Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
Date: Tue, 01 Oct 2019 19:39:00
Message-Id: 1569958462.b91192d5d750dadc3673000dc065cf42f750da35.whissi@gentoo
1 commit: b91192d5d750dadc3673000dc065cf42f750da35
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Tue Oct 1 19:34:22 2019 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Tue Oct 1 19:34:22 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b91192d5
7
8 dev-libs/openssl-compat: security cleanup (#694162)
9
10 Bug: https://bugs.gentoo.org/694162
11 Package-Manager: Portage-2.3.76, Repoman-2.3.17
12 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14 dev-libs/openssl-compat/Manifest | 8 -
15 .../openssl-compat/openssl-compat-1.0.2r.ebuild | 249 --------------------
16 .../openssl-compat/openssl-compat-1.0.2s-r1.ebuild | 256 ---------------------
17 3 files changed, 513 deletions(-)
18
19 diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
20 index 5966e6d5d9a..5b5c397e40b 100644
21 --- a/dev-libs/openssl-compat/Manifest
22 +++ b/dev-libs/openssl-compat/Manifest
23 @@ -1,12 +1,4 @@
24 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
25 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
26 -DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
27 -DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
28 -DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
29 -DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
30 -DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24ee852a31dc369ccf0e44319259d8694d3571b8cb698efb8bce89dbe31f4fc9f82753cacb24cbd3d50fa2ab9b6e83 SHA512 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
31 -DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
32 -DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
33 -DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
34 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
35 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
36
37 diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild
38 deleted file mode 100644
39 index 7aef40f273d..00000000000
40 --- a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild
41 +++ /dev/null
42 @@ -1,249 +0,0 @@
43 -# Copyright 1999-2019 Gentoo Authors
44 -# Distributed under the terms of the GNU General Public License v2
45 -
46 -EAPI="6"
47 -
48 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
49 -
50 -# openssl-1.0.2-patches-1.6 contain additional CVE patches
51 -# which got fixed with this release.
52 -# Please use 1.7 version number when rolling a new tarball!
53 -PATCH_SET="openssl-1.0.2-patches-1.5"
54 -MY_P=openssl-${PV/_/-}
55 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
56 -HOMEPAGE="https://www.openssl.org/"
57 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
58 - !vanilla? (
59 - mirror://gentoo/${PATCH_SET}.tar.xz
60 - https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
61 - https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
62 - https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
63 - )"
64 -
65 -LICENSE="openssl"
66 -SLOT="1.0.0"
67 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
68 -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
69 -RESTRICT="!bindist? ( bindist )"
70 -
71 -RDEPEND=">=app-misc/c_rehash-1.7-r1
72 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
73 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
74 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
75 - !=dev-libs/openssl-1.0.2*:0
76 - !dev-libs/openssl:1.0.0"
77 -DEPEND="${RDEPEND}
78 - >=dev-lang/perl-5
79 - sctp? ( >=net-misc/lksctp-tools-1.0.12 )
80 - test? (
81 - sys-apps/diffutils
82 - sys-devel/bc
83 - )"
84 -
85 -RESTRICT="test"
86 -
87 -# Do not install any docs
88 -DOCS=()
89 -
90 -# This does not copy the entire Fedora patchset, but JUST the parts that
91 -# are needed to make it safe to use EC with RESTRICT=bindist.
92 -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
93 -SOURCE1=hobble-openssl
94 -SOURCE12=ec_curve.c
95 -SOURCE13=ectest.c
96 -# These are ported instead
97 -#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
98 -#PATCH37=openssl-1.1.0-ec-curves.patch
99 -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
100 -FEDORA_GIT_BRANCH='f25'
101 -FEDORA_SRC_URI=()
102 -FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
103 -FEDORA_PATCH=( $PATCH1 $PATCH37 )
104 -for i in "${FEDORA_SOURCE[@]}" ; do
105 - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
106 -done
107 -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
108 - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
109 -done
110 -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
111 -
112 -S="${WORKDIR}/${MY_P}"
113 -
114 -MULTILIB_WRAPPED_HEADERS=(
115 - usr/include/openssl/opensslconf.h
116 -)
117 -
118 -src_prepare() {
119 - if use bindist; then
120 - # This just removes the prefix, and puts it into WORKDIR like the RPM.
121 - for i in "${FEDORA_SOURCE[@]}" ; do
122 - cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
123 - done
124 - # .spec %prep
125 - bash "${WORKDIR}"/"${SOURCE1}" || die
126 - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
127 - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
128 - for i in "${FEDORA_PATCH[@]}" ; do
129 - eapply "${DISTDIR}"/"${i}"
130 - done
131 - eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
132 - # Also see the configure parts below:
133 - # enable-ec \
134 - # $(use_ssl !bindist ec2m) \
135 - # $(use_ssl !bindist srp) \
136 - fi
137 -
138 - # keep this in sync with app-misc/c_rehash
139 - SSL_CNF_DIR="/etc/ssl"
140 -
141 - # Make sure we only ever touch Makefile.org and avoid patching a file
142 - # that gets blown away anyways by the Configure script in src_configure
143 - rm -f Makefile
144 -
145 - if ! use vanilla ; then
146 - eapply "${WORKDIR}"/patch/*.patch
147 - fi
148 -
149 - eapply_user
150 -
151 - # disable fips in the build
152 - # make sure the man pages are suffixed #302165
153 - # don't bother building man pages if they're disabled
154 - sed -i \
155 - -e '/DIRS/s: fips : :g' \
156 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
157 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
158 - -e $(has noman FEATURES \
159 - && echo '/^install:/s:install_docs::' \
160 - || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
161 - Makefile.org \
162 - || die
163 - # show the actual commands in the log
164 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
165 -
166 - # since we're forcing $(CC) as makedep anyway, just fix
167 - # the conditional as always-on
168 - # helps clang (#417795), and versioned gcc (#499818)
169 - # this breaks build with 1.0.2p, not sure if it is needed anymore
170 - #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
171 -
172 - # quiet out unknown driver argument warnings since openssl
173 - # doesn't have well-split CFLAGS and we're making it even worse
174 - # and 'make depend' uses -Werror for added fun (#417795 again)
175 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
176 -
177 - # allow openssl to be cross-compiled
178 - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
179 - chmod a+rx gentoo.config || die
180 -
181 - append-flags -fno-strict-aliasing
182 - append-flags $(test-flags-CC -Wa,--noexecstack)
183 - append-cppflags -DOPENSSL_NO_BUF_FREELISTS
184 -
185 - sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
186 - # The config script does stupid stuff to prompt the user. Kill it.
187 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
188 - ./config --test-sanity || die "I AM NOT SANE"
189 -
190 - multilib_copy_sources
191 -}
192 -
193 -multilib_src_configure() {
194 - unset APPS #197996
195 - unset SCRIPTS #312551
196 - unset CROSS_COMPILE #311473
197 -
198 - tc-export CC AR RANLIB RC
199 -
200 - # Clean out patent-or-otherwise-encumbered code
201 - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
202 - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
203 - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
204 - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
205 - # RC5: Expired https://en.wikipedia.org/wiki/RC5
206 -
207 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
208 - echoit() { echo "$@" ; "$@" ; }
209 -
210 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
211 -
212 - # See if our toolchain supports __uint128_t. If so, it's 64bit
213 - # friendly and can use the nicely optimized code paths. #460790
214 - local ec_nistp_64_gcc_128
215 - # Disable it for now though #469976
216 - #if ! use bindist ; then
217 - # echo "__uint128_t i;" > "${T}"/128.c
218 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
219 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
220 - # fi
221 - #fi
222 -
223 - # https://github.com/openssl/openssl/issues/2286
224 - if use ia64 ; then
225 - replace-flags -g3 -g2
226 - replace-flags -ggdb3 -ggdb2
227 - fi
228 -
229 - local sslout=$(./gentoo.config)
230 - einfo "Use configuration ${sslout:-(openssl knows best)}"
231 - local config="Configure"
232 - [[ -z ${sslout} ]] && config="config"
233 -
234 - # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
235 - echoit \
236 - ./${config} \
237 - ${sslout} \
238 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
239 - enable-camellia \
240 - enable-ec \
241 - $(use_ssl !bindist ec2m) \
242 - $(use_ssl !bindist srp) \
243 - ${ec_nistp_64_gcc_128} \
244 - enable-idea \
245 - enable-mdc2 \
246 - enable-rc5 \
247 - enable-tlsext \
248 - $(use_ssl asm) \
249 - $(use_ssl gmp gmp -lgmp) \
250 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
251 - $(use_ssl rfc3779) \
252 - $(use_ssl sctp) \
253 - $(use_ssl sslv2 ssl2) \
254 - $(use_ssl sslv3 ssl3) \
255 - $(use_ssl tls-heartbeat heartbeats) \
256 - $(use_ssl zlib) \
257 - --prefix="${EPREFIX%/}"/usr \
258 - --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
259 - --libdir=$(get_libdir) \
260 - shared threads \
261 - || die
262 -
263 - # Clean out hardcoded flags that openssl uses
264 - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
265 - -e 's:^CFLAG=::' \
266 - -e 's:-fomit-frame-pointer ::g' \
267 - -e 's:-O[0-9] ::g' \
268 - -e 's:-march=[-a-z0-9]* ::g' \
269 - -e 's:-mcpu=[-a-z0-9]* ::g' \
270 - -e 's:-m[a-z0-9]* ::g' \
271 - )
272 - sed -i \
273 - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
274 - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
275 - Makefile || die
276 -}
277 -
278 -multilib_src_compile() {
279 - # depend is needed to use $confopts; it also doesn't matter
280 - # that it's -j1 as the code itself serializes subdirs
281 - emake -j1 V=1 depend
282 - emake build_libs
283 -}
284 -
285 -multilib_src_test() {
286 - emake -j1 test
287 -}
288 -
289 -multilib_src_install() {
290 - dolib.so lib{crypto,ssl}.so.${SLOT}
291 -}
292
293 diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
294 deleted file mode 100644
295 index f956fa3826a..00000000000
296 --- a/dev-libs/openssl-compat/openssl-compat-1.0.2s-r1.ebuild
297 +++ /dev/null
298 @@ -1,256 +0,0 @@
299 -# Copyright 1999-2019 Gentoo Authors
300 -# Distributed under the terms of the GNU General Public License v2
301 -
302 -EAPI="7"
303 -
304 -inherit flag-o-matic toolchain-funcs multilib multilib-minimal
305 -
306 -# openssl-1.0.2-patches-1.6 contain additional CVE patches
307 -# which got fixed with this release.
308 -# Please use 1.7 version number when rolling a new tarball!
309 -PATCH_SET="openssl-1.0.2-patches-1.5"
310 -MY_P=openssl-${PV/_/-}
311 -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
312 -HOMEPAGE="https://www.openssl.org/"
313 -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
314 - !vanilla? (
315 - mirror://gentoo/${PATCH_SET}.tar.xz
316 - https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
317 - https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
318 - https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
319 - )"
320 -
321 -LICENSE="openssl"
322 -SLOT="1.0.0"
323 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
324 -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
325 -RESTRICT="!bindist? ( bindist )"
326 -
327 -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
328 - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
329 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
330 - !=dev-libs/openssl-1.0.2*:0"
331 -DEPEND="${RDEPEND}"
332 -BDEPEND="
333 - >=dev-lang/perl-5
334 - sctp? ( >=net-misc/lksctp-tools-1.0.12 )
335 - test? (
336 - sys-apps/diffutils
337 - sys-devel/bc
338 - )"
339 -
340 -RESTRICT="test"
341 -
342 -# Do not install any docs
343 -DOCS=()
344 -
345 -# This does not copy the entire Fedora patchset, but JUST the parts that
346 -# are needed to make it safe to use EC with RESTRICT=bindist.
347 -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
348 -SOURCE1=hobble-openssl
349 -SOURCE12=ec_curve.c
350 -SOURCE13=ectest.c
351 -# These are ported instead
352 -#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
353 -#PATCH37=openssl-1.1.0-ec-curves.patch
354 -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
355 -FEDORA_GIT_BRANCH='f25'
356 -FEDORA_SRC_URI=()
357 -FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
358 -FEDORA_PATCH=( $PATCH1 $PATCH37 )
359 -for i in "${FEDORA_SOURCE[@]}" ; do
360 - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" )
361 -done
362 -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
363 - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
364 -done
365 -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
366 -
367 -S="${WORKDIR}/${MY_P}"
368 -
369 -MULTILIB_WRAPPED_HEADERS=(
370 - usr/include/openssl/opensslconf.h
371 -)
372 -
373 -src_prepare() {
374 - if use bindist; then
375 - # This just removes the prefix, and puts it into WORKDIR like the RPM.
376 - for i in "${FEDORA_SOURCE[@]}" ; do
377 - cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die
378 - done
379 - # .spec %prep
380 - bash "${WORKDIR}"/"${SOURCE1}" || die
381 - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
382 - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
383 - for i in "${FEDORA_PATCH[@]}" ; do
384 - eapply "${DISTDIR}"/"${i}"
385 - done
386 - eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
387 - # Also see the configure parts below:
388 - # enable-ec \
389 - # $(use_ssl !bindist ec2m) \
390 - # $(use_ssl !bindist srp) \
391 - fi
392 -
393 - # keep this in sync with app-misc/c_rehash
394 - SSL_CNF_DIR="/etc/ssl"
395 -
396 - # Make sure we only ever touch Makefile.org and avoid patching a file
397 - # that gets blown away anyways by the Configure script in src_configure
398 - rm -f Makefile
399 -
400 - if ! use vanilla ; then
401 - eapply "${WORKDIR}"/patch/*.patch
402 - fi
403 -
404 - eapply_user
405 -
406 - # disable fips in the build
407 - # make sure the man pages are suffixed #302165
408 - # don't bother building man pages if they're disabled
409 - sed -i \
410 - -e '/DIRS/s: fips : :g' \
411 - -e '/^MANSUFFIX/s:=.*:=ssl:' \
412 - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
413 - -e $(has noman FEATURES \
414 - && echo '/^install:/s:install_docs::' \
415 - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
416 - Makefile.org \
417 - || die
418 - # show the actual commands in the log
419 - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
420 -
421 - # since we're forcing $(CC) as makedep anyway, just fix
422 - # the conditional as always-on
423 - # helps clang (#417795), and versioned gcc (#499818)
424 - # this breaks build with 1.0.2p, not sure if it is needed anymore
425 - #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
426 -
427 - # quiet out unknown driver argument warnings since openssl
428 - # doesn't have well-split CFLAGS and we're making it even worse
429 - # and 'make depend' uses -Werror for added fun (#417795 again)
430 - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
431 -
432 - # allow openssl to be cross-compiled
433 - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
434 - chmod a+rx gentoo.config || die
435 -
436 - append-flags -fno-strict-aliasing
437 - append-flags $(test-flags-CC -Wa,--noexecstack)
438 - append-cppflags -DOPENSSL_NO_BUF_FREELISTS
439 -
440 - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
441 - # The config script does stupid stuff to prompt the user. Kill it.
442 - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
443 - ./config --test-sanity || die "I AM NOT SANE"
444 -
445 - multilib_copy_sources
446 -}
447 -
448 -multilib_src_configure() {
449 - unset APPS #197996
450 - unset SCRIPTS #312551
451 - unset CROSS_COMPILE #311473
452 -
453 - tc-export CC AR RANLIB RC
454 -
455 - # Clean out patent-or-otherwise-encumbered code
456 - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
457 - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
458 - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
459 - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
460 - # RC5: Expired https://en.wikipedia.org/wiki/RC5
461 -
462 - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
463 - echoit() { echo "$@" ; "$@" ; }
464 -
465 - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
466 -
467 - # See if our toolchain supports __uint128_t. If so, it's 64bit
468 - # friendly and can use the nicely optimized code paths. #460790
469 - local ec_nistp_64_gcc_128
470 - # Disable it for now though #469976
471 - #if ! use bindist ; then
472 - # echo "__uint128_t i;" > "${T}"/128.c
473 - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
474 - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
475 - # fi
476 - #fi
477 -
478 - # https://github.com/openssl/openssl/issues/2286
479 - if use ia64 ; then
480 - replace-flags -g3 -g2
481 - replace-flags -ggdb3 -ggdb2
482 - fi
483 -
484 - local sslout=$(./gentoo.config)
485 - einfo "Use configuration ${sslout:-(openssl knows best)}"
486 - local config="Configure"
487 - [[ -z ${sslout} ]] && config="config"
488 -
489 - # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
490 - # Make sure user flags don't get added *yet* to avoid duplicated
491 - # flags.
492 - CFLAGS= LDFLAGS= echoit \
493 - ./${config} \
494 - ${sslout} \
495 - $(use cpu_flags_x86_sse2 || echo "no-sse2") \
496 - enable-camellia \
497 - enable-ec \
498 - $(use_ssl !bindist ec2m) \
499 - $(use_ssl !bindist srp) \
500 - ${ec_nistp_64_gcc_128} \
501 - enable-idea \
502 - enable-mdc2 \
503 - enable-rc5 \
504 - enable-tlsext \
505 - $(use_ssl asm) \
506 - $(use_ssl gmp gmp -lgmp) \
507 - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
508 - $(use_ssl rfc3779) \
509 - $(use_ssl sctp) \
510 - $(use_ssl sslv2 ssl2) \
511 - $(use_ssl sslv3 ssl3) \
512 - $(use_ssl tls-heartbeat heartbeats) \
513 - $(use_ssl zlib) \
514 - --prefix="${EPREFIX}"/usr \
515 - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
516 - --libdir=$(get_libdir) \
517 - shared threads \
518 - || die
519 -
520 - # Clean out hardcoded flags that openssl uses
521 - local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
522 - -e 's:^CFLAG=::' \
523 - -e 's:\(^\| \)-fomit-frame-pointer::g' \
524 - -e 's:\(^\| \)-O[^ ]*::g' \
525 - -e 's:\(^\| \)-march=[^ ]*::g' \
526 - -e 's:\(^\| \)-mcpu=[^ ]*::g' \
527 - -e 's:\(^\| \)-m[^ ]*::g' \
528 - -e 's:^ *::' \
529 - -e 's: *$::' \
530 - -e 's: \+: :g' \
531 - -e 's:\\:\\\\:g'
532 - )
533 -
534 - # Now insert clean default flags with user flags
535 - sed -i \
536 - -e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
537 - -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
538 - Makefile || die
539 -}
540 -
541 -multilib_src_compile() {
542 - # depend is needed to use $confopts; it also doesn't matter
543 - # that it's -j1 as the code itself serializes subdirs
544 - emake -j1 V=1 depend
545 - emake build_libs
546 -}
547 -
548 -multilib_src_test() {
549 - emake -j1 test
550 -}
551 -
552 -multilib_src_install() {
553 - dolib.so lib{crypto,ssl}.so.${SLOT}
554 -}
Report Message
Find on MARC Find on Google Groups