1 |
commit: 4e35a9430566547f4abd646a92718325311ba5c3 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Aug 23 17:39:44 2019 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 23 18:10:19 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e35a943 |
7 |
|
8 |
dev-libs/openssl: synchronize v1.1.0x with v1.1.1x |
9 |
|
10 |
Backport commit 604d5b3e0de296fc6fa6f05007b196f9860974e6. |
11 |
|
12 |
Package-Manager: Portage-2.3.72, Repoman-2.3.17 |
13 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
14 |
|
15 |
dev-libs/openssl/Manifest | 4 +- |
16 |
dev-libs/openssl/openssl-1.1.0k-r1.ebuild | 78 +++++++++------------- |
17 |
...nssl-1.1.1c.ebuild => openssl-1.1.1c-r1.ebuild} | 7 +- |
18 |
3 files changed, 36 insertions(+), 53 deletions(-) |
19 |
|
20 |
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest |
21 |
index 321134adc24..5f6b9b90602 100644 |
22 |
--- a/dev-libs/openssl/Manifest |
23 |
+++ b/dev-libs/openssl/Manifest |
24 |
@@ -13,10 +13,8 @@ DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce4 |
25 |
DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457 |
26 |
DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b |
27 |
DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 |
28 |
+DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909 |
29 |
DIST openssl-1.1.0k.tar.gz 5287321 BLAKE2B fce40a399f5a08d5fe183dfcaab11b211d982885fb9888b25fa41bdd9919ecd203fca6f573363cfb42c9a0776ae69ea50b0f144227a3f28ca0dbadf878d396bc SHA512 65f41a240a97d79504c0e1391fde8ac8692f0993437cdc35e4bc964ecc36e5ef75a62499c4c6cb4ce63f892135e06dba2d3594c8869d935554296fa3c6ccd822 |
30 |
-DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457 |
31 |
-DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b |
32 |
-DIST openssl-1.1.0k_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 |
33 |
DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1 |
34 |
DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d |
35 |
DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415 |
36 |
|
37 |
diff --git a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild |
38 |
index f8ee7f73587..937d3b7ed11 100644 |
39 |
--- a/dev-libs/openssl/openssl-1.1.0k-r1.ebuild |
40 |
+++ b/dev-libs/openssl/openssl-1.1.0k-r1.ebuild |
41 |
@@ -6,14 +6,25 @@ EAPI="7" |
42 |
inherit flag-o-matic toolchain-funcs multilib multilib-minimal |
43 |
|
44 |
MY_P=${P/_/-} |
45 |
+ |
46 |
+# This patch set is based on the following files from Fedora 31, |
47 |
+# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec |
48 |
+# for more details: |
49 |
+# - hobble-openssl (SOURCE1) |
50 |
+# - ec_curve.c (SOURCE12) |
51 |
+# - ectest.c (SOURCE13) |
52 |
+# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED |
53 |
+BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz" |
54 |
+ |
55 |
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
56 |
HOMEPAGE="https://www.openssl.org/" |
57 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
58 |
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
59 |
+ bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" |
60 |
|
61 |
LICENSE="openssl" |
62 |
SLOT="0/1.1" # .so version of libssl/libcrypto |
63 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux" |
64 |
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" |
65 |
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" |
66 |
RESTRICT="!bindist? ( bindist )" |
67 |
|
68 |
RDEPEND=">=app-misc/c_rehash-1.7-r1 |
69 |
@@ -28,28 +39,6 @@ BDEPEND=" |
70 |
)" |
71 |
PDEPEND="app-misc/ca-certificates" |
72 |
|
73 |
-# This does not copy the entire Fedora patchset, but JUST the parts that |
74 |
-# are needed to make it safe to use EC with RESTRICT=bindist. |
75 |
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN |
76 |
-SOURCE1=hobble-openssl |
77 |
-SOURCE12=ec_curve.c |
78 |
-SOURCE13=ectest.c |
79 |
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC |
80 |
-PATCH37=openssl-1.1.0-ec-curves.patch |
81 |
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' |
82 |
-FEDORA_GIT_BRANCH='f28' |
83 |
-FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e" |
84 |
-FEDORA_SRC_URI=() |
85 |
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) |
86 |
-FEDORA_PATCH=( $PATCH1 $PATCH37 ) |
87 |
-for i in "${FEDORA_SOURCE[@]}" ; do |
88 |
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" ) |
89 |
-done |
90 |
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix |
91 |
- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" ) |
92 |
-done |
93 |
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" |
94 |
- |
95 |
PATCHES=( |
96 |
"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
97 |
"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
98 |
@@ -64,34 +53,29 @@ MULTILIB_WRAPPED_HEADERS=( |
99 |
|
100 |
src_prepare() { |
101 |
if use bindist; then |
102 |
- # we need to patch the patch but we cannot patch in DISTDIR... |
103 |
- mkdir "${WORKDIR}"/fedora_patches || die |
104 |
- for i in "${FEDORA_PATCH[@]}" ; do |
105 |
- cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die |
106 |
+ mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die |
107 |
+ bash "${WORKDIR}"/hobble-openssl || die |
108 |
+ |
109 |
+ cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die |
110 |
+ cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die |
111 |
+ |
112 |
+ eapply "${WORKDIR}"/bindist-patches/ec-curves.patch |
113 |
+ |
114 |
+ local known_failing_test |
115 |
+ for known_failing_test in \ |
116 |
+ 30-test_evp_extra.t \ |
117 |
+ 80-test_ssl_new.t \ |
118 |
+ ; do |
119 |
+ ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" |
120 |
+ rm test/recipes/${known_failing_test} || die |
121 |
+ eend $? |
122 |
done |
123 |
|
124 |
- # now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1 |
125 |
- sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \ |
126 |
- "${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \ |
127 |
- die |
128 |
- |
129 |
- # This just removes the prefix, and puts it into WORKDIR like the RPM. |
130 |
- for i in "${FEDORA_SOURCE[@]}" ; do |
131 |
- cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die |
132 |
- done |
133 |
- # .spec %prep |
134 |
- bash "${WORKDIR}"/"${SOURCE1}" || die |
135 |
- cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die |
136 |
- cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die |
137 |
- for i in "${FEDORA_PATCH[@]}" ; do |
138 |
- #eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" |
139 |
- eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch" |
140 |
- done |
141 |
# Also see the configure parts below: |
142 |
# enable-ec \ |
143 |
# $(use_ssl !bindist ec2m) \ |
144 |
- |
145 |
fi |
146 |
+ |
147 |
# keep this in sync with app-misc/c_rehash |
148 |
SSL_CNF_DIR="/etc/ssl" |
149 |
|
150 |
@@ -205,6 +189,8 @@ multilib_src_configure() { |
151 |
enable-idea \ |
152 |
enable-mdc2 \ |
153 |
enable-rc5 \ |
154 |
+ $(use_ssl sslv3 ssl3) \ |
155 |
+ $(use_ssl sslv3 ssl3-method) \ |
156 |
$(use_ssl asm) \ |
157 |
$(use_ssl rfc3779) \ |
158 |
$(use_ssl sctp) \ |
159 |
|
160 |
diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild |
161 |
similarity index 98% |
162 |
rename from dev-libs/openssl/openssl-1.1.1c.ebuild |
163 |
rename to dev-libs/openssl/openssl-1.1.1c-r1.ebuild |
164 |
index 1071017acce..683c5707566 100644 |
165 |
--- a/dev-libs/openssl/openssl-1.1.1c.ebuild |
166 |
+++ b/dev-libs/openssl/openssl-1.1.1c-r1.ebuild |
167 |
@@ -1,7 +1,7 @@ |
168 |
# Copyright 1999-2019 Gentoo Authors |
169 |
# Distributed under the terms of the GNU General Public License v2 |
170 |
|
171 |
-EAPI=7 |
172 |
+EAPI="7" |
173 |
|
174 |
inherit flag-o-matic toolchain-funcs multilib multilib-minimal |
175 |
|
176 |
@@ -18,7 +18,8 @@ BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz" |
177 |
|
178 |
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
179 |
HOMEPAGE="https://www.openssl.org/" |
180 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
181 |
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
182 |
+ bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" |
183 |
|
184 |
LICENSE="openssl" |
185 |
SLOT="0/1.1" # .so version of libssl/libcrypto |
186 |
@@ -43,8 +44,6 @@ PATCHES=( |
187 |
"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
188 |
) |
189 |
|
190 |
-SRC_URI+=" bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" |
191 |
- |
192 |
S="${WORKDIR}/${MY_P}" |
193 |
|
194 |
MULTILIB_WRAPPED_HEADERS=( |