[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/
Date:	Mon, 07 Jan 2019 18:44:59
Message-Id:	`1546886675.604a6136f50362e5bcfabf4187ea945e2fdb43f3.whissi@gentoo`

1

commit:     604a6136f50362e5bcfabf4187ea945e2fdb43f3

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Mon Jan  7 18:44:35 2019 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Mon Jan  7 18:44:35 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604a6136

7

8

dev-libs/openssl: security cleanup

9

10

Bug: https://bugs.gentoo.org/673056

11

Package-Manager: Portage-2.3.54, Repoman-2.3.12

12

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

13

14

 dev-libs/openssl/Manifest                 |   5 -

15

 dev-libs/openssl/openssl-1.0.2p-r1.ebuild | 306 ------------------------------

16

 2 files changed, 311 deletions(-)

17

18

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest

19

index be0de8591d7..5a5713736d4 100644

20

--- a/dev-libs/openssl/Manifest

21

+++ b/dev-libs/openssl/Manifest

22

@@ -1,10 +1,5 @@

23

 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6

24

 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659

25

-DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3

26

-DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16

27

-DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15

28

-DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

29

-DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e

30

 DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89eccc58743d7690491fc22cc54a9783311699b008aeb4a0d37cd3172154e67623c8ada6fc8dde57e80a5cd3c5fc1 SHA512 403e6cad42db3ba860c3fa4fa81c1b7b02f0b873259e5c19a7fc8e42de0854602555f1b1ca74f4e3a7737a4cbd3aac063061e628ec86534586500819fae7fec0

31

 DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15

32

 DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

33

34

diff --git a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild

35

deleted file mode 100644

36

index d691659c26a..00000000000

37

--- a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild

38

+++ /dev/null

39

@@ -1,306 +0,0 @@

40

-# Copyright 1999-2018 Gentoo Authors

41

-# Distributed under the terms of the GNU General Public License v2

42

-

43

-EAPI="6"

44

-

45

-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal

46

-

47

-PATCH_SET="openssl-1.0.2-patches-1.6"

48

-MY_P=${P/_/-}

49

-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"

50

-HOMEPAGE="https://www.openssl.org/"

51

-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz

52

-	!vanilla? (

53

-		mirror://gentoo/${PATCH_SET}.tar.xz

54

-		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz

55

-		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz

56

-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz

57

-	)"

58

-

59

-LICENSE="openssl"

60

-SLOT="0"

61

-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"

62

-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"

63

-RESTRICT="!bindist? ( bindist )"

64

-

65

-RDEPEND=">=app-misc/c_rehash-1.7-r1

66

-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

67

-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

68

-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"

69

-DEPEND="${RDEPEND}

70

-	>=dev-lang/perl-5

71

-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

72

-	test? (

73

-		sys-apps/diffutils

74

-		sys-devel/bc

75

-	)"

76

-PDEPEND="app-misc/ca-certificates"

77

-

78

-# This does not copy the entire Fedora patchset, but JUST the parts that

79

-# are needed to make it safe to use EC with RESTRICT=bindist.

80

-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN

81

-SOURCE1=hobble-openssl

82

-SOURCE12=ec_curve.c

83

-SOURCE13=ectest.c

84

-# These are ported instead

85

-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC

86

-#PATCH37=openssl-1.1.0-ec-curves.patch

87

-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'

88

-FEDORA_GIT_BRANCH='f25'

89

-FEDORA_SRC_URI=()

90

-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )

91

-FEDORA_PATCH=( $PATCH1 $PATCH37 )

92

-for i in "${FEDORA_SOURCE[@]}" ; do

93

-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )

94

-done

95

-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix

96

-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )

97

-done

98

-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"

99

-

100

-S="${WORKDIR}/${MY_P}"

101

-

102

-MULTILIB_WRAPPED_HEADERS=(

103

-	usr/include/openssl/opensslconf.h

104

-)

105

-

106

-src_prepare() {

107

-	if use bindist; then

108

-		# This just removes the prefix, and puts it into WORKDIR like the RPM.

109

-		for i in "${FEDORA_SOURCE[@]}" ; do

110

-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die

111

-		done

112

-		# .spec %prep

113

-		bash "${WORKDIR}"/"${SOURCE1}" || die

114

-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die

115

-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1

116

-		for i in "${FEDORA_PATCH[@]}" ; do

117

-			eapply "${DISTDIR}"/"${i}"

118

-		done

119

-		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch

120

-		# Also see the configure parts below:

121

-		# enable-ec \

122

-		# $(use_ssl !bindist ec2m) \

123

-		# $(use_ssl !bindist srp) \

124

-	fi

125

-

126

-	# keep this in sync with app-misc/c_rehash

127

-	SSL_CNF_DIR="/etc/ssl"

128

-

129

-	# Make sure we only ever touch Makefile.org and avoid patching a file

130

-	# that gets blown away anyways by the Configure script in src_configure

131

-	rm -f Makefile

132

-

133

-	if ! use vanilla ; then

134

-		eapply "${WORKDIR}"/patch/*.patch

135

-	fi

136

-

137

-	eapply_user

138

-

139

-	# disable fips in the build

140

-	# make sure the man pages are suffixed #302165

141

-	# don't bother building man pages if they're disabled

142

-	sed -i \

143

-		-e '/DIRS/s: fips : :g' \

144

-		-e '/^MANSUFFIX/s:=.*:=ssl:' \

145

-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

146

-		-e $(has noman FEATURES \

147

-			&& echo '/^install:/s:install_docs::' \

148

-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \

149

-		Makefile.org \

150

-		|| die

151

-	# show the actual commands in the log

152

-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared

153

-

154

-	# since we're forcing $(CC) as makedep anyway, just fix

155

-	# the conditional as always-on

156

-	# helps clang (#417795), and versioned gcc (#499818)

157

-	# this breaks build with 1.0.2p, not sure if it is needed anymore

158

-	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die

159

-

160

-	# quiet out unknown driver argument warnings since openssl

161

-	# doesn't have well-split CFLAGS and we're making it even worse

162

-	# and 'make depend' uses -Werror for added fun (#417795 again)

163

-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

164

-

165

-	# allow openssl to be cross-compiled

166

-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

167

-	chmod a+rx gentoo.config || die

168

-

169

-	append-flags -fno-strict-aliasing

170

-	append-flags $(test-flags-CC -Wa,--noexecstack)

171

-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

172

-

173

-	sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906

174

-	# The config script does stupid stuff to prompt the user.  Kill it.

175

-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

176

-	./config --test-sanity || die "I AM NOT SANE"

177

-

178

-	multilib_copy_sources

179

-}

180

-

181

-multilib_src_configure() {

182

-	unset APPS #197996

183

-	unset SCRIPTS #312551

184

-	unset CROSS_COMPILE #311473

185

-

186

-	tc-export CC AR RANLIB RC

187

-

188

-	# Clean out patent-or-otherwise-encumbered code

189

-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)

190

-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

191

-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

192

-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2

193

-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5

194

-

195

-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

196

-	echoit() { echo "$@" ; "$@" ; }

197

-

198

-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

199

-

200

-	# See if our toolchain supports __uint128_t.  If so, it's 64bit

201

-	# friendly and can use the nicely optimized code paths. #460790

202

-	local ec_nistp_64_gcc_128

203

-	# Disable it for now though #469976

204

-	#if ! use bindist ; then

205

-	#	echo "__uint128_t i;" > "${T}"/128.c

206

-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then

207

-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

208

-	#	fi

209

-	#fi

210

-

211

-	# https://github.com/openssl/openssl/issues/2286

212

-	if use ia64 ; then

213

-		replace-flags -g3 -g2

214

-		replace-flags -ggdb3 -ggdb2

215

-	fi

216

-

217

-	local sslout=$(./gentoo.config)

218

-	einfo "Use configuration ${sslout:-(openssl knows best)}"

219

-	local config="Configure"

220

-	[[ -z ${sslout} ]] && config="config"

221

-

222

-	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'

223

-	echoit \

224

-	./${config} \

225

-		${sslout} \

226

-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

227

-		enable-camellia \

228

-		enable-ec \

229

-		$(use_ssl !bindist ec2m) \

230

-		$(use_ssl !bindist srp) \

231

-		${ec_nistp_64_gcc_128} \

232

-		enable-idea \

233

-		enable-mdc2 \

234

-		enable-rc5 \

235

-		enable-tlsext \

236

-		$(use_ssl asm) \

237

-		$(use_ssl gmp gmp -lgmp) \

238

-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

239

-		$(use_ssl rfc3779) \

240

-		$(use_ssl sctp) \

241

-		$(use_ssl sslv2 ssl2) \

242

-		$(use_ssl sslv3 ssl3) \

243

-		$(use_ssl tls-heartbeat heartbeats) \

244

-		$(use_ssl zlib) \

245

-		--prefix="${EPREFIX%/}"/usr \

246

-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \

247

-		--libdir=$(get_libdir) \

248

-		shared threads \

249

-		|| die

250

-

251

-	# Clean out hardcoded flags that openssl uses

252

-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

253

-		-e 's:^CFLAG=::' \

254

-		-e 's:-fomit-frame-pointer ::g' \

255

-		-e 's:-O[0-9] ::g' \

256

-		-e 's:-march=[-a-z0-9]* ::g' \

257

-		-e 's:-mcpu=[-a-z0-9]* ::g' \

258

-		-e 's:-m[a-z0-9]* ::g' \

259

-	)

260

-	sed -i \

261

-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \

262

-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \

263

-		Makefile || die

264

-}

265

-

266

-multilib_src_compile() {

267

-	# depend is needed to use $confopts; it also doesn't matter

268

-	# that it's -j1 as the code itself serializes subdirs

269

-	emake -j1 V=1 depend

270

-	emake all

271

-	# rehash is needed to prep the certs/ dir; do this

272

-	# separately to avoid parallel build issues.

273

-	emake rehash

274

-}

275

-

276

-multilib_src_test() {

277

-	emake -j1 test

278

-}

279

-

280

-multilib_src_install() {

281

-	# We need to create $ED/usr on our own to avoid a race condition #665130

282

-	if [[ ! -d "${ED%/}/usr" ]]; then

283

-		# We can only create this directory once

284

-		mkdir "${ED%/}"/usr || die

285

-	fi

286

-

287

-	emake INSTALL_PREFIX="${D%/}" install

288

-}

289

-

290

-multilib_src_install_all() {

291

-	# openssl installs perl version of c_rehash by default, but

292

-	# we provide a shell version via app-misc/c_rehash

293

-	rm "${ED%/}"/usr/bin/c_rehash || die

294

-

295

-	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )

296

-	einstalldocs

297

-

298

-	use rfc3779 && dodoc engines/ccgost/README.gost

299

-

300

-	# This is crappy in that the static archives are still built even

301

-	# when USE=static-libs.  But this is due to a failing in the openssl

302

-	# build system: the static archives are built as PIC all the time.

303

-	# Only way around this would be to manually configure+compile openssl

304

-	# twice; once with shared lib support enabled and once without.

305

-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a

306

-

307

-	# create the certs directory

308

-	dodir ${SSL_CNF_DIR}/certs

309

-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die

310

-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}

311

-

312

-	# Namespace openssl programs to prevent conflicts with other man pages

313

-	cd "${ED}"/usr/share/man

314

-	local m d s

315

-	for m in $(find . -type f | xargs grep -L '#include') ; do

316

-		d=${m%/*} ; d=${d#./} ; m=${m##*/}

317

-		[[ ${m} == openssl.1* ]] && continue

318

-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"

319

-		mv ${d}/{,ssl-}${m}

320

-		# fix up references to renamed man pages

321

-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}

322

-		ln -s ssl-${m} ${d}/openssl-${m}

323

-		# locate any symlinks that point to this man page ... we assume

324

-		# that any broken links are due to the above renaming

325

-		for s in $(find -L ${d} -type l) ; do

326

-			s=${s##*/}

327

-			rm -f ${d}/${s}

328

-			ln -s ssl-${m} ${d}/ssl-${s}

329

-			ln -s ssl-${s} ${d}/openssl-${s}

330

-		done

331

-	done

332

-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("

333

-

334

-	dodir /etc/sandbox.d #254521

335

-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

336

-

337

-	diropts -m0700

338

-	keepdir ${SSL_CNF_DIR}/private

339

-}

340

-

341

-pkg_postinst() {

342

-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"

343

-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null

344

-	eend $?

345

-}

1	commit: 604a6136f50362e5bcfabf4187ea945e2fdb43f3
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Mon Jan 7 18:44:35 2019 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Mon Jan 7 18:44:35 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=604a6136
7
8	dev-libs/openssl: security cleanup
9
10	Bug: https://bugs.gentoo.org/673056
11	Package-Manager: Portage-2.3.54, Repoman-2.3.12
12	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14	dev-libs/openssl/Manifest \| 5 -
15	dev-libs/openssl/openssl-1.0.2p-r1.ebuild \| 306 ------------------------------
16	2 files changed, 311 deletions(-)
17
18	diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
19	index be0de8591d7..5a5713736d4 100644
20	--- a/dev-libs/openssl/Manifest
21	+++ b/dev-libs/openssl/Manifest
22	@@ -1,10 +1,5 @@
23	DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
24	DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
25	-DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
26	-DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
27	-DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
28	-DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
29	-DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
30	DIST openssl-1.0.2q.tar.gz 5345604 BLAKE2B c03dd92de1cc8941a7f3e4d9f2fe6f8e4ea89eccc58743d7690491fc22cc54a9783311699b008aeb4a0d37cd3172154e67623c8ada6fc8dde57e80a5cd3c5fc1 SHA512 403e6cad42db3ba860c3fa4fa81c1b7b02f0b873259e5c19a7fc8e42de0854602555f1b1ca74f4e3a7737a4cbd3aac063061e628ec86534586500819fae7fec0
31	DIST openssl-1.0.2q_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
32	DIST openssl-1.0.2q_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
33
34	diff --git a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
35	deleted file mode 100644
36	index d691659c26a..00000000000
37	--- a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
38	+++ /dev/null
39	@@ -1,306 +0,0 @@
40	-# Copyright 1999-2018 Gentoo Authors
41	-# Distributed under the terms of the GNU General Public License v2
42	-
43	-EAPI="6"
44	-
45	-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
46	-
47	-PATCH_SET="openssl-1.0.2-patches-1.6"
48	-MY_P=${P/_/-}
49	-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
50	-HOMEPAGE="https://www.openssl.org/"
51	-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
52	- !vanilla? (
53	- mirror://gentoo/${PATCH_SET}.tar.xz
54	- https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
55	- https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
56	- https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
57	- )"
58	-
59	-LICENSE="openssl"
60	-SLOT="0"
61	-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
62	-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
63	-RESTRICT="!bindist? ( bindist )"
64	-
65	-RDEPEND=">=app-misc/c_rehash-1.7-r1
66	- gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
67	- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
68	- kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
69	-DEPEND="${RDEPEND}
70	- >=dev-lang/perl-5
71	- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
72	- test? (
73	- sys-apps/diffutils
74	- sys-devel/bc
75	- )"
76	-PDEPEND="app-misc/ca-certificates"
77	-
78	-# This does not copy the entire Fedora patchset, but JUST the parts that
79	-# are needed to make it safe to use EC with RESTRICT=bindist.
80	-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
81	-SOURCE1=hobble-openssl
82	-SOURCE12=ec_curve.c
83	-SOURCE13=ectest.c
84	-# These are ported instead
85	-#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
86	-#PATCH37=openssl-1.1.0-ec-curves.patch
87	-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
88	-FEDORA_GIT_BRANCH='f25'
89	-FEDORA_SRC_URI=()
90	-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
91	-FEDORA_PATCH=( $PATCH1 $PATCH37 )
92	-for i in "${FEDORA_SOURCE[@]}" ; do
93	- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
94	-done
95	-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
96	- FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
97	-done
98	-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
99	-
100	-S="${WORKDIR}/${MY_P}"
101	-
102	-MULTILIB_WRAPPED_HEADERS=(
103	- usr/include/openssl/opensslconf.h
104	-)
105	-
106	-src_prepare() {
107	- if use bindist; then
108	- # This just removes the prefix, and puts it into WORKDIR like the RPM.
109	- for i in "${FEDORA_SOURCE[@]}" ; do
110	- cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" \|\| die
111	- done
112	- # .spec %prep
113	- bash "${WORKDIR}"/"${SOURCE1}" \|\| die
114	- cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ \|\| die
115	- cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ \|\| die # Moves to test/ in OpenSSL-1.1
116	- for i in "${FEDORA_PATCH[@]}" ; do
117	- eapply "${DISTDIR}"/"${i}"
118	- done
119	- eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
120	- # Also see the configure parts below:
121	- # enable-ec \
122	- # $(use_ssl !bindist ec2m) \
123	- # $(use_ssl !bindist srp) \
124	- fi
125	-
126	- # keep this in sync with app-misc/c_rehash
127	- SSL_CNF_DIR="/etc/ssl"
128	-
129	- # Make sure we only ever touch Makefile.org and avoid patching a file
130	- # that gets blown away anyways by the Configure script in src_configure
131	- rm -f Makefile
132	-
133	- if ! use vanilla ; then
134	- eapply "${WORKDIR}"/patch/*.patch
135	- fi
136	-
137	- eapply_user
138	-
139	- # disable fips in the build
140	- # make sure the man pages are suffixed #302165
141	- # don't bother building man pages if they're disabled
142	- sed -i \
143	- -e '/DIRS/s: fips : :g' \
144	- -e '/^MANSUFFIX/s:=.*:=ssl:' \
145	- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
146	- -e $(has noman FEATURES \
147	- && echo '/^install:/s:install_docs::' \
148	- \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
149	- Makefile.org \
150	- \|\| die
151	- # show the actual commands in the log
152	- sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
153	-
154	- # since we're forcing $(CC) as makedep anyway, just fix
155	- # the conditional as always-on
156	- # helps clang (#417795), and versioned gcc (#499818)
157	- # this breaks build with 1.0.2p, not sure if it is needed anymore
158	- #sed -i 's/expr.MAKEDEPEND.;/true;/' util/domd \|\| die
159	-
160	- # quiet out unknown driver argument warnings since openssl
161	- # doesn't have well-split CFLAGS and we're making it even worse
162	- # and 'make depend' uses -Werror for added fun (#417795 again)
163	- [[ ${CC} == clang ]] && append-flags -Qunused-arguments
164	-
165	- # allow openssl to be cross-compiled
166	- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config \|\| die
167	- chmod a+rx gentoo.config \|\| die
168	-
169	- append-flags -fno-strict-aliasing
170	- append-flags $(test-flags-CC -Wa,--noexecstack)
171	- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
172	-
173	- sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
174	- # The config script does stupid stuff to prompt the user. Kill it.
175	- sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
176	- ./config --test-sanity \|\| die "I AM NOT SANE"
177	-
178	- multilib_copy_sources
179	-}
180	-
181	-multilib_src_configure() {
182	- unset APPS #197996
183	- unset SCRIPTS #312551
184	- unset CROSS_COMPILE #311473
185	-
186	- tc-export CC AR RANLIB RC
187	-
188	- # Clean out patent-or-otherwise-encumbered code
189	- # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
190	- # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
191	- # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
192	- # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
193	- # RC5: Expired https://en.wikipedia.org/wiki/RC5
194	-
195	- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
196	- echoit() { echo "$@" ; "$@" ; }
197	-
198	- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
199	-
200	- # See if our toolchain supports __uint128_t. If so, it's 64bit
201	- # friendly and can use the nicely optimized code paths. #460790
202	- local ec_nistp_64_gcc_128
203	- # Disable it for now though #469976
204	- #if ! use bindist ; then
205	- # echo "__uint128_t i;" > "${T}"/128.c
206	- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
207	- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
208	- # fi
209	- #fi
210	-
211	- # https://github.com/openssl/openssl/issues/2286
212	- if use ia64 ; then
213	- replace-flags -g3 -g2
214	- replace-flags -ggdb3 -ggdb2
215	- fi
216	-
217	- local sslout=$(./gentoo.config)
218	- einfo "Use configuration ${sslout:-(openssl knows best)}"
219	- local config="Configure"
220	- [[ -z ${sslout} ]] && config="config"
221	-
222	- # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
223	- echoit \
224	- ./${config} \
225	- ${sslout} \
226	- $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
227	- enable-camellia \
228	- enable-ec \
229	- $(use_ssl !bindist ec2m) \
230	- $(use_ssl !bindist srp) \
231	- ${ec_nistp_64_gcc_128} \
232	- enable-idea \
233	- enable-mdc2 \
234	- enable-rc5 \
235	- enable-tlsext \
236	- $(use_ssl asm) \
237	- $(use_ssl gmp gmp -lgmp) \
238	- $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
239	- $(use_ssl rfc3779) \
240	- $(use_ssl sctp) \
241	- $(use_ssl sslv2 ssl2) \
242	- $(use_ssl sslv3 ssl3) \
243	- $(use_ssl tls-heartbeat heartbeats) \
244	- $(use_ssl zlib) \
245	- --prefix="${EPREFIX%/}"/usr \
246	- --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
247	- --libdir=$(get_libdir) \
248	- shared threads \
249	- \|\| die
250	-
251	- # Clean out hardcoded flags that openssl uses
252	- local CFLAG=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
253	- -e 's:^CFLAG=::' \
254	- -e 's:-fomit-frame-pointer ::g' \
255	- -e 's:-O[0-9] ::g' \
256	- -e 's:-march=[-a-z0-9]* ::g' \
257	- -e 's:-mcpu=[-a-z0-9]* ::g' \
258	- -e 's:-m[a-z0-9]* ::g' \
259	- )
260	- sed -i \
261	- -e "/^CFLAG/s\|=.*\|=${CFLAG} ${CFLAGS}\|" \
262	- -e "/^SHARED_LDFLAGS=/s\|$\| ${LDFLAGS}\|" \
263	- Makefile \|\| die
264	-}
265	-
266	-multilib_src_compile() {
267	- # depend is needed to use $confopts; it also doesn't matter
268	- # that it's -j1 as the code itself serializes subdirs
269	- emake -j1 V=1 depend
270	- emake all
271	- # rehash is needed to prep the certs/ dir; do this
272	- # separately to avoid parallel build issues.
273	- emake rehash
274	-}
275	-
276	-multilib_src_test() {
277	- emake -j1 test
278	-}
279	-
280	-multilib_src_install() {
281	- # We need to create $ED/usr on our own to avoid a race condition #665130
282	- if [[ ! -d "${ED%/}/usr" ]]; then
283	- # We can only create this directory once
284	- mkdir "${ED%/}"/usr \|\| die
285	- fi
286	-
287	- emake INSTALL_PREFIX="${D%/}" install
288	-}
289	-
290	-multilib_src_install_all() {
291	- # openssl installs perl version of c_rehash by default, but
292	- # we provide a shell version via app-misc/c_rehash
293	- rm "${ED%/}"/usr/bin/c_rehash \|\| die
294	-
295	- local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
296	- einstalldocs
297	-
298	- use rfc3779 && dodoc engines/ccgost/README.gost
299	-
300	- # This is crappy in that the static archives are still built even
301	- # when USE=static-libs. But this is due to a failing in the openssl
302	- # build system: the static archives are built as PIC all the time.
303	- # Only way around this would be to manually configure+compile openssl
304	- # twice; once with shared lib support enabled and once without.
305	- use static-libs \|\| rm -f "${ED}"/usr/lib/lib.a
306	-
307	- # create the certs directory
308	- dodir ${SSL_CNF_DIR}/certs
309	- cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ \|\| die
310	- rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
311	-
312	- # Namespace openssl programs to prevent conflicts with other man pages
313	- cd "${ED}"/usr/share/man
314	- local m d s
315	- for m in $(find . -type f \| xargs grep -L '#include') ; do
316	- d=${m%/} ; d=${d#./} ; m=${m##/}
317	- [[ ${m} == openssl.1* ]] && continue
318	- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
319	- mv ${d}/{,ssl-}${m}
320	- # fix up references to renamed man pages
321	- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
322	- ln -s ssl-${m} ${d}/openssl-${m}
323	- # locate any symlinks that point to this man page ... we assume
324	- # that any broken links are due to the above renaming
325	- for s in $(find -L ${d} -type l) ; do
326	- s=${s##*/}
327	- rm -f ${d}/${s}
328	- ln -s ssl-${m} ${d}/ssl-${s}
329	- ln -s ssl-${s} ${d}/openssl-${s}
330	- done
331	- done
332	- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
333	-
334	- dodir /etc/sandbox.d #254521
335	- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
336	-
337	- diropts -m0700
338	- keepdir ${SSL_CNF_DIR}/private
339	-}
340	-
341	-pkg_postinst() {
342	- ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
343	- c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
344	- eend $?
345	-}

Gentoo Archives: gentoo-commits