diff options
Diffstat (limited to 'dev-libs/openssl')
19 files changed, 0 insertions, 2303 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest deleted file mode 100644 index c1a6e7a4e4b4..000000000000 --- a/dev-libs/openssl/Manifest +++ /dev/null @@ -1,31 +0,0 @@ -AUX gentoo.config-0.9.8 4128 BLAKE2B 7c32fe655fb99cc0e3776f8ddbc06ac17b8680bcaef0c0302210270409b49401036ffb020272ce16ca4707c3856f4bd8d628ba78e2c8dca628a7591ed8711fb0 SHA512 eb2dcfcd5033bf94a94f60a07096037d8c2c938a8ea4c5cfd6d03903e878938729729262f99428c65e844f4148f3e5a18da984cabee8fa84f19e23351388f471 -AUX gentoo.config-1.0.2 5158 BLAKE2B bc8b8c0558f84bcbd7c55e4b974458041aa5f31f82cd740f1c4c56729ecb63d940ac6e23390b83eb1e7ed36dbed5663801415830f306bdbf56f081aec63fb48c SHA512 d39cb5824556f2c064ad148ef40b175bd124c6e58a6e59f9da6167645f98e2a5755b4c01b41a37f30c172d3a3c5d9753d1f7835d7380a429bbc0dc1989125472 -AUX openssl-0.9.8e-bsd-sparc64.patch 1484 BLAKE2B 6cfba6ee4fa849e6d7799fbe749abf3763f22df3d5698b9120e89f0a74912462e7b14e457040071c2b46432210e9827ccc4e399eda54a5375b0f045d7e0b67ef SHA512 dbbfae5ce19a4247a6b1ca4a45ca6c15904e13e6bf603447cb5d9820292ceb411792e29db0001c5869e3c4cb0a8afe7fb64d35f007052efc68098301c2e81def -AUX openssl-0.9.8h-ldflags.patch 1151 BLAKE2B b215e46c380e571f153445f902803cf5d03d44f6f8b95a677c08bdf542e6d199c58f1f4699eb7dbd9de8bdc02b697a7971a9a06157d96c3dbd4295090a778723 SHA512 7f98c5ad310710aeceefd6fac440682bf2baaf41ce17de535add54af88c45fa0689e6e6c26bafb4fe2290fd3b6d80c51d85ffda1e276a73a3d66a319585aab11 -AUX openssl-0.9.8m-binutils.patch 684 BLAKE2B 35650e98595910d2e6b6fc846b49fecbb2a8e4a8b647bbec009a829ae4af8afdc7e7edac7a1eec8f13af1ad69b7036ca6af28bfd9509e6bba58f2b3906d6bdd5 SHA512 5e8a20111bd4809e7375c7323dab2c2edd6a131d1ec2377ee99c5e06ceb7b4b000e9606ba6d0e68cd67d8e001cc8194e11e301eace0feb066d5f3c5b331b5f04 -AUX openssl-0.9.8z_p8-perl-5.26.patch 310 BLAKE2B 29c46391d127cd2b1cb3943f1bb162a8b931e455f35f9e045372102d1461e3e3fd4cf4e4f544ec06a0b46a573d2009c8decf22678df03707c2487bade64f27b5 SHA512 b8e745ff90e447b000ace9cfd5f746c1bc8f3bb8249064d1d2f1072a1a628f5a89c405c7f384c73f0310f2a2f7af672950a9b7adbc583b1ee94b41d911b8a708 -AUX openssl-1.0.2a-x32-asm.patch 1561 BLAKE2B ee5e5b91e4babacff71edf36cce80fbcb2b8dbb9a7ea63a816d3a5de544fbffd8b4216d7a95bd44e718c7a83dd8b8b5ad85caed4205eab5de566b0b7e5054fc1 SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c -AUX openssl-1.0.2o-CVE-2018-0732.patch 1194 BLAKE2B bd06c5b1289f7a3dca52bbfab7ae17c9d103b07ffd2649c5b5a8cc60163aa3056e4bd86108548dfcd3690d2ef94c3e0d3a911694199b5a3822215dd01c7467d6 SHA512 ff91298629f157496a012da00ba7325923f5d087bfa54b60e205bf2dfb06374e958912e0df39dbdf39773555455c1a3afa3dcde1ddfec6e85cf89b0b62cc0eb4 -AUX openssl-1.0.2o-hobble-ecc.patch 11987 BLAKE2B 28c1217e500a9d6578dac3ee8aeb08f6e3b1d2c6749336ef05e4142828c7c4b176ec16707dcbbf97e1e2e91d51f85f2a02c076cfcc8bcef1aa9d3fd5ba50eb6a SHA512 817a5a1cbab171d9e6d3fce9c612985d2ce3f9f0b3781b3681ef42da1ac6389d8a8a11e6d696eb7f051d3bfc2d045f1999cc4076d1257b10e9fb65620aee3ee2 -AUX openssl-1.1.0h-CVE-2018-0732.patch 1192 BLAKE2B 4a13508674020519756b3d33530673527f31a66a731bb79a6081692901a7d0bf7e6e9345d7a9613407a485f4b7961de26e3c87c1cd76756449821ae4b890e472 SHA512 27d55677ff3d60cf7ae0b8f1a5fb8ab529fc9d3e7072eb4cfabd2b50aefcf9cb88291262eccf68efc44a432ba25424b25dec40dc03bb85b7c6c3003260cd5012 -AUX openssl-1.1.0h-CVE-2018-0737.patch 996 BLAKE2B 4b4d6e619a508f36f4fdc00c0066d1160ff7f6cd301cd799405d37b3236ebb69b11a4ccf9baa9ea3a69f21c6fe8550b440c1a3503ec27a5a9c5d1e4d472e2b57 SHA512 833712f0ae355aed6547ccf49447d50bdb7be1ea3c3b3b51f182f6e0eb17692c78ca90341a151985b35b86800cf6229926f3e3af936741d437ab9ac5444987c0 -DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 -DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d -DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd -DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 -DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 -DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e -DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0 -DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2 -DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39 -DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879 -DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae -DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 -DIST openssl-1.1.1-pre8.tar.gz 8334954 BLAKE2B 97cd018908925abd5a4eb660b3488b23efb582dd49dd87504e5522b2e9c5c6500417ef4893590a60ce35cfa316de51bfbf3e448e9cb2a5858ecd8ae72722922d SHA512 33b20f8589e0ba67500993635e1ba7f7f7ce2b6fa1eb8d4d7c44711ff047045dde57ad7e0605377c2b030fc954a3fb9b1f1d68feac2080991ef2b1b72a761041 -EBUILD openssl-0.9.8z_p8-r1.ebuild 4937 BLAKE2B 4d8c960161f15f38dbcef1ba1529906d81ad1b8574c90b7e09f3b2a8f2fcfdda1d69d9c4259a7f616246fe34b5794ea08f5ef8f5cb1ecb4117784062587a1fa7 SHA512 2693d1d1cf167e0e0031d5b7b3ac2f850290ea2fa8513c8fe2f5b8c52fd5efd4296b574533165e24ddd315e271dad6e7f5b00afdf8d036864e27af62fae30e43 -EBUILD openssl-0.9.8z_p8.ebuild 4860 BLAKE2B 8c78442920df3443d9601c3e9246caa838e0acbe9541b5c250a6a96253b2d28fca65878cf9cddaae62f6fab6fd6d264997b168888cfcd1e53ea90b34a804e3e2 SHA512 60bcce7807ee7d0a68df11cdb2ab76560ef23b6e3df43a506263fcbdf54d0571dcfe0d16188159d13a268425b16798eb28c3c1ed985123ae095c8ea146c1e4d6 -EBUILD openssl-1.0.2o-r3.ebuild 8092 BLAKE2B 66f9d07e6757aeffde65bd525f3a6bd66c0da6b6f503778de37a8172cb37656baf0c5a501699d426b18d63d0dac5bb1e7df9ea9f7d30dc19021c15985e8f2114 SHA512 f6aa3f6a4b89aa947d78ea28b8de2c9d3efd3eae2dac98de742784542d71700b5fb68b79392523d41a06dc9784522206637ee525e9fd1635f3907af172dab7a8 -EBUILD openssl-1.0.2o-r6.ebuild 9818 BLAKE2B 193ff450b056ceb4a496d79bd8afa1f2313918eb703de5e8c79375180ff385751f2bdd777a35d1e9d793ce3054703e785f73dc5941b0a05a4a18254d364a0593 SHA512 a15e7bf3d03c6c5fd8d9eda699d82a15ee693417844a328a0eff0ffc80593d783f589a253796dcd416496bb454938706157e85574eea7461e03c173ebef12040 -EBUILD openssl-1.1.0h-r2.ebuild 9198 BLAKE2B a65f3b3bc4104901ca271003f3363596279077273c0b2cbfd5eb54fb315db0974269673abedef3de103b2d85d436ab167cb973ae4d546ae2a4ebf4ae5f60599a SHA512 82ab0bab945bbb723c5329376c629e9dab88dc8f81d74e201f428bc5fc519d677ea21807c2d32d3517657a80db24e71170a4bed4ef4cfb25009a4d32ea9b15a3 -EBUILD openssl-1.1.1_pre8.ebuild 7652 BLAKE2B 8eff1ae544126b8a1ebda7f5d13ce8d18ae8a5ecd8b58caf8bea6733c8a6e879ab509a60e8d13871f27ea38a6a5e326d23b6a06c7d02499f04b5a1cc87bfd88e SHA512 14e1db47322d86f44c15d07036f2f7a56b0156b6298728a33b72a5a89dbb772d8ef7683900195eda17a29b64ea19d181729a04c912ff3c7fc05f7837b08ef201 -MISC metadata.xml 1273 BLAKE2B 8eb61c2bfd56f428fa4c262972c0b140662a68c95fdf5e3101624b307985f83dc6d757fc13565e467c99188de93d90ec2db6de3719e22495da67155cbaa91aa9 SHA512 3ffb56f8bc35d71c2c67b4cb97d350825260f9d78c97f4ba9462c2b08b8ef65d7f684139e99bb2f7f32698d3cb62404567b36ce849e7dc4e7f7c5b6367c723a7 diff --git a/dev-libs/openssl/files/gentoo.config-0.9.8 b/dev-libs/openssl/files/gentoo.config-0.9.8 deleted file mode 100644 index 02698250c19d..000000000000 --- a/dev-libs/openssl/files/gentoo.config-0.9.8 +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/bin/env bash -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# -# Openssl doesn't play along nicely with cross-compiling -# like autotools based projects, so let's teach it new tricks. -# -# Review the bundled 'config' script to see why kind of targets -# we can pass to the 'Configure' script. - - -# Testing routines -if [[ $1 == "test" ]] ; then - for c in \ - "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ - "armv5b-linux-gnu |linux-generic32 -DB_ENDIAN" \ - "x86_64-pc-linux-gnu |linux-x86_64" \ - "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ - "i686-pc-linux-gnu |linux-elf" \ - "whatever-gentoo-freebsdX.Y |BSD-generic32" \ - "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ - "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ - "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ - "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ - "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ - "powerpc-gentOO-linux-uclibc |linux-ppc" \ - "powerpc64-unk-linux-gnu |linux-ppc64" \ - "x86_64-apple-darwinX |darwin64-x86_64-cc" \ - "powerpc64-apple-darwinX |darwin64-ppc-cc" \ - "i686-apple-darwinX |darwin-i386-cc" \ - "i386-apple-darwinX |darwin-i386-cc" \ - "powerpc-apple-darwinX |darwin-ppc-cc" \ - "i586-pc-winnt |winnt-parity" \ - ;do - CHOST=${c/|*} - ret_want=${c/*|} - ret_got=$(CHOST=${CHOST} "$0") - - if [[ ${ret_want} == "${ret_got}" ]] ; then - echo "PASS: ${CHOST}" - else - echo "FAIL: ${CHOST}" - echo -e "\twanted: ${ret_want}" - echo -e "\twe got: ${ret_got}" - fi - done - exit 0 -fi -[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 - - -# Detect the operating system -case ${CHOST} in - *-aix*) system="aix";; - *-darwin*) system="darwin";; - *-freebsd*) system="BSD";; - *-hpux*) system="hpux";; - *-linux*) system="linux";; - *-solaris*) system="solaris";; - *-winnt*) system="winnt";; - *) exit 0;; -esac - - -# Compiler munging -compiler="gcc" -if [[ ${CC} == "ccc" ]] ; then - compiler=${CC} -fi - - -# Detect target arch -machine="" -chost_machine=${CHOST%%-*} -case ${system} in -linux) - case ${chost_machine} in - alphaev56*) machine=alpha+bwx-${compiler};; - alphaev[678]*)machine=alpha+bwx-${compiler};; - alpha*) machine=alpha-${compiler};; - arm*b*) machine="generic32 -DB_ENDIAN";; - arm*) machine="generic32 -DL_ENDIAN";; - # hppa64*) machine=parisc64;; - hppa*) machine="generic32 -DB_ENDIAN";; - i[0-9]86*) machine=elf;; - ia64*) machine=ia64;; - m68*) machine="generic32 -DB_ENDIAN";; - mips*el*) machine="generic32 -DL_ENDIAN";; - mips*) machine="generic32 -DB_ENDIAN";; - powerpc64*) machine=ppc64;; - powerpc*) machine=ppc;; - # sh64*) machine=elf;; - sh*b*) machine="generic32 -DB_ENDIAN";; - sh*) machine="generic32 -DL_ENDIAN";; - sparc*v7*) machine="generic32 -DB_ENDIAN";; - sparc64*) machine=sparcv9;; - sparc*) machine=sparcv8;; - s390x*) machine="generic64 -DB_ENDIAN";; - s390*) machine="generic32 -DB_ENDIAN";; - x86_64*) machine=x86_64;; - esac - ;; -BSD) - case ${chost_machine} in - alpha*) machine=generic64;; - i[6-9]86*) machine=x86-elf;; - ia64*) machine=ia64;; - sparc64*) machine=sparc64;; - x86_64*) machine=x86_64;; - *) machine=generic32;; - esac - ;; -aix) - machine=${compiler} - ;; -darwin) - case ${chost_machine} in - powerpc64) machine=ppc-cc; system=${system}64;; - powerpc) machine=ppc-cc;; - i?86*) machine=i386-cc;; - x86_64) machine=x86_64-cc; system=${system}64;; - esac - ;; -hpux) - case ${chost_machine} in - ia64) machine=ia64-${compiler} ;; - esac - ;; -solaris) - case ${chost_machine} in - i386) machine=x86-${compiler} ;; - x86_64*) machine=x86_64-${compiler}; system=${system}64;; - sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; - sparc*) machine=sparcv8-${compiler};; - esac - ;; -winnt) - machine=parity - ;; -esac - - -# If we have something, show it -[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2 deleted file mode 100644 index d16175e6292e..000000000000 --- a/dev-libs/openssl/files/gentoo.config-1.0.2 +++ /dev/null @@ -1,169 +0,0 @@ -#!/usr/bin/env bash -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# -# Openssl doesn't play along nicely with cross-compiling -# like autotools based projects, so let's teach it new tricks. -# -# Review the bundled 'config' script to see why kind of targets -# we can pass to the 'Configure' script. - - -# Testing routines -if [[ $1 == "test" ]] ; then - for c in \ - "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ - "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \ - "x86_64-pc-linux-gnu |linux-x86_64" \ - "alpha-linux-gnu |linux-alpha-gcc" \ - "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ - "i686-pc-linux-gnu |linux-elf" \ - "whatever-gentoo-freebsdX.Y |BSD-generic32" \ - "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ - "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ - "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ - "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ - "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ - "powerpc-gentOO-linux-uclibc |linux-ppc" \ - "powerpc64-unk-linux-gnu |linux-ppc64" \ - "powerpc64le-linux-gnu |linux-ppc64le" \ - "x86_64-apple-darwinX |darwin64-x86_64-cc" \ - "powerpc64-apple-darwinX |darwin64-ppc-cc" \ - "i686-apple-darwinX |darwin-i386-cc" \ - "i386-apple-darwinX |darwin-i386-cc" \ - "powerpc-apple-darwinX |darwin-ppc-cc" \ - "i586-pc-winnt |winnt-parity" \ - "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \ - "s390x-linux-gnu |linux64-s390x" \ - ;do - CHOST=${c/|*} - ret_want=${c/*|} - ret_got=$(CHOST=${CHOST} "$0") - - if [[ ${ret_want} == "${ret_got}" ]] ; then - echo "PASS: ${CHOST}" - else - echo "FAIL: ${CHOST}" - echo -e "\twanted: ${ret_want}" - echo -e "\twe got: ${ret_got}" - fi - done - exit 0 -fi -[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 - - -# Detect the operating system -case ${CHOST} in - *-aix*) system="aix";; - *-darwin*) system="darwin";; - *-freebsd*) system="BSD";; - *-hpux*) system="hpux";; - *-linux*) system="linux";; - *-solaris*) system="solaris";; - *-winnt*) system="winnt";; - x86_64-*-mingw*) system="mingw64";; - *mingw*) system="mingw";; - *) exit 0;; -esac - - -# Compiler munging -compiler="gcc" -if [[ ${CC} == "ccc" ]] ; then - compiler=${CC} -fi - - -# Detect target arch -machine="" -chost_machine=${CHOST%%-*} -case ${system} in -linux) - case ${chost_machine}:${ABI} in - aarch64*be*) machine="aarch64 -DB_ENDIAN";; - aarch64*) machine="aarch64 -DL_ENDIAN";; - alphaev56*|\ - alphaev[678]*)machine=alpha+bwx-${compiler};; - alpha*) machine=alpha-${compiler};; - armv[4-9]*b*) machine="armv4 -DB_ENDIAN";; - armv[4-9]*) machine="armv4 -DL_ENDIAN";; - arm*b*) machine="generic32 -DB_ENDIAN";; - arm*) machine="generic32 -DL_ENDIAN";; - avr*) machine="generic32 -DL_ENDIAN";; - bfin*) machine="generic32 -DL_ENDIAN";; - # hppa64*) machine=parisc64;; - hppa*) machine="generic32 -DB_ENDIAN";; - i[0-9]86*|\ - x86_64*:x86) machine=elf;; - ia64*) machine=ia64;; - m68*) machine="generic32 -DB_ENDIAN";; - mips*el*) machine="generic32 -DL_ENDIAN";; - mips*) machine="generic32 -DB_ENDIAN";; - powerpc64*le*)machine=ppc64le;; - powerpc64*) machine=ppc64;; - powerpc*le*) machine="generic32 -DL_ENDIAN";; - powerpc*) machine=ppc;; - # sh64*) machine=elf;; - sh*b*) machine="generic32 -DB_ENDIAN";; - sh*) machine="generic32 -DL_ENDIAN";; - # TODO: Might want to do -mcpu probing like glibc to determine a - # better default for sparc-linux-gnu targets. This logic will - # break v7 and older systems when they use it. - sparc*v7*) machine="generic32 -DB_ENDIAN";; - sparc64*) machine=sparcv9 system=linux64;; - sparc*v9*) machine=sparcv9;; - sparc*v8*) machine=sparcv8;; - sparc*) machine=sparcv8;; - s390x*) machine=s390x system=linux64;; - s390*) machine="generic32 -DB_ENDIAN";; - x86_64*:x32) machine=x32;; - x86_64*) machine=x86_64;; - esac - ;; -BSD) - case ${chost_machine} in - alpha*) machine=generic64;; - i[6-9]86*) machine=x86-elf;; - ia64*) machine=ia64;; - sparc64*) machine=sparc64;; - x86_64*) machine=x86_64;; - *) machine=generic32;; - esac - ;; -aix) - machine=${compiler} - ;; -darwin) - case ${chost_machine} in - powerpc64) machine=ppc-cc; system=${system}64;; - powerpc) machine=ppc-cc;; - i?86*) machine=i386-cc;; - x86_64) machine=x86_64-cc; system=${system}64;; - esac - ;; -hpux) - case ${chost_machine} in - ia64) machine=ia64-${compiler} ;; - esac - ;; -solaris) - case ${chost_machine} in - i386) machine=x86-${compiler} ;; - x86_64*) machine=x86_64-${compiler}; system=${system}64;; - sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; - sparc*) machine=sparcv8-${compiler};; - esac - ;; -winnt) - machine=parity - ;; -mingw*) - # special case ... no xxx-yyy style name - echo ${system} - ;; -esac - - -# If we have something, show it -[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch deleted file mode 100644 index a798164a9069..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- a/Configure -+++ b/Configure -@@ -365,7 +365,7 @@ - # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it - # simply *happens* to work around a compiler bug in gcc 3.3.3, - # triggered by RIPEMD160 code. --"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - - -the -B flag is a no-op nowadays - ---- a/crypto/des/Makefile -+++ b/crypto/des/Makefile -@@ -62,7 +62,7 @@ - $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) - - des_enc-sparc.S: asm/des_enc.m4 -- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S -+ m4 asm/des_enc.m4 > des_enc-sparc.S - - # ELF - dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch deleted file mode 100644 index 64cc7bde0504..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch +++ /dev/null @@ -1,29 +0,0 @@ -http://bugs.gentoo.org/181438 -http://bugs.gentoo.org/327421 -https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest - -make sure we respect LDFLAGS - -also make sure we don't add useless -rpath flags to the system libdir - ---- openssl-0.9.8h/Makefile.org -+++ openssl-0.9.8h/Makefile.org -@@ -180,6 +181,7 @@ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ - MAKEDEPPROG='${MAKEDEPPROG}' \ -+ LDFLAGS='${LDFLAGS}' \ - SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ - KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ - EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ ---- openssl-0.9.8h/Makefile.shared -+++ openssl-0.9.8h/Makefile.shared -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch deleted file mode 100644 index 9fa79b9a65fb..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch +++ /dev/null @@ -1,24 +0,0 @@ -http://bugs.gentoo.org/289130 - -Ripped from Fedora - ---- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100 -@@ -150,7 +150,7 @@ ___ - sub BODY_20_39 { - my ($i,$a,$b,$c,$d,$e,$f)=@_; - my $j=$i+1; --my $K=($i<40)?0x6ed9eba1:0xca62c1d6; -+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a; - $code.=<<___ if ($i<79); - lea $K($xi,$e),$f - mov `4*($j%16)`(%rsp),$xi -@@ -187,7 +187,7 @@ sub BODY_40_59 { - my ($i,$a,$b,$c,$d,$e,$f)=@_; - my $j=$i+1; - $code.=<<___; -- lea 0x8f1bbcdc($xi,$e),$f -+ lea -0x70e44324($xi,$e),$f - mov `4*($j%16)`(%rsp),$xi - mov $b,$t0 - mov $b,$t1 diff --git a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch b/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch deleted file mode 100644 index c932b820425c..000000000000 --- a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch +++ /dev/null @@ -1,13 +0,0 @@ -https://bugs.gentoo.org/639876 - ---- a/crypto/des/asm/des-586.pl -+++ b/crypto/des/asm/des-586.pl -@@ -4,7 +4,7 @@ - # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> - # - --push(@INC,"perlasm","../../perlasm"); -+push(@INC,".","perlasm","../../perlasm"); - require "x86asm.pl"; - require "cbc.pl"; - require "desboth.pl"; diff --git a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch deleted file mode 100644 index 3a005c9b099d..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest - -From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 21 Mar 2015 06:01:25 -0400 -Subject: [PATCH] crypto: use bigint in x86-64 perl - -When building on x32 systems where the default type is 32bit, make sure -we can transparently represent 64bit integers. Otherwise we end up with -build errors like: -/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s -Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. -... -ghash-x86_64.s: Assembler messages: -ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression - -We don't enable this globally as there are some cases where we'd get -32bit values interpreted as unsigned when we need them as signed. - -Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> -URL: https://bugs.gentoo.org/542618 ---- - crypto/perlasm/x86_64-xlate.pl | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl -index aae8288..0bf9774 100755 ---- a/crypto/perlasm/x86_64-xlate.pl -+++ b/crypto/perlasm/x86_64-xlate.pl -@@ -195,6 +195,10 @@ my %globals; - sub out { - my $self = shift; - -+ # When building on x32 ABIs, the expanded hex value might be too -+ # big to fit into 32bits. Enable transparent 64bit support here -+ # so we can safely print it out. -+ use bigint; - if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} --- -2.3.3 - diff --git a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch deleted file mode 100644 index 148e7c3bc1a1..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001 -From: Guido Vranken <guidovranken@gmail.com> -Date: Mon, 11 Jun 2018 19:38:54 +0200 -Subject: [PATCH] Reject excessively large primes in DH key generation. - -CVE-2018-0732 - -Signed-off-by: Guido Vranken <guidovranken@gmail.com> - -(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/6457) ---- - crypto/dh/dh_key.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 387558f1467..f235e0d682b 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -130,10 +130,15 @@ static int generate_key(DH *dh) - int ok = 0; - int generate_new_key = 0; - unsigned l; -- BN_CTX *ctx; -+ BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; diff --git a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch deleted file mode 100644 index e105fe45e459..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch +++ /dev/null @@ -1,290 +0,0 @@ -Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. - -From https://src.fedoraproject.org/git/rpms/openssl.git - -Contains parts of the following patches, rediffed. The patches are on various -different branches. -f23 openssl-1.0.2c-ecc-suiteb.patch -f23 openssl-1.0.2a-fips-ec.patch -f28 openssl-1.1.0-ec-curves.patch - -Signed-off-By: Robin H. Johnson <robbat2@gentoo.org> - -diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/apps/speed.c openssl-1.0.2m.mod/apps/speed.c ---- openssl-1.0.2m.hobble/apps/speed.c 2017-11-02 07:32:57.000000000 -0700 -+++ openssl-1.0.2m.mod/apps/speed.c 2018-06-10 19:00:09.264550382 -0700 -@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) - } else - # endif - # ifndef OPENSSL_NO_ECDSA -- if (strcmp(*argv, "ecdsap160") == 0) -- ecdsa_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdsap192") == 0) -- ecdsa_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdsap224") == 0) - ecdsa_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdsap256") == 0) -@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) - ecdsa_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdsap521") == 0) - ecdsa_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdsak163") == 0) -- ecdsa_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdsak233") == 0) -- ecdsa_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdsak283") == 0) -- ecdsa_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdsak409") == 0) -- ecdsa_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdsak571") == 0) -- ecdsa_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdsab163") == 0) -- ecdsa_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdsab233") == 0) -- ecdsa_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdsab283") == 0) -- ecdsa_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdsab409") == 0) -- ecdsa_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdsab571") == 0) -- ecdsa_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdsa") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i < R_EC_P521; i++) - ecdsa_doit[i] = 1; - } else - # endif - # ifndef OPENSSL_NO_ECDH -- if (strcmp(*argv, "ecdhp160") == 0) -- ecdh_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdhp192") == 0) -- ecdh_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdhp224") == 0) - ecdh_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdhp256") == 0) -@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) - ecdh_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdhp521") == 0) - ecdh_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdhk163") == 0) -- ecdh_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdhk233") == 0) -- ecdh_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdhk283") == 0) -- ecdh_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdhk409") == 0) -- ecdh_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdhk571") == 0) -- ecdh_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdhb163") == 0) -- ecdh_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdhb233") == 0) -- ecdh_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdhb283") == 0) -- ecdh_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdhb409") == 0) -- ecdh_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdhb571") == 0) -- ecdh_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdh") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - } else - # endif -@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); - # endif - # ifndef OPENSSL_NO_ECDSA -- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " -+ BIO_printf(bio_err, "ecdsap224 " - "ecdsap256 ecdsap384 ecdsap521\n"); -- BIO_printf(bio_err, -- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); -- BIO_printf(bio_err, -- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); - BIO_printf(bio_err, "ecdsa\n"); - # endif - # ifndef OPENSSL_NO_ECDH -- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " -+ BIO_printf(bio_err, "ecdhp224 " - "ecdhp256 ecdhp384 ecdhp521\n"); -- BIO_printf(bio_err, -- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); -- BIO_printf(bio_err, -- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); - BIO_printf(bio_err, "ecdh\n"); - # endif - -@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) - for (i = 0; i < DSA_NUM; i++) - dsa_doit[i] = 1; - # ifndef OPENSSL_NO_ECDSA -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdsa_doit[i] = 1; - # endif - # ifndef OPENSSL_NO_ECDH -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - # endif - } -diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c ---- openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c 2017-11-02 07:32:57.000000000 -0700 -+++ openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c 2018-06-10 18:45:36.909911848 -0700 -@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO - return 0; - } - -+ if (BN_num_bits(p) < 224) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) -diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/ssl/t1_lib.c openssl-1.0.2m.mod/ssl/t1_lib.c ---- openssl-1.0.2m.hobble/ssl/t1_lib.c 2017-11-02 07:32:58.000000000 -0700 -+++ openssl-1.0.2m.mod/ssl/t1_lib.c 2018-06-10 18:46:55.329811812 -0700 -@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[ - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[ - * Remaining curves disabled by default but still permitted if set - * via an explicit callback or parameters. - */ -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ -@@ -351,29 +338,21 @@ static const unsigned char fips_curves_d - 0, 9, /* sect283k1 (9) */ - 0, 10, /* sect283r1 (10) */ - # endif -- 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ - 0, 7, /* sect233r1 (7) */ - # endif -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ - # ifndef OPENSSL_NO_EC2M - 0, 4, /* sect193r1 (4) */ - 0, 5, /* sect193r2 (5) */ - # endif -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ - # ifndef OPENSSL_NO_EC2M - 0, 1, /* sect163k1 (1) */ - 0, 2, /* sect163r1 (2) */ - 0, 3, /* sect163r2 (3) */ - # endif -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - }; - # endif - -diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c ---- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200 -@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) - goto err; - - /* NIST PRIME CURVES TESTS */ -+# if 0 - if (!test_ecdh_curve - (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) - goto err; - if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) - goto err; -+# endif - if (!test_ecdh_curve - (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) - goto err; -@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) - if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) - goto err; - # endif -+# if 0 - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) - goto err; -- -+# endif - ret = 0; - - err: -diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c ---- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200 -@@ -138,11 +138,14 @@ int restore_rand(void) - } - - static int fbytes_counter = 0; --static const char *numbers[8] = { -+static const char *numbers[10] = { -+ "651056770906015076056810763456358567190100156695615665659", - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", -+ "8763001015071075675010661307616710783570106710677817767166" -+ "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" - "55657156756655", - "1275552191113212300012030439187146164646146646466749494799", -@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num) - int ret; - BIGNUM *tmp = NULL; - -- if (fbytes_counter >= 8) -+ if (fbytes_counter >= 10) - return 0; - tmp = BN_new(); - if (!tmp) -@@ -532,8 +535,10 @@ int main(void) - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ -+# if 0 - if (!x9_62_tests(out)) - goto err; -+# endif - if (!test_builtin(out)) - goto err; - diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch deleted file mode 100644 index e7dfba43f2a5..000000000000 --- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001 -From: Guido Vranken <guidovranken@gmail.com> -Date: Mon, 11 Jun 2018 19:38:54 +0200 -Subject: [PATCH] Reject excessively large primes in DH key generation. - -CVE-2018-0732 - -Signed-off-by: Guido Vranken <guidovranken@gmail.com> - -(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/6457) ---- - crypto/dh/dh_key.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index fce9ff47f36..58003d70878 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -78,10 +78,15 @@ static int generate_key(DH *dh) - int ok = 0; - int generate_new_key = 0; - unsigned l; -- BN_CTX *ctx; -+ BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch deleted file mode 100644 index 34c9cc02fa71..000000000000 --- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001 -From: Billy Brumley <bbrumley@gmail.com> -Date: Wed, 11 Apr 2018 10:10:58 +0300 -Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont - both get called with BN_FLG_CONSTTIME flag set. - -CVE-2018-0737 - -Reviewed-by: Rich Salz <rsalz@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> -(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787) ---- - crypto/rsa/rsa_gen.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c -index 9ca5dfe..42b89a8 100644 ---- a/crypto/rsa/rsa_gen.c -+++ b/crypto/rsa/rsa_gen.c -@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - if (BN_copy(rsa->e, e_value) == NULL) - goto err; - -+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME); -+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME); - BN_set_flags(r2, BN_FLG_CONSTTIME); - /* generate p and q */ - for (;;) { --- -2.7.4 - diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml deleted file mode 100644 index 5ca8d93d2f67..000000000000 --- a/dev-libs/openssl/metadata.xml +++ /dev/null @@ -1,26 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<maintainer type="project"> - <email>base-system@gentoo.org</email> - <name>Gentoo Base System</name> -</maintainer> -<use> - <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag> - <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag> - <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag> - <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag> - <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag> - <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag> -</use> -<upstream> - <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id> -</upstream> -<slots> - <slot name="0">For building against. This is the only slot - that provides headers and command line tools.</slot> - <slot name="0.9.8">For binary compatibility, provides libcrypto.so.0.9.8 - and libssl.so.0.9.8 only.</slot> - <subslots>Reflect ABI of libcrypto.so and libssl.so.</subslots> -</slots> -</pkgmetadata> diff --git a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild deleted file mode 100644 index c64a38b4f3a5..000000000000 --- a/dev-libs/openssl/openssl-0.9.8z_p8-r1.ebuild +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat - -EAPI="6" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))") -PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h' -MY_PV=${PV/_p*/${PLEVEL}} -MY_P=${PN}-${MY_PV} -S="${WORKDIR}/${MY_P}" -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0.9.8" -KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" -IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - !=dev-libs/openssl-0.9.8*:0" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - test? ( - sys-apps/diffutils - sys-devel/bc - )" - -# Do not install any docs -DOCS=() - -PATCHES=( - "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch - "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 - "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 - "${FILESDIR}"/${PN}-0.9.8z_p8-perl-5.26.patch -) - -src_prepare() { - default - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile{,.org} \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared || die - # update the enginedir path. - # punt broken config we don't care about as it fails sanity check. - sed -i \ - -e '/^"debug-ben-debug-64"/d' \ - -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ - Configure || die - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" - chmod a+rx gentoo.config || die - - append-flags -fno-strict-aliasing - append-flags -Wa,--noexecstack - - sed -i '1s,^:$,#!/usr/bin/perl,' Configure || die #141906 - sed -i '/^"debug-bodo/d' Configure || die # 0.9.8za shipped broken - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - - tc-export CC AR RANLIB - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5 - - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared threads \ - || die "Configure failed" - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts - emake -j1 depend - emake -j1 build_libs -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - dolib.so lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild b/dev-libs/openssl/openssl-0.9.8z_p8.ebuild deleted file mode 100644 index ab73da7680e4..000000000000 --- a/dev-libs/openssl/openssl-0.9.8z_p8.ebuild +++ /dev/null @@ -1,158 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat - -EAPI="5" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))") -PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h' -MY_PV=${PV/_p*/${PLEVEL}} -MY_P=${PN}-${MY_PV} -S="${WORKDIR}/${MY_P}" -DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0.9.8" -KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" -IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) - !=dev-libs/openssl-0.9.8*:0" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - test? ( - sys-apps/diffutils - sys-devel/bc - )" - -# Do not install any docs -DOCS=() - -src_prepare() { - epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch - epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438 - epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130 - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ - Makefile{,.org} \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - # update the enginedir path. - # punt broken config we don't care about as it fails sanity check. - sed -i \ - -e '/^"debug-ben-debug-64"/d' \ - -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ - Configure || die - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags -Wa,--noexecstack - - sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 - sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - - tc-export CC AR RANLIB - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5 - - use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl zlib) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - shared threads \ - || die "Configure failed" - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts - emake -j1 depend - emake -j1 build_libs -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - dolib.so lib{crypto,ssl}.so.0.9.8 -} diff --git a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild b/dev-libs/openssl/openssl-1.0.2o-r3.ebuild deleted file mode 100644 index f54edbbadc2d..000000000000 --- a/dev-libs/openssl/openssl-1.0.2o-r3.ebuild +++ /dev/null @@ -1,252 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -PATCH_SET="openssl-1.0.2-patches-1.4" -MY_P=${P/_/-} -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - mirror://gentoo/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND=">=app-misc/c_rehash-1.7-r1 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - )" -PDEPEND="app-misc/ca-certificates" - -S="${WORKDIR}/${MY_P}" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - # keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - eapply "${WORKDIR}"/patch/*.patch - fi - - eapply_user - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired https://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - # https://github.com/openssl/openssl/issues/2286 - if use ia64 ; then - replace-flags -g3 -g2 - replace-flags -ggdb3 -ggdb2 - fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - enable-tlsext \ - $(use_ssl asm) \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl sctp) \ - $(use_ssl sslv2 ssl2) \ - $(use_ssl sslv3 ssl3) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) - einstalldocs - - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? -} diff --git a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild b/dev-libs/openssl/openssl-1.0.2o-r6.ebuild deleted file mode 100644 index f7ae84bae162..000000000000 --- a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild +++ /dev/null @@ -1,297 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal - -PATCH_SET="openssl-1.0.2-patches-1.4" -MY_P=${P/_/-} -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz - mirror://gentoo/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND=">=app-misc/c_rehash-1.7-r1 - gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) - kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - )" -PDEPEND="app-misc/ca-certificates" - -# This does not copy the entire Fedora patchset, but JUST the parts that -# are needed to make it safe to use EC with RESTRICT=bindist. -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN -SOURCE1=hobble-openssl -SOURCE12=ec_curve.c -SOURCE13=ectest.c -# These are ported instead -#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC -#PATCH37=openssl-1.1.0-ec-curves.patch -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' -FEDORA_GIT_BRANCH='f25' -FEDORA_SRC_URI=() -FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) -FEDORA_PATCH=( $PATCH1 $PATCH37 ) -for i in "${FEDORA_SOURCE[@]}" ; do - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) -done -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) -done -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" - -S="${WORKDIR}/${MY_P}" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -src_prepare() { - if use bindist; then - # This just removes the prefix, and puts it into WORKDIR like the RPM. - for i in "${FEDORA_SOURCE[@]}" ; do - cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die - done - # .spec %prep - bash "${WORKDIR}"/"${SOURCE1}" || die - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1 - for i in "${FEDORA_PATCH[@]}" ; do - eapply "${DISTDIR}"/"${i}" - done - eapply "${FILESDIR}"/openssl-1.0.2o-hobble-ecc.patch - # Also see the configure parts below: - # enable-ec \ - # $(use_ssl !bindist ec2m) \ - # $(use_ssl !bindist srp) \ - fi - - # keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - eapply "${WORKDIR}"/patch/*.patch - eapply "${FILESDIR}"/${P}-CVE-2018-0732.patch - fi - - eapply_user - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # since we're forcing $(CC) as makedep anyway, just fix - # the conditional as always-on - # helps clang (#417795), and versioned gcc (#499818) - sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired https://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - # https://github.com/openssl/openssl/issues/2286 - if use ia64 ; then - replace-flags -g3 -g2 - replace-flags -ggdb3 -ggdb2 - fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - enable-ec \ - $(use_ssl !bindist ec2m) \ - $(use_ssl !bindist srp) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - enable-tlsext \ - $(use_ssl asm) \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl sctp) \ - $(use_ssl sslv2 ssl2) \ - $(use_ssl sslv3 ssl3) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake INSTALL_PREFIX="${D}" install -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED}"/usr/bin/c_rehash || die - - local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) - einstalldocs - - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? -} diff --git a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild b/dev-libs/openssl/openssl-1.1.0h-r2.ebuild deleted file mode 100644 index 5881fe74d35e..000000000000 --- a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild +++ /dev/null @@ -1,286 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit flag-o-matic toolchain-funcs multilib multilib-minimal - -MY_P=${P/_/-} -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND=">=app-misc/c_rehash-1.7-r1 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - )" -PDEPEND="app-misc/ca-certificates" - -# This does not copy the entire Fedora patchset, but JUST the parts that -# are needed to make it safe to use EC with RESTRICT=bindist. -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN -SOURCE1=hobble-openssl -SOURCE12=ec_curve.c -SOURCE13=ectest.c -PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC -PATCH37=openssl-1.1.0-ec-curves.patch -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' -FEDORA_GIT_BRANCH='f27' -FEDORA_SRC_URI=() -FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) -FEDORA_PATCH=( $PATCH1 $PATCH37 ) -for i in "${FEDORA_SOURCE[@]}" ; do - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) -done -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) -done -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" - -S="${WORKDIR}/${MY_P}" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 - "${FILESDIR}"/${P}-CVE-2018-0737.patch - "${FILESDIR}"/${P}-CVE-2018-0732.patch -) - -src_prepare() { - if use bindist; then - # This just removes the prefix, and puts it into WORKDIR like the RPM. - for i in "${FEDORA_SOURCE[@]}" ; do - cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die - done - # .spec %prep - bash "${WORKDIR}"/"${SOURCE1}" || die - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die - for i in "${FEDORA_PATCH[@]}" ; do - eapply "${DISTDIR}"/"${i}" - done - # Also see the configure parts below: - # enable-ec \ - # $(use_ssl !bindist ec2m) \ - - fi - # keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - eapply "${PATCHES[@]}" - fi - - eapply_user #332661 - - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - # Make DOCDIR Gentoo compliant - sed -i \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ - Configurations/unix-Makefile.tmpl \ - || die - - # show the actual commands in the log - sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - # Prefixify Configure shebang (#141906) - sed \ - -e "1s,/usr/bin/env,${EPREFIX}&," \ - -i Configure || die - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired https://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - # Fedora hobbled-EC needs 'no-ec2m' - # 'srp' was restricted until early 2017 as well. - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - enable-ec \ - $(use_ssl !bindist ec2m) \ - enable-srp \ - $(use elibc_musl && echo "no-async") \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - $(use_ssl asm) \ - $(use_ssl rfc3779) \ - $(use_ssl sctp) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - # Fix quoting for sed - local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ - -e 's:^CFLAGS=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - -e 's:\\:\\\\:g' \ - ) - sed -i \ - -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ - -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED%/}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a - - # create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED%/}"/usr/share/man || die - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - # We don't want to "|| die" here - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? -} diff --git a/dev-libs/openssl/openssl-1.1.1_pre8.ebuild b/dev-libs/openssl/openssl-1.1.1_pre8.ebuild deleted file mode 100644 index 3acbe2ea21f2..000000000000 --- a/dev-libs/openssl/openssl-1.1.1_pre8.ebuild +++ /dev/null @@ -1,244 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit flag-o-matic toolchain-funcs multilib multilib-minimal - -MY_P=${P/_/-} -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="https://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" - -LICENSE="openssl" -SLOT="0/1.1" # .so version of libssl/libcrypto -[[ "${PV}" = *_pre* ]] || \ -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" - -RDEPEND=">=app-misc/c_rehash-1.7-r1 - zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - >=dev-lang/perl-5 - sctp? ( >=net-misc/lksctp-tools-1.0.12 ) - test? ( - sys-apps/diffutils - sys-devel/bc - )" -PDEPEND="app-misc/ca-certificates" - -S="${WORKDIR}/${MY_P}" - -MULTILIB_WRAPPED_HEADERS=( - usr/include/openssl/opensslconf.h -) - -PATCHES=( - "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 -) - -src_prepare() { - # keep this in sync with app-misc/c_rehash - SSL_CNF_DIR="/etc/ssl" - - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - eapply "${PATCHES[@]}" - fi - - eapply_user #332661 - - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - # Make DOCDIR Gentoo compliant - sed -i \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - -e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \ - Configurations/unix-Makefile.tmpl \ - || die - - # quiet out unknown driver argument warnings since openssl - # doesn't have well-split CFLAGS and we're making it even worse - # and 'make depend' uses -Werror for added fun (#417795 again) - [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die - chmod a+rx gentoo.config || die - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - append-cppflags -DOPENSSL_NO_BUF_FREELISTS - - # Prefixify Configure shebang (#141906) - sed \ - -e "1s,/usr/bin/env,${EPREFIX}&," \ - -i Configure || die - # Remove test target when FEATURES=test isn't set - if ! use test ; then - sed \ - -e '/^$config{dirs}/s@ "test",@@' \ - -i Configure || die - fi - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" - - multilib_copy_sources -} - -multilib_src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired https://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - - # 'srp' was restricted until early 2017 as well. - # "disable-deprecated" option breaks too many consumers. - # Don't set it without thorough revdeps testing. - echoit \ - ./${config} \ - ${sslout} \ - $(use cpu_flags_x86_sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - $(use_ssl !bindist srp) \ - $(use elibc_musl && echo "no-async") \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - enable-rc5 \ - $(use_ssl sslv3 ssl3) \ - $(use_ssl sslv3 ssl3-method) \ - $(use_ssl asm) \ - $(use_ssl rfc3779) \ - $(use_ssl sctp) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - # Fix quoting for sed - local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ - -e 's:^CFLAGS=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - -e 's:\\:\\\\:g' \ - ) - sed -i \ - -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ - -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ - Makefile || die -} - -multilib_src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all -} - -multilib_src_test() { - emake -j1 test -} - -multilib_src_install() { - emake DESTDIR="${D}" install -} - -multilib_src_install_all() { - # openssl installs perl version of c_rehash by default, but - # we provide a shell version via app-misc/c_rehash - rm "${ED%/}"/usr/bin/c_rehash || die - - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED%/}"/usr/lib*/lib*.a - - # create the certs directory - keepdir ${SSL_CNF_DIR}/certs - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED%/}"/usr/share/man || die - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - # We don't want to "|| die" here - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? -} |