Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/
Date: Tue, 26 Feb 2019 15:31:51
Message-Id: 1551195100.bb5e456564cfd1d18e8ec78b3436fbf99dd5496d.polynomial-c@gentoo
1 commit: bb5e456564cfd1d18e8ec78b3436fbf99dd5496d
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Tue Feb 26 15:11:35 2019 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Tue Feb 26 15:31:40 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb5e4565
7
8 dev-libs/openssl: Bump to version 1.0.2r and 1.1.1b
9
10 Package-Manager: Portage-2.3.62, Repoman-2.3.12
11 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13 dev-libs/openssl/Manifest | 8 +
14 dev-libs/openssl/openssl-1.0.2r-r200.ebuild | 248 ++++++++++++++++++++++
15 dev-libs/openssl/openssl-1.0.2r.ebuild | 309 ++++++++++++++++++++++++++++
16 dev-libs/openssl/openssl-1.1.1b.ebuild | 292 ++++++++++++++++++++++++++
17 4 files changed, 857 insertions(+)
18
19 diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
20 index 5a5713736d4..3f3dd41c6a0 100644
21 --- a/dev-libs/openssl/Manifest
22 +++ b/dev-libs/openssl/Manifest
23 @@ -4,6 +4,10 @@ DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89
24 DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
25 DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
26 DIST openssl-1.0.2q_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
27 +DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
28 +DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
29 +DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
30 +DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
31 DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
32 DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
33 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
34 @@ -15,3 +19,7 @@ DIST openssl-1.1.1a.tar.gz 8350547 BLAKE2B 71dae2f44ade3e31983599a491b5efe5da63b
35 DIST openssl-1.1.1a_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
36 DIST openssl-1.1.1a_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
37 DIST openssl-1.1.1a_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
38 +DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d
39 +DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
40 +DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
41 +DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
42
43 diff --git a/dev-libs/openssl/openssl-1.0.2r-r200.ebuild b/dev-libs/openssl/openssl-1.0.2r-r200.ebuild
44 new file mode 100644
45 index 00000000000..44b9547d141
46 --- /dev/null
47 +++ b/dev-libs/openssl/openssl-1.0.2r-r200.ebuild
48 @@ -0,0 +1,248 @@
49 +# Copyright 1999-2019 Gentoo Authors
50 +# Distributed under the terms of the GNU General Public License v2
51 +
52 +EAPI="6"
53 +
54 +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
55 +
56 +# openssl-1.0.2-patches-1.6 contain additional CVE patches
57 +# which got fixed with this release.
58 +# Please use 1.7 version number when rolling a new tarball!
59 +PATCH_SET="openssl-1.0.2-patches-1.5"
60 +MY_P=${P/_/-}
61 +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
62 +HOMEPAGE="https://www.openssl.org/"
63 +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
64 + !vanilla? (
65 + mirror://gentoo/${PATCH_SET}.tar.xz
66 + https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
67 + https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
68 + https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
69 + )"
70 +
71 +LICENSE="openssl"
72 +SLOT="1.0.0"
73 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
74 +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
75 +RESTRICT="!bindist? ( bindist )"
76 +
77 +RDEPEND=">=app-misc/c_rehash-1.7-r1
78 + gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
79 + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
80 + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
81 + !=dev-libs/openssl-1.0.2*:0"
82 +DEPEND="${RDEPEND}
83 + >=dev-lang/perl-5
84 + sctp? ( >=net-misc/lksctp-tools-1.0.12 )
85 + test? (
86 + sys-apps/diffutils
87 + sys-devel/bc
88 + )"
89 +
90 +RESTRICT="test"
91 +
92 +# Do not install any docs
93 +DOCS=()
94 +
95 +# This does not copy the entire Fedora patchset, but JUST the parts that
96 +# are needed to make it safe to use EC with RESTRICT=bindist.
97 +# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
98 +SOURCE1=hobble-openssl
99 +SOURCE12=ec_curve.c
100 +SOURCE13=ectest.c
101 +# These are ported instead
102 +#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
103 +#PATCH37=openssl-1.1.0-ec-curves.patch
104 +FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
105 +FEDORA_GIT_BRANCH='f25'
106 +FEDORA_SRC_URI=()
107 +FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
108 +FEDORA_PATCH=( $PATCH1 $PATCH37 )
109 +for i in "${FEDORA_SOURCE[@]}" ; do
110 + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
111 +done
112 +for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
113 + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
114 +done
115 +SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
116 +
117 +S="${WORKDIR}/${MY_P}"
118 +
119 +MULTILIB_WRAPPED_HEADERS=(
120 + usr/include/openssl/opensslconf.h
121 +)
122 +
123 +src_prepare() {
124 + if use bindist; then
125 + # This just removes the prefix, and puts it into WORKDIR like the RPM.
126 + for i in "${FEDORA_SOURCE[@]}" ; do
127 + cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
128 + done
129 + # .spec %prep
130 + bash "${WORKDIR}"/"${SOURCE1}" || die
131 + cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
132 + cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
133 + for i in "${FEDORA_PATCH[@]}" ; do
134 + eapply "${DISTDIR}"/"${i}"
135 + done
136 + eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
137 + # Also see the configure parts below:
138 + # enable-ec \
139 + # $(use_ssl !bindist ec2m) \
140 + # $(use_ssl !bindist srp) \
141 + fi
142 +
143 + # keep this in sync with app-misc/c_rehash
144 + SSL_CNF_DIR="/etc/ssl"
145 +
146 + # Make sure we only ever touch Makefile.org and avoid patching a file
147 + # that gets blown away anyways by the Configure script in src_configure
148 + rm -f Makefile
149 +
150 + if ! use vanilla ; then
151 + eapply "${WORKDIR}"/patch/*.patch
152 + fi
153 +
154 + eapply_user
155 +
156 + # disable fips in the build
157 + # make sure the man pages are suffixed #302165
158 + # don't bother building man pages if they're disabled
159 + sed -i \
160 + -e '/DIRS/s: fips : :g' \
161 + -e '/^MANSUFFIX/s:=.*:=ssl:' \
162 + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
163 + -e $(has noman FEATURES \
164 + && echo '/^install:/s:install_docs::' \
165 + || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
166 + Makefile.org \
167 + || die
168 + # show the actual commands in the log
169 + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
170 +
171 + # since we're forcing $(CC) as makedep anyway, just fix
172 + # the conditional as always-on
173 + # helps clang (#417795), and versioned gcc (#499818)
174 + # this breaks build with 1.0.2p, not sure if it is needed anymore
175 + #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
176 +
177 + # quiet out unknown driver argument warnings since openssl
178 + # doesn't have well-split CFLAGS and we're making it even worse
179 + # and 'make depend' uses -Werror for added fun (#417795 again)
180 + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
181 +
182 + # allow openssl to be cross-compiled
183 + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
184 + chmod a+rx gentoo.config || die
185 +
186 + append-flags -fno-strict-aliasing
187 + append-flags $(test-flags-CC -Wa,--noexecstack)
188 + append-cppflags -DOPENSSL_NO_BUF_FREELISTS
189 +
190 + sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
191 + # The config script does stupid stuff to prompt the user. Kill it.
192 + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
193 + ./config --test-sanity || die "I AM NOT SANE"
194 +
195 + multilib_copy_sources
196 +}
197 +
198 +multilib_src_configure() {
199 + unset APPS #197996
200 + unset SCRIPTS #312551
201 + unset CROSS_COMPILE #311473
202 +
203 + tc-export CC AR RANLIB RC
204 +
205 + # Clean out patent-or-otherwise-encumbered code
206 + # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
207 + # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
208 + # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
209 + # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
210 + # RC5: Expired https://en.wikipedia.org/wiki/RC5
211 +
212 + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
213 + echoit() { echo "$@" ; "$@" ; }
214 +
215 + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
216 +
217 + # See if our toolchain supports __uint128_t. If so, it's 64bit
218 + # friendly and can use the nicely optimized code paths. #460790
219 + local ec_nistp_64_gcc_128
220 + # Disable it for now though #469976
221 + #if ! use bindist ; then
222 + # echo "__uint128_t i;" > "${T}"/128.c
223 + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
224 + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
225 + # fi
226 + #fi
227 +
228 + # https://github.com/openssl/openssl/issues/2286
229 + if use ia64 ; then
230 + replace-flags -g3 -g2
231 + replace-flags -ggdb3 -ggdb2
232 + fi
233 +
234 + local sslout=$(./gentoo.config)
235 + einfo "Use configuration ${sslout:-(openssl knows best)}"
236 + local config="Configure"
237 + [[ -z ${sslout} ]] && config="config"
238 +
239 + # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
240 + echoit \
241 + ./${config} \
242 + ${sslout} \
243 + $(use cpu_flags_x86_sse2 || echo "no-sse2") \
244 + enable-camellia \
245 + enable-ec \
246 + $(use_ssl !bindist ec2m) \
247 + $(use_ssl !bindist srp) \
248 + ${ec_nistp_64_gcc_128} \
249 + enable-idea \
250 + enable-mdc2 \
251 + enable-rc5 \
252 + enable-tlsext \
253 + $(use_ssl asm) \
254 + $(use_ssl gmp gmp -lgmp) \
255 + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
256 + $(use_ssl rfc3779) \
257 + $(use_ssl sctp) \
258 + $(use_ssl sslv2 ssl2) \
259 + $(use_ssl sslv3 ssl3) \
260 + $(use_ssl tls-heartbeat heartbeats) \
261 + $(use_ssl zlib) \
262 + --prefix="${EPREFIX%/}"/usr \
263 + --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
264 + --libdir=$(get_libdir) \
265 + shared threads \
266 + || die
267 +
268 + # Clean out hardcoded flags that openssl uses
269 + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
270 + -e 's:^CFLAG=::' \
271 + -e 's:-fomit-frame-pointer ::g' \
272 + -e 's:-O[0-9] ::g' \
273 + -e 's:-march=[-a-z0-9]* ::g' \
274 + -e 's:-mcpu=[-a-z0-9]* ::g' \
275 + -e 's:-m[a-z0-9]* ::g' \
276 + )
277 + sed -i \
278 + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
279 + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
280 + Makefile || die
281 +}
282 +
283 +multilib_src_compile() {
284 + # depend is needed to use $confopts; it also doesn't matter
285 + # that it's -j1 as the code itself serializes subdirs
286 + emake -j1 V=1 depend
287 + emake build_libs
288 +}
289 +
290 +multilib_src_test() {
291 + emake -j1 test
292 +}
293 +
294 +multilib_src_install() {
295 + dolib.so lib{crypto,ssl}.so.${SLOT}
296 +}
297
298 diff --git a/dev-libs/openssl/openssl-1.0.2r.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
299 new file mode 100644
300 index 00000000000..27fcb6ba683
301 --- /dev/null
302 +++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
303 @@ -0,0 +1,309 @@
304 +# Copyright 1999-2019 Gentoo Authors
305 +# Distributed under the terms of the GNU General Public License v2
306 +
307 +EAPI="6"
308 +
309 +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
310 +
311 +# openssl-1.0.2-patches-1.6 contain additional CVE patches
312 +# which got fixed with this release.
313 +# Please use 1.7 version number when rolling a new tarball!
314 +PATCH_SET="openssl-1.0.2-patches-1.5"
315 +MY_P=${P/_/-}
316 +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
317 +HOMEPAGE="https://www.openssl.org/"
318 +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
319 + !vanilla? (
320 + mirror://gentoo/${PATCH_SET}.tar.xz
321 + https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
322 + https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
323 + https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
324 + )"
325 +
326 +LICENSE="openssl"
327 +SLOT="0"
328 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
329 +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
330 +RESTRICT="!bindist? ( bindist )"
331 +
332 +RDEPEND=">=app-misc/c_rehash-1.7-r1
333 + gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
334 + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
335 + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
336 +DEPEND="${RDEPEND}
337 + >=dev-lang/perl-5
338 + sctp? ( >=net-misc/lksctp-tools-1.0.12 )
339 + test? (
340 + sys-apps/diffutils
341 + sys-devel/bc
342 + )"
343 +PDEPEND="app-misc/ca-certificates"
344 +
345 +# This does not copy the entire Fedora patchset, but JUST the parts that
346 +# are needed to make it safe to use EC with RESTRICT=bindist.
347 +# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
348 +SOURCE1=hobble-openssl
349 +SOURCE12=ec_curve.c
350 +SOURCE13=ectest.c
351 +# These are ported instead
352 +#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
353 +#PATCH37=openssl-1.1.0-ec-curves.patch
354 +FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
355 +FEDORA_GIT_BRANCH='f25'
356 +FEDORA_SRC_URI=()
357 +FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
358 +FEDORA_PATCH=( $PATCH1 $PATCH37 )
359 +for i in "${FEDORA_SOURCE[@]}" ; do
360 + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
361 +done
362 +for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
363 + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
364 +done
365 +SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
366 +
367 +S="${WORKDIR}/${MY_P}"
368 +
369 +MULTILIB_WRAPPED_HEADERS=(
370 + usr/include/openssl/opensslconf.h
371 +)
372 +
373 +src_prepare() {
374 + if use bindist; then
375 + # This just removes the prefix, and puts it into WORKDIR like the RPM.
376 + for i in "${FEDORA_SOURCE[@]}" ; do
377 + cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
378 + done
379 + # .spec %prep
380 + bash "${WORKDIR}"/"${SOURCE1}" || die
381 + cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
382 + cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
383 + for i in "${FEDORA_PATCH[@]}" ; do
384 + eapply "${DISTDIR}"/"${i}"
385 + done
386 + eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
387 + # Also see the configure parts below:
388 + # enable-ec \
389 + # $(use_ssl !bindist ec2m) \
390 + # $(use_ssl !bindist srp) \
391 + fi
392 +
393 + # keep this in sync with app-misc/c_rehash
394 + SSL_CNF_DIR="/etc/ssl"
395 +
396 + # Make sure we only ever touch Makefile.org and avoid patching a file
397 + # that gets blown away anyways by the Configure script in src_configure
398 + rm -f Makefile
399 +
400 + if ! use vanilla ; then
401 + eapply "${WORKDIR}"/patch/*.patch
402 + fi
403 +
404 + eapply_user
405 +
406 + # disable fips in the build
407 + # make sure the man pages are suffixed #302165
408 + # don't bother building man pages if they're disabled
409 + sed -i \
410 + -e '/DIRS/s: fips : :g' \
411 + -e '/^MANSUFFIX/s:=.*:=ssl:' \
412 + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
413 + -e $(has noman FEATURES \
414 + && echo '/^install:/s:install_docs::' \
415 + || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
416 + Makefile.org \
417 + || die
418 + # show the actual commands in the log
419 + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
420 +
421 + # since we're forcing $(CC) as makedep anyway, just fix
422 + # the conditional as always-on
423 + # helps clang (#417795), and versioned gcc (#499818)
424 + # this breaks build with 1.0.2p, not sure if it is needed anymore
425 + #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
426 +
427 + # quiet out unknown driver argument warnings since openssl
428 + # doesn't have well-split CFLAGS and we're making it even worse
429 + # and 'make depend' uses -Werror for added fun (#417795 again)
430 + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
431 +
432 + # allow openssl to be cross-compiled
433 + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
434 + chmod a+rx gentoo.config || die
435 +
436 + append-flags -fno-strict-aliasing
437 + append-flags $(test-flags-CC -Wa,--noexecstack)
438 + append-cppflags -DOPENSSL_NO_BUF_FREELISTS
439 +
440 + sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
441 + # The config script does stupid stuff to prompt the user. Kill it.
442 + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
443 + ./config --test-sanity || die "I AM NOT SANE"
444 +
445 + multilib_copy_sources
446 +}
447 +
448 +multilib_src_configure() {
449 + unset APPS #197996
450 + unset SCRIPTS #312551
451 + unset CROSS_COMPILE #311473
452 +
453 + tc-export CC AR RANLIB RC
454 +
455 + # Clean out patent-or-otherwise-encumbered code
456 + # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
457 + # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
458 + # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
459 + # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
460 + # RC5: Expired https://en.wikipedia.org/wiki/RC5
461 +
462 + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
463 + echoit() { echo "$@" ; "$@" ; }
464 +
465 + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
466 +
467 + # See if our toolchain supports __uint128_t. If so, it's 64bit
468 + # friendly and can use the nicely optimized code paths. #460790
469 + local ec_nistp_64_gcc_128
470 + # Disable it for now though #469976
471 + #if ! use bindist ; then
472 + # echo "__uint128_t i;" > "${T}"/128.c
473 + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
474 + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
475 + # fi
476 + #fi
477 +
478 + # https://github.com/openssl/openssl/issues/2286
479 + if use ia64 ; then
480 + replace-flags -g3 -g2
481 + replace-flags -ggdb3 -ggdb2
482 + fi
483 +
484 + local sslout=$(./gentoo.config)
485 + einfo "Use configuration ${sslout:-(openssl knows best)}"
486 + local config="Configure"
487 + [[ -z ${sslout} ]] && config="config"
488 +
489 + # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
490 + echoit \
491 + ./${config} \
492 + ${sslout} \
493 + $(use cpu_flags_x86_sse2 || echo "no-sse2") \
494 + enable-camellia \
495 + enable-ec \
496 + $(use_ssl !bindist ec2m) \
497 + $(use_ssl !bindist srp) \
498 + ${ec_nistp_64_gcc_128} \
499 + enable-idea \
500 + enable-mdc2 \
501 + enable-rc5 \
502 + enable-tlsext \
503 + $(use_ssl asm) \
504 + $(use_ssl gmp gmp -lgmp) \
505 + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
506 + $(use_ssl rfc3779) \
507 + $(use_ssl sctp) \
508 + $(use_ssl sslv2 ssl2) \
509 + $(use_ssl sslv3 ssl3) \
510 + $(use_ssl tls-heartbeat heartbeats) \
511 + $(use_ssl zlib) \
512 + --prefix="${EPREFIX%/}"/usr \
513 + --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
514 + --libdir=$(get_libdir) \
515 + shared threads \
516 + || die
517 +
518 + # Clean out hardcoded flags that openssl uses
519 + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
520 + -e 's:^CFLAG=::' \
521 + -e 's:-fomit-frame-pointer ::g' \
522 + -e 's:-O[0-9] ::g' \
523 + -e 's:-march=[-a-z0-9]* ::g' \
524 + -e 's:-mcpu=[-a-z0-9]* ::g' \
525 + -e 's:-m[a-z0-9]* ::g' \
526 + )
527 + sed -i \
528 + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
529 + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
530 + Makefile || die
531 +}
532 +
533 +multilib_src_compile() {
534 + # depend is needed to use $confopts; it also doesn't matter
535 + # that it's -j1 as the code itself serializes subdirs
536 + emake -j1 V=1 depend
537 + emake all
538 + # rehash is needed to prep the certs/ dir; do this
539 + # separately to avoid parallel build issues.
540 + emake rehash
541 +}
542 +
543 +multilib_src_test() {
544 + emake -j1 test
545 +}
546 +
547 +multilib_src_install() {
548 + # We need to create $ED/usr on our own to avoid a race condition #665130
549 + if [[ ! -d "${ED%/}/usr" ]]; then
550 + # We can only create this directory once
551 + mkdir "${ED%/}"/usr || die
552 + fi
553 +
554 + emake INSTALL_PREFIX="${D%/}" install
555 +}
556 +
557 +multilib_src_install_all() {
558 + # openssl installs perl version of c_rehash by default, but
559 + # we provide a shell version via app-misc/c_rehash
560 + rm "${ED%/}"/usr/bin/c_rehash || die
561 +
562 + local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
563 + einstalldocs
564 +
565 + use rfc3779 && dodoc engines/ccgost/README.gost
566 +
567 + # This is crappy in that the static archives are still built even
568 + # when USE=static-libs. But this is due to a failing in the openssl
569 + # build system: the static archives are built as PIC all the time.
570 + # Only way around this would be to manually configure+compile openssl
571 + # twice; once with shared lib support enabled and once without.
572 + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
573 +
574 + # create the certs directory
575 + dodir ${SSL_CNF_DIR}/certs
576 + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
577 + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
578 +
579 + # Namespace openssl programs to prevent conflicts with other man pages
580 + cd "${ED}"/usr/share/man
581 + local m d s
582 + for m in $(find . -type f | xargs grep -L '#include') ; do
583 + d=${m%/*} ; d=${d#./} ; m=${m##*/}
584 + [[ ${m} == openssl.1* ]] && continue
585 + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
586 + mv ${d}/{,ssl-}${m}
587 + # fix up references to renamed man pages
588 + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
589 + ln -s ssl-${m} ${d}/openssl-${m}
590 + # locate any symlinks that point to this man page ... we assume
591 + # that any broken links are due to the above renaming
592 + for s in $(find -L ${d} -type l) ; do
593 + s=${s##*/}
594 + rm -f ${d}/${s}
595 + ln -s ssl-${m} ${d}/ssl-${s}
596 + ln -s ssl-${s} ${d}/openssl-${s}
597 + done
598 + done
599 + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
600 +
601 + dodir /etc/sandbox.d #254521
602 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
603 +
604 + diropts -m0700
605 + keepdir ${SSL_CNF_DIR}/private
606 +}
607 +
608 +pkg_postinst() {
609 + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
610 + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
611 + eend $?
612 +}
613
614 diff --git a/dev-libs/openssl/openssl-1.1.1b.ebuild b/dev-libs/openssl/openssl-1.1.1b.ebuild
615 new file mode 100644
616 index 00000000000..ad888b7d6a6
617 --- /dev/null
618 +++ b/dev-libs/openssl/openssl-1.1.1b.ebuild
619 @@ -0,0 +1,292 @@
620 +# Copyright 1999-2019 Gentoo Authors
621 +# Distributed under the terms of the GNU General Public License v2
622 +
623 +EAPI="6"
624 +
625 +inherit flag-o-matic toolchain-funcs multilib multilib-minimal
626 +
627 +MY_P=${P/_/-}
628 +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
629 +HOMEPAGE="https://www.openssl.org/"
630 +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
631 +
632 +LICENSE="openssl"
633 +SLOT="0/1.1" # .so version of libssl/libcrypto
634 +[[ "${PV}" = *_pre* ]] || \
635 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
636 +IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
637 +RESTRICT="!bindist? ( bindist )"
638 +
639 +RDEPEND=">=app-misc/c_rehash-1.7-r1
640 + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
641 +DEPEND="${RDEPEND}
642 + >=dev-lang/perl-5
643 + sctp? ( >=net-misc/lksctp-tools-1.0.12 )
644 + test? (
645 + sys-apps/diffutils
646 + sys-devel/bc
647 + )"
648 +PDEPEND="app-misc/ca-certificates"
649 +
650 +PATCHES=(
651 + "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
652 +)
653 +
654 +# This does not copy the entire Fedora patchset, but JUST the parts that
655 +# are needed to make it safe to use EC with RESTRICT=bindist.
656 +# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
657 +SOURCE1=hobble-openssl
658 +SOURCE12=ec_curve.c
659 +SOURCE13=ectest.c
660 +PATCH37=openssl-1.1.1-ec-curves.patch
661 +FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
662 +FEDORA_GIT_BRANCH='f29'
663 +FEDORA_SRC_URI=()
664 +FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
665 +FEDORA_PATCH=( ${PATCH37} )
666 +for i in "${FEDORA_SOURCE[@]}" ; do
667 + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
668 +done
669 +for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
670 + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
671 +done
672 +SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
673 +
674 +S="${WORKDIR}/${MY_P}"
675 +
676 +MULTILIB_WRAPPED_HEADERS=(
677 + usr/include/openssl/opensslconf.h
678 +)
679 +
680 +src_prepare() {
681 + if use bindist; then
682 + # This just removes the prefix, and puts it into WORKDIR like the RPM.
683 + for i in "${FEDORA_SOURCE[@]}" ; do
684 + cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
685 + done
686 + # .spec %prep
687 + bash "${WORKDIR}"/"${SOURCE1}" || die
688 + cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
689 + cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
690 + for i in "${FEDORA_PATCH[@]}" ; do
691 + eapply "${DISTDIR}"/"${i}"
692 + done
693 + # Also see the configure parts below:
694 + # enable-ec \
695 + # $(use_ssl !bindist ec2m) \
696 +
697 + fi
698 +
699 + # keep this in sync with app-misc/c_rehash
700 + SSL_CNF_DIR="/etc/ssl"
701 +
702 + # Make sure we only ever touch Makefile.org and avoid patching a file
703 + # that gets blown away anyways by the Configure script in src_configure
704 + rm -f Makefile
705 +
706 + if ! use vanilla ; then
707 + if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
708 + [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
709 + fi
710 + fi
711 +
712 + eapply_user #332661
713 +
714 + # make sure the man pages are suffixed #302165
715 + # don't bother building man pages if they're disabled
716 + # Make DOCDIR Gentoo compliant
717 + sed -i \
718 + -e '/^MANSUFFIX/s:=.*:=ssl:' \
719 + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
720 + -e $(has noman FEATURES \
721 + && echo '/^install:/s:install_docs::' \
722 + || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
723 + -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
724 + Configurations/unix-Makefile.tmpl \
725 + || die
726 +
727 + # quiet out unknown driver argument warnings since openssl
728 + # doesn't have well-split CFLAGS and we're making it even worse
729 + # and 'make depend' uses -Werror for added fun (#417795 again)
730 + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
731 +
732 + # allow openssl to be cross-compiled
733 + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
734 + chmod a+rx gentoo.config || die
735 +
736 + append-flags -fno-strict-aliasing
737 + append-flags $(test-flags-CC -Wa,--noexecstack)
738 + append-cppflags -DOPENSSL_NO_BUF_FREELISTS
739 +
740 + # Prefixify Configure shebang (#141906)
741 + sed \
742 + -e "1s,/usr/bin/env,${EPREFIX%/}&," \
743 + -i Configure || die
744 + # Remove test target when FEATURES=test isn't set
745 + if ! use test ; then
746 + sed \
747 + -e '/^$config{dirs}/s@ "test",@@' \
748 + -i Configure || die
749 + fi
750 + # The config script does stupid stuff to prompt the user. Kill it.
751 + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
752 + ./config --test-sanity || die "I AM NOT SANE"
753 +
754 + multilib_copy_sources
755 +}
756 +
757 +multilib_src_configure() {
758 + unset APPS #197996
759 + unset SCRIPTS #312551
760 + unset CROSS_COMPILE #311473
761 +
762 + tc-export CC AR RANLIB RC
763 +
764 + # Clean out patent-or-otherwise-encumbered code
765 + # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
766 + # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
767 + # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
768 + # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
769 + # RC5: Expired https://en.wikipedia.org/wiki/RC5
770 +
771 + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
772 + echoit() { echo "$@" ; "$@" ; }
773 +
774 + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
775 +
776 + # See if our toolchain supports __uint128_t. If so, it's 64bit
777 + # friendly and can use the nicely optimized code paths. #460790
778 + local ec_nistp_64_gcc_128
779 + # Disable it for now though #469976
780 + #if ! use bindist ; then
781 + # echo "__uint128_t i;" > "${T}"/128.c
782 + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
783 + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
784 + # fi
785 + #fi
786 +
787 + local sslout=$(./gentoo.config)
788 + einfo "Use configuration ${sslout:-(openssl knows best)}"
789 + local config="Configure"
790 + [[ -z ${sslout} ]] && config="config"
791 +
792 + # Fedora hobbled-EC needs 'no-ec2m'
793 + # 'srp' was restricted until early 2017 as well.
794 + # "disable-deprecated" option breaks too many consumers.
795 + # Don't set it without thorough revdeps testing.
796 + echoit \
797 + ./${config} \
798 + ${sslout} \
799 + $(use cpu_flags_x86_sse2 || echo "no-sse2") \
800 + enable-camellia \
801 + enable-ec \
802 + $(use_ssl !bindist ec2m) \
803 + enable-srp \
804 + $(use elibc_musl && echo "no-async") \
805 + ${ec_nistp_64_gcc_128} \
806 + enable-idea \
807 + enable-mdc2 \
808 + enable-rc5 \
809 + $(use_ssl sslv3 ssl3) \
810 + $(use_ssl sslv3 ssl3-method) \
811 + $(use_ssl asm) \
812 + $(use_ssl rfc3779) \
813 + $(use_ssl sctp) \
814 + $(use_ssl tls-heartbeat heartbeats) \
815 + $(use_ssl zlib) \
816 + --prefix="${EPREFIX%/}"/usr \
817 + --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
818 + --libdir=$(get_libdir) \
819 + shared threads \
820 + || die
821 +
822 + # Clean out hardcoded flags that openssl uses
823 + # Fix quoting for sed
824 + local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
825 + -e 's:^CFLAGS=::' \
826 + -e 's:-fomit-frame-pointer ::g' \
827 + -e 's:-O[0-9] ::g' \
828 + -e 's:-march=[-a-z0-9]* ::g' \
829 + -e 's:-mcpu=[-a-z0-9]* ::g' \
830 + -e 's:-m[a-z0-9]* ::g' \
831 + -e 's:\\:\\\\:g' \
832 + )
833 + sed -i \
834 + -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
835 + -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
836 + Makefile || die
837 +}
838 +
839 +multilib_src_compile() {
840 + # depend is needed to use $confopts; it also doesn't matter
841 + # that it's -j1 as the code itself serializes subdirs
842 + emake -j1 depend
843 + emake all
844 +}
845 +
846 +multilib_src_test() {
847 + emake -j1 test
848 +}
849 +
850 +multilib_src_install() {
851 + # We need to create $ED/usr on our own to avoid a race condition #665130
852 + if [[ ! -d "${ED%/}/usr" ]]; then
853 + # We can only create this directory once
854 + mkdir "${ED%/}"/usr || die
855 + fi
856 +
857 + emake DESTDIR="${D%/}" install
858 +}
859 +
860 +multilib_src_install_all() {
861 + # openssl installs perl version of c_rehash by default, but
862 + # we provide a shell version via app-misc/c_rehash
863 + rm "${ED%/}"/usr/bin/c_rehash || die
864 +
865 + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
866 +
867 + # This is crappy in that the static archives are still built even
868 + # when USE=static-libs. But this is due to a failing in the openssl
869 + # build system: the static archives are built as PIC all the time.
870 + # Only way around this would be to manually configure+compile openssl
871 + # twice; once with shared lib support enabled and once without.
872 + use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a
873 +
874 + # create the certs directory
875 + keepdir ${SSL_CNF_DIR}/certs
876 +
877 + # Namespace openssl programs to prevent conflicts with other man pages
878 + cd "${ED%/}"/usr/share/man || die
879 + local m d s
880 + for m in $(find . -type f | xargs grep -L '#include') ; do
881 + d=${m%/*} ; d=${d#./} ; m=${m##*/}
882 + [[ ${m} == openssl.1* ]] && continue
883 + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
884 + mv ${d}/{,ssl-}${m}
885 + # fix up references to renamed man pages
886 + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
887 + ln -s ssl-${m} ${d}/openssl-${m}
888 + # locate any symlinks that point to this man page ... we assume
889 + # that any broken links are due to the above renaming
890 + for s in $(find -L ${d} -type l) ; do
891 + s=${s##*/}
892 + rm -f ${d}/${s}
893 + # We don't want to "|| die" here
894 + ln -s ssl-${m} ${d}/ssl-${s}
895 + ln -s ssl-${s} ${d}/openssl-${s}
896 + done
897 + done
898 + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
899 +
900 + dodir /etc/sandbox.d #254521
901 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
902 +
903 + diropts -m0700
904 + keepdir ${SSL_CNF_DIR}/private
905 +}
906 +
907 +pkg_postinst() {
908 + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
909 + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
910 + eend $?
911 +}
Report Message
Find on MARC Find on Google Groups