-x32.patch
1324 +++ /dev/null
1325 @@ -1,79 +0,0 @@
1326 -http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
1327 -
1328 -UpstreamStatus: Pending
1329 -
1330 -Received from H J Liu @ Intel
1331 -Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
1332 -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@×××××.com> 2011/07/13
1333 -
1334 -ported the patch to the 1.0.0e version
1335 -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@×××××.com> 2011/12/01
1336 -Index: openssl-1.0.0e/Configure
1337 -===================================================================
1338 ---- openssl-1.0.0e.orig/Configure
1339 -+++ openssl-1.0.0e/Configure
1340 -@@ -393,6 +393,7 @@ my %table=(
1341 - "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
1342 - "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
1343 - "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
1344 -+"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
1345 - "dist", "cc:-O::(unknown)::::::",
1346 -
1347 - # Basic configs that should work on any (32 and less bit) box
1348 -Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
1349 -===================================================================
1350 ---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
1351 -+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
1352 -@@ -55,7 +55,7 @@
1353 - * machine.
1354 - */
1355 -
1356 --#ifdef _WIN64
1357 -+#if defined _WIN64 || !defined __LP64__
1358 - #define BN_ULONG unsigned long long
1359 - #else
1360 - #define BN_ULONG unsigned long
1361 -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
1362 - asm (
1363 - " subq %2,%2 \n"
1364 - ".p2align 4 \n"
1365 -- "1: movq (%4,%2,8),%0 \n"
1366 -- " adcq (%5,%2,8),%0 \n"
1367 -- " movq %0,(%3,%2,8) \n"
1368 -+ "1: movq (%q4,%2,8),%0 \n"
1369 -+ " adcq (%q5,%2,8),%0 \n"
1370 -+ " movq %0,(%q3,%2,8) \n"
1371 - " leaq 1(%2),%2 \n"
1372 - " loop 1b \n"
1373 - " sbbq %0,%0 \n"
1374 -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
1375 - asm (
1376 - " subq %2,%2 \n"
1377 - ".p2align 4 \n"
1378 -- "1: movq (%4,%2,8),%0 \n"
1379 -- " sbbq (%5,%2,8),%0 \n"
1380 -- " movq %0,(%3,%2,8) \n"
1381 -+ "1: movq (%q4,%2,8),%0 \n"
1382 -+ " sbbq (%q5,%2,8),%0 \n"
1383 -+ " movq %0,(%q3,%2,8) \n"
1384 - " leaq 1(%2),%2 \n"
1385 - " loop 1b \n"
1386 - " sbbq %0,%0 \n"
1387 -Index: openssl-1.0.0e/crypto/bn/bn.h
1388 -===================================================================
1389 ---- openssl-1.0.0e.orig/crypto/bn/bn.h
1390 -+++ openssl-1.0.0e/crypto/bn/bn.h
1391 -@@ -172,6 +172,13 @@ extern "C" {
1392 - # endif
1393 - #endif
1394 -
1395 -+/* Address type. */
1396 -+#ifdef _WIN64
1397 -+#define BN_ADDR unsigned long long
1398 -+#else
1399 -+#define BN_ADDR unsigned long
1400 -+#endif
1401 -+
1402 - /* assuming long is 64bit - this is the DEC Alpha
1403 - * unsigned long long is only 64 bits :-(, don't define
1404 - * BN_LLONG for the DEC Alpha */
1405
1406 diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
1407 deleted file mode 100644
1408 index 03e4f59..0000000
1409 --- a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
1410 +++ /dev/null
1411 @@ -1,18 +0,0 @@
1412 -https://bugs.gentoo.org/472584
1413 -http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
1414 -
1415 -fix verification handling in s_client. when loading paths, make sure
1416 -we properly fallback to setting the default paths.
1417 -
1418 ---- a/apps/s_client.c
1419 -+++ b/apps/s_client.c
1420 -@@ -899,7 +899,7 @@
1421 - if (!set_cert_key_stuff(ctx,cert,key))
1422 - goto end;
1423 -
1424 -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
1425 -+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) &&
1426 - (!SSL_CTX_set_default_verify_paths(ctx)))
1427 - {
1428 - /* BIO_printf(bio_err,"error setting default verify locations\n"); */
1429 -
1430
1431 diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
1432 deleted file mode 100644
1433 index 10c1ba2..0000000
1434 --- a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
1435 +++ /dev/null
1436 @@ -1,642 +0,0 @@
1437 -http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
1438 -
1439 -Forward ported from openssl-1.0.1e-ipv6.patch
1440 -
1441 -Signed-off-by: Lars Wendler <polynomial-c@g.o>
1442 -
1443 ---- openssl-1.0.1h/apps/s_apps.h
1444 -+++ openssl-1.0.1h/apps/s_apps.h
1445 -@@ -148,7 +148,7 @@
1446 - #define PORT_STR "4433"
1447 - #define PROTOCOL "tcp"
1448 -
1449 --int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
1450 -+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
1451 - #ifdef HEADER_X509_H
1452 - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
1453 - #endif
1454 -@@ -156,7 +156,7 @@
1455 - int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
1456 - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
1457 - #endif
1458 --int init_client(int *sock, char *server, int port, int type);
1459 -+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
1460 - int should_retry(int i);
1461 - int extract_port(char *str, short *port_ptr);
1462 - int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
1463 ---- openssl-1.0.1h/apps/s_client.c
1464 -+++ openssl-1.0.1h/apps/s_client.c
1465 -@@ -285,6 +285,10 @@
1466 - {
1467 - BIO_printf(bio_err,"usage: s_client args\n");
1468 - BIO_printf(bio_err,"\n");
1469 -+ BIO_printf(bio_err," -4 - use IPv4 only\n");
1470 -+#if OPENSSL_USE_IPV6
1471 -+ BIO_printf(bio_err," -6 - use IPv6 only\n");
1472 -+#endif
1473 - BIO_printf(bio_err," -host host - use -connect instead\n");
1474 - BIO_printf(bio_err," -port port - use -connect instead\n");
1475 - BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
1476 -@@ -568,6 +572,7 @@
1477 - int sbuf_len,sbuf_off;
1478 - fd_set readfds,writefds;
1479 - short port=PORT;
1480 -+ int use_ipv4, use_ipv6;
1481 - int full_log=1;
1482 - char *host=SSL_HOST_NAME;
1483 - char *cert_file=NULL,*key_file=NULL;
1484 -@@ -613,7 +618,11 @@
1485 - #endif
1486 - char *sess_in = NULL;
1487 - char *sess_out = NULL;
1488 -- struct sockaddr peer;
1489 -+#if OPENSSL_USE_IPV6
1490 -+ struct sockaddr_storage peer;
1491 -+#else
1492 -+ struct sockaddr_in peer;
1493 -+#endif
1494 - int peerlen = sizeof(peer);
1495 - int enable_timeouts = 0 ;
1496 - long socket_mtu = 0;
1497 -@@ -628,6 +637,12 @@
1498 -
1499 - meth=SSLv23_client_method();
1500 -
1501 -+ use_ipv4 = 1;
1502 -+#if OPENSSL_USE_IPV6
1503 -+ use_ipv6 = 1;
1504 -+#else
1505 -+ use_ipv6 = 0;
1506 -+#endif
1507 - apps_startup();
1508 - c_Pause=0;
1509 - c_quiet=0;
1510 -@@ -949,6 +964,18 @@
1511 - jpake_secret = *++argv;
1512 - }
1513 - #endif
1514 -+ else if (strcmp(*argv,"-4") == 0)
1515 -+ {
1516 -+ use_ipv4 = 1;
1517 -+ use_ipv6 = 0;
1518 -+ }
1519 -+#if OPENSSL_USE_IPV6
1520 -+ else if (strcmp(*argv,"-6") == 0)
1521 -+ {
1522 -+ use_ipv4 = 0;
1523 -+ use_ipv6 = 1;
1524 -+ }
1525 -+#endif
1526 - #ifndef OPENSSL_NO_SRTP
1527 - else if (strcmp(*argv,"-use_srtp") == 0)
1528 - {
1529 -@@ -1260,7 +1287,7 @@
1530 -
1531 - re_start:
1532 -
1533 -- if (init_client(&s,host,port,socket_type) == 0)
1534 -+ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
1535 - {
1536 - BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
1537 - SHUTDOWN(s);
1538 -@@ -1286,7 +1313,7 @@
1539 - {
1540 -
1541 - sbio=BIO_new_dgram(s,BIO_NOCLOSE);
1542 -- if (getsockname(s, &peer, (void *)&peerlen) < 0)
1543 -+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
1544 - {
1545 - BIO_printf(bio_err, "getsockname:errno=%d\n",
1546 - get_last_socket_error());
1547 ---- openssl-1.0.1h/apps/s_server.c
1548 -+++ openssl-1.0.1h/apps/s_server.c
1549 -@@ -560,6 +560,10 @@
1550 - BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
1551 - # endif
1552 - #endif
1553 -+ BIO_printf(bio_err," -4 - use IPv4 only\n");
1554 -+#if OPENSSL_USE_IPV6
1555 -+ BIO_printf(bio_err," -6 - use IPv6 only\n");
1556 -+#endif
1557 - BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
1558 - BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
1559 - }
1560 -@@ -947,6 +951,7 @@
1561 - int state=0;
1562 - const SSL_METHOD *meth=NULL;
1563 - int socket_type=SOCK_STREAM;
1564 -+ int use_ipv4, use_ipv6;
1565 - ENGINE *e=NULL;
1566 - char *inrand=NULL;
1567 - int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
1568 -@@ -975,6 +980,12 @@
1569 - #endif
1570 - meth=SSLv23_server_method();
1571 -
1572 -+ use_ipv4 = 1;
1573 -+#if OPENSSL_USE_IPV6
1574 -+ use_ipv6 = 1;
1575 -+#else
1576 -+ use_ipv6 = 0;
1577 -+#endif
1578 - local_argc=argc;
1579 - local_argv=argv;
1580 -
1581 -@@ -1323,6 +1334,18 @@
1582 - jpake_secret = *(++argv);
1583 - }
1584 - #endif
1585 -+ else if (strcmp(*argv,"-4") == 0)
1586 -+ {
1587 -+ use_ipv4 = 1;
1588 -+ use_ipv6 = 0;
1589 -+ }
1590 -+#if OPENSSL_USE_IPV6
1591 -+ else if (strcmp(*argv,"-6") == 0)
1592 -+ {
1593 -+ use_ipv4 = 0;
1594 -+ use_ipv6 = 1;
1595 -+ }
1596 -+#endif
1597 - #ifndef OPENSSL_NO_SRTP
1598 - else if (strcmp(*argv,"-use_srtp") == 0)
1599 - {
1600 -@@ -1881,9 +1904,9 @@
1601 - BIO_printf(bio_s_out,"ACCEPT\n");
1602 - (void)BIO_flush(bio_s_out);
1603 - if (www)
1604 -- do_server(port,socket_type,&accept_socket,www_body, context);
1605 -+ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
1606 - else
1607 -- do_server(port,socket_type,&accept_socket,sv_body, context);
1608 -+ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
1609 - print_stats(bio_s_out,ctx);
1610 - ret=0;
1611 - end:
1612 ---- openssl-1.0.1h/apps/s_socket.c
1613 -+++ openssl-1.0.1h/apps/s_socket.c
1614 -@@ -97,16 +97,16 @@
1615 - #include "netdb.h"
1616 - #endif
1617 -
1618 --static struct hostent *GetHostByName(char *name);
1619 -+static struct hostent *GetHostByName(char *name, int domain);
1620 - #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
1621 - static void ssl_sock_cleanup(void);
1622 - #endif
1623 - static int ssl_sock_init(void);
1624 --static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
1625 --static int init_server(int *sock, int port, int type);
1626 --static int init_server_long(int *sock, int port,char *ip, int type);
1627 -+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
1628 -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
1629 -+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
1630 - static int do_accept(int acc_sock, int *sock, char **host);
1631 --static int host_ip(char *str, unsigned char ip[4]);
1632 -+static int host_ip(char *str, unsigned char *ip, int domain);
1633 -
1634 - #ifdef OPENSSL_SYS_WIN16
1635 - #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
1636 -@@ -234,38 +234,68 @@
1637 - return(1);
1638 - }
1639 -
1640 --int init_client(int *sock, char *host, int port, int type)
1641 -+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
1642 - {
1643 -+#if OPENSSL_USE_IPV6
1644 -+ unsigned char ip[16];
1645 -+#else
1646 - unsigned char ip[4];
1647 -+#endif
1648 -
1649 -- memset(ip, '\0', sizeof ip);
1650 -- if (!host_ip(host,&(ip[0])))
1651 -- return 0;
1652 -- return init_client_ip(sock,ip,port,type);
1653 -- }
1654 --
1655 --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
1656 -- {
1657 -- unsigned long addr;
1658 -+ if (use_ipv4)
1659 -+ if (host_ip(host,ip,AF_INET))
1660 -+ return(init_client_ip(sock,ip,port,type,AF_INET));
1661 -+#if OPENSSL_USE_IPV6
1662 -+ if (use_ipv6)
1663 -+ if (host_ip(host,ip,AF_INET6))
1664 -+ return(init_client_ip(sock,ip,port,type,AF_INET6));
1665 -+#endif
1666 -+ return 0;
1667 -+ }
1668 -+
1669 -+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
1670 -+ {
1671 -+#if OPENSSL_USE_IPV6
1672 -+ struct sockaddr_storage them;
1673 -+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
1674 -+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
1675 -+#else
1676 - struct sockaddr_in them;
1677 -+ struct sockaddr_in *them_in = &them;
1678 -+#endif
1679 -+ socklen_t addr_len;
1680 - int s,i;
1681 -
1682 - if (!ssl_sock_init()) return(0);
1683 -
1684 - memset((char *)&them,0,sizeof(them));
1685 -- them.sin_family=AF_INET;
1686 -- them.sin_port=htons((unsigned short)port);
1687 -- addr=(unsigned long)
1688 -- ((unsigned long)ip[0]<<24L)|
1689 -- ((unsigned long)ip[1]<<16L)|
1690 -- ((unsigned long)ip[2]<< 8L)|
1691 -- ((unsigned long)ip[3]);
1692 -- them.sin_addr.s_addr=htonl(addr);
1693 -+ if (domain == AF_INET)
1694 -+ {
1695 -+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
1696 -+ them_in->sin_family=AF_INET;
1697 -+ them_in->sin_port=htons((unsigned short)port);
1698 -+#ifndef BIT_FIELD_LIMITS
1699 -+ memcpy(&them_in->sin_addr.s_addr, ip, 4);
1700 -+#else
1701 -+ memcpy(&them_in->sin_addr, ip, 4);
1702 -+#endif
1703 -+ }
1704 -+ else
1705 -+#if OPENSSL_USE_IPV6
1706 -+ {
1707 -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
1708 -+ them_in6->sin6_family=AF_INET6;
1709 -+ them_in6->sin6_port=htons((unsigned short)port);
1710 -+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
1711 -+ }
1712 -+#else
1713 -+ return(0);
1714 -+#endif
1715 -
1716 - if (type == SOCK_STREAM)
1717 -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
1718 -+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
1719 - else /* ( type == SOCK_DGRAM) */
1720 -- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
1721 -+ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
1722 -
1723 - if (s == INVALID_SOCKET) { perror("socket"); return(0); }
1724 -
1725 -@@ -277,29 +307,27 @@
1726 - if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
1727 - }
1728 - #endif
1729 --
1730 -- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
1731 -+ if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
1732 - { closesocket(s); perror("connect"); return(0); }
1733 - *sock=s;
1734 - return(1);
1735 - }
1736 -
1737 --int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
1738 -+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
1739 - {
1740 - int sock;
1741 - char *name = NULL;
1742 - int accept_socket = 0;
1743 - int i;
1744 -
1745 -- if (!init_server(&accept_socket,port,type)) return(0);
1746 --
1747 -+ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
1748 - if (ret != NULL)
1749 - {
1750 - *ret=accept_socket;
1751 - /* return(1);*/
1752 - }
1753 -- for (;;)
1754 -- {
1755 -+ for (;;)
1756 -+ {
1757 - if (type==SOCK_STREAM)
1758 - {
1759 - if (do_accept(accept_socket,&sock,&name) == 0)
1760 -@@ -322,41 +350,88 @@
1761 - }
1762 - }
1763 -
1764 --static int init_server_long(int *sock, int port, char *ip, int type)
1765 -+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
1766 - {
1767 - int ret=0;
1768 -+ int domain;
1769 -+#if OPENSSL_USE_IPV6
1770 -+ struct sockaddr_storage server;
1771 -+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
1772 -+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
1773 -+#else
1774 - struct sockaddr_in server;
1775 -+ struct sockaddr_in *server_in = &server;
1776 -+#endif
1777 -+ socklen_t addr_len;
1778 - int s= -1;
1779 -
1780 -+ if (!use_ipv4 && !use_ipv6)
1781 -+ goto err;
1782 -+#if OPENSSL_USE_IPV6
1783 -+ /* we are fine here */
1784 -+#else
1785 -+ if (use_ipv6)
1786 -+ goto err;
1787 -+#endif
1788 - if (!ssl_sock_init()) return(0);
1789 -
1790 -- memset((char *)&server,0,sizeof(server));
1791 -- server.sin_family=AF_INET;
1792 -- server.sin_port=htons((unsigned short)port);
1793 -- if (ip == NULL)
1794 -- server.sin_addr.s_addr=INADDR_ANY;
1795 -- else
1796 --/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */
1797 --#ifndef BIT_FIELD_LIMITS
1798 -- memcpy(&server.sin_addr.s_addr,ip,4);
1799 -+#if OPENSSL_USE_IPV6
1800 -+ domain = use_ipv6 ? AF_INET6 : AF_INET;
1801 - #else
1802 -- memcpy(&server.sin_addr,ip,4);
1803 -+ domain = AF_INET;
1804 - #endif
1805 --
1806 -- if (type == SOCK_STREAM)
1807 -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
1808 -- else /* type == SOCK_DGRAM */
1809 -- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
1810 -+ if (type == SOCK_STREAM)
1811 -+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
1812 -+ else /* type == SOCK_DGRAM */
1813 -+ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
1814 -
1815 - if (s == INVALID_SOCKET) goto err;
1816 - #if defined SOL_SOCKET && defined SO_REUSEADDR
1817 -+ {
1818 -+ int j = 1;
1819 -+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
1820 -+ (void *) &j, sizeof j);
1821 -+ }
1822 -+#endif
1823 -+#if OPENSSL_USE_IPV6
1824 -+ if ((use_ipv4 == 0) && (use_ipv6 == 1))
1825 -+ {
1826 -+ const int on = 1;
1827 -+
1828 -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
1829 -+ (const void *) &on, sizeof(int));
1830 -+ }
1831 -+#endif
1832 -+ if (domain == AF_INET)
1833 -+ {
1834 -+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
1835 -+ memset(server_in, 0, sizeof(struct sockaddr_in));
1836 -+ server_in->sin_family=AF_INET;
1837 -+ server_in->sin_port = htons((unsigned short)port);
1838 -+ if (ip == NULL)
1839 -+ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
1840 -+ else
1841 -+/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */
1842 -+#ifndef BIT_FIELD_LIMITS
1843 -+ memcpy(&server_in->sin_addr.s_addr, ip, 4);
1844 -+#else
1845 -+ memcpy(&server_in->sin_addr, ip, 4);
1846 -+#endif
1847 -+ }
1848 -+#if OPENSSL_USE_IPV6
1849 -+ else
1850 - {
1851 -- int j = 1;
1852 -- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
1853 -- (void *) &j, sizeof j);
1854 -+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
1855 -+ memset(server_in6, 0, sizeof(struct sockaddr_in6));
1856 -+ server_in6->sin6_family = AF_INET6;
1857 -+ server_in6->sin6_port = htons((unsigned short)port);
1858 -+ if (ip == NULL)
1859 -+ server_in6->sin6_addr = in6addr_any;
1860 -+ else
1861 -+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
1862 - }
1863 - #endif
1864 -- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
1865 -+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
1866 - {
1867 - #ifndef OPENSSL_SYS_WINDOWS
1868 - perror("bind");
1869 -@@ -375,16 +450,23 @@
1870 - return(ret);
1871 - }
1872 -
1873 --static int init_server(int *sock, int port, int type)
1874 -+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
1875 - {
1876 -- return(init_server_long(sock, port, NULL, type));
1877 -+ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
1878 - }
1879 -
1880 - static int do_accept(int acc_sock, int *sock, char **host)
1881 - {
1882 - int ret;
1883 - struct hostent *h1,*h2;
1884 -- static struct sockaddr_in from;
1885 -+#if OPENSSL_USE_IPV6
1886 -+ struct sockaddr_storage from;
1887 -+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
1888 -+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
1889 -+#else
1890 -+ struct sockaddr_in from;
1891 -+ struct sockaddr_in *from_in = &from;
1892 -+#endif
1893 - int len;
1894 - /* struct linger ling; */
1895 -
1896 -@@ -431,13 +513,23 @@
1897 - */
1898 -
1899 - if (host == NULL) goto end;
1900 -+#if OPENSSL_USE_IPV6
1901 -+ if (from.ss_family == AF_INET)
1902 -+#else
1903 -+ if (from.sin_family == AF_INET)
1904 -+#endif
1905 - #ifndef BIT_FIELD_LIMITS
1906 -- /* I should use WSAAsyncGetHostByName() under windows */
1907 -- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
1908 -- sizeof(from.sin_addr.s_addr),AF_INET);
1909 -+ /* I should use WSAAsyncGetHostByName() under windows */
1910 -+ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
1911 -+ sizeof(from_in->sin_addr.s_addr), AF_INET);
1912 - #else
1913 -- h1=gethostbyaddr((char *)&from.sin_addr,
1914 -- sizeof(struct in_addr),AF_INET);
1915 -+ h1=gethostbyaddr((char *)&from_in->sin_addr,
1916 -+ sizeof(struct in_addr), AF_INET);
1917 -+#endif
1918 -+#if OPENSSL_USE_IPV6
1919 -+ else
1920 -+ h1=gethostbyaddr((char *)&from_in6->sin6_addr,
1921 -+ sizeof(struct in6_addr), AF_INET6);
1922 - #endif
1923 - if (h1 == NULL)
1924 - {
1925 -@@ -455,16 +547,25 @@
1926 - }
1927 - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
1928 -
1929 -- h2=GetHostByName(*host);
1930 -+#if OPENSSL_USE_IPV6
1931 -+ h2=GetHostByName(*host, from.ss_family);
1932 -+#else
1933 -+ h2=GetHostByName(*host, from.sin_family);
1934 -+#endif
1935 -+
1936 - if (h2 == NULL)
1937 - {
1938 - BIO_printf(bio_err,"gethostbyname failure\n");
1939 - closesocket(ret);
1940 - return(0);
1941 - }
1942 -- if (h2->h_addrtype != AF_INET)
1943 -+#if OPENSSL_USE_IPV6
1944 -+ if (h2->h_addrtype != from.ss_family)
1945 -+#else
1946 -+ if (h2->h_addrtype != from.sin_family)
1947 -+#endif
1948 - {
1949 -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
1950 -+ BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
1951 - closesocket(ret);
1952 - return(0);
1953 - }
1954 -@@ -480,7 +581,7 @@
1955 - char *h,*p;
1956 -
1957 - h=str;
1958 -- p=strchr(str,':');
1959 -+ p=strrchr(str,':');
1960 - if (p == NULL)
1961 - {
1962 - BIO_printf(bio_err,"no port defined\n");
1963 -@@ -488,7 +589,7 @@
1964 - }
1965 - *(p++)='\0';
1966 -
1967 -- if ((ip != NULL) && !host_ip(str,ip))
1968 -+ if ((ip != NULL) && !host_ip(str,ip,AF_INET))
1969 - goto err;
1970 - if (host_ptr != NULL) *host_ptr=h;
1971 -
1972 -@@ -499,48 +600,58 @@
1973 - return(0);
1974 - }
1975 -
1976 --static int host_ip(char *str, unsigned char ip[4])
1977 -+static int host_ip(char *str, unsigned char *ip, int domain)
1978 - {
1979 -- unsigned int in[4];
1980 -+ unsigned int in[4];
1981 -+ unsigned long l;
1982 - int i;
1983 -
1984 -- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
1985 -+ if ((domain == AF_INET) &&
1986 -+ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
1987 - {
1988 -+
1989 - for (i=0; i<4; i++)
1990 - if (in[i] > 255)
1991 - {
1992 - BIO_printf(bio_err,"invalid IP address\n");
1993 - goto err;
1994 - }
1995 -- ip[0]=in[0];
1996 -- ip[1]=in[1];
1997 -- ip[2]=in[2];
1998 -- ip[3]=in[3];
1999 -- }
2000 -+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
2001 -+ memcpy(ip, &l, 4);
2002 -+ return 1;
2003 -+ }
2004 -+#if OPENSSL_USE_IPV6
2005 -+ else if ((domain == AF_INET6) &&
2006 -+ (inet_pton(AF_INET6, str, ip) == 1))
2007 -+ return 1;
2008 -+#endif
2009 - else
2010 - { /* do a gethostbyname */
2011 - struct hostent *he;
2012 -
2013 - if (!ssl_sock_init()) return(0);
2014 -
2015 -- he=GetHostByName(str);
2016 -+ he=GetHostByName(str,domain);
2017 - if (he == NULL)
2018 - {
2019 - BIO_printf(bio_err,"gethostbyname failure\n");
2020 - goto err;
2021 - }
2022 - /* cast to short because of win16 winsock definition */
2023 -- if ((short)he->h_addrtype != AF_INET)
2024 -+ if ((short)he->h_addrtype != domain)
2025 - {
2026 -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
2027 -+ BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
2028 - return(0);
2029 - }
2030 -- ip[0]=he->h_addr_list[0][0];
2031 -- ip[1]=he->h_addr_list[0][1];
2032 -- ip[2]=he->h_addr_list[0][2];
2033 -- ip[3]=he->h_addr_list[0][3];
2034 -+ if (domain == AF_INET)
2035 -+ memset(ip, 0, 4);
2036 -+#if OPENSSL_USE_IPV6
2037 -+ else
2038 -+ memset(ip, 0, 16);
2039 -+#endif
2040 -+ memcpy(ip, he->h_addr_list[0], he->h_length);
2041 -+ return 1;
2042 - }
2043 -- return(1);
2044 - err:
2045 - return(0);
2046 - }
2047 -@@ -577,7 +688,7 @@
2048 - static unsigned long ghbn_hits=0L;
2049 - static unsigned long ghbn_miss=0L;
2050 -
2051 --static struct hostent *GetHostByName(char *name)
2052 -+static struct hostent *GetHostByName(char *name, int domain)
2053 - {
2054 - struct hostent *ret;
2055 - int i,lowi=0;
2056 -@@ -592,14 +703,20 @@
2057 - }
2058 - if (ghbn_cache[i].order > 0)
2059 - {
2060 -- if (strncmp(name,ghbn_cache[i].name,128) == 0)
2061 -+ if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
2062 -+ (ghbn_cache[i].ent.h_addrtype == domain))
2063 - break;
2064 - }
2065 - }
2066 - if (i == GHBN_NUM) /* no hit*/
2067 - {
2068 - ghbn_miss++;
2069 -- ret=gethostbyname(name);
2070 -+ if (domain == AF_INET)
2071 -+ ret=gethostbyname(name);
2072 -+#if OPENSSL_USE_IPV6
2073 -+ else
2074 -+ ret=gethostbyname2(name, AF_INET6);
2075 -+#endif
2076 - if (ret == NULL) return(NULL);
2077 - /* else add to cache */
2078 - if(strlen(name) < sizeof ghbn_cache[0].name)
2079
2080 diff --git a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
2081 deleted file mode 100644
2082 index 811f573..0000000
2083 --- a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
2084 +++ /dev/null
2085 @@ -1,356 +0,0 @@
2086 ---- openssl-1.0.1l/crypto/asn1/a_type.c
2087 -+++ openssl-1.0.1l/crypto/asn1/a_type.c
2088 -@@ -124,6 +124,9 @@
2089 - case V_ASN1_OBJECT:
2090 - result = OBJ_cmp(a->value.object, b->value.object);
2091 - break;
2092 -+ case V_ASN1_BOOLEAN:
2093 -+ result = a->value.boolean - b->value.boolean;
2094 -+ break;
2095 - case V_ASN1_NULL:
2096 - result = 0; /* They do not have content. */
2097 - break;
2098 ---- openssl-1.0.1l/crypto/asn1/tasn_dec.c
2099 -+++ openssl-1.0.1l/crypto/asn1/tasn_dec.c
2100 -@@ -130,11 +130,17 @@
2101 - {
2102 - ASN1_TLC c;
2103 - ASN1_VALUE *ptmpval = NULL;
2104 -- if (!pval)
2105 -- pval = &ptmpval;
2106 - asn1_tlc_clear_nc(&c);
2107 -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
2108 -- return *pval;
2109 -+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
2110 -+ ptmpval = *pval;
2111 -+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
2112 -+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
2113 -+ if (*pval)
2114 -+ ASN1_item_free(*pval, it);
2115 -+ *pval = ptmpval;
2116 -+ }
2117 -+ return ptmpval;
2118 -+ }
2119 - return NULL;
2120 - }
2121 -
2122 -@@ -311,9 +317,16 @@
2123 - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
2124 - goto auxerr;
2125 -
2126 -- /* Allocate structure */
2127 -- if (!*pval && !ASN1_item_ex_new(pval, it))
2128 -- {
2129 -+ if (*pval) {
2130 -+ /* Free up and zero CHOICE value if initialised */
2131 -+ i = asn1_get_choice_selector(pval, it);
2132 -+ if ((i >= 0) && (i < it->tcount)) {
2133 -+ tt = it->templates + i;
2134 -+ pchptr = asn1_get_field_ptr(pval, tt);
2135 -+ ASN1_template_free(pchptr, tt);
2136 -+ asn1_set_choice_selector(pval, -1, it);
2137 -+ }
2138 -+ } else if (!ASN1_item_ex_new(pval, it)) {
2139 - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
2140 - ERR_R_NESTED_ASN1_ERROR);
2141 - goto err;
2142 -@@ -407,6 +420,17 @@
2143 - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
2144 - goto auxerr;
2145 -
2146 -+ /* Free up and zero any ADB found */
2147 -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
2148 -+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
2149 -+ const ASN1_TEMPLATE *seqtt;
2150 -+ ASN1_VALUE **pseqval;
2151 -+ seqtt = asn1_do_adb(pval, tt, 1);
2152 -+ pseqval = asn1_get_field_ptr(pval, seqtt);
2153 -+ ASN1_template_free(pseqval, seqtt);
2154 -+ }
2155 -+ }
2156 -+
2157 - /* Get each field entry */
2158 - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
2159 - {
2160 ---- openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
2161 -+++ openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
2162 -@@ -272,6 +272,25 @@
2163 - PKCS7_RECIP_INFO *ri=NULL;
2164 - ASN1_OCTET_STRING *os=NULL;
2165 -
2166 -+ if (p7 == NULL) {
2167 -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
2168 -+ return NULL;
2169 -+ }
2170 -+ /*
2171 -+ * The content field in the PKCS7 ContentInfo is optional, but that really
2172 -+ * only applies to inner content (precisely, detached signatures).
2173 -+ *
2174 -+ * When reading content, missing outer content is therefore treated as an
2175 -+ * error.
2176 -+ *
2177 -+ * When creating content, PKCS7_content_new() must be called before
2178 -+ * calling this method, so a NULL p7->d is always an error.
2179 -+ */
2180 -+ if (p7->d.ptr == NULL) {
2181 -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
2182 -+ return NULL;
2183 -+ }
2184 -+
2185 - i=OBJ_obj2nid(p7->type);
2186 - p7->state=PKCS7_S_HEADER;
2187 -
2188 -@@ -433,6 +452,16 @@
2189 - unsigned char *ek = NULL, *tkey = NULL;
2190 - int eklen = 0, tkeylen = 0;
2191 -
2192 -+ if (p7 == NULL) {
2193 -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
2194 -+ return NULL;
2195 -+ }
2196 -+
2197 -+ if (p7->d.ptr == NULL) {
2198 -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
2199 -+ return NULL;
2200 -+ }
2201 -+
2202 - i=OBJ_obj2nid(p7->type);
2203 - p7->state=PKCS7_S_HEADER;
2204 -
2205 -@@ -752,6 +781,16 @@
2206 - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
2207 - ASN1_OCTET_STRING *os=NULL;
2208 -
2209 -+ if (p7 == NULL) {
2210 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
2211 -+ return 0;
2212 -+ }
2213 -+
2214 -+ if (p7->d.ptr == NULL) {
2215 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
2216 -+ return 0;
2217 -+ }
2218 -+
2219 - EVP_MD_CTX_init(&ctx_tmp);
2220 - i=OBJ_obj2nid(p7->type);
2221 - p7->state=PKCS7_S_HEADER;
2222 -@@ -796,6 +835,7 @@
2223 - /* If detached data then the content is excluded */
2224 - if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
2225 - M_ASN1_OCTET_STRING_free(os);
2226 -+ os = NULL;
2227 - p7->d.sign->contents->d.data = NULL;
2228 - }
2229 - break;
2230 -@@ -806,6 +846,7 @@
2231 - if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
2232 - {
2233 - M_ASN1_OCTET_STRING_free(os);
2234 -+ os = NULL;
2235 - p7->d.digest->contents->d.data = NULL;
2236 - }
2237 - break;
2238 -@@ -878,24 +919,31 @@
2239 - M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
2240 - }
2241 -
2242 -- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
2243 -- {
2244 -+ if (!PKCS7_is_detached(p7)) {
2245 -+ /*
2246 -+ * NOTE(emilia): I think we only reach os == NULL here because detached
2247 -+ * digested data support is broken.
2248 -+ */
2249 -+ if (os == NULL)
2250 -+ goto err;
2251 -+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
2252 - char *cont;
2253 - long contlen;
2254 -- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
2255 -- if (btmp == NULL)
2256 -- {
2257 -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
2258 -- goto err;
2259 -- }
2260 -+ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
2261 -+ if (btmp == NULL) {
2262 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
2263 -+ goto err;
2264 -+ }
2265 - contlen = BIO_get_mem_data(btmp, &cont);
2266 -- /* Mark the BIO read only then we can use its copy of the data
2267 -+ /*
2268 -+ * Mark the BIO read only then we can use its copy of the data
2269 - * instead of making an extra copy.
2270 - */
2271 - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
2272 - BIO_set_mem_eof_return(btmp, 0);
2273 - ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
2274 -- }
2275 -+ }
2276 -+ }
2277 - ret=1;
2278 - err:
2279 - EVP_MD_CTX_cleanup(&ctx_tmp);
2280 -@@ -971,6 +1019,16 @@
2281 - STACK_OF(X509) *cert;
2282 - X509 *x509;
2283 -
2284 -+ if (p7 == NULL) {
2285 -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
2286 -+ return 0;
2287 -+ }
2288 -+
2289 -+ if (p7->d.ptr == NULL) {
2290 -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
2291 -+ return 0;
2292 -+ }
2293 -+
2294 - if (PKCS7_type_is_signed(p7))
2295 - {
2296 - cert=p7->d.sign->cert;
2297 ---- openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
2298 -+++ openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
2299 -@@ -71,6 +71,7 @@
2300 -
2301 - switch (cmd)
2302 - {
2303 -+ /* NOTE(emilia): does not support detached digested data. */
2304 - case PKCS7_OP_SET_DETACHED_SIGNATURE:
2305 - if (nid == NID_pkcs7_signed)
2306 - {
2307 -@@ -459,6 +460,8 @@
2308 -
2309 - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
2310 - {
2311 -+ if (p7 == NULL || p7->d.ptr == NULL)
2312 -+ return NULL;
2313 - if (PKCS7_type_is_signed(p7))
2314 - {
2315 - return(p7->d.sign->signer_info);
2316 ---- openssl-1.0.1l/doc/crypto/d2i_X509.pod
2317 -+++ openssl-1.0.1l/doc/crypto/d2i_X509.pod
2318 -@@ -199,6 +199,12 @@
2319 - persist if they are not present in the new one. As a result the use
2320 - of this "reuse" behaviour is strongly discouraged.
2321 -
2322 -+Current versions of OpenSSL will not modify B<*px> if an error occurs.
2323 -+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
2324 -+set to the value of the newly decoded structure. As a result B<*px>
2325 -+B<must not> be allocated on the stack or an attempt will be made to
2326 -+free an invalid pointer.
2327 -+
2328 - i2d_X509() will not return an error in many versions of OpenSSL,
2329 - if mandatory fields are not initialized due to a programming error
2330 - then the encoded structure may contain invalid data or omit the
2331 -@@ -210,7 +216,9 @@
2332 -
2333 - d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
2334 - or B<NULL> if an error occurs. The error code that can be obtained by
2335 --L<ERR_get_error(3)|ERR_get_error(3)>.
2336 -+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
2337 -+with a valid X509 structure being passed in via B<px> then the object is not
2338 -+modified in the event of error.
2339 -
2340 - i2d_X509() returns the number of bytes successfully encoded or a negative
2341 - value if an error occurs. The error code can be obtained by
2342 ---- openssl-1.0.1l/ssl/s2_lib.c
2343 -+++ openssl-1.0.1l/ssl/s2_lib.c
2344 -@@ -488,7 +488,7 @@
2345 -
2346 - OPENSSL_assert(s->session->master_key_length >= 0
2347 - && s->session->master_key_length
2348 -- < (int)sizeof(s->session->master_key));
2349 -+ <= (int)sizeof(s->session->master_key));
2350 - EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
2351 - EVP_DigestUpdate(&ctx,&c,1);
2352 - c++;
2353 ---- openssl-1.0.1l/ssl/s2_srvr.c
2354 -+++ openssl-1.0.1l/ssl/s2_srvr.c
2355 -@@ -454,10 +454,6 @@
2356 - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
2357 - return(-1);
2358 - }
2359 -- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
2360 -- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
2361 -- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
2362 --
2363 - is_export=SSL_C_IS_EXPORT(s->session->cipher);
2364 -
2365 - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
2366 -@@ -475,21 +471,59 @@
2367 - else
2368 - ek=5;
2369 -
2370 -+ /*
2371 -+ * The format of the CLIENT-MASTER-KEY message is
2372 -+ * 1 byte message type
2373 -+ * 3 bytes cipher
2374 -+ * 2-byte clear key length (stored in s->s2->tmp.clear)
2375 -+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
2376 -+ * 2-byte key args length (IV etc)
2377 -+ * clear key
2378 -+ * encrypted key
2379 -+ * key args
2380 -+ *
2381 -+ * If the cipher is an export cipher, then the encrypted key bytes
2382 -+ * are a fixed portion of the total key (5 or 8 bytes). The size of
2383 -+ * this portion is in |ek|. If the cipher is not an export cipher,
2384 -+ * then the entire key material is encrypted (i.e., clear key length
2385 -+ * must be zero).
2386 -+ */
2387 -+ if ((!is_export && s->s2->tmp.clear != 0) ||
2388 -+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
2389 -+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
2390 -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
2391 -+ return -1;
2392 -+ }
2393 -+ /*
2394 -+ * The encrypted blob must decrypt to the encrypted portion of the key.
2395 -+ * Decryption can't be expanding, so if we don't have enough encrypted
2396 -+ * bytes to fit the key in the buffer, stop now.
2397 -+ */
2398 -+ if ((is_export && s->s2->tmp.enc < ek) ||
2399 -+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
2400 -+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
2401 -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
2402 -+ return -1;
2403 -+ }
2404 -+
2405 -+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
2406 -+ &(p[s->s2->tmp.clear]),
2407 -+ &(p[s->s2->tmp.clear]),
2408 -+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
2409 -+ RSA_PKCS1_PADDING);
2410 -+
2411 - /* bad decrypt */
2412 - #if 1
2413 - /* If a bad decrypt, continue with protocol but with a
2414 - * random master secret (Bleichenbacher attack) */
2415 -- if ((i < 0) ||
2416 -- ((!is_export && (i != EVP_CIPHER_key_length(c)))
2417 -- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
2418 -- (unsigned int)EVP_CIPHER_key_length(c))))))
2419 -- {
2420 -+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
2421 -+ || (is_export && i != ek))) {
2422 - ERR_clear_error();
2423 - if (is_export)
2424 - i=ek;
2425 - else
2426 - i=EVP_CIPHER_key_length(c);
2427 -- if (RAND_pseudo_bytes(p,i) <= 0)
2428 -+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
2429 - return 0;
2430 - }
2431 - #else
2432 -@@ -513,7 +547,8 @@
2433 - }
2434 - #endif
2435 -
2436 -- if (is_export) i+=s->s2->tmp.clear;
2437 -+ if (is_export)
2438 -+ i = EVP_CIPHER_key_length(c);
2439 -
2440 - if (i > SSL_MAX_MASTER_KEY_LENGTH)
2441 - {
2442
2443 diff --git a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
2444 deleted file mode 100644
2445 index db92b79..0000000
2446 --- a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
2447 +++ /dev/null
2448 @@ -1,364 +0,0 @@
2449 -http://rt.openssl.org/Ticket/Display.html?id=2084
2450 -
2451 ---- openssl-1.0.1m/crypto/Makefile
2452 -+++ openssl-1.0.1m/crypto/Makefile
2453 -@@ -85,11 +85,11 @@
2454 - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
2455 -
2456 - subdirs:
2457 -- @target=all; $(RECURSIVE_MAKE)
2458 -+ +@target=all; $(RECURSIVE_MAKE)
2459 -
2460 - files:
2461 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
2462 -- @target=files; $(RECURSIVE_MAKE)
2463 -+ +@target=files; $(RECURSIVE_MAKE)
2464 -
2465 - links:
2466 - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
2467 -@@ -100,7 +100,7 @@
2468 - # lib: $(LIB): are splitted to avoid end-less loop
2469 - lib: $(LIB)
2470 - @touch lib
2471 --$(LIB): $(LIBOBJ)
2472 -+$(LIB): $(LIBOBJ) | subdirs
2473 - $(AR) $(LIB) $(LIBOBJ)
2474 - [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
2475 - $(RANLIB) $(LIB) || echo Never mind.
2476 -@@ -111,7 +111,7 @@
2477 - fi
2478 -
2479 - libs:
2480 -- @target=lib; $(RECURSIVE_MAKE)
2481 -+ +@target=lib; $(RECURSIVE_MAKE)
2482 -
2483 - install:
2484 - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
2485 -@@ -120,7 +120,7 @@
2486 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
2487 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
2488 - done;
2489 -- @target=install; $(RECURSIVE_MAKE)
2490 -+ +@target=install; $(RECURSIVE_MAKE)
2491 -
2492 - lint:
2493 - @target=lint; $(RECURSIVE_MAKE)
2494 ---- openssl-1.0.1m/crypto/objects/Makefile
2495 -+++ openssl-1.0.1m/crypto/objects/Makefile
2496 -@@ -44,11 +44,11 @@
2497 - # objects.pl both reads and writes obj_mac.num
2498 - obj_mac.h: objects.pl objects.txt obj_mac.num
2499 - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
2500 -- @sleep 1; touch obj_mac.h; sleep 1
2501 -
2502 --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
2503 -+# This doesn't really need obj_mac.h, but since that rule reads & writes
2504 -+# obj_mac.num, we can't run in parallel with it.
2505 -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
2506 - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
2507 -- @sleep 1; touch obj_xref.h; sleep 1
2508 -
2509 - files:
2510 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
2511 ---- openssl-1.0.1m/engines/Makefile
2512 -+++ openssl-1.0.1m/engines/Makefile
2513 -@@ -72,7 +72,7 @@
2514 -
2515 - all: lib subdirs
2516 -
2517 --lib: $(LIBOBJ)
2518 -+lib: $(LIBOBJ) | subdirs
2519 - @if [ -n "$(SHARED_LIBS)" ]; then \
2520 - set -e; \
2521 - for l in $(LIBNAMES); do \
2522 -@@ -89,7 +89,7 @@
2523 -
2524 - subdirs:
2525 - echo $(EDIRS)
2526 -- @target=all; $(RECURSIVE_MAKE)
2527 -+ +@target=all; $(RECURSIVE_MAKE)
2528 -
2529 - files:
2530 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
2531 -@@ -128,7 +128,7 @@
2532 - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
2533 - done; \
2534 - fi
2535 -- @target=install; $(RECURSIVE_MAKE)
2536 -+ +@target=install; $(RECURSIVE_MAKE)
2537 -
2538 - tags:
2539 - ctags $(SRC)
2540 ---- openssl-1.0.1m/Makefile.org
2541 -+++ openssl-1.0.1m/Makefile.org
2542 -@@ -273,17 +273,17 @@
2543 - build_libs: build_crypto build_ssl build_engines
2544 -
2545 - build_crypto:
2546 -- @dir=crypto; target=all; $(BUILD_ONE_CMD)
2547 --build_ssl:
2548 -- @dir=ssl; target=all; $(BUILD_ONE_CMD)
2549 --build_engines:
2550 -- @dir=engines; target=all; $(BUILD_ONE_CMD)
2551 --build_apps:
2552 -- @dir=apps; target=all; $(BUILD_ONE_CMD)
2553 --build_tests:
2554 -- @dir=test; target=all; $(BUILD_ONE_CMD)
2555 --build_tools:
2556 -- @dir=tools; target=all; $(BUILD_ONE_CMD)
2557 -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
2558 -+build_ssl: build_crypto
2559 -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
2560 -+build_engines: build_crypto
2561 -+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
2562 -+build_apps: build_libs
2563 -+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
2564 -+build_tests: build_libs
2565 -+ +@dir=test; target=all; $(BUILD_ONE_CMD)
2566 -+build_tools: build_libs
2567 -+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
2568 -
2569 - all_testapps: build_libs build_testapps
2570 - build_testapps:
2571 -@@ -538,9 +538,9 @@
2572 - dist_pem_h:
2573 - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
2574 -
2575 --install: all install_docs install_sw
2576 -+install: install_docs install_sw
2577 -
2578 --install_sw:
2579 -+install_dirs:
2580 - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
2581 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
2582 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
2583 -@@ -549,12 +549,19 @@
2584 - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
2585 - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
2586 - $(INSTALL_PREFIX)$(OPENSSLDIR)/private
2587 -+ @$(PERL) $(TOP)/util/mkdir-p.pl \
2588 -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
2589 -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
2590 -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
2591 -+ $(INSTALL_PREFIX)$(MANDIR)/man7
2592 -+
2593 -+install_sw: install_dirs
2594 - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
2595 - do \
2596 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
2597 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
2598 - done;
2599 -- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
2600 -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
2601 - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
2602 - do \
2603 - if [ -f "$$i" ]; then \
2604 -@@ -634,12 +641,7 @@
2605 - done; \
2606 - done
2607 -
2608 --install_docs:
2609 -- @$(PERL) $(TOP)/util/mkdir-p.pl \
2610 -- $(INSTALL_PREFIX)$(MANDIR)/man1 \
2611 -- $(INSTALL_PREFIX)$(MANDIR)/man3 \
2612 -- $(INSTALL_PREFIX)$(MANDIR)/man5 \
2613 -- $(INSTALL_PREFIX)$(MANDIR)/man7
2614 -+install_docs: install_dirs
2615 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
2616 - here="`pwd`"; \
2617 - filecase=; \
2618 ---- openssl-1.0.1m/Makefile.shared
2619 -+++ openssl-1.0.1m/Makefile.shared
2620 -@@ -105,6 +105,7 @@
2621 - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
2622 - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
2623 - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
2624 -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
2625 - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
2626 - $${SHAREDCMD} $${SHAREDFLAGS} \
2627 - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
2628 -@@ -122,6 +123,7 @@
2629 - done; \
2630 - fi; \
2631 - if [ -n "$$SHLIB_SOVER" ]; then \
2632 -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
2633 - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
2634 - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
2635 - fi; \
2636 ---- openssl-1.0.1m/test/Makefile
2637 -+++ openssl-1.0.1m/test/Makefile
2638 -@@ -130,7 +130,7 @@
2639 - tags:
2640 - ctags $(SRC)
2641 -
2642 --tests: exe apps $(TESTS)
2643 -+tests: exe $(TESTS)
2644 -
2645 - apps:
2646 - @(cd ..; $(MAKE) DIRS=apps all)
2647 -@@ -388,118 +388,118 @@
2648 - link_app.$${shlib_target}
2649 -
2650 - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
2651 -- @target=$(RSATEST); $(BUILD_CMD)
2652 -+ +@target=$(RSATEST); $(BUILD_CMD)
2653 -
2654 - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
2655 -- @target=$(BNTEST); $(BUILD_CMD)
2656 -+ +@target=$(BNTEST); $(BUILD_CMD)
2657 -
2658 - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
2659 -- @target=$(ECTEST); $(BUILD_CMD)
2660 -+ +@target=$(ECTEST); $(BUILD_CMD)
2661 -
2662 - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
2663 -- @target=$(EXPTEST); $(BUILD_CMD)
2664 -+ +@target=$(EXPTEST); $(BUILD_CMD)
2665 -
2666 - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
2667 -- @target=$(IDEATEST); $(BUILD_CMD)
2668 -+ +@target=$(IDEATEST); $(BUILD_CMD)
2669 -
2670 - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
2671 -- @target=$(MD2TEST); $(BUILD_CMD)
2672 -+ +@target=$(MD2TEST); $(BUILD_CMD)
2673 -
2674 - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
2675 -- @target=$(SHATEST); $(BUILD_CMD)
2676 -+ +@target=$(SHATEST); $(BUILD_CMD)
2677 -
2678 - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
2679 -- @target=$(SHA1TEST); $(BUILD_CMD)
2680 -+ +@target=$(SHA1TEST); $(BUILD_CMD)
2681 -
2682 - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
2683 -- @target=$(SHA256TEST); $(BUILD_CMD)
2684 -+ +@target=$(SHA256TEST); $(BUILD_CMD)
2685 -
2686 - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
2687 -- @target=$(SHA512TEST); $(BUILD_CMD)
2688 -+ +@target=$(SHA512TEST); $(BUILD_CMD)
2689 -
2690 - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
2691 -- @target=$(RMDTEST); $(BUILD_CMD)
2692 -+ +@target=$(RMDTEST); $(BUILD_CMD)
2693 -
2694 - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
2695 -- @target=$(MDC2TEST); $(BUILD_CMD)
2696 -+ +@target=$(MDC2TEST); $(BUILD_CMD)
2697 -
2698 - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
2699 -- @target=$(MD4TEST); $(BUILD_CMD)
2700 -+ +@target=$(MD4TEST); $(BUILD_CMD)
2701 -
2702 - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
2703 -- @target=$(MD5TEST); $(BUILD_CMD)
2704 -+ +@target=$(MD5TEST); $(BUILD_CMD)
2705 -
2706 - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
2707 -- @target=$(HMACTEST); $(BUILD_CMD)
2708 -+ +@target=$(HMACTEST); $(BUILD_CMD)
2709 -
2710 - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
2711 -- @target=$(WPTEST); $(BUILD_CMD)
2712 -+ +@target=$(WPTEST); $(BUILD_CMD)
2713 -
2714 - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
2715 -- @target=$(RC2TEST); $(BUILD_CMD)
2716 -+ +@target=$(RC2TEST); $(BUILD_CMD)
2717 -
2718 - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
2719 -- @target=$(BFTEST); $(BUILD_CMD)
2720 -+ +@target=$(BFTEST); $(BUILD_CMD)
2721 -
2722 - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
2723 -- @target=$(CASTTEST); $(BUILD_CMD)
2724 -+ +@target=$(CASTTEST); $(BUILD_CMD)
2725 -
2726 - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
2727 -- @target=$(RC4TEST); $(BUILD_CMD)
2728 -+ +@target=$(RC4TEST); $(BUILD_CMD)
2729 -
2730 - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
2731 -- @target=$(RC5TEST); $(BUILD_CMD)
2732 -+ +@target=$(RC5TEST); $(BUILD_CMD)
2733 -
2734 - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
2735 -- @target=$(DESTEST); $(BUILD_CMD)
2736 -+ +@target=$(DESTEST); $(BUILD_CMD)
2737 -
2738 - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
2739 -- @target=$(RANDTEST); $(BUILD_CMD)
2740 -+ +@target=$(RANDTEST); $(BUILD_CMD)
2741 -
2742 - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
2743 -- @target=$(DHTEST); $(BUILD_CMD)
2744 -+ +@target=$(DHTEST); $(BUILD_CMD)
2745 -
2746 - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
2747 -- @target=$(DSATEST); $(BUILD_CMD)
2748 -+ +@target=$(DSATEST); $(BUILD_CMD)
2749 -
2750 - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
2751 -- @target=$(METHTEST); $(BUILD_CMD)
2752 -+ +@target=$(METHTEST); $(BUILD_CMD)
2753 -
2754 - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
2755 -- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
2756 -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
2757 -
2758 - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
2759 -- @target=$(ENGINETEST); $(BUILD_CMD)
2760 -+ +@target=$(ENGINETEST); $(BUILD_CMD)
2761 -
2762 - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
2763 -- @target=$(EVPTEST); $(BUILD_CMD)
2764 -+ +@target=$(EVPTEST); $(BUILD_CMD)
2765 -
2766 - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
2767 -- @target=$(EVPEXTRATEST); $(BUILD_CMD)
2768 -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
2769 -
2770 - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
2771 -- @target=$(ECDSATEST); $(BUILD_CMD)
2772 -+ +@target=$(ECDSATEST); $(BUILD_CMD)
2773 -
2774 - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
2775 -- @target=$(ECDHTEST); $(BUILD_CMD)
2776 -+ +@target=$(ECDHTEST); $(BUILD_CMD)
2777 -
2778 - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
2779 -- @target=$(IGETEST); $(BUILD_CMD)
2780 -+ +@target=$(IGETEST); $(BUILD_CMD)
2781 -
2782 - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
2783 -- @target=$(JPAKETEST); $(BUILD_CMD)
2784 -+ +@target=$(JPAKETEST); $(BUILD_CMD)
2785 -
2786 - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
2787 -- @target=$(ASN1TEST); $(BUILD_CMD)
2788 -+ +@target=$(ASN1TEST); $(BUILD_CMD)
2789 -
2790 - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
2791 -- @target=$(SRPTEST); $(BUILD_CMD)
2792 -+ +@target=$(SRPTEST); $(BUILD_CMD)
2793 -
2794 - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
2795 -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
2796 -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
2797 -
2798 - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
2799 -- @target=$(CONSTTIMETEST) $(BUILD_CMD)
2800 -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
2801 -
2802 - #$(AESTEST).o: $(AESTEST).c
2803 - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
2804 -@@ -512,7 +512,7 @@
2805 - # fi
2806 -
2807 - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
2808 -- @target=dummytest; $(BUILD_CMD)
2809 -+ +@target=dummytest; $(BUILD_CMD)
2810 -
2811 - # DO NOT DELETE THIS LINE -- make depend depends on it.
2812 -
2813
2814 diff --git a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
2815 deleted file mode 100644
2816 index 8aa29e4..0000000
2817 --- a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
2818 +++ /dev/null
2819 @@ -1,21 +0,0 @@
2820 -https://bugs.gentoo.org/472584
2821 -http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
2822 -
2823 -fix verification handling in s_client. when loading paths, make sure
2824 -we properly fallback to setting the default paths.
2825 -
2826 -Forward-ported from openssl-1.0.1e-s_client-verify.patch
2827 -
2828 -Signed-off-by: Lars Wendler <polynomial-c@g.o>
2829 -
2830 ---- openssl-1.0.1m/apps/s_client.c
2831 -+++ openssl-1.0.1m/apps/s_client.c
2832 -@@ -1177,7 +1177,7 @@ int MAIN(int argc, char **argv)
2833 - if (!set_cert_key_stuff(ctx, cert, key))
2834 - goto end;
2835 -
2836 -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
2837 -+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
2838 - (!SSL_CTX_set_default_verify_paths(ctx))) {
2839 - /*
2840 - * BIO_printf(bio_err,"error setting default verify locations\n");
2841
2842 diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
2843 deleted file mode 100644
2844 index 6d396b4..0000000
2845 --- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
2846 +++ /dev/null
2847 @@ -1,49 +0,0 @@
2848 -https://bugs.gentoo.org/541502
2849 -
2850 -From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
2851 -From: Matt Caswell <matt@×××××××.org>
2852 -Date: Mon, 9 Feb 2015 11:38:41 +0000
2853 -Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
2854 -MIME-Version: 1.0
2855 -Content-Type: text/plain; charset=UTF-8
2856 -Content-Transfer-Encoding: 8bit
2857 -
2858 -Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@××××××××.org>
2859 -
2860 -CVE-2015-0209
2861 -
2862 -Reviewed-by: Emilia Käsper <emilia@×××××××.org>
2863 ----
2864 - crypto/ec/ec_asn1.c | 6 +++---
2865 - 1 file changed, 3 insertions(+), 3 deletions(-)
2866 -
2867 -diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
2868 -index 30b7df4..d3e8316 100644
2869 ---- a/crypto/ec/ec_asn1.c
2870 -+++ b/crypto/ec/ec_asn1.c
2871 -@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
2872 - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
2873 - goto err;
2874 - }
2875 -- if (a)
2876 -- *a = ret;
2877 - } else
2878 - ret = *a;
2879 -
2880 -@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
2881 - }
2882 - }
2883 -
2884 -+ if (a)
2885 -+ *a = ret;
2886 - ok = 1;
2887 - err:
2888 - if (!ok) {
2889 -- if (ret)
2890 -+ if (ret && (a == NULL || *a != ret))
2891 - EC_KEY_free(ret);
2892 - ret = NULL;
2893 - }
2894 ---
2895 -2.3.1
2896 -
2897
2898 diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
2899 deleted file mode 100644
2900 index a6a10b0..0000000
2901 --- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
2902 +++ /dev/null
2903 @@ -1,31 +0,0 @@
2904 -https://bugs.gentoo.org/542038
2905 -
2906 -From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
2907 -From: "Dr. Stephen Henson" <steve@×××××××.org>
2908 -Date: Wed, 18 Feb 2015 00:34:59 +0000
2909 -Subject: [PATCH] Check public key is not NULL.
2910 -
2911 -CVE-2015-0288
2912 -PR#3708
2913 -
2914 -Reviewed-by: Matt Caswell <matt@×××××××.org>
2915 ----
2916 - crypto/x509/x509_req.c | 2 ++
2917 - 1 file changed, 2 insertions(+)
2918 -
2919 -diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
2920 -index bc6e566..01795f4 100644
2921 ---- a/crypto/x509/x509_req.c
2922 -+++ b/crypto/x509/x509_req.c
2923 -@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
2924 - goto err;
2925 -
2926 - pktmp = X509_get_pubkey(x);
2927 -+ if (pktmp == NULL)
2928 -+ goto err;
2929 - i = X509_REQ_set_pubkey(ret, pktmp);
2930 - EVP_PKEY_free(pktmp);
2931 - if (!i)
2932 ---
2933 -2.3.1
2934 -
2935
2936 diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
2937 deleted file mode 100644
2938 index 852d06e..0000000
2939 --- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
2940 +++ /dev/null
2941 @@ -1,459 +0,0 @@
2942 ---- openssl-1.0.2/crypto/asn1/a_type.c
2943 -+++ openssl-1.0.2/crypto/asn1/a_type.c
2944 -@@ -119,6 +119,9 @@
2945 - case V_ASN1_OBJECT:
2946 - result = OBJ_cmp(a->value.object, b->value.object);
2947 - break;
2948 -+ case V_ASN1_BOOLEAN:
2949 -+ result = a->value.boolean - b->value.boolean;
2950 -+ break;
2951 - case V_ASN1_NULL:
2952 - result = 0; /* They do not have content. */
2953 - break;
2954 ---- openssl-1.0.2/crypto/asn1/tasn_dec.c
2955 -+++ openssl-1.0.2/crypto/asn1/tasn_dec.c
2956 -@@ -140,11 +140,17 @@
2957 - {
2958 - ASN1_TLC c;
2959 - ASN1_VALUE *ptmpval = NULL;
2960 -- if (!pval)
2961 -- pval = &ptmpval;
2962 - asn1_tlc_clear_nc(&c);
2963 -- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
2964 -- return *pval;
2965 -+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
2966 -+ ptmpval = *pval;
2967 -+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
2968 -+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
2969 -+ if (*pval)
2970 -+ ASN1_item_free(*pval, it);
2971 -+ *pval = ptmpval;
2972 -+ }
2973 -+ return ptmpval;
2974 -+ }
2975 - return NULL;
2976 - }
2977 -
2978 -@@ -304,9 +310,16 @@
2979 - case ASN1_ITYPE_CHOICE:
2980 - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
2981 - goto auxerr;
2982 --
2983 -- /* Allocate structure */
2984 -- if (!*pval && !ASN1_item_ex_new(pval, it)) {
2985 -+ if (*pval) {
2986 -+ /* Free up and zero CHOICE value if initialised */
2987 -+ i = asn1_get_choice_selector(pval, it);
2988 -+ if ((i >= 0) && (i < it->tcount)) {
2989 -+ tt = it->templates + i;
2990 -+ pchptr = asn1_get_field_ptr(pval, tt);
2991 -+ ASN1_template_free(pchptr, tt);
2992 -+ asn1_set_choice_selector(pval, -1, it);
2993 -+ }
2994 -+ } else if (!ASN1_item_ex_new(pval, it)) {
2995 - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
2996 - goto err;
2997 - }
2998 -@@ -386,6 +399,17 @@
2999 - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
3000 - goto auxerr;
3001 -
3002 -+ /* Free up and zero any ADB found */
3003 -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
3004 -+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
3005 -+ const ASN1_TEMPLATE *seqtt;
3006 -+ ASN1_VALUE **pseqval;
3007 -+ seqtt = asn1_do_adb(pval, tt, 1);
3008 -+ pseqval = asn1_get_field_ptr(pval, seqtt);
3009 -+ ASN1_template_free(pseqval, seqtt);
3010 -+ }
3011 -+ }
3012 -+
3013 - /* Get each field entry */
3014 - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
3015 - const ASN1_TEMPLATE *seqtt;
3016 ---- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
3017 -+++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
3018 -@@ -261,6 +261,25 @@
3019 - PKCS7_RECIP_INFO *ri = NULL;
3020 - ASN1_OCTET_STRING *os = NULL;
3021 -
3022 -+ if (p7 == NULL) {
3023 -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
3024 -+ return NULL;
3025 -+ }
3026 -+ /*
3027 -+ * The content field in the PKCS7 ContentInfo is optional, but that really
3028 -+ * only applies to inner content (precisely, detached signatures).
3029 -+ *
3030 -+ * When reading content, missing outer content is therefore treated as an
3031 -+ * error.
3032 -+ *
3033 -+ * When creating content, PKCS7_content_new() must be called before
3034 -+ * calling this method, so a NULL p7->d is always an error.
3035 -+ */
3036 -+ if (p7->d.ptr == NULL) {
3037 -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
3038 -+ return NULL;
3039 -+ }
3040 -+
3041 - i = OBJ_obj2nid(p7->type);
3042 - p7->state = PKCS7_S_HEADER;
3043 -
3044 -@@ -411,6 +430,16 @@
3045 - unsigned char *ek = NULL, *tkey = NULL;
3046 - int eklen = 0, tkeylen = 0;
3047 -
3048 -+ if (p7 == NULL) {
3049 -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
3050 -+ return NULL;
3051 -+ }
3052 -+
3053 -+ if (p7->d.ptr == NULL) {
3054 -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
3055 -+ return NULL;
3056 -+ }
3057 -+
3058 - i = OBJ_obj2nid(p7->type);
3059 - p7->state = PKCS7_S_HEADER;
3060 -
3061 -@@ -707,6 +736,16 @@
3062 - STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
3063 - ASN1_OCTET_STRING *os = NULL;
3064 -
3065 -+ if (p7 == NULL) {
3066 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
3067 -+ return 0;
3068 -+ }
3069 -+
3070 -+ if (p7->d.ptr == NULL) {
3071 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
3072 -+ return 0;
3073 -+ }
3074 -+
3075 - EVP_MD_CTX_init(&ctx_tmp);
3076 - i = OBJ_obj2nid(p7->type);
3077 - p7->state = PKCS7_S_HEADER;
3078 -@@ -746,6 +785,7 @@
3079 - /* If detached data then the content is excluded */
3080 - if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
3081 - M_ASN1_OCTET_STRING_free(os);
3082 -+ os = NULL;
3083 - p7->d.sign->contents->d.data = NULL;
3084 - }
3085 - break;
3086 -@@ -755,6 +795,7 @@
3087 - /* If detached data then the content is excluded */
3088 - if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
3089 - M_ASN1_OCTET_STRING_free(os);
3090 -+ os = NULL;
3091 - p7->d.digest->contents->d.data = NULL;
3092 - }
3093 - break;
3094 -@@ -820,22 +861,30 @@
3095 - M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
3096 - }
3097 -
3098 -- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
3099 -- char *cont;
3100 -- long contlen;
3101 -- btmp = BIO_find_type(bio, BIO_TYPE_MEM);
3102 -- if (btmp == NULL) {
3103 -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
3104 -- goto err;
3105 -- }
3106 -- contlen = BIO_get_mem_data(btmp, &cont);
3107 -+ if (!PKCS7_is_detached(p7)) {
3108 - /*
3109 -- * Mark the BIO read only then we can use its copy of the data
3110 -- * instead of making an extra copy.
3111 -+ * NOTE(emilia): I think we only reach os == NULL here because detached
3112 -+ * digested data support is broken.
3113 - */
3114 -- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
3115 -- BIO_set_mem_eof_return(btmp, 0);
3116 -- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
3117 -+ if (os == NULL)
3118 -+ goto err;
3119 -+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
3120 -+ char *cont;
3121 -+ long contlen;
3122 -+ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
3123 -+ if (btmp == NULL) {
3124 -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
3125 -+ goto err;
3126 -+ }
3127 -+ contlen = BIO_get_mem_data(btmp, &cont);
3128 -+ /*
3129 -+ * Mark the BIO read only then we can use its copy of the data
3130 -+ * instead of making an extra copy.
3131 -+ */
3132 -+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
3133 -+ BIO_set_mem_eof_return(btmp, 0);
3134 -+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
3135 -+ }
3136 - }
3137 - ret = 1;
3138 - err:
3139 -@@ -910,6 +959,16 @@
3140 - STACK_OF(X509) *cert;
3141 - X509 *x509;
3142 -
3143 -+ if (p7 == NULL) {
3144 -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
3145 -+ return 0;
3146 -+ }
3147 -+
3148 -+ if (p7->d.ptr == NULL) {
3149 -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
3150 -+ return 0;
3151 -+ }
3152 -+
3153 - if (PKCS7_type_is_signed(p7)) {
3154 - cert = p7->d.sign->cert;
3155 - } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
3156 ---- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
3157 -+++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
3158 -@@ -70,6 +70,7 @@
3159 - nid = OBJ_obj2nid(p7->type);
3160 -
3161 - switch (cmd) {
3162 -+ /* NOTE(emilia): does not support detached digested data. */
3163 - case PKCS7_OP_SET_DETACHED_SIGNATURE:
3164 - if (nid == NID_pkcs7_signed) {
3165 - ret = p7->detached = (int)larg;
3166 -@@ -444,6 +445,8 @@
3167 -
3168 - STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
3169 - {
3170 -+ if (p7 == NULL || p7->d.ptr == NULL)
3171 -+ return NULL;
3172 - if (PKCS7_type_is_signed(p7)) {
3173 - return (p7->d.sign->signer_info);
3174 - } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
3175 ---- openssl-1.0.2/crypto/rsa/rsa_ameth.c
3176 -+++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
3177 -@@ -698,9 +698,10 @@
3178 - RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
3179 - return -1;
3180 - }
3181 -- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
3182 -+ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
3183 - /* Carry on */
3184 - return 2;
3185 -+ }
3186 - return -1;
3187 - }
3188 -
3189 ---- openssl-1.0.2/doc/crypto/d2i_X509.pod
3190 -+++ openssl-1.0.2/doc/crypto/d2i_X509.pod
3191 -@@ -207,6 +207,12 @@
3192 - persist if they are not present in the new one. As a result the use
3193 - of this "reuse" behaviour is strongly discouraged.
3194 -
3195 -+Current versions of OpenSSL will not modify B<*px> if an error occurs.
3196 -+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
3197 -+set to the value of the newly decoded structure. As a result B<*px>
3198 -+B<must not> be allocated on the stack or an attempt will be made to
3199 -+free an invalid pointer.
3200 -+
3201 - i2d_X509() will not return an error in many versions of OpenSSL,
3202 - if mandatory fields are not initialized due to a programming error
3203 - then the encoded structure may contain invalid data or omit the
3204 -@@ -233,7 +239,9 @@
3205 -
3206 - d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
3207 - or B<NULL> if an error occurs. The error code that can be obtained by
3208 --L<ERR_get_error(3)|ERR_get_error(3)>.
3209 -+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
3210 -+with a valid X509 structure being passed in via B<px> then the object is not
3211 -+modified in the event of error.
3212 -
3213 - i2d_X509() returns the number of bytes successfully encoded or a negative
3214 - value if an error occurs. The error code can be obtained by
3215 ---- openssl-1.0.2/ssl/d1_lib.c
3216 -+++ openssl-1.0.2/ssl/d1_lib.c
3217 -@@ -543,6 +543,9 @@
3218 - {
3219 - int ret;
3220 -
3221 -+ /* Ensure there is no state left over from a previous invocation */
3222 -+ SSL_clear(s);
3223 -+
3224 - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
3225 - s->d1->listen = 1;
3226 -
3227 ---- openssl-1.0.2/ssl/s2_lib.c
3228 -+++ openssl-1.0.2/ssl/s2_lib.c
3229 -@@ -493,7 +493,7 @@
3230 -
3231 - OPENSSL_assert(s->session->master_key_length >= 0
3232 - && s->session->master_key_length
3233 -- < (int)sizeof(s->session->master_key));
3234 -+ <= (int)sizeof(s->session->master_key));
3235 - EVP_DigestUpdate(&ctx, s->session->master_key,
3236 - s->session->master_key_length);
3237 - EVP_DigestUpdate(&ctx, &c, 1);
3238 ---- openssl-1.0.2/ssl/s2_srvr.c
3239 -+++ openssl-1.0.2/ssl/s2_srvr.c
3240 -@@ -454,11 +454,6 @@
3241 - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
3242 - return (-1);
3243 - }
3244 -- i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
3245 -- &(p[s->s2->tmp.clear]),
3246 -- &(p[s->s2->tmp.clear]),
3247 -- (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
3248 -- RSA_PKCS1_PADDING);
3249 -
3250 - is_export = SSL_C_IS_EXPORT(s->session->cipher);
3251 -
3252 -@@ -475,23 +470,61 @@
3253 - } else
3254 - ek = 5;
3255 -
3256 -+ /*
3257 -+ * The format of the CLIENT-MASTER-KEY message is
3258 -+ * 1 byte message type
3259 -+ * 3 bytes cipher
3260 -+ * 2-byte clear key length (stored in s->s2->tmp.clear)
3261 -+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
3262 -+ * 2-byte key args length (IV etc)
3263 -+ * clear key
3264 -+ * encrypted key
3265 -+ * key args
3266 -+ *
3267 -+ * If the cipher is an export cipher, then the encrypted key bytes
3268 -+ * are a fixed portion of the total key (5 or 8 bytes). The size of
3269 -+ * this portion is in |ek|. If the cipher is not an export cipher,
3270 -+ * then the entire key material is encrypted (i.e., clear key length
3271 -+ * must be zero).
3272 -+ */
3273 -+ if ((!is_export && s->s2->tmp.clear != 0) ||
3274 -+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
3275 -+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
3276 -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
3277 -+ return -1;
3278 -+ }
3279 -+ /*
3280 -+ * The encrypted blob must decrypt to the encrypted portion of the key.
3281 -+ * Decryption can't be expanding, so if we don't have enough encrypted
3282 -+ * bytes to fit the key in the buffer, stop now.
3283 -+ */
3284 -+ if ((is_export && s->s2->tmp.enc < ek) ||
3285 -+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
3286 -+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
3287 -+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
3288 -+ return -1;
3289 -+ }
3290 -+
3291 -+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
3292 -+ &(p[s->s2->tmp.clear]),
3293 -+ &(p[s->s2->tmp.clear]),
3294 -+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
3295 -+ RSA_PKCS1_PADDING);
3296 -+
3297 - /* bad decrypt */
3298 - # if 1
3299 - /*
3300 - * If a bad decrypt, continue with protocol but with a random master
3301 - * secret (Bleichenbacher attack)
3302 - */
3303 -- if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
3304 -- || (is_export && ((i != ek)
3305 -- || (s->s2->tmp.clear +
3306 -- (unsigned int)i != (unsigned int)
3307 -- EVP_CIPHER_key_length(c)))))) {
3308 -+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
3309 -+ || (is_export && i != ek))) {
3310 - ERR_clear_error();
3311 - if (is_export)
3312 - i = ek;
3313 - else
3314 - i = EVP_CIPHER_key_length(c);
3315 -- if (RAND_pseudo_bytes(p, i) <= 0)
3316 -+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
3317 - return 0;
3318 - }
3319 - # else
3320 -@@ -513,7 +546,7 @@
3321 - # endif
3322 -
3323 - if (is_export)
3324 -- i += s->s2->tmp.clear;
3325 -+ i = EVP_CIPHER_key_length(c);
3326 -
3327 - if (i > SSL_MAX_MASTER_KEY_LENGTH) {
3328 - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
3329 ---- openssl-1.0.2/ssl/s3_pkt.c
3330 -+++ openssl-1.0.2/ssl/s3_pkt.c
3331 -@@ -780,7 +780,7 @@
3332 -
3333 - i = ssl3_write_pending(s, type, &buf[tot], nw);
3334 - if (i <= 0) {
3335 -- if (i < 0) {
3336 -+ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
3337 - OPENSSL_free(wb->buf);
3338 - wb->buf = NULL;
3339 - }
3340 ---- openssl-1.0.2/ssl/s3_srvr.c
3341 -+++ openssl-1.0.2/ssl/s3_srvr.c
3342 -@@ -2251,10 +2251,17 @@
3343 - if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
3344 - int idx = -1;
3345 - EVP_PKEY *skey = NULL;
3346 -- if (n)
3347 -+ if (n) {
3348 - n2s(p, i);
3349 -- else
3350 -+ } else {
3351 -+ if (alg_k & SSL_kDHE) {
3352 -+ al = SSL_AD_HANDSHAKE_FAILURE;
3353 -+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
3354 -+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
3355 -+ goto f_err;
3356 -+ }
3357 - i = 0;
3358 -+ }
3359 - if (n && n != i + 2) {
3360 - if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
3361 - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
3362 ---- openssl-1.0.2/ssl/t1_lib.c
3363 -+++ openssl-1.0.2/ssl/t1_lib.c
3364 -@@ -2965,6 +2965,7 @@
3365 - if (s->cert->shared_sigalgs) {
3366 - OPENSSL_free(s->cert->shared_sigalgs);
3367 - s->cert->shared_sigalgs = NULL;
3368 -+ s->cert->shared_sigalgslen = 0;
3369 - }
3370 - /* Clear certificate digests and validity flags */
3371 - for (i = 0; i < SSL_PKEY_NUM; i++) {
3372 -@@ -3618,6 +3619,7 @@
3373 - if (c->shared_sigalgs) {
3374 - OPENSSL_free(c->shared_sigalgs);
3375 - c->shared_sigalgs = NULL;
3376 -+ c->shared_sigalgslen = 0;
3377 - }
3378 - /* If client use client signature algorithms if not NULL */
3379 - if (!s->server && c->client_sigalgs && !is_suiteb) {
3380 -@@ -3640,12 +3642,14 @@
3381 - preflen = c->peer_sigalgslen;
3382 - }
3383 - nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
3384 -- if (!nmatch)
3385 -- return 1;
3386 -- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
3387 -- if (!salgs)
3388 -- return 0;
3389 -- nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
3390 -+ if (nmatch) {
3391 -+ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
3392 -+ if (!salgs)
3393 -+ return 0;
3394 -+ nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
3395 -+ } else {
3396 -+ salgs = NULL;
3397 -+ }
3398 - c->shared_sigalgs = salgs;
3399 - c->shared_sigalgslen = nmatch;
3400 - return 1;
3401
3402 diff --git a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
3403 deleted file mode 100644
3404 index 31d3f1d..0000000
3405 --- a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
3406 +++ /dev/null
3407 @@ -1,354 +0,0 @@
3408 -http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
3409 -
3410 ---- a/Makefile.org
3411 -+++ b/Makefile.org
3412 -@@ -247,17 +247,17 @@
3413 - build_libs: build_crypto build_ssl build_engines
3414 -
3415 - build_crypto:
3416 -- @dir=crypto; target=all; $(BUILD_ONE_CMD)
3417 -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
3418 --build_ssl:
3419 -+build_ssl: build_crypto
3420 -- @dir=ssl; target=all; $(BUILD_ONE_CMD)
3421 -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
3422 --build_engines:
3423 -+build_engines: build_crypto
3424 -- @dir=engines; target=all; $(BUILD_ONE_CMD)
3425 -+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
3426 --build_apps:
3427 -+build_apps: build_libs
3428 -- @dir=apps; target=all; $(BUILD_ONE_CMD)
3429 -+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
3430 --build_tests:
3431 -+build_tests: build_libs
3432 -- @dir=test; target=all; $(BUILD_ONE_CMD)
3433 -+ +@dir=test; target=all; $(BUILD_ONE_CMD)
3434 --build_tools:
3435 -+build_tools: build_libs
3436 -- @dir=tools; target=all; $(BUILD_ONE_CMD)
3437 -+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
3438 -
3439 - all_testapps: build_libs build_testapps
3440 - build_testapps:
3441 -@@ -497,9 +497,9 @@
3442 - dist_pem_h:
3443 - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
3444 -
3445 --install: all install_docs install_sw
3446 -+install: install_docs install_sw
3447 -
3448 --install_sw:
3449 -+install_dirs:
3450 - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
3451 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
3452 - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
3453 -@@ -508,6 +508,13 @@
3454 - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
3455 - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
3456 - $(INSTALL_PREFIX)$(OPENSSLDIR)/private
3457 -+ @$(PERL) $(TOP)/util/mkdir-p.pl \
3458 -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
3459 -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
3460 -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
3461 -+ $(INSTALL_PREFIX)$(MANDIR)/man7
3462 -+
3463 -+install_sw: install_dirs
3464 - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
3465 - do \
3466 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
3467 -@@ -511,7 +511,7 @@
3468 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
3469 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
3470 - done;
3471 -- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
3472 -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
3473 - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
3474 - do \
3475 - if [ -f "$$i" ]; then \
3476 -@@ -593,12 +600,7 @@
3477 - done; \
3478 - done
3479 -
3480 --install_docs:
3481 -- @$(PERL) $(TOP)/util/mkdir-p.pl \
3482 -- $(INSTALL_PREFIX)$(MANDIR)/man1 \
3483 -- $(INSTALL_PREFIX)$(MANDIR)/man3 \
3484 -- $(INSTALL_PREFIX)$(MANDIR)/man5 \
3485 -- $(INSTALL_PREFIX)$(MANDIR)/man7
3486 -+install_docs: install_dirs
3487 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
3488 - here="`pwd`"; \
3489 - filecase=; \
3490 ---- a/Makefile.shared
3491 -+++ b/Makefile.shared
3492 -@@ -105,6 +105,7 @@ LINK_SO= \
3493 - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
3494 - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
3495 - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
3496 -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
3497 - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
3498 - $${SHAREDCMD} $${SHAREDFLAGS} \
3499 - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
3500 -@@ -122,6 +124,7 @@ SYMLINK_SO= \
3501 - done; \
3502 - fi; \
3503 - if [ -n "$$SHLIB_SOVER" ]; then \
3504 -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
3505 - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
3506 - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
3507 - fi; \
3508 ---- a/crypto/Makefile
3509 -+++ b/crypto/Makefile
3510 -@@ -85,11 +85,11 @@
3511 - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
3512 -
3513 - subdirs:
3514 -- @target=all; $(RECURSIVE_MAKE)
3515 -+ +@target=all; $(RECURSIVE_MAKE)
3516 -
3517 - files:
3518 - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
3519 -- @target=files; $(RECURSIVE_MAKE)
3520 -+ +@target=files; $(RECURSIVE_MAKE)
3521 -
3522 - links:
3523 - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
3524 -@@ -100,7 +100,7 @@
3525 - # lib: $(LIB): are splitted to avoid end-less loop
3526 - lib: $(LIB)
3527 - @touch lib
3528 --$(LIB): $(LIBOBJ)
3529 -+$(LIB): $(LIBOBJ) | subdirs
3530 - $(AR) $(LIB) $(LIBOBJ)
3531 - $(RANLIB) $(LIB) || echo Never mind.
3532 -
3533 -@@ -110,7 +110,7 @@
3534 - fi
3535 -
3536 - libs:
3537 -- @target=lib; $(RECURSIVE_MAKE)
3538 -+ +@target=lib; $(RECURSIVE_MAKE)
3539 -
3540 - install:
3541 - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
3542 -@@ -119,7 +119,7 @@
3543 - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
3544 - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
3545 - done;
3546 -- @target=install; $(RECURSIVE_MAKE)
3547 -+ +@target=install; $(RECURSIVE_MAKE)
3548 -
3549 - lint:
3550 - @target=lint; $(RECURSIVE_MAKE)
3551 ---- a/engines/Makefile
3552 -+++ b/engines/Makefile
3553 -@@ -72,7 +72,7 @@
3554 -
3555 - all: lib subdirs
3556 -
3557 --lib: $(LIBOBJ)
3558 -+lib: $(LIBOBJ) | subdirs
3559 - @if [ -n "$(SHARED_LIBS)" ]; then \
3560 - set -e; \
3561 - for l in $(LIBNAMES); do \
3562 -@@ -89,7 +89,7 @@
3563 -
3564 - subdirs:
3565 - echo $(EDIRS)
3566 -- @target=all; $(RECURSIVE_MAKE)
3567 -+ +@target=all; $(RECURSIVE_MAKE)
3568 -
3569 - files:
3570 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
3571 -@@ -128,7 +128,7 @@
3572 - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
3573 - done; \
3574 - fi
3575 -- @target=install; $(RECURSIVE_MAKE)
3576 -+ +@target=install; $(RECURSIVE_MAKE)
3577 -
3578 - tags:
3579 - ctags $(SRC)
3580 ---- a/test/Makefile
3581 -+++ b/test/Makefile
3582 -@@ -123,7 +123,7 @@
3583 - tags:
3584 - ctags $(SRC)
3585 -
3586 --tests: exe apps $(TESTS)
3587 -+tests: exe $(TESTS)
3588 -
3589 - apps:
3590 - @(cd ..; $(MAKE) DIRS=apps all)
3591 -@@ -365,109 +365,109 @@
3592 - link_app.$${shlib_target}
3593 -
3594 - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
3595 -- @target=$(RSATEST); $(BUILD_CMD)
3596 -+ +@target=$(RSATEST); $(BUILD_CMD)
3597 -
3598 - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
3599 -- @target=$(BNTEST); $(BUILD_CMD)
3600 -+ +@target=$(BNTEST); $(BUILD_CMD)
3601 -
3602 - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
3603 -- @target=$(ECTEST); $(BUILD_CMD)
3604 -+ +@target=$(ECTEST); $(BUILD_CMD)
3605 -
3606 - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
3607 -- @target=$(EXPTEST); $(BUILD_CMD)
3608 -+ +@target=$(EXPTEST); $(BUILD_CMD)
3609 -
3610 - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
3611 -- @target=$(IDEATEST); $(BUILD_CMD)
3612 -+ +@target=$(IDEATEST); $(BUILD_CMD)
3613 -
3614 - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
3615 -- @target=$(MD2TEST); $(BUILD_CMD)
3616 -+ +@target=$(MD2TEST); $(BUILD_CMD)
3617 -
3618 - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
3619 -- @target=$(SHATEST); $(BUILD_CMD)
3620 -+ +@target=$(SHATEST); $(BUILD_CMD)
3621 -
3622 - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
3623 -- @target=$(SHA1TEST); $(BUILD_CMD)
3624 -+ +@target=$(SHA1TEST); $(BUILD_CMD)
3625 -
3626 - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
3627 -- @target=$(SHA256TEST); $(BUILD_CMD)
3628 -+ +@target=$(SHA256TEST); $(BUILD_CMD)
3629 -
3630 - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
3631 -- @target=$(SHA512TEST); $(BUILD_CMD)
3632 -+ +@target=$(SHA512TEST); $(BUILD_CMD)
3633 -
3634 - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
3635 -- @target=$(RMDTEST); $(BUILD_CMD)
3636 -+ +@target=$(RMDTEST); $(BUILD_CMD)
3637 -
3638 - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
3639 -- @target=$(MDC2TEST); $(BUILD_CMD)
3640 -+ +@target=$(MDC2TEST); $(BUILD_CMD)
3641 -
3642 - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
3643 -- @target=$(MD4TEST); $(BUILD_CMD)
3644 -+ +@target=$(MD4TEST); $(BUILD_CMD)
3645 -
3646 - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
3647 -- @target=$(MD5TEST); $(BUILD_CMD)
3648 -+ +@target=$(MD5TEST); $(BUILD_CMD)
3649 -
3650 - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
3651 -- @target=$(HMACTEST); $(BUILD_CMD)
3652 -+ +@target=$(HMACTEST); $(BUILD_CMD)
3653 -
3654 - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
3655 -- @target=$(WPTEST); $(BUILD_CMD)
3656 -+ +@target=$(WPTEST); $(BUILD_CMD)
3657 -
3658 - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
3659 -- @target=$(RC2TEST); $(BUILD_CMD)
3660 -+ +@target=$(RC2TEST); $(BUILD_CMD)
3661 -
3662 - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
3663 -- @target=$(BFTEST); $(BUILD_CMD)
3664 -+ +@target=$(BFTEST); $(BUILD_CMD)
3665 -
3666 - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
3667 -- @target=$(CASTTEST); $(BUILD_CMD)
3668 -+ +@target=$(CASTTEST); $(BUILD_CMD)
3669 -
3670 - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
3671 -- @target=$(RC4TEST); $(BUILD_CMD)
3672 -+ +@target=$(RC4TEST); $(BUILD_CMD)
3673 -
3674 - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
3675 -- @target=$(RC5TEST); $(BUILD_CMD)
3676 -+ +@target=$(RC5TEST); $(BUILD_CMD)
3677 -
3678 - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
3679 -- @target=$(DESTEST); $(BUILD_CMD)
3680 -+ +@target=$(DESTEST); $(BUILD_CMD)
3681 -
3682 - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
3683 -- @target=$(RANDTEST); $(BUILD_CMD)
3684 -+ +@target=$(RANDTEST); $(BUILD_CMD)
3685 -
3686 - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
3687 -- @target=$(DHTEST); $(BUILD_CMD)
3688 -+ +@target=$(DHTEST); $(BUILD_CMD)
3689 -
3690 - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
3691 -- @target=$(DSATEST); $(BUILD_CMD)
3692 -+ +@target=$(DSATEST); $(BUILD_CMD)
3693 -
3694 - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
3695 -- @target=$(METHTEST); $(BUILD_CMD)
3696 -+ +@target=$(METHTEST); $(BUILD_CMD)
3697 -
3698 - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
3699 -- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
3700 -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
3701 -
3702 - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
3703 -- @target=$(ENGINETEST); $(BUILD_CMD)
3704 -+ +@target=$(ENGINETEST); $(BUILD_CMD)
3705 -
3706 - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
3707 -- @target=$(EVPTEST); $(BUILD_CMD)
3708 -+ +@target=$(EVPTEST); $(BUILD_CMD)
3709 -
3710 - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
3711 -- @target=$(ECDSATEST); $(BUILD_CMD)
3712 -+ +@target=$(ECDSATEST); $(BUILD_CMD)
3713 -
3714 - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
3715 -- @target=$(ECDHTEST); $(BUILD_CMD)
3716 -+ +@target=$(ECDHTEST); $(BUILD_CMD)
3717 -
3718 - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
3719 -- @target=$(IGETEST); $(BUILD_CMD)
3720 -+ +@target=$(IGETEST); $(BUILD_CMD)
3721 -
3722 - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
3723 -- @target=$(JPAKETEST); $(BUILD_CMD)
3724 -+ +@target=$(JPAKETEST); $(BUILD_CMD)
3725 -
3726 - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
3727 -- @target=$(ASN1TEST); $(BUILD_CMD)
3728 -+ +@target=$(ASN1TEST); $(BUILD_CMD)
3729 -
3730 - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
3731 -- @target=$(SRPTEST); $(BUILD_CMD)
3732 -+ +@target=$(SRPTEST); $(BUILD_CMD)
3733 -
3734 - #$(AESTEST).o: $(AESTEST).c
3735 - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
3736 -@@ -480,7 +480,7 @@
3737 - # fi
3738 -
3739 - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
3740 -- @target=dummytest; $(BUILD_CMD)
3741 -+ +@target=dummytest; $(BUILD_CMD)
3742 -
3743 - # DO NOT DELETE THIS LINE -- make depend depends on it.
3744 -
3745 ---- a/crypto/objects/Makefile
3746 -+++ b/crypto/objects/Makefile
3747 -@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
3748 - # objects.pl both reads and writes obj_mac.num
3749 - obj_mac.h: objects.pl objects.txt obj_mac.num
3750 - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
3751 -- @sleep 1; touch obj_mac.h; sleep 1
3752 -
3753 --obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
3754 -+# This doesn't really need obj_mac.h, but since that rule reads & writes
3755 -+# obj_mac.num, we can't run in parallel with it.
3756 -+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
3757 - $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
3758 -- @sleep 1; touch obj_xref.h; sleep 1
3759 -
3760 - files:
3761 - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
3762
3763 diff --git a/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild
3764 deleted file mode 100644
3765 index 12eb16d..0000000
3766 --- a/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild
3767 +++ /dev/null
3768 @@ -1,161 +0,0 @@
3769 -# Copyright 1999-2015 Gentoo Foundation
3770 -# Distributed under the terms of the GNU General Public License v2
3771 -# $Id$
3772 -
3773 -# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
3774 -
3775 -EAPI="5"
3776 -
3777 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
3778 -
3779 -PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
3780 -MY_PV=${PV/_p*/${PLEVEL}}
3781 -MY_P=${PN}-${MY_PV}
3782 -S="${WORKDIR}/${MY_P}"
3783 -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
3784 -HOMEPAGE="http://www.openssl.org/"
3785 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
3786 -
3787 -LICENSE="openssl"
3788 -SLOT="0.9.8"
3789 -KEYWORDS="alpha amd64 arm ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
3790 -IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
3791 -RESTRICT="!bindist? ( bindist )"
3792 -
3793 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
3794 - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
3795 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
3796 - abi_x86_32? (
3797 - !<=app-emulation/emul-linux-x86-baselibs-20140508-r4
3798 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
3799 - )
3800 - !=dev-libs/openssl-0.9.8*:0"
3801 -DEPEND="${RDEPEND}
3802 - sys-apps/diffutils
3803 - >=dev-lang/perl-5
3804 - test? ( sys-devel/bc )"
3805 -
3806 -# Do not install any docs
3807 -DOCS=()
3808 -
3809 -src_prepare() {
3810 - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
3811 - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
3812 - epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
3813 - epatch "${FILESDIR}"/${PN}-0.9.8ze-CVE-2015-0286.patch #543552
3814 -
3815 - # disable fips in the build
3816 - # make sure the man pages are suffixed #302165
3817 - # don't bother building man pages if they're disabled
3818 - sed -i \
3819 - -e '/DIRS/s: fips : :g' \
3820 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
3821 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
3822 - -e $(has noman FEATURES \
3823 - && echo '/^install:/s:install_docs::' \
3824 - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
3825 - Makefile{,.org} \
3826 - || die
3827 - # show the actual commands in the log
3828 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
3829 - # update the enginedir path.
3830 - # punt broken config we don't care about as it fails sanity check.
3831 - sed -i \
3832 - -e '/^"debug-ben-debug-64"/d' \
3833 - -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
3834 - Configure || die
3835 -
3836 - # since we're forcing $(CC) as makedep anyway, just fix
3837 - # the conditional as always-on
3838 - # helps clang (#417795), and versioned gcc (#499818)
3839 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
3840 -
3841 - # quiet out unknown driver argument warnings since openssl
3842 - # doesn't have well-split CFLAGS and we're making it even worse
3843 - # and 'make depend' uses -Werror for added fun (#417795 again)
3844 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
3845 -
3846 - # allow openssl to be cross-compiled
3847 - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
3848 - chmod a+rx gentoo.config
3849 -
3850 - append-flags -fno-strict-aliasing
3851 - append-flags -Wa,--noexecstack
3852 -
3853 - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
3854 - sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
3855 - ./config --test-sanity || die "I AM NOT SANE"
3856 -
3857 - multilib_copy_sources
3858 -}
3859 -
3860 -multilib_src_configure() {
3861 - unset APPS #197996
3862 - unset SCRIPTS #312551
3863 -
3864 - tc-export CC AR RANLIB
3865 -
3866 - # Clean out patent-or-otherwise-encumbered code
3867 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
3868 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
3869 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
3870 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
3871 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
3872 -
3873 - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
3874 - echoit() { echo "$@" ; "$@" ; }
3875 -
3876 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
3877 -
3878 - local sslout=$(./gentoo.config)
3879 - einfo "Use configuration ${sslout:-(openssl knows best)}"
3880 - local config="Configure"
3881 - [[ -z ${sslout} ]] && config="config"
3882 -
3883 - echoit \
3884 - ./${config} \
3885 - ${sslout} \
3886 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
3887 - enable-camellia \
3888 - $(use_ssl !bindist ec) \
3889 - enable-idea \
3890 - enable-mdc2 \
3891 - $(use_ssl !bindist rc5) \
3892 - enable-tlsext \
3893 - $(use_ssl gmp gmp -lgmp) \
3894 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
3895 - $(use_ssl zlib) \
3896 - --prefix=/usr \
3897 - --openssldir=/etc/ssl \
3898 - shared threads \
3899 - || die "Configure failed"
3900 -
3901 - # Clean out hardcoded flags that openssl uses
3902 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
3903 - -e 's:^CFLAG=::' \
3904 - -e 's:-fomit-frame-pointer ::g' \
3905 - -e 's:-O[0-9] ::g' \
3906 - -e 's:-march=[-a-z0-9]* ::g' \
3907 - -e 's:-mcpu=[-a-z0-9]* ::g' \
3908 - -e 's:-m[a-z0-9]* ::g' \
3909 - )
3910 - sed -i \
3911 - -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
3912 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
3913 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
3914 - Makefile || die
3915 -}
3916 -
3917 -multilib_src_compile() {
3918 - # depend is needed to use $confopts
3919 - emake -j1 depend
3920 - emake -j1 build_libs
3921 -}
3922 -
3923 -multilib_src_test() {
3924 - emake -j1 test
3925 -}
3926 -
3927 -multilib_src_install() {
3928 - dolib.so lib{crypto,ssl}.so.0.9.8
3929 -}
3930
3931 diff --git a/dev-libs/openssl/openssl-0.9.8z_p6.ebuild b/dev-libs/openssl/openssl-0.9.8z_p6.ebuild
3932 deleted file mode 100644
3933 index b2d9ea9..0000000
3934 --- a/dev-libs/openssl/openssl-0.9.8z_p6.ebuild
3935 +++ /dev/null
3936 @@ -1,160 +0,0 @@
3937 -# Copyright 1999-2015 Gentoo Foundation
3938 -# Distributed under the terms of the GNU General Public License v2
3939 -# $Id$
3940 -
3941 -# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
3942 -
3943 -EAPI="5"
3944 -
3945 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
3946 -
3947 -PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
3948 -MY_PV=${PV/_p*/${PLEVEL}}
3949 -MY_P=${PN}-${MY_PV}
3950 -S="${WORKDIR}/${MY_P}"
3951 -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
3952 -HOMEPAGE="http://www.openssl.org/"
3953 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
3954 -
3955 -LICENSE="openssl"
3956 -SLOT="0.9.8"
3957 -KEYWORDS="alpha amd64 arm ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
3958 -IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
3959 -RESTRICT="!bindist? ( bindist )"
3960 -
3961 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
3962 - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
3963 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
3964 - abi_x86_32? (
3965 - !<=app-emulation/emul-linux-x86-baselibs-20140508-r4
3966 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
3967 - )
3968 - !=dev-libs/openssl-0.9.8*:0"
3969 -DEPEND="${RDEPEND}
3970 - sys-apps/diffutils
3971 - >=dev-lang/perl-5
3972 - test? ( sys-devel/bc )"
3973 -
3974 -# Do not install any docs
3975 -DOCS=()
3976 -
3977 -src_prepare() {
3978 - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
3979 - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
3980 - epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
3981 -
3982 - # disable fips in the build
3983 - # make sure the man pages are suffixed #302165
3984 - # don't bother building man pages if they're disabled
3985 - sed -i \
3986 - -e '/DIRS/s: fips : :g' \
3987 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
3988 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
3989 - -e $(has noman FEATURES \
3990 - && echo '/^install:/s:install_docs::' \
3991 - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
3992 - Makefile{,.org} \
3993 - || die
3994 - # show the actual commands in the log
3995 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
3996 - # update the enginedir path.
3997 - # punt broken config we don't care about as it fails sanity check.
3998 - sed -i \
3999 - -e '/^"debug-ben-debug-64"/d' \
4000 - -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
4001 - Configure || die
4002 -
4003 - # since we're forcing $(CC) as makedep anyway, just fix
4004 - # the conditional as always-on
4005 - # helps clang (#417795), and versioned gcc (#499818)
4006 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
4007 -
4008 - # quiet out unknown driver argument warnings since openssl
4009 - # doesn't have well-split CFLAGS and we're making it even worse
4010 - # and 'make depend' uses -Werror for added fun (#417795 again)
4011 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
4012 -
4013 - # allow openssl to be cross-compiled
4014 - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
4015 - chmod a+rx gentoo.config
4016 -
4017 - append-flags -fno-strict-aliasing
4018 - append-flags -Wa,--noexecstack
4019 -
4020 - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
4021 - sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
4022 - ./config --test-sanity || die "I AM NOT SANE"
4023 -
4024 - multilib_copy_sources
4025 -}
4026 -
4027 -multilib_src_configure() {
4028 - unset APPS #197996
4029 - unset SCRIPTS #312551
4030 -
4031 - tc-export CC AR RANLIB
4032 -
4033 - # Clean out patent-or-otherwise-encumbered code
4034 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
4035 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
4036 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
4037 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
4038 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
4039 -
4040 - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
4041 - echoit() { echo "$@" ; "$@" ; }
4042 -
4043 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
4044 -
4045 - local sslout=$(./gentoo.config)
4046 - einfo "Use configuration ${sslout:-(openssl knows best)}"
4047 - local config="Configure"
4048 - [[ -z ${sslout} ]] && config="config"
4049 -
4050 - echoit \
4051 - ./${config} \
4052 - ${sslout} \
4053 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
4054 - enable-camellia \
4055 - $(use_ssl !bindist ec) \
4056 - enable-idea \
4057 - enable-mdc2 \
4058 - $(use_ssl !bindist rc5) \
4059 - enable-tlsext \
4060 - $(use_ssl gmp gmp -lgmp) \
4061 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
4062 - $(use_ssl zlib) \
4063 - --prefix=/usr \
4064 - --openssldir=/etc/ssl \
4065 - shared threads \
4066 - || die "Configure failed"
4067 -
4068 - # Clean out hardcoded flags that openssl uses
4069 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
4070 - -e 's:^CFLAG=::' \
4071 - -e 's:-fomit-frame-pointer ::g' \
4072 - -e 's:-O[0-9] ::g' \
4073 - -e 's:-march=[-a-z0-9]* ::g' \
4074 - -e 's:-mcpu=[-a-z0-9]* ::g' \
4075 - -e 's:-m[a-z0-9]* ::g' \
4076 - )
4077 - sed -i \
4078 - -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
4079 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
4080 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
4081 - Makefile || die
4082 -}
4083 -
4084 -multilib_src_compile() {
4085 - # depend is needed to use $confopts
4086 - emake -j1 depend
4087 - emake -j1 build_libs
4088 -}
4089 -
4090 -multilib_src_test() {
4091 - emake -j1 test
4092 -}
4093 -
4094 -multilib_src_install() {
4095 - dolib.so lib{crypto,ssl}.so.0.9.8
4096 -}
4097
4098 diff --git a/dev-libs/openssl/openssl-1.0.0r.ebuild b/dev-libs/openssl/openssl-1.0.0r.ebuild
4099 deleted file mode 100644
4100 index e719253..0000000
4101 --- a/dev-libs/openssl/openssl-1.0.0r.ebuild
4102 +++ /dev/null
4103 @@ -1,214 +0,0 @@
4104 -# Copyright 1999-2015 Gentoo Foundation
4105 -# Distributed under the terms of the GNU General Public License v2
4106 -# $Id$
4107 -
4108 -EAPI="4"
4109 -
4110 -inherit eutils flag-o-matic toolchain-funcs multilib
4111 -
4112 -REV="1.7"
4113 -DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)"
4114 -HOMEPAGE="http://www.openssl.org/"
4115 -SRC_URI="mirror://openssl/source/${P}.tar.gz
4116 - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
4117 -
4118 -LICENSE="openssl"
4119 -SLOT="0"
4120 -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
4121 -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test zlib"
4122 -RESTRICT="!bindist? ( bindist )"
4123 -
4124 -# Have the sub-libs in RDEPEND with [static-libs] since, logically,
4125 -# our libssl.a depends on libz.a/etc... at runtime.
4126 -LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
4127 - zlib? ( sys-libs/zlib[static-libs(+)] )
4128 - kerberos? ( app-crypt/mit-krb5 )"
4129 -RDEPEND="static-libs? ( ${LIB_DEPEND} )
4130 - !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )"
4131 -DEPEND="${RDEPEND}
4132 - sys-apps/diffutils
4133 - >=dev-lang/perl-5
4134 - test? ( sys-devel/bc )"
4135 -PDEPEND="app-misc/ca-certificates"
4136 -
4137 -src_unpack() {
4138 - unpack ${P}.tar.gz
4139 - SSL_CNF_DIR="/etc/ssl"
4140 - sed \
4141 - -e "/^DIR=/s:=.*:=${SSL_CNF_DIR}:" \
4142 - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
4143 - > "${WORKDIR}"/c_rehash || die #416717
4144 -}
4145 -
4146 -src_prepare() {
4147 - # Make sure we only ever touch Makefile.org and avoid patching a file
4148 - # that gets blown away anyways by the Configure script in src_configure
4149 - rm -f Makefile
4150 -
4151 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
4152 - #epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089
4153 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
4154 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
4155 - epatch "${FILESDIR}"/${PN}-1.0.0e-parallel-build.patch
4156 - epatch "${FILESDIR}"/${PN}-1.0.0r-x32.patch
4157 - epatch_user #332661
4158 -
4159 - # disable fips in the build
4160 - # make sure the man pages are suffixed #302165
4161 - # don't bother building man pages if they're disabled
4162 - sed -i \
4163 - -e '/DIRS/s: fips : :g' \
4164 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
4165 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
4166 - -e $(has noman FEATURES \
4167 - && echo '/^install:/s:install_docs::' \
4168 - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
4169 - Makefile.org \
4170 - || die
4171 - # show the actual commands in the log
4172 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
4173 -
4174 - # allow openssl to be cross-compiled
4175 - cp "${FILESDIR}"/gentoo.config-1.0.0 gentoo.config || die
4176 - chmod a+rx gentoo.config
4177 -
4178 - append-flags -fno-strict-aliasing
4179 - append-flags $(test-flags-CC -Wa,--noexecstack)
4180 -
4181 - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
4182 - ./config --test-sanity || die "I AM NOT SANE"
4183 -}
4184 -
4185 -src_configure() {
4186 - unset APPS #197996
4187 - unset SCRIPTS #312551
4188 - unset CROSS_COMPILE #311473
4189 -
4190 - tc-export CC AR RANLIB RC
4191 -
4192 - # Clean out patent-or-otherwise-encumbered code
4193 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
4194 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
4195 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
4196 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
4197 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
4198 -
4199 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
4200 - echoit() { echo "$@" ; "$@" ; }
4201 -
4202 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
4203 -
4204 - local sslout=$(./gentoo.config)
4205 - einfo "Use configuration ${sslout:-(openssl knows best)}"
4206 - local config="Configure"
4207 - [[ -z ${sslout} ]] && config="config"
4208 - echoit \
4209 - ./${config} \
4210 - ${sslout} \
4211 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
4212 - enable-camellia \
4213 - $(use_ssl !bindist ec) \
4214 - enable-idea \
4215 - enable-mdc2 \
4216 - $(use_ssl !bindist rc5) \
4217 - enable-tlsext \
4218 - $(use_ssl gmp gmp -lgmp) \
4219 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
4220 - $(use_ssl rfc3779) \
4221 - $(use_ssl zlib) \
4222 - --prefix=/usr \
4223 - --openssldir=${SSL_CNF_DIR} \
4224 - --libdir=$(get_libdir) \
4225 - shared threads \
4226 - || die
4227 -
4228 - # Clean out hardcoded flags that openssl uses
4229 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
4230 - -e 's:^CFLAG=::' \
4231 - -e 's:-fomit-frame-pointer ::g' \
4232 - -e 's:-O[0-9] ::g' \
4233 - -e 's:-march=[-a-z0-9]* ::g' \
4234 - -e 's:-mcpu=[-a-z0-9]* ::g' \
4235 - -e 's:-m[a-z0-9]* ::g' \
4236 - )
4237 - sed -i \
4238 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
4239 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
4240 - Makefile || die
4241 -}
4242 -
4243 -src_compile() {
4244 - # depend is needed to use $confopts; it also doesn't matter
4245 - # that it's -j1 as the code itself serializes subdirs
4246 - emake -j1 depend || die
4247 - emake all || die
4248 - # rehash is needed to prep the certs/ dir; do this
4249 - # separately to avoid parallel build issues.
4250 - emake rehash || die
4251 -}
4252 -
4253 -src_test() {
4254 - emake -j1 test || die
4255 -}
4256 -
4257 -src_install() {
4258 - emake INSTALL_PREFIX="${D}" install || die
4259 - dobin "${WORKDIR}"/c_rehash || die #333117
4260 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
4261 - dohtml -r doc/*
4262 - use rfc3779 && dodoc engines/ccgost/README.gost
4263 -
4264 - # This is crappy in that the static archives are still built even
4265 - # when USE=static-libs. But this is due to a failing in the openssl
4266 - # build system: the static archives are built as PIC all the time.
4267 - # Only way around this would be to manually configure+compile openssl
4268 - # twice; once with shared lib support enabled and once without.
4269 - use static-libs || rm -f "${D}"/usr/lib*/lib*.a
4270 -
4271 - # create the certs directory
4272 - dodir ${SSL_CNF_DIR}/certs
4273 - cp -RP certs/* "${D}"${SSL_CNF_DIR}/certs/ || die
4274 - rm -r "${D}"${SSL_CNF_DIR}/certs/{demo,expired}
4275 -
4276 - # Namespace openssl programs to prevent conflicts with other man pages
4277 - cd "${D}"/usr/share/man
4278 - local m d s
4279 - for m in $(find . -type f | xargs grep -L '#include') ; do
4280 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
4281 - [[ ${m} == openssl.1* ]] && continue
4282 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
4283 - mv ${d}/{,ssl-}${m}
4284 - # fix up references to renamed man pages
4285 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
4286 - ln -s ssl-${m} ${d}/openssl-${m}
4287 - # locate any symlinks that point to this man page ... we assume
4288 - # that any broken links are due to the above renaming
4289 - for s in $(find -L ${d} -type l) ; do
4290 - s=${s##*/}
4291 - rm -f ${d}/${s}
4292 - ln -s ssl-${m} ${d}/ssl-${s}
4293 - ln -s ssl-${s} ${d}/openssl-${s}
4294 - done
4295 - done
4296 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
4297 -
4298 - dodir /etc/sandbox.d #254521
4299 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl
4300 -
4301 - diropts -m0700
4302 - keepdir ${SSL_CNF_DIR}/private
4303 -}
4304 -
4305 -pkg_preinst() {
4306 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
4307 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
4308 -}
4309 -
4310 -pkg_postinst() {
4311 - ebegin "Running 'c_rehash ${ROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
4312 - c_rehash "${ROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
4313 - eend $?
4314 -
4315 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
4316 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
4317 -}
4318
4319 diff --git a/dev-libs/openssl/openssl-1.0.1l-r1.ebuild b/dev-libs/openssl/openssl-1.0.1l-r1.ebuild
4320 deleted file mode 100644
4321 index 8f063dc..0000000
4322 --- a/dev-libs/openssl/openssl-1.0.1l-r1.ebuild
4323 +++ /dev/null
4324 @@ -1,260 +0,0 @@
4325 -# Copyright 1999-2015 Gentoo Foundation
4326 -# Distributed under the terms of the GNU General Public License v2
4327 -# $Id$
4328 -
4329 -EAPI="4"
4330 -
4331 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
4332 -
4333 -REV="1.7"
4334 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
4335 -HOMEPAGE="http://www.openssl.org/"
4336 -SRC_URI="mirror://openssl/source/${P}.tar.gz
4337 - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
4338 -
4339 -LICENSE="openssl"
4340 -SLOT="0"
4341 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
4342 -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
4343 -RESTRICT="!bindist? ( bindist )"
4344 -
4345 -# The blocks are temporary just to make sure people upgrade to a
4346 -# version that lack runtime version checking. We'll drop them in
4347 -# the future.
4348 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
4349 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
4350 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
4351 - abi_x86_32? (
4352 - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
4353 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
4354 - )
4355 - !<net-misc/openssh-5.9_p1-r4
4356 - !<net-libs/neon-0.29.6-r1"
4357 -DEPEND="${RDEPEND}
4358 - sys-apps/diffutils
4359 - >=dev-lang/perl-5
4360 - test? ( sys-devel/bc )"
4361 -PDEPEND="app-misc/ca-certificates"
4362 -
4363 -src_unpack() {
4364 - unpack ${P}.tar.gz
4365 - SSL_CNF_DIR="/etc/ssl"
4366 - sed \
4367 - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
4368 - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
4369 - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
4370 - > "${WORKDIR}"/c_rehash || die #416717
4371 -}
4372 -
4373 -MULTILIB_WRAPPED_HEADERS=(
4374 - usr/include/openssl/opensslconf.h
4375 -)
4376 -
4377 -src_prepare() {
4378 - # Make sure we only ever touch Makefile.org and avoid patching a file
4379 - # that gets blown away anyways by the Configure script in src_configure
4380 - rm -f Makefile
4381 -
4382 - if ! use vanilla ; then
4383 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
4384 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
4385 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
4386 - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
4387 - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
4388 - epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch
4389 - epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
4390 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
4391 - epatch "${FILESDIR}"/${PN}-1.0.1l-CVE-2015-0286.patch #543552
4392 - epatch_user #332661
4393 - fi
4394 -
4395 - # disable fips in the build
4396 - # make sure the man pages are suffixed #302165
4397 - # don't bother building man pages if they're disabled
4398 - sed -i \
4399 - -e '/DIRS/s: fips : :g' \
4400 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
4401 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
4402 - -e $(has noman FEATURES \
4403 - && echo '/^install:/s:install_docs::' \
4404 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
4405 - Makefile.org \
4406 - || die
4407 - # show the actual commands in the log
4408 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
4409 -
4410 - # since we're forcing $(CC) as makedep anyway, just fix
4411 - # the conditional as always-on
4412 - # helps clang (#417795), and versioned gcc (#499818)
4413 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
4414 -
4415 - # quiet out unknown driver argument warnings since openssl
4416 - # doesn't have well-split CFLAGS and we're making it even worse
4417 - # and 'make depend' uses -Werror for added fun (#417795 again)
4418 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
4419 -
4420 - # allow openssl to be cross-compiled
4421 - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
4422 - chmod a+rx gentoo.config
4423 -
4424 - append-flags -fno-strict-aliasing
4425 - append-flags $(test-flags-CC -Wa,--noexecstack)
4426 -
4427 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
4428 - # The config script does stupid stuff to prompt the user. Kill it.
4429 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
4430 - ./config --test-sanity || die "I AM NOT SANE"
4431 -
4432 - multilib_copy_sources
4433 -}
4434 -
4435 -multilib_src_configure() {
4436 - unset APPS #197996
4437 - unset SCRIPTS #312551
4438 - unset CROSS_COMPILE #311473
4439 -
4440 - tc-export CC AR RANLIB RC
4441 -
4442 - # Clean out patent-or-otherwise-encumbered code
4443 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
4444 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
4445 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
4446 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
4447 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
4448 -
4449 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
4450 - echoit() { echo "$@" ; "$@" ; }
4451 -
4452 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
4453 -
4454 - # See if our toolchain supports __uint128_t. If so, it's 64bit
4455 - # friendly and can use the nicely optimized code paths. #460790
4456 - local ec_nistp_64_gcc_128
4457 - # Disable it for now though #469976
4458 - #if ! use bindist ; then
4459 - # echo "__uint128_t i;" > "${T}"/128.c
4460 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
4461 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
4462 - # fi
4463 - #fi
4464 -
4465 - local sslout=$(./gentoo.config)
4466 - einfo "Use configuration ${sslout:-(openssl knows best)}"
4467 - local config="Configure"
4468 - [[ -z ${sslout} ]] && config="config"
4469 -
4470 - echoit \
4471 - ./${config} \
4472 - ${sslout} \
4473 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
4474 - enable-camellia \
4475 - $(use_ssl !bindist ec) \
4476 - ${ec_nistp_64_gcc_128} \
4477 - enable-idea \
4478 - enable-mdc2 \
4479 - $(use_ssl !bindist rc5) \
4480 - enable-tlsext \
4481 - $(use_ssl gmp gmp -lgmp) \
4482 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
4483 - $(use_ssl rfc3779) \
4484 - $(use_ssl tls-heartbeat heartbeats) \
4485 - $(use_ssl zlib) \
4486 - --prefix="${EPREFIX}"/usr \
4487 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
4488 - --libdir=$(get_libdir) \
4489 - shared threads \
4490 - || die
4491 -
4492 - # Clean out hardcoded flags that openssl uses
4493 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
4494 - -e 's:^CFLAG=::' \
4495 - -e 's:-fomit-frame-pointer ::g' \
4496 - -e 's:-O[0-9] ::g' \
4497 - -e 's:-march=[-a-z0-9]* ::g' \
4498 - -e 's:-mcpu=[-a-z0-9]* ::g' \
4499 - -e 's:-m[a-z0-9]* ::g' \
4500 - )
4501 - sed -i \
4502 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
4503 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
4504 - Makefile || die
4505 -}
4506 -
4507 -multilib_src_compile() {
4508 - # depend is needed to use $confopts; it also doesn't matter
4509 - # that it's -j1 as the code itself serializes subdirs
4510 - emake -j1 depend
4511 - emake all
4512 - # rehash is needed to prep the certs/ dir; do this
4513 - # separately to avoid parallel build issues.
4514 - emake rehash
4515 -}
4516 -
4517 -multilib_src_test() {
4518 - emake -j1 test
4519 -}
4520 -
4521 -multilib_src_install() {
4522 - emake INSTALL_PREFIX="${D}" install
4523 -}
4524 -
4525 -multilib_src_install_all() {
4526 - dobin "${WORKDIR}"/c_rehash #333117
4527 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
4528 - dohtml -r doc/*
4529 - use rfc3779 && dodoc engines/ccgost/README.gost
4530 -
4531 - # This is crappy in that the static archives are still built even
4532 - # when USE=static-libs. But this is due to a failing in the openssl
4533 - # build system: the static archives are built as PIC all the time.
4534 - # Only way around this would be to manually configure+compile openssl
4535 - # twice; once with shared lib support enabled and once without.
4536 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
4537 -
4538 - # create the certs directory
4539 - dodir ${SSL_CNF_DIR}/certs
4540 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
4541 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
4542 -
4543 - # Namespace openssl programs to prevent conflicts with other man pages
4544 - cd "${ED}"/usr/share/man
4545 - local m d s
4546 - for m in $(find . -type f | xargs grep -L '#include') ; do
4547 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
4548 - [[ ${m} == openssl.1* ]] && continue
4549 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
4550 - mv ${d}/{,ssl-}${m}
4551 - # fix up references to renamed man pages
4552 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
4553 - ln -s ssl-${m} ${d}/openssl-${m}
4554 - # locate any symlinks that point to this man page ... we assume
4555 - # that any broken links are due to the above renaming
4556 - for s in $(find -L ${d} -type l) ; do
4557 - s=${s##*/}
4558 - rm -f ${d}/${s}
4559 - ln -s ssl-${m} ${d}/ssl-${s}
4560 - ln -s ssl-${s} ${d}/openssl-${s}
4561 - done
4562 - done
4563 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
4564 -
4565 - dodir /etc/sandbox.d #254521
4566 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
4567 -
4568 - diropts -m0700
4569 - keepdir ${SSL_CNF_DIR}/private
4570 -}
4571 -
4572 -pkg_preinst() {
4573 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
4574 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
4575 -}
4576 -
4577 -pkg_postinst() {
4578 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
4579 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
4580 - eend $?
4581 -
4582 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
4583 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
4584 -}
4585
4586 diff --git a/dev-libs/openssl/openssl-1.0.1m.ebuild b/dev-libs/openssl/openssl-1.0.1m.ebuild
4587 deleted file mode 100644
4588 index 7f30b56..0000000
4589 --- a/dev-libs/openssl/openssl-1.0.1m.ebuild
4590 +++ /dev/null
4591 @@ -1,259 +0,0 @@
4592 -# Copyright 1999-2015 Gentoo Foundation
4593 -# Distributed under the terms of the GNU General Public License v2
4594 -# $Id$
4595 -
4596 -EAPI="4"
4597 -
4598 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
4599 -
4600 -REV="1.7"
4601 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
4602 -HOMEPAGE="http://www.openssl.org/"
4603 -SRC_URI="mirror://openssl/source/${P}.tar.gz
4604 - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
4605 -
4606 -LICENSE="openssl"
4607 -SLOT="0"
4608 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
4609 -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
4610 -RESTRICT="!bindist? ( bindist )"
4611 -
4612 -# The blocks are temporary just to make sure people upgrade to a
4613 -# version that lack runtime version checking. We'll drop them in
4614 -# the future.
4615 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
4616 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
4617 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
4618 - abi_x86_32? (
4619 - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
4620 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
4621 - )
4622 - !<net-misc/openssh-5.9_p1-r4
4623 - !<net-libs/neon-0.29.6-r1"
4624 -DEPEND="${RDEPEND}
4625 - sys-apps/diffutils
4626 - >=dev-lang/perl-5
4627 - test? ( sys-devel/bc )"
4628 -PDEPEND="app-misc/ca-certificates"
4629 -
4630 -src_unpack() {
4631 - unpack ${P}.tar.gz
4632 - SSL_CNF_DIR="/etc/ssl"
4633 - sed \
4634 - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
4635 - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
4636 - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
4637 - > "${WORKDIR}"/c_rehash || die #416717
4638 -}
4639 -
4640 -MULTILIB_WRAPPED_HEADERS=(
4641 - usr/include/openssl/opensslconf.h
4642 -)
4643 -
4644 -src_prepare() {
4645 - # Make sure we only ever touch Makefile.org and avoid patching a file
4646 - # that gets blown away anyways by the Configure script in src_configure
4647 - rm -f Makefile
4648 -
4649 - if ! use vanilla ; then
4650 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
4651 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
4652 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
4653 - epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
4654 - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
4655 - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
4656 - epatch "${FILESDIR}"/${PN}-1.0.1m-s_client-verify.patch #472584
4657 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
4658 - epatch_user #332661
4659 - fi
4660 -
4661 - # disable fips in the build
4662 - # make sure the man pages are suffixed #302165
4663 - # don't bother building man pages if they're disabled
4664 - sed -i \
4665 - -e '/DIRS/s: fips : :g' \
4666 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
4667 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
4668 - -e $(has noman FEATURES \
4669 - && echo '/^install:/s:install_docs::' \
4670 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
4671 - Makefile.org \
4672 - || die
4673 - # show the actual commands in the log
4674 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
4675 -
4676 - # since we're forcing $(CC) as makedep anyway, just fix
4677 - # the conditional as always-on
4678 - # helps clang (#417795), and versioned gcc (#499818)
4679 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
4680 -
4681 - # quiet out unknown driver argument warnings since openssl
4682 - # doesn't have well-split CFLAGS and we're making it even worse
4683 - # and 'make depend' uses -Werror for added fun (#417795 again)
4684 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
4685 -
4686 - # allow openssl to be cross-compiled
4687 - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
4688 - chmod a+rx gentoo.config
4689 -
4690 - append-flags -fno-strict-aliasing
4691 - append-flags $(test-flags-CC -Wa,--noexecstack)
4692 -
4693 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
4694 - # The config script does stupid stuff to prompt the user. Kill it.
4695 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
4696 - ./config --test-sanity || die "I AM NOT SANE"
4697 -
4698 - multilib_copy_sources
4699 -}
4700 -
4701 -multilib_src_configure() {
4702 - unset APPS #197996
4703 - unset SCRIPTS #312551
4704 - unset CROSS_COMPILE #311473
4705 -
4706 - tc-export CC AR RANLIB RC
4707 -
4708 - # Clean out patent-or-otherwise-encumbered code
4709 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
4710 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
4711 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
4712 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
4713 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
4714 -
4715 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
4716 - echoit() { echo "$@" ; "$@" ; }
4717 -
4718 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
4719 -
4720 - # See if our toolchain supports __uint128_t. If so, it's 64bit
4721 - # friendly and can use the nicely optimized code paths. #460790
4722 - local ec_nistp_64_gcc_128
4723 - # Disable it for now though #469976
4724 - #if ! use bindist ; then
4725 - # echo "__uint128_t i;" > "${T}"/128.c
4726 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
4727 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
4728 - # fi
4729 - #fi
4730 -
4731 - local sslout=$(./gentoo.config)
4732 - einfo "Use configuration ${sslout:-(openssl knows best)}"
4733 - local config="Configure"
4734 - [[ -z ${sslout} ]] && config="config"
4735 -
4736 - echoit \
4737 - ./${config} \
4738 - ${sslout} \
4739 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
4740 - enable-camellia \
4741 - $(use_ssl !bindist ec) \
4742 - ${ec_nistp_64_gcc_128} \
4743 - enable-idea \
4744 - enable-mdc2 \
4745 - $(use_ssl !bindist rc5) \
4746 - enable-tlsext \
4747 - $(use_ssl gmp gmp -lgmp) \
4748 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
4749 - $(use_ssl rfc3779) \
4750 - $(use_ssl tls-heartbeat heartbeats) \
4751 - $(use_ssl zlib) \
4752 - --prefix="${EPREFIX}"/usr \
4753 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
4754 - --libdir=$(get_libdir) \
4755 - shared threads \
4756 - || die
4757 -
4758 - # Clean out hardcoded flags that openssl uses
4759 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
4760 - -e 's:^CFLAG=::' \
4761 - -e 's:-fomit-frame-pointer ::g' \
4762 - -e 's:-O[0-9] ::g' \
4763 - -e 's:-march=[-a-z0-9]* ::g' \
4764 - -e 's:-mcpu=[-a-z0-9]* ::g' \
4765 - -e 's:-m[a-z0-9]* ::g' \
4766 - )
4767 - sed -i \
4768 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
4769 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
4770 - Makefile || die
4771 -}
4772 -
4773 -multilib_src_compile() {
4774 - # depend is needed to use $confopts; it also doesn't matter
4775 - # that it's -j1 as the code itself serializes subdirs
4776 - emake -j1 depend
4777 - emake all
4778 - # rehash is needed to prep the certs/ dir; do this
4779 - # separately to avoid parallel build issues.
4780 - emake rehash
4781 -}
4782 -
4783 -multilib_src_test() {
4784 - emake -j1 test
4785 -}
4786 -
4787 -multilib_src_install() {
4788 - emake INSTALL_PREFIX="${D}" install
4789 -}
4790 -
4791 -multilib_src_install_all() {
4792 - dobin "${WORKDIR}"/c_rehash #333117
4793 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
4794 - dohtml -r doc/*
4795 - use rfc3779 && dodoc engines/ccgost/README.gost
4796 -
4797 - # This is crappy in that the static archives are still built even
4798 - # when USE=static-libs. But this is due to a failing in the openssl
4799 - # build system: the static archives are built as PIC all the time.
4800 - # Only way around this would be to manually configure+compile openssl
4801 - # twice; once with shared lib support enabled and once without.
4802 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
4803 -
4804 - # create the certs directory
4805 - dodir ${SSL_CNF_DIR}/certs
4806 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
4807 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
4808 -
4809 - # Namespace openssl programs to prevent conflicts with other man pages
4810 - cd "${ED}"/usr/share/man
4811 - local m d s
4812 - for m in $(find . -type f | xargs grep -L '#include') ; do
4813 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
4814 - [[ ${m} == openssl.1* ]] && continue
4815 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
4816 - mv ${d}/{,ssl-}${m}
4817 - # fix up references to renamed man pages
4818 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
4819 - ln -s ssl-${m} ${d}/openssl-${m}
4820 - # locate any symlinks that point to this man page ... we assume
4821 - # that any broken links are due to the above renaming
4822 - for s in $(find -L ${d} -type l) ; do
4823 - s=${s##*/}
4824 - rm -f ${d}/${s}
4825 - ln -s ssl-${m} ${d}/ssl-${s}
4826 - ln -s ssl-${s} ${d}/openssl-${s}
4827 - done
4828 - done
4829 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
4830 -
4831 - dodir /etc/sandbox.d #254521
4832 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
4833 -
4834 - diropts -m0700
4835 - keepdir ${SSL_CNF_DIR}/private
4836 -}
4837 -
4838 -pkg_preinst() {
4839 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
4840 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
4841 -}
4842 -
4843 -pkg_postinst() {
4844 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
4845 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
4846 - eend $?
4847 -
4848 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
4849 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
4850 -}
4851
4852 diff --git a/dev-libs/openssl/openssl-1.0.1n.ebuild b/dev-libs/openssl/openssl-1.0.1n.ebuild
4853 deleted file mode 100644
4854 index 0b33ee9..0000000
4855 --- a/dev-libs/openssl/openssl-1.0.1n.ebuild
4856 +++ /dev/null
4857 @@ -1,258 +0,0 @@
4858 -# Copyright 1999-2015 Gentoo Foundation
4859 -# Distributed under the terms of the GNU General Public License v2
4860 -# $Id$
4861 -
4862 -EAPI="4"
4863 -
4864 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
4865 -
4866 -REV="1.7"
4867 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
4868 -HOMEPAGE="http://www.openssl.org/"
4869 -SRC_URI="mirror://openssl/source/${P}.tar.gz
4870 - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
4871 -
4872 -LICENSE="openssl"
4873 -SLOT="0"
4874 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
4875 -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
4876 -RESTRICT="!bindist? ( bindist )"
4877 -
4878 -# The blocks are temporary just to make sure people upgrade to a
4879 -# version that lack runtime version checking. We'll drop them in
4880 -# the future.
4881 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
4882 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
4883 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
4884 - abi_x86_32? (
4885 - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
4886 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
4887 - )
4888 - !<net-misc/openssh-5.9_p1-r4
4889 - !<net-libs/neon-0.29.6-r1"
4890 -DEPEND="${RDEPEND}
4891 - sys-apps/diffutils
4892 - >=dev-lang/perl-5
4893 - test? ( sys-devel/bc )"
4894 -PDEPEND="app-misc/ca-certificates"
4895 -
4896 -src_unpack() {
4897 - unpack ${P}.tar.gz
4898 - SSL_CNF_DIR="/etc/ssl"
4899 - sed \
4900 - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
4901 - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
4902 - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
4903 - > "${WORKDIR}"/c_rehash || die #416717
4904 -}
4905 -
4906 -MULTILIB_WRAPPED_HEADERS=(
4907 - usr/include/openssl/opensslconf.h
4908 -)
4909 -
4910 -src_prepare() {
4911 - # Make sure we only ever touch Makefile.org and avoid patching a file
4912 - # that gets blown away anyways by the Configure script in src_configure
4913 - rm -f Makefile
4914 -
4915 - if ! use vanilla ; then
4916 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
4917 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
4918 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
4919 - epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
4920 - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
4921 - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
4922 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
4923 - epatch_user #332661
4924 - fi
4925 -
4926 - # disable fips in the build
4927 - # make sure the man pages are suffixed #302165
4928 - # don't bother building man pages if they're disabled
4929 - sed -i \
4930 - -e '/DIRS/s: fips : :g' \
4931 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
4932 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
4933 - -e $(has noman FEATURES \
4934 - && echo '/^install:/s:install_docs::' \
4935 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
4936 - Makefile.org \
4937 - || die
4938 - # show the actual commands in the log
4939 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
4940 -
4941 - # since we're forcing $(CC) as makedep anyway, just fix
4942 - # the conditional as always-on
4943 - # helps clang (#417795), and versioned gcc (#499818)
4944 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
4945 -
4946 - # quiet out unknown driver argument warnings since openssl
4947 - # doesn't have well-split CFLAGS and we're making it even worse
4948 - # and 'make depend' uses -Werror for added fun (#417795 again)
4949 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
4950 -
4951 - # allow openssl to be cross-compiled
4952 - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
4953 - chmod a+rx gentoo.config
4954 -
4955 - append-flags -fno-strict-aliasing
4956 - append-flags $(test-flags-CC -Wa,--noexecstack)
4957 -
4958 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
4959 - # The config script does stupid stuff to prompt the user. Kill it.
4960 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
4961 - ./config --test-sanity || die "I AM NOT SANE"
4962 -
4963 - multilib_copy_sources
4964 -}
4965 -
4966 -multilib_src_configure() {
4967 - unset APPS #197996
4968 - unset SCRIPTS #312551
4969 - unset CROSS_COMPILE #311473
4970 -
4971 - tc-export CC AR RANLIB RC
4972 -
4973 - # Clean out patent-or-otherwise-encumbered code
4974 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
4975 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
4976 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
4977 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
4978 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
4979 -
4980 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
4981 - echoit() { echo "$@" ; "$@" ; }
4982 -
4983 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
4984 -
4985 - # See if our toolchain supports __uint128_t. If so, it's 64bit
4986 - # friendly and can use the nicely optimized code paths. #460790
4987 - local ec_nistp_64_gcc_128
4988 - # Disable it for now though #469976
4989 - #if ! use bindist ; then
4990 - # echo "__uint128_t i;" > "${T}"/128.c
4991 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
4992 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
4993 - # fi
4994 - #fi
4995 -
4996 - local sslout=$(./gentoo.config)
4997 - einfo "Use configuration ${sslout:-(openssl knows best)}"
4998 - local config="Configure"
4999 - [[ -z ${sslout} ]] && config="config"
5000 -
5001 - echoit \
5002 - ./${config} \
5003 - ${sslout} \
5004 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
5005 - enable-camellia \
5006 - $(use_ssl !bindist ec) \
5007 - ${ec_nistp_64_gcc_128} \
5008 - enable-idea \
5009 - enable-mdc2 \
5010 - $(use_ssl !bindist rc5) \
5011 - enable-tlsext \
5012 - $(use_ssl gmp gmp -lgmp) \
5013 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
5014 - $(use_ssl rfc3779) \
5015 - $(use_ssl tls-heartbeat heartbeats) \
5016 - $(use_ssl zlib) \
5017 - --prefix="${EPREFIX}"/usr \
5018 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
5019 - --libdir=$(get_libdir) \
5020 - shared threads \
5021 - || die
5022 -
5023 - # Clean out hardcoded flags that openssl uses
5024 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
5025 - -e 's:^CFLAG=::' \
5026 - -e 's:-fomit-frame-pointer ::g' \
5027 - -e 's:-O[0-9] ::g' \
5028 - -e 's:-march=[-a-z0-9]* ::g' \
5029 - -e 's:-mcpu=[-a-z0-9]* ::g' \
5030 - -e 's:-m[a-z0-9]* ::g' \
5031 - )
5032 - sed -i \
5033 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
5034 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
5035 - Makefile || die
5036 -}
5037 -
5038 -multilib_src_compile() {
5039 - # depend is needed to use $confopts; it also doesn't matter
5040 - # that it's -j1 as the code itself serializes subdirs
5041 - emake -j1 depend
5042 - emake all
5043 - # rehash is needed to prep the certs/ dir; do this
5044 - # separately to avoid parallel build issues.
5045 - emake rehash
5046 -}
5047 -
5048 -multilib_src_test() {
5049 - emake -j1 test
5050 -}
5051 -
5052 -multilib_src_install() {
5053 - emake INSTALL_PREFIX="${D}" install
5054 -}
5055 -
5056 -multilib_src_install_all() {
5057 - dobin "${WORKDIR}"/c_rehash #333117
5058 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
5059 - dohtml -r doc/*
5060 - use rfc3779 && dodoc engines/ccgost/README.gost
5061 -
5062 - # This is crappy in that the static archives are still built even
5063 - # when USE=static-libs. But this is due to a failing in the openssl
5064 - # build system: the static archives are built as PIC all the time.
5065 - # Only way around this would be to manually configure+compile openssl
5066 - # twice; once with shared lib support enabled and once without.
5067 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
5068 -
5069 - # create the certs directory
5070 - dodir ${SSL_CNF_DIR}/certs
5071 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
5072 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
5073 -
5074 - # Namespace openssl programs to prevent conflicts with other man pages
5075 - cd "${ED}"/usr/share/man
5076 - local m d s
5077 - for m in $(find . -type f | xargs grep -L '#include') ; do
5078 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
5079 - [[ ${m} == openssl.1* ]] && continue
5080 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
5081 - mv ${d}/{,ssl-}${m}
5082 - # fix up references to renamed man pages
5083 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
5084 - ln -s ssl-${m} ${d}/openssl-${m}
5085 - # locate any symlinks that point to this man page ... we assume
5086 - # that any broken links are due to the above renaming
5087 - for s in $(find -L ${d} -type l) ; do
5088 - s=${s##*/}
5089 - rm -f ${d}/${s}
5090 - ln -s ssl-${m} ${d}/ssl-${s}
5091 - ln -s ssl-${s} ${d}/openssl-${s}
5092 - done
5093 - done
5094 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
5095 -
5096 - dodir /etc/sandbox.d #254521
5097 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
5098 -
5099 - diropts -m0700
5100 - keepdir ${SSL_CNF_DIR}/private
5101 -}
5102 -
5103 -pkg_preinst() {
5104 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
5105 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
5106 -}
5107 -
5108 -pkg_postinst() {
5109 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
5110 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
5111 - eend $?
5112 -
5113 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
5114 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
5115 -}
5116
5117 diff --git a/dev-libs/openssl/openssl-1.0.1o.ebuild b/dev-libs/openssl/openssl-1.0.1o.ebuild
5118 deleted file mode 100644
5119 index f6c6c16..0000000
5120 --- a/dev-libs/openssl/openssl-1.0.1o.ebuild
5121 +++ /dev/null
5122 @@ -1,258 +0,0 @@
5123 -# Copyright 1999-2015 Gentoo Foundation
5124 -# Distributed under the terms of the GNU General Public License v2
5125 -# $Id$
5126 -
5127 -EAPI="4"
5128 -
5129 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
5130 -
5131 -REV="1.7"
5132 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
5133 -HOMEPAGE="http://www.openssl.org/"
5134 -SRC_URI="mirror://openssl/source/${P}.tar.gz
5135 - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
5136 -
5137 -LICENSE="openssl"
5138 -SLOT="0"
5139 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
5140 -IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
5141 -RESTRICT="!bindist? ( bindist )"
5142 -
5143 -# The blocks are temporary just to make sure people upgrade to a
5144 -# version that lack runtime version checking. We'll drop them in
5145 -# the future.
5146 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
5147 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
5148 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
5149 - abi_x86_32? (
5150 - !<=app-emulation/emul-linux-x86-baselibs-20140406-r3
5151 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
5152 - )
5153 - !<net-misc/openssh-5.9_p1-r4
5154 - !<net-libs/neon-0.29.6-r1"
5155 -DEPEND="${RDEPEND}
5156 - sys-apps/diffutils
5157 - >=dev-lang/perl-5
5158 - test? ( sys-devel/bc )"
5159 -PDEPEND="app-misc/ca-certificates"
5160 -
5161 -src_unpack() {
5162 - unpack ${P}.tar.gz
5163 - SSL_CNF_DIR="/etc/ssl"
5164 - sed \
5165 - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
5166 - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
5167 - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
5168 - > "${WORKDIR}"/c_rehash || die #416717
5169 -}
5170 -
5171 -MULTILIB_WRAPPED_HEADERS=(
5172 - usr/include/openssl/opensslconf.h
5173 -)
5174 -
5175 -src_prepare() {
5176 - # Make sure we only ever touch Makefile.org and avoid patching a file
5177 - # that gets blown away anyways by the Configure script in src_configure
5178 - rm -f Makefile
5179 -
5180 - if ! use vanilla ; then
5181 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
5182 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
5183 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
5184 - epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
5185 - epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
5186 - epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
5187 - epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
5188 - epatch_user #332661
5189 - fi
5190 -
5191 - # disable fips in the build
5192 - # make sure the man pages are suffixed #302165
5193 - # don't bother building man pages if they're disabled
5194 - sed -i \
5195 - -e '/DIRS/s: fips : :g' \
5196 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
5197 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
5198 - -e $(has noman FEATURES \
5199 - && echo '/^install:/s:install_docs::' \
5200 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
5201 - Makefile.org \
5202 - || die
5203 - # show the actual commands in the log
5204 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
5205 -
5206 - # since we're forcing $(CC) as makedep anyway, just fix
5207 - # the conditional as always-on
5208 - # helps clang (#417795), and versioned gcc (#499818)
5209 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
5210 -
5211 - # quiet out unknown driver argument warnings since openssl
5212 - # doesn't have well-split CFLAGS and we're making it even worse
5213 - # and 'make depend' uses -Werror for added fun (#417795 again)
5214 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
5215 -
5216 - # allow openssl to be cross-compiled
5217 - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
5218 - chmod a+rx gentoo.config
5219 -
5220 - append-flags -fno-strict-aliasing
5221 - append-flags $(test-flags-CC -Wa,--noexecstack)
5222 -
5223 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
5224 - # The config script does stupid stuff to prompt the user. Kill it.
5225 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
5226 - ./config --test-sanity || die "I AM NOT SANE"
5227 -
5228 - multilib_copy_sources
5229 -}
5230 -
5231 -multilib_src_configure() {
5232 - unset APPS #197996
5233 - unset SCRIPTS #312551
5234 - unset CROSS_COMPILE #311473
5235 -
5236 - tc-export CC AR RANLIB RC
5237 -
5238 - # Clean out patent-or-otherwise-encumbered code
5239 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
5240 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
5241 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
5242 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
5243 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
5244 -
5245 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
5246 - echoit() { echo "$@" ; "$@" ; }
5247 -
5248 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
5249 -
5250 - # See if our toolchain supports __uint128_t. If so, it's 64bit
5251 - # friendly and can use the nicely optimized code paths. #460790
5252 - local ec_nistp_64_gcc_128
5253 - # Disable it for now though #469976
5254 - #if ! use bindist ; then
5255 - # echo "__uint128_t i;" > "${T}"/128.c
5256 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
5257 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
5258 - # fi
5259 - #fi
5260 -
5261 - local sslout=$(./gentoo.config)
5262 - einfo "Use configuration ${sslout:-(openssl knows best)}"
5263 - local config="Configure"
5264 - [[ -z ${sslout} ]] && config="config"
5265 -
5266 - echoit \
5267 - ./${config} \
5268 - ${sslout} \
5269 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
5270 - enable-camellia \
5271 - $(use_ssl !bindist ec) \
5272 - ${ec_nistp_64_gcc_128} \
5273 - enable-idea \
5274 - enable-mdc2 \
5275 - $(use_ssl !bindist rc5) \
5276 - enable-tlsext \
5277 - $(use_ssl gmp gmp -lgmp) \
5278 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
5279 - $(use_ssl rfc3779) \
5280 - $(use_ssl tls-heartbeat heartbeats) \
5281 - $(use_ssl zlib) \
5282 - --prefix="${EPREFIX}"/usr \
5283 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
5284 - --libdir=$(get_libdir) \
5285 - shared threads \
5286 - || die
5287 -
5288 - # Clean out hardcoded flags that openssl uses
5289 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
5290 - -e 's:^CFLAG=::' \
5291 - -e 's:-fomit-frame-pointer ::g' \
5292 - -e 's:-O[0-9] ::g' \
5293 - -e 's:-march=[-a-z0-9]* ::g' \
5294 - -e 's:-mcpu=[-a-z0-9]* ::g' \
5295 - -e 's:-m[a-z0-9]* ::g' \
5296 - )
5297 - sed -i \
5298 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
5299 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
5300 - Makefile || die
5301 -}
5302 -
5303 -multilib_src_compile() {
5304 - # depend is needed to use $confopts; it also doesn't matter
5305 - # that it's -j1 as the code itself serializes subdirs
5306 - emake -j1 depend
5307 - emake all
5308 - # rehash is needed to prep the certs/ dir; do this
5309 - # separately to avoid parallel build issues.
5310 - emake rehash
5311 -}
5312 -
5313 -multilib_src_test() {
5314 - emake -j1 test
5315 -}
5316 -
5317 -multilib_src_install() {
5318 - emake INSTALL_PREFIX="${D}" install
5319 -}
5320 -
5321 -multilib_src_install_all() {
5322 - dobin "${WORKDIR}"/c_rehash #333117
5323 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
5324 - dohtml -r doc/*
5325 - use rfc3779 && dodoc engines/ccgost/README.gost
5326 -
5327 - # This is crappy in that the static archives are still built even
5328 - # when USE=static-libs. But this is due to a failing in the openssl
5329 - # build system: the static archives are built as PIC all the time.
5330 - # Only way around this would be to manually configure+compile openssl
5331 - # twice; once with shared lib support enabled and once without.
5332 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
5333 -
5334 - # create the certs directory
5335 - dodir ${SSL_CNF_DIR}/certs
5336 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
5337 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
5338 -
5339 - # Namespace openssl programs to prevent conflicts with other man pages
5340 - cd "${ED}"/usr/share/man
5341 - local m d s
5342 - for m in $(find . -type f | xargs grep -L '#include') ; do
5343 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
5344 - [[ ${m} == openssl.1* ]] && continue
5345 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
5346 - mv ${d}/{,ssl-}${m}
5347 - # fix up references to renamed man pages
5348 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
5349 - ln -s ssl-${m} ${d}/openssl-${m}
5350 - # locate any symlinks that point to this man page ... we assume
5351 - # that any broken links are due to the above renaming
5352 - for s in $(find -L ${d} -type l) ; do
5353 - s=${s##*/}
5354 - rm -f ${d}/${s}
5355 - ln -s ssl-${m} ${d}/ssl-${s}
5356 - ln -s ssl-${s} ${d}/openssl-${s}
5357 - done
5358 - done
5359 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
5360 -
5361 - dodir /etc/sandbox.d #254521
5362 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
5363 -
5364 - diropts -m0700
5365 - keepdir ${SSL_CNF_DIR}/private
5366 -}
5367 -
5368 -pkg_preinst() {
5369 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
5370 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
5371 -}
5372 -
5373 -pkg_postinst() {
5374 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
5375 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
5376 - eend $?
5377 -
5378 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
5379 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
5380 -}
5381
5382 diff --git a/dev-libs/openssl/openssl-1.0.2-r3.ebuild b/dev-libs/openssl/openssl-1.0.2-r3.ebuild
5383 deleted file mode 100644
5384 index 231155d..0000000
5385 --- a/dev-libs/openssl/openssl-1.0.2-r3.ebuild
5386 +++ /dev/null
5387 @@ -1,263 +0,0 @@
5388 -# Copyright 1999-2015 Gentoo Foundation
5389 -# Distributed under the terms of the GNU General Public License v2
5390 -# $Id$
5391 -
5392 -EAPI="4"
5393 -
5394 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
5395 -
5396 -REV="1.7"
5397 -MY_P=${P/_/-}
5398 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
5399 -HOMEPAGE="http://www.openssl.org/"
5400 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
5401 - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
5402 -
5403 -LICENSE="openssl"
5404 -SLOT="0"
5405 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
5406 -IUSE="bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
5407 -RESTRICT="!bindist? ( bindist )"
5408 -
5409 -# The blocks are temporary just to make sure people upgrade to a
5410 -# version that lack runtime version checking. We'll drop them in
5411 -# the future.
5412 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
5413 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
5414 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
5415 - abi_x86_32? (
5416 - !<=app-emulation/emul-linux-x86-baselibs-20140508
5417 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
5418 - )
5419 - !<net-misc/openssh-5.9_p1-r4
5420 - !<net-libs/neon-0.29.6-r1"
5421 -DEPEND="${RDEPEND}
5422 - sys-apps/diffutils
5423 - >=dev-lang/perl-5
5424 - sctp? ( >=net-misc/lksctp-tools-1.0.12 )
5425 - test? ( sys-devel/bc )"
5426 -PDEPEND="app-misc/ca-certificates"
5427 -
5428 -S="${WORKDIR}/${MY_P}"
5429 -
5430 -MULTILIB_WRAPPED_HEADERS=(
5431 - usr/include/openssl/opensslconf.h
5432 -)
5433 -
5434 -src_prepare() {
5435 - SSL_CNF_DIR="/etc/ssl"
5436 - sed \
5437 - -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
5438 - -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
5439 - "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
5440 - > "${WORKDIR}"/c_rehash || die #416717
5441 -
5442 - # Make sure we only ever touch Makefile.org and avoid patching a file
5443 - # that gets blown away anyways by the Configure script in src_configure
5444 - rm -f Makefile
5445 -
5446 - epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
5447 - epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
5448 - if ! use vanilla ; then
5449 - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
5450 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
5451 - epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
5452 - epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
5453 - epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
5454 - epatch "${FILESDIR}"/${PN}-1.0.2-CVE-2015-0291.patch
5455 -
5456 - epatch_user #332661
5457 - fi
5458 -
5459 - # disable fips in the build
5460 - # make sure the man pages are suffixed #302165
5461 - # don't bother building man pages if they're disabled
5462 - sed -i \
5463 - -e '/DIRS/s: fips : :g' \
5464 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
5465 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
5466 - -e $(has noman FEATURES \
5467 - && echo '/^install:/s:install_docs::' \
5468 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
5469 - Makefile.org \
5470 - || die
5471 - # show the actual commands in the log
5472 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
5473 -
5474 - # since we're forcing $(CC) as makedep anyway, just fix
5475 - # the conditional as always-on
5476 - # helps clang (#417795), and versioned gcc (#499818)
5477 - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
5478 -
5479 - # quiet out unknown driver argument warnings since openssl
5480 - # doesn't have well-split CFLAGS and we're making it even worse
5481 - # and 'make depend' uses -Werror for added fun (#417795 again)
5482 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
5483 -
5484 - # allow openssl to be cross-compiled
5485 - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
5486 - chmod a+rx gentoo.config
5487 -
5488 - append-flags -fno-strict-aliasing
5489 - append-flags $(test-flags-CC -Wa,--noexecstack)
5490 - append-cppflags -DOPENSSL_NO_BUF_FREELISTS
5491 -
5492 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
5493 - # The config script does stupid stuff to prompt the user. Kill it.
5494 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
5495 - ./config --test-sanity || die "I AM NOT SANE"
5496 -
5497 - multilib_copy_sources
5498 -}
5499 -
5500 -multilib_src_configure() {
5501 - unset APPS #197996
5502 - unset SCRIPTS #312551
5503 - unset CROSS_COMPILE #311473
5504 -
5505 - tc-export CC AR RANLIB RC
5506 -
5507 - # Clean out patent-or-otherwise-encumbered code
5508 - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
5509 - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
5510 - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
5511 - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
5512 - # RC5: Expired http://en.wikipedia.org/wiki/RC5
5513 -
5514 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
5515 - echoit() { echo "$@" ; "$@" ; }
5516 -
5517 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
5518 -
5519 - # See if our toolchain supports __uint128_t. If so, it's 64bit
5520 - # friendly and can use the nicely optimized code paths. #460790
5521 - local ec_nistp_64_gcc_128
5522 - # Disable it for now though #469976
5523 - #if ! use bindist ; then
5524 - # echo "__uint128_t i;" > "${T}"/128.c
5525 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
5526 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
5527 - # fi
5528 - #fi
5529 -
5530 - local sslout=$(./gentoo.config)
5531 - einfo "Use configuration ${sslout:-(openssl knows best)}"
5532 - local config="Configure"
5533 - [[ -z ${sslout} ]] && config="config"
5534 -
5535 - echoit \
5536 - ./${config} \
5537 - ${sslout} \
5538 - $(use sctp && echo "sctp") \
5539 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
5540 - enable-camellia \
5541 - $(use_ssl !bindist ec) \
5542 - ${ec_nistp_64_gcc_128} \
5543 - enable-idea \
5544 - enable-mdc2 \
5545 - enable-rc5 \
5546 - enable-tlsext \
5547 - $(use_ssl gmp gmp -lgmp) \
5548 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
5549 - $(use_ssl rfc3779) \
5550 - $(use_ssl tls-heartbeat heartbeats) \
5551 - $(use_ssl zlib) \
5552 - --prefix="${EPREFIX}"/usr \
5553 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
5554 - --libdir=$(get_libdir) \
5555 - shared threads \
5556 - || die
5557 -
5558 - # Clean out hardcoded flags that openssl uses
5559 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
5560 - -e 's:^CFLAG=::' \
5561 - -e 's:-fomit-frame-pointer ::g' \
5562 - -e 's:-O[0-9] ::g' \
5563 - -e 's:-march=[-a-z0-9]* ::g' \
5564 - -e 's:-mcpu=[-a-z0-9]* ::g' \
5565 - -e 's:-m[a-z0-9]* ::g' \
5566 - )
5567 - sed -i \
5568 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
5569 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
5570 - Makefile || die
5571 -}
5572 -
5573 -multilib_src_compile() {
5574 - # depend is needed to use $confopts; it also doesn't matter
5575 - # that it's -j1 as the code itself serializes subdirs
5576 - emake -j1 depend
5577 - emake all
5578 - # rehash is needed to prep the certs/ dir; do this
5579 - # separately to avoid parallel build issues.
5580 - emake rehash
5581 -}
5582 -
5583 -multilib_src_test() {
5584 - emake -j1 test
5585 -}
5586 -
5587 -multilib_src_install() {
5588 - emake INSTALL_PREFIX="${D}" install
5589 -}
5590 -
5591 -multilib_src_install_all() {
5592 - dobin "${WORKDIR}"/c_rehash #333117
5593 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
5594 - dohtml -r doc/*
5595 - use rfc3779 && dodoc engines/ccgost/README.gost
5596 -
5597 - # This is crappy in that the static archives are still built even
5598 - # when USE=static-libs. But this is due to a failing in the openssl
5599 - # build system: the static archives are built as PIC all the time.
5600 - # Only way around this would be to manually configure+compile openssl
5601 - # twice; once with shared lib support enabled and once without.
5602 - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
5603 -
5604 - # create the certs directory
5605 - dodir ${SSL_CNF_DIR}/certs
5606 - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
5607 - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
5608 -
5609 - # Namespace openssl programs to prevent conflicts with other man pages
5610 - cd "${ED}"/usr/share/man
5611 - local m d s
5612 - for m in $(find . -type f | xargs grep -L '#include') ; do
5613 - d=${m%/*} ; d=${d#./} ; m=${m##*/}
5614 - [[ ${m} == openssl.1* ]] && continue
5615 - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
5616 - mv ${d}/{,ssl-}${m}
5617 - # fix up references to renamed man pages
5618 - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
5619 - ln -s ssl-${m} ${d}/openssl-${m}
5620 - # locate any symlinks that point to this man page ... we assume
5621 - # that any broken links are due to the above renaming
5622 - for s in $(find -L ${d} -type l) ; do
5623 - s=${s##*/}
5624 - rm -f ${d}/${s}
5625 - ln -s ssl-${m} ${d}/ssl-${s}
5626 - ln -s ssl-${s} ${d}/openssl-${s}
5627 - done
5628 - done
5629 - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
5630 -
5631 - dodir /etc/sandbox.d #254521
5632 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
5633 -
5634 - diropts -m0700
5635 - keepdir ${SSL_CNF_DIR}/private
5636 -}
5637 -
5638 -pkg_preinst() {
5639 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
5640 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
5641 -}
5642 -
5643 -pkg_postinst() {
5644 - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
5645 - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
5646 - eend $?
5647 -
5648 - has_version ${CATEGORY}/${PN}:0.9.8 && return 0
5649 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
5650 -}
Report Message
Find on MARC Find on Google Groups